- Linux-stable-mirror - lists.linaro.org

+ mm-vmalloc-fix-page-mapping-if-vm_area_alloc_pages-with-high-order-fallback-to-order-0.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmalloc-fix-page-mapping-if-vm_area_alloc_pages-with-high-order-fallback-to-order-0.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hailong Liu <hailong.liu(a)oppo.com> Subject: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 Date: Thu, 8 Aug 2024 20:19:56 +0800 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code. Link: https://lkml.kernel.org/r/20240808122019.3361-1-hailong.liu@oppo.com Fixes: e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations") Signed-off-by: Hailong Liu <hailong.liu(a)oppo.com> Reported-by: Tangquan Zheng <zhengtangquan(a)oppo.com> Reviewed-by: Baoquan He <bhe(a)redhat.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Acked-by: Barry Song <baohua(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-fix-page-mapping-if-vm_area_alloc_pages-with-high-order-fallback-to-order-0 +++ a/mm/vmalloc.c @@ -3584,15 +3584,8 @@ vm_area_alloc_pages(gfp_t gfp, int nid, page = alloc_pages_noprof(alloc_gfp, order); else page = alloc_pages_node_noprof(nid, alloc_gfp, order); - if (unlikely(!page)) { - if (!nofail) - break; - - /* fall back to the zero order allocations */ - alloc_gfp |= __GFP_NOFAIL; - order = 0; - continue; - } + if (unlikely(!page)) + break; /* * Higher order allocations must be able to be treated as _ Patches currently in -mm which might be from hailong.liu(a)oppo.com are mm-vmalloc-fix-page-mapping-if-vm_area_alloc_pages-with-high-order-fallback-to-order-0.patch

10 months, 2 weeks

1
0
0 0

[PATCH] MIPS: Loongson64: Set timer mode in cpu-probe

by Jiaxun Yang

Loongson64 C and G processors have EXTIMER feature which is conflicting with CP0 counter. Although the processor resets in EXTIMER disabled & INTIMER enabled mode, which is compatible with MIPS CP0 compare, firmware may attempt to enable EXTIMER and interfere CP0 compare. Set timer mode back to MIPS compatible mode to fix booting on systems with such firmware before we have an actual driver for EXTIMER. Cc: stable(a)vger.kernel.org Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> --- Please take this patch via fixes (or second 6.11 PR) tree so it can reach stable faster. Thansks! --- arch/mips/kernel/cpu-probe.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c index bda7f193baab..af7412549e6e 100644 --- a/arch/mips/kernel/cpu-probe.c +++ b/arch/mips/kernel/cpu-probe.c @@ -1724,12 +1724,16 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu) c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM | MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2); c->ases &= ~MIPS_ASE_VZ; /* VZ of Loongson-3A2000/3000 is incomplete */ + change_c0_config6(LOONGSON_CONF6_EXTIMER | LOONGSON_CONF6_INTIMER, + LOONGSON_CONF6_INTIMER); break; case PRID_IMP_LOONGSON_64G: __cpu_name[cpu] = "ICT Loongson-3"; set_elf_platform(cpu, "loongson3a"); set_isa(c, MIPS_CPU_ISA_M64R2); decode_cpucfg(c); + change_c0_config6(LOONGSON_CONF6_EXTIMER | LOONGSON_CONF6_INTIMER, + LOONGSON_CONF6_INTIMER); break; default: panic("Unknown Loongson Processor ID!"); --- base-commit: dee7f101b64219f512bb2f842227bd04c14efe30 change-id: 20240723-loongson-exttimer-14b48e7ad5d6 Best regards, -- Jiaxun Yang <jiaxun.yang(a)flygoat.com>

10 months, 2 weeks

2
1
0 0

[PATCH] fs/netfs/fscache_io: remove the obsolete "using_pgpriv2" flag

by Max Kellermann

This fixes a crash bug caused by commit ae678317b95e ("netfs: Remove deprecated use of PG_private_2 as a second writeback flag") by removing a leftover folio_end_private_2() call after all calls to folio_start_private_2() had been removed by the commit. By calling folio_end_private_2() without folio_start_private_2(), the folio refcounter breaks and causes trouble like RCU stalls and general protection faults. Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> Fixes: ae678317b95e ("netfs: Remove deprecated use of PG_private_2 as a second writeback flag") Link: https://lore.kernel.org/ceph-devel/CAKPOu+_DA8XiMAA2ApMj7Pyshve_YWknw8Hdt1=… Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/ceph/addr.c | 2 +- fs/netfs/fscache_io.c | 29 +---------------------------- include/linux/fscache.h | 30 ++++-------------------------- 3 files changed, 6 insertions(+), 55 deletions(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 8c16bc5250ef..485cbd1730d1 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -512,7 +512,7 @@ static void ceph_fscache_write_to_cache(struct inode *inode, u64 off, u64 len, b struct fscache_cookie *cookie = ceph_fscache_cookie(ci); fscache_write_to_cache(cookie, inode->i_mapping, off, len, i_size_read(inode), - ceph_fscache_write_terminated, inode, true, caching); + ceph_fscache_write_terminated, inode, caching); } #else static inline void ceph_fscache_write_to_cache(struct inode *inode, u64 off, u64 len, bool caching) diff --git a/fs/netfs/fscache_io.c b/fs/netfs/fscache_io.c index 38637e5c9b57..0d8f3f646598 100644 --- a/fs/netfs/fscache_io.c +++ b/fs/netfs/fscache_io.c @@ -166,30 +166,10 @@ struct fscache_write_request { loff_t start; size_t len; bool set_bits; - bool using_pgpriv2; netfs_io_terminated_t term_func; void *term_func_priv; }; -void __fscache_clear_page_bits(struct address_space *mapping, - loff_t start, size_t len) -{ - pgoff_t first = start / PAGE_SIZE; - pgoff_t last = (start + len - 1) / PAGE_SIZE; - struct page *page; - - if (len) { - XA_STATE(xas, &mapping->i_pages, first); - - rcu_read_lock(); - xas_for_each(&xas, page, last) { - folio_end_private_2(page_folio(page)); - } - rcu_read_unlock(); - } -} -EXPORT_SYMBOL(__fscache_clear_page_bits); - /* * Deal with the completion of writing the data to the cache. */ @@ -198,10 +178,6 @@ static void fscache_wreq_done(void *priv, ssize_t transferred_or_error, { struct fscache_write_request *wreq = priv; - if (wreq->using_pgpriv2) - fscache_clear_page_bits(wreq->mapping, wreq->start, wreq->len, - wreq->set_bits); - if (wreq->term_func) wreq->term_func(wreq->term_func_priv, transferred_or_error, was_async); @@ -214,7 +190,7 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, loff_t start, size_t len, loff_t i_size, netfs_io_terminated_t term_func, void *term_func_priv, - bool using_pgpriv2, bool cond) + bool cond) { struct fscache_write_request *wreq; struct netfs_cache_resources *cres; @@ -232,7 +208,6 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, wreq->mapping = mapping; wreq->start = start; wreq->len = len; - wreq->using_pgpriv2 = using_pgpriv2; wreq->set_bits = cond; wreq->term_func = term_func; wreq->term_func_priv = term_func_priv; @@ -260,8 +235,6 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, abandon_free: kfree(wreq); abandon: - if (using_pgpriv2) - fscache_clear_page_bits(mapping, start, len, cond); if (term_func) term_func(term_func_priv, ret, false); } diff --git a/include/linux/fscache.h b/include/linux/fscache.h index 9de27643607f..f8c52bddaa15 100644 --- a/include/linux/fscache.h +++ b/include/linux/fscache.h @@ -177,8 +177,7 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, loff_t start, size_t len, loff_t i_size, netfs_io_terminated_t term_func, void *term_func_priv, - bool using_pgpriv2, bool cond); -extern void __fscache_clear_page_bits(struct address_space *, loff_t, size_t); + bool cond); /** * fscache_acquire_volume - Register a volume as desiring caching services @@ -573,24 +572,6 @@ int fscache_write(struct netfs_cache_resources *cres, return ops->write(cres, start_pos, iter, term_func, term_func_priv); } -/** - * fscache_clear_page_bits - Clear the PG_fscache bits from a set of pages - * @mapping: The netfs inode to use as the source - * @start: The start position in @mapping - * @len: The amount of data to unlock - * @caching: If PG_fscache has been set - * - * Clear the PG_fscache flag from a sequence of pages and wake up anyone who's - * waiting. - */ -static inline void fscache_clear_page_bits(struct address_space *mapping, - loff_t start, size_t len, - bool caching) -{ - if (caching) - __fscache_clear_page_bits(mapping, start, len); -} - /** * fscache_write_to_cache - Save a write to the cache and clear PG_fscache * @cookie: The cookie representing the cache object @@ -600,7 +581,6 @@ static inline void fscache_clear_page_bits(struct address_space *mapping, * @i_size: The new size of the inode * @term_func: The function to call upon completion * @term_func_priv: The private data for @term_func - * @using_pgpriv2: If we're using PG_private_2 to mark in-progress write * @caching: If we actually want to do the caching * * Helper function for a netfs to write dirty data from an inode into the cache @@ -612,21 +592,19 @@ static inline void fscache_clear_page_bits(struct address_space *mapping, * marked with PG_fscache. * * If given, @term_func will be called upon completion and supplied with - * @term_func_priv. Note that if @using_pgpriv2 is set, the PG_private_2 flags - * will have been cleared by this point, so the netfs must retain its own pin - * on the mapping. + * @term_func_priv. */ static inline void fscache_write_to_cache(struct fscache_cookie *cookie, struct address_space *mapping, loff_t start, size_t len, loff_t i_size, netfs_io_terminated_t term_func, void *term_func_priv, - bool using_pgpriv2, bool caching) + bool caching) { if (caching) __fscache_write_to_cache(cookie, mapping, start, len, i_size, term_func, term_func_priv, - using_pgpriv2, caching); + caching); else if (term_func) term_func(term_func_priv, -ENOBUFS, false); -- 2.43.0

10 months, 2 weeks

4
15
0 0

[PATCH v2 0/2] Fix unmasking interrupt bit and remove watermark interrupt enablement

by Mrinmay Sarkar

This patch series reset STOP_INT_MASK and ABORT_INT_MASK bit and unmask these interrupt for HDMA. and also remove enablement of local watermark interrupt enable(LWIE) and remote watermarek interrupt enable(RWIE) bit to avoid unnecessary watermark interrupt event. Testing ------- Tested on Qualcomm SA8775P Platform. V1 -> V2: - Modified commit message and added Fixes, CC tag as suggested by Mani - reanme done to STOP - rename DW_HDMA_V0_LIE -> DW_HDMA_V0_LWIE and DW_HDMA_V0_RIE -> DW_HDMA_V0_RWIE Mrinmay Sarkar (2): dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA dmaengine: dw-edma: Do not enable watermark interrupts for HDMA drivers/dma/dw-edma/dw-hdma-v0-core.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) -- 2.7.4

10 months, 2 weeks

3
12
0 0

[git:media_stage/fixes] media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()"

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" Author: Sean Young <sean(a)mess.org> Date: Thu Aug 8 10:35:19 2024 +0200 This reverts commit 2052138b7da52ad5ccaf74f736d00f39a1c9198c. This breaks the TeVii s480 dual DVB-S2 S660. The device has a bulk in endpoint but no corresponding out endpoint, so the device does not pass the "has both receive and send bulk endpoint" test. Seemingly this device does not use dvb_usb_generic_rw() so I have tried removing the generic_bulk_ctrl_endpoint entry, but this resulted in different problems. As we have no explanation yet, revert. $ dmesg | grep -i -e dvb -e dw21 -e usb\ 4 [ 0.999122] usb 1-1: new high-speed USB device number 2 using ehci-pci [ 1.023123] usb 4-1: new high-speed USB device number 2 using ehci-pci [ 1.130247] usb 1-1: New USB device found, idVendor=9022, idProduct=d482, +bcdDevice= 0.01 [ 1.130257] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1.152323] usb 4-1: New USB device found, idVendor=9022, idProduct=d481, +bcdDevice= 0.01 [ 1.152329] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6.701033] dvb-usb: found a 'TeVii S480.2 USB' in cold state, will try to +load a firmware [ 6.701178] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw' [ 6.701179] dw2102: start downloading DW210X firmware [ 6.703715] dvb-usb: found a 'Microsoft Xbox One Digital TV Tuner' in cold +state, will try to load a firmware [ 6.703974] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 6.756432] usb 1-1: USB disconnect, device number 2 [ 6.862119] dvb-usb: found a 'TeVii S480.2 USB' in warm state. [ 6.862194] dvb-usb: TeVii S480.2 USB error while loading driver (-22) [ 6.862209] dvb-usb: found a 'TeVii S480.1 USB' in cold state, will try to +load a firmware [ 6.862244] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw' [ 6.862245] dw2102: start downloading DW210X firmware [ 6.914811] usb 4-1: USB disconnect, device number 2 [ 7.014131] dvb-usb: found a 'TeVii S480.1 USB' in warm state. [ 7.014487] dvb-usb: TeVii S480.1 USB error while loading driver (-22) [ 7.014538] usbcore: registered new interface driver dw2102 Closes: https://lore.kernel.org/stable/20240801165146.38991f60@mir/ Fixes: 2052138b7da5 ("media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()") Reported-by: Stefan Lippers-Hollmann <s.l-h(a)gmx.de> Cc: stable(a)vger.kernel.org Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 ++++---------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) --- diff --git a/drivers/media/usb/dvb-usb/dvb-usb-init.c b/drivers/media/usb/dvb-usb/dvb-usb-init.c index 22d83ac18eb7..fbf58012becd 100644 --- a/drivers/media/usb/dvb-usb/dvb-usb-init.c +++ b/drivers/media/usb/dvb-usb/dvb-usb-init.c @@ -23,40 +23,11 @@ static int dvb_usb_force_pid_filter_usage; module_param_named(force_pid_filter_usage, dvb_usb_force_pid_filter_usage, int, 0444); MODULE_PARM_DESC(force_pid_filter_usage, "force all dvb-usb-devices to use a PID filter, if any (default: 0)."); -static int dvb_usb_check_bulk_endpoint(struct dvb_usb_device *d, u8 endpoint) -{ - if (endpoint) { - int ret; - - ret = usb_pipe_type_check(d->udev, usb_sndbulkpipe(d->udev, endpoint)); - if (ret) - return ret; - ret = usb_pipe_type_check(d->udev, usb_rcvbulkpipe(d->udev, endpoint)); - if (ret) - return ret; - } - return 0; -} - -static void dvb_usb_clear_halt(struct dvb_usb_device *d, u8 endpoint) -{ - if (endpoint) { - usb_clear_halt(d->udev, usb_sndbulkpipe(d->udev, endpoint)); - usb_clear_halt(d->udev, usb_rcvbulkpipe(d->udev, endpoint)); - } -} - static int dvb_usb_adapter_init(struct dvb_usb_device *d, short *adapter_nrs) { struct dvb_usb_adapter *adap; int ret, n, o; - ret = dvb_usb_check_bulk_endpoint(d, d->props.generic_bulk_ctrl_endpoint); - if (ret) - return ret; - ret = dvb_usb_check_bulk_endpoint(d, d->props.generic_bulk_ctrl_endpoint_response); - if (ret) - return ret; for (n = 0; n < d->props.num_adapters; n++) { adap = &d->adapter[n]; adap->dev = d; @@ -132,8 +103,10 @@ static int dvb_usb_adapter_init(struct dvb_usb_device *d, short *adapter_nrs) * when reloading the driver w/o replugging the device * sometimes a timeout occurs, this helps */ - dvb_usb_clear_halt(d, d->props.generic_bulk_ctrl_endpoint); - dvb_usb_clear_halt(d, d->props.generic_bulk_ctrl_endpoint_response); + if (d->props.generic_bulk_ctrl_endpoint != 0) { + usb_clear_halt(d->udev, usb_sndbulkpipe(d->udev, d->props.generic_bulk_ctrl_endpoint)); + usb_clear_halt(d->udev, usb_rcvbulkpipe(d->udev, d->props.generic_bulk_ctrl_endpoint)); + } return 0;

10 months, 2 weeks

1
0
0 0

[v6.6-stable PATCH] mm: gup: stop abusing try_grab_folio

by Yang Shi

commit f442fa6141379a20b48ae3efabee827a3d260787 upstream A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. The splat looks like: [ 464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520 [ 464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6 [ 464.325477] RIP: 0010:__get_user_pages+0x423/0x520 [ 464.325515] Call Trace: [ 464.325520] <TASK> [ 464.325523] ? __get_user_pages+0x423/0x520 [ 464.325528] ? __warn+0x81/0x130 [ 464.325536] ? __get_user_pages+0x423/0x520 [ 464.325541] ? report_bug+0x171/0x1a0 [ 464.325549] ? handle_bug+0x3c/0x70 [ 464.325554] ? exc_invalid_op+0x17/0x70 [ 464.325558] ? asm_exc_invalid_op+0x1a/0x20 [ 464.325567] ? __get_user_pages+0x423/0x520 [ 464.325575] __gup_longterm_locked+0x212/0x7a0 [ 464.325583] internal_get_user_pages_fast+0xfb/0x190 [ 464.325590] pin_user_pages_fast+0x47/0x60 [ 464.325598] sev_pin_memory+0xca/0x170 [kvm_amd] [ 464.325616] sev_mem_enc_register_region+0x81/0x130 [kvm_amd] Per the analysis done by yangge, when starting the SEV virtual machine, it will call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. But the page is in CMA area, so fast GUP will fail then fallback to the slow path due to the longterm pinnalbe check in try_grab_folio(). The slow path will try to pin the pages then migrate them out of CMA area. But the slow path also uses try_grab_folio() to pin the page, it will also fail due to the same check then the above warning is triggered. In addition, the try_grab_folio() is supposed to be used in fast path and it elevates folio refcount by using add ref unless zero. We are guaranteed to have at least one stable reference in slow path, so the simple atomic add could be used. The performance difference should be trivial, but the misuse may be confusing and misleading. Redefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page() to try_grab_folio(), and use them in the proper paths. This solves both the abuse and the kernel warning. The proper naming makes their usecase more clear and should prevent from abusing in the future. peterx said: : The user will see the pin fails, for gpu-slow it further triggers the WARN : right below that failure (as in the original report): : : folio = try_grab_folio(page, page_increm - 1, : foll_flags); : if (WARN_ON_ONCE(!folio)) { <------------------------ here : /* : * Release the 1st page ref if the : * folio is problematic, fail hard. : */ : gup_put_folio(page_folio(page), 1, : foll_flags); : ret = -EFAULT; : goto out; : } [1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge11… [shy828301(a)gmail.com: fix implicit declaration of function try_grab_folio_fast] Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xj… Link: https://lkml.kernel.org/r/20240628191458.2605553-1-yang@os.amperecomputing.… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: yangge <yangge1116(a)126.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 251 ++++++++++++++++++++++++----------------------- mm/huge_memory.c | 4 +- mm/hugetlb.c | 2 +- mm/internal.h | 4 +- 4 files changed, 134 insertions(+), 127 deletions(-) diff --git a/mm/gup.c b/mm/gup.c index f50fe2219a13..fdd75384160d 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -97,95 +97,6 @@ static inline struct folio *try_get_folio(struct page *page, int refs) return folio; } -/** - * try_grab_folio() - Attempt to get or pin a folio. - * @page: pointer to page to be grabbed - * @refs: the value to (effectively) add to the folio's refcount - * @flags: gup flags: these are the FOLL_* flag values. - * - * "grab" names in this file mean, "look at flags to decide whether to use - * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. - * - * Either FOLL_PIN or FOLL_GET (or neither) must be set, but not both at the - * same time. (That's true throughout the get_user_pages*() and - * pin_user_pages*() APIs.) Cases: - * - * FOLL_GET: folio's refcount will be incremented by @refs. - * - * FOLL_PIN on large folios: folio's refcount will be incremented by - * @refs, and its pincount will be incremented by @refs. - * - * FOLL_PIN on single-page folios: folio's refcount will be incremented by - * @refs * GUP_PIN_COUNTING_BIAS. - * - * Return: The folio containing @page (with refcount appropriately - * incremented) for success, or NULL upon failure. If neither FOLL_GET - * nor FOLL_PIN was set, that's considered failure, and furthermore, - * a likely bug in the caller, so a warning is also emitted. - */ -struct folio *try_grab_folio(struct page *page, int refs, unsigned int flags) -{ - struct folio *folio; - - if (WARN_ON_ONCE((flags & (FOLL_GET | FOLL_PIN)) == 0)) - return NULL; - - if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) - return NULL; - - if (flags & FOLL_GET) - return try_get_folio(page, refs); - - /* FOLL_PIN is set */ - - /* - * Don't take a pin on the zero page - it's not going anywhere - * and it is used in a *lot* of places. - */ - if (is_zero_page(page)) - return page_folio(page); - - folio = try_get_folio(page, refs); - if (!folio) - return NULL; - - /* - * Can't do FOLL_LONGTERM + FOLL_PIN gup fast path if not in a - * right zone, so fail and let the caller fall back to the slow - * path. - */ - if (unlikely((flags & FOLL_LONGTERM) && - !folio_is_longterm_pinnable(folio))) { - if (!put_devmap_managed_page_refs(&folio->page, refs)) - folio_put_refs(folio, refs); - return NULL; - } - - /* - * When pinning a large folio, use an exact count to track it. - * - * However, be sure to *also* increment the normal folio - * refcount field at least once, so that the folio really - * is pinned. That's why the refcount from the earlier - * try_get_folio() is left intact. - */ - if (folio_test_large(folio)) - atomic_add(refs, &folio->_pincount); - else - folio_ref_add(folio, - refs * (GUP_PIN_COUNTING_BIAS - 1)); - /* - * Adjust the pincount before re-checking the PTE for changes. - * This is essentially a smp_mb() and is paired with a memory - * barrier in page_try_share_anon_rmap(). - */ - smp_mb__after_atomic(); - - node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); - - return folio; -} - static void gup_put_folio(struct folio *folio, int refs, unsigned int flags) { if (flags & FOLL_PIN) { @@ -203,58 +114,59 @@ static void gup_put_folio(struct folio *folio, int refs, unsigned int flags) } /** - * try_grab_page() - elevate a page's refcount by a flag-dependent amount - * @page: pointer to page to be grabbed - * @flags: gup flags: these are the FOLL_* flag values. + * try_grab_folio() - add a folio's refcount by a flag-dependent amount + * @folio: pointer to folio to be grabbed + * @refs: the value to (effectively) add to the folio's refcount + * @flags: gup flags: these are the FOLL_* flag values * * This might not do anything at all, depending on the flags argument. * * "grab" names in this file mean, "look at flags to decide whether to use - * FOLL_PIN or FOLL_GET behavior, when incrementing the page's refcount. + * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. * * Either FOLL_PIN or FOLL_GET (or neither) may be set, but not both at the same - * time. Cases: please see the try_grab_folio() documentation, with - * "refs=1". + * time. * * Return: 0 for success, or if no action was required (if neither FOLL_PIN * nor FOLL_GET was set, nothing is done). A negative error code for failure: * - * -ENOMEM FOLL_GET or FOLL_PIN was set, but the page could not + * -ENOMEM FOLL_GET or FOLL_PIN was set, but the folio could not * be grabbed. + * + * It is called when we have a stable reference for the folio, typically in + * GUP slow path. */ -int __must_check try_grab_page(struct page *page, unsigned int flags) +int __must_check try_grab_folio(struct folio *folio, int refs, + unsigned int flags) { - struct folio *folio = page_folio(page); - if (WARN_ON_ONCE(folio_ref_count(folio) <= 0)) return -ENOMEM; - if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) + if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(&folio->page))) return -EREMOTEIO; if (flags & FOLL_GET) - folio_ref_inc(folio); + folio_ref_add(folio, refs); else if (flags & FOLL_PIN) { /* * Don't take a pin on the zero page - it's not going anywhere * and it is used in a *lot* of places. */ - if (is_zero_page(page)) + if (is_zero_folio(folio)) return 0; /* - * Similar to try_grab_folio(): be sure to *also* - * increment the normal page refcount field at least once, + * Increment the normal page refcount field at least once, * so that the page really is pinned. */ if (folio_test_large(folio)) { - folio_ref_add(folio, 1); - atomic_add(1, &folio->_pincount); + folio_ref_add(folio, refs); + atomic_add(refs, &folio->_pincount); } else { - folio_ref_add(folio, GUP_PIN_COUNTING_BIAS); + folio_ref_add(folio, refs * GUP_PIN_COUNTING_BIAS); } - node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, 1); + node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); } return 0; @@ -647,8 +559,8 @@ static struct page *follow_page_pte(struct vm_area_struct *vma, VM_BUG_ON_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page), page); - /* try_grab_page() does nothing unless FOLL_GET or FOLL_PIN is set. */ - ret = try_grab_page(page, flags); + /* try_grab_folio() does nothing unless FOLL_GET or FOLL_PIN is set. */ + ret = try_grab_folio(page_folio(page), 1, flags); if (unlikely(ret)) { page = ERR_PTR(ret); goto out; @@ -899,7 +811,7 @@ static int get_gate_page(struct mm_struct *mm, unsigned long address, goto unmap; *page = pte_page(entry); } - ret = try_grab_page(*page, gup_flags); + ret = try_grab_folio(page_folio(*page), 1, gup_flags); if (unlikely(ret)) goto unmap; out: @@ -1302,20 +1214,19 @@ static long __get_user_pages(struct mm_struct *mm, * pages. */ if (page_increm > 1) { - struct folio *folio; + struct folio *folio = page_folio(page); /* * Since we already hold refcount on the * large folio, this should never fail. */ - folio = try_grab_folio(page, page_increm - 1, - foll_flags); - if (WARN_ON_ONCE(!folio)) { + if (try_grab_folio(folio, page_increm - 1, + foll_flags)) { /* * Release the 1st page ref if the * folio is problematic, fail hard. */ - gup_put_folio(page_folio(page), 1, + gup_put_folio(folio, 1, foll_flags); ret = -EFAULT; goto out; @@ -2541,6 +2452,102 @@ static void __maybe_unused undo_dev_pagemap(int *nr, int nr_start, } } +/** + * try_grab_folio_fast() - Attempt to get or pin a folio in fast path. + * @page: pointer to page to be grabbed + * @refs: the value to (effectively) add to the folio's refcount + * @flags: gup flags: these are the FOLL_* flag values. + * + * "grab" names in this file mean, "look at flags to decide whether to use + * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. + * + * Either FOLL_PIN or FOLL_GET (or neither) must be set, but not both at the + * same time. (That's true throughout the get_user_pages*() and + * pin_user_pages*() APIs.) Cases: + * + * FOLL_GET: folio's refcount will be incremented by @refs. + * + * FOLL_PIN on large folios: folio's refcount will be incremented by + * @refs, and its pincount will be incremented by @refs. + * + * FOLL_PIN on single-page folios: folio's refcount will be incremented by + * @refs * GUP_PIN_COUNTING_BIAS. + * + * Return: The folio containing @page (with refcount appropriately + * incremented) for success, or NULL upon failure. If neither FOLL_GET + * nor FOLL_PIN was set, that's considered failure, and furthermore, + * a likely bug in the caller, so a warning is also emitted. + * + * It uses add ref unless zero to elevate the folio refcount and must be called + * in fast path only. + */ +static struct folio *try_grab_folio_fast(struct page *page, int refs, + unsigned int flags) +{ + struct folio *folio; + + /* Raise warn if it is not called in fast GUP */ + VM_WARN_ON_ONCE(!irqs_disabled()); + + if (WARN_ON_ONCE((flags & (FOLL_GET | FOLL_PIN)) == 0)) + return NULL; + + if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) + return NULL; + + if (flags & FOLL_GET) + return try_get_folio(page, refs); + + /* FOLL_PIN is set */ + + /* + * Don't take a pin on the zero page - it's not going anywhere + * and it is used in a *lot* of places. + */ + if (is_zero_page(page)) + return page_folio(page); + + folio = try_get_folio(page, refs); + if (!folio) + return NULL; + + /* + * Can't do FOLL_LONGTERM + FOLL_PIN gup fast path if not in a + * right zone, so fail and let the caller fall back to the slow + * path. + */ + if (unlikely((flags & FOLL_LONGTERM) && + !folio_is_longterm_pinnable(folio))) { + if (!put_devmap_managed_page_refs(&folio->page, refs)) + folio_put_refs(folio, refs); + return NULL; + } + + /* + * When pinning a large folio, use an exact count to track it. + * + * However, be sure to *also* increment the normal folio + * refcount field at least once, so that the folio really + * is pinned. That's why the refcount from the earlier + * try_get_folio() is left intact. + */ + if (folio_test_large(folio)) + atomic_add(refs, &folio->_pincount); + else + folio_ref_add(folio, + refs * (GUP_PIN_COUNTING_BIAS - 1)); + /* + * Adjust the pincount before re-checking the PTE for changes. + * This is essentially a smp_mb() and is paired with a memory + * barrier in folio_try_share_anon_rmap_*(). + */ + smp_mb__after_atomic(); + + node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); + + return folio; +} + #ifdef CONFIG_ARCH_HAS_PTE_SPECIAL /* * Fast-gup relies on pte change detection to avoid concurrent pgtable @@ -2605,7 +2612,7 @@ static int gup_pte_range(pmd_t pmd, pmd_t *pmdp, unsigned long addr, VM_BUG_ON(!pfn_valid(pte_pfn(pte))); page = pte_page(pte); - folio = try_grab_folio(page, 1, flags); + folio = try_grab_folio_fast(page, 1, flags); if (!folio) goto pte_unmap; @@ -2699,7 +2706,7 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr, SetPageReferenced(page); pages[*nr] = page; - if (unlikely(try_grab_page(page, flags))) { + if (unlikely(try_grab_folio(page_folio(page), 1, flags))) { undo_dev_pagemap(nr, nr_start, flags, pages); break; } @@ -2808,7 +2815,7 @@ static int gup_hugepte(pte_t *ptep, unsigned long sz, unsigned long addr, page = nth_page(pte_page(pte), (addr & (sz - 1)) >> PAGE_SHIFT); refs = record_subpages(page, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -2879,7 +2886,7 @@ static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, page = nth_page(pmd_page(orig), (addr & ~PMD_MASK) >> PAGE_SHIFT); refs = record_subpages(page, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -2923,7 +2930,7 @@ static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, page = nth_page(pud_page(orig), (addr & ~PUD_MASK) >> PAGE_SHIFT); refs = record_subpages(page, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -2963,7 +2970,7 @@ static int gup_huge_pgd(pgd_t orig, pgd_t *pgdp, unsigned long addr, page = nth_page(pgd_page(orig), (addr & ~PGDIR_MASK) >> PAGE_SHIFT); refs = record_subpages(page, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 79fbd6ddec49..fc773b0c4438 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1052,7 +1052,7 @@ struct page *follow_devmap_pmd(struct vm_area_struct *vma, unsigned long addr, if (!*pgmap) return ERR_PTR(-EFAULT); page = pfn_to_page(pfn); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) page = ERR_PTR(ret); @@ -1471,7 +1471,7 @@ struct page *follow_trans_huge_pmd(struct vm_area_struct *vma, VM_BUG_ON_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page), page); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) return ERR_PTR(ret); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index a480affd475b..ab040f8d1987 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -6532,7 +6532,7 @@ struct page *hugetlb_follow_page_mask(struct vm_area_struct *vma, * try_grab_page() should always be able to get the page here, * because we hold the ptl lock and have verified pte_present(). */ - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (WARN_ON_ONCE(ret)) { page = ERR_PTR(ret); diff --git a/mm/internal.h b/mm/internal.h index abed947f784b..ef8d787a510c 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -938,8 +938,8 @@ int migrate_device_coherent_page(struct page *page); /* * mm/gup.c */ -struct folio *try_grab_folio(struct page *page, int refs, unsigned int flags); -int __must_check try_grab_page(struct page *page, unsigned int flags); +int __must_check try_grab_folio(struct folio *folio, int refs, + unsigned int flags); /* * mm/huge_memory.c -- 2.41.0

10 months, 2 weeks

2
3
0 0

[PATCH] scsi: ufs: Add missing check for alloc_ordered_workqueue

by Ma Ke

As it may return NULL pointer and cause NULL pointer dereference. Add check for the return value of alloc_ordered_workqueue. Cc: stable(a)vger.kernel.org Fixes: 10e5e37581fc ("scsi: ufs: Add clock ungating to a separate workqueue") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/ufs/core/ufshcd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 5e3c67e96956..41842f2cd454 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -2139,6 +2139,8 @@ static void ufshcd_init_clk_gating(struct ufs_hba *hba) hba->host->host_no); hba->clk_gating.clk_gating_workq = alloc_ordered_workqueue(wq_name, WQ_MEM_RECLAIM | WQ_HIGHPRI); + if (!hba->clk_gating.clk_gating_workq) + return; ufshcd_init_clk_gating_sysfs(hba); -- 2.25.1

10 months, 2 weeks

2
1
0 0

[tip: x86/build] x86/entry: Remove unwanted instrumentation in common_interrupt()

by tip-bot2 for Dmitry Vyukov

The following commit has been merged into the x86/build branch of tip: Commit-ID: 477d81a1c47a1b79b9c08fc92b5dea3c5143800b Gitweb: https://git.kernel.org/tip/477d81a1c47a1b79b9c08fc92b5dea3c5143800b Author: Dmitry Vyukov <dvyukov(a)google.com> AuthorDate: Tue, 11 Jun 2024 09:50:30 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 08 Aug 2024 17:36:35 +02:00 x86/entry: Remove unwanted instrumentation in common_interrupt() common_interrupt() and related variants call kvm_set_cpu_l1tf_flush_l1d(), which is neither marked noinstr nor __always_inline. So compiler puts it out of line and adds instrumentation to it. Since the call is inside of instrumentation_begin/end(), objtool does not warn about it. The manifestation is that KCOV produces spurious coverage in kvm_set_cpu_l1tf_flush_l1d() in random places because the call happens when preempt count is not yet updated to say that the kernel is in an interrupt. Mark kvm_set_cpu_l1tf_flush_l1d() as __always_inline and move it out of the instrumentation_begin/end() section. It only calls __this_cpu_write() which is already safe to call in noinstr contexts. Fixes: 6368558c3710 ("x86/entry: Provide IDTENTRY_SYSVEC") Signed-off-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Alexander Potapenko <glider(a)google.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/3f9a1de9e415fcb53d07dc9e19fa8481bb021b1b.171809… --- arch/x86/include/asm/hardirq.h | 8 ++++++-- arch/x86/include/asm/idtentry.h | 6 +++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h index c67fa6a..6ffa8b7 100644 --- a/arch/x86/include/asm/hardirq.h +++ b/arch/x86/include/asm/hardirq.h @@ -69,7 +69,11 @@ extern u64 arch_irq_stat(void); #define local_softirq_pending_ref pcpu_hot.softirq_pending #if IS_ENABLED(CONFIG_KVM_INTEL) -static inline void kvm_set_cpu_l1tf_flush_l1d(void) +/* + * This function is called from noinstr interrupt contexts + * and must be inlined to not get instrumentation. + */ +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 1); } @@ -84,7 +88,7 @@ static __always_inline bool kvm_get_cpu_l1tf_flush_l1d(void) return __this_cpu_read(irq_stat.kvm_cpu_l1tf_flush_l1d); } #else /* !IS_ENABLED(CONFIG_KVM_INTEL) */ -static inline void kvm_set_cpu_l1tf_flush_l1d(void) { } +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { } #endif /* IS_ENABLED(CONFIG_KVM_INTEL) */ #endif /* _ASM_X86_HARDIRQ_H */ diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h index d4f2449..ad5c68f 100644 --- a/arch/x86/include/asm/idtentry.h +++ b/arch/x86/include/asm/idtentry.h @@ -212,8 +212,8 @@ __visible noinstr void func(struct pt_regs *regs, \ irqentry_state_t state = irqentry_enter(regs); \ u32 vector = (u32)(u8)error_code; \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_irq_on_irqstack_cond(__##func, regs, vector); \ instrumentation_end(); \ irqentry_exit(regs, state); \ @@ -250,7 +250,6 @@ static void __##func(struct pt_regs *regs); \ \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_sysvec_on_irqstack_cond(__##func, regs); \ } \ \ @@ -258,6 +257,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \ @@ -288,7 +288,6 @@ static __always_inline void __##func(struct pt_regs *regs); \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ __irq_enter_raw(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ __##func (regs); \ __irq_exit_raw(); \ } \ @@ -297,6 +296,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \

10 months, 2 weeks

1
0
0 0

[tip: x86/build] module: Fix KCOV-ignored file name

by tip-bot2 for Dmitry Vyukov

The following commit has been merged into the x86/build branch of tip: Commit-ID: f34d086fb7102fec895fd58b9e816b981b284c17 Gitweb: https://git.kernel.org/tip/f34d086fb7102fec895fd58b9e816b981b284c17 Author: Dmitry Vyukov <dvyukov(a)google.com> AuthorDate: Tue, 11 Jun 2024 09:50:32 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 08 Aug 2024 17:36:35 +02:00 module: Fix KCOV-ignored file name module.c was renamed to main.c, but the Makefile directive was copy-pasted verbatim with the old file name. Fix up the file name. Fixes: cfc1d277891e ("module: Move all into module/") Signed-off-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marco Elver <elver(a)google.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/bc0cf790b4839c5e38e2fafc64271f620568a39e.171809… --- kernel/module/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module/Makefile b/kernel/module/Makefile index a10b2b9..50ffcc4 100644 --- a/kernel/module/Makefile +++ b/kernel/module/Makefile @@ -5,7 +5,7 @@ # These are called from save_stack_trace() on slub debug path, # and produce insane amounts of uninteresting coverage. -KCOV_INSTRUMENT_module.o := n +KCOV_INSTRUMENT_main.o := n obj-y += main.o obj-y += strict_rwx.o

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check backup support in signal endp" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f833470c27832136d4416d8fc55d658082af0989 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080719-salutary-trump-0d64@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f833470c2783 ("selftests: mptcp: join: check backup support in signal endp") 935ff5bb8a1c ("selftests: mptcp: join: validate backup in MPJ") c8f021eec581 ("selftests: mptcp: join: fix subflow_send_ack lookup") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") 173780ff18a9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f833470c27832136d4416d8fc55d658082af0989 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Sat, 27 Jul 2024 12:01:29 +0200 Subject: [PATCH] selftests: mptcp: join: check backup support in signal endp Before the previous commit, 'signal' endpoints with the 'backup' flag were ignored when sending the MP_JOIN. The MPTCP Join selftest has then been modified to validate this case: the "single address, backup" test, is now validating the MP_JOIN with a backup flag as it is what we expect it to do with such name. The previous version has been kept, but renamed to "single address, switch to backup" to avoid confusions. The "single address with port, backup" test is also now validating the MPJ with a backup flag, which makes more sense than checking the switch to backup with an MP_PRIO. The "mpc backup both sides" test is now validating that the backup flag is also set in MP_JOIN from and to the addresses used in the initial subflow, using the special ID 0. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 4596a2c1b7f5 ("mptcp: allow creating non-backup subflows") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index e6c8d86017f3..4df48f1f14ab 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -2639,6 +2639,19 @@ backup_tests() # single address, backup if reset "single address, backup" && + continue_if mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then + pm_nl_set_limits $ns1 0 1 + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup + pm_nl_set_limits $ns2 1 1 + sflags=nobackup speed=slow \ + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr 1 1 1 + chk_add_nr 1 1 + chk_prio_nr 1 0 0 1 + fi + + # single address, switch to backup + if reset "single address, switch to backup" && continue_if mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then pm_nl_set_limits $ns1 0 1 pm_nl_add_endpoint $ns1 10.0.2.1 flags signal @@ -2654,13 +2667,13 @@ backup_tests() if reset "single address with port, backup" && continue_if mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then pm_nl_set_limits $ns1 0 1 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal port 10100 + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal,backup port 10100 pm_nl_set_limits $ns2 1 1 - sflags=backup speed=slow \ + sflags=nobackup speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1 chk_add_nr 1 1 - chk_prio_nr 1 1 0 0 + chk_prio_nr 1 0 0 1 fi if reset "mpc backup" && @@ -2674,12 +2687,21 @@ backup_tests() if reset "mpc backup both sides" && continue_if mptcp_lib_kallsyms_doesnt_have "T mptcp_subflow_send_ack$"; then - pm_nl_add_endpoint $ns1 10.0.1.1 flags subflow,backup + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 1 2 + pm_nl_add_endpoint $ns1 10.0.1.1 flags signal,backup pm_nl_add_endpoint $ns2 10.0.1.2 flags subflow,backup + + # 10.0.2.2 (non-backup) -> 10.0.1.1 (backup) + pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow + # 10.0.1.2 (backup) -> 10.0.2.1 (non-backup) + pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + ip -net "$ns2" route add 10.0.2.1 via 10.0.1.1 dev ns2eth1 # force this path + speed=slow \ run_tests $ns1 $ns2 10.0.1.1 - chk_join_nr 0 0 0 - chk_prio_nr 1 1 0 0 + chk_join_nr 2 2 2 + chk_prio_nr 1 1 1 1 fi if reset "mpc switch to backup" &&

10 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: validate backup in MPJ" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 935ff5bb8a1cfcdf8e60c8f5c794d0bbbc234437 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080706-cognitive-parsnip-7428@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 935ff5bb8a1c ("selftests: mptcp: join: validate backup in MPJ") 985de45923e2 ("selftests: mptcp: centralize stats dumping") 0639fa230a21 ("selftests: mptcp: add explicit check for new mibs") 9095ce97bf8a ("selftests: mptcp: add mptcp_info tests") 070d6dafacba ("selftests: mptcp: stop tests earlier") a635a8c3df66 ("selftests: mptcp: allow more slack for slow test-case") a3735625572d ("selftests: mptcp: make evts global in mptcp_join") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 935ff5bb8a1cfcdf8e60c8f5c794d0bbbc234437 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Sat, 27 Jul 2024 12:01:27 +0200 Subject: [PATCH] selftests: mptcp: join: validate backup in MPJ A peer can notify the other one that a subflow has to be treated as "backup" by two different ways: either by sending a dedicated MP_PRIO notification, or by setting the backup flag in the MP_JOIN handshake. The selftests were previously monitoring the former, but not the latter. This is what is now done here by looking at these new MIB counters when validating the 'backup' cases: MPTcpExtMPJoinSynBackupRx MPTcpExtMPJoinSynAckBackupRx The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it will help to validate a new fix for an issue introduced by this commit ID. Fixes: 4596a2c1b7f5 ("mptcp: allow creating non-backup subflows") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 55d84a1bde15..e6c8d86017f3 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -1634,6 +1634,8 @@ chk_prio_nr() { local mp_prio_nr_tx=$1 local mp_prio_nr_rx=$2 + local mpj_syn=$3 + local mpj_syn_ack=$4 local count print_check "ptx" @@ -1655,6 +1657,26 @@ chk_prio_nr() else print_ok fi + + print_check "syn backup" + count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtMPJoinSynBackupRx") + if [ -z "$count" ]; then + print_skip + elif [ "$count" != "$mpj_syn" ]; then + fail_test "got $count JOIN[s] syn with Backup expected $mpj_syn" + else + print_ok + fi + + print_check "synack backup" + count=$(mptcp_lib_get_counter ${ns2} "MPTcpExtMPJoinSynAckBackupRx") + if [ -z "$count" ]; then + print_skip + elif [ "$count" != "$mpj_syn_ack" ]; then + fail_test "got $count JOIN[s] synack with Backup expected $mpj_syn_ack" + else + print_ok + fi } chk_subflow_nr() @@ -2612,7 +2634,7 @@ backup_tests() sflags=nobackup speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1 - chk_prio_nr 0 1 + chk_prio_nr 0 1 1 0 fi # single address, backup @@ -2625,7 +2647,7 @@ backup_tests() run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1 chk_add_nr 1 1 - chk_prio_nr 1 1 + chk_prio_nr 1 1 0 0 fi # single address with port, backup @@ -2638,7 +2660,7 @@ backup_tests() run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1 chk_add_nr 1 1 - chk_prio_nr 1 1 + chk_prio_nr 1 1 0 0 fi if reset "mpc backup" && @@ -2647,7 +2669,7 @@ backup_tests() speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 0 0 0 - chk_prio_nr 0 1 + chk_prio_nr 0 1 0 0 fi if reset "mpc backup both sides" && @@ -2657,7 +2679,7 @@ backup_tests() speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 0 0 0 - chk_prio_nr 1 1 + chk_prio_nr 1 1 0 0 fi if reset "mpc switch to backup" && @@ -2666,7 +2688,7 @@ backup_tests() sflags=backup speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 0 0 0 - chk_prio_nr 0 1 + chk_prio_nr 0 1 0 0 fi if reset "mpc switch to backup both sides" && @@ -2676,7 +2698,7 @@ backup_tests() sflags=backup speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 0 0 0 - chk_prio_nr 1 1 + chk_prio_nr 1 1 0 0 fi } @@ -3053,7 +3075,7 @@ fullmesh_tests() addr_nr_ns2=1 sflags=backup,fullmesh speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 2 2 2 - chk_prio_nr 0 1 + chk_prio_nr 0 1 1 0 chk_rm_nr 0 1 fi @@ -3066,7 +3088,7 @@ fullmesh_tests() sflags=nobackup,nofullmesh speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 2 2 2 - chk_prio_nr 0 1 + chk_prio_nr 0 1 1 0 chk_rm_nr 0 1 fi } @@ -3318,7 +3340,7 @@ userspace_tests() sflags=backup speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 0 - chk_prio_nr 0 0 + chk_prio_nr 0 0 0 0 fi # userspace pm type prevents rm_addr

10 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: fix backup support in signal endpoints" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6834097fc38c5416701c793da94558cea49c0a1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080727-stricken-overact-90c5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6834097fc38c ("mptcp: pm: fix backup support in signal endpoints") 9ae7846c4b6b ("mptcp: dump addrs in userspace pm list") 34e74a5cf3b7 ("mptcp: implement mptcp_userspace_pm_dump_addr") aab4d8564947 ("net: mptcp: use policy generated by YAML spec") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") 6ba7ce89905c ("mptcp: unify pm set_flags interfaces") f40be0db0b76 ("mptcp: unify pm get_flags_and_ifindex_by_id") a963853fd465 ("mptcp: use net instead of sock_net") dfc8d0603033 ("mptcp: implement delayed seq generation for passive fastopen") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6834097fc38c5416701c793da94558cea49c0a1f Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Sat, 27 Jul 2024 12:01:28 +0200 Subject: [PATCH] mptcp: pm: fix backup support in signal endpoints There was a support for signal endpoints, but only when the endpoint's flag was changed during a connection. If an endpoint with the signal and backup was already present, the MP_JOIN reply was not containing the backup flag as expected. That's confusing to have this inconsistent behaviour. On the other hand, the infrastructure to set the backup flag in the SYN + ACK + MP_JOIN was already there, it was just never set before. Now when requesting the local ID from the path-manager, the backup status is also requested. Note that when the userspace PM is used, the backup flag can be set if the local address was already used before with a backup flag, e.g. if the address was announced with the 'backup' flag, or a subflow was created with the 'backup' flag. Fixes: 4596a2c1b7f5 ("mptcp: allow creating non-backup subflows") Cc: stable(a)vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/507 Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 55406720c607..23bb89c94e90 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -426,6 +426,18 @@ int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc) return mptcp_pm_nl_get_local_id(msk, &skc_local); } +bool mptcp_pm_is_backup(struct mptcp_sock *msk, struct sock_common *skc) +{ + struct mptcp_addr_info skc_local; + + mptcp_local_address((struct sock_common *)skc, &skc_local); + + if (mptcp_pm_is_userspace(msk)) + return mptcp_userspace_pm_is_backup(msk, &skc_local); + + return mptcp_pm_nl_is_backup(msk, &skc_local); +} + int mptcp_pm_get_flags_and_ifindex_by_id(struct mptcp_sock *msk, unsigned int id, u8 *flags, int *ifindex) { diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 7635fac91539..37954a0b087d 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1101,6 +1101,24 @@ int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc return ret; } +bool mptcp_pm_nl_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc) +{ + struct pm_nl_pernet *pernet = pm_nl_get_pernet_from_msk(msk); + struct mptcp_pm_addr_entry *entry; + bool backup = false; + + rcu_read_lock(); + list_for_each_entry_rcu(entry, &pernet->local_addr_list, list) { + if (mptcp_addresses_equal(&entry->addr, skc, entry->addr.port)) { + backup = !!(entry->flags & MPTCP_PM_ADDR_FLAG_BACKUP); + break; + } + } + rcu_read_unlock(); + + return backup; +} + #define MPTCP_PM_CMD_GRP_OFFSET 0 #define MPTCP_PM_EV_GRP_OFFSET 1 diff --git a/net/mptcp/pm_userspace.c b/net/mptcp/pm_userspace.c index f0a4590506c6..8eaa9fbe3e34 100644 --- a/net/mptcp/pm_userspace.c +++ b/net/mptcp/pm_userspace.c @@ -165,6 +165,24 @@ int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, return mptcp_userspace_pm_append_new_local_addr(msk, &new_entry, true); } +bool mptcp_userspace_pm_is_backup(struct mptcp_sock *msk, + struct mptcp_addr_info *skc) +{ + struct mptcp_pm_addr_entry *entry; + bool backup = false; + + spin_lock_bh(&msk->pm.lock); + list_for_each_entry(entry, &msk->pm.userspace_pm_local_addr_list, list) { + if (mptcp_addresses_equal(&entry->addr, skc, false)) { + backup = !!(entry->flags & MPTCP_PM_ADDR_FLAG_BACKUP); + break; + } + } + spin_unlock_bh(&msk->pm.lock); + + return backup; +} + int mptcp_pm_nl_announce_doit(struct sk_buff *skb, struct genl_info *info) { struct nlattr *token = info->attrs[MPTCP_PM_ATTR_TOKEN]; diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index b8b25124e7de..60c6b073d65f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1109,6 +1109,9 @@ bool mptcp_pm_rm_addr_signal(struct mptcp_sock *msk, unsigned int remaining, int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc); int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +bool mptcp_pm_is_backup(struct mptcp_sock *msk, struct sock_common *skc); +bool mptcp_pm_nl_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +bool mptcp_userspace_pm_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_pm_dump_addr(struct sk_buff *msg, struct netlink_callback *cb); int mptcp_pm_nl_dump_addr(struct sk_buff *msg, struct netlink_callback *cb); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index be406197b1c4..0e4b5bfbeaa1 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -100,6 +100,7 @@ static struct mptcp_sock *subflow_token_join_request(struct request_sock *req) return NULL; } subflow_req->local_id = local_id; + subflow_req->request_bkup = mptcp_pm_is_backup(msk, (struct sock_common *)req); return msk; } @@ -620,6 +621,8 @@ static int subflow_chk_local_id(struct sock *sk) return err; subflow_set_local_id(subflow, err); + subflow->request_bkup = mptcp_pm_is_backup(msk, (struct sock_common *)sk); + return 0; }

10 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] mptcp: mib: count MPJ with backup flag" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4dde0d72ccec500c60c798e036b852e013d6e124 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080722-survive-jacket-b862@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4dde0d72ccec ("mptcp: mib: count MPJ with backup flag") b3ea6b272d79 ("mptcp: consolidate initial ack seq generation") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4dde0d72ccec500c60c798e036b852e013d6e124 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Sat, 27 Jul 2024 12:01:26 +0200 Subject: [PATCH] mptcp: mib: count MPJ with backup flag Without such counters, it is difficult to easily debug issues with MPJ not having the backup flags on production servers. This is not strictly a fix, but it eases to validate the following patches without requiring to take packet traces, to query ongoing connections with Netlink with admin permissions, or to guess by looking at the behaviour of the packet scheduler. Also, the modification is self contained, isolated, well controlled, and the increments are done just after others, there from the beginning. It looks then safe, and helpful to backport this. Fixes: 4596a2c1b7f5 ("mptcp: allow creating non-backup subflows") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/mib.c b/net/mptcp/mib.c index c30405e76833..7884217f33eb 100644 --- a/net/mptcp/mib.c +++ b/net/mptcp/mib.c @@ -19,7 +19,9 @@ static const struct snmp_mib mptcp_snmp_list[] = { SNMP_MIB_ITEM("MPTCPRetrans", MPTCP_MIB_RETRANSSEGS), SNMP_MIB_ITEM("MPJoinNoTokenFound", MPTCP_MIB_JOINNOTOKEN), SNMP_MIB_ITEM("MPJoinSynRx", MPTCP_MIB_JOINSYNRX), + SNMP_MIB_ITEM("MPJoinSynBackupRx", MPTCP_MIB_JOINSYNBACKUPRX), SNMP_MIB_ITEM("MPJoinSynAckRx", MPTCP_MIB_JOINSYNACKRX), + SNMP_MIB_ITEM("MPJoinSynAckBackupRx", MPTCP_MIB_JOINSYNACKBACKUPRX), SNMP_MIB_ITEM("MPJoinSynAckHMacFailure", MPTCP_MIB_JOINSYNACKMAC), SNMP_MIB_ITEM("MPJoinAckRx", MPTCP_MIB_JOINACKRX), SNMP_MIB_ITEM("MPJoinAckHMacFailure", MPTCP_MIB_JOINACKMAC), diff --git a/net/mptcp/mib.h b/net/mptcp/mib.h index 2704afd0dfe4..66aa67f49d03 100644 --- a/net/mptcp/mib.h +++ b/net/mptcp/mib.h @@ -14,7 +14,9 @@ enum linux_mptcp_mib_field { MPTCP_MIB_RETRANSSEGS, /* Segments retransmitted at the MPTCP-level */ MPTCP_MIB_JOINNOTOKEN, /* Received MP_JOIN but the token was not found */ MPTCP_MIB_JOINSYNRX, /* Received a SYN + MP_JOIN */ + MPTCP_MIB_JOINSYNBACKUPRX, /* Received a SYN + MP_JOIN + backup flag */ MPTCP_MIB_JOINSYNACKRX, /* Received a SYN/ACK + MP_JOIN */ + MPTCP_MIB_JOINSYNACKBACKUPRX, /* Received a SYN/ACK + MP_JOIN + backup flag */ MPTCP_MIB_JOINSYNACKMAC, /* HMAC was wrong on SYN/ACK + MP_JOIN */ MPTCP_MIB_JOINACKRX, /* Received an ACK + MP_JOIN */ MPTCP_MIB_JOINACKMAC, /* HMAC was wrong on ACK + MP_JOIN */ diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index a3778aee4e77..be406197b1c4 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -168,6 +168,9 @@ static int subflow_check_req(struct request_sock *req, return 0; } else if (opt_mp_join) { SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINSYNRX); + + if (mp_opt.backup) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINSYNBACKUPRX); } if (opt_mp_capable && listener->request_mptcp) { @@ -577,6 +580,9 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->mp_join = 1; MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKRX); + if (subflow->backup) + MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKBACKUPRX); + if (subflow_use_different_dport(msk, sk)) { pr_debug("synack inet_dport=%d %d", ntohs(inet_sk(sk)->inet_dport),

10 months, 2 weeks

2
1
0 0

[tip: x86/urgent] x86/mtrr: Check if fixed MTRRs exist before saving them

by tip-bot2 for Andi Kleen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 919f18f961c03d6694aa726c514184f2311a4614 Gitweb: https://git.kernel.org/tip/919f18f961c03d6694aa726c514184f2311a4614 Author: Andi Kleen <ak(a)linux.intel.com> AuthorDate: Wed, 07 Aug 2024 17:02:44 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 08 Aug 2024 17:03:12 +02:00 x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the MTRR capability MSR. So far all x86 CPUs which support MTRR have this separate bit set, so it went unnoticed that mtrr_save_state() does not check the capability bit before accessing the fixed MTRR MSRs. Though on a CPU that does not support the fixed MTRR capability this results in a #GP. The #GP itself is harmless because the RDMSR fault is handled gracefully, but results in a WARN_ON(). Add the missing capability check to prevent this. Fixes: 2b1f6278d77c ("[PATCH] x86: Save the MTRRs of the BSP before booting an AP") Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240808000244.946864-1-ak@linux.intel.com --- arch/x86/kernel/cpu/mtrr/mtrr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/mtrr/mtrr.c b/arch/x86/kernel/cpu/mtrr/mtrr.c index 767bf1c..2a2fc14 100644 --- a/arch/x86/kernel/cpu/mtrr/mtrr.c +++ b/arch/x86/kernel/cpu/mtrr/mtrr.c @@ -609,7 +609,7 @@ void mtrr_save_state(void) { int first_cpu; - if (!mtrr_enabled()) + if (!mtrr_enabled() || !mtrr_state.have_fixed) return; first_cpu = cpumask_first(cpu_online_mask);

10 months, 2 weeks

1
0
0 0

[GIT PULL 1/2] KVM: s390: fix validity interception issue when gisa is switched off

by Janosch Frank

From: Michael Mueller <mimu(a)linux.ibm.com> We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.use_gisa=0" or by setting the related sysfs attribute to N (echo N >/sys/module/kvm/parameters/use_gisa). The validity is caused by an invalid value in the SIE control block's gisa designation. That happens because we pass the uninitialized gisa origin to virt_to_phys() before writing it to the gisa designation. To fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0. kvm_s390_get_gisa_desc() is used to determine which gisa designation to set in the SIE control block. A value of 0 in the gisa designation disables gisa usage. The issue surfaces in the host kernel with the following kernel message as soon a new kvm guest start is attemted. kvm: unhandled validity intercept 0x1011 WARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm] Modules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci] CPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6 Hardware name: IBM 3931 A01 701 (LPAR) Krnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm]) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 Krnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000 000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff 000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412 000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960 Krnl Code: 000003d93deb0112: c020fffe7259 larl %r2,000003d93de7e5c4 000003d93deb0118: c0e53fa8beac brasl %r14,000003d9bd3c7e70 #000003d93deb011e: af000000 mc 0,0 >000003d93deb0122: a728ffea lhi %r2,-22 000003d93deb0126: a7f4fe24 brc 15,000003d93deafd6e 000003d93deb012a: 9101f0b0 tm 176(%r15),1 000003d93deb012e: a774fe48 brc 7,000003d93deafdbe 000003d93deb0132: 40a0f0ae sth %r10,174(%r15) Call Trace: [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm] ([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]) [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm] [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm] [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm] [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm] [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70 [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0 [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0 [<000003d9be0f9a90>] system_call+0x70/0x98 Last Breaking-Event-Address: [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0 Cc: stable(a)vger.kernel.org Reported-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Fixes: fe0ef0030463 ("KVM: s390: sort out physical vs virtual pointers usage") Signed-off-by: Michael Mueller <mimu(a)linux.ibm.com> Tested-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Reviewed-by: Janosch Frank <frankja(a)linux.ibm.com> Link: https://lore.kernel.org/r/20240801123109.2782155-1-mimu@linux.ibm.com Message-ID: <20240801123109.2782155-1-mimu(a)linux.ibm.com> Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> --- arch/s390/kvm/kvm-s390.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h index bf8534218af3..e680c6bf0c9d 100644 --- a/arch/s390/kvm/kvm-s390.h +++ b/arch/s390/kvm/kvm-s390.h @@ -267,7 +267,12 @@ static inline unsigned long kvm_s390_get_gfn_end(struct kvm_memslots *slots) static inline u32 kvm_s390_get_gisa_desc(struct kvm *kvm) { - u32 gd = virt_to_phys(kvm->arch.gisa_int.origin); + u32 gd; + + if (!kvm->arch.gisa_int.origin) + return 0; + + gd = virt_to_phys(kvm->arch.gisa_int.origin); if (gd && sclp.has_gisaf) gd |= GISA_FORMAT1; -- 2.46.0

10 months, 2 weeks

1
0
0 0

[for-linus][PATCH 9/9] tracefs: Use generic inode RCU for synchronizing freeing

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. i_lru or i_sb_list to not corrupt related list traversals when making use of the rcu_head. For an unlucky structure layout of 'struct inode' we may end up with the following splat when running the ftrace selftests: [<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object]) [<...>] ------------[ cut here ]------------ [<...>] kernel BUG at lib/list_debug.c:54! [<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G N 6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65 [<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0 [<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f [<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283 [<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000 [<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001 [<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25 [<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d [<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000 [<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object] [<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0 [<...>] RSI: __func__.47+0x4340/0x4400 [<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object] [<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550] [<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550] [<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550] [<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object] [<...>] FS: 00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000 [<...>] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0 [<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [<...>] ASID: 0003 [<...>] Stack: [<...>] ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0 [<...>] ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f [<...>] 0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392 [<...>] Call Trace: [<...>] <TASK> [<...>] [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0 [<...>] [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48 [<...>] [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88 [<...>] [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90 [<...>] [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8 [<...>] [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8 [<...>] [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40 [<...>] [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48 [<...>] [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70 [<...>] [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78 [<...>] [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80 [<...>] [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8 [<...>] [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0 [<...>] [<ffffffff8294ad20>] ? do_one_tree+0x140/0x140 fffffe80416afcf8 [<...>] [<ffffffff82997349>] ? do_remount+0x329/0xa00 fffffe80416afd18 [<...>] [<ffffffff83ebf7a1>] ? security_sb_remount+0x81/0x1c0 fffffe80416afd38 [<...>] [<ffffffff82892096>] reconfigure_super+0x856/0x14e0 fffffe80416afd70 [<...>] [<ffffffff815d1327>] ? ns_capable_common+0xe7/0x2a0 fffffe80416afd90 [<...>] [<ffffffff82997436>] do_remount+0x416/0xa00 fffffe80416afdd0 [<...>] [<ffffffff829b2ba4>] path_mount+0x5c4/0x900 fffffe80416afe28 [<...>] [<ffffffff829b25e0>] ? finish_automount+0x13a0/0x13a0 fffffe80416afe60 [<...>] [<ffffffff82903812>] ? user_path_at_empty+0xb2/0x140 fffffe80416afe88 [<...>] [<ffffffff829b2ff5>] do_mount+0x115/0x1c0 fffffe80416afeb8 [<...>] [<ffffffff829b2ee0>] ? path_mount+0x900/0x900 fffffe80416afed8 [<...>] [<ffffffff8272461c>] ? __kasan_check_write+0x1c/0xa0 fffffe80416afee0 [<...>] [<ffffffff829b31cf>] __do_sys_mount+0x12f/0x280 fffffe80416aff30 [<...>] [<ffffffff829b36cd>] __x64_sys_mount+0xcd/0x2e0 fffffe80416aff70 [<...>] [<ffffffff819f8818>] ? syscall_trace_enter+0x218/0x380 fffffe80416aff88 [<...>] [<ffffffff8111655e>] x64_sys_call+0x5d5e/0x6720 fffffe80416affa8 [<...>] [<ffffffff8952756d>] do_syscall_64+0xcd/0x3c0 fffffe80416affb8 [<...>] [<ffffffff8100119b>] entry_SYSCALL_64_safe_stack+0x4c/0x87 fffffe80416affe8 [<...>] </TASK> [<...>] <PTREGS> [<...>] RIP: 0033:[<00006dcb382ff66a>] vm_area_struct[mount 2550 2550 file 6dcb38225000-6dcb3837e000 22 55(read|exec|mayread|mayexec)]+0x0/0xb8 [userland map] [<...>] Code: 48 8b 0d 29 18 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f6 17 0d 00 f7 d8 64 89 01 48 [<...>] RSP: 002b:0000763d68192558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [<...>] RAX: ffffffffffffffda RBX: 00006dcb38433264 RCX: 00006dcb382ff66a [<...>] RDX: 000017c3e0d11210 RSI: 000017c3e0d1a5a0 RDI: 000017c3e0d1ae70 [<...>] RBP: 000017c3e0d10fb0 R08: 000017c3e0d11260 R09: 00006dcb383d1be0 [<...>] R10: 000000000020002e R11: 0000000000000246 R12: 0000000000000000 [<...>] R13: 000017c3e0d1ae70 R14: 000017c3e0d11210 R15: 000017c3e0d10fb0 [<...>] RBX: vm_area_struct[mount 2550 2550 file 6dcb38433000-6dcb38434000 5b 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RCX: vm_area_struct[mount 2550 2550 file 6dcb38225000-6dcb3837e000 22 55(read|exec|mayread|mayexec)]+0x0/0xb8 [userland map] [<...>] RDX: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RSI: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RDI: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RBP: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RSP: vm_area_struct[mount 2550 2550 anon 763d68173000-763d68195000 7ffffffdd 100133(read|write|mayread|maywrite|growsdown|account)]+0x0/0xb8 [userland map] [<...>] R08: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R09: vm_area_struct[mount 2550 2550 file 6dcb383d1000-6dcb383d3000 1cd 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R13: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R14: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R15: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] </PTREGS> [<...>] Modules linked in: [<...>] ---[ end trace 0000000000000000 ]--- The list debug message as well as RBX's symbolic value point out that the object in question was allocated from 'tracefs_inode_cache' and that the list's '->next' member is at offset 0. Dumping the layout of the relevant parts of 'struct tracefs_inode' gives the following: struct tracefs_inode { union { struct inode { struct list_head { struct list_head * next; /* 0 8 */ struct list_head * prev; /* 8 8 */ } i_lru; [...] } vfs_inode; struct callback_head { void (*func)(struct callback_head *); /* 0 8 */ struct callback_head * next; /* 8 8 */ } rcu; }; [...] }; Above shows that 'vfs_inode.i_lru' overlaps with 'rcu' which will destroy the 'i_lru' list as soon as the 'rcu' member gets used, e.g. in call_rcu() or later when calling the RCU callback. This will disturb concurrent list traversals as well as object reuse which assumes these list heads will keep their integrity. For reproduction, the following diff manually overlays 'i_lru' with 'rcu' as, otherwise, one would require some good portion of luck for gambling an unlucky RANDSTRUCT seed: --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -629,6 +629,7 @@ struct inode { umode_t i_mode; unsigned short i_opflags; kuid_t i_uid; + struct list_head i_lru; /* inode LRU list */ kgid_t i_gid; unsigned int i_flags; @@ -690,7 +691,6 @@ struct inode { u16 i_wb_frn_avg_time; u16 i_wb_frn_history; #endif - struct list_head i_lru; /* inode LRU list */ struct list_head i_sb_list; struct list_head i_wb_list; /* backing dev writeback list */ union { The tracefs inode does not need to supply its own RCU delayed destruction of its inode. The inode code itself offers both a "destroy_inode()" callback that gets called when the last reference of the inode is released, and the "free_inode()" which is called after a RCU synchronization period from the "destroy_inode()". The tracefs code can unlink the inode from its list in the destroy_inode() callback, and the simply free it from the free_inode() callback. This should provide the same protection. Link: https://lore.kernel.org/all/20240807115143.45927-3-minipli@grsecurity.net/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Ajay Kaher <ajay.kaher(a)broadcom.com> Cc: Ilkka =?utf-8?b?TmF1bGFww6TDpA==?= <digirigawa(a)gmail.com> Link: https://lore.kernel.org/20240807185402.61410544@gandalf.local.home Fixes: baa23a8d4360 ("tracefs: Reset permissions on remount if permissions are options") Reported-by: Mathias Krause <minipli(a)grsecurity.net> Reported-by: Brad Spengler <spender(a)grsecurity.net> Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 10 ++++------ fs/tracefs/internal.h | 5 +---- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 21a7e51fc3c1..1748dff58c3b 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -53,15 +53,14 @@ static struct inode *tracefs_alloc_inode(struct super_block *sb) return &ti->vfs_inode; } -static void tracefs_free_inode_rcu(struct rcu_head *rcu) +static void tracefs_free_inode(struct inode *inode) { - struct tracefs_inode *ti; + struct tracefs_inode *ti = get_tracefs(inode); - ti = container_of(rcu, struct tracefs_inode, rcu); kmem_cache_free(tracefs_inode_cachep, ti); } -static void tracefs_free_inode(struct inode *inode) +static void tracefs_destroy_inode(struct inode *inode) { struct tracefs_inode *ti = get_tracefs(inode); unsigned long flags; @@ -69,8 +68,6 @@ static void tracefs_free_inode(struct inode *inode) spin_lock_irqsave(&tracefs_inode_lock, flags); list_del_rcu(&ti->list); spin_unlock_irqrestore(&tracefs_inode_lock, flags); - - call_rcu(&ti->rcu, tracefs_free_inode_rcu); } static ssize_t default_read_file(struct file *file, char __user *buf, @@ -437,6 +434,7 @@ static int tracefs_drop_inode(struct inode *inode) static const struct super_operations tracefs_super_operations = { .alloc_inode = tracefs_alloc_inode, .free_inode = tracefs_free_inode, + .destroy_inode = tracefs_destroy_inode, .drop_inode = tracefs_drop_inode, .statfs = simple_statfs, .show_options = tracefs_show_options, diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index f704d8348357..d83c2a25f288 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -10,10 +10,7 @@ enum { }; struct tracefs_inode { - union { - struct inode vfs_inode; - struct rcu_head rcu; - }; + struct inode vfs_inode; /* The below gets initialized with memset_after(ti, 0, vfs_inode) */ struct list_head list; unsigned long flags; -- 2.43.0

10 months, 2 weeks

1
0
0 0

[for-linus][PATCH 7/9] tracing: Fix overflow in get_free_elt()

by Steven Rostedt

From: Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using `__tracing_map_insert()`, it will cause an infinite loop with preemption disabled, leading to a CPU hang problem. Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt". Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Fixes: 08d43a5fa063e ("tracing: Add lock-free tracing_map") Co-developed-by: Cheng-Jui Wang <cheng-jui.wang(a)mediatek.com> Link: https://lore.kernel.org/20240805055922.6277-1-Tze-nan.Wu@mediatek.com Signed-off-by: Cheng-Jui Wang <cheng-jui.wang(a)mediatek.com> Signed-off-by: Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/tracing_map.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c index a4dcf0f24352..3a56e7c8aa4f 100644 --- a/kernel/trace/tracing_map.c +++ b/kernel/trace/tracing_map.c @@ -454,7 +454,7 @@ static struct tracing_map_elt *get_free_elt(struct tracing_map *map) struct tracing_map_elt *elt = NULL; int idx; - idx = atomic_inc_return(&map->next_elt); + idx = atomic_fetch_add_unless(&map->next_elt, 1, map->max_elts); if (idx < map->max_elts) { elt = *(TRACING_MAP_ELT(map->elts, idx)); if (map->ops && map->ops->elt_init) @@ -699,7 +699,7 @@ void tracing_map_clear(struct tracing_map *map) { unsigned int i; - atomic_set(&map->next_elt, -1); + atomic_set(&map->next_elt, 0); atomic64_set(&map->hits, 0); atomic64_set(&map->drops, 0); @@ -783,7 +783,7 @@ struct tracing_map *tracing_map_create(unsigned int map_bits, map->map_bits = map_bits; map->max_elts = (1 << map_bits); - atomic_set(&map->next_elt, -1); + atomic_set(&map->next_elt, 0); map->map_size = (1 << (map_bits + 1)); map->ops = ops; -- 2.43.0

10 months, 2 weeks

1
0
0 0

[for-linus][PATCH 6/9] function_graph: Fix the ret_stack used by ftrace_graph_ret_addr()

by Steven Rostedt

From: Petr Pavlu <petr.pavlu(a)suse.com> When ftrace_graph_ret_addr() is invoked to convert a found stack return address to its original value, the function can end up producing the following crash: [ 95.442712] BUG: kernel NULL pointer dereference, address: 0000000000000028 [ 95.442720] #PF: supervisor read access in kernel mode [ 95.442724] #PF: error_code(0x0000) - not-present page [ 95.442727] PGD 0 P4D 0- [ 95.442731] Oops: Oops: 0000 [#1] PREEMPT SMP PTI [ 95.442736] CPU: 1 UID: 0 PID: 2214 Comm: insmod Kdump: loaded Tainted: G OE K 6.11.0-rc1-default #1 67c62a3b3720562f7e7db5f11c1fdb40b7a2857c [ 95.442747] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE, [K]=LIVEPATCH [ 95.442750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 [ 95.442754] RIP: 0010:ftrace_graph_ret_addr+0x42/0xc0 [ 95.442766] Code: [...] [ 95.442773] RSP: 0018:ffff979b80ff7718 EFLAGS: 00010006 [ 95.442776] RAX: ffffffff8ca99b10 RBX: ffff979b80ff7760 RCX: ffff979b80167dc0 [ 95.442780] RDX: ffffffff8ca99b10 RSI: ffff979b80ff7790 RDI: 0000000000000005 [ 95.442783] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 95.442786] R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff8e9491e0 [ 95.442790] R13: ffffffff8d6f70f0 R14: ffff979b80167da8 R15: ffff979b80167dc8 [ 95.442793] FS: 00007fbf83895740(0000) GS:ffff8a0afdd00000(0000) knlGS:0000000000000000 [ 95.442797] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.442800] CR2: 0000000000000028 CR3: 0000000005070002 CR4: 0000000000370ef0 [ 95.442806] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.442809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.442816] Call Trace: [ 95.442823] <TASK> [ 95.442896] unwind_next_frame+0x20d/0x830 [ 95.442905] arch_stack_walk_reliable+0x94/0xe0 [ 95.442917] stack_trace_save_tsk_reliable+0x7d/0xe0 [ 95.442922] klp_check_and_switch_task+0x55/0x1a0 [ 95.442931] task_call_func+0xd3/0xe0 [ 95.442938] klp_try_switch_task.part.5+0x37/0x150 [ 95.442942] klp_try_complete_transition+0x79/0x2d0 [ 95.442947] klp_enable_patch+0x4db/0x890 [ 95.442960] do_one_initcall+0x41/0x2e0 [ 95.442968] do_init_module+0x60/0x220 [ 95.442975] load_module+0x1ebf/0x1fb0 [ 95.443004] init_module_from_file+0x88/0xc0 [ 95.443010] idempotent_init_module+0x190/0x240 [ 95.443015] __x64_sys_finit_module+0x5b/0xc0 [ 95.443019] do_syscall_64+0x74/0x160 [ 95.443232] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 95.443236] RIP: 0033:0x7fbf82f2c709 [ 95.443241] Code: [...] [ 95.443247] RSP: 002b:00007fffd5ea3b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 95.443253] RAX: ffffffffffffffda RBX: 000056359c48e750 RCX: 00007fbf82f2c709 [ 95.443257] RDX: 0000000000000000 RSI: 000056356ed4efc5 RDI: 0000000000000003 [ 95.443260] RBP: 000056356ed4efc5 R08: 0000000000000000 R09: 00007fffd5ea3c10 [ 95.443263] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 95.443267] R13: 000056359c48e6f0 R14: 0000000000000000 R15: 0000000000000000 [ 95.443272] </TASK> [ 95.443274] Modules linked in: [...] [ 95.443385] Unloaded tainted modules: intel_uncore_frequency(E):1 isst_if_common(E):1 skx_edac(E):1 [ 95.443414] CR2: 0000000000000028 The bug can be reproduced with kselftests: cd linux/tools/testing/selftests make TARGETS='ftrace livepatch' (cd ftrace; ./ftracetest test.d/ftrace/fgraph-filter.tc) (cd livepatch; ./test-livepatch.sh) The problem is that ftrace_graph_ret_addr() is supposed to operate on the ret_stack of a selected task but wrongly accesses the ret_stack of the current task. Specifically, the above NULL dereference occurs when task->curr_ret_stack is non-zero, but current->ret_stack is NULL. Correct ftrace_graph_ret_addr() to work with the right ret_stack. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reported-by: Miroslav Benes <mbenes(a)suse.cz> Link: https://lore.kernel.org/20240803131211.17255-1-petr.pavlu@suse.com Fixes: 7aa1eaef9f42 ("function_graph: Allow multiple users to attach to function graph") Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fgraph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/fgraph.c b/kernel/trace/fgraph.c index fc205ad167a9..d1d5ea2d0a1b 100644 --- a/kernel/trace/fgraph.c +++ b/kernel/trace/fgraph.c @@ -902,7 +902,7 @@ unsigned long ftrace_graph_ret_addr(struct task_struct *task, int *idx, i = *idx ? : task->curr_ret_stack; while (i > 0) { - ret_stack = get_ret_stack(current, i, &i); + ret_stack = get_ret_stack(task, i, &i); if (!ret_stack) break; /* -- 2.43.0

10 months, 2 weeks

1
0
0 0

[for-linus][PATCH 5/9] eventfs: Use SRCU for freeing eventfs_inodes

by Steven Rostedt

From: Mathias Krause <minipli(a)grsecurity.net> To mirror the SRCU lock held in eventfs_iterate() when iterating over eventfs inodes, use call_srcu() to free them too. This was accidentally(?) degraded to RCU in commit 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts"). Cc: Ajay Kaher <ajay.kaher(a)broadcom.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20240723210755.8970-1-minipli@grsecurity.net Fixes: 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts") Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index a9c28a1d5dc8..01e99e98457d 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -112,7 +112,7 @@ static void release_ei(struct kref *ref) entry->release(entry->name, ei->data); } - call_rcu(&ei->rcu, free_ei_rcu); + call_srcu(&eventfs_srcu, &ei->rcu, free_ei_rcu); } static inline void put_ei(struct eventfs_inode *ei) -- 2.43.0

10 months, 2 weeks

1
0
0 0

[for-linus][PATCH 4/9] eventfs: Dont return NULL in eventfs_create_dir()

by Steven Rostedt

From: Mathias Krause <minipli(a)grsecurity.net> Commit 77a06c33a22d ("eventfs: Test for ei->is_freed when accessing ei->dentry") added another check, testing if the parent was freed after we released the mutex. If so, the function returns NULL. However, all callers expect it to either return a valid pointer or an error pointer, at least since commit 5264a2f4bb3b ("tracing: Fix a NULL vs IS_ERR() bug in event_subsystem_dir()"). Returning NULL will therefore fail the error condition check in the caller. Fix this by substituting the NULL return value with a fitting error pointer. Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: stable(a)vger.kernel.org Fixes: 77a06c33a22d ("eventfs: Test for ei->is_freed when accessing ei->dentry") Link: https://lore.kernel.org/20240723122522.2724-1-minipli@grsecurity.net Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Ajay Kaher <ajay.kaher(a)broadcom.com> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 5d88c184f0fc..a9c28a1d5dc8 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -736,7 +736,7 @@ struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode /* Was the parent freed? */ if (list_empty(&ei->list)) { cleanup_ei(ei); - ei = NULL; + ei = ERR_PTR(-EBUSY); } return ei; } -- 2.43.0

10 months, 2 weeks

1
0
0 0

[for-linus][PATCH 3/9] tracefs: Fix inode allocation

by Steven Rostedt

From: Mathias Krause <minipli(a)grsecurity.net> The leading comment above alloc_inode_sb() is pretty explicit about it: /* * This must be used for allocating filesystems specific inodes to set * up the inode reclaim context correctly. */ Switch tracefs over to alloc_inode_sb() to make sure inodes are properly linked. Cc: Ajay Kaher <ajay.kaher(a)broadcom.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20240807115143.45927-2-minipli@grsecurity.net Fixes: ba37ff75e04b ("eventfs: Implement tracefs_inode_cache") Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 1028ab6d9a74..21a7e51fc3c1 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -42,7 +42,7 @@ static struct inode *tracefs_alloc_inode(struct super_block *sb) struct tracefs_inode *ti; unsigned long flags; - ti = kmem_cache_alloc(tracefs_inode_cachep, GFP_KERNEL); + ti = alloc_inode_sb(sb, tracefs_inode_cachep, GFP_KERNEL); if (!ti) return NULL; -- 2.43.0

10 months, 2 weeks

1
0
0 0

[git:media_stage/master] media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Author: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Wed Aug 7 09:22:10 2024 +0200 The cec_msg_set_reply_to() helper function never zeroed the struct cec_msg flags field, this can cause unexpected behavior if flags was uninitialized to begin with. Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Fixes: 0dbacebede1e ("[media] cec: move the CEC framework out of staging and to media") Cc: <stable(a)vger.kernel.org> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> include/uapi/linux/cec.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- diff --git a/include/uapi/linux/cec.h b/include/uapi/linux/cec.h index 894fffc66f2c..b2af1dddd4d7 100644 --- a/include/uapi/linux/cec.h +++ b/include/uapi/linux/cec.h @@ -132,6 +132,8 @@ static inline void cec_msg_init(struct cec_msg *msg, * Set the msg destination to the orig initiator and the msg initiator to the * orig destination. Note that msg and orig may be the same pointer, in which * case the change is done in place. + * + * It also zeroes the reply, timeout and flags fields. */ static inline void cec_msg_set_reply_to(struct cec_msg *msg, struct cec_msg *orig) @@ -139,7 +141,9 @@ static inline void cec_msg_set_reply_to(struct cec_msg *msg, /* The destination becomes the initiator and vice versa */ msg->msg[0] = (cec_msg_destination(orig) << 4) | cec_msg_initiator(orig); - msg->reply = msg->timeout = 0; + msg->reply = 0; + msg->timeout = 0; + msg->flags = 0; } /**

10 months, 2 weeks

1
0
0 0

[git:media_tree/master] media: uvcvideo: Fix custom control mapping probing

by Laurent Pinchart

This is an automatic generated email to let you know that the following patch were queued: Subject: media: uvcvideo: Fix custom control mapping probing Author: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon Jul 22 11:52:26 2024 +0000 Custom control mapping introduced a bug, where the filter function was applied to every single control. Fix it so it is only applied to the matching controls. The following dmesg errors during probe are now fixed: usb 1-5: Found UVC 1.00 device Integrated_Webcam_HD (0c45:670c) usb 1-5: Failed to query (GET_CUR) UVC control 2 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 3 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 6 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 7 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 8 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 9 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 10 on unit 2: -75 (exp. 1). Reported-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Closes: https://lore.kernel.org/linux-media/518cd6b4-68a8-4895-b8fc-97d4dae1ddc4@mo… Cc: stable(a)vger.kernel.org Fixes: 8f4362a8d42b ("media: uvcvideo: Allow custom control mapping") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20240722-fix-filter-mapping-v2-1-7ed5bb6c1185@chr… Tested-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/usb/uvc/uvc_ctrl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 0136df5732ba..4fe26e82e3d1 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2680,6 +2680,10 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, for (i = 0; i < ARRAY_SIZE(uvc_ctrl_mappings); ++i) { const struct uvc_control_mapping *mapping = &uvc_ctrl_mappings[i]; + if (!uvc_entity_match_guid(ctrl->entity, mapping->entity) || + ctrl->info.selector != mapping->selector) + continue; + /* Let the device provide a custom mapping. */ if (mapping->filter_mapping) { mapping = mapping->filter_mapping(chain, ctrl); @@ -2687,9 +2691,7 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, continue; } - if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && - ctrl->info.selector == mapping->selector) - __uvc_ctrl_add_mapping(chain, ctrl, mapping); + __uvc_ctrl_add_mapping(chain, ctrl, mapping); } }

10 months, 2 weeks

1
0
0 0

[git:media_tree/master] media: ipu-bridge: fix ipu6 Kconfig dependencies

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ipu-bridge: fix ipu6 Kconfig dependencies Author: Arnd Bergmann <arnd(a)arndb.de> Date: Fri Jul 19 11:53:50 2024 +0200 Commit 4670c8c3fb04 ("media: ipu-bridge: Fix Kconfig dependencies") changed how IPU_BRIDGE dependencies are handled for all drivers, but the IPU6 variant was added the old way, which causes build time warnings when I2C is turned off: WARNING: unmet direct dependencies detected for IPU_BRIDGE Depends on [n]: MEDIA_SUPPORT [=m] && PCI [=y] && MEDIA_PCI_SUPPORT [=y] && (ACPI [=y] || COMPILE_TEST [=y]) && I2C [=n] Selected by [m]: - VIDEO_INTEL_IPU6 [=m] && MEDIA_SUPPORT [=m] && PCI [=y] && MEDIA_PCI_SUPPORT [=y] && (ACPI [=y] || COMPILE_TEST [=y]) && VIDEO_DEV [=m] && X86 [=y] && X86_64 [=y] && HAS_DMA [=y] To make it consistent with the other IPU drivers as well as avoid this warning, change the 'select' into 'depends on'. Fixes: c70281cc83d6 ("media: intel/ipu6: add Kconfig and Makefile") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> [Sakari Ailus: Alternatively depend on !IPU_BRIDGE.] Cc: stable(a)vger.kernel.org # for v6.10 Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/pci/intel/ipu6/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/pci/intel/ipu6/Kconfig b/drivers/media/pci/intel/ipu6/Kconfig index 154343080c82..b7ab24b89836 100644 --- a/drivers/media/pci/intel/ipu6/Kconfig +++ b/drivers/media/pci/intel/ipu6/Kconfig @@ -3,13 +3,13 @@ config VIDEO_INTEL_IPU6 depends on ACPI || COMPILE_TEST depends on VIDEO_DEV depends on X86 && X86_64 && HAS_DMA + depends on IPU_BRIDGE || !IPU_BRIDGE select DMA_OPS select IOMMU_IOVA select VIDEO_V4L2_SUBDEV_API select MEDIA_CONTROLLER select VIDEOBUF2_DMA_CONTIG select V4L2_FWNODE - select IPU_BRIDGE help This is the 6th Gen Intel Image Processing Unit, found in Intel SoCs and used for capturing images and video from camera sensors.

10 months, 2 weeks

1
0
0 0

[git:media_tree/master] media: v4l: Fix missing tabular column hint for Y14P format

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: Fix missing tabular column hint for Y14P format Author: Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> Date: Sat Jun 8 18:41:27 2024 +0200 The original patch added two columns in the flat-table of Luma-Only Image Formats, without updating hints to latex: above it. This results in wrong column count in the output of Sphinx's latex builder. Fix it. Reported-by: Akira Yokosawa <akiyks(a)gmail.com> Closes: https://lore.kernel.org/linux-media/bdbc27ba-5098-49fb-aabf-753c81361cc7@gm… Fixes: adb1d4655e53 ("media: v4l: Add V4L2-PIX-FMT-Y14P format") Cc: stable(a)vger.kernel.org # for v6.10 Signed-off-by: Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- diff --git a/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst b/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst index f02e6cf3516a..74df19be91f6 100644 --- a/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst +++ b/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst @@ -21,9 +21,9 @@ are often referred to as greyscale formats. .. raw:: latex - \scriptsize + \tiny -.. tabularcolumns:: |p{3.6cm}|p{3.0cm}|p{1.3cm}|p{2.6cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}| +.. tabularcolumns:: |p{3.6cm}|p{2.4cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}| .. flat-table:: Luma-Only Image Formats :header-rows: 1

10 months, 2 weeks

1
0
0 0

[git:media_tree/master] media: intel/ipu6: select AUXILIARY_BUS in Kconfig

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: intel/ipu6: select AUXILIARY_BUS in Kconfig Author: Bingbu Cao <bingbu.cao(a)intel.com> Date: Wed Jul 17 15:40:50 2024 +0800 Intel IPU6 PCI driver need register its devices on auxiliary bus, so it needs to select the AUXILIARY_BUS in Kconfig. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202407161833.7BEFXejx-lkp@intel.com/ Fixes: c70281cc83d6 ("media: intel/ipu6: add Kconfig and Makefile") Signed-off-by: Bingbu Cao <bingbu.cao(a)intel.com> Cc: stable(a)vger.kernel.org # for v6.10 Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/pci/intel/ipu6/Kconfig | 1 + 1 file changed, 1 insertion(+) --- diff --git a/drivers/media/pci/intel/ipu6/Kconfig b/drivers/media/pci/intel/ipu6/Kconfig index b7ab24b89836..40e20f0aa5ae 100644 --- a/drivers/media/pci/intel/ipu6/Kconfig +++ b/drivers/media/pci/intel/ipu6/Kconfig @@ -4,6 +4,7 @@ config VIDEO_INTEL_IPU6 depends on VIDEO_DEV depends on X86 && X86_64 && HAS_DMA depends on IPU_BRIDGE || !IPU_BRIDGE + select AUXILIARY_BUS select DMA_OPS select IOMMU_IOVA select VIDEO_V4L2_SUBDEV_API

10 months, 2 weeks

1
0
0 0

[RESEND PATCH v1] mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0

by Hailong Liu

The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e (mm, vmalloc: fix high order __GFP_NOFAIL allocations), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code. Fixes: e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations") Signed-off-by: Hailong Liu <hailong.liu(a)oppo.com> Reported-by: Tangquan.Zheng <zhengtangquan(a)oppo.com> Cc: <stable(a)vger.kernel.org> CC: Barry Song <21cnbao(a)gmail.com> CC: Baoquan He <bhe(a)redhat.com> CC: Matthew Wilcox <willy(a)infradead.org> --- mm/vmalloc.c | 11 ++--------- mm/vmalloc.c.rej | 10 ++++++++++ 2 files changed, 12 insertions(+), 9 deletions(-) create mode 100644 mm/vmalloc.c.rej diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 6b783baf12a1..af2de36549d6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3584,15 +3584,8 @@ vm_area_alloc_pages(gfp_t gfp, int nid, page = alloc_pages_noprof(alloc_gfp, order); else page = alloc_pages_node_noprof(nid, alloc_gfp, order); - if (unlikely(!page)) { - if (!nofail) - break; - - /* fall back to the zero order allocations */ - alloc_gfp |= __GFP_NOFAIL; - order = 0; - continue; - } + if (unlikely(!page)) + break; /* * Higher order allocations must be able to be treated as --- sorry for fat fingers. with .rej file. resend this. Baoquan suggests set page_shift to 0 if fallback in (2 and concern about performance of retry with order-0. But IMO with retry, - Save memory usage if high order allocation failed. - Keep consistancy with align and page-shift. - make use of bulk allocator with order-0 [2] https://lore.kernel.org/lkml/20240725035318.471-1-hailong.liu@oppo.com/ -- 2.34.1

10 months, 2 weeks

1
0
0 0

[PATCH] drm: omapdrm: Add missing check for alloc_ordered_workqueue

by Ma Ke

As it may return NULL pointer and cause NULL pointer dereference. Add check for the return value of alloc_ordered_workqueue. Cc: stable(a)vger.kernel.org Fixes: 2f95bc6d324a ("drm: omapdrm: Perform initialization/cleanup at probe/remove time") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/omapdrm/omap_drv.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/omapdrm/omap_drv.c b/drivers/gpu/drm/omapdrm/omap_drv.c index 6598c9c08ba1..94a57f0d1c08 100644 --- a/drivers/gpu/drm/omapdrm/omap_drv.c +++ b/drivers/gpu/drm/omapdrm/omap_drv.c @@ -695,6 +695,10 @@ static int omapdrm_init(struct omap_drm_private *priv, struct device *dev) soc = soc_device_match(omapdrm_soc_devices); priv->omaprev = soc ? (uintptr_t)soc->data : 0; priv->wq = alloc_ordered_workqueue("omapdrm", 0); + if (!priv->wq) { + ret = -ENOMEM; + goto err_alloc_workqueue; + } mutex_init(&priv->list_lock); INIT_LIST_HEAD(&priv->obj_list); @@ -753,6 +757,7 @@ static int omapdrm_init(struct omap_drm_private *priv, struct device *dev) drm_mode_config_cleanup(ddev); omap_gem_deinit(ddev); destroy_workqueue(priv->wq); +err_alloc_workqueue: omap_disconnect_pipelines(ddev); drm_dev_put(ddev); return ret; -- 2.25.1

10 months, 2 weeks

2
1
0 0

[PATCH v4 RESEND] lockdep: fix deadlock issue between lockdep and rcu

by Carlos Llamas

From: Zhiguo Niu <zhiguo.niu(a)unisoc.com> There is a deadlock scenario between lockdep and rcu when rcu nocb feature is enabled, just as following call stack: rcuop/x -000|queued_spin_lock_slowpath(lock = 0xFFFFFF817F2A8A80, val = ?) -001|queued_spin_lock(inline) // try to hold nocb_gp_lock -001|do_raw_spin_lock(lock = 0xFFFFFF817F2A8A80) -002|__raw_spin_lock_irqsave(inline) -002|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F2A8A80) -003|wake_nocb_gp_defer(inline) -003|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F30B680) -004|__call_rcu_common(inline) -004|call_rcu(head = 0xFFFFFFC082EECC28, func = ?) -005|call_rcu_zapped(inline) -005|free_zapped_rcu(ch = ?)// hold graph lock -006|rcu_do_batch(rdp = 0xFFFFFF817F245680) -007|nocb_cb_wait(inline) -007|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F245680) -008|kthread(_create = 0xFFFFFF80803122C0) -009|ret_from_fork(asm) rcuop/y -000|queued_spin_lock_slowpath(lock = 0xFFFFFFC08291BBC8, val = 0) -001|queued_spin_lock() -001|lockdep_lock() -001|graph_lock() // try to hold graph lock -002|lookup_chain_cache_add() -002|validate_chain() -003|lock_acquire -004|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F211D80) -005|lock_timer_base(inline) -006|mod_timer(inline) -006|wake_nocb_gp_defer(inline)// hold nocb_gp_lock -006|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F2A8680) -007|__call_rcu_common(inline) -007|call_rcu(head = 0xFFFFFFC0822E0B58, func = ?) -008|call_rcu_hurry(inline) -008|rcu_sync_call(inline) -008|rcu_sync_func(rhp = 0xFFFFFFC0822E0B58) -009|rcu_do_batch(rdp = 0xFFFFFF817F266680) -010|nocb_cb_wait(inline) -010|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F266680) -011|kthread(_create = 0xFFFFFF8080363740) -012|ret_from_fork(asm) rcuop/x and rcuop/y are rcu nocb threads with the same nocb gp thread. This patch release the graph lock before lockdep call_rcu. Fixes: a0b0fd53e1e6 ("locking/lockdep: Free lock classes that are no longer in use") Cc: <stable(a)vger.kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Waiman Long <longman(a)redhat.com> Cc: Carlos Llamas <cmllamas(a)google.com> Cc: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Xuewen Yan <xuewen.yan(a)unisoc.com> Reviewed-by: Boqun Feng <boqun.feng(a)gmail.com> Reviewed-by: Waiman Long <longman(a)redhat.com> Reviewed-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- kernel/locking/lockdep.c | 48 ++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c index 151bd3de5936..3468d8230e5f 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c @@ -6184,25 +6184,27 @@ static struct pending_free *get_pending_free(void) static void free_zapped_rcu(struct rcu_head *cb); /* - * Schedule an RCU callback if no RCU callback is pending. Must be called with - * the graph lock held. - */ -static void call_rcu_zapped(struct pending_free *pf) +* See if we need to queue an RCU callback, must called with +* the lockdep lock held, returns false if either we don't have +* any pending free or the callback is already scheduled. +* Otherwise, a call_rcu() must follow this function call. +*/ +static bool prepare_call_rcu_zapped(struct pending_free *pf) { WARN_ON_ONCE(inside_selftest()); if (list_empty(&pf->zapped)) - return; + return false; if (delayed_free.scheduled) - return; + return false; delayed_free.scheduled = true; WARN_ON_ONCE(delayed_free.pf + delayed_free.index != pf); delayed_free.index ^= 1; - call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + return true; } /* The caller must hold the graph lock. May be called from RCU context. */ @@ -6228,6 +6230,7 @@ static void free_zapped_rcu(struct rcu_head *ch) { struct pending_free *pf; unsigned long flags; + bool need_callback; if (WARN_ON_ONCE(ch != &delayed_free.rcu_head)) return; @@ -6239,14 +6242,18 @@ static void free_zapped_rcu(struct rcu_head *ch) pf = delayed_free.pf + (delayed_free.index ^ 1); __free_zapped_classes(pf); delayed_free.scheduled = false; + need_callback = + prepare_call_rcu_zapped(delayed_free.pf + delayed_free.index); + lockdep_unlock(); + raw_local_irq_restore(flags); /* - * If there's anything on the open list, close and start a new callback. - */ - call_rcu_zapped(delayed_free.pf + delayed_free.index); + * If there's pending free and its callback has not been scheduled, + * queue an RCU callback. + */ + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); - lockdep_unlock(); - raw_local_irq_restore(flags); } /* @@ -6286,6 +6293,7 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) { struct pending_free *pf; unsigned long flags; + bool need_callback; init_data_structures_once(); @@ -6293,10 +6301,11 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) lockdep_lock(); pf = get_pending_free(); __lockdep_free_key_range(pf, start, size); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); lockdep_unlock(); raw_local_irq_restore(flags); - + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); /* * Wait for any possible iterators from look_up_lock_class() to pass * before continuing to free the memory they refer to. @@ -6390,6 +6399,7 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) struct pending_free *pf; unsigned long flags; int locked; + bool need_callback = false; raw_local_irq_save(flags); locked = graph_lock(); @@ -6398,11 +6408,13 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) pf = get_pending_free(); __lockdep_reset_lock(pf, lock); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); graph_unlock(); out_irq: raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); } /* @@ -6446,6 +6458,7 @@ void lockdep_unregister_key(struct lock_class_key *key) struct pending_free *pf; unsigned long flags; bool found = false; + bool need_callback = false; might_sleep(); @@ -6466,11 +6479,14 @@ void lockdep_unregister_key(struct lock_class_key *key) if (found) { pf = get_pending_free(); __lockdep_free_key_range(pf, key, 1); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); } lockdep_unlock(); raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + /* Wait until is_dynamic_key() has finished accessing k->hash_entry. */ synchronize_rcu(); } -- 2.45.0.rc1.225.g2a3ae87e7f-goog

10 months, 2 weeks

5
6
0 0

[PATCH for 6.6 stable] btrfs: fix corruption after buffer fault in during direct IO append write

by fdmanana＠kernel.org

From: Filipe Manana <fdmanana(a)suse.com> commit 939b656bc8ab203fdbde26ccac22bcb7f0985be5 upstream. During an append (O_APPEND write flag) direct IO write if the input buffer was not previously faulted in, we can corrupt the file in a way that the final size is unexpected and it includes an unexpected hole. The problem happens like this: 1) We have an empty file, with size 0, for example; 2) We do an O_APPEND direct IO with a length of 4096 bytes and the input buffer is not currently faulted in; 3) We enter btrfs_direct_write(), lock the inode and call generic_write_checks(), which calls generic_write_checks_count(), and that function sets the iocb position to 0 with the following code: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 4) We call btrfs_dio_write() and enter into iomap, which will end up calling btrfs_dio_iomap_begin() and that calls btrfs_get_blocks_direct_write(), where we update the i_size of the inode to 4096 bytes; 5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access the page of the write input buffer (at iomap_dio_bio_iter(), with a call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets returned to btrfs at btrfs_direct_write() via btrfs_dio_write(); 6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode, fault in the write buffer and then goto to the label 'relock'; 7) We lock again the inode, do all the necessary checks again and call again generic_write_checks(), which calls generic_write_checks_count() again, and there we set the iocb's position to 4K, which is the current i_size of the inode, with the following code pointed above: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 8) Then we go again to btrfs_dio_write() and enter iomap and the write succeeds, but it wrote to the file range [4K, 8K[, leaving a hole in the [0, 4K[ range and an i_size of 8K, which goes against the expections of having the data written to the range [0, 4K[ and get an i_size of 4K. Fix this by not unlocking the inode before faulting in the input buffer, in case we get -EFAULT or an incomplete write, and not jumping to the 'relock' label after faulting in the buffer - instead jump to a location immediately before calling iomap, skipping all the write checks and relocking. This solves this problem and it's fine even in case the input buffer is memory mapped to the same file range, since only holding the range locked in the inode's io tree can cause a deadlock, it's safe to keep the inode lock (VFS lock), as was fixed and described in commit 51bd9563b678 ("btrfs: fix deadlock due to page faults during direct IO reads and writes"). A sample reproducer provided by a reporter is the following: $ cat test.c #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <test file>\n", argv[0]); return 1; } int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT | O_APPEND, 0644); if (fd < 0) { perror("creating test file"); return 1; } char *buf = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ssize_t ret = write(fd, buf, 4096); if (ret < 0) { perror("pwritev2"); return 1; } struct stat stbuf; ret = fstat(fd, &stbuf); if (ret < 0) { perror("stat"); return 1; } printf("size: %llu\n", (unsigned long long)stbuf.st_size); return stbuf.st_size == 4096 ? 0 : 1; } A test case for fstests will be sent soon. Reported-by: Hanna Czenczek <hreitz(a)redhat.com> Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@re… Fixes: 8184620ae212 ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb") Signed-off-by: Filipe Manana <fdmanana(a)suse.com> --- fs/btrfs/ctree.h | 1 + fs/btrfs/file.c | 55 ++++++++++++++++++++++++++++++++++++------------ 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 06333a74d6c4..86c7f8ce1715 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -445,6 +445,7 @@ struct btrfs_file_private { void *filldir_buf; u64 last_index; struct extent_state *llseek_cached_state; + bool fsync_skip_inode_lock; }; static inline u32 BTRFS_LEAF_DATA_SIZE(const struct btrfs_fs_info *info) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index c997b790568f..a47a7bbf9b7e 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1535,21 +1535,37 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) * So here we disable page faults in the iov_iter and then retry if we * got -EFAULT, faulting in the pages before the retry. */ +again: from->nofault = true; dio = btrfs_dio_write(iocb, from, written); from->nofault = false; - /* - * iomap_dio_complete() will call btrfs_sync_file() if we have a dsync - * iocb, and that needs to lock the inode. So unlock it before calling - * iomap_dio_complete() to avoid a deadlock. - */ - btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); - - if (IS_ERR_OR_NULL(dio)) + if (IS_ERR_OR_NULL(dio)) { err = PTR_ERR_OR_ZERO(dio); - else + } else { + struct btrfs_file_private stack_private = { 0 }; + struct btrfs_file_private *private; + const bool have_private = (file->private_data != NULL); + + if (!have_private) + file->private_data = &stack_private; + + /* + * If we have a synchoronous write, we must make sure the fsync + * triggered by the iomap_dio_complete() call below doesn't + * deadlock on the inode lock - we are already holding it and we + * can't call it after unlocking because we may need to complete + * partial writes due to the input buffer (or parts of it) not + * being already faulted in. + */ + private = file->private_data; + private->fsync_skip_inode_lock = true; err = iomap_dio_complete(dio); + private->fsync_skip_inode_lock = false; + + if (!have_private) + file->private_data = NULL; + } /* No increment (+=) because iomap returns a cumulative value. */ if (err > 0) @@ -1576,10 +1592,12 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) } else { fault_in_iov_iter_readable(from, left); prev_left = left; - goto relock; + goto again; } } + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + /* * If 'err' is -ENOTBLK or we have not written all data, then it means * we must fallback to buffered IO. @@ -1778,6 +1796,7 @@ static inline bool skip_inode_logging(const struct btrfs_log_ctx *ctx) */ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) { + struct btrfs_file_private *private = file->private_data; struct dentry *dentry = file_dentry(file); struct inode *inode = d_inode(dentry); struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); @@ -1787,6 +1806,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) int ret = 0, err; u64 len; bool full_sync; + const bool skip_ilock = (private ? private->fsync_skip_inode_lock : false); trace_btrfs_sync_file(file, datasync); @@ -1814,7 +1834,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) if (ret) goto out; - btrfs_inode_lock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); + if (skip_ilock) + down_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_lock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); atomic_inc(&root->log_batch); @@ -1838,7 +1861,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) */ ret = start_ordered_ops(inode, start, end); if (ret) { - btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); goto out; } @@ -1941,7 +1967,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) * file again, but that will end up using the synchronization * inside btrfs_sync_log to keep things safe. */ - btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); if (ret == BTRFS_NO_LOG_SYNC) { ret = btrfs_end_transaction(trans); -- 2.43.0

10 months, 2 weeks

3
2
0 0

[PATCH v2 0/7] Add USB clocks to Exynos7885

by David Virag

This set of patches adds the clocks necessary for USB on the Exynos7885 SoC. While at it, also fix some issues with the existing driver/bindings. This set was split from a previous set containing clk, phy, and usb patches [1]. Changes in v2: - Split from full patchset. - Added Cc-stable tags and fixes tag to update CLKS_NR_FSYS patch - Blank line fixes Cc: stable(a)vger.kernel.org [1] https://lore.kernel.org/linux-samsung-soc/20240804215458.404085-1-virag.dav… David Virag (7): dt-bindings: clock: exynos7885: Fix duplicated binding dt-bindings: clock: exynos7885: Add CMU_TOP PLL MUX indices dt-bindings: clock: exynos7885: Add indices for USB clocks clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix clk: samsung: exynos7885: Add missing MUX clocks from PLLs in CMU_TOP clk: samsung: clk-pll: Add support for pll_1418x clk: samsung: exynos7885: Add USB related clocks to CMU_FSYS drivers/clk/samsung/clk-exynos7885.c | 93 ++++++++++++++++++++------ drivers/clk/samsung/clk-pll.c | 20 ++++-- drivers/clk/samsung/clk-pll.h | 1 + include/dt-bindings/clock/exynos7885.h | 32 ++++++--- 4 files changed, 111 insertions(+), 35 deletions(-) -- 2.46.0

10 months, 2 weeks

2
4
0 0

[PATCH 03/13] serial: don't use uninitialized value in uart_poll_init()

by Jiri Slaby (SUSE)

Coverity reports (as CID 1536978) that uart_poll_init() passes uninitialized pm_state to uart_change_pm(). It is in case the first 'if' takes the true branch (does "goto out;"). Fix this and simplify the function by simple guard(mutex). The code needs no labels after this at all. And it is pretty clear that the code has not fiddled with pm_state at that point. Signed-off-by: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> Fixes: 5e227ef2aa38 (serial: uart_poll_init() should power on the UART) Cc: stable(a)vger.kernel.org Cc: Douglas Anderson <dianders(a)chromium.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/serial_core.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 3afe77f05abf..d63e9b636e02 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -2690,14 +2690,13 @@ static int uart_poll_init(struct tty_driver *driver, int line, char *options) int ret = 0; tport = &state->port; - mutex_lock(&tport->mutex); + + guard(mutex)(&tport->mutex); port = uart_port_check(state); if (!port || port->type == PORT_UNKNOWN || - !(port->ops->poll_get_char && port->ops->poll_put_char)) { - ret = -1; - goto out; - } + !(port->ops->poll_get_char && port->ops->poll_put_char)) + return -1; pm_state = state->pm_state; uart_change_pm(state, UART_PM_STATE_ON); @@ -2717,10 +2716,10 @@ static int uart_poll_init(struct tty_driver *driver, int line, char *options) ret = uart_set_options(port, NULL, baud, parity, bits, flow); console_list_unlock(); } -out: + if (ret) uart_change_pm(state, pm_state); - mutex_unlock(&tport->mutex); + return ret; } -- 2.46.0

10 months, 2 weeks

5
6
0 0

[PATCH net] eventpoll: Annotate data-race of busy_poll_usecs

by Joe Damato

From: Martin Karsten <mkarsten(a)uwaterloo.ca> A struct eventpoll's busy_poll_usecs field can be modified via a user ioctl at any time. All reads of this field should be annotated with READ_ONCE. Fixes: 85455c795c07 ("eventpoll: support busy poll per epoll instance") Cc: stable(a)vger.kernel.org Signed-off-by: Martin Karsten <mkarsten(a)uwaterloo.ca> Reviewed-by: Joe Damato <jdamato(a)fastly.com> --- fs/eventpoll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index f53ca4f7fced..6d0e2f547ae7 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -420,7 +420,7 @@ static bool busy_loop_ep_timeout(unsigned long start_time, static bool ep_busy_loop_on(struct eventpoll *ep) { - return !!ep->busy_poll_usecs || net_busy_loop_on(); + return !!READ_ONCE(ep->busy_poll_usecs) || net_busy_loop_on(); } static bool ep_busy_loop_end(void *p, unsigned long start_time) -- 2.25.1

10 months, 2 weeks

3
2
0 0

[PATCH 3/3] io_uring/net: don't pick multiple buffers for non-bundle send

by Jens Axboe

If a send is issued marked with IOSQE_BUFFER_SELECT for selecting a buffer, unless it's a bundle, it should not select multiple buffers. Cc: stable(a)vger.kernel.org Fixes: a05d1f625c7a ("io_uring/net: support bundles for send") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/net.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/io_uring/net.c b/io_uring/net.c index 050bea5e7256..d08abcca89cc 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -601,17 +601,18 @@ int io_send(struct io_kiocb *req, unsigned int issue_flags) .iovs = &kmsg->fast_iov, .max_len = INT_MAX, .nr_iovs = 1, - .mode = KBUF_MODE_EXPAND, }; if (kmsg->free_iov) { arg.nr_iovs = kmsg->free_iov_nr; arg.iovs = kmsg->free_iov; - arg.mode |= KBUF_MODE_FREE; + arg.mode = KBUF_MODE_FREE; } if (!(sr->flags & IORING_RECVSEND_BUNDLE)) arg.nr_iovs = 1; + else + arg.mode |= KBUF_MODE_EXPAND; ret = io_buffers_select(req, &arg, issue_flags); if (unlikely(ret < 0)) -- 2.43.0

10 months, 2 weeks

1
0
0 0

[PATCH 2/3] io_uring/net: ensure expanded bundle send gets marked for cleanup

by Jens Axboe

If the iovec inside the kmsg isn't already allocated AND one gets expanded beyond the fixed size, then the request may not already have been marked for cleanup. Ensure that it is. Cc: stable(a)vger.kernel.org Fixes: a05d1f625c7a ("io_uring/net: support bundles for send") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/net.c | 1 + 1 file changed, 1 insertion(+) diff --git a/io_uring/net.c b/io_uring/net.c index 97a48408cec3..050bea5e7256 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -623,6 +623,7 @@ int io_send(struct io_kiocb *req, unsigned int issue_flags) if (arg.iovs != &kmsg->fast_iov && arg.iovs != kmsg->free_iov) { kmsg->free_iov_nr = ret; kmsg->free_iov = arg.iovs; + req->flags |= REQ_F_NEED_CLEANUP; } } -- 2.43.0

10 months, 2 weeks

1
0
0 0

[PATCH 1/3] io_uring/net: ensure expanded bundle recv gets marked for cleanup

by Jens Axboe

If the iovec inside the kmsg isn't already allocated AND one gets expanded beyond the fixed size, then the request may not already have been marked for cleanup. Ensure that it is. Cc: stable(a)vger.kernel.org Fixes: 2f9c9515bdfd ("io_uring/net: support bundles for recv") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/net.c | 1 + 1 file changed, 1 insertion(+) diff --git a/io_uring/net.c b/io_uring/net.c index 594490a1389b..97a48408cec3 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -1094,6 +1094,7 @@ static int io_recv_buf_select(struct io_kiocb *req, struct io_async_msghdr *kmsg if (arg.iovs != &kmsg->fast_iov && arg.iovs != kmsg->free_iov) { kmsg->free_iov_nr = ret; kmsg->free_iov = arg.iovs; + req->flags |= REQ_F_NEED_CLEANUP; } } else { void __user *buf; -- 2.43.0

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] padata-fix-possible-divide-by-0-panic-in-padata_mt_helper.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: padata: fix possible divide-by-0 panic in padata_mt_helper() has been removed from the -mm tree. Its filename was padata-fix-possible-divide-by-0-panic-in-padata_mt_helper.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Waiman Long <longman(a)redhat.com> Subject: padata: Fix possible divide-by-0 panic in padata_mt_helper() Date: Tue, 6 Aug 2024 13:46:47 -0400 We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: events_unbound padata_mt_helper [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0 : [ 10.017963] Call Trace: [ 10.017968] <TASK> [ 10.018004] ? padata_mt_helper+0x39/0xb0 [ 10.018084] process_one_work+0x174/0x330 [ 10.018093] worker_thread+0x266/0x3a0 [ 10.018111] kthread+0xcf/0x100 [ 10.018124] ret_from_fork+0x31/0x50 [ 10.018138] ret_from_fork_asm+0x1a/0x30 [ 10.018147] </TASK> Looking at the padata_mt_helper() function, the only way a divide-by-0 panic can happen is when ps->chunk_size is 0. The way that chunk_size is initialized in padata_do_multithreaded(), chunk_size can be 0 when the min_chunk in the passed-in padata_mt_job structure is 0. Fix this divide-by-0 panic by making sure that chunk_size will be at least 1 no matter what the input parameters are. Link: https://lkml.kernel.org/r/20240806174647.1050398-1-longman@redhat.com Fixes: 004ed42638f4 ("padata: add basic support for multithreaded jobs") Signed-off-by: Waiman Long <longman(a)redhat.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: Waiman Long <longman(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/padata.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/kernel/padata.c~padata-fix-possible-divide-by-0-panic-in-padata_mt_helper +++ a/kernel/padata.c @@ -517,6 +517,13 @@ void __init padata_do_multithreaded(stru ps.chunk_size = max(ps.chunk_size, job->min_chunk); ps.chunk_size = roundup(ps.chunk_size, job->align); + /* + * chunk_size can be 0 if the caller sets min_chunk to 0. So force it + * to at least 1 to prevent divide-by-0 panic in padata_mt_helper().` + */ + if (!ps.chunk_size) + ps.chunk_size = 1U; + list_for_each_entry(pw, &works, pw_list) if (job->numa_aware) { int old_node = atomic_read(&last_used_nid); _ Patches currently in -mm which might be from longman(a)redhat.com are mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu.patch mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu-v3.patch lib-stackdepot-double-depot_pools_cap-if-kasan-is-enabled.patch watchdog-handle-the-enodev-failure-case-of-lockup_detector_delay_init-separately.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] memcg-protect-concurrent-access-to-mem_cgroup_idr.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: memcg: protect concurrent access to mem_cgroup_idr has been removed from the -mm tree. Its filename was memcg-protect-concurrent-access-to-mem_cgroup_idr.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Shakeel Butt <shakeel.butt(a)linux.dev> Subject: memcg: protect concurrent access to mem_cgroup_idr Date: Fri, 2 Aug 2024 16:58:22 -0700 Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to maintain the memcg ID space. The IDR depends on external synchronization mechanisms for modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace() happen within css callback and thus are protected through cgroup_mutex from concurrent modifications. However idr_remove() for mem_cgroup_idr was not protected against concurrency and can be run concurrently for different memcgs when they hit their refcnt to zero. Fix that. We have been seeing list_lru based kernel crashes at a low frequency in our fleet for a long time. These crashes were in different part of list_lru code including list_lru_add(), list_lru_del() and reparenting code. Upon further inspection, it looked like for a given object (dentry and inode), the super_block's list_lru didn't have list_lru_one for the memcg of that object. The initial suspicions were either the object is not allocated through kmem_cache_alloc_lru() or somehow memcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but returned success. No evidence were found for these cases. Looking more deeply, we started seeing situations where valid memcg's id is not present in mem_cgroup_idr and in some cases multiple valid memcgs have same id and mem_cgroup_idr is pointing to one of them. So, the most reasonable explanation is that these situations can happen due to race between multiple idr_remove() calls or race between idr_alloc()/idr_replace() and idr_remove(). These races are causing multiple memcgs to acquire the same ID and then offlining of one of them would cleanup list_lrus on the system for all of them. Later access from other memcgs to the list_lru cause crashes due to missing list_lru_one. Link: https://lkml.kernel.org/r/20240802235822.1830976-1-shakeel.butt@linux.dev Fixes: 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") Signed-off-by: Shakeel Butt <shakeel.butt(a)linux.dev> Acked-by: Muchun Song <muchun.song(a)linux.dev> Reviewed-by: Roman Gushchin <roman.gushchin(a)linux.dev> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) --- a/mm/memcontrol.c~memcg-protect-concurrent-access-to-mem_cgroup_idr +++ a/mm/memcontrol.c @@ -3386,11 +3386,28 @@ static void memcg_wb_domain_size_changed #define MEM_CGROUP_ID_MAX ((1UL << MEM_CGROUP_ID_SHIFT) - 1) static DEFINE_IDR(mem_cgroup_idr); +static DEFINE_SPINLOCK(memcg_idr_lock); + +static int mem_cgroup_alloc_id(void) +{ + int ret; + + idr_preload(GFP_KERNEL); + spin_lock(&memcg_idr_lock); + ret = idr_alloc(&mem_cgroup_idr, NULL, 1, MEM_CGROUP_ID_MAX + 1, + GFP_NOWAIT); + spin_unlock(&memcg_idr_lock); + idr_preload_end(); + return ret; +} static void mem_cgroup_id_remove(struct mem_cgroup *memcg) { if (memcg->id.id > 0) { + spin_lock(&memcg_idr_lock); idr_remove(&mem_cgroup_idr, memcg->id.id); + spin_unlock(&memcg_idr_lock); + memcg->id.id = 0; } } @@ -3524,8 +3541,7 @@ static struct mem_cgroup *mem_cgroup_all if (!memcg) return ERR_PTR(error); - memcg->id.id = idr_alloc(&mem_cgroup_idr, NULL, - 1, MEM_CGROUP_ID_MAX + 1, GFP_KERNEL); + memcg->id.id = mem_cgroup_alloc_id(); if (memcg->id.id < 0) { error = memcg->id.id; goto fail; @@ -3667,7 +3683,9 @@ static int mem_cgroup_css_online(struct * publish it here at the end of onlining. This matches the * regular ID destruction during offlining. */ + spin_lock(&memcg_idr_lock); idr_replace(&mem_cgroup_idr, memcg, memcg->id.id); + spin_unlock(&memcg_idr_lock); return 0; offline_kmem: _ Patches currently in -mm which might be from shakeel.butt(a)linux.dev are memcg-increase-the-valid-index-range-for-memcg-stats.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-list_lru-fix-uaf-for-memory-cgroup.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: list_lru: fix UAF for memory cgroup has been removed from the -mm tree. Its filename was mm-list_lru-fix-uaf-for-memory-cgroup.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Muchun Song <songmuchun(a)bytedance.com> Subject: mm: list_lru: fix UAF for memory cgroup Date: Thu, 18 Jul 2024 16:36:07 +0800 The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Found by code inspection. [songmuchun(a)bytedance.com: only grab rcu lock when necessary, per Vlastimil] Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com Link: https://lkml.kernel.org/r/20240718083607.42068-1-songmuchun@bytedance.com Fixes: 0a97c01cd20b ("list_lru: allow explicit memcg and NUMA node selection") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/list_lru.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) --- a/mm/list_lru.c~mm-list_lru-fix-uaf-for-memory-cgroup +++ a/mm/list_lru.c @@ -85,6 +85,7 @@ list_lru_from_memcg_idx(struct list_lru } #endif /* CONFIG_MEMCG */ +/* The caller must ensure the memcg lifetime. */ bool list_lru_add(struct list_lru *lru, struct list_head *item, int nid, struct mem_cgroup *memcg) { @@ -109,14 +110,22 @@ EXPORT_SYMBOL_GPL(list_lru_add); bool list_lru_add_obj(struct list_lru *lru, struct list_head *item) { + bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg = list_lru_memcg_aware(lru) ? - mem_cgroup_from_slab_obj(item) : NULL; - return list_lru_add(lru, item, nid, memcg); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_add(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_add(lru, item, nid, NULL); + } + + return ret; } EXPORT_SYMBOL_GPL(list_lru_add_obj); +/* The caller must ensure the memcg lifetime. */ bool list_lru_del(struct list_lru *lru, struct list_head *item, int nid, struct mem_cgroup *memcg) { @@ -139,11 +148,18 @@ EXPORT_SYMBOL_GPL(list_lru_del); bool list_lru_del_obj(struct list_lru *lru, struct list_head *item) { + bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg = list_lru_memcg_aware(lru) ? - mem_cgroup_from_slab_obj(item) : NULL; - return list_lru_del(lru, item, nid, memcg); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_del(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_del(lru, item, nid, NULL); + } + + return ret; } EXPORT_SYMBOL_GPL(list_lru_del_obj); _ Patches currently in -mm which might be from songmuchun(a)bytedance.com are mm-kmem-remove-mem_cgroup_from_obj.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] kcov-properly-check-for-softirq-context.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kcov: properly check for softirq context has been removed from the -mm tree. Its filename was kcov-properly-check-for-softirq-context.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrey Konovalov <andreyknvl(a)gmail.com> Subject: kcov: properly check for softirq context Date: Mon, 29 Jul 2024 04:21:58 +0200 When collecting coverage from softirqs, KCOV uses in_serving_softirq() to check whether the code is running in the softirq context. Unfortunately, in_serving_softirq() is > 0 even when the code is running in the hardirq or NMI context for hardirqs and NMIs that happened during a softirq. As a result, if a softirq handler contains a remote coverage collection section and a hardirq with another remote coverage collection section happens during handling the softirq, KCOV incorrectly detects a nested softirq coverate collection section and prints a WARNING, as reported by syzbot. This issue was exposed by commit a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler"), which switched dummy_hcd to using hrtimer and made the timer's callback be executed in the hardirq context. Change the related checks in KCOV to account for this behavior of in_serving_softirq() and make KCOV ignore remote coverage collection sections in the hardirq and NMI contexts. This prevents the WARNING printed by syzbot but does not fix the inability of KCOV to collect coverage from the __usb_hcd_giveback_urb when dummy_hcd is in use (caused by a7f3813e589f); a separate patch is required for that. Link: https://lkml.kernel.org/r/20240729022158.92059-1-andrey.konovalov@linux.dev Fixes: 5ff3b30ab57d ("kcov: collect coverage from interrupts") Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> Reported-by: syzbot+2388cdaeb6b10f0c13ac(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2388cdaeb6b10f0c13ac Acked-by: Marco Elver <elver(a)google.com> Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Aleksandr Nogikh <nogikh(a)google.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Marcello Sylvester Bauer <sylv(a)sylv.io> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kcov.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) --- a/kernel/kcov.c~kcov-properly-check-for-softirq-context +++ a/kernel/kcov.c @@ -161,6 +161,15 @@ static void kcov_remote_area_put(struct kmsan_unpoison_memory(&area->list, sizeof(area->list)); } +/* + * Unlike in_serving_softirq(), this function returns false when called during + * a hardirq or an NMI that happened in the softirq context. + */ +static inline bool in_softirq_really(void) +{ + return in_serving_softirq() && !in_hardirq() && !in_nmi(); +} + static notrace bool check_kcov_mode(enum kcov_mode needed_mode, struct task_struct *t) { unsigned int mode; @@ -170,7 +179,7 @@ static notrace bool check_kcov_mode(enum * so we ignore code executed in interrupts, unless we are in a remote * coverage collection section in a softirq. */ - if (!in_task() && !(in_serving_softirq() && t->kcov_softirq)) + if (!in_task() && !(in_softirq_really() && t->kcov_softirq)) return false; mode = READ_ONCE(t->kcov_mode); /* @@ -849,7 +858,7 @@ void kcov_remote_start(u64 handle) if (WARN_ON(!kcov_check_handle(handle, true, true, true))) return; - if (!in_task() && !in_serving_softirq()) + if (!in_task() && !in_softirq_really()) return; local_lock_irqsave(&kcov_percpu_data.lock, flags); @@ -991,7 +1000,7 @@ void kcov_remote_stop(void) int sequence; unsigned long flags; - if (!in_task() && !in_serving_softirq()) + if (!in_task() && !in_softirq_really()) return; local_lock_irqsave(&kcov_percpu_data.lock, flags); _ Patches currently in -mm which might be from andreyknvl(a)gmail.com are kcov-dont-instrument-lib-find_bitc.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-add-s390-to-arch-check.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests: mm: add s390 to ARCH check has been removed from the -mm tree. Its filename was selftests-mm-add-s390-to-arch-check.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Nico Pache <npache(a)redhat.com> Subject: selftests: mm: add s390 to ARCH check Date: Wed, 24 Jul 2024 15:35:17 -0600 commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") changed the env variable for the architecture from MACHINE to ARCH. This is preventing 3 required TEST_GEN_FILES from being included when cross compiling s390x and errors when trying to run the test suite. This is due to the ARCH variable already being set and the arch folder name being s390. Add "s390" to the filtered list to cover this case and have the 3 files included in the build. Link: https://lkml.kernel.org/r/20240724213517.23918-1-npache@redhat.com Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") Signed-off-by: Nico Pache <npache(a)redhat.com> Cc: Mark Brown <broonie(a)kernel.org> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/Makefile~selftests-mm-add-s390-to-arch-check +++ a/tools/testing/selftests/mm/Makefile @@ -110,7 +110,7 @@ endif endif -ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64)) +ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64 s390)) TEST_GEN_FILES += va_high_addr_switch TEST_GEN_FILES += virtual_address_range TEST_GEN_FILES += write_to_hugetlbfs _ Patches currently in -mm which might be from npache(a)redhat.com are

10 months, 2 weeks

1
0
0 0

[folded-merged] mm-list_lru-fix-uaf-for-memory-cgroup-v2.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm-list_lru-fix-uaf-for-memory-cgroup-v2 has been removed from the -mm tree. Its filename was mm-list_lru-fix-uaf-for-memory-cgroup-v2.patch This patch was dropped because it was folded into mm-list_lru-fix-uaf-for-memory-cgroup.patch ------------------------------------------------------ From: Muchun Song <songmuchun(a)bytedance.com> Subject: mm-list_lru-fix-uaf-for-memory-cgroup-v2 Date: Thu, 1 Aug 2024 10:46:03 +0800 only grab rcu lock when necessary, per Vlastimil Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com Fixes: 0a97c01cd20b ("list_lru: allow explicit memcg and NUMA node selection") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/list_lru.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) --- a/mm/list_lru.c~mm-list_lru-fix-uaf-for-memory-cgroup-v2 +++ a/mm/list_lru.c @@ -112,12 +112,14 @@ bool list_lru_add_obj(struct list_lru *l { bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg; - rcu_read_lock(); - memcg = list_lru_memcg_aware(lru) ? mem_cgroup_from_slab_obj(item) : NULL; - ret = list_lru_add(lru, item, nid, memcg); - rcu_read_unlock(); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_add(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_add(lru, item, nid, NULL); + } return ret; } @@ -148,12 +150,14 @@ bool list_lru_del_obj(struct list_lru *l { bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg; - rcu_read_lock(); - memcg = list_lru_memcg_aware(lru) ? mem_cgroup_from_slab_obj(item) : NULL; - ret = list_lru_del(lru, item, nid, memcg); - rcu_read_unlock(); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_del(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_del(lru, item, nid, NULL); + } return ret; } _ Patches currently in -mm which might be from songmuchun(a)bytedance.com are mm-list_lru-fix-uaf-for-memory-cgroup.patch mm-kmem-remove-mem_cgroup_from_obj.patch

10 months, 2 weeks

1
0
0 0

[PATCH] drm/i915: Fix NULL ptr deref in intel_async_flip_check_uapi()

by Ma Ke

intel_atomic_get_new_crtc_state can return NULL, unless crtc state wasn't obtained previously with intel_atomic_get_crtc_state. We should check it for NULLness here, just as in many other places, where we can't guarantee that intel_atomic_get_crtc_state was called. Cc: stable(a)vger.kernel.org Fixes: b0b2bed2a130 ("drm/i915: Check async flip capability early on") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/i915/display/intel_display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_display.c b/drivers/gpu/drm/i915/display/intel_display.c index c2c388212e2e..9dd7b5985d57 100644 --- a/drivers/gpu/drm/i915/display/intel_display.c +++ b/drivers/gpu/drm/i915/display/intel_display.c @@ -6115,7 +6115,7 @@ static int intel_async_flip_check_uapi(struct intel_atomic_state *state, return -EINVAL; } - if (intel_crtc_needs_modeset(new_crtc_state)) { + if (new_crtc_state && intel_crtc_needs_modeset(new_crtc_state)) { drm_dbg_kms(&i915->drm, "[CRTC:%d:%s] modeset required\n", crtc->base.base.id, crtc->base.name); -- 2.25.1

10 months, 2 weeks

2
1
0 0

+ mm-hugetlb-fix-hugetlb-vs-core-mm-pt-locking.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix hugetlb vs. core-mm PT locking has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-fix-hugetlb-vs-core-mm-pt-locking.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/hugetlb: fix hugetlb vs. core-mm PT locking Date: Thu, 1 Aug 2024 22:47:48 +0200 We recently made GUP's common page table walking code to also walk hugetlb VMAs without most hugetlb special-casing, preparing for the future of having less hugetlb-specific page table walking code in the codebase. Turns out that we missed one page table locking detail: page table locking for hugetlb folios that are not mapped using a single PMD/PUD. Assume we have hugetlb folio that spans multiple PTEs (e.g., 64 KiB hugetlb folios on arm64 with 4 KiB base page size). GUP, as it walks the page tables, will perform a pte_offset_map_lock() to grab the PTE table lock. However, hugetlb that concurrently modifies these page tables would actually grab the mm->page_table_lock: with USE_SPLIT_PTE_PTLOCKS, the locks would differ. Something similar can happen right now with hugetlb folios that span multiple PMDs when USE_SPLIT_PMD_PTLOCKS. This issue can be reproduced [1], for example triggering: [ 3105.936100] ------------[ cut here ]------------ [ 3105.939323] WARNING: CPU: 31 PID: 2732 at mm/gup.c:142 try_grab_folio+0x11c/0x188 [ 3105.944634] Modules linked in: [...] [ 3105.974841] CPU: 31 PID: 2732 Comm: reproducer Not tainted 6.10.0-64.eln141.aarch64 #1 [ 3105.980406] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-4.fc40 05/24/2024 [ 3105.986185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3105.991108] pc : try_grab_folio+0x11c/0x188 [ 3105.994013] lr : follow_page_pte+0xd8/0x430 [ 3105.996986] sp : ffff80008eafb8f0 [ 3105.999346] x29: ffff80008eafb900 x28: ffffffe8d481f380 x27: 00f80001207cff43 [ 3106.004414] x26: 0000000000000001 x25: 0000000000000000 x24: ffff80008eafba48 [ 3106.009520] x23: 0000ffff9372f000 x22: ffff7a54459e2000 x21: ffff7a546c1aa978 [ 3106.014529] x20: ffffffe8d481f3c0 x19: 0000000000610041 x18: 0000000000000001 [ 3106.019506] x17: 0000000000000001 x16: ffffffffffffffff x15: 0000000000000000 [ 3106.024494] x14: ffffb85477fdfe08 x13: 0000ffff9372ffff x12: 0000000000000000 [ 3106.029469] x11: 1fffef4a88a96be1 x10: ffff7a54454b5f0c x9 : ffffb854771b12f0 [ 3106.034324] x8 : 0008000000000000 x7 : ffff7a546c1aa980 x6 : 0008000000000080 [ 3106.038902] x5 : 00000000001207cf x4 : 0000ffff9372f000 x3 : ffffffe8d481f000 [ 3106.043420] x2 : 0000000000610041 x1 : 0000000000000001 x0 : 0000000000000000 [ 3106.047957] Call trace: [ 3106.049522] try_grab_folio+0x11c/0x188 [ 3106.051996] follow_pmd_mask.constprop.0.isra.0+0x150/0x2e0 [ 3106.055527] follow_page_mask+0x1a0/0x2b8 [ 3106.058118] __get_user_pages+0xf0/0x348 [ 3106.060647] faultin_page_range+0xb0/0x360 [ 3106.063651] do_madvise+0x340/0x598 Let's make huge_pte_lockptr() effectively use the same PT locks as any core-mm page table walker would. Add ptep_lockptr() to obtain the PTE page table lock using a pte pointer -- unfortunately we cannot convert pte_lockptr() because virt_to_page() doesn't work with kmap'ed page tables we can have with CONFIG_HIGHPTE. Handle CONFIG_PGTABLE_LEVELS correctly by checking in reverse order, such that when e.g., CONFIG_PGTABLE_LEVELS==2 with PGDIR_SIZE==P4D_SIZE==PUD_SIZE==PMD_SIZE will work as expected. Document why that works. There is one ugly case: powerpc 8xx, whereby we have an 8 MiB hugetlb folio being mapped using two PTE page tables. While hugetlb wants to take the PMD table lock, core-mm would grab the PTE table lock of one of both PTE page tables. In such corner cases, we have to make sure that both locks match, which is (fortunately!) currently guaranteed for 8xx as it does not support SMP and consequently doesn't use split PT locks. [1] https://lore.kernel.org/all/1bbfcc7f-f222-45a5-ac44-c5a1381c596d@redhat.com/ Link: https://lkml.kernel.org/r/20240801204748.99107-1-david@redhat.com Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Signed-off-by: David Hildenbrand <david(a)redhat.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 33 ++++++++++++++++++++++++++++++--- include/linux/mm.h | 11 +++++++++++ 2 files changed, 41 insertions(+), 3 deletions(-) --- a/include/linux/hugetlb.h~mm-hugetlb-fix-hugetlb-vs-core-mm-pt-locking +++ a/include/linux/hugetlb.h @@ -944,10 +944,37 @@ static inline bool htlb_allow_alloc_fall static inline spinlock_t *huge_pte_lockptr(struct hstate *h, struct mm_struct *mm, pte_t *pte) { - if (huge_page_size(h) == PMD_SIZE) + const unsigned long size = huge_page_size(h); + + VM_WARN_ON(size == PAGE_SIZE); + + /* + * hugetlb must use the exact same PT locks as core-mm page table + * walkers would. When modifying a PTE table, hugetlb must take the + * PTE PT lock, when modifying a PMD table, hugetlb must take the PMD + * PT lock etc. + * + * The expectation is that any hugetlb folio smaller than a PMD is + * always mapped into a single PTE table and that any hugetlb folio + * smaller than a PUD (but at least as big as a PMD) is always mapped + * into a single PMD table. + * + * If that does not hold for an architecture, then that architecture + * must disable split PT locks such that all *_lockptr() functions + * will give us the same result: the per-MM PT lock. + * + * Note that with e.g., CONFIG_PGTABLE_LEVELS=2 where + * PGDIR_SIZE==P4D_SIZE==PUD_SIZE==PMD_SIZE, we'd use pud_lockptr() + * and core-mm would use pmd_lockptr(). However, in such configurations + * split PMD locks are disabled -- they don't make sense on a single + * PGDIR page table -- and the end result is the same. + */ + if (size >= PUD_SIZE) + return pud_lockptr(mm, (pud_t *) pte); + else if (size >= PMD_SIZE || IS_ENABLED(CONFIG_HIGHPTE)) return pmd_lockptr(mm, (pmd_t *) pte); - VM_BUG_ON(huge_page_size(h) == PAGE_SIZE); - return &mm->page_table_lock; + /* pte_alloc_huge() only applies with !CONFIG_HIGHPTE */ + return ptep_lockptr(mm, pte); } #ifndef hugepages_supported --- a/include/linux/mm.h~mm-hugetlb-fix-hugetlb-vs-core-mm-pt-locking +++ a/include/linux/mm.h @@ -2920,6 +2920,13 @@ static inline spinlock_t *pte_lockptr(st return ptlock_ptr(page_ptdesc(pmd_page(*pmd))); } +static inline spinlock_t *ptep_lockptr(struct mm_struct *mm, pte_t *pte) +{ + BUILD_BUG_ON(IS_ENABLED(CONFIG_HIGHPTE)); + BUILD_BUG_ON(MAX_PTRS_PER_PTE * sizeof(pte_t) > PAGE_SIZE); + return ptlock_ptr(virt_to_ptdesc(pte)); +} + static inline bool ptlock_init(struct ptdesc *ptdesc) { /* @@ -2944,6 +2951,10 @@ static inline spinlock_t *pte_lockptr(st { return &mm->page_table_lock; } +static inline spinlock_t *ptep_lockptr(struct mm_struct *mm, pte_t *pte) +{ + return &mm->page_table_lock; +} static inline void ptlock_cache_init(void) {} static inline bool ptlock_init(struct ptdesc *ptdesc) { return true; } static inline void ptlock_free(struct ptdesc *ptdesc) {} _ Patches currently in -mm which might be from david(a)redhat.com are mm-hugetlb-fix-hugetlb-vs-core-mm-pt-locking.patch mm-turn-use_split_pte_ptlocks-use_split_pte_ptlocks-into-kconfig-options.patch mm-hugetlb-enforce-that-pmd-pt-sharing-has-split-pmd-pt-locks.patch powerpc-8xx-document-and-enforce-that-split-pt-locks-are-not-used.patch mm-simplify-arch_make_folio_accessible.patch mm-gup-convert-to-arch_make_folio_accessible.patch s390-uv-drop-arch_make_page_accessible.patch mm-hugetlb-remove-hugetlb_follow_page_mask-leftover.patch mm-rmap-cleanup-partially-mapped-handling-in-__folio_remove_rmap.patch mm-clarify-folio_likely_mapped_shared-documentation-for-ksm-folios.patch mm-provide-vm_normal_pagefolio_pmd-with-config_pgtable_has_huge_leaves.patch mm-pagewalk-introduce-folio_walk_start-folio_walk_end.patch mm-migrate-convert-do_pages_stat_array-from-follow_page-to-folio_walk.patch mm-migrate-convert-add_page_for_migration-from-follow_page-to-folio_walk.patch mm-ksm-convert-get_mergeable_page-from-follow_page-to-folio_walk.patch mm-ksm-convert-scan_get_next_rmap_item-from-follow_page-to-folio_walk.patch mm-huge_memory-convert-split_huge_pages_pid-from-follow_page-to-folio_walk.patch mm-huge_memory-convert-split_huge_pages_pid-from-follow_page-to-folio_walk-fix.patch s390-uv-convert-gmap_destroy_page-from-follow_page-to-folio_walk.patch s390-mm-fault-convert-do_secure_storage_access-from-follow_page-to-folio_walk.patch mm-remove-follow_page.patch mm-ksm-convert-break_ksm-from-walk_page_range_vma-to-folio_walk.patch mm-rmap-minimize-folio-_nr_pages_mapped-updates-when-batching-pte-unmapping.patch

10 months, 2 weeks

1
0
0 0

+ mm-numa-no-task_numa_fault-call-if-page-table-is-changed.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/numa: no task_numa_fault() call if page table is changed has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-numa-no-task_numa_fault-call-if-page-table-is-changed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zi Yan <ziy(a)nvidia.com> Subject: mm/numa: no task_numa_fault() call if page table is changed Date: Wed, 7 Aug 2024 14:47:29 -0400 When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") restructured do_numa_page() and do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pte_same()/!pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240807184730.1266736-1-ziy@nvidia.com Fixes: b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 5 +++-- mm/memory.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) --- a/mm/huge_memory.c~mm-numa-no-task_numa_fault-call-if-page-table-is-changed +++ a/mm/huge_memory.c @@ -1738,10 +1738,11 @@ vm_fault_t do_huge_pmd_numa_page(struct goto out_map; } -out: +count_fault: if (nid != NUMA_NO_NODE) task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); +out: return 0; out_map: @@ -1753,7 +1754,7 @@ out_map: set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + goto count_fault; } /* --- a/mm/memory.c~mm-numa-no-task_numa_fault-call-if-page-table-is-changed +++ a/mm/memory.c @@ -5371,9 +5371,10 @@ static vm_fault_t do_numa_page(struct vm goto out_map; } -out: +count_fault: if (nid != NUMA_NO_NODE) task_numa_fault(last_cpupid, nid, nr_pages, flags); +out: return 0; out_map: /* @@ -5387,7 +5388,7 @@ out_map: numa_rebuild_single_mapping(vmf, vma, vmf->address, vmf->pte, writable); pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + goto count_fault; } static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf) _ Patches currently in -mm which might be from ziy(a)nvidia.com are mm-numa-no-task_numa_fault-call-if-page-table-is-changed.patch memory-tiering-read-last_cpupid-correctly-in-do_huge_pmd_numa_page.patch memory-tiering-introduce-folio_use_access_time-check.patch memory-tiering-count-pgpromote_success-when-mem-tiering-is-enabled.patch mm-migrate-move-common-code-to-numa_migrate_check-was-numa_migrate_prep.patch

10 months, 3 weeks

1
0
0 0

[PATCH 1/2] mseal: Fix is_madv_discard()

by Pedro Falcato

is_madv_discard did its check wrong. MADV_ flags are not bitwise, they're normal sequential numbers. So, for instance: behavior & (/* ... */ | MADV_REMOVE) tagged both MADV_REMOVE and MADV_RANDOM (bit 0 set) as discard operations. This is obviously incorrect, so use a switch statement instead. Cc: stable(a)vger.kernel.org Fixes: 8be7258aad44 ("mseal: add mseal syscall") Signed-off-by: Pedro Falcato <pedro.falcato(a)gmail.com> --- mm/mseal.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/mm/mseal.c b/mm/mseal.c index bf783bba8ed..15bba28acc0 100644 --- a/mm/mseal.c +++ b/mm/mseal.c @@ -40,9 +40,17 @@ static bool can_modify_vma(struct vm_area_struct *vma) static bool is_madv_discard(int behavior) { - return behavior & - (MADV_FREE | MADV_DONTNEED | MADV_DONTNEED_LOCKED | - MADV_REMOVE | MADV_DONTFORK | MADV_WIPEONFORK); + switch (behavior) { + case MADV_FREE: + case MADV_DONTNEED: + case MADV_DONTNEED_LOCKED: + case MADV_REMOVE: + case MADV_DONTFORK: + case MADV_WIPEONFORK: + return true; + } + + return false; } static bool is_ro_anon(struct vm_area_struct *vma) -- 2.46.0

10 months, 3 weeks

2
3
0 0

+ lib-stackdepot-double-depot_pools_cap-if-kasan-is-enabled.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: lib/stackdepot: double DEPOT_POOLS_CAP if KASAN is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-stackdepot-double-depot_pools_cap-if-kasan-is-enabled.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Waiman Long <longman(a)redhat.com> Subject: lib/stackdepot: double DEPOT_POOLS_CAP if KASAN is enabled Date: Wed, 7 Aug 2024 12:52:28 -0400 When a wide variety of workloads are run on a debug kernel with KASAN enabled, the following warning may sometimes be printed. [ 6818.650674] Stack depot reached limit capacity [ 6818.650730] WARNING: CPU: 1 PID: 272741 at lib/stackdepot.c:252 depot_alloc_stack+0x39e/0x3d0 : [ 6818.650907] Call Trace: [ 6818.650909] [<00047dd453d84b92>] depot_alloc_stack+0x3a2/0x3d0 [ 6818.650916] [<00047dd453d85254>] stack_depot_save_flags+0x4f4/0x5c0 [ 6818.650920] [<00047dd4535872c6>] kasan_save_stack+0x56/0x70 [ 6818.650924] [<00047dd453587328>] kasan_save_track+0x28/0x40 [ 6818.650927] [<00047dd45358a27a>] kasan_save_free_info+0x4a/0x70 [ 6818.650930] [<00047dd45358766a>] __kasan_slab_free+0x12a/0x1d0 [ 6818.650933] [<00047dd45350deb4>] kmem_cache_free+0x1b4/0x580 [ 6818.650938] [<00047dd452c520da>] __put_task_struct+0x24a/0x320 [ 6818.650945] [<00047dd452c6aee4>] delayed_put_task_struct+0x294/0x350 [ 6818.650949] [<00047dd452e9066a>] rcu_do_batch+0x6ea/0x2090 [ 6818.650953] [<00047dd452ea60f4>] rcu_core+0x474/0xa90 [ 6818.650956] [<00047dd452c780c0>] handle_softirqs+0x3c0/0xf90 [ 6818.650960] [<00047dd452c76fbe>] __irq_exit_rcu+0x35e/0x460 [ 6818.650963] [<00047dd452c79992>] irq_exit_rcu+0x22/0xb0 [ 6818.650966] [<00047dd454bd8128>] do_ext_irq+0xd8/0x120 [ 6818.650972] [<00047dd454c0ddd0>] ext_int_handler+0xb8/0xe8 [ 6818.650979] [<00047dd453589cf6>] kasan_check_range+0x236/0x2f0 [ 6818.650982] [<00047dd453378cf0>] filemap_get_pages+0x190/0xaa0 [ 6818.650986] [<00047dd453379940>] filemap_read+0x340/0xa70 [ 6818.650989] [<00047dd3d325d226>] xfs_file_buffered_read+0x2c6/0x400 [xfs] [ 6818.651431] [<00047dd3d325dfe2>] xfs_file_read_iter+0x2c2/0x550 [xfs] [ 6818.651663] [<00047dd45364710c>] vfs_read+0x64c/0x8c0 [ 6818.651669] [<00047dd453648ed8>] ksys_read+0x118/0x200 [ 6818.651672] [<00047dd452b6cf5a>] do_syscall+0x27a/0x380 [ 6818.651676] [<00047dd454bd7e74>] __do_syscall+0xf4/0x1a0 [ 6818.651680] [<00047dd454c0db58>] system_call+0x70/0x98 As KASAN is a big user of stackdepot, the current DEPOT_POOLS_CAP of 8192 may not be enough. Double DEPOT_POOLS_CAP if KASAN is enabled to avoid hitting this problem. Also use the MIN() macro for defining DEPOT_MAX_POOLS to clarify the intention. Link: https://lkml.kernel.org/r/20240807165228.1116831-1-longman@redhat.com Fixes: 02754e0a484a ("lib/stackdepot.c: bump stackdepot capacity from 16MB to 128MB") Signed-off-by: Waiman Long <longman(a)redhat.com> Cc: Andrey Konovalov <andreyknvl(a)google.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/stackdepot.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/lib/stackdepot.c~lib-stackdepot-double-depot_pools_cap-if-kasan-is-enabled +++ a/lib/stackdepot.c @@ -36,11 +36,12 @@ #include <linux/memblock.h> #include <linux/kasan-enabled.h> -#define DEPOT_POOLS_CAP 8192 +/* KASAN is a big user of stackdepot, double the cap if KASAN is enabled */ +#define DEPOT_POOLS_CAP (8192 * (IS_ENABLED(CONFIG_KASAN) ? 2 : 1)) + /* The pool_index is offset by 1 so the first record does not have a 0 handle. */ #define DEPOT_MAX_POOLS \ - (((1LL << (DEPOT_POOL_INDEX_BITS)) - 1 < DEPOT_POOLS_CAP) ? \ - (1LL << (DEPOT_POOL_INDEX_BITS)) - 1 : DEPOT_POOLS_CAP) + MIN((1LL << (DEPOT_POOL_INDEX_BITS)) - 1, DEPOT_POOLS_CAP) static bool stack_depot_disabled; static bool __stack_depot_early_init_requested __initdata = IS_ENABLED(CONFIG_STACKDEPOT_ALWAYS_INIT); _ Patches currently in -mm which might be from longman(a)redhat.com are padata-fix-possible-divide-by-0-panic-in-padata_mt_helper.patch mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu.patch mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu-v3.patch lib-stackdepot-double-depot_pools_cap-if-kasan-is-enabled.patch watchdog-handle-the-enodev-failure-case-of-lockup_detector_delay_init-separately.patch

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: fix error path" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4a2f48992ddf4b8c2fba846c6754089edae6db5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080739-imperial-modular-7da5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 4a2f48992ddf ("selftests: mptcp: fix error path") 571d79664a4a ("selftests: mptcp: join: update endpoint ops") 0d16ed0c2e74 ("selftests: mptcp: add {get,format}_endpoint(s) helpers") 3188309c8ceb ("selftests: mptcp: netlink: add 'limits' helpers") 29aa32fee7d0 ("selftests: mptcp: export ip_mptcp to mptcp_lib") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 7f0782ca1ce9 ("selftests: mptcp: add mptcp_lib_verify_listener_events") 8ebb44196585 ("selftests: mptcp: print_test out of verify_listener_events") 663260e14668 ("selftests: mptcp: extract mptcp_lib_check_expected") 339c225e2e03 ("selftests: mptcp: call test_fail without argument") 747ba8783a33 ("selftests: mptcp: print test results with colors") e7c42bf4d320 ("selftests: mptcp: use += operator to append strings") aa7694766f14 ("selftests: mptcp: print test results with counters") 3382bb09701b ("selftests: mptcp: add print_title in mptcp_lib") 9e6a39ecb9a1 ("selftests: mptcp: export TEST_COUNTER variable") fd959262c1bb ("selftests: mptcp: sockopt: print every test result") c9161a0f8ff9 ("selftests: mptcp: connect: fix misaligned output") 01ed9838107f ("selftests: mptcp: connect: add dedicated port counter") 6215df11b945 ("selftests: mptcp: print all error messages to stdout") 2aebd3579d90 ("selftests: mptcp: simult flows: fix shellcheck warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4a2f48992ddf4b8c2fba846c6754089edae6db5a Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Sat, 27 Jul 2024 11:04:02 +0200 Subject: [PATCH] selftests: mptcp: fix error path pm_nl_check_endpoint() currently calls an not existing helper to mark the test as failed. Fix the wrong call. Fixes: 03668c65d153 ("selftests: mptcp: join: rework detailed report") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 9c091fc267c4..55d84a1bde15 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -661,7 +661,7 @@ pm_nl_check_endpoint() done if [ -z "${id}" ]; then - test_fail "bad test - missing endpoint id" + fail_test "bad test - missing endpoint id" return fi

10 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: fix backup support in signal endpoints" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6834097fc38c5416701c793da94558cea49c0a1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080726-educator-stubble-a08d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 6834097fc38c ("mptcp: pm: fix backup support in signal endpoints") 9ae7846c4b6b ("mptcp: dump addrs in userspace pm list") 34e74a5cf3b7 ("mptcp: implement mptcp_userspace_pm_dump_addr") aab4d8564947 ("net: mptcp: use policy generated by YAML spec") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6834097fc38c5416701c793da94558cea49c0a1f Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Sat, 27 Jul 2024 12:01:28 +0200 Subject: [PATCH] mptcp: pm: fix backup support in signal endpoints There was a support for signal endpoints, but only when the endpoint's flag was changed during a connection. If an endpoint with the signal and backup was already present, the MP_JOIN reply was not containing the backup flag as expected. That's confusing to have this inconsistent behaviour. On the other hand, the infrastructure to set the backup flag in the SYN + ACK + MP_JOIN was already there, it was just never set before. Now when requesting the local ID from the path-manager, the backup status is also requested. Note that when the userspace PM is used, the backup flag can be set if the local address was already used before with a backup flag, e.g. if the address was announced with the 'backup' flag, or a subflow was created with the 'backup' flag. Fixes: 4596a2c1b7f5 ("mptcp: allow creating non-backup subflows") Cc: stable(a)vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/507 Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 55406720c607..23bb89c94e90 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -426,6 +426,18 @@ int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc) return mptcp_pm_nl_get_local_id(msk, &skc_local); } +bool mptcp_pm_is_backup(struct mptcp_sock *msk, struct sock_common *skc) +{ + struct mptcp_addr_info skc_local; + + mptcp_local_address((struct sock_common *)skc, &skc_local); + + if (mptcp_pm_is_userspace(msk)) + return mptcp_userspace_pm_is_backup(msk, &skc_local); + + return mptcp_pm_nl_is_backup(msk, &skc_local); +} + int mptcp_pm_get_flags_and_ifindex_by_id(struct mptcp_sock *msk, unsigned int id, u8 *flags, int *ifindex) { diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 7635fac91539..37954a0b087d 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1101,6 +1101,24 @@ int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc return ret; } +bool mptcp_pm_nl_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc) +{ + struct pm_nl_pernet *pernet = pm_nl_get_pernet_from_msk(msk); + struct mptcp_pm_addr_entry *entry; + bool backup = false; + + rcu_read_lock(); + list_for_each_entry_rcu(entry, &pernet->local_addr_list, list) { + if (mptcp_addresses_equal(&entry->addr, skc, entry->addr.port)) { + backup = !!(entry->flags & MPTCP_PM_ADDR_FLAG_BACKUP); + break; + } + } + rcu_read_unlock(); + + return backup; +} + #define MPTCP_PM_CMD_GRP_OFFSET 0 #define MPTCP_PM_EV_GRP_OFFSET 1 diff --git a/net/mptcp/pm_userspace.c b/net/mptcp/pm_userspace.c index f0a4590506c6..8eaa9fbe3e34 100644 --- a/net/mptcp/pm_userspace.c +++ b/net/mptcp/pm_userspace.c @@ -165,6 +165,24 @@ int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, return mptcp_userspace_pm_append_new_local_addr(msk, &new_entry, true); } +bool mptcp_userspace_pm_is_backup(struct mptcp_sock *msk, + struct mptcp_addr_info *skc) +{ + struct mptcp_pm_addr_entry *entry; + bool backup = false; + + spin_lock_bh(&msk->pm.lock); + list_for_each_entry(entry, &msk->pm.userspace_pm_local_addr_list, list) { + if (mptcp_addresses_equal(&entry->addr, skc, false)) { + backup = !!(entry->flags & MPTCP_PM_ADDR_FLAG_BACKUP); + break; + } + } + spin_unlock_bh(&msk->pm.lock); + + return backup; +} + int mptcp_pm_nl_announce_doit(struct sk_buff *skb, struct genl_info *info) { struct nlattr *token = info->attrs[MPTCP_PM_ATTR_TOKEN]; diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index b8b25124e7de..60c6b073d65f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1109,6 +1109,9 @@ bool mptcp_pm_rm_addr_signal(struct mptcp_sock *msk, unsigned int remaining, int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc); int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +bool mptcp_pm_is_backup(struct mptcp_sock *msk, struct sock_common *skc); +bool mptcp_pm_nl_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +bool mptcp_userspace_pm_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_pm_dump_addr(struct sk_buff *msg, struct netlink_callback *cb); int mptcp_pm_nl_dump_addr(struct sk_buff *msg, struct netlink_callback *cb); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index be406197b1c4..0e4b5bfbeaa1 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -100,6 +100,7 @@ static struct mptcp_sock *subflow_token_join_request(struct request_sock *req) return NULL; } subflow_req->local_id = local_id; + subflow_req->request_bkup = mptcp_pm_is_backup(msk, (struct sock_common *)req); return msk; } @@ -620,6 +621,8 @@ static int subflow_chk_local_id(struct sock *sk) return err; subflow_set_local_id(subflow, err); + subflow->request_bkup = mptcp_pm_is_backup(msk, (struct sock_common *)sk); + return 0; }

10 months, 3 weeks

2
1
0 0

[tip: x86/urgent] x86/paravirt: Fix incorrect virt spinlock setting on bare metal

by tip-bot2 for Chen Yu

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: e639222a51196c69c70b49b67098ce2f9919ed08 Gitweb: https://git.kernel.org/tip/e639222a51196c69c70b49b67098ce2f9919ed08 Author: Chen Yu <yu.c.chen(a)intel.com> AuthorDate: Tue, 06 Aug 2024 19:22:07 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Wed, 07 Aug 2024 20:04:38 +02:00 x86/paravirt: Fix incorrect virt spinlock setting on bare metal The kernel can change spinlock behavior when running as a guest. But this guest-friendly behavior causes performance problems on bare metal. The kernel uses a static key to switch between the two modes. In theory, the static key is enabled by default (run in guest mode) and should be disabled for bare metal (and in some guests that want native behavior or paravirt spinlock). A performance drop is reported when running encode/decode workload and BenchSEE cache sub-workload. Bisect points to commit ce0a1b608bfc ("x86/paravirt: Silence unused native_pv_lock_init() function warning"). When CONFIG_PARAVIRT_SPINLOCKS is disabled the virt_spin_lock_key is incorrectly set to true on bare metal. The qspinlock degenerates to test-and-set spinlock, which decreases the performance on bare metal. Set the default value of virt_spin_lock_key to false. If booting in a VM, enable this key. Later during the VM initialization, if other high-efficient spinlock is preferred (e.g. paravirt-spinlock), or the user wants the native qspinlock (via nopvspin boot commandline), the virt_spin_lock_key is disabled accordingly. This results in the following decision matrix: X86_FEATURE_HYPERVISOR Y Y Y N CONFIG_PARAVIRT_SPINLOCKS Y Y N Y/N PV spinlock Y N N Y/N virt_spin_lock_key N Y/N Y N Fixes: ce0a1b608bfc ("x86/paravirt: Silence unused native_pv_lock_init() function warning") Reported-by: Prem Nath Dey <prem.nath.dey(a)intel.com> Reported-by: Xiaoping Zhou <xiaoping.zhou(a)intel.com> Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Suggested-by: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Suggested-by: Nikolay Borisov <nik.borisov(a)suse.com> Signed-off-by: Chen Yu <yu.c.chen(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Nikolay Borisov <nik.borisov(a)suse.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240806112207.29792-1-yu.c.chen@intel.com --- arch/x86/include/asm/qspinlock.h | 12 +++++++----- arch/x86/kernel/paravirt.c | 7 +++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/qspinlock.h b/arch/x86/include/asm/qspinlock.h index a053c12..68da67d 100644 --- a/arch/x86/include/asm/qspinlock.h +++ b/arch/x86/include/asm/qspinlock.h @@ -66,13 +66,15 @@ static inline bool vcpu_is_preempted(long cpu) #ifdef CONFIG_PARAVIRT /* - * virt_spin_lock_key - enables (by default) the virt_spin_lock() hijack. + * virt_spin_lock_key - disables by default the virt_spin_lock() hijack. * - * Native (and PV wanting native due to vCPU pinning) should disable this key. - * It is done in this backwards fashion to only have a single direction change, - * which removes ordering between native_pv_spin_init() and HV setup. + * Native (and PV wanting native due to vCPU pinning) should keep this key + * disabled. Native does not touch the key. + * + * When in a guest then native_pv_lock_init() enables the key first and + * KVM/XEN might conditionally disable it later in the boot process again. */ -DECLARE_STATIC_KEY_TRUE(virt_spin_lock_key); +DECLARE_STATIC_KEY_FALSE(virt_spin_lock_key); /* * Shortcut for the queued_spin_lock_slowpath() function that allows diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 5358d43..fec3815 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -51,13 +51,12 @@ DEFINE_ASM_FUNC(pv_native_irq_enable, "sti", .noinstr.text); DEFINE_ASM_FUNC(pv_native_read_cr2, "mov %cr2, %rax", .noinstr.text); #endif -DEFINE_STATIC_KEY_TRUE(virt_spin_lock_key); +DEFINE_STATIC_KEY_FALSE(virt_spin_lock_key); void __init native_pv_lock_init(void) { - if (IS_ENABLED(CONFIG_PARAVIRT_SPINLOCKS) && - !boot_cpu_has(X86_FEATURE_HYPERVISOR)) - static_branch_disable(&virt_spin_lock_key); + if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) + static_branch_enable(&virt_spin_lock_key); } static void native_tlb_remove_table(struct mmu_gather *tlb, void *table)

10 months, 3 weeks

1
0
0 0

[PATCH v3 bpf-next 01/10] lib/buildid: harden build ID parsing logic

by Andrii Nakryiko

Harden build ID parsing logic, adding explicit READ_ONCE() where it's important to have a consistent value read and validated just once. Fixes tag below points to the code that moved this code into lib/buildid.c, and then subsequently was used in perf subsystem, making this code exposed to perf_event_open() users in v5.12+. Cc: stable(a)vger.kernel.org Cc: Jann Horn <jannh(a)google.com> Suggested-by: Andi Kleen <ak(a)linux.intel.com> Fixes: bd7525dacd7e ("bpf: Move stack_map_get_build_id into lib") Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> --- lib/buildid.c | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/lib/buildid.c b/lib/buildid.c index e02b5507418b..d21d86f6c19a 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -18,28 +18,29 @@ static int parse_build_id_buf(unsigned char *build_id, const void *note_start, Elf32_Word note_size) { + const char note_name[] = "GNU"; + const size_t note_name_sz = sizeof(note_name); Elf32_Word note_offs = 0, new_offs; + u32 name_sz, desc_sz; + const char *data; while (note_offs + sizeof(Elf32_Nhdr) < note_size) { Elf32_Nhdr *nhdr = (Elf32_Nhdr *)(note_start + note_offs); + name_sz = READ_ONCE(nhdr->n_namesz); + desc_sz = READ_ONCE(nhdr->n_descsz); if (nhdr->n_type == BUILD_ID && - nhdr->n_namesz == sizeof("GNU") && - !strcmp((char *)(nhdr + 1), "GNU") && - nhdr->n_descsz > 0 && - nhdr->n_descsz <= BUILD_ID_SIZE_MAX) { - memcpy(build_id, - note_start + note_offs + - ALIGN(sizeof("GNU"), 4) + sizeof(Elf32_Nhdr), - nhdr->n_descsz); - memset(build_id + nhdr->n_descsz, 0, - BUILD_ID_SIZE_MAX - nhdr->n_descsz); + name_sz == note_name_sz && + strcmp((char *)(nhdr + 1), note_name) == 0 && + desc_sz > 0 && desc_sz <= BUILD_ID_SIZE_MAX) { + data = note_start + note_offs + ALIGN(note_name_sz, 4); + memcpy(build_id, data, desc_sz); + memset(build_id + desc_sz, 0, BUILD_ID_SIZE_MAX - desc_sz); if (size) - *size = nhdr->n_descsz; + *size = desc_sz; return 0; } - new_offs = note_offs + sizeof(Elf32_Nhdr) + - ALIGN(nhdr->n_namesz, 4) + ALIGN(nhdr->n_descsz, 4); + new_offs = note_offs + sizeof(Elf32_Nhdr) + ALIGN(name_sz, 4) + ALIGN(desc_sz, 4); if (new_offs <= note_offs) /* overflow */ break; note_offs = new_offs; @@ -71,7 +72,7 @@ static int get_build_id_32(const void *page_addr, unsigned char *build_id, { Elf32_Ehdr *ehdr = (Elf32_Ehdr *)page_addr; Elf32_Phdr *phdr; - int i; + __u32 i, phnum; /* * FIXME @@ -80,9 +81,10 @@ static int get_build_id_32(const void *page_addr, unsigned char *build_id, */ if (ehdr->e_phoff != sizeof(Elf32_Ehdr)) return -EINVAL; + + phnum = READ_ONCE(ehdr->e_phnum); /* only supports phdr that fits in one page */ - if (ehdr->e_phnum > - (PAGE_SIZE - sizeof(Elf32_Ehdr)) / sizeof(Elf32_Phdr)) + if (phnum > (PAGE_SIZE - sizeof(Elf32_Ehdr)) / sizeof(Elf32_Phdr)) return -EINVAL; phdr = (Elf32_Phdr *)(page_addr + sizeof(Elf32_Ehdr)); @@ -90,8 +92,8 @@ static int get_build_id_32(const void *page_addr, unsigned char *build_id, for (i = 0; i < ehdr->e_phnum; ++i) { if (phdr[i].p_type == PT_NOTE && !parse_build_id(page_addr, build_id, size, - page_addr + phdr[i].p_offset, - phdr[i].p_filesz)) + page_addr + READ_ONCE(phdr[i].p_offset), + READ_ONCE(phdr[i].p_filesz))) return 0; } return -EINVAL; @@ -103,7 +105,7 @@ static int get_build_id_64(const void *page_addr, unsigned char *build_id, { Elf64_Ehdr *ehdr = (Elf64_Ehdr *)page_addr; Elf64_Phdr *phdr; - int i; + __u32 i, phnum; /* * FIXME @@ -112,18 +114,19 @@ static int get_build_id_64(const void *page_addr, unsigned char *build_id, */ if (ehdr->e_phoff != sizeof(Elf64_Ehdr)) return -EINVAL; + + phnum = READ_ONCE(ehdr->e_phnum); /* only supports phdr that fits in one page */ - if (ehdr->e_phnum > - (PAGE_SIZE - sizeof(Elf64_Ehdr)) / sizeof(Elf64_Phdr)) + if (phnum > (PAGE_SIZE - sizeof(Elf64_Ehdr)) / sizeof(Elf64_Phdr)) return -EINVAL; phdr = (Elf64_Phdr *)(page_addr + sizeof(Elf64_Ehdr)); - for (i = 0; i < ehdr->e_phnum; ++i) { + for (i = 0; i < phnum; ++i) { if (phdr[i].p_type == PT_NOTE && !parse_build_id(page_addr, build_id, size, - page_addr + phdr[i].p_offset, - phdr[i].p_filesz)) + page_addr + READ_ONCE(phdr[i].p_offset), + READ_ONCE(phdr[i].p_filesz))) return 0; } return -EINVAL; -- 2.43.0

10 months, 3 weeks

4
4
0 0

FAILED: patch "[PATCH] btrfs: fix corruption after buffer fault in during direct IO" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 939b656bc8ab203fdbde26ccac22bcb7f0985be5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080730-deafness-structure-9630@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 939b656bc8ab ("btrfs: fix corruption after buffer fault in during direct IO append write") 9aa29a20b700 ("btrfs: move the direct IO code into its own file") 04ef7631bfa5 ("btrfs: cleanup duplicated parameters related to btrfs_create_dio_extent()") 9fec848b3a33 ("btrfs: cleanup duplicated parameters related to create_io_em()") e9ea31fb5c1f ("btrfs: cleanup duplicated parameters related to btrfs_alloc_ordered_extent") cdc627e65c7e ("btrfs: cleanup duplicated parameters related to can_nocow_file_extent_args") c77a8c61002e ("btrfs: remove extent_map::block_start member") e28b851ed9b2 ("btrfs: remove extent_map::block_len member") 4aa7b5d1784f ("btrfs: remove extent_map::orig_start member") 3f255ece2f1e ("btrfs: introduce extra sanity checks for extent maps") 3d2ac9922465 ("btrfs: introduce new members for extent_map") 87a6962f73b1 ("btrfs: export the expected file extent through can_nocow_extent()") e8fe524da027 ("btrfs: rename extent_map::orig_block_len to disk_num_bytes") 8996f61ab9ff ("btrfs: move fiemap code into its own file") 56b7169f691c ("btrfs: use a btrfs_inode local variable at btrfs_sync_file()") e641e323abb3 ("btrfs: pass a btrfs_inode to btrfs_wait_ordered_range()") cef2daba4268 ("btrfs: pass a btrfs_inode to btrfs_fdatawrite_range()") 4e660ca3a98d ("btrfs: use a regular rb_root instead of cached rb_root for extent_map_tree") 7f5830bc964d ("btrfs: rename rb_root member of extent_map_tree from map to root") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 939b656bc8ab203fdbde26ccac22bcb7f0985be5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 26 Jul 2024 11:12:52 +0100 Subject: [PATCH] btrfs: fix corruption after buffer fault in during direct IO append write During an append (O_APPEND write flag) direct IO write if the input buffer was not previously faulted in, we can corrupt the file in a way that the final size is unexpected and it includes an unexpected hole. The problem happens like this: 1) We have an empty file, with size 0, for example; 2) We do an O_APPEND direct IO with a length of 4096 bytes and the input buffer is not currently faulted in; 3) We enter btrfs_direct_write(), lock the inode and call generic_write_checks(), which calls generic_write_checks_count(), and that function sets the iocb position to 0 with the following code: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 4) We call btrfs_dio_write() and enter into iomap, which will end up calling btrfs_dio_iomap_begin() and that calls btrfs_get_blocks_direct_write(), where we update the i_size of the inode to 4096 bytes; 5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access the page of the write input buffer (at iomap_dio_bio_iter(), with a call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets returned to btrfs at btrfs_direct_write() via btrfs_dio_write(); 6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode, fault in the write buffer and then goto to the label 'relock'; 7) We lock again the inode, do all the necessary checks again and call again generic_write_checks(), which calls generic_write_checks_count() again, and there we set the iocb's position to 4K, which is the current i_size of the inode, with the following code pointed above: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 8) Then we go again to btrfs_dio_write() and enter iomap and the write succeeds, but it wrote to the file range [4K, 8K), leaving a hole in the [0, 4K) range and an i_size of 8K, which goes against the expectations of having the data written to the range [0, 4K) and get an i_size of 4K. Fix this by not unlocking the inode before faulting in the input buffer, in case we get -EFAULT or an incomplete write, and not jumping to the 'relock' label after faulting in the buffer - instead jump to a location immediately before calling iomap, skipping all the write checks and relocking. This solves this problem and it's fine even in case the input buffer is memory mapped to the same file range, since only holding the range locked in the inode's io tree can cause a deadlock, it's safe to keep the inode lock (VFS lock), as was fixed and described in commit 51bd9563b678 ("btrfs: fix deadlock due to page faults during direct IO reads and writes"). A sample reproducer provided by a reporter is the following: $ cat test.c #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <test file>\n", argv[0]); return 1; } int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT | O_APPEND, 0644); if (fd < 0) { perror("creating test file"); return 1; } char *buf = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ssize_t ret = write(fd, buf, 4096); if (ret < 0) { perror("pwritev2"); return 1; } struct stat stbuf; ret = fstat(fd, &stbuf); if (ret < 0) { perror("stat"); return 1; } printf("size: %llu\n", (unsigned long long)stbuf.st_size); return stbuf.st_size == 4096 ? 0 : 1; } A test case for fstests will be sent soon. Reported-by: Hanna Czenczek <hreitz(a)redhat.com> Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@re… Fixes: 8184620ae212 ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb") CC: stable(a)vger.kernel.org # 6.1+ Tested-by: Hanna Czenczek <hreitz(a)redhat.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index c8568b1a61c4..75fa563e4cac 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -459,6 +459,7 @@ struct btrfs_file_private { void *filldir_buf; u64 last_index; struct extent_state *llseek_cached_state; + bool fsync_skip_inode_lock; }; static inline u32 BTRFS_LEAF_DATA_SIZE(const struct btrfs_fs_info *info) diff --git a/fs/btrfs/direct-io.c b/fs/btrfs/direct-io.c index f9fb2db6a1e4..67adbe9d294a 100644 --- a/fs/btrfs/direct-io.c +++ b/fs/btrfs/direct-io.c @@ -856,21 +856,37 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) * So here we disable page faults in the iov_iter and then retry if we * got -EFAULT, faulting in the pages before the retry. */ +again: from->nofault = true; dio = btrfs_dio_write(iocb, from, written); from->nofault = false; - /* - * iomap_dio_complete() will call btrfs_sync_file() if we have a dsync - * iocb, and that needs to lock the inode. So unlock it before calling - * iomap_dio_complete() to avoid a deadlock. - */ - btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); - - if (IS_ERR_OR_NULL(dio)) + if (IS_ERR_OR_NULL(dio)) { ret = PTR_ERR_OR_ZERO(dio); - else + } else { + struct btrfs_file_private stack_private = { 0 }; + struct btrfs_file_private *private; + const bool have_private = (file->private_data != NULL); + + if (!have_private) + file->private_data = &stack_private; + + /* + * If we have a synchronous write, we must make sure the fsync + * triggered by the iomap_dio_complete() call below doesn't + * deadlock on the inode lock - we are already holding it and we + * can't call it after unlocking because we may need to complete + * partial writes due to the input buffer (or parts of it) not + * being already faulted in. + */ + private = file->private_data; + private->fsync_skip_inode_lock = true; ret = iomap_dio_complete(dio); + private->fsync_skip_inode_lock = false; + + if (!have_private) + file->private_data = NULL; + } /* No increment (+=) because iomap returns a cumulative value. */ if (ret > 0) @@ -897,10 +913,12 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) } else { fault_in_iov_iter_readable(from, left); prev_left = left; - goto relock; + goto again; } } + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + /* * If 'ret' is -ENOTBLK or we have not written all data, then it means * we must fallback to buffered IO. diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 21381de906f6..9f10a9f23fcc 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1603,6 +1603,7 @@ static inline bool skip_inode_logging(const struct btrfs_log_ctx *ctx) */ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) { + struct btrfs_file_private *private = file->private_data; struct dentry *dentry = file_dentry(file); struct btrfs_inode *inode = BTRFS_I(d_inode(dentry)); struct btrfs_root *root = inode->root; @@ -1612,6 +1613,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) int ret = 0, err; u64 len; bool full_sync; + const bool skip_ilock = (private ? private->fsync_skip_inode_lock : false); trace_btrfs_sync_file(file, datasync); @@ -1639,7 +1641,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) if (ret) goto out; - btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + down_write(&inode->i_mmap_lock); + else + btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); atomic_inc(&root->log_batch); @@ -1663,7 +1668,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) */ ret = start_ordered_ops(inode, start, end); if (ret) { - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); goto out; } @@ -1788,7 +1796,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) * file again, but that will end up using the synchronization * inside btrfs_sync_log to keep things safe. */ - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); if (ret == BTRFS_NO_LOG_SYNC) { ret = btrfs_end_transaction(trans);

10 months, 3 weeks

3
3
0 0

Re: [PATCH 6.10 000/123] 6.10.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

10 months, 3 weeks

1
0
0 0

[PATCH for 6.1 stable] btrfs: fix corruption after buffer fault in during direct IO append write

by fdmanana＠kernel.org

From: Filipe Manana <fdmanana(a)suse.com> commit 939b656bc8ab203fdbde26ccac22bcb7f0985be5 upstream. During an append (O_APPEND write flag) direct IO write if the input buffer was not previously faulted in, we can corrupt the file in a way that the final size is unexpected and it includes an unexpected hole. The problem happens like this: 1) We have an empty file, with size 0, for example; 2) We do an O_APPEND direct IO with a length of 4096 bytes and the input buffer is not currently faulted in; 3) We enter btrfs_direct_write(), lock the inode and call generic_write_checks(), which calls generic_write_checks_count(), and that function sets the iocb position to 0 with the following code: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 4) We call btrfs_dio_write() and enter into iomap, which will end up calling btrfs_dio_iomap_begin() and that calls btrfs_get_blocks_direct_write(), where we update the i_size of the inode to 4096 bytes; 5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access the page of the write input buffer (at iomap_dio_bio_iter(), with a call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets returned to btrfs at btrfs_direct_write() via btrfs_dio_write(); 6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode, fault in the write buffer and then goto to the label 'relock'; 7) We lock again the inode, do all the necessary checks again and call again generic_write_checks(), which calls generic_write_checks_count() again, and there we set the iocb's position to 4K, which is the current i_size of the inode, with the following code pointed above: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 8) Then we go again to btrfs_dio_write() and enter iomap and the write succeeds, but it wrote to the file range [4K, 8K[, leaving a hole in the [0, 4K[ range and an i_size of 8K, which goes against the expections of having the data written to the range [0, 4K[ and get an i_size of 4K. Fix this by not unlocking the inode before faulting in the input buffer, in case we get -EFAULT or an incomplete write, and not jumping to the 'relock' label after faulting in the buffer - instead jump to a location immediately before calling iomap, skipping all the write checks and relocking. This solves this problem and it's fine even in case the input buffer is memory mapped to the same file range, since only holding the range locked in the inode's io tree can cause a deadlock, it's safe to keep the inode lock (VFS lock), as was fixed and described in commit 51bd9563b678 ("btrfs: fix deadlock due to page faults during direct IO reads and writes"). A sample reproducer provided by a reporter is the following: $ cat test.c #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <test file>\n", argv[0]); return 1; } int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT | O_APPEND, 0644); if (fd < 0) { perror("creating test file"); return 1; } char *buf = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ssize_t ret = write(fd, buf, 4096); if (ret < 0) { perror("pwritev2"); return 1; } struct stat stbuf; ret = fstat(fd, &stbuf); if (ret < 0) { perror("stat"); return 1; } printf("size: %llu\n", (unsigned long long)stbuf.st_size); return stbuf.st_size == 4096 ? 0 : 1; } A test case for fstests will be sent soon. Reported-by: Hanna Czenczek <hreitz(a)redhat.com> Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@re… Fixes: 8184620ae212 ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb") Signed-off-by: Filipe Manana <fdmanana(a)suse.com> --- fs/btrfs/ctree.h | 1 + fs/btrfs/file.c | 55 ++++++++++++++++++++++++++++++++++++------------ 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index cca1acf2e037..853b1f96b1fd 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -1553,6 +1553,7 @@ struct btrfs_drop_extents_args { struct btrfs_file_private { void *filldir_buf; u64 last_index; + bool fsync_skip_inode_lock; }; diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 1783a0fbf166..7c3ae295fdb5 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1526,21 +1526,37 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) * So here we disable page faults in the iov_iter and then retry if we * got -EFAULT, faulting in the pages before the retry. */ +again: from->nofault = true; dio = btrfs_dio_write(iocb, from, written); from->nofault = false; - /* - * iomap_dio_complete() will call btrfs_sync_file() if we have a dsync - * iocb, and that needs to lock the inode. So unlock it before calling - * iomap_dio_complete() to avoid a deadlock. - */ - btrfs_inode_unlock(inode, ilock_flags); - - if (IS_ERR_OR_NULL(dio)) + if (IS_ERR_OR_NULL(dio)) { err = PTR_ERR_OR_ZERO(dio); - else + } else { + struct btrfs_file_private stack_private = { 0 }; + struct btrfs_file_private *private; + const bool have_private = (file->private_data != NULL); + + if (!have_private) + file->private_data = &stack_private; + + /* + * If we have a synchoronous write, we must make sure the fsync + * triggered by the iomap_dio_complete() call below doesn't + * deadlock on the inode lock - we are already holding it and we + * can't call it after unlocking because we may need to complete + * partial writes due to the input buffer (or parts of it) not + * being already faulted in. + */ + private = file->private_data; + private->fsync_skip_inode_lock = true; err = iomap_dio_complete(dio); + private->fsync_skip_inode_lock = false; + + if (!have_private) + file->private_data = NULL; + } /* No increment (+=) because iomap returns a cumulative value. */ if (err > 0) @@ -1567,10 +1583,12 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) } else { fault_in_iov_iter_readable(from, left); prev_left = left; - goto relock; + goto again; } } + btrfs_inode_unlock(inode, ilock_flags); + /* * If 'err' is -ENOTBLK or we have not written all data, then it means * we must fallback to buffered IO. @@ -1777,6 +1795,7 @@ static inline bool skip_inode_logging(const struct btrfs_log_ctx *ctx) */ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) { + struct btrfs_file_private *private = file->private_data; struct dentry *dentry = file_dentry(file); struct inode *inode = d_inode(dentry); struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); @@ -1786,6 +1805,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) int ret = 0, err; u64 len; bool full_sync; + const bool skip_ilock = (private ? private->fsync_skip_inode_lock : false); trace_btrfs_sync_file(file, datasync); @@ -1813,7 +1833,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) if (ret) goto out; - btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + down_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); atomic_inc(&root->log_batch); @@ -1837,7 +1860,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) */ ret = start_ordered_ops(inode, start, end); if (ret) { - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); goto out; } @@ -1940,7 +1966,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) * file again, but that will end up using the synchronization * inside btrfs_sync_log to keep things safe. */ - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); if (ret == BTRFS_NO_LOG_SYNC) { ret = btrfs_end_transaction(trans); -- 2.43.0

10 months, 3 weeks

1
0
0 0

[PATCH for 6.10 stable] btrfs: fix corruption after buffer fault in during direct IO append write

by fdmanana＠kernel.org

From: Filipe Manana <fdmanana(a)suse.com> commit 939b656bc8ab203fdbde26ccac22bcb7f0985be5 upstream. During an append (O_APPEND write flag) direct IO write if the input buffer was not previously faulted in, we can corrupt the file in a way that the final size is unexpected and it includes an unexpected hole. The problem happens like this: 1) We have an empty file, with size 0, for example; 2) We do an O_APPEND direct IO with a length of 4096 bytes and the input buffer is not currently faulted in; 3) We enter btrfs_direct_write(), lock the inode and call generic_write_checks(), which calls generic_write_checks_count(), and that function sets the iocb position to 0 with the following code: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 4) We call btrfs_dio_write() and enter into iomap, which will end up calling btrfs_dio_iomap_begin() and that calls btrfs_get_blocks_direct_write(), where we update the i_size of the inode to 4096 bytes; 5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access the page of the write input buffer (at iomap_dio_bio_iter(), with a call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets returned to btrfs at btrfs_direct_write() via btrfs_dio_write(); 6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode, fault in the write buffer and then goto to the label 'relock'; 7) We lock again the inode, do all the necessary checks again and call again generic_write_checks(), which calls generic_write_checks_count() again, and there we set the iocb's position to 4K, which is the current i_size of the inode, with the following code pointed above: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 8) Then we go again to btrfs_dio_write() and enter iomap and the write succeeds, but it wrote to the file range [4K, 8K[, leaving a hole in the [0, 4K[ range and an i_size of 8K, which goes against the expections of having the data written to the range [0, 4K[ and get an i_size of 4K. Fix this by not unlocking the inode before faulting in the input buffer, in case we get -EFAULT or an incomplete write, and not jumping to the 'relock' label after faulting in the buffer - instead jump to a location immediately before calling iomap, skipping all the write checks and relocking. This solves this problem and it's fine even in case the input buffer is memory mapped to the same file range, since only holding the range locked in the inode's io tree can cause a deadlock, it's safe to keep the inode lock (VFS lock), as was fixed and described in commit 51bd9563b678 ("btrfs: fix deadlock due to page faults during direct IO reads and writes"). A sample reproducer provided by a reporter is the following: $ cat test.c #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <test file>\n", argv[0]); return 1; } int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT | O_APPEND, 0644); if (fd < 0) { perror("creating test file"); return 1; } char *buf = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ssize_t ret = write(fd, buf, 4096); if (ret < 0) { perror("pwritev2"); return 1; } struct stat stbuf; ret = fstat(fd, &stbuf); if (ret < 0) { perror("stat"); return 1; } printf("size: %llu\n", (unsigned long long)stbuf.st_size); return stbuf.st_size == 4096 ? 0 : 1; } A test case for fstests will be sent soon. Reported-by: Hanna Czenczek <hreitz(a)redhat.com> Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@re… Fixes: 8184620ae212 ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb") Signed-off-by: Filipe Manana <fdmanana(a)suse.com> --- fs/btrfs/ctree.h | 1 + fs/btrfs/file.c | 55 ++++++++++++++++++++++++++++++++++++------------ 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index c03c58246033..ae55b5c5ae5e 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -447,6 +447,7 @@ struct btrfs_file_private { void *filldir_buf; u64 last_index; struct extent_state *llseek_cached_state; + bool fsync_skip_inode_lock; }; static inline u32 BTRFS_LEAF_DATA_SIZE(const struct btrfs_fs_info *info) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index d90138683a0a..35ce1c810bd3 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1550,21 +1550,37 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) * So here we disable page faults in the iov_iter and then retry if we * got -EFAULT, faulting in the pages before the retry. */ +again: from->nofault = true; dio = btrfs_dio_write(iocb, from, written); from->nofault = false; - /* - * iomap_dio_complete() will call btrfs_sync_file() if we have a dsync - * iocb, and that needs to lock the inode. So unlock it before calling - * iomap_dio_complete() to avoid a deadlock. - */ - btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); - - if (IS_ERR_OR_NULL(dio)) + if (IS_ERR_OR_NULL(dio)) { ret = PTR_ERR_OR_ZERO(dio); - else + } else { + struct btrfs_file_private stack_private = { 0 }; + struct btrfs_file_private *private; + const bool have_private = (file->private_data != NULL); + + if (!have_private) + file->private_data = &stack_private; + + /* + * If we have a synchoronous write, we must make sure the fsync + * triggered by the iomap_dio_complete() call below doesn't + * deadlock on the inode lock - we are already holding it and we + * can't call it after unlocking because we may need to complete + * partial writes due to the input buffer (or parts of it) not + * being already faulted in. + */ + private = file->private_data; + private->fsync_skip_inode_lock = true; ret = iomap_dio_complete(dio); + private->fsync_skip_inode_lock = false; + + if (!have_private) + file->private_data = NULL; + } /* No increment (+=) because iomap returns a cumulative value. */ if (ret > 0) @@ -1591,10 +1607,12 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) } else { fault_in_iov_iter_readable(from, left); prev_left = left; - goto relock; + goto again; } } + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + /* * If 'ret' is -ENOTBLK or we have not written all data, then it means * we must fallback to buffered IO. @@ -1793,6 +1811,7 @@ static inline bool skip_inode_logging(const struct btrfs_log_ctx *ctx) */ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) { + struct btrfs_file_private *private = file->private_data; struct dentry *dentry = file_dentry(file); struct inode *inode = d_inode(dentry); struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); @@ -1802,6 +1821,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) int ret = 0, err; u64 len; bool full_sync; + const bool skip_ilock = (private ? private->fsync_skip_inode_lock : false); trace_btrfs_sync_file(file, datasync); @@ -1829,7 +1849,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) if (ret) goto out; - btrfs_inode_lock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); + if (skip_ilock) + down_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_lock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); atomic_inc(&root->log_batch); @@ -1853,7 +1876,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) */ ret = start_ordered_ops(inode, start, end); if (ret) { - btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); goto out; } @@ -1982,7 +2008,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) * file again, but that will end up using the synchronization * inside btrfs_sync_log to keep things safe. */ - btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&BTRFS_I(inode)->i_mmap_lock); + else + btrfs_inode_unlock(BTRFS_I(inode), BTRFS_ILOCK_MMAP); if (ret == BTRFS_NO_LOG_SYNC) { ret = btrfs_end_transaction(trans); -- 2.43.0

10 months, 3 weeks

1
0
0 0

[tip: irq/urgent] genirq/irqdesc: Honor caller provided affinity in alloc_desc()

by tip-bot2 for Shay Drory

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: edbbaae42a56f9a2b39c52ef2504dfb3fb0a7858 Gitweb: https://git.kernel.org/tip/edbbaae42a56f9a2b39c52ef2504dfb3fb0a7858 Author: Shay Drory <shayd(a)nvidia.com> AuthorDate: Tue, 06 Aug 2024 10:20:44 +03:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Wed, 07 Aug 2024 17:27:00 +02:00 genirq/irqdesc: Honor caller provided affinity in alloc_desc() Currently, whenever a caller is providing an affinity hint for an interrupt, the allocation code uses it to calculate the node and copies the cpumask into irq_desc::affinity. If the affinity for the interrupt is not marked 'managed' then the startup of the interrupt ignores irq_desc::affinity and uses the system default affinity mask. Prevent this by setting the IRQD_AFFINITY_SET flag for the interrupt in the allocator, which causes irq_setup_affinity() to use irq_desc::affinity on interrupt startup if the mask contains an online CPU. [ tglx: Massaged changelog ] Fixes: 45ddcecbfa94 ("genirq: Use affinity hint in irqdesc allocation") Signed-off-by: Shay Drory <shayd(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/all/20240806072044.837827-1-shayd@nvidia.com --- kernel/irq/irqdesc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/irq/irqdesc.c b/kernel/irq/irqdesc.c index 07e99c9..1dee88b 100644 --- a/kernel/irq/irqdesc.c +++ b/kernel/irq/irqdesc.c @@ -530,6 +530,7 @@ static int alloc_descs(unsigned int start, unsigned int cnt, int node, flags = IRQD_AFFINITY_MANAGED | IRQD_MANAGED_SHUTDOWN; } + flags |= IRQD_AFFINITY_SET; mask = &affinity->mask; node = cpu_to_node(cpumask_first(mask)); affinity++;

10 months, 3 weeks

1
0
0 0

[PATCH net] net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings

by longli＠linuxonhyperv.com

From: Long Li <longli(a)microsoft.com> After napi_complete_done() is called, another NAPI may be running on another CPU and ring the doorbell before the current CPU does. When combined with unnecessary rings when there is no need to ARM the CQ, this triggers error paths in the hardware. Fix this by always ring the doorbell in sequence and avoid unnecessary rings. Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Signed-off-by: Long Li <longli(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/mana_en.c | 24 ++++++++++++------- include/net/mana/mana.h | 1 + 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index d2f07e179e86..7d08e23c6749 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1788,7 +1788,6 @@ static void mana_poll_rx_cq(struct mana_cq *cq) static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) { struct mana_cq *cq = context; - u8 arm_bit; int w; WARN_ON_ONCE(cq->gdma_cq != gdma_queue); @@ -1799,16 +1798,23 @@ static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) mana_poll_tx_cq(cq); w = cq->work_done; - - if (w < cq->budget && - napi_complete_done(&cq->napi, w)) { - arm_bit = SET_ARM_BIT; - } else { - arm_bit = 0; + cq->work_done_since_doorbell += w; + + if (w < cq->budget) { + mana_gd_ring_cq(gdma_queue, SET_ARM_BIT); + cq->work_done_since_doorbell = 0; + napi_complete_done(&cq->napi, w); + } else if (cq->work_done_since_doorbell > + cq->gdma_cq->queue_size / COMP_ENTRY_SIZE * 4) { + /* MANA hardware requires at least one doorbell ring every 8 + * wraparounds of CQ even there is no need to ARM. This driver + * rings the doorbell as soon as we have execceded 4 + * wraparounds. + */ + mana_gd_ring_cq(gdma_queue, 0); + cq->work_done_since_doorbell = 0; } - mana_gd_ring_cq(gdma_queue, arm_bit); - return w; } diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 6439fd8b437b..7caa334f4888 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -275,6 +275,7 @@ struct mana_cq { /* NAPI data */ struct napi_struct napi; int work_done; + int work_done_since_doorbell; int budget; }; -- 2.17.1

10 months, 3 weeks

5
5
0 0

FAILED: patch "[PATCH] drm/ast: Fix black screen after resume" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 12c35c5582acb0fd8f7713ffa75f450766022ff1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080750-lance-overcrowd-731e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 12c35c5582ac ("drm/ast: Fix black screen after resume") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 12c35c5582acb0fd8f7713ffa75f450766022ff1 Mon Sep 17 00:00:00 2001 From: Jammy Huang <jammy_huang(a)aspeedtech.com> Date: Thu, 18 Jul 2024 11:03:52 +0800 Subject: [PATCH] drm/ast: Fix black screen after resume Suspend will disable pcie device. Thus, resume should do full hw initialization again. Add some APIs to ast_drm_thaw() before ast_post_gpu() to fix the issue. v2: - fix function-call arguments Fixes: 5b71707dd13c ("drm/ast: Enable and unlock device access early during init") Reported-by: Cary Garrett <cogarre(a)gmail.com> Closes: https://lore.kernel.org/dri-devel/8ce1e1cc351153a890b65e62fed93b54ccd43f6a.… Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.6+ Signed-off-by: Jammy Huang <jammy_huang(a)aspeedtech.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/20240718030352.654155-1-jammy… diff --git a/drivers/gpu/drm/ast/ast_drv.c b/drivers/gpu/drm/ast/ast_drv.c index f8c49ba68e78..af2368f6f00f 100644 --- a/drivers/gpu/drm/ast/ast_drv.c +++ b/drivers/gpu/drm/ast/ast_drv.c @@ -391,6 +391,11 @@ static int ast_drm_freeze(struct drm_device *dev) static int ast_drm_thaw(struct drm_device *dev) { + struct ast_device *ast = to_ast_device(dev); + + ast_enable_vga(ast->ioregs); + ast_open_key(ast->ioregs); + ast_enable_mmio(dev->dev, ast->ioregs); ast_post_gpu(dev); return drm_mode_config_helper_resume(dev);

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/ast: astdp: Wake up during connector status detection" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0ce91928ec62d189b5c51816e325f02587b53118 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080729-overlord-gala-fe40@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0ce91928ec62 ("drm/ast: astdp: Wake up during connector status detection") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ce91928ec62d189b5c51816e325f02587b53118 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Wed, 17 Jul 2024 16:24:16 +0200 Subject: [PATCH] drm/ast: astdp: Wake up during connector status detection Power up the ASTDP connector for connection status detection if the connector is not active. Keep it powered if a display is attached. This fixes a bug where the connector does not come back after disconnecting the display. The encoder's atomic_disable turns off power on the physical connector. Further HPD reads will fail, thus preventing the driver from detecting re-connected displays. For connectors that are actively used, only test the HPD flag without touching power. Fixes: f81bb0ac7872 ("drm/ast: report connection status on Display Port.") Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Dave Airlie <airlied(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.6+ Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Jocelyn Falempe <jfalempe(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240717143319.104012-2-tzimm… diff --git a/drivers/gpu/drm/ast/ast_dp.c b/drivers/gpu/drm/ast/ast_dp.c index 1e9259416980..e6c7f0d64e99 100644 --- a/drivers/gpu/drm/ast/ast_dp.c +++ b/drivers/gpu/drm/ast/ast_dp.c @@ -158,7 +158,14 @@ void ast_dp_launch(struct drm_device *dev) ASTDP_HOST_EDID_READ_DONE); } +bool ast_dp_power_is_on(struct ast_device *ast) +{ + u8 vgacre3; + vgacre3 = ast_get_index_reg(ast, AST_IO_VGACRI, 0xe3); + + return !(vgacre3 & AST_DP_PHY_SLEEP); +} void ast_dp_power_on_off(struct drm_device *dev, bool on) { diff --git a/drivers/gpu/drm/ast/ast_drv.h b/drivers/gpu/drm/ast/ast_drv.h index ba3d86973995..47bab5596c16 100644 --- a/drivers/gpu/drm/ast/ast_drv.h +++ b/drivers/gpu/drm/ast/ast_drv.h @@ -472,6 +472,7 @@ void ast_init_3rdtx(struct drm_device *dev); bool ast_astdp_is_connected(struct ast_device *ast); int ast_astdp_read_edid(struct drm_device *dev, u8 *ediddata); void ast_dp_launch(struct drm_device *dev); +bool ast_dp_power_is_on(struct ast_device *ast); void ast_dp_power_on_off(struct drm_device *dev, bool no); void ast_dp_set_on_off(struct drm_device *dev, bool no); void ast_dp_set_mode(struct drm_crtc *crtc, struct ast_vbios_mode_info *vbios_mode); diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c index dc8f639e82fd..049ee1477c33 100644 --- a/drivers/gpu/drm/ast/ast_mode.c +++ b/drivers/gpu/drm/ast/ast_mode.c @@ -28,6 +28,7 @@ * Authors: Dave Airlie <airlied(a)redhat.com> */ +#include <linux/delay.h> #include <linux/export.h> #include <linux/pci.h> @@ -1687,11 +1688,35 @@ static int ast_astdp_connector_helper_detect_ctx(struct drm_connector *connector struct drm_modeset_acquire_ctx *ctx, bool force) { + struct drm_device *dev = connector->dev; struct ast_device *ast = to_ast_device(connector->dev); + enum drm_connector_status status = connector_status_disconnected; + struct drm_connector_state *connector_state = connector->state; + bool is_active = false; + + mutex_lock(&ast->modeset_lock); + + if (connector_state && connector_state->crtc) { + struct drm_crtc_state *crtc_state = connector_state->crtc->state; + + if (crtc_state && crtc_state->active) + is_active = true; + } + + if (!is_active && !ast_dp_power_is_on(ast)) { + ast_dp_power_on_off(dev, true); + msleep(50); + } if (ast_astdp_is_connected(ast)) - return connector_status_connected; - return connector_status_disconnected; + status = connector_status_connected; + + if (!is_active && status == connector_status_disconnected) + ast_dp_power_on_off(dev, false); + + mutex_unlock(&ast->modeset_lock); + + return status; } static const struct drm_connector_helper_funcs ast_astdp_connector_helper_funcs = {

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mptcp: pm: fix backup support in signal endpoints" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6834097fc38c5416701c793da94558cea49c0a1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080714-daisy-celibacy-e263@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 6834097fc38c ("mptcp: pm: fix backup support in signal endpoints") 9ae7846c4b6b ("mptcp: dump addrs in userspace pm list") 34e74a5cf3b7 ("mptcp: implement mptcp_userspace_pm_dump_addr") aab4d8564947 ("net: mptcp: use policy generated by YAML spec") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6834097fc38c5416701c793da94558cea49c0a1f Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Sat, 27 Jul 2024 12:01:28 +0200 Subject: [PATCH] mptcp: pm: fix backup support in signal endpoints There was a support for signal endpoints, but only when the endpoint's flag was changed during a connection. If an endpoint with the signal and backup was already present, the MP_JOIN reply was not containing the backup flag as expected. That's confusing to have this inconsistent behaviour. On the other hand, the infrastructure to set the backup flag in the SYN + ACK + MP_JOIN was already there, it was just never set before. Now when requesting the local ID from the path-manager, the backup status is also requested. Note that when the userspace PM is used, the backup flag can be set if the local address was already used before with a backup flag, e.g. if the address was announced with the 'backup' flag, or a subflow was created with the 'backup' flag. Fixes: 4596a2c1b7f5 ("mptcp: allow creating non-backup subflows") Cc: stable(a)vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/507 Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 55406720c607..23bb89c94e90 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -426,6 +426,18 @@ int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc) return mptcp_pm_nl_get_local_id(msk, &skc_local); } +bool mptcp_pm_is_backup(struct mptcp_sock *msk, struct sock_common *skc) +{ + struct mptcp_addr_info skc_local; + + mptcp_local_address((struct sock_common *)skc, &skc_local); + + if (mptcp_pm_is_userspace(msk)) + return mptcp_userspace_pm_is_backup(msk, &skc_local); + + return mptcp_pm_nl_is_backup(msk, &skc_local); +} + int mptcp_pm_get_flags_and_ifindex_by_id(struct mptcp_sock *msk, unsigned int id, u8 *flags, int *ifindex) { diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 7635fac91539..37954a0b087d 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1101,6 +1101,24 @@ int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc return ret; } +bool mptcp_pm_nl_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc) +{ + struct pm_nl_pernet *pernet = pm_nl_get_pernet_from_msk(msk); + struct mptcp_pm_addr_entry *entry; + bool backup = false; + + rcu_read_lock(); + list_for_each_entry_rcu(entry, &pernet->local_addr_list, list) { + if (mptcp_addresses_equal(&entry->addr, skc, entry->addr.port)) { + backup = !!(entry->flags & MPTCP_PM_ADDR_FLAG_BACKUP); + break; + } + } + rcu_read_unlock(); + + return backup; +} + #define MPTCP_PM_CMD_GRP_OFFSET 0 #define MPTCP_PM_EV_GRP_OFFSET 1 diff --git a/net/mptcp/pm_userspace.c b/net/mptcp/pm_userspace.c index f0a4590506c6..8eaa9fbe3e34 100644 --- a/net/mptcp/pm_userspace.c +++ b/net/mptcp/pm_userspace.c @@ -165,6 +165,24 @@ int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, return mptcp_userspace_pm_append_new_local_addr(msk, &new_entry, true); } +bool mptcp_userspace_pm_is_backup(struct mptcp_sock *msk, + struct mptcp_addr_info *skc) +{ + struct mptcp_pm_addr_entry *entry; + bool backup = false; + + spin_lock_bh(&msk->pm.lock); + list_for_each_entry(entry, &msk->pm.userspace_pm_local_addr_list, list) { + if (mptcp_addresses_equal(&entry->addr, skc, false)) { + backup = !!(entry->flags & MPTCP_PM_ADDR_FLAG_BACKUP); + break; + } + } + spin_unlock_bh(&msk->pm.lock); + + return backup; +} + int mptcp_pm_nl_announce_doit(struct sk_buff *skb, struct genl_info *info) { struct nlattr *token = info->attrs[MPTCP_PM_ATTR_TOKEN]; diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index b8b25124e7de..60c6b073d65f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1109,6 +1109,9 @@ bool mptcp_pm_rm_addr_signal(struct mptcp_sock *msk, unsigned int remaining, int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc); int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +bool mptcp_pm_is_backup(struct mptcp_sock *msk, struct sock_common *skc); +bool mptcp_pm_nl_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +bool mptcp_userspace_pm_is_backup(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_pm_dump_addr(struct sk_buff *msg, struct netlink_callback *cb); int mptcp_pm_nl_dump_addr(struct sk_buff *msg, struct netlink_callback *cb); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index be406197b1c4..0e4b5bfbeaa1 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -100,6 +100,7 @@ static struct mptcp_sock *subflow_token_join_request(struct request_sock *req) return NULL; } subflow_req->local_id = local_id; + subflow_req->request_bkup = mptcp_pm_is_backup(msk, (struct sock_common *)req); return msk; } @@ -620,6 +621,8 @@ static int subflow_chk_local_id(struct sock *sk) return err; subflow_set_local_id(subflow, err); + subflow->request_bkup = mptcp_pm_is_backup(msk, (struct sock_common *)sk); + return 0; }

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix locking scope when flushing tlb" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080742-shown-skillful-3dfc@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9c33e5fd4fb6 ("drm/amdgpu: fix locking scope when flushing tlb") 08abccc9a7a7 ("drm/amdgpu: further move TLB hw workarounds a layer up") e2e3788850b9 ("drm/amdgpu: rework lock handling for flush_tlb v2") 3983c9fd2d8b ("drm/amdgpu: drop error return from flush_gpu_tlb_pasid") 041a5743883d ("drm/amdgpu: fix and cleanup gmc_v11_0_flush_gpu_tlb_pasid") 72cc99205c0b ("drm/amdgpu: cleanup gmc_v10_0_flush_gpu_tlb_pasid") e7b90e99fa8f ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb_pasid") 0c525aa40649 ("drm/amdgpu: fix and cleanup gmc_v8_0_flush_gpu_tlb_pasid") fb4c52db6974 ("drm/amdgpu: fix and cleanup gmc_v7_0_flush_gpu_tlb_pasid") a70cb2176f7e ("drm/amdgpu: rework gmc_v10_0_flush_gpu_tlb v2") 24a6eb92b7f6 ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb") 4e8303cf2c4d ("drm/amdgpu: Use function for IP version check") 6b7d211740da ("drm/amdgpu: Fix refclk reporting for SMU v13.0.6") 1b8e56b99459 ("drm/amdgpu: Restrict bootloader wait to SMUv13.0.6") 983ac45a06ae ("drm/amdgpu: update SET_HW_RESOURCES definition for UMSCH") 822f7808291f ("drm/amdgpu/discovery: enable UMSCH 4.0 in IP discovery") 3488c79beafa ("drm/amdgpu: add initial support for UMSCH") 2da1b04a2096 ("drm/amdgpu: add UMSCH 4.0 api definition") 3ee8fb7005ef ("drm/amdgpu: enable VPE for VPE 6.1.0") 9d4346bdbc64 ("drm/amdgpu: add VPE 6.1.0 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 Mon Sep 17 00:00:00 2001 From: Yunxiang Li <Yunxiang.Li(a)amd.com> Date: Thu, 23 May 2024 07:48:19 -0400 Subject: [PATCH] drm/amdgpu: fix locking scope when flushing tlb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 660599823050..322b8ff67cde 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -682,12 +682,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -701,44 +706,41 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; - } - r = 0; - error_unlock_reset: up_read(&adev->reset_domain->sem); return r;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix locking scope when flushing tlb" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080741-aide-civil-2ce4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9c33e5fd4fb6 ("drm/amdgpu: fix locking scope when flushing tlb") 08abccc9a7a7 ("drm/amdgpu: further move TLB hw workarounds a layer up") e2e3788850b9 ("drm/amdgpu: rework lock handling for flush_tlb v2") 3983c9fd2d8b ("drm/amdgpu: drop error return from flush_gpu_tlb_pasid") 041a5743883d ("drm/amdgpu: fix and cleanup gmc_v11_0_flush_gpu_tlb_pasid") 72cc99205c0b ("drm/amdgpu: cleanup gmc_v10_0_flush_gpu_tlb_pasid") e7b90e99fa8f ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb_pasid") 0c525aa40649 ("drm/amdgpu: fix and cleanup gmc_v8_0_flush_gpu_tlb_pasid") fb4c52db6974 ("drm/amdgpu: fix and cleanup gmc_v7_0_flush_gpu_tlb_pasid") a70cb2176f7e ("drm/amdgpu: rework gmc_v10_0_flush_gpu_tlb v2") 24a6eb92b7f6 ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb") 4e8303cf2c4d ("drm/amdgpu: Use function for IP version check") 6b7d211740da ("drm/amdgpu: Fix refclk reporting for SMU v13.0.6") 1b8e56b99459 ("drm/amdgpu: Restrict bootloader wait to SMUv13.0.6") 983ac45a06ae ("drm/amdgpu: update SET_HW_RESOURCES definition for UMSCH") 822f7808291f ("drm/amdgpu/discovery: enable UMSCH 4.0 in IP discovery") 3488c79beafa ("drm/amdgpu: add initial support for UMSCH") 2da1b04a2096 ("drm/amdgpu: add UMSCH 4.0 api definition") 3ee8fb7005ef ("drm/amdgpu: enable VPE for VPE 6.1.0") 9d4346bdbc64 ("drm/amdgpu: add VPE 6.1.0 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 Mon Sep 17 00:00:00 2001 From: Yunxiang Li <Yunxiang.Li(a)amd.com> Date: Thu, 23 May 2024 07:48:19 -0400 Subject: [PATCH] drm/amdgpu: fix locking scope when flushing tlb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 660599823050..322b8ff67cde 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -682,12 +682,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -701,44 +706,41 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; - } - r = 0; - error_unlock_reset: up_read(&adev->reset_domain->sem); return r;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix locking scope when flushing tlb" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080740-entrap-underrate-8078@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 9c33e5fd4fb6 ("drm/amdgpu: fix locking scope when flushing tlb") 08abccc9a7a7 ("drm/amdgpu: further move TLB hw workarounds a layer up") e2e3788850b9 ("drm/amdgpu: rework lock handling for flush_tlb v2") 3983c9fd2d8b ("drm/amdgpu: drop error return from flush_gpu_tlb_pasid") 041a5743883d ("drm/amdgpu: fix and cleanup gmc_v11_0_flush_gpu_tlb_pasid") 72cc99205c0b ("drm/amdgpu: cleanup gmc_v10_0_flush_gpu_tlb_pasid") e7b90e99fa8f ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb_pasid") 0c525aa40649 ("drm/amdgpu: fix and cleanup gmc_v8_0_flush_gpu_tlb_pasid") fb4c52db6974 ("drm/amdgpu: fix and cleanup gmc_v7_0_flush_gpu_tlb_pasid") a70cb2176f7e ("drm/amdgpu: rework gmc_v10_0_flush_gpu_tlb v2") 24a6eb92b7f6 ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb") 4e8303cf2c4d ("drm/amdgpu: Use function for IP version check") 6b7d211740da ("drm/amdgpu: Fix refclk reporting for SMU v13.0.6") 1b8e56b99459 ("drm/amdgpu: Restrict bootloader wait to SMUv13.0.6") 983ac45a06ae ("drm/amdgpu: update SET_HW_RESOURCES definition for UMSCH") 822f7808291f ("drm/amdgpu/discovery: enable UMSCH 4.0 in IP discovery") 3488c79beafa ("drm/amdgpu: add initial support for UMSCH") 2da1b04a2096 ("drm/amdgpu: add UMSCH 4.0 api definition") 3ee8fb7005ef ("drm/amdgpu: enable VPE for VPE 6.1.0") 9d4346bdbc64 ("drm/amdgpu: add VPE 6.1.0 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 Mon Sep 17 00:00:00 2001 From: Yunxiang Li <Yunxiang.Li(a)amd.com> Date: Thu, 23 May 2024 07:48:19 -0400 Subject: [PATCH] drm/amdgpu: fix locking scope when flushing tlb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 660599823050..322b8ff67cde 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -682,12 +682,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -701,44 +706,41 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; - } - r = 0; - error_unlock_reset: up_read(&adev->reset_domain->sem); return r;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix locking scope when flushing tlb" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080740-rocklike-avert-cbfd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9c33e5fd4fb6 ("drm/amdgpu: fix locking scope when flushing tlb") 08abccc9a7a7 ("drm/amdgpu: further move TLB hw workarounds a layer up") e2e3788850b9 ("drm/amdgpu: rework lock handling for flush_tlb v2") 3983c9fd2d8b ("drm/amdgpu: drop error return from flush_gpu_tlb_pasid") 041a5743883d ("drm/amdgpu: fix and cleanup gmc_v11_0_flush_gpu_tlb_pasid") 72cc99205c0b ("drm/amdgpu: cleanup gmc_v10_0_flush_gpu_tlb_pasid") e7b90e99fa8f ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb_pasid") 0c525aa40649 ("drm/amdgpu: fix and cleanup gmc_v8_0_flush_gpu_tlb_pasid") fb4c52db6974 ("drm/amdgpu: fix and cleanup gmc_v7_0_flush_gpu_tlb_pasid") a70cb2176f7e ("drm/amdgpu: rework gmc_v10_0_flush_gpu_tlb v2") 24a6eb92b7f6 ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb") 4e8303cf2c4d ("drm/amdgpu: Use function for IP version check") 6b7d211740da ("drm/amdgpu: Fix refclk reporting for SMU v13.0.6") 1b8e56b99459 ("drm/amdgpu: Restrict bootloader wait to SMUv13.0.6") 983ac45a06ae ("drm/amdgpu: update SET_HW_RESOURCES definition for UMSCH") 822f7808291f ("drm/amdgpu/discovery: enable UMSCH 4.0 in IP discovery") 3488c79beafa ("drm/amdgpu: add initial support for UMSCH") 2da1b04a2096 ("drm/amdgpu: add UMSCH 4.0 api definition") 3ee8fb7005ef ("drm/amdgpu: enable VPE for VPE 6.1.0") 9d4346bdbc64 ("drm/amdgpu: add VPE 6.1.0 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 Mon Sep 17 00:00:00 2001 From: Yunxiang Li <Yunxiang.Li(a)amd.com> Date: Thu, 23 May 2024 07:48:19 -0400 Subject: [PATCH] drm/amdgpu: fix locking scope when flushing tlb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 660599823050..322b8ff67cde 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -682,12 +682,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -701,44 +706,41 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; - } - r = 0; - error_unlock_reset: up_read(&adev->reset_domain->sem); return r;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix locking scope when flushing tlb" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080739-settle-henna-2133@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 9c33e5fd4fb6 ("drm/amdgpu: fix locking scope when flushing tlb") 08abccc9a7a7 ("drm/amdgpu: further move TLB hw workarounds a layer up") e2e3788850b9 ("drm/amdgpu: rework lock handling for flush_tlb v2") 3983c9fd2d8b ("drm/amdgpu: drop error return from flush_gpu_tlb_pasid") 041a5743883d ("drm/amdgpu: fix and cleanup gmc_v11_0_flush_gpu_tlb_pasid") 72cc99205c0b ("drm/amdgpu: cleanup gmc_v10_0_flush_gpu_tlb_pasid") e7b90e99fa8f ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb_pasid") 0c525aa40649 ("drm/amdgpu: fix and cleanup gmc_v8_0_flush_gpu_tlb_pasid") fb4c52db6974 ("drm/amdgpu: fix and cleanup gmc_v7_0_flush_gpu_tlb_pasid") a70cb2176f7e ("drm/amdgpu: rework gmc_v10_0_flush_gpu_tlb v2") 24a6eb92b7f6 ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb") 4e8303cf2c4d ("drm/amdgpu: Use function for IP version check") 6b7d211740da ("drm/amdgpu: Fix refclk reporting for SMU v13.0.6") 1b8e56b99459 ("drm/amdgpu: Restrict bootloader wait to SMUv13.0.6") 983ac45a06ae ("drm/amdgpu: update SET_HW_RESOURCES definition for UMSCH") 822f7808291f ("drm/amdgpu/discovery: enable UMSCH 4.0 in IP discovery") 3488c79beafa ("drm/amdgpu: add initial support for UMSCH") 2da1b04a2096 ("drm/amdgpu: add UMSCH 4.0 api definition") 3ee8fb7005ef ("drm/amdgpu: enable VPE for VPE 6.1.0") 9d4346bdbc64 ("drm/amdgpu: add VPE 6.1.0 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 Mon Sep 17 00:00:00 2001 From: Yunxiang Li <Yunxiang.Li(a)amd.com> Date: Thu, 23 May 2024 07:48:19 -0400 Subject: [PATCH] drm/amdgpu: fix locking scope when flushing tlb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 660599823050..322b8ff67cde 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -682,12 +682,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -701,44 +706,41 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; - } - r = 0; - error_unlock_reset: up_read(&adev->reset_domain->sem); return r;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix locking scope when flushing tlb" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080738-fasting-raving-635a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 9c33e5fd4fb6 ("drm/amdgpu: fix locking scope when flushing tlb") 08abccc9a7a7 ("drm/amdgpu: further move TLB hw workarounds a layer up") e2e3788850b9 ("drm/amdgpu: rework lock handling for flush_tlb v2") 3983c9fd2d8b ("drm/amdgpu: drop error return from flush_gpu_tlb_pasid") 041a5743883d ("drm/amdgpu: fix and cleanup gmc_v11_0_flush_gpu_tlb_pasid") 72cc99205c0b ("drm/amdgpu: cleanup gmc_v10_0_flush_gpu_tlb_pasid") e7b90e99fa8f ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb_pasid") 0c525aa40649 ("drm/amdgpu: fix and cleanup gmc_v8_0_flush_gpu_tlb_pasid") fb4c52db6974 ("drm/amdgpu: fix and cleanup gmc_v7_0_flush_gpu_tlb_pasid") a70cb2176f7e ("drm/amdgpu: rework gmc_v10_0_flush_gpu_tlb v2") 24a6eb92b7f6 ("drm/amdgpu: fix and cleanup gmc_v9_0_flush_gpu_tlb") 4e8303cf2c4d ("drm/amdgpu: Use function for IP version check") 6b7d211740da ("drm/amdgpu: Fix refclk reporting for SMU v13.0.6") 1b8e56b99459 ("drm/amdgpu: Restrict bootloader wait to SMUv13.0.6") 983ac45a06ae ("drm/amdgpu: update SET_HW_RESOURCES definition for UMSCH") 822f7808291f ("drm/amdgpu/discovery: enable UMSCH 4.0 in IP discovery") 3488c79beafa ("drm/amdgpu: add initial support for UMSCH") 2da1b04a2096 ("drm/amdgpu: add UMSCH 4.0 api definition") 3ee8fb7005ef ("drm/amdgpu: enable VPE for VPE 6.1.0") 9d4346bdbc64 ("drm/amdgpu: add VPE 6.1.0 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c33e5fd4fb63b793d9a92bf35d190630d9bada4 Mon Sep 17 00:00:00 2001 From: Yunxiang Li <Yunxiang.Li(a)amd.com> Date: Thu, 23 May 2024 07:48:19 -0400 Subject: [PATCH] drm/amdgpu: fix locking scope when flushing tlb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 660599823050..322b8ff67cde 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -682,12 +682,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -701,44 +706,41 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; - } - r = 0; - error_unlock_reset: up_read(&adev->reset_domain->sem); return r;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d516b187a9cc2e842030dd005be2735db3e8f395 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080701-prominent-stoic-81d9@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d516b187a9cc ("r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY") 93882c6f210a ("r8169: switch from netif_xxx message functions to netdev_xxx") b8447abc4c8f ("r8169: factor out rtl8169_tx_map") 2864a883f931 ("r8169: use pci_status_get_and_clear_errors") 90760b21aef4 ("r8169: add PCI_STATUS_PARITY to PCI status error bits") 9020845fb5d6 ("r8169: improve rtl8169_start_xmit") f1f9ca287569 ("r8169: improve rtl8169_get_mac_version") a8ec173a3f29 ("r8169: don't set min_mtu/max_mtu if not needed") 2992bdfa4ad2 ("r8169: add r8169.h") 1c5be5e91d78 ("r8169: rename rtl_apply_firmware") 8cecc8f0ae2e ("r8169: change argument type of EEE PHY functions") becd837eebc5 ("r8169: prepare for exporting rtl_hw_phy_config") af7797785d61 ("r8169: move enabling EEE to rtl8169_init_phy") 3127f7c9b7da ("r8169: factor out rtl8168h_2_get_adc_bias_ioffset") 229c1e0dfd3d ("r8169: load firmware for RTL8168fp/RTL8117") 718af5bc9709 ("r8169: improve conditional firmware loading for RTL8168d") d0db136ffb59 ("r8169: use r8168d_modify_extpage in rtl8168f_config_eee_phy") 1287723aa139 ("r8169: add support for RTL8117") 0721914a3d2b ("r8169: add helper r8168d_modify_extpage") 3a129e3f9ac4 ("r8169: switch to phylib functions in more places") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d516b187a9cc2e842030dd005be2735db3e8f395 Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 30 Jul 2024 21:51:52 +0200 Subject: [PATCH] r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY The skb isn't consumed in case of NETDEV_TX_BUSY, therefore don't increment the tx_dropped counter. Fixes: 188f4af04618 ("r8169: use NETDEV_TX_{BUSY/OK}") Cc: stable(a)vger.kernel.org Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Wojciech Drewek <wojciech.drewek(a)intel.com> Link: https://patch.msgid.link/bbba9c48-8bac-4932-9aa1-d2ed63bc9433@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 714d2e804694..3507c2e28110 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -4349,7 +4349,8 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, if (unlikely(!rtl_tx_slots_avail(tp))) { if (net_ratelimit()) netdev_err(dev, "BUG! Tx Ring full when queue awake!\n"); - goto err_stop_0; + netif_stop_queue(dev); + return NETDEV_TX_BUSY; } opts[1] = rtl8169_tx_vlan_tag(skb); @@ -4405,11 +4406,6 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, dev_kfree_skb_any(skb); dev->stats.tx_dropped++; return NETDEV_TX_OK; - -err_stop_0: - netif_stop_queue(dev); - dev->stats.tx_dropped++; - return NETDEV_TX_BUSY; } static unsigned int rtl_last_frag_len(struct sk_buff *skb)

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d516b187a9cc2e842030dd005be2735db3e8f395 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080700-felt-tip-cupped-5224@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d516b187a9cc ("r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY") 93882c6f210a ("r8169: switch from netif_xxx message functions to netdev_xxx") b8447abc4c8f ("r8169: factor out rtl8169_tx_map") 2864a883f931 ("r8169: use pci_status_get_and_clear_errors") 90760b21aef4 ("r8169: add PCI_STATUS_PARITY to PCI status error bits") 9020845fb5d6 ("r8169: improve rtl8169_start_xmit") f1f9ca287569 ("r8169: improve rtl8169_get_mac_version") a8ec173a3f29 ("r8169: don't set min_mtu/max_mtu if not needed") 2992bdfa4ad2 ("r8169: add r8169.h") 1c5be5e91d78 ("r8169: rename rtl_apply_firmware") 8cecc8f0ae2e ("r8169: change argument type of EEE PHY functions") becd837eebc5 ("r8169: prepare for exporting rtl_hw_phy_config") af7797785d61 ("r8169: move enabling EEE to rtl8169_init_phy") 3127f7c9b7da ("r8169: factor out rtl8168h_2_get_adc_bias_ioffset") 229c1e0dfd3d ("r8169: load firmware for RTL8168fp/RTL8117") 718af5bc9709 ("r8169: improve conditional firmware loading for RTL8168d") d0db136ffb59 ("r8169: use r8168d_modify_extpage in rtl8168f_config_eee_phy") 1287723aa139 ("r8169: add support for RTL8117") 0721914a3d2b ("r8169: add helper r8168d_modify_extpage") 3a129e3f9ac4 ("r8169: switch to phylib functions in more places") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d516b187a9cc2e842030dd005be2735db3e8f395 Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 30 Jul 2024 21:51:52 +0200 Subject: [PATCH] r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY The skb isn't consumed in case of NETDEV_TX_BUSY, therefore don't increment the tx_dropped counter. Fixes: 188f4af04618 ("r8169: use NETDEV_TX_{BUSY/OK}") Cc: stable(a)vger.kernel.org Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Wojciech Drewek <wojciech.drewek(a)intel.com> Link: https://patch.msgid.link/bbba9c48-8bac-4932-9aa1-d2ed63bc9433@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 714d2e804694..3507c2e28110 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -4349,7 +4349,8 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, if (unlikely(!rtl_tx_slots_avail(tp))) { if (net_ratelimit()) netdev_err(dev, "BUG! Tx Ring full when queue awake!\n"); - goto err_stop_0; + netif_stop_queue(dev); + return NETDEV_TX_BUSY; } opts[1] = rtl8169_tx_vlan_tag(skb); @@ -4405,11 +4406,6 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, dev_kfree_skb_any(skb); dev->stats.tx_dropped++; return NETDEV_TX_OK; - -err_stop_0: - netif_stop_queue(dev); - dev->stats.tx_dropped++; - return NETDEV_TX_BUSY; } static unsigned int rtl_last_frag_len(struct sk_buff *skb)

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] wifi: ath12k: fix soft lockup on suspend" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a47f3320bb4ba6714abe8dddb36399367b491358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080749-nuzzle-pretended-b1a0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: a47f3320bb4b ("wifi: ath12k: fix soft lockup on suspend") 604308a34487 ("wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a47f3320bb4ba6714abe8dddb36399367b491358 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 9 Jul 2024 09:31:32 +0200 Subject: [PATCH] wifi: ath12k: fix soft lockup on suspend The ext interrupts are enabled when the firmware has been started, but this may never happen, for example, if the board configuration file is missing. When the system is later suspended, the driver unconditionally tries to disable interrupts, which results in an irq disable imbalance and causes the driver to spin indefinitely in napi_synchronize(). Make sure that the interrupts have been enabled before attempting to disable them. Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Acked-by: Jeff Johnson <quic_jjohnson(a)quicinc.com> Link: https://patch.msgid.link/20240709073132.9168-1-johan+linaro@kernel.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> diff --git a/drivers/net/wireless/ath/ath12k/pci.c b/drivers/net/wireless/ath/ath12k/pci.c index 876c029f58f6..9e0b9e329bda 100644 --- a/drivers/net/wireless/ath/ath12k/pci.c +++ b/drivers/net/wireless/ath/ath12k/pci.c @@ -473,7 +473,8 @@ static void __ath12k_pci_ext_irq_disable(struct ath12k_base *ab) { int i; - clear_bit(ATH12K_FLAG_EXT_IRQ_ENABLED, &ab->dev_flags); + if (!test_and_clear_bit(ATH12K_FLAG_EXT_IRQ_ENABLED, &ab->dev_flags)) + return; for (i = 0; i < ATH12K_EXT_IRQ_GRP_NUM_MAX; i++) { struct ath12k_ext_irq_grp *irq_grp = &ab->ext_irq_grp[i];

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Attempt to avoid empty TUs when endpoint is" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 37256027b45fe48d1cd23954db90d1c53401e29a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080745-radiation-faucet-f866@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 37256027b45f ("drm/amd/display: Attempt to avoid empty TUs when endpoint is DPIA") 532a0d2ad292 ("drm/amd/display: Revert "dc: Keep VBios pixel rate div setting util next mode set"") 47745acc5e8d ("drm/amd/display: Add trigger FIFO resync path for DCN35") 4d4d3ff16db2 ("drm/amd/display: Keep VBios pixel rate div setting util next mode set") eed4edda910f ("drm/amd/display: Support long vblank feature") 2d7f3d1a5866 ("drm/amd/display: Implement wait_for_odm_update_pending_complete") c7b33856139d ("drm/amd/display: Drop some unnecessary guards") 6a068e64fb25 ("drm/amd/display: Update phantom pipe enable / disable sequence") db8391479f44 ("drm/amd/display: correct static screen event mask") 9af68235ad3d ("drm/amd/display: Fix static screen event mask definition change") f6154d8babbb ("drm/amd/display: Refactor INIT into component folder") a71e1310a43f ("drm/amd/display: Add more mechanisms for tests") 85fce153995e ("drm/amd/display: change static screen wait frame_count for ips") 09a4ec5da92c ("drm/amd/display: Refactor dc_state interface") ec39a6d00382 ("drm/amd/display: add debug option for ExtendedVBlank DLG adjust") 198891fd2902 ("drm/amd/display: Create one virtual connector in DC") abd26a3252cb ("drm/amd/display: Add dml2 copy functions") 43484c4bdb6e ("drm/amd/display: Added delay to DPM log") 3d0fe4945465 ("drm/amd/display: Refactor OPTC into component folder") 6c22fb07e0c2 ("drm/amd/display: Refactor DSC into component folder") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37256027b45fe48d1cd23954db90d1c53401e29a Mon Sep 17 00:00:00 2001 From: Michael Strauss <michael.strauss(a)amd.com> Date: Tue, 7 May 2024 12:03:15 -0400 Subject: [PATCH] drm/amd/display: Attempt to avoid empty TUs when endpoint is DPIA [WHY] Empty SST TUs are illegal to transmit over a USB4 DP tunnel. Current policy is to configure stream encoder to pack 2 pixels per pclk even when ODM combine is not in use, allowing seamless dynamic ODM reconfiguration. However, in extreme edge cases where average pixel count per TU is less than 2, this can lead to unexpected empty TU generation during compliance testing. For example, VIC 1 with a 1xHBR3 link configuration will average 1.98 pix/TU. [HOW] Calculate average pixel count per TU, and block 2 pixels per clock if endpoint is a DPIA tunnel and pixel clock is low enough that we will never require 2:1 ODM combine. Cc: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Wenjing Liu <wenjing.liu(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Michael Strauss <michael.strauss(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index 4f87316e1318..0602921399cd 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -1529,3 +1529,75 @@ void dcn35_set_long_vblank(struct pipe_ctx **pipe_ctx, } } } + +static bool should_avoid_empty_tu(struct pipe_ctx *pipe_ctx) +{ + /* Calculate average pixel count per TU, return false if under ~2.00 to + * avoid empty TUs. This is only required for DPIA tunneling as empty TUs + * are legal to generate for native DP links. Assume TU size 64 as there + * is currently no scenario where it's reprogrammed from HW default. + * MTPs have no such limitation, so this does not affect MST use cases. + */ + unsigned int pix_clk_mhz; + unsigned int symclk_mhz; + unsigned int avg_pix_per_tu_x1000; + unsigned int tu_size_bytes = 64; + struct dc_crtc_timing *timing = &pipe_ctx->stream->timing; + struct dc_link_settings *link_settings = &pipe_ctx->link_config.dp_link_settings; + const struct dc *dc = pipe_ctx->stream->link->dc; + + if (pipe_ctx->stream->link->ep_type != DISPLAY_ENDPOINT_USB4_DPIA) + return false; + + // Not necessary for MST configurations + if (pipe_ctx->stream->signal == SIGNAL_TYPE_DISPLAY_PORT_MST) + return false; + + pix_clk_mhz = timing->pix_clk_100hz / 10000; + + // If this is true, can't block due to dynamic ODM + if (pix_clk_mhz > dc->clk_mgr->bw_params->clk_table.entries[0].dispclk_mhz) + return false; + + switch (link_settings->link_rate) { + case LINK_RATE_LOW: + symclk_mhz = 162; + break; + case LINK_RATE_HIGH: + symclk_mhz = 270; + break; + case LINK_RATE_HIGH2: + symclk_mhz = 540; + break; + case LINK_RATE_HIGH3: + symclk_mhz = 810; + break; + default: + // We shouldn't be tunneling any other rates, something is wrong + ASSERT(0); + return false; + } + + avg_pix_per_tu_x1000 = (1000 * pix_clk_mhz * tu_size_bytes) + / (symclk_mhz * link_settings->lane_count); + + // Add small empirically-decided margin to account for potential jitter + return (avg_pix_per_tu_x1000 < 2020); +} + +bool dcn35_is_dp_dig_pixel_rate_div_policy(struct pipe_ctx *pipe_ctx) +{ + struct dc *dc = pipe_ctx->stream->ctx->dc; + + if (!is_h_timing_divisible_by_2(pipe_ctx->stream)) + return false; + + if (should_avoid_empty_tu(pipe_ctx)) + return false; + + if (dc_is_dp_signal(pipe_ctx->stream->signal) && !dc->link_srv->dp_is_128b_132b_signal(pipe_ctx) && + dc->debug.enable_dp_dig_pixel_rate_div_policy) + return true; + + return false; +} diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h index bc05beba5f2c..e27b3609020f 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h @@ -97,4 +97,6 @@ void dcn35_set_static_screen_control(struct pipe_ctx **pipe_ctx, void dcn35_set_long_vblank(struct pipe_ctx **pipe_ctx, int num_pipes, uint32_t v_total_min, uint32_t v_total_max); +bool dcn35_is_dp_dig_pixel_rate_div_policy(struct pipe_ctx *pipe_ctx); + #endif /* __DC_HWSS_DCN35_H__ */ diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c index 30e6a6398839..428912f37129 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c @@ -161,7 +161,7 @@ static const struct hwseq_private_funcs dcn35_private_funcs = { .setup_hpo_hw_control = dcn35_setup_hpo_hw_control, .calculate_dccg_k1_k2_values = dcn32_calculate_dccg_k1_k2_values, .resync_fifo_dccg_dio = dcn314_resync_fifo_dccg_dio, - .is_dp_dig_pixel_rate_div_policy = dcn32_is_dp_dig_pixel_rate_div_policy, + .is_dp_dig_pixel_rate_div_policy = dcn35_is_dp_dig_pixel_rate_div_policy, .dsc_pg_control = dcn35_dsc_pg_control, .dsc_pg_status = dcn32_dsc_pg_status, .enable_plane = dcn35_enable_plane,

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Attempt to avoid empty TUs when endpoint is" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 37256027b45fe48d1cd23954db90d1c53401e29a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080744-managing-spotted-b0f4@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 37256027b45f ("drm/amd/display: Attempt to avoid empty TUs when endpoint is DPIA") 532a0d2ad292 ("drm/amd/display: Revert "dc: Keep VBios pixel rate div setting util next mode set"") 47745acc5e8d ("drm/amd/display: Add trigger FIFO resync path for DCN35") 4d4d3ff16db2 ("drm/amd/display: Keep VBios pixel rate div setting util next mode set") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37256027b45fe48d1cd23954db90d1c53401e29a Mon Sep 17 00:00:00 2001 From: Michael Strauss <michael.strauss(a)amd.com> Date: Tue, 7 May 2024 12:03:15 -0400 Subject: [PATCH] drm/amd/display: Attempt to avoid empty TUs when endpoint is DPIA [WHY] Empty SST TUs are illegal to transmit over a USB4 DP tunnel. Current policy is to configure stream encoder to pack 2 pixels per pclk even when ODM combine is not in use, allowing seamless dynamic ODM reconfiguration. However, in extreme edge cases where average pixel count per TU is less than 2, this can lead to unexpected empty TU generation during compliance testing. For example, VIC 1 with a 1xHBR3 link configuration will average 1.98 pix/TU. [HOW] Calculate average pixel count per TU, and block 2 pixels per clock if endpoint is a DPIA tunnel and pixel clock is low enough that we will never require 2:1 ODM combine. Cc: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Wenjing Liu <wenjing.liu(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Michael Strauss <michael.strauss(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index 4f87316e1318..0602921399cd 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -1529,3 +1529,75 @@ void dcn35_set_long_vblank(struct pipe_ctx **pipe_ctx, } } } + +static bool should_avoid_empty_tu(struct pipe_ctx *pipe_ctx) +{ + /* Calculate average pixel count per TU, return false if under ~2.00 to + * avoid empty TUs. This is only required for DPIA tunneling as empty TUs + * are legal to generate for native DP links. Assume TU size 64 as there + * is currently no scenario where it's reprogrammed from HW default. + * MTPs have no such limitation, so this does not affect MST use cases. + */ + unsigned int pix_clk_mhz; + unsigned int symclk_mhz; + unsigned int avg_pix_per_tu_x1000; + unsigned int tu_size_bytes = 64; + struct dc_crtc_timing *timing = &pipe_ctx->stream->timing; + struct dc_link_settings *link_settings = &pipe_ctx->link_config.dp_link_settings; + const struct dc *dc = pipe_ctx->stream->link->dc; + + if (pipe_ctx->stream->link->ep_type != DISPLAY_ENDPOINT_USB4_DPIA) + return false; + + // Not necessary for MST configurations + if (pipe_ctx->stream->signal == SIGNAL_TYPE_DISPLAY_PORT_MST) + return false; + + pix_clk_mhz = timing->pix_clk_100hz / 10000; + + // If this is true, can't block due to dynamic ODM + if (pix_clk_mhz > dc->clk_mgr->bw_params->clk_table.entries[0].dispclk_mhz) + return false; + + switch (link_settings->link_rate) { + case LINK_RATE_LOW: + symclk_mhz = 162; + break; + case LINK_RATE_HIGH: + symclk_mhz = 270; + break; + case LINK_RATE_HIGH2: + symclk_mhz = 540; + break; + case LINK_RATE_HIGH3: + symclk_mhz = 810; + break; + default: + // We shouldn't be tunneling any other rates, something is wrong + ASSERT(0); + return false; + } + + avg_pix_per_tu_x1000 = (1000 * pix_clk_mhz * tu_size_bytes) + / (symclk_mhz * link_settings->lane_count); + + // Add small empirically-decided margin to account for potential jitter + return (avg_pix_per_tu_x1000 < 2020); +} + +bool dcn35_is_dp_dig_pixel_rate_div_policy(struct pipe_ctx *pipe_ctx) +{ + struct dc *dc = pipe_ctx->stream->ctx->dc; + + if (!is_h_timing_divisible_by_2(pipe_ctx->stream)) + return false; + + if (should_avoid_empty_tu(pipe_ctx)) + return false; + + if (dc_is_dp_signal(pipe_ctx->stream->signal) && !dc->link_srv->dp_is_128b_132b_signal(pipe_ctx) && + dc->debug.enable_dp_dig_pixel_rate_div_policy) + return true; + + return false; +} diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h index bc05beba5f2c..e27b3609020f 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h @@ -97,4 +97,6 @@ void dcn35_set_static_screen_control(struct pipe_ctx **pipe_ctx, void dcn35_set_long_vblank(struct pipe_ctx **pipe_ctx, int num_pipes, uint32_t v_total_min, uint32_t v_total_max); +bool dcn35_is_dp_dig_pixel_rate_div_policy(struct pipe_ctx *pipe_ctx); + #endif /* __DC_HWSS_DCN35_H__ */ diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c index 30e6a6398839..428912f37129 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c @@ -161,7 +161,7 @@ static const struct hwseq_private_funcs dcn35_private_funcs = { .setup_hpo_hw_control = dcn35_setup_hpo_hw_control, .calculate_dccg_k1_k2_values = dcn32_calculate_dccg_k1_k2_values, .resync_fifo_dccg_dio = dcn314_resync_fifo_dccg_dio, - .is_dp_dig_pixel_rate_div_policy = dcn32_is_dp_dig_pixel_rate_div_policy, + .is_dp_dig_pixel_rate_div_policy = dcn35_is_dp_dig_pixel_rate_div_policy, .dsc_pg_control = dcn35_dsc_pg_control, .dsc_pg_status = dcn32_dsc_pg_status, .enable_plane = dcn35_enable_plane,

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix possible int overflow in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 5b511572660190db1dc8ba412efd0be0d3781ab6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080727-kiln-uniquely-fb19@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 5b5115726601 ("drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()") 4d6e86fbecbb ("drm/i915: Introduce some local PLL state variables") 25591b66d0a4 ("drm/i915: s/dev_priv/i915/ in the shared_dpll code") 51d3e6292719 ("drm/i915: Introduce for_each_shared_dpll()") 99e5a010e815 ("drm/i915: Decouple I915_NUM_PLLS from PLL IDs") 027c57017795 ("drm/i915: Stop requiring PLL index == PLL ID") 461f35f01446 ("Merge tag 'drm-next-2023-08-30' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b511572660190db1dc8ba412efd0be0d3781ab6 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Mon, 29 Jul 2024 10:40:35 -0700 Subject: [PATCH] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() On the off chance that clock value ends up being too high (by means of skl_ddi_calculate_wrpll() having been called with big enough value of crtc_state->port_clock * 1000), one possible consequence may be that the result will not be able to fit into signed int. Fix this issue by moving conversion of clock parameter from kHz to Hz into the body of skl_ddi_calculate_wrpll(), as well as casting the same parameter to u64 type while calculating the value for AFE clock. This both mitigates the overflow problem and avoids possible erroneous integer promotion mishaps. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 82d354370189 ("drm/i915/skl: Implementation of SKL DPLL programming") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240729174035.25727-1-n.zhan… (cherry picked from commit 833cf12846aa19adf9b76bc79c40747726f3c0c1) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c index 90998b037349..292d163036b1 100644 --- a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c +++ b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c @@ -1658,7 +1658,7 @@ static void skl_wrpll_params_populate(struct skl_wrpll_params *params, } static int -skl_ddi_calculate_wrpll(int clock /* in Hz */, +skl_ddi_calculate_wrpll(int clock, int ref_clock, struct skl_wrpll_params *wrpll_params) { @@ -1683,7 +1683,7 @@ skl_ddi_calculate_wrpll(int clock /* in Hz */, }; unsigned int dco, d, i; unsigned int p0, p1, p2; - u64 afe_clock = clock * 5; /* AFE Clock is 5x Pixel clock */ + u64 afe_clock = (u64)clock * 1000 * 5; /* AFE Clock is 5x Pixel clock, in Hz */ for (d = 0; d < ARRAY_SIZE(dividers); d++) { for (dco = 0; dco < ARRAY_SIZE(dco_central_freq); dco++) { @@ -1808,7 +1808,7 @@ static int skl_ddi_hdmi_pll_dividers(struct intel_crtc_state *crtc_state) struct skl_wrpll_params wrpll_params = {}; int ret; - ret = skl_ddi_calculate_wrpll(crtc_state->port_clock * 1000, + ret = skl_ddi_calculate_wrpll(crtc_state->port_clock, i915->display.dpll.ref_clks.nssc, &wrpll_params); if (ret) return ret;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix possible int overflow in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5b511572660190db1dc8ba412efd0be0d3781ab6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080726-broadness-ultimatum-1a4c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 5b5115726601 ("drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()") 4d6e86fbecbb ("drm/i915: Introduce some local PLL state variables") 25591b66d0a4 ("drm/i915: s/dev_priv/i915/ in the shared_dpll code") 51d3e6292719 ("drm/i915: Introduce for_each_shared_dpll()") 99e5a010e815 ("drm/i915: Decouple I915_NUM_PLLS from PLL IDs") 027c57017795 ("drm/i915: Stop requiring PLL index == PLL ID") 461f35f01446 ("Merge tag 'drm-next-2023-08-30' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b511572660190db1dc8ba412efd0be0d3781ab6 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Mon, 29 Jul 2024 10:40:35 -0700 Subject: [PATCH] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() On the off chance that clock value ends up being too high (by means of skl_ddi_calculate_wrpll() having been called with big enough value of crtc_state->port_clock * 1000), one possible consequence may be that the result will not be able to fit into signed int. Fix this issue by moving conversion of clock parameter from kHz to Hz into the body of skl_ddi_calculate_wrpll(), as well as casting the same parameter to u64 type while calculating the value for AFE clock. This both mitigates the overflow problem and avoids possible erroneous integer promotion mishaps. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 82d354370189 ("drm/i915/skl: Implementation of SKL DPLL programming") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240729174035.25727-1-n.zhan… (cherry picked from commit 833cf12846aa19adf9b76bc79c40747726f3c0c1) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c index 90998b037349..292d163036b1 100644 --- a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c +++ b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c @@ -1658,7 +1658,7 @@ static void skl_wrpll_params_populate(struct skl_wrpll_params *params, } static int -skl_ddi_calculate_wrpll(int clock /* in Hz */, +skl_ddi_calculate_wrpll(int clock, int ref_clock, struct skl_wrpll_params *wrpll_params) { @@ -1683,7 +1683,7 @@ skl_ddi_calculate_wrpll(int clock /* in Hz */, }; unsigned int dco, d, i; unsigned int p0, p1, p2; - u64 afe_clock = clock * 5; /* AFE Clock is 5x Pixel clock */ + u64 afe_clock = (u64)clock * 1000 * 5; /* AFE Clock is 5x Pixel clock, in Hz */ for (d = 0; d < ARRAY_SIZE(dividers); d++) { for (dco = 0; dco < ARRAY_SIZE(dco_central_freq); dco++) { @@ -1808,7 +1808,7 @@ static int skl_ddi_hdmi_pll_dividers(struct intel_crtc_state *crtc_state) struct skl_wrpll_params wrpll_params = {}; int ret; - ret = skl_ddi_calculate_wrpll(crtc_state->port_clock * 1000, + ret = skl_ddi_calculate_wrpll(crtc_state->port_clock, i915->display.dpll.ref_clks.nssc, &wrpll_params); if (ret) return ret;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix possible int overflow in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5b511572660190db1dc8ba412efd0be0d3781ab6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080725-lemon-stopped-a201@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 5b5115726601 ("drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()") 4d6e86fbecbb ("drm/i915: Introduce some local PLL state variables") 25591b66d0a4 ("drm/i915: s/dev_priv/i915/ in the shared_dpll code") 51d3e6292719 ("drm/i915: Introduce for_each_shared_dpll()") 99e5a010e815 ("drm/i915: Decouple I915_NUM_PLLS from PLL IDs") 027c57017795 ("drm/i915: Stop requiring PLL index == PLL ID") 461f35f01446 ("Merge tag 'drm-next-2023-08-30' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b511572660190db1dc8ba412efd0be0d3781ab6 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Mon, 29 Jul 2024 10:40:35 -0700 Subject: [PATCH] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() On the off chance that clock value ends up being too high (by means of skl_ddi_calculate_wrpll() having been called with big enough value of crtc_state->port_clock * 1000), one possible consequence may be that the result will not be able to fit into signed int. Fix this issue by moving conversion of clock parameter from kHz to Hz into the body of skl_ddi_calculate_wrpll(), as well as casting the same parameter to u64 type while calculating the value for AFE clock. This both mitigates the overflow problem and avoids possible erroneous integer promotion mishaps. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 82d354370189 ("drm/i915/skl: Implementation of SKL DPLL programming") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240729174035.25727-1-n.zhan… (cherry picked from commit 833cf12846aa19adf9b76bc79c40747726f3c0c1) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c index 90998b037349..292d163036b1 100644 --- a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c +++ b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c @@ -1658,7 +1658,7 @@ static void skl_wrpll_params_populate(struct skl_wrpll_params *params, } static int -skl_ddi_calculate_wrpll(int clock /* in Hz */, +skl_ddi_calculate_wrpll(int clock, int ref_clock, struct skl_wrpll_params *wrpll_params) { @@ -1683,7 +1683,7 @@ skl_ddi_calculate_wrpll(int clock /* in Hz */, }; unsigned int dco, d, i; unsigned int p0, p1, p2; - u64 afe_clock = clock * 5; /* AFE Clock is 5x Pixel clock */ + u64 afe_clock = (u64)clock * 1000 * 5; /* AFE Clock is 5x Pixel clock, in Hz */ for (d = 0; d < ARRAY_SIZE(dividers); d++) { for (dco = 0; dco < ARRAY_SIZE(dco_central_freq); dco++) { @@ -1808,7 +1808,7 @@ static int skl_ddi_hdmi_pll_dividers(struct intel_crtc_state *crtc_state) struct skl_wrpll_params wrpll_params = {}; int ret; - ret = skl_ddi_calculate_wrpll(crtc_state->port_clock * 1000, + ret = skl_ddi_calculate_wrpll(crtc_state->port_clock, i915->display.dpll.ref_clks.nssc, &wrpll_params); if (ret) return ret;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix possible int overflow in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5b511572660190db1dc8ba412efd0be0d3781ab6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080724-regulate-octane-678d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 5b5115726601 ("drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()") 4d6e86fbecbb ("drm/i915: Introduce some local PLL state variables") 25591b66d0a4 ("drm/i915: s/dev_priv/i915/ in the shared_dpll code") 51d3e6292719 ("drm/i915: Introduce for_each_shared_dpll()") 99e5a010e815 ("drm/i915: Decouple I915_NUM_PLLS from PLL IDs") 027c57017795 ("drm/i915: Stop requiring PLL index == PLL ID") 461f35f01446 ("Merge tag 'drm-next-2023-08-30' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b511572660190db1dc8ba412efd0be0d3781ab6 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Mon, 29 Jul 2024 10:40:35 -0700 Subject: [PATCH] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() On the off chance that clock value ends up being too high (by means of skl_ddi_calculate_wrpll() having been called with big enough value of crtc_state->port_clock * 1000), one possible consequence may be that the result will not be able to fit into signed int. Fix this issue by moving conversion of clock parameter from kHz to Hz into the body of skl_ddi_calculate_wrpll(), as well as casting the same parameter to u64 type while calculating the value for AFE clock. This both mitigates the overflow problem and avoids possible erroneous integer promotion mishaps. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 82d354370189 ("drm/i915/skl: Implementation of SKL DPLL programming") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240729174035.25727-1-n.zhan… (cherry picked from commit 833cf12846aa19adf9b76bc79c40747726f3c0c1) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c index 90998b037349..292d163036b1 100644 --- a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c +++ b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c @@ -1658,7 +1658,7 @@ static void skl_wrpll_params_populate(struct skl_wrpll_params *params, } static int -skl_ddi_calculate_wrpll(int clock /* in Hz */, +skl_ddi_calculate_wrpll(int clock, int ref_clock, struct skl_wrpll_params *wrpll_params) { @@ -1683,7 +1683,7 @@ skl_ddi_calculate_wrpll(int clock /* in Hz */, }; unsigned int dco, d, i; unsigned int p0, p1, p2; - u64 afe_clock = clock * 5; /* AFE Clock is 5x Pixel clock */ + u64 afe_clock = (u64)clock * 1000 * 5; /* AFE Clock is 5x Pixel clock, in Hz */ for (d = 0; d < ARRAY_SIZE(dividers); d++) { for (dco = 0; dco < ARRAY_SIZE(dco_central_freq); dco++) { @@ -1808,7 +1808,7 @@ static int skl_ddi_hdmi_pll_dividers(struct intel_crtc_state *crtc_state) struct skl_wrpll_params wrpll_params = {}; int ret; - ret = skl_ddi_calculate_wrpll(crtc_state->port_clock * 1000, + ret = skl_ddi_calculate_wrpll(crtc_state->port_clock, i915->display.dpll.ref_clks.nssc, &wrpll_params); if (ret) return ret;

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/vmwgfx: Fix handling of dumb buffers" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d6667f0ddf46c671d379cd5fe66ce0a54d2a743a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080740-duct-mud-bf91@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d6667f0ddf46 ("drm/vmwgfx: Fix handling of dumb buffers") 0208ca55aa9c ("Backmerge tag 'v6.9-rc5' into drm-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d6667f0ddf46c671d379cd5fe66ce0a54d2a743a Mon Sep 17 00:00:00 2001 From: Zack Rusin <zack.rusin(a)broadcom.com> Date: Mon, 22 Jul 2024 14:41:15 -0400 Subject: [PATCH] drm/vmwgfx: Fix handling of dumb buffers Dumb buffers can be used in kms but also through prime with gallium's resource_from_handle. In the second case the dumb buffers can be rendered by the GPU where with the regular DRM kms interfaces they are mapped and written to by the CPU. Because the same buffer can be written to by the GPU and CPU vmwgfx needs to use vmw_surface (object which properly tracks dirty state of the guest and gpu memory) instead of vmw_bo (which is just guest side memory). Furthermore the dumb buffer handles are expected to be gem objects by a lot of userspace. Make vmwgfx accept gem handles in prime and kms but internally switch to vmw_surface's to properly track the dirty state of the objects between the GPU and CPU. Fixes new kwin and kde on wayland. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: b32233acceff ("drm/vmwgfx: Fix prime import/export") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240722184313.181318-4-zack.… diff --git a/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h b/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h index b0d87c5f58d8..1ac3cb151b11 100644 --- a/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h +++ b/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h @@ -1,6 +1,8 @@ +/* SPDX-License-Identifier: GPL-2.0 OR MIT */ /********************************************************** - * Copyright 2021 VMware, Inc. - * SPDX-License-Identifier: GPL-2.0 OR MIT + * + * Copyright (c) 2021-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation @@ -31,6 +33,10 @@ #include <drm/vmwgfx_drm.h> +#define SVGA3D_FLAGS_UPPER_32(svga3d_flags) ((svga3d_flags) >> 32) +#define SVGA3D_FLAGS_LOWER_32(svga3d_flags) \ + ((svga3d_flags) & ((uint64_t)U32_MAX)) + static inline u32 clamped_umul32(u32 a, u32 b) { uint64_t tmp = (uint64_t) a*b; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 00144632c600..f42ebc4a7c22 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -1,8 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright © 2011-2023 VMware, Inc., Palo Alto, CA., USA - * All Rights Reserved. + * Copyright (c) 2011-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -28,15 +28,39 @@ #include "vmwgfx_bo.h" #include "vmwgfx_drv.h" - +#include "vmwgfx_resource_priv.h" #include <drm/ttm/ttm_placement.h> static void vmw_bo_release(struct vmw_bo *vbo) { + struct vmw_resource *res; + WARN_ON(vbo->tbo.base.funcs && kref_read(&vbo->tbo.base.refcount) != 0); vmw_bo_unmap(vbo); + + xa_destroy(&vbo->detached_resources); + WARN_ON(vbo->is_dumb && !vbo->dumb_surface); + if (vbo->is_dumb && vbo->dumb_surface) { + res = &vbo->dumb_surface->res; + WARN_ON(vbo != res->guest_memory_bo); + WARN_ON(!res->guest_memory_bo); + if (res->guest_memory_bo) { + /* Reserve and switch the backing mob. */ + mutex_lock(&res->dev_priv->cmdbuf_mutex); + (void)vmw_resource_reserve(res, false, true); + vmw_resource_mob_detach(res); + if (res->coherent) + vmw_bo_dirty_release(res->guest_memory_bo); + res->guest_memory_bo = NULL; + res->guest_memory_offset = 0; + vmw_resource_unreserve(res, false, false, false, NULL, + 0); + mutex_unlock(&res->dev_priv->cmdbuf_mutex); + } + vmw_surface_unreference(&vbo->dumb_surface); + } drm_gem_object_release(&vbo->tbo.base); } @@ -325,6 +349,11 @@ void vmw_bo_pin_reserved(struct vmw_bo *vbo, bool pin) * */ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) +{ + return vmw_bo_map_and_cache_size(vbo, vbo->tbo.base.size); +} + +void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size) { struct ttm_buffer_object *bo = &vbo->tbo; bool not_used; @@ -335,9 +364,10 @@ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) if (virtual) return virtual; - ret = ttm_bo_kmap(bo, 0, PFN_UP(bo->base.size), &vbo->map); + ret = ttm_bo_kmap(bo, 0, PFN_UP(size), &vbo->map); if (ret) - DRM_ERROR("Buffer object map failed: %d.\n", ret); + DRM_ERROR("Buffer object map failed: %d (size: bo = %zu, map = %zu).\n", + ret, bo->base.size, size); return ttm_kmap_obj_virtual(&vbo->map, &not_used); } @@ -390,6 +420,7 @@ static int vmw_bo_init(struct vmw_private *dev_priv, BUILD_BUG_ON(TTM_MAX_BO_PRIORITY <= 3); vmw_bo->tbo.priority = 3; vmw_bo->res_tree = RB_ROOT; + xa_init(&vmw_bo->detached_resources); params->size = ALIGN(params->size, PAGE_SIZE); drm_gem_private_object_init(vdev, &vmw_bo->tbo.base, params->size); @@ -654,52 +685,6 @@ void vmw_bo_fence_single(struct ttm_buffer_object *bo, dma_fence_put(&fence->base); } - -/** - * vmw_dumb_create - Create a dumb kms buffer - * - * @file_priv: Pointer to a struct drm_file identifying the caller. - * @dev: Pointer to the drm device. - * @args: Pointer to a struct drm_mode_create_dumb structure - * Return: Zero on success, negative error code on failure. - * - * This is a driver callback for the core drm create_dumb functionality. - * Note that this is very similar to the vmw_bo_alloc ioctl, except - * that the arguments have a different format. - */ -int vmw_dumb_create(struct drm_file *file_priv, - struct drm_device *dev, - struct drm_mode_create_dumb *args) -{ - struct vmw_private *dev_priv = vmw_priv(dev); - struct vmw_bo *vbo; - int cpp = DIV_ROUND_UP(args->bpp, 8); - int ret; - - switch (cpp) { - case 1: /* DRM_FORMAT_C8 */ - case 2: /* DRM_FORMAT_RGB565 */ - case 4: /* DRM_FORMAT_XRGB8888 */ - break; - default: - /* - * Dumb buffers don't allow anything else. - * This is tested via IGT's dumb_buffers - */ - return -EINVAL; - } - - args->pitch = args->width * cpp; - args->size = ALIGN(args->pitch * args->height, PAGE_SIZE); - - ret = vmw_gem_object_create_with_handle(dev_priv, file_priv, - args->size, &args->handle, - &vbo); - /* drop reference from allocate - handle holds it now */ - drm_gem_object_put(&vbo->tbo.base); - return ret; -} - /** * vmw_bo_swap_notify - swapout notify callback. * @@ -853,3 +838,43 @@ void vmw_bo_placement_set_default_accelerated(struct vmw_bo *bo) vmw_bo_placement_set(bo, domain, domain); } + +void vmw_bo_add_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res) +{ + xa_store(&vbo->detached_resources, (unsigned long)res, res, GFP_KERNEL); +} + +void vmw_bo_del_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res) +{ + xa_erase(&vbo->detached_resources, (unsigned long)res); +} + +struct vmw_surface *vmw_bo_surface(struct vmw_bo *vbo) +{ + unsigned long index; + struct vmw_resource *res = NULL; + struct vmw_surface *surf = NULL; + struct rb_node *rb_itr = vbo->res_tree.rb_node; + + if (vbo->is_dumb && vbo->dumb_surface) { + res = &vbo->dumb_surface->res; + goto out; + } + + xa_for_each(&vbo->detached_resources, index, res) { + if (res->func->res_type == vmw_res_surface) + goto out; + } + + for (rb_itr = rb_first(&vbo->res_tree); rb_itr; + rb_itr = rb_next(rb_itr)) { + res = rb_entry(rb_itr, struct vmw_resource, mob_node); + if (res->func->res_type == vmw_res_surface) + goto out; + } + +out: + if (res) + surf = vmw_res_to_srf(res); + return surf; +} diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index f349642e6190..62b4342d5f7c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2023-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -35,11 +36,13 @@ #include <linux/rbtree_types.h> #include <linux/types.h> +#include <linux/xarray.h> struct vmw_bo_dirty; struct vmw_fence_obj; struct vmw_private; struct vmw_resource; +struct vmw_surface; enum vmw_bo_domain { VMW_BO_DOMAIN_SYS = BIT(0), @@ -85,11 +88,15 @@ struct vmw_bo { struct rb_root res_tree; u32 res_prios[TTM_MAX_BO_PRIORITY]; + struct xarray detached_resources; atomic_t cpu_writers; /* Not ref-counted. Protected by binding_mutex */ struct vmw_resource *dx_query_ctx; struct vmw_bo_dirty *dirty; + + bool is_dumb; + struct vmw_surface *dumb_surface; }; void vmw_bo_placement_set(struct vmw_bo *bo, u32 domain, u32 busy_domain); @@ -124,15 +131,21 @@ void vmw_bo_fence_single(struct ttm_buffer_object *bo, struct vmw_fence_obj *fence); void *vmw_bo_map_and_cache(struct vmw_bo *vbo); +void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size); void vmw_bo_unmap(struct vmw_bo *vbo); void vmw_bo_move_notify(struct ttm_buffer_object *bo, struct ttm_resource *mem); void vmw_bo_swap_notify(struct ttm_buffer_object *bo); +void vmw_bo_add_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res); +void vmw_bo_del_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res); +struct vmw_surface *vmw_bo_surface(struct vmw_bo *vbo); + int vmw_user_bo_lookup(struct drm_file *filp, u32 handle, struct vmw_bo **out); + /** * vmw_bo_adjust_prio - Adjust the buffer object eviction priority * according to attached resources diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index a1ce41e1c468..32f50e595809 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -762,6 +763,26 @@ extern int vmw_gmr_bind(struct vmw_private *dev_priv, int gmr_id); extern void vmw_gmr_unbind(struct vmw_private *dev_priv, int gmr_id); +/** + * User handles + */ +struct vmw_user_object { + struct vmw_surface *surface; + struct vmw_bo *buffer; +}; + +int vmw_user_object_lookup(struct vmw_private *dev_priv, struct drm_file *filp, + u32 handle, struct vmw_user_object *uo); +struct vmw_user_object *vmw_user_object_ref(struct vmw_user_object *uo); +void vmw_user_object_unref(struct vmw_user_object *uo); +bool vmw_user_object_is_null(struct vmw_user_object *uo); +struct vmw_surface *vmw_user_object_surface(struct vmw_user_object *uo); +struct vmw_bo *vmw_user_object_buffer(struct vmw_user_object *uo); +void *vmw_user_object_map(struct vmw_user_object *uo); +void *vmw_user_object_map_size(struct vmw_user_object *uo, size_t size); +void vmw_user_object_unmap(struct vmw_user_object *uo); +bool vmw_user_object_is_mapped(struct vmw_user_object *uo); + /** * Resource utilities - vmwgfx_resource.c */ @@ -776,11 +797,6 @@ extern int vmw_resource_validate(struct vmw_resource *res, bool intr, extern int vmw_resource_reserve(struct vmw_resource *res, bool interruptible, bool no_backup); extern bool vmw_resource_needs_backup(const struct vmw_resource *res); -extern int vmw_user_lookup_handle(struct vmw_private *dev_priv, - struct drm_file *filp, - uint32_t handle, - struct vmw_surface **out_surf, - struct vmw_bo **out_buf); extern int vmw_user_resource_lookup_handle( struct vmw_private *dev_priv, struct ttm_object_file *tfile, @@ -1057,9 +1073,6 @@ int vmw_kms_suspend(struct drm_device *dev); int vmw_kms_resume(struct drm_device *dev); void vmw_kms_lost_device(struct drm_device *dev); -int vmw_dumb_create(struct drm_file *file_priv, - struct drm_device *dev, - struct drm_mode_create_dumb *args); extern int vmw_resource_pin(struct vmw_resource *res, bool interruptible); extern void vmw_resource_unpin(struct vmw_resource *res); extern enum vmw_res_type vmw_res_type(const struct vmw_resource *res); @@ -1176,6 +1189,15 @@ extern int vmw_gb_surface_reference_ext_ioctl(struct drm_device *dev, int vmw_gb_surface_define(struct vmw_private *dev_priv, const struct vmw_surface_metadata *req, struct vmw_surface **srf_out); +struct vmw_surface *vmw_lookup_surface_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle); +u32 vmw_lookup_surface_handle_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle); +int vmw_dumb_create(struct drm_file *file_priv, + struct drm_device *dev, + struct drm_mode_create_dumb *args); /* * Shader management - vmwgfx_shader.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index 00c4ff684130..288ed0bb75cb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -193,13 +194,16 @@ static u32 vmw_du_cursor_mob_size(u32 w, u32 h) */ static u32 *vmw_du_cursor_plane_acquire_image(struct vmw_plane_state *vps) { - if (vps->surf) { - if (vps->surf_mapped) - return vmw_bo_map_and_cache(vps->surf->res.guest_memory_bo); - return vps->surf->snooper.image; - } else if (vps->bo) - return vmw_bo_map_and_cache(vps->bo); - return NULL; + struct vmw_surface *surf; + + if (vmw_user_object_is_null(&vps->uo)) + return NULL; + + surf = vmw_user_object_surface(&vps->uo); + if (surf && !vmw_user_object_is_mapped(&vps->uo)) + return surf->snooper.image; + + return vmw_user_object_map(&vps->uo); } static bool vmw_du_cursor_plane_has_changed(struct vmw_plane_state *old_vps, @@ -536,21 +540,15 @@ void vmw_du_primary_plane_destroy(struct drm_plane *plane) * vmw_du_plane_unpin_surf - unpins resource associated with a framebuffer surface * * @vps: plane state associated with the display surface - * @unreference: true if we also want to unreference the display. */ -void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps, - bool unreference) +void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps) { - if (vps->surf) { - if (vps->pinned) { - vmw_resource_unpin(&vps->surf->res); - vps->pinned--; - } + struct vmw_surface *surf = vmw_user_object_surface(&vps->uo); - if (unreference) { - if (vps->pinned) - DRM_ERROR("Surface still pinned\n"); - vmw_surface_unreference(&vps->surf); + if (surf) { + if (vps->pinned) { + vmw_resource_unpin(&surf->res); + vps->pinned--; } } } @@ -572,7 +570,7 @@ vmw_du_plane_cleanup_fb(struct drm_plane *plane, { struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - vmw_du_plane_unpin_surf(vps, false); + vmw_du_plane_unpin_surf(vps); } @@ -661,25 +659,14 @@ vmw_du_cursor_plane_cleanup_fb(struct drm_plane *plane, struct vmw_cursor_plane *vcp = vmw_plane_to_vcp(plane); struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - if (vps->surf_mapped) { - vmw_bo_unmap(vps->surf->res.guest_memory_bo); - vps->surf_mapped = false; - } + if (!vmw_user_object_is_null(&vps->uo)) + vmw_user_object_unmap(&vps->uo); vmw_du_cursor_plane_unmap_cm(vps); vmw_du_put_cursor_mob(vcp, vps); - vmw_du_plane_unpin_surf(vps, false); - - if (vps->surf) { - vmw_surface_unreference(&vps->surf); - vps->surf = NULL; - } - - if (vps->bo) { - vmw_bo_unreference(&vps->bo); - vps->bo = NULL; - } + vmw_du_plane_unpin_surf(vps); + vmw_user_object_unref(&vps->uo); } @@ -698,64 +685,48 @@ vmw_du_cursor_plane_prepare_fb(struct drm_plane *plane, struct drm_framebuffer *fb = new_state->fb; struct vmw_cursor_plane *vcp = vmw_plane_to_vcp(plane); struct vmw_plane_state *vps = vmw_plane_state_to_vps(new_state); + struct vmw_bo *bo = NULL; int ret = 0; - if (vps->surf) { - if (vps->surf_mapped) { - vmw_bo_unmap(vps->surf->res.guest_memory_bo); - vps->surf_mapped = false; - } - vmw_surface_unreference(&vps->surf); - vps->surf = NULL; - } - - if (vps->bo) { - vmw_bo_unreference(&vps->bo); - vps->bo = NULL; + if (!vmw_user_object_is_null(&vps->uo)) { + vmw_user_object_unmap(&vps->uo); + vmw_user_object_unref(&vps->uo); } if (fb) { if (vmw_framebuffer_to_vfb(fb)->bo) { - vps->bo = vmw_framebuffer_to_vfbd(fb)->buffer; - vmw_bo_reference(vps->bo); + vps->uo.buffer = vmw_framebuffer_to_vfbd(fb)->buffer; + vps->uo.surface = NULL; } else { - vps->surf = vmw_framebuffer_to_vfbs(fb)->surface; - vmw_surface_reference(vps->surf); + memcpy(&vps->uo, &vmw_framebuffer_to_vfbs(fb)->uo, sizeof(vps->uo)); } + vmw_user_object_ref(&vps->uo); } - if (!vps->surf && vps->bo) { - const u32 size = new_state->crtc_w * new_state->crtc_h * sizeof(u32); + bo = vmw_user_object_buffer(&vps->uo); + if (bo) { + struct ttm_operation_ctx ctx = {false, false}; - /* - * Not using vmw_bo_map_and_cache() helper here as we need to - * reserve the ttm_buffer_object first which - * vmw_bo_map_and_cache() omits. - */ - ret = ttm_bo_reserve(&vps->bo->tbo, true, false, NULL); - - if (unlikely(ret != 0)) + ret = ttm_bo_reserve(&bo->tbo, true, false, NULL); + if (ret != 0) return -ENOMEM; - ret = ttm_bo_kmap(&vps->bo->tbo, 0, PFN_UP(size), &vps->bo->map); - - ttm_bo_unreserve(&vps->bo->tbo); - - if (unlikely(ret != 0)) + ret = ttm_bo_validate(&bo->tbo, &bo->placement, &ctx); + if (ret != 0) return -ENOMEM; - } else if (vps->surf && !vps->bo && vps->surf->res.guest_memory_bo) { - WARN_ON(vps->surf->snooper.image); - ret = ttm_bo_reserve(&vps->surf->res.guest_memory_bo->tbo, true, false, - NULL); - if (unlikely(ret != 0)) - return -ENOMEM; - vmw_bo_map_and_cache(vps->surf->res.guest_memory_bo); - ttm_bo_unreserve(&vps->surf->res.guest_memory_bo->tbo); - vps->surf_mapped = true; + vmw_bo_pin_reserved(bo, true); + if (vmw_framebuffer_to_vfb(fb)->bo) { + const u32 size = new_state->crtc_w * new_state->crtc_h * sizeof(u32); + + (void)vmw_bo_map_and_cache_size(bo, size); + } else { + vmw_bo_map_and_cache(bo); + } + ttm_bo_unreserve(&bo->tbo); } - if (vps->surf || vps->bo) { + if (!vmw_user_object_is_null(&vps->uo)) { vmw_du_get_cursor_mob(vcp, vps); vmw_du_cursor_plane_map_cm(vps); } @@ -777,14 +748,17 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, struct vmw_display_unit *du = vmw_crtc_to_du(crtc); struct vmw_plane_state *vps = vmw_plane_state_to_vps(new_state); struct vmw_plane_state *old_vps = vmw_plane_state_to_vps(old_state); + struct vmw_bo *old_bo = NULL; + struct vmw_bo *new_bo = NULL; s32 hotspot_x, hotspot_y; + int ret; hotspot_x = du->hotspot_x + new_state->hotspot_x; hotspot_y = du->hotspot_y + new_state->hotspot_y; - du->cursor_surface = vps->surf; + du->cursor_surface = vmw_user_object_surface(&vps->uo); - if (!vps->surf && !vps->bo) { + if (vmw_user_object_is_null(&vps->uo)) { vmw_cursor_update_position(dev_priv, false, 0, 0); return; } @@ -792,10 +766,26 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, vps->cursor.hotspot_x = hotspot_x; vps->cursor.hotspot_y = hotspot_y; - if (vps->surf) { + if (du->cursor_surface) du->cursor_age = du->cursor_surface->snooper.age; + + if (!vmw_user_object_is_null(&old_vps->uo)) { + old_bo = vmw_user_object_buffer(&old_vps->uo); + ret = ttm_bo_reserve(&old_bo->tbo, false, false, NULL); + if (ret != 0) + return; } + if (!vmw_user_object_is_null(&vps->uo)) { + new_bo = vmw_user_object_buffer(&vps->uo); + if (old_bo != new_bo) { + ret = ttm_bo_reserve(&new_bo->tbo, false, false, NULL); + if (ret != 0) + return; + } else { + new_bo = NULL; + } + } if (!vmw_du_cursor_plane_has_changed(old_vps, vps)) { /* * If it hasn't changed, avoid making the device do extra @@ -813,6 +803,11 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, hotspot_x, hotspot_y); } + if (old_bo) + ttm_bo_unreserve(&old_bo->tbo); + if (new_bo) + ttm_bo_unreserve(&new_bo->tbo); + du->cursor_x = new_state->crtc_x + du->set_gui_x; du->cursor_y = new_state->crtc_y + du->set_gui_y; @@ -913,7 +908,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, } if (!vmw_framebuffer_to_vfb(fb)->bo) { - surface = vmw_framebuffer_to_vfbs(fb)->surface; + surface = vmw_user_object_surface(&vmw_framebuffer_to_vfbs(fb)->uo); WARN_ON(!surface); @@ -1074,12 +1069,7 @@ vmw_du_plane_duplicate_state(struct drm_plane *plane) memset(&vps->cursor, 0, sizeof(vps->cursor)); /* Each ref counted resource needs to be acquired again */ - if (vps->surf) - (void) vmw_surface_reference(vps->surf); - - if (vps->bo) - (void) vmw_bo_reference(vps->bo); - + vmw_user_object_ref(&vps->uo); state = &vps->base; __drm_atomic_helper_plane_duplicate_state(plane, state); @@ -1128,11 +1118,7 @@ vmw_du_plane_destroy_state(struct drm_plane *plane, struct vmw_plane_state *vps = vmw_plane_state_to_vps(state); /* Should have been freed by cleanup_fb */ - if (vps->surf) - vmw_surface_unreference(&vps->surf); - - if (vps->bo) - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); drm_atomic_helper_plane_destroy_state(plane, state); } @@ -1227,7 +1213,7 @@ static void vmw_framebuffer_surface_destroy(struct drm_framebuffer *framebuffer) vmw_framebuffer_to_vfbs(framebuffer); drm_framebuffer_cleanup(framebuffer); - vmw_surface_unreference(&vfbs->surface); + vmw_user_object_unref(&vfbs->uo); kfree(vfbs); } @@ -1272,29 +1258,41 @@ int vmw_kms_readback(struct vmw_private *dev_priv, return -ENOSYS; } +static int vmw_framebuffer_surface_create_handle(struct drm_framebuffer *fb, + struct drm_file *file_priv, + unsigned int *handle) +{ + struct vmw_framebuffer_surface *vfbs = vmw_framebuffer_to_vfbs(fb); + struct vmw_bo *bo = vmw_user_object_buffer(&vfbs->uo); + + return drm_gem_handle_create(file_priv, &bo->tbo.base, handle); +} static const struct drm_framebuffer_funcs vmw_framebuffer_surface_funcs = { + .create_handle = vmw_framebuffer_surface_create_handle, .destroy = vmw_framebuffer_surface_destroy, .dirty = drm_atomic_helper_dirtyfb, }; static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, - struct vmw_surface *surface, + struct vmw_user_object *uo, struct vmw_framebuffer **out, const struct drm_mode_fb_cmd2 - *mode_cmd, - bool is_bo_proxy) + *mode_cmd) { struct drm_device *dev = &dev_priv->drm; struct vmw_framebuffer_surface *vfbs; enum SVGA3dSurfaceFormat format; + struct vmw_surface *surface; int ret; /* 3D is only supported on HWv8 and newer hosts */ if (dev_priv->active_display_unit == vmw_du_legacy) return -ENOSYS; + surface = vmw_user_object_surface(uo); + /* * Sanity checks. */ @@ -1357,8 +1355,8 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, } drm_helper_mode_fill_fb_struct(dev, &vfbs->base.base, mode_cmd); - vfbs->surface = vmw_surface_reference(surface); - vfbs->is_bo_proxy = is_bo_proxy; + memcpy(&vfbs->uo, uo, sizeof(vfbs->uo)); + vmw_user_object_ref(&vfbs->uo); *out = &vfbs->base; @@ -1370,7 +1368,7 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, return 0; out_err2: - vmw_surface_unreference(&surface); + vmw_user_object_unref(&vfbs->uo); kfree(vfbs); out_err1: return ret; @@ -1386,7 +1384,6 @@ static int vmw_framebuffer_bo_create_handle(struct drm_framebuffer *fb, { struct vmw_framebuffer_bo *vfbd = vmw_framebuffer_to_vfbd(fb); - return drm_gem_handle_create(file_priv, &vfbd->buffer->tbo.base, handle); } @@ -1407,86 +1404,6 @@ static const struct drm_framebuffer_funcs vmw_framebuffer_bo_funcs = { .dirty = drm_atomic_helper_dirtyfb, }; -/** - * vmw_create_bo_proxy - create a proxy surface for the buffer object - * - * @dev: DRM device - * @mode_cmd: parameters for the new surface - * @bo_mob: MOB backing the buffer object - * @srf_out: newly created surface - * - * When the content FB is a buffer object, we create a surface as a proxy to the - * same buffer. This way we can do a surface copy rather than a surface DMA. - * This is a more efficient approach - * - * RETURNS: - * 0 on success, error code otherwise - */ -static int vmw_create_bo_proxy(struct drm_device *dev, - const struct drm_mode_fb_cmd2 *mode_cmd, - struct vmw_bo *bo_mob, - struct vmw_surface **srf_out) -{ - struct vmw_surface_metadata metadata = {0}; - uint32_t format; - struct vmw_resource *res; - unsigned int bytes_pp; - int ret; - - switch (mode_cmd->pixel_format) { - case DRM_FORMAT_ARGB8888: - case DRM_FORMAT_XRGB8888: - format = SVGA3D_X8R8G8B8; - bytes_pp = 4; - break; - - case DRM_FORMAT_RGB565: - case DRM_FORMAT_XRGB1555: - format = SVGA3D_R5G6B5; - bytes_pp = 2; - break; - - case 8: - format = SVGA3D_P8; - bytes_pp = 1; - break; - - default: - DRM_ERROR("Invalid framebuffer format %p4cc\n", - &mode_cmd->pixel_format); - return -EINVAL; - } - - metadata.format = format; - metadata.mip_levels[0] = 1; - metadata.num_sizes = 1; - metadata.base_size.width = mode_cmd->pitches[0] / bytes_pp; - metadata.base_size.height = mode_cmd->height; - metadata.base_size.depth = 1; - metadata.scanout = true; - - ret = vmw_gb_surface_define(vmw_priv(dev), &metadata, srf_out); - if (ret) { - DRM_ERROR("Failed to allocate proxy content buffer\n"); - return ret; - } - - res = &(*srf_out)->res; - - /* Reserve and switch the backing mob. */ - mutex_lock(&res->dev_priv->cmdbuf_mutex); - (void) vmw_resource_reserve(res, false, true); - vmw_user_bo_unref(&res->guest_memory_bo); - res->guest_memory_bo = vmw_user_bo_ref(bo_mob); - res->guest_memory_offset = 0; - vmw_resource_unreserve(res, false, false, false, NULL, 0); - mutex_unlock(&res->dev_priv->cmdbuf_mutex); - - return 0; -} - - - static int vmw_kms_new_framebuffer_bo(struct vmw_private *dev_priv, struct vmw_bo *bo, struct vmw_framebuffer **out, @@ -1565,55 +1482,24 @@ vmw_kms_srf_ok(struct vmw_private *dev_priv, uint32_t width, uint32_t height) * vmw_kms_new_framebuffer - Create a new framebuffer. * * @dev_priv: Pointer to device private struct. - * @bo: Pointer to buffer object to wrap the kms framebuffer around. - * Either @bo or @surface must be NULL. - * @surface: Pointer to a surface to wrap the kms framebuffer around. - * Either @bo or @surface must be NULL. - * @only_2d: No presents will occur to this buffer object based framebuffer. - * This helps the code to do some important optimizations. + * @uo: Pointer to user object to wrap the kms framebuffer around. + * Either the buffer or surface inside the user object must be NULL. * @mode_cmd: Frame-buffer metadata. */ struct vmw_framebuffer * vmw_kms_new_framebuffer(struct vmw_private *dev_priv, - struct vmw_bo *bo, - struct vmw_surface *surface, - bool only_2d, + struct vmw_user_object *uo, const struct drm_mode_fb_cmd2 *mode_cmd) { struct vmw_framebuffer *vfb = NULL; - bool is_bo_proxy = false; int ret; - /* - * We cannot use the SurfaceDMA command in an non-accelerated VM, - * therefore, wrap the buffer object in a surface so we can use the - * SurfaceCopy command. - */ - if (vmw_kms_srf_ok(dev_priv, mode_cmd->width, mode_cmd->height) && - bo && only_2d && - mode_cmd->width > 64 && /* Don't create a proxy for cursor */ - dev_priv->active_display_unit == vmw_du_screen_target) { - ret = vmw_create_bo_proxy(&dev_priv->drm, mode_cmd, - bo, &surface); - if (ret) - return ERR_PTR(ret); - - is_bo_proxy = true; - } - /* Create the new framebuffer depending one what we have */ - if (surface) { - ret = vmw_kms_new_framebuffer_surface(dev_priv, surface, &vfb, - mode_cmd, - is_bo_proxy); - /* - * vmw_create_bo_proxy() adds a reference that is no longer - * needed - */ - if (is_bo_proxy) - vmw_surface_unreference(&surface); - } else if (bo) { - ret = vmw_kms_new_framebuffer_bo(dev_priv, bo, &vfb, + if (vmw_user_object_surface(uo)) { + ret = vmw_kms_new_framebuffer_surface(dev_priv, uo, &vfb, + mode_cmd); + } else if (uo->buffer) { + ret = vmw_kms_new_framebuffer_bo(dev_priv, uo->buffer, &vfb, mode_cmd); } else { BUG(); @@ -1635,14 +1521,12 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, { struct vmw_private *dev_priv = vmw_priv(dev); struct vmw_framebuffer *vfb = NULL; - struct vmw_surface *surface = NULL; - struct vmw_bo *bo = NULL; + struct vmw_user_object uo = {0}; int ret; /* returns either a bo or surface */ - ret = vmw_user_lookup_handle(dev_priv, file_priv, - mode_cmd->handles[0], - &surface, &bo); + ret = vmw_user_object_lookup(dev_priv, file_priv, mode_cmd->handles[0], + &uo); if (ret) { DRM_ERROR("Invalid buffer object handle %u (0x%x).\n", mode_cmd->handles[0], mode_cmd->handles[0]); @@ -1650,7 +1534,7 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, } - if (!bo && + if (vmw_user_object_surface(&uo) && !vmw_kms_srf_ok(dev_priv, mode_cmd->width, mode_cmd->height)) { DRM_ERROR("Surface size cannot exceed %dx%d\n", dev_priv->texture_max_width, @@ -1659,20 +1543,15 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, } - vfb = vmw_kms_new_framebuffer(dev_priv, bo, surface, - !(dev_priv->capabilities & SVGA_CAP_3D), - mode_cmd); + vfb = vmw_kms_new_framebuffer(dev_priv, &uo, mode_cmd); if (IS_ERR(vfb)) { ret = PTR_ERR(vfb); goto err_out; } err_out: - /* vmw_user_lookup_handle takes one ref so does new_fb */ - if (bo) - vmw_user_bo_unref(&bo); - if (surface) - vmw_surface_unreference(&surface); + /* vmw_user_object_lookup takes one ref so does new_fb */ + vmw_user_object_unref(&uo); if (ret) { DRM_ERROR("failed to create vmw_framebuffer: %i\n", ret); @@ -2584,72 +2463,6 @@ void vmw_kms_helper_validation_finish(struct vmw_private *dev_priv, vmw_fence_obj_unreference(&fence); } -/** - * vmw_kms_update_proxy - Helper function to update a proxy surface from - * its backing MOB. - * - * @res: Pointer to the surface resource - * @clips: Clip rects in framebuffer (surface) space. - * @num_clips: Number of clips in @clips. - * @increment: Integer with which to increment the clip counter when looping. - * Used to skip a predetermined number of clip rects. - * - * This function makes sure the proxy surface is updated from its backing MOB - * using the region given by @clips. The surface resource @res and its backing - * MOB needs to be reserved and validated on call. - */ -int vmw_kms_update_proxy(struct vmw_resource *res, - const struct drm_clip_rect *clips, - unsigned num_clips, - int increment) -{ - struct vmw_private *dev_priv = res->dev_priv; - struct drm_vmw_size *size = &vmw_res_to_srf(res)->metadata.base_size; - struct { - SVGA3dCmdHeader header; - SVGA3dCmdUpdateGBImage body; - } *cmd; - SVGA3dBox *box; - size_t copy_size = 0; - int i; - - if (!clips) - return 0; - - cmd = VMW_CMD_RESERVE(dev_priv, sizeof(*cmd) * num_clips); - if (!cmd) - return -ENOMEM; - - for (i = 0; i < num_clips; ++i, clips += increment, ++cmd) { - box = &cmd->body.box; - - cmd->header.id = SVGA_3D_CMD_UPDATE_GB_IMAGE; - cmd->header.size = sizeof(cmd->body); - cmd->body.image.sid = res->id; - cmd->body.image.face = 0; - cmd->body.image.mipmap = 0; - - if (clips->x1 > size->width || clips->x2 > size->width || - clips->y1 > size->height || clips->y2 > size->height) { - DRM_ERROR("Invalid clips outsize of framebuffer.\n"); - return -EINVAL; - } - - box->x = clips->x1; - box->y = clips->y1; - box->z = 0; - box->w = clips->x2 - clips->x1; - box->h = clips->y2 - clips->y1; - box->d = 1; - - copy_size += sizeof(*cmd); - } - - vmw_cmd_commit(dev_priv, copy_size); - - return 0; -} - /** * vmw_kms_create_implicit_placement_property - Set up the implicit placement * property. @@ -2784,8 +2597,9 @@ int vmw_du_helper_plane_update(struct vmw_du_update_plane *update) } else { struct vmw_framebuffer_surface *vfbs = container_of(update->vfb, typeof(*vfbs), base); + struct vmw_surface *surf = vmw_user_object_surface(&vfbs->uo); - ret = vmw_validation_add_resource(&val_ctx, &vfbs->surface->res, + ret = vmw_validation_add_resource(&val_ctx, &surf->res, 0, VMW_RES_DIRTY_NONE, NULL, NULL); } @@ -2941,3 +2755,93 @@ int vmw_connector_get_modes(struct drm_connector *connector) return num_modes; } + +struct vmw_user_object *vmw_user_object_ref(struct vmw_user_object *uo) +{ + if (uo->buffer) + vmw_user_bo_ref(uo->buffer); + else if (uo->surface) + vmw_surface_reference(uo->surface); + return uo; +} + +void vmw_user_object_unref(struct vmw_user_object *uo) +{ + if (uo->buffer) + vmw_user_bo_unref(&uo->buffer); + else if (uo->surface) + vmw_surface_unreference(&uo->surface); +} + +struct vmw_bo * +vmw_user_object_buffer(struct vmw_user_object *uo) +{ + if (uo->buffer) + return uo->buffer; + else if (uo->surface) + return uo->surface->res.guest_memory_bo; + return NULL; +} + +struct vmw_surface * +vmw_user_object_surface(struct vmw_user_object *uo) +{ + if (uo->buffer) + return uo->buffer->dumb_surface; + return uo->surface; +} + +void *vmw_user_object_map(struct vmw_user_object *uo) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + + WARN_ON(!bo); + return vmw_bo_map_and_cache(bo); +} + +void *vmw_user_object_map_size(struct vmw_user_object *uo, size_t size) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + + WARN_ON(!bo); + return vmw_bo_map_and_cache_size(bo, size); +} + +void vmw_user_object_unmap(struct vmw_user_object *uo) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + int ret; + + WARN_ON(!bo); + + /* Fence the mob creation so we are guarateed to have the mob */ + ret = ttm_bo_reserve(&bo->tbo, false, false, NULL); + if (ret != 0) + return; + + vmw_bo_unmap(bo); + vmw_bo_pin_reserved(bo, false); + + ttm_bo_unreserve(&bo->tbo); +} + +bool vmw_user_object_is_mapped(struct vmw_user_object *uo) +{ + struct vmw_bo *bo; + + if (!uo || vmw_user_object_is_null(uo)) + return false; + + bo = vmw_user_object_buffer(uo); + + if (WARN_ON(!bo)) + return false; + + WARN_ON(bo->map.bo && !bo->map.virtual); + return bo->map.virtual; +} + +bool vmw_user_object_is_null(struct vmw_user_object *uo) +{ + return !uo->buffer && !uo->surface; +} diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf24f2f0dcfc..6141fadf81ef 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -221,11 +222,9 @@ struct vmw_framebuffer { struct vmw_framebuffer_surface { struct vmw_framebuffer base; - struct vmw_surface *surface; - bool is_bo_proxy; /* true if this is proxy surface for DMA buf */ + struct vmw_user_object uo; }; - struct vmw_framebuffer_bo { struct vmw_framebuffer base; struct vmw_bo *buffer; @@ -277,8 +276,7 @@ struct vmw_cursor_plane_state { */ struct vmw_plane_state { struct drm_plane_state base; - struct vmw_surface *surf; - struct vmw_bo *bo; + struct vmw_user_object uo; int content_fb_type; unsigned long bo_size; @@ -457,9 +455,7 @@ int vmw_kms_readback(struct vmw_private *dev_priv, uint32_t num_clips); struct vmw_framebuffer * vmw_kms_new_framebuffer(struct vmw_private *dev_priv, - struct vmw_bo *bo, - struct vmw_surface *surface, - bool only_2d, + struct vmw_user_object *uo, const struct drm_mode_fb_cmd2 *mode_cmd); void vmw_guess_mode_timing(struct drm_display_mode *mode); void vmw_kms_update_implicit_fb(struct vmw_private *dev_priv); @@ -486,8 +482,7 @@ void vmw_du_plane_reset(struct drm_plane *plane); struct drm_plane_state *vmw_du_plane_duplicate_state(struct drm_plane *plane); void vmw_du_plane_destroy_state(struct drm_plane *plane, struct drm_plane_state *state); -void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps, - bool unreference); +void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps); int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c index 5befc2719a49..39949e0a493f 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -147,8 +148,9 @@ static int vmw_ldu_fb_pin(struct vmw_framebuffer *vfb) struct vmw_bo *buf; int ret; - buf = vfb->bo ? vmw_framebuffer_to_vfbd(&vfb->base)->buffer : - vmw_framebuffer_to_vfbs(&vfb->base)->surface->res.guest_memory_bo; + buf = vfb->bo ? + vmw_framebuffer_to_vfbd(&vfb->base)->buffer : + vmw_user_object_buffer(&vmw_framebuffer_to_vfbs(&vfb->base)->uo); if (!buf) return 0; @@ -169,8 +171,10 @@ static int vmw_ldu_fb_unpin(struct vmw_framebuffer *vfb) struct vmw_private *dev_priv = vmw_priv(vfb->base.dev); struct vmw_bo *buf; - buf = vfb->bo ? vmw_framebuffer_to_vfbd(&vfb->base)->buffer : - vmw_framebuffer_to_vfbs(&vfb->base)->surface->res.guest_memory_bo; + buf = vfb->bo ? + vmw_framebuffer_to_vfbd(&vfb->base)->buffer : + vmw_user_object_buffer(&vmw_framebuffer_to_vfbs(&vfb->base)->uo); + if (WARN_ON(!buf)) return 0; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index c99cad444991..598b90ac7590 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2013 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2013-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -31,6 +32,7 @@ */ #include "vmwgfx_drv.h" +#include "vmwgfx_bo.h" #include "ttm_object.h" #include <linux/dma-buf.h> @@ -88,13 +90,35 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, uint32_t handle, uint32_t flags, int *prime_fd) { + struct vmw_private *vmw = vmw_priv(dev); struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_bo *vbo; int ret; + int surf_handle; - if (handle > VMWGFX_NUM_MOB) + if (handle > VMWGFX_NUM_MOB) { ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); - else - ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + } else { + ret = vmw_user_bo_lookup(file_priv, handle, &vbo); + if (ret) + return ret; + if (vbo && vbo->is_dumb) { + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, + flags, prime_fd); + } else { + surf_handle = vmw_lookup_surface_handle_for_buffer(vmw, + vbo, + handle); + if (surf_handle > 0) + ret = ttm_prime_handle_to_fd(tfile, surf_handle, + flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, + handle, flags, + prime_fd); + } + vmw_user_bo_unref(&vbo); + } return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c index 848dba09981b..a73af8a355fb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -58,6 +59,7 @@ void vmw_resource_mob_attach(struct vmw_resource *res) rb_link_node(&res->mob_node, parent, new); rb_insert_color(&res->mob_node, &gbo->res_tree); + vmw_bo_del_detached_resource(gbo, res); vmw_bo_prio_add(gbo, res->used_prio); } @@ -287,28 +289,35 @@ int vmw_user_resource_lookup_handle(struct vmw_private *dev_priv, * * The pointer this pointed at by out_surf and out_buf needs to be null. */ -int vmw_user_lookup_handle(struct vmw_private *dev_priv, +int vmw_user_object_lookup(struct vmw_private *dev_priv, struct drm_file *filp, - uint32_t handle, - struct vmw_surface **out_surf, - struct vmw_bo **out_buf) + u32 handle, + struct vmw_user_object *uo) { struct ttm_object_file *tfile = vmw_fpriv(filp)->tfile; struct vmw_resource *res; int ret; - BUG_ON(*out_surf || *out_buf); + WARN_ON(uo->surface || uo->buffer); ret = vmw_user_resource_lookup_handle(dev_priv, tfile, handle, user_surface_converter, &res); if (!ret) { - *out_surf = vmw_res_to_srf(res); + uo->surface = vmw_res_to_srf(res); return 0; } - *out_surf = NULL; - ret = vmw_user_bo_lookup(filp, handle, out_buf); + uo->surface = NULL; + ret = vmw_user_bo_lookup(filp, handle, &uo->buffer); + if (!ret && !uo->buffer->is_dumb) { + uo->surface = vmw_lookup_surface_for_buffer(dev_priv, + uo->buffer, + handle); + if (uo->surface) + vmw_user_bo_unref(&uo->buffer); + } + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c index df0039a8ef29..0f4bfd98480a 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2011-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2011-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -240,7 +241,7 @@ static void vmw_sou_crtc_mode_set_nofb(struct drm_crtc *crtc) struct vmw_connector_state *vmw_conn_state; int x, y; - sou->buffer = vps->bo; + sou->buffer = vmw_user_object_buffer(&vps->uo); conn_state = sou->base.connector.state; vmw_conn_state = vmw_connector_state_to_vcs(conn_state); @@ -376,10 +377,11 @@ vmw_sou_primary_plane_cleanup_fb(struct drm_plane *plane, struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); struct drm_crtc *crtc = plane->state->crtc ? plane->state->crtc : old_state->crtc; + struct vmw_bo *bo = vmw_user_object_buffer(&vps->uo); - if (vps->bo) - vmw_bo_unpin(vmw_priv(crtc->dev), vps->bo, false); - vmw_bo_unreference(&vps->bo); + if (bo) + vmw_bo_unpin(vmw_priv(crtc->dev), bo, false); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; vmw_du_plane_cleanup_fb(plane, old_state); @@ -411,9 +413,10 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, .bo_type = ttm_bo_type_device, .pin = true }; + struct vmw_bo *bo = NULL; if (!new_fb) { - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; return 0; @@ -422,17 +425,17 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, bo_params.size = new_state->crtc_w * new_state->crtc_h * 4; dev_priv = vmw_priv(crtc->dev); - if (vps->bo) { + bo = vmw_user_object_buffer(&vps->uo); + if (bo) { if (vps->bo_size == bo_params.size) { /* * Note that this might temporarily up the pin-count * to 2, until cleanup_fb() is called. */ - return vmw_bo_pin_in_vram(dev_priv, vps->bo, - true); + return vmw_bo_pin_in_vram(dev_priv, bo, true); } - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; } @@ -442,7 +445,7 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, * resume the overlays, this is preferred to failing to alloc. */ vmw_overlay_pause_all(dev_priv); - ret = vmw_bo_create(dev_priv, &bo_params, &vps->bo); + ret = vmw_gem_object_create(dev_priv, &bo_params, &vps->uo.buffer); vmw_overlay_resume_all(dev_priv); if (ret) return ret; @@ -453,7 +456,7 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, * TTM already thinks the buffer is pinned, but make sure the * pin_count is upped. */ - return vmw_bo_pin_in_vram(dev_priv, vps->bo, true); + return vmw_bo_pin_in_vram(dev_priv, vps->uo.buffer, true); } static uint32_t vmw_sou_bo_fifo_size(struct vmw_du_update_plane *update, @@ -580,6 +583,7 @@ static uint32_t vmw_sou_surface_pre_clip(struct vmw_du_update_plane *update, { struct vmw_kms_sou_dirty_cmd *blit = cmd; struct vmw_framebuffer_surface *vfbs; + struct vmw_surface *surf = NULL; vfbs = container_of(update->vfb, typeof(*vfbs), base); @@ -587,7 +591,8 @@ static uint32_t vmw_sou_surface_pre_clip(struct vmw_du_update_plane *update, blit->header.size = sizeof(blit->body) + sizeof(SVGASignedRect) * num_hits; - blit->body.srcImage.sid = vfbs->surface->res.id; + surf = vmw_user_object_surface(&vfbs->uo); + blit->body.srcImage.sid = surf->res.id; blit->body.destScreenId = update->du->unit; /* Update the source and destination bounding box later in post_clip */ @@ -1104,7 +1109,7 @@ int vmw_kms_sou_do_surface_dirty(struct vmw_private *dev_priv, int ret; if (!srf) - srf = &vfbs->surface->res; + srf = &vmw_user_object_surface(&vfbs->uo)->res; ret = vmw_validation_add_resource(&val_ctx, srf, 0, VMW_RES_DIRTY_NONE, NULL, NULL); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c index a04e0736318d..5106413c14b7 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /****************************************************************************** * - * COPYRIGHT (C) 2014-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2014-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -29,6 +30,7 @@ #include "vmwgfx_kms.h" #include "vmwgfx_vkms.h" #include "vmw_surface_cache.h" +#include <linux/fsnotify.h> #include <drm/drm_atomic.h> #include <drm/drm_atomic_helper.h> @@ -735,7 +737,7 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, int ret; if (!srf) - srf = &vfbs->surface->res; + srf = &vmw_user_object_surface(&vfbs->uo)->res; ret = vmw_validation_add_resource(&val_ctx, srf, 0, VMW_RES_DIRTY_NONE, NULL, NULL); @@ -746,12 +748,6 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, if (ret) goto out_unref; - if (vfbs->is_bo_proxy) { - ret = vmw_kms_update_proxy(srf, clips, num_clips, inc); - if (ret) - goto out_finish; - } - sdirty.base.fifo_commit = vmw_kms_stdu_surface_fifo_commit; sdirty.base.clip = vmw_kms_stdu_surface_clip; sdirty.base.fifo_reserve_size = sizeof(struct vmw_stdu_surface_copy) + @@ -765,7 +761,7 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, ret = vmw_kms_helper_dirty(dev_priv, framebuffer, clips, vclips, dest_x, dest_y, num_clips, inc, &sdirty.base); -out_finish: + vmw_kms_helper_validation_finish(dev_priv, NULL, &val_ctx, out_fence, NULL); @@ -918,9 +914,8 @@ vmw_stdu_primary_plane_cleanup_fb(struct drm_plane *plane, { struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - if (vps->surf) + if (vmw_user_object_surface(&vps->uo)) WARN_ON(!vps->pinned); - vmw_du_plane_cleanup_fb(plane, old_state); vps->content_fb_type = SAME_AS_DISPLAY; @@ -928,7 +923,6 @@ vmw_stdu_primary_plane_cleanup_fb(struct drm_plane *plane, } - /** * vmw_stdu_primary_plane_prepare_fb - Readies the display surface * @@ -952,13 +946,15 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, enum stdu_content_type new_content_type; struct vmw_framebuffer_surface *new_vfbs; uint32_t hdisplay = new_state->crtc_w, vdisplay = new_state->crtc_h; + struct drm_plane_state *old_state = plane->state; + struct drm_rect rect; int ret; /* No FB to prepare */ if (!new_fb) { - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } return 0; @@ -968,8 +964,8 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, new_vfbs = (vfb->bo) ? NULL : vmw_framebuffer_to_vfbs(new_fb); if (new_vfbs && - new_vfbs->surface->metadata.base_size.width == hdisplay && - new_vfbs->surface->metadata.base_size.height == vdisplay) + vmw_user_object_surface(&new_vfbs->uo)->metadata.base_size.width == hdisplay && + vmw_user_object_surface(&new_vfbs->uo)->metadata.base_size.height == vdisplay) new_content_type = SAME_AS_DISPLAY; else if (vfb->bo) new_content_type = SEPARATE_BO; @@ -1007,29 +1003,29 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, metadata.num_sizes = 1; metadata.scanout = true; } else { - metadata = new_vfbs->surface->metadata; + metadata = vmw_user_object_surface(&new_vfbs->uo)->metadata; } metadata.base_size.width = hdisplay; metadata.base_size.height = vdisplay; metadata.base_size.depth = 1; - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { struct drm_vmw_size cur_base_size = - vps->surf->metadata.base_size; + vmw_user_object_surface(&vps->uo)->metadata.base_size; if (cur_base_size.width != metadata.base_size.width || cur_base_size.height != metadata.base_size.height || - vps->surf->metadata.format != metadata.format) { + vmw_user_object_surface(&vps->uo)->metadata.format != metadata.format) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } } - if (!vps->surf) { + if (!vmw_user_object_surface(&vps->uo)) { ret = vmw_gb_surface_define(dev_priv, &metadata, - &vps->surf); + &vps->uo.surface); if (ret != 0) { DRM_ERROR("Couldn't allocate STDU surface.\n"); return ret; @@ -1042,18 +1038,19 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, * The only time we add a reference in prepare_fb is if the * state object doesn't have a reference to begin with */ - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } - vps->surf = vmw_surface_reference(new_vfbs->surface); + memcpy(&vps->uo, &new_vfbs->uo, sizeof(vps->uo)); + vmw_user_object_ref(&vps->uo); } - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { /* Pin new surface before flipping */ - ret = vmw_resource_pin(&vps->surf->res, false); + ret = vmw_resource_pin(&vmw_user_object_surface(&vps->uo)->res, false); if (ret) goto out_srf_unref; @@ -1062,6 +1059,34 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, vps->content_fb_type = new_content_type; + /* + * The drm fb code will do blit's via the vmap interface, which doesn't + * trigger vmw_bo page dirty tracking due to being kernel side (and thus + * doesn't require mmap'ing) so we have to update the surface's dirty + * regions by hand but we want to be careful to not overwrite the + * resource if it has been written to by the gpu (res_dirty). + */ + if (vps->uo.buffer && vps->uo.buffer->is_dumb) { + struct vmw_surface *surf = vmw_user_object_surface(&vps->uo); + struct vmw_resource *res = &surf->res; + + if (!res->res_dirty && drm_atomic_helper_damage_merged(old_state, + new_state, + &rect)) { + /* + * At some point it might be useful to actually translate + * (rect.x1, rect.y1) => start, and (rect.x2, rect.y2) => end, + * but currently the fb code will just report the entire fb + * dirty so in practice it doesn't matter. + */ + pgoff_t start = res->guest_memory_offset >> PAGE_SHIFT; + pgoff_t end = __KERNEL_DIV_ROUND_UP(res->guest_memory_offset + + res->guest_memory_size, + PAGE_SIZE); + vmw_resource_dirty_update(res, start, end); + } + } + /* * This should only happen if the buffer object is too large to create a * proxy surface for. @@ -1072,7 +1097,7 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, return 0; out_srf_unref: - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); return ret; } @@ -1214,14 +1239,8 @@ static uint32_t vmw_stdu_surface_fifo_size_same_display(struct vmw_du_update_plane *update, uint32_t num_hits) { - struct vmw_framebuffer_surface *vfbs; uint32_t size = 0; - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - if (vfbs->is_bo_proxy) - size += sizeof(struct vmw_stdu_update_gb_image) * num_hits; - size += sizeof(struct vmw_stdu_update); return size; @@ -1230,61 +1249,14 @@ vmw_stdu_surface_fifo_size_same_display(struct vmw_du_update_plane *update, static uint32_t vmw_stdu_surface_fifo_size(struct vmw_du_update_plane *update, uint32_t num_hits) { - struct vmw_framebuffer_surface *vfbs; uint32_t size = 0; - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - if (vfbs->is_bo_proxy) - size += sizeof(struct vmw_stdu_update_gb_image) * num_hits; - size += sizeof(struct vmw_stdu_surface_copy) + sizeof(SVGA3dCopyBox) * num_hits + sizeof(struct vmw_stdu_update); return size; } -static uint32_t -vmw_stdu_surface_update_proxy(struct vmw_du_update_plane *update, void *cmd) -{ - struct vmw_framebuffer_surface *vfbs; - struct drm_plane_state *state = update->plane->state; - struct drm_plane_state *old_state = update->old_state; - struct vmw_stdu_update_gb_image *cmd_update = cmd; - struct drm_atomic_helper_damage_iter iter; - struct drm_rect clip; - uint32_t copy_size = 0; - - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - /* - * proxy surface is special where a buffer object type fb is wrapped - * in a surface and need an update gb image command to sync with device. - */ - drm_atomic_helper_damage_iter_init(&iter, old_state, state); - drm_atomic_for_each_plane_damage(&iter, &clip) { - SVGA3dBox *box = &cmd_update->body.box; - - cmd_update->header.id = SVGA_3D_CMD_UPDATE_GB_IMAGE; - cmd_update->header.size = sizeof(cmd_update->body); - cmd_update->body.image.sid = vfbs->surface->res.id; - cmd_update->body.image.face = 0; - cmd_update->body.image.mipmap = 0; - - box->x = clip.x1; - box->y = clip.y1; - box->z = 0; - box->w = drm_rect_width(&clip); - box->h = drm_rect_height(&clip); - box->d = 1; - - copy_size += sizeof(*cmd_update); - cmd_update++; - } - - return copy_size; -} - static uint32_t vmw_stdu_surface_populate_copy(struct vmw_du_update_plane *update, void *cmd, uint32_t num_hits) @@ -1299,7 +1271,7 @@ vmw_stdu_surface_populate_copy(struct vmw_du_update_plane *update, void *cmd, cmd_copy->header.id = SVGA_3D_CMD_SURFACE_COPY; cmd_copy->header.size = sizeof(cmd_copy->body) + sizeof(SVGA3dCopyBox) * num_hits; - cmd_copy->body.src.sid = vfbs->surface->res.id; + cmd_copy->body.src.sid = vmw_user_object_surface(&vfbs->uo)->res.id; cmd_copy->body.dest.sid = stdu->display_srf->res.id; return sizeof(*cmd_copy); @@ -1370,10 +1342,7 @@ static int vmw_stdu_plane_update_surface(struct vmw_private *dev_priv, srf_update.mutex = &dev_priv->cmdbuf_mutex; srf_update.intr = true; - if (vfbs->is_bo_proxy) - srf_update.post_prepare = vmw_stdu_surface_update_proxy; - - if (vfbs->surface->res.id != stdu->display_srf->res.id) { + if (vmw_user_object_surface(&vfbs->uo)->res.id != stdu->display_srf->res.id) { srf_update.calc_fifo_size = vmw_stdu_surface_fifo_size; srf_update.pre_clip = vmw_stdu_surface_populate_copy; srf_update.clip = vmw_stdu_surface_populate_clip; @@ -1417,7 +1386,7 @@ vmw_stdu_primary_plane_atomic_update(struct drm_plane *plane, stdu = vmw_crtc_to_stdu(crtc); dev_priv = vmw_priv(crtc->dev); - stdu->display_srf = vps->surf; + stdu->display_srf = vmw_user_object_surface(&vps->uo); stdu->content_fb_type = vps->content_fb_type; stdu->cpp = vps->cpp; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index e7a744dfcecf..8ae6a761c900 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -36,9 +37,6 @@ #include <drm/ttm/ttm_placement.h> #define SVGA3D_FLAGS_64(upper32, lower32) (((uint64_t)upper32 << 32) | lower32) -#define SVGA3D_FLAGS_UPPER_32(svga3d_flags) (svga3d_flags >> 32) -#define SVGA3D_FLAGS_LOWER_32(svga3d_flags) \ - (svga3d_flags & ((uint64_t)U32_MAX)) /** * struct vmw_user_surface - User-space visible surface resource @@ -686,6 +684,14 @@ static void vmw_user_surface_base_release(struct ttm_base_object **p_base) struct vmw_resource *res = &user_srf->srf.res; *p_base = NULL; + + /* + * Dumb buffers own the resource and they'll unref the + * resource themselves + */ + if (res && res->guest_memory_bo && res->guest_memory_bo->is_dumb) + return; + vmw_resource_unreference(&res); } @@ -812,7 +818,8 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, } } res->guest_memory_size = cur_bo_offset; - if (metadata->scanout && + if (!file_priv->atomic && + metadata->scanout && metadata->num_sizes == 1 && metadata->sizes[0].width == VMW_CURSOR_SNOOP_WIDTH && metadata->sizes[0].height == VMW_CURSOR_SNOOP_HEIGHT && @@ -864,6 +871,7 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, vmw_resource_unreference(&res); goto out_unlock; } + vmw_bo_add_detached_resource(res->guest_memory_bo, res); } tmp = vmw_resource_reference(&srf->res); @@ -892,6 +900,113 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, return ret; } +static struct vmw_user_surface * +vmw_lookup_user_surface_for_buffer(struct vmw_private *vmw, struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = NULL; + struct vmw_surface *surf; + struct ttm_base_object *base; + + surf = vmw_bo_surface(bo); + if (surf) { + rcu_read_lock(); + user_srf = container_of(surf, struct vmw_user_surface, srf); + base = &user_srf->prime.base; + if (base && !kref_get_unless_zero(&base->refcount)) { + drm_dbg_driver(&vmw->drm, + "%s: referencing a stale surface handle %d\n", + __func__, handle); + base = NULL; + user_srf = NULL; + } + rcu_read_unlock(); + } + + return user_srf; +} + +struct vmw_surface *vmw_lookup_surface_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = + vmw_lookup_user_surface_for_buffer(vmw, bo, handle); + struct vmw_surface *surf = NULL; + struct ttm_base_object *base; + + if (user_srf) { + surf = vmw_surface_reference(&user_srf->srf); + base = &user_srf->prime.base; + ttm_base_object_unref(&base); + } + return surf; +} + +u32 vmw_lookup_surface_handle_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = + vmw_lookup_user_surface_for_buffer(vmw, bo, handle); + int surf_handle = 0; + struct ttm_base_object *base; + + if (user_srf) { + base = &user_srf->prime.base; + surf_handle = (u32)base->handle; + ttm_base_object_unref(&base); + } + return surf_handle; +} + +static int vmw_buffer_prime_to_surface_base(struct vmw_private *dev_priv, + struct drm_file *file_priv, + u32 fd, u32 *handle, + struct ttm_base_object **base_p) +{ + struct ttm_base_object *base; + struct vmw_bo *bo; + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_user_surface *user_srf; + int ret; + + ret = drm_gem_prime_fd_to_handle(&dev_priv->drm, file_priv, fd, handle); + if (ret) { + drm_warn(&dev_priv->drm, + "Wasn't able to find user buffer for fd = %u.\n", fd); + return ret; + } + + ret = vmw_user_bo_lookup(file_priv, *handle, &bo); + if (ret) { + drm_warn(&dev_priv->drm, + "Wasn't able to lookup user buffer for handle = %u.\n", *handle); + return ret; + } + + user_srf = vmw_lookup_user_surface_for_buffer(dev_priv, bo, *handle); + if (WARN_ON(!user_srf)) { + drm_warn(&dev_priv->drm, + "User surface fd %d (handle %d) is null.\n", fd, *handle); + ret = -EINVAL; + goto out; + } + + base = &user_srf->prime.base; + ret = ttm_ref_object_add(tfile, base, NULL, false); + if (ret) { + drm_warn(&dev_priv->drm, + "Couldn't add an object ref for the buffer (%d).\n", *handle); + goto out; + } + + *base_p = base; +out: + vmw_user_bo_unref(&bo); + + return ret; +} static int vmw_surface_handle_reference(struct vmw_private *dev_priv, @@ -901,15 +1016,19 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv, struct ttm_base_object **base_p) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - struct vmw_user_surface *user_srf; + struct vmw_user_surface *user_srf = NULL; uint32_t handle; struct ttm_base_object *base; int ret; if (handle_type == DRM_VMW_HANDLE_PRIME) { ret = ttm_prime_fd_to_handle(tfile, u_handle, &handle); - if (unlikely(ret != 0)) - return ret; + if (ret) + return vmw_buffer_prime_to_surface_base(dev_priv, + file_priv, + u_handle, + &handle, + base_p); } else { handle = u_handle; } @@ -1503,7 +1622,12 @@ vmw_gb_surface_define_internal(struct drm_device *dev, ret = vmw_user_bo_lookup(file_priv, req->base.buffer_handle, &res->guest_memory_bo); if (ret == 0) { - if (res->guest_memory_bo->tbo.base.size < res->guest_memory_size) { + if (res->guest_memory_bo->is_dumb) { + VMW_DEBUG_USER("Can't backup surface with a dumb buffer.\n"); + vmw_user_bo_unref(&res->guest_memory_bo); + ret = -EINVAL; + goto out_unlock; + } else if (res->guest_memory_bo->tbo.base.size < res->guest_memory_size) { VMW_DEBUG_USER("Surface backup buffer too small.\n"); vmw_user_bo_unref(&res->guest_memory_bo); ret = -EINVAL; @@ -1560,6 +1684,7 @@ vmw_gb_surface_define_internal(struct drm_device *dev, rep->handle = user_srf->prime.base.handle; rep->backup_size = res->guest_memory_size; if (res->guest_memory_bo) { + vmw_bo_add_detached_resource(res->guest_memory_bo, res); rep->buffer_map_handle = drm_vma_node_offset_addr(&res->guest_memory_bo->tbo.base.vma_node); rep->buffer_size = res->guest_memory_bo->tbo.base.size; @@ -2100,3 +2225,140 @@ int vmw_gb_surface_define(struct vmw_private *dev_priv, out_unlock: return ret; } + +static SVGA3dSurfaceFormat vmw_format_bpp_to_svga(struct vmw_private *vmw, + int bpp) +{ + switch (bpp) { + case 8: /* DRM_FORMAT_C8 */ + return SVGA3D_P8; + case 16: /* DRM_FORMAT_RGB565 */ + return SVGA3D_R5G6B5; + case 32: /* DRM_FORMAT_XRGB8888 */ + if (has_sm4_context(vmw)) + return SVGA3D_B8G8R8X8_UNORM; + return SVGA3D_X8R8G8B8; + default: + drm_warn(&vmw->drm, "Unsupported format bpp: %d\n", bpp); + return SVGA3D_X8R8G8B8; + } +} + +/** + * vmw_dumb_create - Create a dumb kms buffer + * + * @file_priv: Pointer to a struct drm_file identifying the caller. + * @dev: Pointer to the drm device. + * @args: Pointer to a struct drm_mode_create_dumb structure + * Return: Zero on success, negative error code on failure. + * + * This is a driver callback for the core drm create_dumb functionality. + * Note that this is very similar to the vmw_bo_alloc ioctl, except + * that the arguments have a different format. + */ +int vmw_dumb_create(struct drm_file *file_priv, + struct drm_device *dev, + struct drm_mode_create_dumb *args) +{ + struct vmw_private *dev_priv = vmw_priv(dev); + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_bo *vbo = NULL; + struct vmw_resource *res = NULL; + union drm_vmw_gb_surface_create_ext_arg arg = { 0 }; + struct drm_vmw_gb_surface_create_ext_req *req = &arg.req; + int ret; + struct drm_vmw_size drm_size = { + .width = args->width, + .height = args->height, + .depth = 1, + }; + SVGA3dSurfaceFormat format = vmw_format_bpp_to_svga(dev_priv, args->bpp); + const struct SVGA3dSurfaceDesc *desc = vmw_surface_get_desc(format); + SVGA3dSurfaceAllFlags flags = SVGA3D_SURFACE_HINT_TEXTURE | + SVGA3D_SURFACE_HINT_RENDERTARGET | + SVGA3D_SURFACE_SCREENTARGET | + SVGA3D_SURFACE_BIND_SHADER_RESOURCE | + SVGA3D_SURFACE_BIND_RENDER_TARGET; + + /* + * Without mob support we're just going to use raw memory buffer + * because we wouldn't be able to support full surface coherency + * without mobs + */ + if (!dev_priv->has_mob) { + int cpp = DIV_ROUND_UP(args->bpp, 8); + + switch (cpp) { + case 1: /* DRM_FORMAT_C8 */ + case 2: /* DRM_FORMAT_RGB565 */ + case 4: /* DRM_FORMAT_XRGB8888 */ + break; + default: + /* + * Dumb buffers don't allow anything else. + * This is tested via IGT's dumb_buffers + */ + return -EINVAL; + } + + args->pitch = args->width * cpp; + args->size = ALIGN(args->pitch * args->height, PAGE_SIZE); + + ret = vmw_gem_object_create_with_handle(dev_priv, file_priv, + args->size, &args->handle, + &vbo); + /* drop reference from allocate - handle holds it now */ + drm_gem_object_put(&vbo->tbo.base); + return ret; + } + + req->version = drm_vmw_gb_surface_v1; + req->multisample_pattern = SVGA3D_MS_PATTERN_NONE; + req->quality_level = SVGA3D_MS_QUALITY_NONE; + req->buffer_byte_stride = 0; + req->must_be_zero = 0; + req->base.svga3d_flags = SVGA3D_FLAGS_LOWER_32(flags); + req->svga3d_flags_upper_32_bits = SVGA3D_FLAGS_UPPER_32(flags); + req->base.format = (uint32_t)format; + req->base.drm_surface_flags = drm_vmw_surface_flag_scanout; + req->base.drm_surface_flags |= drm_vmw_surface_flag_shareable; + req->base.drm_surface_flags |= drm_vmw_surface_flag_create_buffer; + req->base.drm_surface_flags |= drm_vmw_surface_flag_coherent; + req->base.base_size.width = args->width; + req->base.base_size.height = args->height; + req->base.base_size.depth = 1; + req->base.array_size = 0; + req->base.mip_levels = 1; + req->base.multisample_count = 0; + req->base.buffer_handle = SVGA3D_INVALID_ID; + req->base.autogen_filter = SVGA3D_TEX_FILTER_NONE; + ret = vmw_gb_surface_define_ext_ioctl(dev, &arg, file_priv); + if (ret) { + drm_warn(dev, "Unable to create a dumb buffer\n"); + return ret; + } + + args->handle = arg.rep.buffer_handle; + args->size = arg.rep.buffer_size; + args->pitch = vmw_surface_calculate_pitch(desc, &drm_size); + + ret = vmw_user_resource_lookup_handle(dev_priv, tfile, arg.rep.handle, + user_surface_converter, + &res); + if (ret) { + drm_err(dev, "Created resource handle doesn't exist!\n"); + goto err; + } + + vbo = res->guest_memory_bo; + vbo->is_dumb = true; + vbo->dumb_surface = vmw_res_to_srf(res); + +err: + if (res) + vmw_resource_unreference(&res); + if (ret) + ttm_ref_object_base_unref(tfile, arg.rep.handle); + + return ret; +}

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/vmwgfx: Fix a deadlock in dma buf fence polling" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x e58337100721f3cc0c7424a18730e4f39844934f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080725-purchase-bannister-6499@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: e58337100721 ("drm/vmwgfx: Fix a deadlock in dma buf fence polling") c6771b6338c8 ("drm/vmwgfx/vmwgfx_fence: Add, remove and demote various documentation params/headers") be4f77ac6884 ("drm/vmwgfx: Cleanup fifo mmio handling") 840462e6872d ("drm/vmwgfx: Remove references to struct drm_device.pdev") 36891da8de98 ("drm/vmwgfx: Call vmw_driver_{load,unload}() before registering device") 6ae8748bf706 ("drm/vmwgfx: drop reminaing users of drmP.h") 9c84aeba67cc ("drm/vmwgfx: Kill unneeded legacy security features") 3cd74023ea18 ("vmwgfx: drop empty lastclose stub") 0424fdaf883a ("drm/prime: Actually remove DRIVER_PRIME everywhere") 90b86fcc47b4 ("DRM: Add KMS driver for the Ingenic JZ47xx SoCs") 4672b1d65fc9 ("Merge remote-tracking branch 'drm/drm-next' into drm-misc-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e58337100721f3cc0c7424a18730e4f39844934f Mon Sep 17 00:00:00 2001 From: Zack Rusin <zack.rusin(a)broadcom.com> Date: Mon, 22 Jul 2024 14:41:13 -0400 Subject: [PATCH] drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 2298e804e96e ("drm/vmwgfx: rework to new fence interface, v2") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.2+ Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240722184313.181318-2-zack.… diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 5efc6a766f64..588d50ababf6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -32,7 +32,6 @@ #define VMW_FENCE_WRAP (1 << 31) struct vmw_fence_manager { - int num_fence_objects; struct vmw_private *dev_priv; spinlock_t lock; struct list_head fence_list; @@ -124,13 +123,13 @@ static void vmw_fence_obj_destroy(struct dma_fence *f) { struct vmw_fence_obj *fence = container_of(f, struct vmw_fence_obj, base); - struct vmw_fence_manager *fman = fman_from_fence(fence); - spin_lock(&fman->lock); - list_del_init(&fence->head); - --fman->num_fence_objects; - spin_unlock(&fman->lock); + if (!list_empty(&fence->head)) { + spin_lock(&fman->lock); + list_del_init(&fence->head); + spin_unlock(&fman->lock); + } fence->destroy(fence); } @@ -257,7 +256,6 @@ static const struct dma_fence_ops vmw_fence_ops = { .release = vmw_fence_obj_destroy, }; - /* * Execute signal actions on fences recently signaled. * This is done from a workqueue so we don't have to execute @@ -355,7 +353,6 @@ static int vmw_fence_obj_init(struct vmw_fence_manager *fman, goto out_unlock; } list_add_tail(&fence->head, &fman->fence_list); - ++fman->num_fence_objects; out_unlock: spin_unlock(&fman->lock); @@ -403,7 +400,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, u32 passed_seqno) { u32 goal_seqno; - struct vmw_fence_obj *fence; + struct vmw_fence_obj *fence, *next_fence; if (likely(!fman->seqno_valid)) return false; @@ -413,7 +410,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, return false; fman->seqno_valid = false; - list_for_each_entry(fence, &fman->fence_list, head) { + list_for_each_entry_safe(fence, next_fence, &fman->fence_list, head) { if (!list_empty(&fence->seq_passed_actions)) { fman->seqno_valid = true; vmw_fence_goal_write(fman->dev_priv,

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/vmwgfx: Fix a deadlock in dma buf fence polling" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e58337100721f3cc0c7424a18730e4f39844934f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080724-activator-freeware-804d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: e58337100721 ("drm/vmwgfx: Fix a deadlock in dma buf fence polling") c6771b6338c8 ("drm/vmwgfx/vmwgfx_fence: Add, remove and demote various documentation params/headers") be4f77ac6884 ("drm/vmwgfx: Cleanup fifo mmio handling") 840462e6872d ("drm/vmwgfx: Remove references to struct drm_device.pdev") 36891da8de98 ("drm/vmwgfx: Call vmw_driver_{load,unload}() before registering device") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e58337100721f3cc0c7424a18730e4f39844934f Mon Sep 17 00:00:00 2001 From: Zack Rusin <zack.rusin(a)broadcom.com> Date: Mon, 22 Jul 2024 14:41:13 -0400 Subject: [PATCH] drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 2298e804e96e ("drm/vmwgfx: rework to new fence interface, v2") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.2+ Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240722184313.181318-2-zack.… diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 5efc6a766f64..588d50ababf6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -32,7 +32,6 @@ #define VMW_FENCE_WRAP (1 << 31) struct vmw_fence_manager { - int num_fence_objects; struct vmw_private *dev_priv; spinlock_t lock; struct list_head fence_list; @@ -124,13 +123,13 @@ static void vmw_fence_obj_destroy(struct dma_fence *f) { struct vmw_fence_obj *fence = container_of(f, struct vmw_fence_obj, base); - struct vmw_fence_manager *fman = fman_from_fence(fence); - spin_lock(&fman->lock); - list_del_init(&fence->head); - --fman->num_fence_objects; - spin_unlock(&fman->lock); + if (!list_empty(&fence->head)) { + spin_lock(&fman->lock); + list_del_init(&fence->head); + spin_unlock(&fman->lock); + } fence->destroy(fence); } @@ -257,7 +256,6 @@ static const struct dma_fence_ops vmw_fence_ops = { .release = vmw_fence_obj_destroy, }; - /* * Execute signal actions on fences recently signaled. * This is done from a workqueue so we don't have to execute @@ -355,7 +353,6 @@ static int vmw_fence_obj_init(struct vmw_fence_manager *fman, goto out_unlock; } list_add_tail(&fence->head, &fman->fence_list); - ++fman->num_fence_objects; out_unlock: spin_unlock(&fman->lock); @@ -403,7 +400,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, u32 passed_seqno) { u32 goal_seqno; - struct vmw_fence_obj *fence; + struct vmw_fence_obj *fence, *next_fence; if (likely(!fman->seqno_valid)) return false; @@ -413,7 +410,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, return false; fman->seqno_valid = false; - list_for_each_entry(fence, &fman->fence_list, head) { + list_for_each_entry_safe(fence, next_fence, &fman->fence_list, head) { if (!list_empty(&fence->seq_passed_actions)) { fman->seqno_valid = true; vmw_fence_goal_write(fman->dev_priv,

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/vmwgfx: Fix a deadlock in dma buf fence polling" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e58337100721f3cc0c7424a18730e4f39844934f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080723-snowy-luxury-099a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e58337100721 ("drm/vmwgfx: Fix a deadlock in dma buf fence polling") c6771b6338c8 ("drm/vmwgfx/vmwgfx_fence: Add, remove and demote various documentation params/headers") be4f77ac6884 ("drm/vmwgfx: Cleanup fifo mmio handling") 840462e6872d ("drm/vmwgfx: Remove references to struct drm_device.pdev") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e58337100721f3cc0c7424a18730e4f39844934f Mon Sep 17 00:00:00 2001 From: Zack Rusin <zack.rusin(a)broadcom.com> Date: Mon, 22 Jul 2024 14:41:13 -0400 Subject: [PATCH] drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 2298e804e96e ("drm/vmwgfx: rework to new fence interface, v2") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.2+ Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240722184313.181318-2-zack.… diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 5efc6a766f64..588d50ababf6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -32,7 +32,6 @@ #define VMW_FENCE_WRAP (1 << 31) struct vmw_fence_manager { - int num_fence_objects; struct vmw_private *dev_priv; spinlock_t lock; struct list_head fence_list; @@ -124,13 +123,13 @@ static void vmw_fence_obj_destroy(struct dma_fence *f) { struct vmw_fence_obj *fence = container_of(f, struct vmw_fence_obj, base); - struct vmw_fence_manager *fman = fman_from_fence(fence); - spin_lock(&fman->lock); - list_del_init(&fence->head); - --fman->num_fence_objects; - spin_unlock(&fman->lock); + if (!list_empty(&fence->head)) { + spin_lock(&fman->lock); + list_del_init(&fence->head); + spin_unlock(&fman->lock); + } fence->destroy(fence); } @@ -257,7 +256,6 @@ static const struct dma_fence_ops vmw_fence_ops = { .release = vmw_fence_obj_destroy, }; - /* * Execute signal actions on fences recently signaled. * This is done from a workqueue so we don't have to execute @@ -355,7 +353,6 @@ static int vmw_fence_obj_init(struct vmw_fence_manager *fman, goto out_unlock; } list_add_tail(&fence->head, &fman->fence_list); - ++fman->num_fence_objects; out_unlock: spin_unlock(&fman->lock); @@ -403,7 +400,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, u32 passed_seqno) { u32 goal_seqno; - struct vmw_fence_obj *fence; + struct vmw_fence_obj *fence, *next_fence; if (likely(!fman->seqno_valid)) return false; @@ -413,7 +410,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, return false; fman->seqno_valid = false; - list_for_each_entry(fence, &fman->fence_list, head) { + list_for_each_entry_safe(fence, next_fence, &fman->fence_list, head) { if (!list_empty(&fence->seq_passed_actions)) { fman->seqno_valid = true; vmw_fence_goal_write(fman->dev_priv,

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c4dcb47d46144d8f5b1ace1d8d2fcddeb5dacd8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080738-gopher-uphold-0739@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c4dcb47d4614 ("drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible") 394ae0603a67 ("drm/amdgpu: fix visible VRAM handling during faults") ba1a58d5b907 ("drm/amdgpu: add shared fdinfo stats") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c4dcb47d46144d8f5b1ace1d8d2fcddeb5dacd8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer(a)redhat.com> Date: Wed, 8 May 2024 15:19:16 +0200 Subject: [PATCH] drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It incorrectly claimed a resource isn't CPU visible if it's located at the very end of CPU visible VRAM. Fixes: a6ff969fe9cb ("drm/amdgpu: fix visible VRAM handling during faults") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3343 Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reported-and-Tested-by: Jeremy Day <jsday(a)noreason.ca> Signed-off-by: Michel Dänzer <mdaenzer(a)redhat.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c index 80974d72cbc1..0364a7bb5893 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -432,7 +432,7 @@ bool amdgpu_res_cpu_visible(struct amdgpu_device *adev, amdgpu_res_first(res, 0, res->size, &cursor); while (cursor.remaining) { - if ((cursor.start + cursor.size) >= adev->gmc.visible_vram_size) + if ((cursor.start + cursor.size) > adev->gmc.visible_vram_size) return false; amdgpu_res_next(&cursor, cursor.size); }

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x c4dcb47d46144d8f5b1ace1d8d2fcddeb5dacd8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080737-sevenfold-squatter-c26c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: c4dcb47d4614 ("drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c4dcb47d46144d8f5b1ace1d8d2fcddeb5dacd8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer(a)redhat.com> Date: Wed, 8 May 2024 15:19:16 +0200 Subject: [PATCH] drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It incorrectly claimed a resource isn't CPU visible if it's located at the very end of CPU visible VRAM. Fixes: a6ff969fe9cb ("drm/amdgpu: fix visible VRAM handling during faults") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3343 Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reported-and-Tested-by: Jeremy Day <jsday(a)noreason.ca> Signed-off-by: Michel Dänzer <mdaenzer(a)redhat.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c index 80974d72cbc1..0364a7bb5893 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -432,7 +432,7 @@ bool amdgpu_res_cpu_visible(struct amdgpu_device *adev, amdgpu_res_first(res, 0, res->size, &cursor); while (cursor.remaining) { - if ((cursor.start + cursor.size) >= adev->gmc.visible_vram_size) + if ((cursor.start + cursor.size) > adev->gmc.visible_vram_size) return false; amdgpu_res_next(&cursor, cursor.size); }

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corruption after buffer fault in during direct IO" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 939b656bc8ab203fdbde26ccac22bcb7f0985be5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080736-oink-ceramics-beb3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 939b656bc8ab ("btrfs: fix corruption after buffer fault in during direct IO append write") 9aa29a20b700 ("btrfs: move the direct IO code into its own file") 04ef7631bfa5 ("btrfs: cleanup duplicated parameters related to btrfs_create_dio_extent()") 9fec848b3a33 ("btrfs: cleanup duplicated parameters related to create_io_em()") e9ea31fb5c1f ("btrfs: cleanup duplicated parameters related to btrfs_alloc_ordered_extent") cdc627e65c7e ("btrfs: cleanup duplicated parameters related to can_nocow_file_extent_args") c77a8c61002e ("btrfs: remove extent_map::block_start member") e28b851ed9b2 ("btrfs: remove extent_map::block_len member") 4aa7b5d1784f ("btrfs: remove extent_map::orig_start member") 3f255ece2f1e ("btrfs: introduce extra sanity checks for extent maps") 3d2ac9922465 ("btrfs: introduce new members for extent_map") 87a6962f73b1 ("btrfs: export the expected file extent through can_nocow_extent()") e8fe524da027 ("btrfs: rename extent_map::orig_block_len to disk_num_bytes") 8996f61ab9ff ("btrfs: move fiemap code into its own file") 56b7169f691c ("btrfs: use a btrfs_inode local variable at btrfs_sync_file()") e641e323abb3 ("btrfs: pass a btrfs_inode to btrfs_wait_ordered_range()") cef2daba4268 ("btrfs: pass a btrfs_inode to btrfs_fdatawrite_range()") 4e660ca3a98d ("btrfs: use a regular rb_root instead of cached rb_root for extent_map_tree") 7f5830bc964d ("btrfs: rename rb_root member of extent_map_tree from map to root") f13e01b89daf ("btrfs: ensure fast fsync waits for ordered extents after a write failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 939b656bc8ab203fdbde26ccac22bcb7f0985be5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 26 Jul 2024 11:12:52 +0100 Subject: [PATCH] btrfs: fix corruption after buffer fault in during direct IO append write During an append (O_APPEND write flag) direct IO write if the input buffer was not previously faulted in, we can corrupt the file in a way that the final size is unexpected and it includes an unexpected hole. The problem happens like this: 1) We have an empty file, with size 0, for example; 2) We do an O_APPEND direct IO with a length of 4096 bytes and the input buffer is not currently faulted in; 3) We enter btrfs_direct_write(), lock the inode and call generic_write_checks(), which calls generic_write_checks_count(), and that function sets the iocb position to 0 with the following code: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 4) We call btrfs_dio_write() and enter into iomap, which will end up calling btrfs_dio_iomap_begin() and that calls btrfs_get_blocks_direct_write(), where we update the i_size of the inode to 4096 bytes; 5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access the page of the write input buffer (at iomap_dio_bio_iter(), with a call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets returned to btrfs at btrfs_direct_write() via btrfs_dio_write(); 6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode, fault in the write buffer and then goto to the label 'relock'; 7) We lock again the inode, do all the necessary checks again and call again generic_write_checks(), which calls generic_write_checks_count() again, and there we set the iocb's position to 4K, which is the current i_size of the inode, with the following code pointed above: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 8) Then we go again to btrfs_dio_write() and enter iomap and the write succeeds, but it wrote to the file range [4K, 8K), leaving a hole in the [0, 4K) range and an i_size of 8K, which goes against the expectations of having the data written to the range [0, 4K) and get an i_size of 4K. Fix this by not unlocking the inode before faulting in the input buffer, in case we get -EFAULT or an incomplete write, and not jumping to the 'relock' label after faulting in the buffer - instead jump to a location immediately before calling iomap, skipping all the write checks and relocking. This solves this problem and it's fine even in case the input buffer is memory mapped to the same file range, since only holding the range locked in the inode's io tree can cause a deadlock, it's safe to keep the inode lock (VFS lock), as was fixed and described in commit 51bd9563b678 ("btrfs: fix deadlock due to page faults during direct IO reads and writes"). A sample reproducer provided by a reporter is the following: $ cat test.c #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <test file>\n", argv[0]); return 1; } int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT | O_APPEND, 0644); if (fd < 0) { perror("creating test file"); return 1; } char *buf = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ssize_t ret = write(fd, buf, 4096); if (ret < 0) { perror("pwritev2"); return 1; } struct stat stbuf; ret = fstat(fd, &stbuf); if (ret < 0) { perror("stat"); return 1; } printf("size: %llu\n", (unsigned long long)stbuf.st_size); return stbuf.st_size == 4096 ? 0 : 1; } A test case for fstests will be sent soon. Reported-by: Hanna Czenczek <hreitz(a)redhat.com> Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@re… Fixes: 8184620ae212 ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb") CC: stable(a)vger.kernel.org # 6.1+ Tested-by: Hanna Czenczek <hreitz(a)redhat.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index c8568b1a61c4..75fa563e4cac 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -459,6 +459,7 @@ struct btrfs_file_private { void *filldir_buf; u64 last_index; struct extent_state *llseek_cached_state; + bool fsync_skip_inode_lock; }; static inline u32 BTRFS_LEAF_DATA_SIZE(const struct btrfs_fs_info *info) diff --git a/fs/btrfs/direct-io.c b/fs/btrfs/direct-io.c index f9fb2db6a1e4..67adbe9d294a 100644 --- a/fs/btrfs/direct-io.c +++ b/fs/btrfs/direct-io.c @@ -856,21 +856,37 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) * So here we disable page faults in the iov_iter and then retry if we * got -EFAULT, faulting in the pages before the retry. */ +again: from->nofault = true; dio = btrfs_dio_write(iocb, from, written); from->nofault = false; - /* - * iomap_dio_complete() will call btrfs_sync_file() if we have a dsync - * iocb, and that needs to lock the inode. So unlock it before calling - * iomap_dio_complete() to avoid a deadlock. - */ - btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); - - if (IS_ERR_OR_NULL(dio)) + if (IS_ERR_OR_NULL(dio)) { ret = PTR_ERR_OR_ZERO(dio); - else + } else { + struct btrfs_file_private stack_private = { 0 }; + struct btrfs_file_private *private; + const bool have_private = (file->private_data != NULL); + + if (!have_private) + file->private_data = &stack_private; + + /* + * If we have a synchronous write, we must make sure the fsync + * triggered by the iomap_dio_complete() call below doesn't + * deadlock on the inode lock - we are already holding it and we + * can't call it after unlocking because we may need to complete + * partial writes due to the input buffer (or parts of it) not + * being already faulted in. + */ + private = file->private_data; + private->fsync_skip_inode_lock = true; ret = iomap_dio_complete(dio); + private->fsync_skip_inode_lock = false; + + if (!have_private) + file->private_data = NULL; + } /* No increment (+=) because iomap returns a cumulative value. */ if (ret > 0) @@ -897,10 +913,12 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) } else { fault_in_iov_iter_readable(from, left); prev_left = left; - goto relock; + goto again; } } + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + /* * If 'ret' is -ENOTBLK or we have not written all data, then it means * we must fallback to buffered IO. diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 21381de906f6..9f10a9f23fcc 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1603,6 +1603,7 @@ static inline bool skip_inode_logging(const struct btrfs_log_ctx *ctx) */ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) { + struct btrfs_file_private *private = file->private_data; struct dentry *dentry = file_dentry(file); struct btrfs_inode *inode = BTRFS_I(d_inode(dentry)); struct btrfs_root *root = inode->root; @@ -1612,6 +1613,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) int ret = 0, err; u64 len; bool full_sync; + const bool skip_ilock = (private ? private->fsync_skip_inode_lock : false); trace_btrfs_sync_file(file, datasync); @@ -1639,7 +1641,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) if (ret) goto out; - btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + down_write(&inode->i_mmap_lock); + else + btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); atomic_inc(&root->log_batch); @@ -1663,7 +1668,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) */ ret = start_ordered_ops(inode, start, end); if (ret) { - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); goto out; } @@ -1788,7 +1796,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) * file again, but that will end up using the synchronization * inside btrfs_sync_log to keep things safe. */ - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); if (ret == BTRFS_NO_LOG_SYNC) { ret = btrfs_end_transaction(trans);

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corruption after buffer fault in during direct IO" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 939b656bc8ab203fdbde26ccac22bcb7f0985be5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080734-dripping-residence-d803@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 939b656bc8ab ("btrfs: fix corruption after buffer fault in during direct IO append write") 9aa29a20b700 ("btrfs: move the direct IO code into its own file") 04ef7631bfa5 ("btrfs: cleanup duplicated parameters related to btrfs_create_dio_extent()") 9fec848b3a33 ("btrfs: cleanup duplicated parameters related to create_io_em()") e9ea31fb5c1f ("btrfs: cleanup duplicated parameters related to btrfs_alloc_ordered_extent") cdc627e65c7e ("btrfs: cleanup duplicated parameters related to can_nocow_file_extent_args") c77a8c61002e ("btrfs: remove extent_map::block_start member") e28b851ed9b2 ("btrfs: remove extent_map::block_len member") 4aa7b5d1784f ("btrfs: remove extent_map::orig_start member") 3f255ece2f1e ("btrfs: introduce extra sanity checks for extent maps") 3d2ac9922465 ("btrfs: introduce new members for extent_map") 87a6962f73b1 ("btrfs: export the expected file extent through can_nocow_extent()") e8fe524da027 ("btrfs: rename extent_map::orig_block_len to disk_num_bytes") 8996f61ab9ff ("btrfs: move fiemap code into its own file") 56b7169f691c ("btrfs: use a btrfs_inode local variable at btrfs_sync_file()") e641e323abb3 ("btrfs: pass a btrfs_inode to btrfs_wait_ordered_range()") cef2daba4268 ("btrfs: pass a btrfs_inode to btrfs_fdatawrite_range()") 4e660ca3a98d ("btrfs: use a regular rb_root instead of cached rb_root for extent_map_tree") 7f5830bc964d ("btrfs: rename rb_root member of extent_map_tree from map to root") f13e01b89daf ("btrfs: ensure fast fsync waits for ordered extents after a write failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 939b656bc8ab203fdbde26ccac22bcb7f0985be5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 26 Jul 2024 11:12:52 +0100 Subject: [PATCH] btrfs: fix corruption after buffer fault in during direct IO append write During an append (O_APPEND write flag) direct IO write if the input buffer was not previously faulted in, we can corrupt the file in a way that the final size is unexpected and it includes an unexpected hole. The problem happens like this: 1) We have an empty file, with size 0, for example; 2) We do an O_APPEND direct IO with a length of 4096 bytes and the input buffer is not currently faulted in; 3) We enter btrfs_direct_write(), lock the inode and call generic_write_checks(), which calls generic_write_checks_count(), and that function sets the iocb position to 0 with the following code: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 4) We call btrfs_dio_write() and enter into iomap, which will end up calling btrfs_dio_iomap_begin() and that calls btrfs_get_blocks_direct_write(), where we update the i_size of the inode to 4096 bytes; 5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access the page of the write input buffer (at iomap_dio_bio_iter(), with a call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets returned to btrfs at btrfs_direct_write() via btrfs_dio_write(); 6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode, fault in the write buffer and then goto to the label 'relock'; 7) We lock again the inode, do all the necessary checks again and call again generic_write_checks(), which calls generic_write_checks_count() again, and there we set the iocb's position to 4K, which is the current i_size of the inode, with the following code pointed above: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 8) Then we go again to btrfs_dio_write() and enter iomap and the write succeeds, but it wrote to the file range [4K, 8K), leaving a hole in the [0, 4K) range and an i_size of 8K, which goes against the expectations of having the data written to the range [0, 4K) and get an i_size of 4K. Fix this by not unlocking the inode before faulting in the input buffer, in case we get -EFAULT or an incomplete write, and not jumping to the 'relock' label after faulting in the buffer - instead jump to a location immediately before calling iomap, skipping all the write checks and relocking. This solves this problem and it's fine even in case the input buffer is memory mapped to the same file range, since only holding the range locked in the inode's io tree can cause a deadlock, it's safe to keep the inode lock (VFS lock), as was fixed and described in commit 51bd9563b678 ("btrfs: fix deadlock due to page faults during direct IO reads and writes"). A sample reproducer provided by a reporter is the following: $ cat test.c #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <test file>\n", argv[0]); return 1; } int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT | O_APPEND, 0644); if (fd < 0) { perror("creating test file"); return 1; } char *buf = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ssize_t ret = write(fd, buf, 4096); if (ret < 0) { perror("pwritev2"); return 1; } struct stat stbuf; ret = fstat(fd, &stbuf); if (ret < 0) { perror("stat"); return 1; } printf("size: %llu\n", (unsigned long long)stbuf.st_size); return stbuf.st_size == 4096 ? 0 : 1; } A test case for fstests will be sent soon. Reported-by: Hanna Czenczek <hreitz(a)redhat.com> Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@re… Fixes: 8184620ae212 ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb") CC: stable(a)vger.kernel.org # 6.1+ Tested-by: Hanna Czenczek <hreitz(a)redhat.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index c8568b1a61c4..75fa563e4cac 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -459,6 +459,7 @@ struct btrfs_file_private { void *filldir_buf; u64 last_index; struct extent_state *llseek_cached_state; + bool fsync_skip_inode_lock; }; static inline u32 BTRFS_LEAF_DATA_SIZE(const struct btrfs_fs_info *info) diff --git a/fs/btrfs/direct-io.c b/fs/btrfs/direct-io.c index f9fb2db6a1e4..67adbe9d294a 100644 --- a/fs/btrfs/direct-io.c +++ b/fs/btrfs/direct-io.c @@ -856,21 +856,37 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) * So here we disable page faults in the iov_iter and then retry if we * got -EFAULT, faulting in the pages before the retry. */ +again: from->nofault = true; dio = btrfs_dio_write(iocb, from, written); from->nofault = false; - /* - * iomap_dio_complete() will call btrfs_sync_file() if we have a dsync - * iocb, and that needs to lock the inode. So unlock it before calling - * iomap_dio_complete() to avoid a deadlock. - */ - btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); - - if (IS_ERR_OR_NULL(dio)) + if (IS_ERR_OR_NULL(dio)) { ret = PTR_ERR_OR_ZERO(dio); - else + } else { + struct btrfs_file_private stack_private = { 0 }; + struct btrfs_file_private *private; + const bool have_private = (file->private_data != NULL); + + if (!have_private) + file->private_data = &stack_private; + + /* + * If we have a synchronous write, we must make sure the fsync + * triggered by the iomap_dio_complete() call below doesn't + * deadlock on the inode lock - we are already holding it and we + * can't call it after unlocking because we may need to complete + * partial writes due to the input buffer (or parts of it) not + * being already faulted in. + */ + private = file->private_data; + private->fsync_skip_inode_lock = true; ret = iomap_dio_complete(dio); + private->fsync_skip_inode_lock = false; + + if (!have_private) + file->private_data = NULL; + } /* No increment (+=) because iomap returns a cumulative value. */ if (ret > 0) @@ -897,10 +913,12 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) } else { fault_in_iov_iter_readable(from, left); prev_left = left; - goto relock; + goto again; } } + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + /* * If 'ret' is -ENOTBLK or we have not written all data, then it means * we must fallback to buffered IO. diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 21381de906f6..9f10a9f23fcc 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1603,6 +1603,7 @@ static inline bool skip_inode_logging(const struct btrfs_log_ctx *ctx) */ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) { + struct btrfs_file_private *private = file->private_data; struct dentry *dentry = file_dentry(file); struct btrfs_inode *inode = BTRFS_I(d_inode(dentry)); struct btrfs_root *root = inode->root; @@ -1612,6 +1613,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) int ret = 0, err; u64 len; bool full_sync; + const bool skip_ilock = (private ? private->fsync_skip_inode_lock : false); trace_btrfs_sync_file(file, datasync); @@ -1639,7 +1641,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) if (ret) goto out; - btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + down_write(&inode->i_mmap_lock); + else + btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); atomic_inc(&root->log_batch); @@ -1663,7 +1668,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) */ ret = start_ordered_ops(inode, start, end); if (ret) { - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); goto out; } @@ -1788,7 +1796,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) * file again, but that will end up using the synchronization * inside btrfs_sync_log to keep things safe. */ - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); if (ret == BTRFS_NO_LOG_SYNC) { ret = btrfs_end_transaction(trans);

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corruption after buffer fault in during direct IO" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 939b656bc8ab203fdbde26ccac22bcb7f0985be5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080732-spiffy-crestless-0307@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 939b656bc8ab ("btrfs: fix corruption after buffer fault in during direct IO append write") 9aa29a20b700 ("btrfs: move the direct IO code into its own file") 04ef7631bfa5 ("btrfs: cleanup duplicated parameters related to btrfs_create_dio_extent()") 9fec848b3a33 ("btrfs: cleanup duplicated parameters related to create_io_em()") e9ea31fb5c1f ("btrfs: cleanup duplicated parameters related to btrfs_alloc_ordered_extent") cdc627e65c7e ("btrfs: cleanup duplicated parameters related to can_nocow_file_extent_args") c77a8c61002e ("btrfs: remove extent_map::block_start member") e28b851ed9b2 ("btrfs: remove extent_map::block_len member") 4aa7b5d1784f ("btrfs: remove extent_map::orig_start member") 3f255ece2f1e ("btrfs: introduce extra sanity checks for extent maps") 3d2ac9922465 ("btrfs: introduce new members for extent_map") 87a6962f73b1 ("btrfs: export the expected file extent through can_nocow_extent()") e8fe524da027 ("btrfs: rename extent_map::orig_block_len to disk_num_bytes") 8996f61ab9ff ("btrfs: move fiemap code into its own file") 56b7169f691c ("btrfs: use a btrfs_inode local variable at btrfs_sync_file()") e641e323abb3 ("btrfs: pass a btrfs_inode to btrfs_wait_ordered_range()") cef2daba4268 ("btrfs: pass a btrfs_inode to btrfs_fdatawrite_range()") 4e660ca3a98d ("btrfs: use a regular rb_root instead of cached rb_root for extent_map_tree") 7f5830bc964d ("btrfs: rename rb_root member of extent_map_tree from map to root") f13e01b89daf ("btrfs: ensure fast fsync waits for ordered extents after a write failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 939b656bc8ab203fdbde26ccac22bcb7f0985be5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 26 Jul 2024 11:12:52 +0100 Subject: [PATCH] btrfs: fix corruption after buffer fault in during direct IO append write During an append (O_APPEND write flag) direct IO write if the input buffer was not previously faulted in, we can corrupt the file in a way that the final size is unexpected and it includes an unexpected hole. The problem happens like this: 1) We have an empty file, with size 0, for example; 2) We do an O_APPEND direct IO with a length of 4096 bytes and the input buffer is not currently faulted in; 3) We enter btrfs_direct_write(), lock the inode and call generic_write_checks(), which calls generic_write_checks_count(), and that function sets the iocb position to 0 with the following code: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 4) We call btrfs_dio_write() and enter into iomap, which will end up calling btrfs_dio_iomap_begin() and that calls btrfs_get_blocks_direct_write(), where we update the i_size of the inode to 4096 bytes; 5) After btrfs_dio_iomap_begin() returns, iomap will attempt to access the page of the write input buffer (at iomap_dio_bio_iter(), with a call to bio_iov_iter_get_pages()) and fail with -EFAULT, which gets returned to btrfs at btrfs_direct_write() via btrfs_dio_write(); 6) At btrfs_direct_write() we get the -EFAULT error, unlock the inode, fault in the write buffer and then goto to the label 'relock'; 7) We lock again the inode, do all the necessary checks again and call again generic_write_checks(), which calls generic_write_checks_count() again, and there we set the iocb's position to 4K, which is the current i_size of the inode, with the following code pointed above: if (iocb->ki_flags & IOCB_APPEND) iocb->ki_pos = i_size_read(inode); 8) Then we go again to btrfs_dio_write() and enter iomap and the write succeeds, but it wrote to the file range [4K, 8K), leaving a hole in the [0, 4K) range and an i_size of 8K, which goes against the expectations of having the data written to the range [0, 4K) and get an i_size of 4K. Fix this by not unlocking the inode before faulting in the input buffer, in case we get -EFAULT or an incomplete write, and not jumping to the 'relock' label after faulting in the buffer - instead jump to a location immediately before calling iomap, skipping all the write checks and relocking. This solves this problem and it's fine even in case the input buffer is memory mapped to the same file range, since only holding the range locked in the inode's io tree can cause a deadlock, it's safe to keep the inode lock (VFS lock), as was fixed and described in commit 51bd9563b678 ("btrfs: fix deadlock due to page faults during direct IO reads and writes"). A sample reproducer provided by a reporter is the following: $ cat test.c #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <test file>\n", argv[0]); return 1; } int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC | O_DIRECT | O_APPEND, 0644); if (fd < 0) { perror("creating test file"); return 1; } char *buf = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); ssize_t ret = write(fd, buf, 4096); if (ret < 0) { perror("pwritev2"); return 1; } struct stat stbuf; ret = fstat(fd, &stbuf); if (ret < 0) { perror("stat"); return 1; } printf("size: %llu\n", (unsigned long long)stbuf.st_size); return stbuf.st_size == 4096 ? 0 : 1; } A test case for fstests will be sent soon. Reported-by: Hanna Czenczek <hreitz(a)redhat.com> Link: https://lore.kernel.org/linux-btrfs/0b841d46-12fe-4e64-9abb-871d8d0de271@re… Fixes: 8184620ae212 ("btrfs: fix lost file sync on direct IO write with nowait and dsync iocb") CC: stable(a)vger.kernel.org # 6.1+ Tested-by: Hanna Czenczek <hreitz(a)redhat.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index c8568b1a61c4..75fa563e4cac 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -459,6 +459,7 @@ struct btrfs_file_private { void *filldir_buf; u64 last_index; struct extent_state *llseek_cached_state; + bool fsync_skip_inode_lock; }; static inline u32 BTRFS_LEAF_DATA_SIZE(const struct btrfs_fs_info *info) diff --git a/fs/btrfs/direct-io.c b/fs/btrfs/direct-io.c index f9fb2db6a1e4..67adbe9d294a 100644 --- a/fs/btrfs/direct-io.c +++ b/fs/btrfs/direct-io.c @@ -856,21 +856,37 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) * So here we disable page faults in the iov_iter and then retry if we * got -EFAULT, faulting in the pages before the retry. */ +again: from->nofault = true; dio = btrfs_dio_write(iocb, from, written); from->nofault = false; - /* - * iomap_dio_complete() will call btrfs_sync_file() if we have a dsync - * iocb, and that needs to lock the inode. So unlock it before calling - * iomap_dio_complete() to avoid a deadlock. - */ - btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); - - if (IS_ERR_OR_NULL(dio)) + if (IS_ERR_OR_NULL(dio)) { ret = PTR_ERR_OR_ZERO(dio); - else + } else { + struct btrfs_file_private stack_private = { 0 }; + struct btrfs_file_private *private; + const bool have_private = (file->private_data != NULL); + + if (!have_private) + file->private_data = &stack_private; + + /* + * If we have a synchronous write, we must make sure the fsync + * triggered by the iomap_dio_complete() call below doesn't + * deadlock on the inode lock - we are already holding it and we + * can't call it after unlocking because we may need to complete + * partial writes due to the input buffer (or parts of it) not + * being already faulted in. + */ + private = file->private_data; + private->fsync_skip_inode_lock = true; ret = iomap_dio_complete(dio); + private->fsync_skip_inode_lock = false; + + if (!have_private) + file->private_data = NULL; + } /* No increment (+=) because iomap returns a cumulative value. */ if (ret > 0) @@ -897,10 +913,12 @@ ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) } else { fault_in_iov_iter_readable(from, left); prev_left = left; - goto relock; + goto again; } } + btrfs_inode_unlock(BTRFS_I(inode), ilock_flags); + /* * If 'ret' is -ENOTBLK or we have not written all data, then it means * we must fallback to buffered IO. diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 21381de906f6..9f10a9f23fcc 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1603,6 +1603,7 @@ static inline bool skip_inode_logging(const struct btrfs_log_ctx *ctx) */ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) { + struct btrfs_file_private *private = file->private_data; struct dentry *dentry = file_dentry(file); struct btrfs_inode *inode = BTRFS_I(d_inode(dentry)); struct btrfs_root *root = inode->root; @@ -1612,6 +1613,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) int ret = 0, err; u64 len; bool full_sync; + const bool skip_ilock = (private ? private->fsync_skip_inode_lock : false); trace_btrfs_sync_file(file, datasync); @@ -1639,7 +1641,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) if (ret) goto out; - btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + down_write(&inode->i_mmap_lock); + else + btrfs_inode_lock(inode, BTRFS_ILOCK_MMAP); atomic_inc(&root->log_batch); @@ -1663,7 +1668,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) */ ret = start_ordered_ops(inode, start, end); if (ret) { - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); goto out; } @@ -1788,7 +1796,10 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) * file again, but that will end up using the synchronization * inside btrfs_sync_log to keep things safe. */ - btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); + if (skip_ilock) + up_write(&inode->i_mmap_lock); + else + btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP); if (ret == BTRFS_NO_LOG_SYNC) { ret = btrfs_end_transaction(trans);

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: zoned: fix zone_unusable accounting on making block" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8cd44dd1d17a23d5cc8c443c659ca57aa76e2fa5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024080751-importer-postbox-eb90@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8cd44dd1d17a ("btrfs: zoned: fix zone_unusable accounting on making block group read-write again") 9d4b0a129a0d ("btrfs: simplify arguments of btrfs_update_space_info and rename") 6a921de58992 ("btrfs: zoned: introduce space_info->active_total_bytes") f6fca3917b4d ("btrfs: store chunk size in space-info struct") b8bea09a456f ("btrfs: add trace event for submitted RAID56 bio") c67c68eb57f1 ("btrfs: use integrated bitmaps for btrfs_raid_bio::dbitmap and finish_pbitmap") 143823cf4d5a ("btrfs: fix typos in comments") 385de0ef387d ("btrfs: use a normal workqueue for rmw_workers") a7b8e39c922b ("btrfs: raid56: enable subpage support for RAID56") 3907ce293d68 ("btrfs: raid56: make alloc_rbio_essential_pages() subpage compatible") ac26df8b3b02 ("btrfs: raid56: remove btrfs_raid_bio::bio_pages array") 07e4d3808047 ("btrfs: raid56: make __raid_recover_endio_io() subpage compatible") 46900662d02f ("btrfs: raid56: make finish_parity_scrub() subpage compatible") 3e77605d6a81 ("btrfs: raid56: make rbio_add_io_page() subpage compatible") 00425dd976d3 ("btrfs: raid56: introduce btrfs_raid_bio::bio_sectors") eb3570607c8c ("btrfs: raid56: introduce btrfs_raid_bio::stripe_sectors") 94efbe19b9f1 ("btrfs: raid56: introduce new cached members for btrfs_raid_bio") 29b068382c6f ("btrfs: raid56: make btrfs_raid_bio more compact") 843de58b3e31 ("btrfs: raid56: open code rbio_nr_pages()") cc353a8be2fd ("btrfs: reduce width for stripe_len from u64 to u32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8cd44dd1d17a23d5cc8c443c659ca57aa76e2fa5 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Wed, 15 Feb 2023 09:18:02 +0900 Subject: [PATCH] btrfs: zoned: fix zone_unusable accounting on making block group read-write again When btrfs makes a block group read-only, it adds all free regions in the block group to space_info->bytes_readonly. That free space excludes reserved and pinned regions. OTOH, when btrfs makes the block group read-write again, it moves all the unused regions into the block group's zone_unusable. That unused region includes reserved and pinned regions. As a result, it counts too much zone_unusable bytes. Fortunately (or unfortunately), having erroneous zone_unusable does not affect the calculation of space_info->bytes_readonly, because free space (num_bytes in btrfs_dec_block_group_ro) calculation is done based on the erroneous zone_unusable and it reduces the num_bytes just to cancel the error. This behavior can be easily discovered by adding a WARN_ON to check e.g, "bg->pinned > 0" in btrfs_dec_block_group_ro(), and running fstests test case like btrfs/282. Fix it by properly considering pinned and reserved in btrfs_dec_block_group_ro(). Also, add a WARN_ON and introduce btrfs_space_info_update_bytes_zone_unusable() to catch a similar mistake. Fixes: 169e0da91a21 ("btrfs: zoned: track unusable bytes for zones") CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index 498442d0c216..2e49d978f504 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1223,8 +1223,8 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, block_group->space_info->total_bytes -= block_group->length; block_group->space_info->bytes_readonly -= (block_group->length - block_group->zone_unusable); - block_group->space_info->bytes_zone_unusable -= - block_group->zone_unusable; + btrfs_space_info_update_bytes_zone_unusable(fs_info, block_group->space_info, + -block_group->zone_unusable); block_group->space_info->disk_total -= block_group->length * factor; spin_unlock(&block_group->space_info->lock); @@ -1396,7 +1396,8 @@ static int inc_block_group_ro(struct btrfs_block_group *cache, int force) if (btrfs_is_zoned(cache->fs_info)) { /* Migrate zone_unusable bytes to readonly */ sinfo->bytes_readonly += cache->zone_unusable; - sinfo->bytes_zone_unusable -= cache->zone_unusable; + btrfs_space_info_update_bytes_zone_unusable(cache->fs_info, sinfo, + -cache->zone_unusable); cache->zone_unusable = 0; } cache->ro++; @@ -3056,9 +3057,11 @@ void btrfs_dec_block_group_ro(struct btrfs_block_group *cache) if (btrfs_is_zoned(cache->fs_info)) { /* Migrate zone_unusable bytes back */ cache->zone_unusable = - (cache->alloc_offset - cache->used) + + (cache->alloc_offset - cache->used - cache->pinned - + cache->reserved) + (cache->length - cache->zone_capacity); - sinfo->bytes_zone_unusable += cache->zone_unusable; + btrfs_space_info_update_bytes_zone_unusable(cache->fs_info, sinfo, + cache->zone_unusable); sinfo->bytes_readonly -= cache->zone_unusable; } num_bytes = cache->length - cache->reserved - diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index d77498e7671c..ff9f0d41987e 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -2793,7 +2793,8 @@ static int unpin_extent_range(struct btrfs_fs_info *fs_info, readonly = true; } else if (btrfs_is_zoned(fs_info)) { /* Need reset before reusing in a zoned block group */ - space_info->bytes_zone_unusable += len; + btrfs_space_info_update_bytes_zone_unusable(fs_info, space_info, + len); readonly = true; } spin_unlock(&cache->lock); diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 3f9b7507543a..f5996a43db24 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -2723,8 +2723,10 @@ static int __btrfs_add_free_space_zoned(struct btrfs_block_group *block_group, * If the block group is read-only, we should account freed space into * bytes_readonly. */ - if (!block_group->ro) + if (!block_group->ro) { block_group->zone_unusable += to_unusable; + WARN_ON(block_group->zone_unusable > block_group->length); + } spin_unlock(&ctl->tree_lock); if (!used) { spin_lock(&block_group->lock); diff --git a/fs/btrfs/space-info.c b/fs/btrfs/space-info.c index c1d9d3664400..68e14fd48638 100644 --- a/fs/btrfs/space-info.c +++ b/fs/btrfs/space-info.c @@ -316,7 +316,7 @@ void btrfs_add_bg_to_space_info(struct btrfs_fs_info *info, found->bytes_used += block_group->used; found->disk_used += block_group->used * factor; found->bytes_readonly += block_group->bytes_super; - found->bytes_zone_unusable += block_group->zone_unusable; + btrfs_space_info_update_bytes_zone_unusable(info, found, block_group->zone_unusable); if (block_group->length > 0) found->full = 0; btrfs_try_granting_tickets(info, found); diff --git a/fs/btrfs/space-info.h b/fs/btrfs/space-info.h index 4db8a0267c16..88b44221ce97 100644 --- a/fs/btrfs/space-info.h +++ b/fs/btrfs/space-info.h @@ -249,6 +249,7 @@ btrfs_space_info_update_##name(struct btrfs_fs_info *fs_info, \ DECLARE_SPACE_INFO_UPDATE(bytes_may_use, "space_info"); DECLARE_SPACE_INFO_UPDATE(bytes_pinned, "pinned"); +DECLARE_SPACE_INFO_UPDATE(bytes_zone_unusable, "zone_unusable"); int btrfs_init_space_info(struct btrfs_fs_info *fs_info); void btrfs_add_bg_to_space_info(struct btrfs_fs_info *info, diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index eeb56975bee7..de55a555d95b 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -2383,6 +2383,14 @@ DEFINE_EVENT(btrfs__space_info_update, update_bytes_pinned, TP_ARGS(fs_info, sinfo, old, diff) ); +DEFINE_EVENT(btrfs__space_info_update, update_bytes_zone_unusable, + + TP_PROTO(const struct btrfs_fs_info *fs_info, + const struct btrfs_space_info *sinfo, u64 old, s64 diff), + + TP_ARGS(fs_info, sinfo, old, diff) +); + DECLARE_EVENT_CLASS(btrfs_raid56_bio, TP_PROTO(const struct btrfs_raid_bio *rbio,

10 months, 3 weeks

1
0
0 0

Re: CVE-2024-39503: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type

by Siddh Raman Pant

On Fri, 12 Jul 2024 14:21:09 +0200, Greg Kroah-Hartman wrote: > In the Linux kernel, the following vulnerability has been resolved: > > netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type > > Lion Ackermann reported that there is a race condition between namespace cleanup > in ipset and the garbage collection of the list:set type. The namespace > cleanup can destroy the list:set type of sets while the gc of the set type is > waiting to run in rcu cleanup. The latter uses data from the destroyed set which > thus leads use after free. The patch contains the following parts: > > - When destroying all sets, first remove the garbage collectors, then wait > if needed and then destroy the sets. > - Fix the badly ordered "wait then remove gc" for the destroy a single set > case. > - Fix the missing rcu locking in the list:set type in the userspace test > case. > - Use proper RCU list handlings in the list:set type. > > The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc). This commit does not exist in stable kernels. Please backport it. netfilter: ipset: Add list flush to cancel_gc Flushing list in cancel_gc drops references to other lists right away, without waiting for RCU to destroy list. Fixes race when referenced ipsets can't be destroyed while referring list is scheduled for destroy. Since this is missing, the CVE fix potentially introduced new races as it makes use of RCU. Thanks, Siddh

10 months, 3 weeks

2
1
0 0

[PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls

by Jann Horn

The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- fs/f2fs/file.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 168f08507004..a662392c5d8b 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2117,12 +2117,15 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) struct f2fs_inode_info *fi = F2FS_I(inode); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); struct inode *pinode; loff_t isize; int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -2225,12 +2228,15 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) static int f2fs_ioc_commit_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) return ret; @@ -2257,12 +2263,15 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) static int f2fs_ioc_abort_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) return ret; --- base-commit: b446a2dae984fa5bd56dd7c3a02a426f87e05813 change-id: 20240806-f2fs-atomic-write-e019a47823de -- Jann Horn <jannh(a)google.com>

10 months, 3 weeks

3
2
0 0

[PATCH 21/24] drm/amd/display: fix cursor offset on rotation 180

by Tom Chung

From: Melissa Wen <mwen(a)igalia.com> [why & how] Cursor gets clipped off in the middle of the screen with hw rotation 180. Fix a miscalculation of cursor offset when it's placed near the edges in the pipe split case. Cursor bugs with hw rotation were reported on AMD issue tracker: https://gitlab.freedesktop.org/drm/amd/-/issues/2247 The issues on rotation 270 was fixed by: https://lore.kernel.org/amd-gfx/20221118125935.4013669-22-Brian.Chang@amd.c… that partially addressed the rotation 180 too. So, this patch is the final bits for rotation 180. Reported-by: Xaver Hugl <xaver.hugl(a)gmail.com> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2247 Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Fixes: 9d84c7ef8a87 ("drm/amd/display: Correct cursor position on horizontal mirror") Signed-off-by: Melissa Wen <mwen(a)igalia.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c index a7b5b25e3f34..802902f54d09 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c @@ -3594,7 +3594,7 @@ void dcn10_set_cursor_position(struct pipe_ctx *pipe_ctx) (int)hubp->curs_attr.width || pos_cpy.x <= (int)hubp->curs_attr.width + pipe_ctx->plane_state->src_rect.x) { - pos_cpy.x = temp_x + viewport_width; + pos_cpy.x = 2 * viewport_width - temp_x; } } } else { -- 2.34.1

10 months, 3 weeks

1
0
0 0

[PATCH 18/24] drm/amd/display: Enable otg synchronization logic for DCN321

by Tom Chung

From: Loan Chen <lo-an.chen(a)amd.com> [Why] Tiled display cannot synchronize properly after S3. The fix for commit 5f0c74915815 ("drm/amd/display: Fix for otg synchronization logic") is not enable in DCN321, which causes the otg is excluded from synchronization. [How] Enable otg synchronization logic in dcn321. Fixes: 5f0c74915815 ("drm/amd/display: Fix for otg synchronization logic") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Loan Chen <lo-an.chen(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> --- .../gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c index a414ed60a724..827a94f84f10 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c @@ -1778,6 +1778,9 @@ static bool dcn321_resource_construct( dc->caps.color.mpc.ogam_rom_caps.hlg = 0; dc->caps.color.mpc.ocsc = 1; + /* Use pipe context based otg sync logic */ + dc->config.use_pipe_ctx_sync_logic = true; + dc->config.dc_mode_clk_limit_support = true; dc->config.enable_windowed_mpo_odm = true; dc->config.disable_hbr_audio_dp2 = true; -- 2.34.1

10 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix potential race in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5596d9e8b553dacb0ac34bcf873cbbfb16c3ba3e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071559-reptilian-chaffing-a991@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 5596d9e8b553 ("mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio()") bd225530a4c7 ("mm/hugetlb_vmemmap: fix race with speculative PFN walkers") 51718e25c53f ("mm: convert arch_clear_hugepage_flags to take a folio") 831bc31a5e82 ("mm: hugetlb: improve the handling of hugetlb allocation failure for freed or in-use hugetlb") ebc20dcac4ce ("mm: hugetlb_vmemmap: convert page to folio") c5ad3233ead5 ("hugetlb_vmemmap: use folio argument for hugetlb_vmemmap_* functions") c24f188b2289 ("hugetlb: batch TLB flushes when restoring vmemmap") f13b83fdd996 ("hugetlb: batch TLB flushes when freeing vmemmap") f4b7e3efaddb ("hugetlb: batch PMD split for bulk vmemmap dedup") 91f386bf0772 ("hugetlb: batch freeing of vmemmap pages") cfb8c75099db ("hugetlb: perform vmemmap restoration on a list of pages") 79359d6d24df ("hugetlb: perform vmemmap optimization on a list of pages") d67e32f26713 ("hugetlb: restructure pool allocations") d2cf88c27f51 ("hugetlb: optimize update_and_free_pages_bulk to avoid lock cycles") 30a89adf872d ("hugetlb: check for hugetlb folio before vmemmap_restore") d5b43e9683ec ("hugetlb: convert remove_pool_huge_page() to remove_pool_hugetlb_folio()") 04bbfd844b99 ("hugetlb: remove a few calls to page_folio()") fde1c4ecf916 ("mm: hugetlb: skip initialization of gigantic tail struct pages if freed by HVO") 3ee0aa9f0675 ("mm: move some shrinker-related function declarations to mm/internal.h") d8f5f7e445f0 ("hugetlb: set hugetlb page flag before optimizing vmemmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5596d9e8b553dacb0ac34bcf873cbbfb16c3ba3e Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Mon, 8 Jul 2024 10:51:27 +0800 Subject: [PATCH] mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio() There is a potential race between __update_and_free_hugetlb_folio() and try_memory_failure_hugetlb(): CPU1 CPU2 __update_and_free_hugetlb_folio try_memory_failure_hugetlb folio_test_hugetlb -- It's still hugetlb folio. folio_clear_hugetlb_hwpoison spin_lock_irq(&hugetlb_lock); __get_huge_page_for_hwpoison folio_set_hugetlb_hwpoison spin_unlock_irq(&hugetlb_lock); spin_lock_irq(&hugetlb_lock); __folio_clear_hugetlb(folio); -- Hugetlb flag is cleared but too late. spin_unlock_irq(&hugetlb_lock); When the above race occurs, raw error page info will be leaked. Even worse, raw error pages won't have hwpoisoned flag set and hit pcplists/buddy. Fix this issue by deferring folio_clear_hugetlb_hwpoison() until __folio_clear_hugetlb() is done. So all raw error pages will have hwpoisoned flag set. Link: https://lkml.kernel.org/r/20240708025127.107713-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 2afb70171b76..fe44324d6383 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1725,13 +1725,6 @@ static void __update_and_free_hugetlb_folio(struct hstate *h, return; } - /* - * Move PageHWPoison flag from head page to the raw error pages, - * which makes any healthy subpages reusable. - */ - if (unlikely(folio_test_hwpoison(folio))) - folio_clear_hugetlb_hwpoison(folio); - /* * If vmemmap pages were allocated above, then we need to clear the * hugetlb flag under the hugetlb lock. @@ -1742,6 +1735,13 @@ static void __update_and_free_hugetlb_folio(struct hstate *h, spin_unlock_irq(&hugetlb_lock); } + /* + * Move PageHWPoison flag from head page to the raw error pages, + * which makes any healthy subpages reusable. + */ + if (unlikely(folio_test_hwpoison(folio))) + folio_clear_hugetlb_hwpoison(folio); + folio_ref_unfreeze(folio, 1); /*

10 months, 3 weeks

2
1
0 0

Re: [PATCH v4 2/2] locking/lockdep: Testing lock class and subclass got the same name pointer

by Boqun Feng

On Wed, Aug 07, 2024 at 06:00:11AM +0300, ahmed Ehab wrote: > On Sat, Aug 3, 2024 at 3:51 AM Boqun Feng <boqun.feng(a)gmail.com> wrote: > > > On Mon, Jul 15, 2024 at 04:26:38PM +0300, botta633 wrote: > > > From: Ahmed Ehab <bottaawesome633(a)gmail.com> > > > > > > Checking if the lockdep_map->name will change when setting the subclass. > > > It shouldn't change so that the lock class and subclass will have the > > same > > > name > > > > > > Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> > > > Fixes: de8f5e4f2dc1f ("lockdep: Introduce wait-type checks") > > > Cc: <stable(a)vger.kernel.org> > > > > You seems to miss my comment at v2: > > > > https://lore.kernel.org/lkml/ZpRKcHNZfsMuACRG@boqun-archlinux/ > > > > , i.e. you don't need the Reported-by, Fixes and Cc tag for the patch > > that adds a test case. > > > > > Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> > > > --- > > > v3->v4: > > > - Fixed subject line truncation. > > > > > > lib/locking-selftest.c | 21 +++++++++++++++++++++ > > > 1 file changed, 21 insertions(+) > > > > > > diff --git a/lib/locking-selftest.c b/lib/locking-selftest.c > > > index 6f6a5fc85b42..aeed613799ca 100644 > > > --- a/lib/locking-selftest.c > > > +++ b/lib/locking-selftest.c > > > @@ -2710,6 +2710,25 @@ static void local_lock_3B(void) > > > > > > } > > > > > > + /** > > > > ^ there is a tailing space here, next time you can detect this by using > > checkpatch. Also "/**" style is especially for function signature > > comment, you could just use a "/*" here. > > > > > + * after setting the subclass the lockdep_map.name changes > > > + * if we initialize a new string literal for the subclass > > > + * we will have a new name pointer > > > + */ > > > +static void class_subclass_X1_name_test(void) > > > +{ > > > + printk(" > > --------------------------------------------------------------------------\n"); > > > + printk(" | class and subclass name test|\n"); > > > + printk(" ---------------------\n"); > > > + const char *name_before_setting_subclass = rwsem_X1.dep_map.name; > > > + const char *name_after_setting_subclass; > > > + > > > + WARN_ON(!rwsem_X1.dep_map.name); > > > + lockdep_set_subclass(&rwsem_X1, 1); > > > + name_after_setting_subclass = rwsem_X1.dep_map.name; > > > + WARN_ON(name_before_setting_subclass != > > name_after_setting_subclass); > > > +} > > > + > > > static void local_lock_tests(void) > > > { > > > printk(" > > --------------------------------------------------------------------------\n"); > > > @@ -2916,6 +2935,8 @@ void locking_selftest(void) > > > > > > local_lock_tests(); > > > > > > + class_subclass_X1_name_test(); > > > + > > > > I got this in the serial log: > > > > [ 0.619454] > > -------------------------------------------------------------------------- > > [ 0.621463] | local_lock tests | > > [ 0.622326] --------------------- > > [ 0.623211] local_lock inversion 2: ok | > > [ 0.624904] local_lock inversion 3A: ok | > > [ 0.626740] local_lock inversion 3B: ok | > > [ 0.628492] > > -------------------------------------------------------------------------- > > [ 0.630513] | class and subclass name test| > > [ 0.631614] --------------------- > > [ 0.632502] hardirq_unsafe_softirq_safe: ok | > > > > two problems here: > > > > 1) The "class and subclass name test" line interrupts the output of > > testsuite "local_lock tests". > > > > 2) Instead of a WARN_ON(), could you look into using dotest() to > > print "ok" if the test passes, which is consistent with other > > > tests. > > > > I wrote it this way: > static void lock_class_subclass_X1(void) > { > const char *name_before_setting_subclass = rwsem_X1.dep_map.name; > const char *name_after_setting_subclass; > > lockdep_set_subclass(&rwsem_X1, 1); > name_after_setting_subclass = rwsem_X1.dep_map.name; > debug_locks = name_before_setting_subclass == name_after_setting_subclass; I think you could use: DEBUG_LOCK_WARN_ON(name_before_setting_subclass != name_after_setting_subclass); here. Regards, Boqun > } > ... > static void class_subclass_X1_name_test(void) > { > printk(" > --------------------------------------------------------------------------\n"); > printk(" | class and subclass name test|\n"); > printk(" ---------------------\n"); > > print_testname("lock class and subclass same name"); > dotest(lock_class_subclass_X1, SUCCESS, LOCKTYPE_RWSEM); > pr_cont("\n"); > } > However, assigning a value to debug_locks seems very uncommon. I tried to > check other test cases; however, they seem to rely on the method they are > testing. Do you have a suggestion for my scenario if I want to compare the > names before and after setting the subclass? > Or you suggest that I follow a different approach other than comparing the > names such as checking debug_locks in lockdep_init_map_type and returning > when we have multiple instantiations for lock->name? > > > > > Could you please fix all above problems and send another version of this > > patch (no need to resend the first one)? Thanks! > > > > Regards, > > Boqun > > > > > print_testname("hardirq_unsafe_softirq_safe"); > > > dotest(hardirq_deadlock_softirq_not_deadlock, FAILURE, > > LOCKTYPE_SPECIAL); > > > pr_cont("\n"); > > > -- > > > 2.45.2 > > > > > > > Regards, > Ahmed

10 months, 3 weeks

1
0
0 0

[PATCH net 2/3] idpf: fix memleak in vport interrupt configuration

by Tony Nguyen

From: Michal Kubiak <michal.kubiak(a)intel.com> The initialization of vport interrupt consists of two functions: 1) idpf_vport_intr_init() where a generic configuration is done 2) idpf_vport_intr_req_irq() where the irq for each q_vector is requested. The first function used to create a base name for each interrupt using "kasprintf()" call. Unfortunately, although that call allocated memory for a text buffer, that memory was never released. Fix this by removing creating the interrupt base name in 1). Instead, always create a full interrupt name in the function 2), because there is no need to create a base name separately, considering that the function 2) is never called out of idpf_vport_intr_init() context. Fixes: d4d558718266 ("idpf: initialize interrupts and enable vport") Cc: stable(a)vger.kernel.org # 6.7 Signed-off-by: Michal Kubiak <michal.kubiak(a)intel.com> Reviewed-by: Pavan Kumar Linga <pavan.kumar.linga(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Tested-by: Krishneil Singh <krishneil.k.singh(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_txrx.c index af2879f03b8d..a2f9f252694a 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c @@ -3780,13 +3780,15 @@ void idpf_vport_intr_update_itr_ena_irq(struct idpf_q_vector *q_vector) /** * idpf_vport_intr_req_irq - get MSI-X vectors from the OS for the vport * @vport: main vport structure - * @basename: name for the vector */ -static int idpf_vport_intr_req_irq(struct idpf_vport *vport, char *basename) +static int idpf_vport_intr_req_irq(struct idpf_vport *vport) { struct idpf_adapter *adapter = vport->adapter; + const char *drv_name, *if_name, *vec_name; int vector, err, irq_num, vidx; - const char *vec_name; + + drv_name = dev_driver_string(&adapter->pdev->dev); + if_name = netdev_name(vport->netdev); for (vector = 0; vector < vport->num_q_vectors; vector++) { struct idpf_q_vector *q_vector = &vport->q_vectors[vector]; @@ -3804,8 +3806,8 @@ static int idpf_vport_intr_req_irq(struct idpf_vport *vport, char *basename) else continue; - name = kasprintf(GFP_KERNEL, "%s-%s-%d", basename, vec_name, - vidx); + name = kasprintf(GFP_KERNEL, "%s-%s-%s-%d", drv_name, if_name, + vec_name, vidx); err = request_irq(irq_num, idpf_vport_intr_clean_queues, 0, name, q_vector); @@ -4326,7 +4328,6 @@ int idpf_vport_intr_alloc(struct idpf_vport *vport) */ int idpf_vport_intr_init(struct idpf_vport *vport) { - char *int_name; int err; err = idpf_vport_intr_init_vec_idx(vport); @@ -4340,11 +4341,7 @@ int idpf_vport_intr_init(struct idpf_vport *vport) if (err) goto unroll_vectors_alloc; - int_name = kasprintf(GFP_KERNEL, "%s-%s", - dev_driver_string(&vport->adapter->pdev->dev), - vport->netdev->name); - - err = idpf_vport_intr_req_irq(vport, int_name); + err = idpf_vport_intr_req_irq(vport); if (err) goto unroll_vectors_alloc; -- 2.42.0

10 months, 3 weeks

1
0
0 0

[PATCH] libbpf: check the btf_type kind to prevent error

by Ma Ke

To prevent potential error return values, it is necessary to check the return value of btf__type_by_id. We can add a kind checking to fix the issue. Cc: stable(a)vger.kernel.org Fixes: 430025e5dca5 ("libbpf: Add subskeleton scaffolding") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- tools/lib/bpf/libbpf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index a3be6f8fac09..d1eb45d16054 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -13850,6 +13850,9 @@ int bpf_object__open_subskeleton(struct bpf_object_subskeleton *s) var = btf_var_secinfos(map_type); for (i = 0; i < len; i++, var++) { var_type = btf__type_by_id(btf, var->type); + if (!var_type) + return libbpf_err(-ENOENT); + var_name = btf__name_by_offset(btf, var_type->name_off); if (strcmp(var_name, var_skel->name) == 0) { *var_skel->addr = map->mmaped + var->offset; -- 2.25.1

10 months, 3 weeks

4
3
0 0

+ mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Waiman Long <longman(a)redhat.com> Subject: mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu Date: Tue, 6 Aug 2024 12:41:07 -0400 The memory_failure_cpu structure is a per-cpu structure. Access to its content requires the use of get_cpu_var() to lock in the current CPU and disable preemption. The use of a regular spinlock_t for locking purpose is fine for a non-RT kernel. Since the integration of RT spinlock support into the v5.15 kernel, a spinlock_t in a RT kernel becomes a sleeping lock and taking a sleeping lock in a preemption disabled context is illegal resulting in the following kind of warning. [12135.732244] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [12135.732248] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 270076, name: kworker/0:0 [12135.732252] preempt_count: 1, expected: 0 [12135.732255] RCU nest depth: 2, expected: 2 : [12135.732420] Hardware name: Dell Inc. PowerEdge R640/0HG0J8, BIOS 2.10.2 02/24/2021 [12135.732423] Workqueue: kacpi_notify acpi_os_execute_deferred [12135.732433] Call Trace: [12135.732436] <TASK> [12135.732450] dump_stack_lvl+0x57/0x81 [12135.732461] __might_resched.cold+0xf4/0x12f [12135.732479] rt_spin_lock+0x4c/0x100 [12135.732491] memory_failure_queue+0x40/0xe0 [12135.732503] ghes_do_memory_failure+0x53/0x390 [12135.732516] ghes_do_proc.constprop.0+0x229/0x3e0 [12135.732575] ghes_proc+0xf9/0x1a0 [12135.732591] ghes_notify_hed+0x6a/0x150 [12135.732602] notifier_call_chain+0x43/0xb0 [12135.732626] blocking_notifier_call_chain+0x43/0x60 [12135.732637] acpi_ev_notify_dispatch+0x47/0x70 [12135.732648] acpi_os_execute_deferred+0x13/0x20 [12135.732654] process_one_work+0x41f/0x500 [12135.732695] worker_thread+0x192/0x360 [12135.732715] kthread+0x111/0x140 [12135.732733] ret_from_fork+0x29/0x50 [12135.732779] </TASK> Fix it by using a raw_spinlock_t for locking instead. Also move the pr_err() out of the lock critical section to avoid indeterminate latency of this call. Link: https://lkml.kernel.org/r/20240806164107.1044956-1-longman@redhat.com Fixes: ea8f5fb8a71f ("HWPoison: add memory_failure_queue()") Signed-off-by: Waiman Long <longman(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Len Brown <len.brown(a)intel.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu +++ a/mm/memory-failure.c @@ -2417,7 +2417,7 @@ struct memory_failure_entry { struct memory_failure_cpu { DECLARE_KFIFO(fifo, struct memory_failure_entry, MEMORY_FAILURE_FIFO_SIZE); - spinlock_t lock; + raw_spinlock_t lock; struct work_struct work; }; @@ -2443,19 +2443,21 @@ void memory_failure_queue(unsigned long { struct memory_failure_cpu *mf_cpu; unsigned long proc_flags; + bool buffer_overflow; struct memory_failure_entry entry = { .pfn = pfn, .flags = flags, }; mf_cpu = &get_cpu_var(memory_failure_cpu); - spin_lock_irqsave(&mf_cpu->lock, proc_flags); - if (kfifo_put(&mf_cpu->fifo, entry)) + raw_spin_lock_irqsave(&mf_cpu->lock, proc_flags); + buffer_overflow = !kfifo_put(&mf_cpu->fifo, entry); + if (!buffer_overflow) schedule_work_on(smp_processor_id(), &mf_cpu->work); - else + raw_spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); + if (buffer_overflow) pr_err("buffer overflow when queuing memory failure at %#lx\n", pfn); - spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); put_cpu_var(memory_failure_cpu); } EXPORT_SYMBOL_GPL(memory_failure_queue); @@ -2469,9 +2471,9 @@ static void memory_failure_work_func(str mf_cpu = container_of(work, struct memory_failure_cpu, work); for (;;) { - spin_lock_irqsave(&mf_cpu->lock, proc_flags); + raw_spin_lock_irqsave(&mf_cpu->lock, proc_flags); gotten = kfifo_get(&mf_cpu->fifo, &entry); - spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); + raw_spin_unlock_irqrestore(&mf_cpu->lock, proc_flags); if (!gotten) break; if (entry.flags & MF_SOFT_OFFLINE) @@ -2501,7 +2503,7 @@ static int __init memory_failure_init(vo for_each_possible_cpu(cpu) { mf_cpu = &per_cpu(memory_failure_cpu, cpu); - spin_lock_init(&mf_cpu->lock); + raw_spin_lock_init(&mf_cpu->lock); INIT_KFIFO(mf_cpu->fifo); INIT_WORK(&mf_cpu->work, memory_failure_work_func); } _ Patches currently in -mm which might be from longman(a)redhat.com are padata-fix-possible-divide-by-0-panic-in-padata_mt_helper.patch mm-memory-failure-use-raw_spinlock_t-in-struct-memory_failure_cpu.patch watchdog-handle-the-enodev-failure-case-of-lockup_detector_delay_init-separately.patch

10 months, 3 weeks

1
0
0 0

+ padata-fix-possible-divide-by-0-panic-in-padata_mt_helper.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: padata: Fix possible divide-by-0 panic in padata_mt_helper() has been added to the -mm mm-hotfixes-unstable branch. Its filename is padata-fix-possible-divide-by-0-panic-in-padata_mt_helper.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Waiman Long <longman(a)redhat.com> Subject: padata: Fix possible divide-by-0 panic in padata_mt_helper() Date: Tue, 6 Aug 2024 13:46:47 -0400 We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: events_unbound padata_mt_helper [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0 : [ 10.017963] Call Trace: [ 10.017968] <TASK> [ 10.018004] ? padata_mt_helper+0x39/0xb0 [ 10.018084] process_one_work+0x174/0x330 [ 10.018093] worker_thread+0x266/0x3a0 [ 10.018111] kthread+0xcf/0x100 [ 10.018124] ret_from_fork+0x31/0x50 [ 10.018138] ret_from_fork_asm+0x1a/0x30 [ 10.018147] </TASK> Looking at the padata_mt_helper() function, the only way a divide-by-0 panic can happen is when ps->chunk_size is 0. The way that chunk_size is initialized in padata_do_multithreaded(), chunk_size can be 0 when the min_chunk in the passed-in padata_mt_job structure is 0. Fix this divide-by-0 panic by making sure that chunk_size will be at least 1 no matter what the input parameters are. Link: https://lkml.kernel.org/r/20240806174647.1050398-1-longman@redhat.com Fixes: 004ed42638f4 ("padata: add basic support for multithreaded jobs") Signed-off-by: Waiman Long <longman(a)redhat.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: Waiman Long <longman(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/padata.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/kernel/padata.c~padata-fix-possible-divide-by-0-panic-in-padata_mt_helper +++ a/kernel/padata.c @@ -517,6 +517,13 @@ void __init padata_do_multithreaded(stru ps.chunk_size = max(ps.chunk_size, job->min_chunk); ps.chunk_size = roundup(ps.chunk_size, job->align); + /* + * chunk_size can be 0 if the caller sets min_chunk to 0. So force it + * to at least 1 to prevent divide-by-0 panic in padata_mt_helper().` + */ + if (!ps.chunk_size) + ps.chunk_size = 1U; + list_for_each_entry(pw, &works, pw_list) if (job->numa_aware) { int old_node = atomic_read(&last_used_nid); _ Patches currently in -mm which might be from longman(a)redhat.com are padata-fix-possible-divide-by-0-panic-in-padata_mt_helper.patch watchdog-handle-the-enodev-failure-case-of-lockup_detector_delay_init-separately.patch

10 months, 3 weeks

1
0
0 0

[GIT PULL] virtio: bugfix

by Michael S. Tsirkin

The following changes since commit 6d834691da474ed1c648753d3d3a3ef8379fa1c1: virtio_pci_modern: remove admin queue serialization lock (2024-07-17 05:43:21 -0400) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus for you to fetch changes up to 0823dc64586ba5ea13a7d200a5d33e4c5fa45950: vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (2024-07-26 03:26:02 -0400) ---------------------------------------------------------------- virtio: bugfix Fixes a single, long-standing issue with kick pass-through vdpa. Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> ---------------------------------------------------------------- Jason Wang (1): vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler drivers/vhost/vdpa.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-)

10 months, 3 weeks

2
1
0 0

[PATCH 1/2] drm/amdgpu/jpeg2: properly set atomics vmid field

by Alex Deucher

This needs to be set as well if the IB uses atomics. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c index 99adf3625657..98aa3ccd0d20 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c @@ -538,11 +538,11 @@ void jpeg_v2_0_dec_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(mmUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4))); + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(mmUVD_LMI_JPEG_VMID_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4))); + amdgpu_ring_write(ring, (vmid | (vmid << 4) | (vmid << 8))); amdgpu_ring_write(ring, PACKETJ(mmUVD_LMI_JRBC_IB_64BIT_BAR_LOW_INTERNAL_OFFSET, 0, 0, PACKETJ_TYPE0)); -- 2.45.2

10 months, 3 weeks

2
2
0 0

Bidding Services

by elvislehmann891＠gmail.com

Hi, Cannon Estimation,LLC brings you a major discount on Cost Estimating & Quantities Take-Off Services. We claim a 98% accuracy guarantee with a refund policy in case of any error in quantities. We are using certified software’s like PlanSwift, BlueBeams, Accu-Bid, Auto-Bid & RSmeans etc Send us your plans for a quote on our service charges before getting started. Please reply to that email, so I can share some sample estimates. Thanks & Have a Great Day. Regards, Elvis Lehmann Business Development Manager Cannon Estimation, LLC

10 months, 3 weeks

1
0
0 0

[PATCH iwl-next 7/9] idpf: fix netdev Tx queue stop/wake

by Alexander Lobakin

From: Michal Kubiak <michal.kubiak(a)intel.com> netif_txq_maybe_stop() returns -1, 0, or 1, while idpf_tx_maybe_stop_common() says it returns 0 or -EBUSY. As a result, there sometimes are Tx queue timeout warnings despite that the queue is empty or there is at least enough space to restart it. Make idpf_tx_maybe_stop_common() inline and returning true or false, handling the return of netif_txq_maybe_stop() properly. Use a correct goto in idpf_tx_maybe_stop_splitq() to avoid stopping the queue or incrementing the stops counter twice. Fixes: 6818c4d5b3c2 ("idpf: add splitq start_xmit") Fixes: a5ab9ee0df0b ("idpf: add singleq start_xmit and napi poll") Cc: stable(a)vger.kernel.org # 6.7+ Signed-off-by: Michal Kubiak <michal.kubiak(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> --- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 9 ++++- .../ethernet/intel/idpf/idpf_singleq_txrx.c | 4 +++ drivers/net/ethernet/intel/idpf/idpf_txrx.c | 35 +++++-------------- 3 files changed, 21 insertions(+), 27 deletions(-) diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.h b/drivers/net/ethernet/intel/idpf/idpf_txrx.h index 2478f71adb95..df3574ac58c2 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.h +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h @@ -1020,7 +1020,6 @@ void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb, struct idpf_tx_buf *first, u16 ring_idx); unsigned int idpf_tx_desc_count_required(struct idpf_tx_queue *txq, struct sk_buff *skb); -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size); void idpf_tx_timeout(struct net_device *netdev, unsigned int txqueue); netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, struct idpf_tx_queue *tx_q); @@ -1029,4 +1028,12 @@ bool idpf_rx_singleq_buf_hw_alloc_all(struct idpf_rx_queue *rxq, u16 cleaned_count); int idpf_tso(struct sk_buff *skb, struct idpf_tx_offload_params *off); +static inline bool idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, + u32 needed) +{ + return !netif_subqueue_maybe_stop(tx_q->netdev, tx_q->idx, + IDPF_DESC_UNUSED(tx_q), + needed, needed); +} + #endif /* !_IDPF_TXRX_H_ */ diff --git a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c index 947d3ff9677c..5ba360abbe66 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c @@ -375,6 +375,10 @@ netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, IDPF_TX_DESCS_FOR_CTX)) { idpf_tx_buf_hw_update(tx_q, tx_q->next_to_use, false); + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + return NETDEV_TX_BUSY; } diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_txrx.c index fd44a65a0537..26ef064972d4 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c @@ -2127,29 +2127,6 @@ void idpf_tx_splitq_build_flow_desc(union idpf_tx_flex_desc *desc, desc->flow.qw1.compl_tag = cpu_to_le16(params->compl_tag); } -/** - * idpf_tx_maybe_stop_common - 1st level check for common Tx stop conditions - * @tx_q: the queue to be checked - * @size: number of descriptors we want to assure is available - * - * Returns 0 if stop is not needed - */ -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size) -{ - struct netdev_queue *nq; - - if (likely(IDPF_DESC_UNUSED(tx_q) >= size)) - return 0; - - u64_stats_update_begin(&tx_q->stats_sync); - u64_stats_inc(&tx_q->q_stats.q_busy); - u64_stats_update_end(&tx_q->stats_sync); - - nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); - - return netif_txq_maybe_stop(nq, IDPF_DESC_UNUSED(tx_q), size, size); -} - /** * idpf_tx_maybe_stop_splitq - 1st level check for Tx splitq stop conditions * @tx_q: the queue to be checked @@ -2161,7 +2138,7 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, unsigned int descs_needed) { if (idpf_tx_maybe_stop_common(tx_q, descs_needed)) - goto splitq_stop; + goto out; /* If there are too many outstanding completions expected on the * completion queue, stop the TX queue to give the device some time to @@ -2180,10 +2157,12 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, return 0; splitq_stop: + netif_stop_subqueue(tx_q->netdev, tx_q->idx); + +out: u64_stats_update_begin(&tx_q->stats_sync); u64_stats_inc(&tx_q->q_stats.q_busy); u64_stats_update_end(&tx_q->stats_sync); - netif_stop_subqueue(tx_q->netdev, tx_q->idx); return -EBUSY; } @@ -2206,7 +2185,11 @@ void idpf_tx_buf_hw_update(struct idpf_tx_queue *tx_q, u32 val, nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); tx_q->next_to_use = val; - idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED); + if (idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED)) { + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + } /* Force memory writes to complete before letting h/w * know there are new descriptors to fetch. (Only -- 2.45.2

10 months, 3 weeks

1
0
0 0

[PATCH] net: drop bad gso csum_start and offset in virtio_net_hdr

by mathieu.tortuyaux＠gmail.com

From: Willem de Bruijn <willemb(a)google.com> [ Upstream commit 89add40066f9ed9abe5f7f886fe5789ff7e0c50e ] Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for GSO packets. The function already checks that a checksum requested with VIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packets this might not hold for segs after segmentation. Syzkaller demonstrated to reach this warning in skb_checksum_help offset = skb_checksum_start_offset(skb); ret = -EINVAL; if (WARN_ON_ONCE(offset >= skb_headlen(skb))) By injecting a TSO packet: WARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0 ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774 ip_finish_output_gso net/ipv4/ip_output.c:279 [inline] __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301 iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4850 [inline] netdev_start_xmit include/linux/netdevice.h:4864 [inline] xmit_one net/core/dev.c:3595 [inline] dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611 __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261 packet_snd net/packet/af_packet.c:3073 [inline] The geometry of the bad input packet at tcp_gso_segment: [ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0 [ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244 [ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0)) [ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536 ip_summed=3 complete_sw=0 valid=0 level=0) Mitigate with stricter input validation. csum_offset: for GSO packets, deduce the correct value from gso_type. This is already done for USO. Extend it to TSO. Let UFO be: udp[46]_ufo_fragment ignores these fields and always computes the checksum in software. csum_start: finding the real offset requires parsing to the transport header. Do not add a parser, use existing segmentation parsing. Thanks to SKB_GSO_DODGY, that also catches bad packets that are hw offloaded. Again test both TSO and USO. Do not test UFO for the above reason, and do not test UDP tunnel offload. GSO packet are almost always CHECKSUM_PARTIAL. USO packets may be CHECKSUM_NONE since commit 10154dbded6d6 ("udp: Allow GSO transmit from devices with no checksum offload"), but then still these fields are initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So no need to test for ip_summed == CHECKSUM_PARTIAL first. This revises an existing fix mentioned in the Fixes tag, which broke small packets with GSO offload, as detected by kselftests. Link: https://syzkaller.appspot.com/bug?extid=e1db31216c789f552871 Link: https://lore.kernel.org/netdev/20240723223109.2196886-1-kuba@kernel.org Fixes: e269d79c7d35 ("net: missing check virtio") Cc: stable(a)vger.kernel.org Signed-off-by: Willem de Bruijn <willemb(a)google.com> Link: https://patch.msgid.link/20240729201108.1615114-1-willemdebruijn.kernel@gma… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- Hi, This patch fixes network failures on OpenStack VMs running with Kernel 6.6.44 (it was working fine with 6.6.43). ``` [ 237.422038] eth0: bad gso: type: 1, size: 1432 ``` This has been tested on Flatcar Linux CI with Kernel 6.6.44. I think it has to be backported on Linux branches that have the "net: missing check virtio" commit. At this moment, I know those releases to be concerned: * 6.1.y (with 6.1.103) * 6.6.y (with 6.6.44) * 6.10.y (with 6.10.3) Thanks, Mathieu - @tormath1 include/linux/virtio_net.h | 16 +++++----------- net/ipv4/tcp_offload.c | 3 +++ net/ipv4/udp_offload.c | 4 ++++ 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index d1d7825318c3..6c395a2600e8 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -56,7 +56,6 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, unsigned int thlen = 0; unsigned int p_off = 0; unsigned int ip_proto; - u64 ret, remainder, gso_size; if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { switch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) { @@ -99,16 +98,6 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, u32 off = __virtio16_to_cpu(little_endian, hdr->csum_offset); u32 needed = start + max_t(u32, thlen, off + sizeof(__sum16)); - if (hdr->gso_size) { - gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size); - ret = div64_u64_rem(skb->len, gso_size, &remainder); - if (!(ret && (hdr->gso_size > needed) && - ((remainder > needed) || (remainder == 0)))) { - return -EINVAL; - } - skb_shinfo(skb)->tx_flags |= SKBFL_SHARED_FRAG; - } - if (!pskb_may_pull(skb, needed)) return -EINVAL; @@ -182,6 +171,11 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, if (gso_type != SKB_GSO_UDP_L4) return -EINVAL; break; + case SKB_GSO_TCPV4: + case SKB_GSO_TCPV6: + if (skb->csum_offset != offsetof(struct tcphdr, check)) + return -EINVAL; + break; } /* Kernel has a special handling for GSO_BY_FRAGS. */ diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c index 8311c38267b5..69e6012ae82f 100644 --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c @@ -73,6 +73,9 @@ struct sk_buff *tcp_gso_segment(struct sk_buff *skb, if (thlen < sizeof(*th)) goto out; + if (unlikely(skb_checksum_start(skb) != skb_transport_header(skb))) + goto out; + if (!pskb_may_pull(skb, thlen)) goto out; diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index e5971890d637..9cb13a50011e 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -278,6 +278,10 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, if (gso_skb->len <= sizeof(*uh) + mss) return ERR_PTR(-EINVAL); + if (unlikely(skb_checksum_start(gso_skb) != + skb_transport_header(gso_skb))) + return ERR_PTR(-EINVAL); + if (skb_gso_ok(gso_skb, features | NETIF_F_GSO_ROBUST)) { /* Packet is from an untrusted source, reset gso_segs. */ skb_shinfo(gso_skb)->gso_segs = DIV_ROUND_UP(gso_skb->len - sizeof(*uh), -- 2.44.2

10 months, 3 weeks

1
0
0 0

[PATCH v1] arm64: dts: ti: k3-am62-verdin-dahlia: Keep CTRL_SLEEP_MOCI# regulator on

by Francesco Dolcini

From: Francesco Dolcini <francesco.dolcini(a)toradex.com> This reverts commit 3935fbc87ddebea5439f3ab6a78b1e83e976bf88. CTRL_SLEEP_MOCI# is a signal that is defined for all the SoM implementing the Verdin family specification, this signal is supposed to control the power enable in the carrier board when the system is in deep sleep mode. However this is not possible with Texas Instruments AM62 SoC, IOs output buffer is disabled in deep sleep and IOs are in tri-state mode. Given that we cannot properly control this pin, force it to be always high to minimize potential issues. Fixes: 3935fbc87dde ("arm64: dts: ti: k3-am62-verdin-dahlia: support sleep-moci") Cc: <stable(a)vger.kernel.org> Link: https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1… Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- .../boot/dts/ti/k3-am62-verdin-dahlia.dtsi | 22 ------------------- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 6 ----- 2 files changed, 28 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi b/arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi index e8f4d136e5df..9202181fbd65 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi @@ -43,15 +43,6 @@ simple-audio-card,cpu { sound-dai = <&mcasp0>; }; }; - - reg_usb_hub: regulator-usb-hub { - compatible = "regulator-fixed"; - enable-active-high; - /* Verdin CTRL_SLEEP_MOCI# (SODIMM 256) */ - gpio = <&main_gpio0 31 GPIO_ACTIVE_HIGH>; - regulator-boot-on; - regulator-name = "HUB_PWR_EN"; - }; }; /* Verdin ETHs */ @@ -193,11 +184,6 @@ &ospi0 { status = "okay"; }; -/* Do not force CTRL_SLEEP_MOCI# always enabled */ -&reg_force_sleep_moci { - status = "disabled"; -}; - /* Verdin SD_1 */ &sdhci1 { status = "okay"; @@ -218,15 +204,7 @@ &usbss1 { }; &usb1 { - #address-cells = <1>; - #size-cells = <0>; status = "okay"; - - usb-hub@1 { - compatible = "usb424,2744"; - reg = <1>; - vdd-supply = <&reg_usb_hub>; - }; }; /* Verdin CTRL_WAKE1_MICO# */ diff --git a/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi b/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi index 359f53f3e019..5bef31b8577b 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi @@ -138,12 +138,6 @@ reg_1v8_eth: regulator-1v8-eth { vin-supply = <&reg_1v8>; }; - /* - * By default we enable CTRL_SLEEP_MOCI#, this is required to have - * peripherals on the carrier board powered. - * If more granularity or power saving is required this can be disabled - * in the carrier board device tree files. - */ reg_force_sleep_moci: regulator-force-sleep-moci { compatible = "regulator-fixed"; enable-active-high; -- 2.39.2

10 months, 3 weeks

2
1
0 0

[PATCH 1/8] mm: Fix endless reclaim on machines with unaccepted memory

by Kirill A. Shutemov

Unaccepted memory is considered unusable free memory, which is not counted as free on the zone watermark check. This causes get_page_from_freelist() to accept more memory to hit the high watermark, but it creates problems in the reclaim path. The reclaim path encounters a failed zone watermark check and attempts to reclaim memory. This is usually successful, but if there is little or no reclaimable memory, it can result in endless reclaim with little to no progress. This can occur early in the boot process, just after start of the init process when the only reclaimable memory is the page cache of the init executable and its libraries. Make unaccepted memory free from watermark check point of view. This way unaccepted memory will never be the trigger of memory reclaim. Accept more memory in the get_page_from_freelist() if needed. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Jianxiong Gao <jxgao(a)google.com> Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Cc: stable(a)vger.kernel.org # v6.5+ --- mm/page_alloc.c | 42 ++++++++++++++++++++---------------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 28f80daf5c04..aa9b1eaa638c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -287,7 +287,7 @@ EXPORT_SYMBOL(nr_online_nodes); static bool page_contains_unaccepted(struct page *page, unsigned int order); static void accept_page(struct page *page, unsigned int order); -static bool try_to_accept_memory(struct zone *zone, unsigned int order); +static bool cond_accept_memory(struct zone *zone, unsigned int order); static inline bool has_unaccepted_memory(void); static bool __free_unaccepted(struct page *page); @@ -3072,9 +3072,6 @@ static inline long __zone_watermark_unusable_free(struct zone *z, if (!(alloc_flags & ALLOC_CMA)) unusable_free += zone_page_state(z, NR_FREE_CMA_PAGES); #endif -#ifdef CONFIG_UNACCEPTED_MEMORY - unusable_free += zone_page_state(z, NR_UNACCEPTED); -#endif return unusable_free; } @@ -3368,6 +3365,8 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, } } + cond_accept_memory(zone, order); + /* * Detect whether the number of free pages is below high * watermark. If so, we will decrease pcp->high and free @@ -3393,10 +3392,8 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, gfp_mask)) { int ret; - if (has_unaccepted_memory()) { - if (try_to_accept_memory(zone, order)) - goto try_this_zone; - } + if (cond_accept_memory(zone, order)) + goto try_this_zone; #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT /* @@ -3450,10 +3447,8 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, return page; } else { - if (has_unaccepted_memory()) { - if (try_to_accept_memory(zone, order)) - goto try_this_zone; - } + if (cond_accept_memory(zone, order)) + goto try_this_zone; #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT /* Try again if zone has deferred pages */ @@ -6951,9 +6946,6 @@ static bool try_to_accept_memory_one(struct zone *zone) struct page *page; bool last; - if (list_empty(&zone->unaccepted_pages)) - return false; - spin_lock_irqsave(&zone->lock, flags); page = list_first_entry_or_null(&zone->unaccepted_pages, struct page, lru); @@ -6979,23 +6971,29 @@ static bool try_to_accept_memory_one(struct zone *zone) return true; } -static bool try_to_accept_memory(struct zone *zone, unsigned int order) +static bool cond_accept_memory(struct zone *zone, unsigned int order) { long to_accept; - int ret = false; + bool ret = false; + + if (!has_unaccepted_memory()) + return false; + + if (list_empty(&zone->unaccepted_pages)) + return false; /* How much to accept to get to high watermark? */ to_accept = high_wmark_pages(zone) - (zone_page_state(zone, NR_FREE_PAGES) - - __zone_watermark_unusable_free(zone, order, 0)); + __zone_watermark_unusable_free(zone, order, 0) - + zone_page_state(zone, NR_UNACCEPTED)); - /* Accept at least one page */ - do { + while (to_accept > 0) { if (!try_to_accept_memory_one(zone)) break; ret = true; to_accept -= MAX_ORDER_NR_PAGES; - } while (to_accept > 0); + } return ret; } @@ -7038,7 +7036,7 @@ static void accept_page(struct page *page, unsigned int order) { } -static bool try_to_accept_memory(struct zone *zone, unsigned int order) +static bool cond_accept_memory(struct zone *zone, unsigned int order) { return false; } -- 2.43.0

10 months, 3 weeks

2
1
0 0

[PATCH] usb: typec: ucsi: Fix a deadlock in ucsi_send_command_common()

by Heikki Krogerus

The function returns with the ppm_lock held if the PPM is busy or there's an error. Reported-and-tested-by: Luciano Coelho <luciano.coelho(a)intel.com> Fixes: 5e9c1662a89b ("usb: typec: ucsi: rework command execution functions") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/ucsi/ucsi.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index dcd3765cc1f5..432a2d6266d7 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -238,13 +238,10 @@ static int ucsi_send_command_common(struct ucsi *ucsi, u64 cmd, mutex_lock(&ucsi->ppm_lock); ret = ucsi_run_command(ucsi, cmd, &cci, data, size, conn_ack); - if (cci & UCSI_CCI_BUSY) { - ret = ucsi_run_command(ucsi, UCSI_CANCEL, &cci, NULL, 0, false); - return ret ? ret : -EBUSY; - } - - if (cci & UCSI_CCI_ERROR) - return ucsi_read_error(ucsi, connector_num); + if (cci & UCSI_CCI_BUSY) + ret = ucsi_run_command(ucsi, UCSI_CANCEL, &cci, NULL, 0, false) ?: -EBUSY; + else if (cci & UCSI_CCI_ERROR) + ret = ucsi_read_error(ucsi, connector_num); mutex_unlock(&ucsi->ppm_lock); return ret; -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH] driver core: Fix uevent_show() vs driver detach race

by Dan Williams

uevent_show() wants to de-reference dev->driver->name. There is no clean way for a device attribute to de-reference dev->driver unless that attribute is defined via (struct device_driver).dev_groups. Instead, the anti-pattern of taking the device_lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device_lock() is marked lockdep_set_novalidate_class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: ====================================================== WARNING: possible circular locking dependency detected 6.10.0-rc7+ #275 Tainted: G OE N ------------------------------------------------------ modprobe/2374 is trying to acquire lock: ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220 but task is already holding lock: ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&cxl_root_key){+.+.}-{3:3}: __mutex_lock+0x99/0xc30 uevent_show+0xac/0x130 dev_attr_show+0x18/0x40 sysfs_kf_seq_show+0xac/0xf0 seq_read_iter+0x110/0x450 vfs_read+0x25b/0x340 ksys_read+0x67/0xf0 do_syscall_64+0x75/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e -> #0 (kn->active#6){++++}-{0:0}: __lock_acquire+0x121a/0x1fa0 lock_acquire+0xd6/0x2e0 kernfs_drain+0x1e9/0x200 __kernfs_remove+0xde/0x220 kernfs_remove_by_name_ns+0x5e/0xa0 device_del+0x168/0x410 device_unregister+0x13/0x60 devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1c7/0x210 driver_detach+0x47/0x90 bus_remove_driver+0x6c/0xf0 cxl_acpi_exit+0xc/0x11 [cxl_acpi] __do_sys_delete_module.isra.0+0x181/0x260 do_syscall_64+0x75/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e The observation though is that driver objects are typically much longer lived than device objects. It is reasonable to perform lockless de-reference of a @driver pointer even if it is racing detach from a device. Given the infrequency of driver unregistration, use synchronize_rcu() in module_remove_driver() to close any potential races. It is potentially overkill to suffer synchronize_rcu() just to handle the rare module removal racing uevent_show() event. Thanks to Tetsuo Handa for the debug analysis of the syzbot report [1]. Fixes: c0a40097f0bc ("drivers: core: synchronize really_probe() and dev_uevent()") Reported-by: syzbot+4762dd74e32532cda5ff(a)syzkaller.appspotmail.com Reported-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Closes: http://lore.kernel.org/5aa5558f-90a4-4864-b1b1-5d6784c5607d@I-love.SAKURA.n… [1] Link: http://lore.kernel.org/669073b8ea479_5fffa294c1@dwillia2-xfh.jf.intel.com.n… Cc: stable(a)vger.kernel.org Cc: Ashish Sangwan <a.sangwan(a)samsung.com> Cc: Namjae Jeon <namjae.jeon(a)samsung.com> Cc: Dirk Behme <dirk.behme(a)de.bosch.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: "Rafael J. Wysocki" <rafael(a)kernel.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/base/core.c | 13 ++++++++----- drivers/base/module.c | 4 ++++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 2b4c0624b704..b5399262198a 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -25,6 +25,7 @@ #include <linux/mutex.h> #include <linux/pm_runtime.h> #include <linux/netdevice.h> +#include <linux/rcupdate.h> #include <linux/sched/signal.h> #include <linux/sched/mm.h> #include <linux/string_helpers.h> @@ -2640,6 +2641,7 @@ static const char *dev_uevent_name(const struct kobject *kobj) static int dev_uevent(const struct kobject *kobj, struct kobj_uevent_env *env) { const struct device *dev = kobj_to_dev(kobj); + struct device_driver *driver; int retval = 0; /* add device node properties if present */ @@ -2668,8 +2670,12 @@ static int dev_uevent(const struct kobject *kobj, struct kobj_uevent_env *env) if (dev->type && dev->type->name) add_uevent_var(env, "DEVTYPE=%s", dev->type->name); - if (dev->driver) - add_uevent_var(env, "DRIVER=%s", dev->driver->name); + /* Synchronize with module_remove_driver() */ + rcu_read_lock(); + driver = READ_ONCE(dev->driver); + if (driver) + add_uevent_var(env, "DRIVER=%s", driver->name); + rcu_read_unlock(); /* Add common DT information about the device */ of_device_uevent(dev, env); @@ -2739,11 +2745,8 @@ static ssize_t uevent_show(struct device *dev, struct device_attribute *attr, if (!env) return -ENOMEM; - /* Synchronize with really_probe() */ - device_lock(dev); /* let the kset specific function add its keys */ retval = kset->uevent_ops->uevent(&dev->kobj, env); - device_unlock(dev); if (retval) goto out; diff --git a/drivers/base/module.c b/drivers/base/module.c index a1b55da07127..b0b79b9c189d 100644 --- a/drivers/base/module.c +++ b/drivers/base/module.c @@ -7,6 +7,7 @@ #include <linux/errno.h> #include <linux/slab.h> #include <linux/string.h> +#include <linux/rcupdate.h> #include "base.h" static char *make_driver_name(struct device_driver *drv) @@ -97,6 +98,9 @@ void module_remove_driver(struct device_driver *drv) if (!drv) return; + /* Synchronize with dev_uevent() */ + synchronize_rcu(); + sysfs_remove_link(&drv->p->kobj, "module"); if (drv->owner)

10 months, 3 weeks

4
7
0 0

[PATCH v4] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. of_translate_address() is the same. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - added the check of of_translate_address() as suggestions. Changes in v3: - added the patch operations omitted in PATCH v2 RESEND compared to PATCH v2. Sorry for my oversight. Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..f466f12630d3 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,14 +207,24 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); + if (my_addr == OF_BAD_ADDR) + return -EINVAL; for_each_matching_node(np, ti_edac_of_match) { if (np == node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); + if (addr == OF_BAD_ADDR) + return -EINVAL; edac_printk(KERN_INFO, EDAC_MOD_NAME, "addr=%x, my_addr=%x\n", -- 2.25.1

10 months, 3 weeks

1
0
0 0

[PATCH v2] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. of_translate_address() is the same. Found by code review. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the check of of_translate_address() as suggestions. --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..4fbfa338e05f 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (sdram_addr == OF_BAD_ADDR) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

10 months, 3 weeks

1
0
0 0

Re: Patch "ipv4: fix source address selection with route leak" has been added to the 5.15-stable tree

by Nicolas Dichtel

Le 03/08/2024 à 16:55, Sasha Levin a écrit : > This is a note to let you know that I've just added the patch titled > > ipv4: fix source address selection with route leak > > to the 5.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > ipv4-fix-source-address-selection-with-route-leak.patch > and it can be found in the queue-5.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I'm not sure I fully understand the process, but Greg already sent a mail because this patch doesn't compile on the 5.15 stable branch. I sent a backport: https://lore.kernel.org/stable/20240802085305.2749750-1-nicolas.dichtel@6wi… Regards, Nicolas > > > > commit dfd009372d960dc1ccf694e7369d58e63cd133c4 > Author: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> > Date: Wed Jul 10 10:14:27 2024 +0200 > > ipv4: fix source address selection with route leak > > [ Upstream commit 6807352353561187a718e87204458999dbcbba1b ] > > By default, an address assigned to the output interface is selected when > the source address is not specified. This is problematic when a route, > configured in a vrf, uses an interface from another vrf (aka route leak). > The original vrf does not own the selected source address. > > Let's add a check against the output interface and call the appropriate > function to select the source address. > > CC: stable(a)vger.kernel.org > Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") > Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> > Reviewed-by: David Ahern <dsahern(a)kernel.org> > Link: https://patch.msgid.link/20240710081521.3809742-2-nicolas.dichtel@6wind.com > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c > index 3d00253afbb8d..4f1236458c214 100644 > --- a/net/ipv4/fib_semantics.c > +++ b/net/ipv4/fib_semantics.c > @@ -2286,6 +2286,15 @@ void fib_select_path(struct net *net, struct fib_result *res, > fib_select_default(fl4, res); > > check_saddr: > - if (!fl4->saddr) > - fl4->saddr = fib_result_prefsrc(net, res); > + if (!fl4->saddr) { > + struct net_device *l3mdev; > + > + l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); > + > + if (!l3mdev || > + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) > + fl4->saddr = fib_result_prefsrc(net, res); > + else > + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); > + } > }

10 months, 3 weeks

2
3
0 0

Re: [PATCH v2 0/2] Fix mmap memory boundary calculation

by Andi Shyti

Hi Greg, > Andi Shyti (2): > drm/i915/gem: Adjust vma offset for framebuffer mmap offset > drm/i915/gem: Fix Virtual Memory mapping boundaries calculation I have forgotten to Cc the stable mailing list here. These two patches need to be merged together even if only the second patch has the "Fixes:" tag. Is there anything I should still do here? I could have used the "Requires:" tag, but the commit id would change in between merges and rebases. Andi

10 months, 3 weeks

2
1
0 0

Re: Patch "net: move ethtool-related netdev state into its own struct" has been added to the 6.10-stable tree

by Edward Cree

On 05/08/2024 13:19, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > net: move ethtool-related netdev state into its own struct > > to the 6.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-move-ethtool-related-netdev-state-into-its-own-s.patch > and it can be found in the queue-6.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This, and the series it's from, are absolutely not -stable material. The commits do not fix any existing bugs, they are in support of new features (netlink dumping of RSS contexts), and are a fairly large and complex set of changes, which have not even stabilised yet — we have already found issues both within the set and exposed by it in other code, which are being fixed for 6.11. > commit e331e73ff4c5c89a7f51a465ae40a7ad9fcd7a28 > Author: Edward Cree <ecree.xilinx(a)gmail.com> > Date: Thu Jun 27 16:33:46 2024 +0100 > > net: move ethtool-related netdev state into its own struct > > [ Upstream commit 3ebbd9f6de7ec6d538639ebb657246f629ace81e ] > > net_dev->ethtool is a pointer to new struct ethtool_netdev_state, which > currently contains only the wol_enabled field. > > Suggested-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Edward Cree <ecree.xilinx(a)gmail.com> > Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> > Link: https://patch.msgid.link/293a562278371de7534ed1eb17531838ca090633.171950223… > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Stable-dep-of: 7195f0ef7f5b ("ethtool: fix setting key and resetting indir at once") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> As far as I can tell, 7195f0ef7f5b should backport fairly cleanly to 6.10 with only simple textual fuzz. It should not be necessary to backport the "ethtool: track custom RSS contexts in the core" series to support this. The above NAK also applies to the backports of: net-ethtool-attach-an-xarray-of-custom-rss-contexts-.patch net-ethtool-record-custom-rss-contexts-in-the-xarray.patch net-ethtool-add-a-mutex-protecting-rss-contexts.patch which were notified at the same time. -ed

10 months, 3 weeks

2
1
0 0

[PATCH 6.10 000/809] 6.10.3-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.3 release. There are 809 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 02 Aug 2024 09:47:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.3-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.3-rc3 Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: DENYLIST.aarch64: Skip fexit_sleep again Paul Moore <paul(a)paul-moore.com> selinux,smack: remove the capability checks in the removexattr hooks Esben Haabendal <esben(a)geanix.com> powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC James Clark <james.clark(a)linaro.org> perf dso: Fix build when libunwind is enabled Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix mbssid max interface advertisement Seth Forshee (DigitalOcean) <sforshee(a)kernel.org> fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Fix number of DAT/DCT entries for HCI versions < 1.1 Leon Romanovsky <leon(a)kernel.org> nvme-pci: add missing condition check for existence of mapped data Georgia Garcia <georgia.garcia(a)canonical.com> apparmor: unpack transition table if dfa is not present Ming Lei <ming.lei(a)redhat.com> ublk: fix UBLK_CMD_DEL_DEV_ASYNC handling Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_match_task must_hold Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Back off when polling thermal zones on errors Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: trip: Split thermal_zone_device_set_mode() Artem Chernyshev <artem.chernyshev(a)red-soft.ru> iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_cf: Fix endless loop in CF_DIAG event stop Vasily Gorbik <gor(a)linux.ibm.com> s390/setup: Fix __pa/__va for modules under non-GPL licenses Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Allow allocation of more than 1 MSI interrupt Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Refactor arch_setup_msi_irqs() ethanwu <ethanwu(a)synology.com> ceph: fix incorrect kmalloc size of pagevec mempool Anna-Maria Behnsen <anna-maria(a)linutronix.de> timers/migration: Do not rely always on group->parent Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: TAS2781: Fix tasdev_load_calibrated_data() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Limit fair VF LMEM provisioning Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/exec: Fix minor bug related to xe_sync_entry_cleanup Conor Dooley <conor.dooley(a)microchip.com> spi: spidev: add correct compatible for Rohm BH2228FV Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: sof: amd: fix for firmware reload failure in Vangogh platform Curtis Malainey <cujomalainey(a)chromium.org> ASoC: Intel: Fix RT5650 SSP lookup Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASOC: SOF: Intel: hda-loader: only wait for HDaudio IOC for IPC4 devices Bart Van Assche <bvanassche(a)acm.org> nvme-pci: Fix the instructions for disabling power management Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: fix init function not setting the master and motorola modes Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: only disable SPI controller when register value change requires it Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: defer asserting chip select until just before write to TX FIFO Naga Sureshkumar Relli <nagasuresh.relli(a)microchip.com> spi: microchip-core: fix the issues in the isr Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: SOF: imx8m: Fix DSP control regmap retrieval Markus Elfring <elfring(a)users.sourceforge.net> auxdisplay: ht16k33: Drop reference after LED registration Al Viro <viro(a)zeniv.linux.org.uk> lirc: rc_dev_get_from_fd(): fix file leak Al Viro <viro(a)zeniv.linux.org.uk> powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() Xiao Liang <shaw.leon(a)gmail.com> apparmor: Fix null pointer deref when receiving skb during sock creation Dan Carpenter <dan.carpenter(a)linaro.org> mISDN: Fix a use after free in hfcmulti_tx() Stanislav Fomichev <sdf(a)fomichev.me> xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len Fred Li <dracodingfly(a)gmail.com> bpf: Fix a segment issue when downgrading gso_size Breno Leitao <leitao(a)debian.org> net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Petr Machata <petrm(a)nvidia.com> net: nexthop: Initialize all fields in dumped nexthops Simon Horman <horms(a)kernel.org> net: stmmac: Correct byte order of perfect_match Hangbin Liu <liuhangbin(a)gmail.com> selftests: forwarding: skip if kernel not support setting bridge fdb learning limit Shigeru Yoshida <syoshida(a)redhat.com> tipc: Return non-zero value from tipc_udp_addr2str() on error David Howells <dhowells(a)redhat.com> netfs: Fix writeback that needs to go to both server and cache Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo_avx2: disable softinterrupts Wojciech Drewek <wojciech.drewek(a)intel.com> ice: Fix recipe read procedure Johannes Berg <johannes.berg(a)intel.com> net: bonding: correctly annotate RCU in bond_should_notify_peers() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect source address in Record Route option Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Liwei Song <liwei.song.lsong(a)gmail.com> tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Hou Tao <houtao1(a)huawei.com> bpf, events: Use prog to emit ksymbol event for main program Lance Richardson <rlance(a)google.com> dma: fix call order in dmam_free_coherent Michal Luczaj <mhal(a)rbox.co> af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix no-args func prototype BTF dumping syntax Puranjay Mohan <puranjay(a)kernel.org> selftests/bpf: fexit_sleep: Fix stack allocation for arm64 Masahiro Yamada <masahiroy(a)kernel.org> kbuild: avoid build error when single DTB is turned into composite DTB Chao Yu <chao(a)kernel.org> f2fs: fix to update user block counts in block_operations() Daejun Park <daejun7.park(a)samsung.com> f2fs: fix null reference error when checking end of zone Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() Sheng Yong <shengyong(a)oppo.com> f2fs: fix start segno of large section Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix signal blocking race/hang David Gow <davidgow(a)google.com> arch: um: rust: Use the generated target.json again Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time-travel-start option Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Enable reference clock correctly Ma Ke <make24(a)iscas.ac.cn> phy: cadence-torrent: Check return value on register read Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: phy-rockchip-samsung-hdptx: Select CONFIG_MFD_SYSCON Vignesh Raghavendra <vigneshr(a)ti.com> dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels Jeongjun Park <aha310510(a)gmail.com> jfs: Fix array-index-out-of-bounds in diFree Douglas Anderson <dianders(a)chromium.org> kdb: Use the passed prompt in kdb_position_cursor() Arnd Bergmann <arnd(a)arndb.de> kdb: address -Wformat-security warnings Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: qcom: qmp-pcie: restore compatibility with existing DTs Chao Yu <chao(a)kernel.org> f2fs: fix to truncate preallocated blocks in f2fs_file_open() Linus Torvalds <torvalds(a)linux-foundation.org> minmax: scsi: fix mis-use of 'clamp()' in sr.c WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Dryomov <idryomov(a)gmail.com> rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait Dragan Simic <dsimic(a)manjaro.org> drm/panfrost: Mark simple_ondemand governor as softdep Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: don't block scheduler when GPU is still active Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Test register availability before use Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: reset: Prioritise firmware service Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Remove memory node for builtin-dtb Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: env: Hook up Loongsson-2K Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Fix GMAC phy node Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: ip30: ip30-console: Add missing include Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Add ISA node Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Skip over memory region when node value is NULL Gwenael Treuveur <gwenael.treuveur(a)foss.st.com> remoteproc: stm32_rproc: Fix mailbox interrupts queuing Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume rbd_is_lock_owner() for exclusive mappings Eric Biggers <ebiggers(a)kernel.org> dm-verity: fix dm_is_verity_target() when dm-verity is builtin Michael Ellerman <mpe(a)ellerman.id.au> selftests/sigaltstack: Fix ppc64 GCC build Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Jiaxun Yang <jiaxun.yang(a)flygoat.com> platform: mips: cpu_hwmon: Disable driver on unsupported hardware Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd939x: Fix typec mux and switch leak during device removal Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone Thomas Gleixner <tglx(a)linutronix.de> watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Joy Chakraborty <joychakr(a)google.com> rtc: abx80x: Fix return value of nvmem callback on read Joy Chakraborty <joychakr(a)google.com> rtc: isl1208: Fix return value of nvmem callbacks Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Don't switch the LTTPR mode on an active link Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Reset intel_dp->link_trained before retraining the link Ma Ke <make24(a)iscas.ac.cn> drm/amd/amdgpu: Fix uninitialized variable warnings Tim Huang <tim.huang(a)amd.com> drm/amdgpu: add missed harvest check for VCN IP v4/v5 ZhenGuo Yin <zhenguo.yin(a)amd.com> drm/amdgpu: reset vm state machine after gpu reset(vram lost) Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Remove DRM_CONNECTOR_POLL_HPD Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Nitin Gote <nitin.r.gote(a)intel.com> drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix a topa_entry base address calculation Marco Cavenati <cavenati.marco(a)gmail.com> perf/x86/intel/pt: Fix topa_entry base length Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR Kan Liang <kan.liang(a)linux.intel.com> perf stat: Fix the hard-coded metrics calculation on the hybrid Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exec and file release Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exit Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: validate nvme_local_port correctly Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Complete command early within lock Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix flash read failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Reduce fabric scan duplicate code Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Use QP lock to search for bsg Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix for possible memory corruption Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Unable to act on RSCN for port online Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: During vport delete send async logout explicitly Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state Joy Chakraborty <joychakr(a)google.com> rtc: cmos: Fix return value of nvmem callbacks Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> mm/numa_balancing: teach mpol_to_str about the balancing mode Shenwei Wang <shenwei.wang(a)nxp.com> irqchip/imx-irqsteer: Handle runtime power management correctly Mateusz Jończyk <mat.jonczyk(a)o2.pl> md/raid1: set max_sectors during early return from choose_slow_rdev() Herve Codina <herve.codina(a)bootlin.com> irqdomain: Fixed unbalanced fwnode get and put Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix memory leakage caused by driver API devm_free_percpu() Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix devm_krealloc() wasting memory Yijie Yang <quic_yijiyang(a)quicinc.com> dt-bindings: phy: qcom,qmp-usb: fix spelling error Ahmed Zaki <ahmed.zaki(a)intel.com> ice: Add a per-VF limit on number of FDIR filters Bailey Forrest <bcf(a)google.com> gve: Fix an edge case for TSO skb validity check Zijun Hu <quic_zijuhu(a)quicinc.com> kobject_uevent: Fix OOB access within zap_modalias_env() Will Deacon <will(a)kernel.org> arm64: mm: Fix lockless walks with static and dynamic page-table folding Takashi Iwai <tiwai(a)suse.de> ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA Suren Baghdasaryan <surenb(a)google.com> alloc_tag: outline and export free_reserved_page() Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix '-S -c' in x86 stack protector scripts Ross Lagerwall <ross.lagerwall(a)citrix.com> decompress_bunzip2: fix rare decompression failure Ram Tummala <rtummala(a)nvidia.com> mm: fix old/young bit handling in the faulting path Yang Yang <yang.yang(a)vivo.com> block: fix deadlock between sd_remove & sd_release Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: samsung: fix getting Exynos4 fin_pll rate from external clocks Fedor Pchelkin <pchelkin(a)ispras.ru> ubi: eba: properly rollback inside self_check_eba Bastien Curutchet <bastien.curutchet(a)bootlin.com> clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle inconsistent state in nilfs_btnode_create_block() Joy Zou <joy.zou(a)nxp.com> dmaengine: fsl-edma: change the memory access from local into remote mode in i.MX 8QM Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: use meta inode for GC of COW file Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: use meta inode for GC of atomic file Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_convert_inline_inode() Chao Yu <chao(a)kernel.org> f2fs: fix to don't dirty inode for readonly filesystem Chao Yu <chao(a)kernel.org> f2fs: fix to force buffered IO on inline_data inode Herve Codina <herve.codina(a)bootlin.com> ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Huacai Chen <chenhuacai(a)kernel.org> fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed Li Zhijian <lizhijian(a)fujitsu.com> mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() Gao Xiang <xiang(a)kernel.org> erofs: fix race in z_erofs_get_gbuf() Qiang Ma <maqianga(a)uniontech.com> efi/libstub: Zero initialize heap allocated struct screen_info Johannes Berg <johannes.berg(a)intel.com> hostfs: fix dev_t handling tuhaowen <tuhaowen(a)uniontech.com> dev/parport: fix the array out-of-bounds risk Reka Norman <rekanorman(a)chromium.org> xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL Carlos Llamas <cmllamas(a)google.com> binder: fix hang of unregistered readers Huacai Chen <chenhuacai(a)kernel.org> PCI: loongson: Enable MSI in LS7A Root Complex Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Niklas Cassel <cassel(a)kernel.org> PCI: dw-rockchip: Fix initial PERST# GPIO value Wei Liu <wei.liu(a)kernel.org> PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Lukas Wunner <lukas(a)wunner.de> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal John David Anglin <dave(a)mx3210.local> parisc: Fix warning at drivers/pci/msi/msi.h:121 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> hwrng: amd - Convert PCIBIOS_* return codes to errnos Thomas Huth <thuth(a)redhat.com> drm/fbdev-dma: Fix framebuffer mode for big endian devices Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Alan Stern <stern(a)rowland.harvard.edu> tools/memory-model: Fix bug in lock.cat wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Add a quirk for Sonix HD USB Camera Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Move HD Webcam quirk to the right place wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Fix microphone sound on HD webcam. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Force 1 Group for MIDI1 FBs Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Don't update FB name for static blocks Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix wrong value as length of header for CIP_NO_HEADER case Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Fold requested virtual interrupt check into has_nested_events() Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Check for pending posted interrupts when looking for nested events Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Request immediate exit iff pending nested event needs injection Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector Sean Christopherson <seanjc(a)google.com> KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV nestedv2: Add DPDES support in helper library for Guest state buffer Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV nestedv2: Fix doorbell emulation Jason Chen <Jason-ch.Chen(a)mediatek.com> remoteproc: mediatek: Increase MT8188/MT8195 SCP core0 DRAM size Wentong Wu <wentong.wu(a)intel.com> media: ivsc: csi: don't count privacy on as error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Jan Kara <jack(a)suse.cz> jbd2: avoid infinite transaction commit loop Jan Kara <jack(a)suse.cz> jbd2: precompute number of transaction descriptor blocks Jan Kara <jack(a)suse.cz> jbd2: make jbd2_journal_get_max_txn_bufs() internal Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() Tommaso Merciai <tomm.merciai(a)gmail.com> media: i2c: alvium: Move V4L2_CID_GAIN to V4L2_CID_ANALOG_GAIN Wentong Wu <wentong.wu(a)intel.com> media: ivsc: csi: add separate lock for v4l2 control handler Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Thomas Weißschuh <linux(a)weissschuh.net> leds: triggers: Flush pending brightness before activating trigger Ofir Gal <ofir.gal(a)volumez.com> md/md-bitmap: fix writing non bitmap pages Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> leds: ss4200: Convert PCIBIOS_* return codes to errnos Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: soc: xilinx: check return status of get_api_version() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> cpufreq: qcom-nvmem: fix memory leaks in probe error paths Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: usb: Further limit the TX aggregation Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: usb: Fix disconnection after beacon loss Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix HW scan not aborting properly Rafael Beims <rafael.beims(a)toradex.com> wifi: mwifiex: Fix interface type change Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> genirq: Set IRQF_COND_ONESHOT in request_irq() levi.yun <yeoreum.yun(a)arm.com> trace/pid_list: Change gfp flags in pid_list_fill_irq() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't allow netpolling with SETUP_IOPOLL Pavel Begunkov <asml.silence(a)gmail.com> io_uring: tighten task exit cancellations Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix lost getsockopt completions Baokun Li <libaokun1(a)huawei.com> ext4: make sure the first directory block is not a hole Baokun Li <libaokun1(a)huawei.com> ext4: check dot and dotdot of dx_root before making dir indexed Ming Lei <ming.lei(a)redhat.com> block: check bio alignment in blk_mq_submit_bio Paolo Pisati <p.pisati(a)gmail.com> m68k: amiga: Turn off Warp1260 interrupts during boot Jan Kara <jack(a)suse.cz> udf: Avoid using corrupted block bitmap buffer Frederic Weisbecker <frederic(a)kernel.org> task_work: Introduce task_work_cancel() again Frederic Weisbecker <frederic(a)kernel.org> task_work: s/task_work_cancel()/task_work_cancel_func()/ Steve French <stfrench(a)microsoft.com> cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve French <stfrench(a)microsoft.com> cifs: fix reconnect with SMB1 UNIX Extensions Steve French <stfrench(a)microsoft.com> cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: use kvfree_sensitive to free data->data Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Check for NULL pointer Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix optrom version displayed in FDMI Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: fix corruption with high refresh rates on DCN 3.0 Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes Pavel Begunkov <asml.silence(a)gmail.com> io_uring/io-wq: limit retrying worker initialisation Paul Moore <paul(a)paul-moore.com> lsm: fixup the inode xattr capability handling Kory Maincent <kory.maincent(a)bootlin.com> media: i2c: Kconfig: Fix missing firmware upload config select Jan Kara <jack(a)suse.cz> ext2: Verify bitmap and itable block numbers before using them Chao Yu <chao(a)kernel.org> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Thomas Weißschuh <linux(a)weissschuh.net> sysctl: always initialize i_uid/i_gid Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: fix use after free in vdec_close Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Vitor Soares <vitor.soares(a)toradex.com> tpm_tis_spi: add missing attpm20p SPI device ID entry Thomas Weißschuh <linux(a)weissschuh.net> selftests/nolibc: fix printf format mismatch in expect_str_buf_eq() Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Fix offsets for the fixed format sense data Damien Le Moal <dlemoal(a)kernel.org> null_blk: Fix description of the fua parameter Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix spares errors about rcu usage Eric Sandeen <sandeen(a)redhat.com> fuse: verify {g,u}id mount options correctly Tejun Heo <tj(a)kernel.org> sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig Chuck Lever <chuck.lever(a)oracle.com> NFSD: Support write delegations in LAYOUTGET Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use write-back caching mode for system memory on DGFX Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: take care of scope when choosing the src addr Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv4: fix source address selection with route leak Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: fix source address selection with route leak Pavel Begunkov <asml.silence(a)gmail.com> kernel: rerun task_work while freezing in get_signal() Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map use-after-free when adding pages to compressed bio Lai Jiangshan <jiangshan.ljs(a)antgroup.com> workqueue: Always queue work items to the newest PWQ for order workqueues Chengen Du <chengen.du(a)canonical.com> af_packet: Handle outgoing VLAN packets without hardware offloading Breno Leitao <leitao(a)debian.org> net: netconsole: Disable target before netpoll cleanup Yu Liao <liaoyu15(a)huawei.com> tick/broadcast: Make takeover of broadcast hrtimer reliable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: thermal: correct thermal zone node name limit Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal/drivers/broadcom: Fix race between removal and clock disable Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential deadlock on __exfat_get_dentry_set Takashi Sakamoto <o-takashi(a)sakamocchi.jp> Revert "firewire: Annotate struct fw_iso_packet with __counted_by()" Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Revert to heap allocated boot_params for PE entrypoint Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid returning EFI_SUCCESS on error Yu Zhao <yuzhao(a)google.com> mm/mglru: fix ineffective protection calculation Yu Zhao <yuzhao(a)google.com> mm/mglru: fix overshooting shrinker memory Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Yu Zhao <yuzhao(a)google.com> mm/mglru: fix div-by-zero in vmpressure_calc_level() Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix possible recursive locking detected warning Aristeu Rozanski <aris(a)redhat.com> hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Gavin Shan <gshan(a)redhat.com> mm/huge_memory: avoid PMD-size page cache if needed Yang Shi <yang(a)os.amperecomputing.com> mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Jann Horn <jannh(a)google.com> landlock: Don't lose track of restrictions on cred_transfer Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add cred_transfer test Jason-JH.Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() Peng Fan <peng.fan(a)nxp.com> mailbox: imx: fix TXDB_V2 channel race condition Andrew Davis <afd(a)ti.com> mailbox: omap: Fix mailbox interrupt sharing Richard Genoud <richard.genoud(a)bootlin.com> remoteproc: k3-r5: Fix IPC-only mode detection Nícolas F. R. A. Prado <nfraprado(a)collabora.com> remoteproc: mediatek: Don't attempt to remap l1tcm memory if missing Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Check TIF_LOAD_WATCH to enable user space watchpoint Yang Yang <yang.yang(a)vivo.com> sbitmap: fix io hung due to race on sbitmap_word::cleared Suren Baghdasaryan <surenb(a)google.com> alloc_tag: fix page_ext_get/page_ext_put sequence during page splitting Suren Baghdasaryan <surenb(a)google.com> lib: reuse page_ext_data() to obtain codetag_ref Suren Baghdasaryan <surenb(a)google.com> lib: add missing newline character in the warning message Carlos López <clopez(a)suse.de> s390/dasd: fix error checks in dasd_copy_pair_store() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: fix size given to set_huge_pte_at() Heming Zhao <heming.zhao(a)suse.com> md-cluster: fix hanging issue while a new disk adding Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed error return Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix the format of the "nocase" mount option Csókás, Bence <csokas.bence(a)prolan.hu> rtc: interface: Add RTC offset to alarm after fix-up Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro SeongJae Park <sj(a)kernel.org> selftests/damon/access_memory: use user-defined region size David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: properly detect PM_MMAP_EXCLUSIVE per page of PMD-mapped THPs David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: don't indicate PM_MMAP_EXCLUSIVE without PM_PRESENT David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TPU suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TCLK suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: FIX PWM suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix IRQ suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix CANFD5 suffix Richard Genoud <richard.genoud(a)bootlin.com> rtc: tps6594: Fix memleak in probe Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix field-spanning write in INDEX_HDR Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> fs/ntfs3: Drop stray '\' (backslash) in formatting string Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct undo if ntfs_create_inode failed Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Replace inode_trylock with inode_lock Peng Fan <peng.fan(a)nxp.com> pinctrl: freescale: mxs: Fix refcount of child Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak when pinctrl_enable() fails Dmitry Yashin <dmt.yashin(a)gmail.com> pinctrl: rockchip: update rk3308 iomux routes Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add missing .dirty_folio in address_space_operations Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix getting file type Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Deny getting attr data block in compressed frame Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix transform resident to nonresident for compressed files Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT Martin Willi <martin(a)strongswan.org> net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Martin Willi <martin(a)strongswan.org> net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in fibmatch route get reply Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in route get reply Pablo Neira Ayuso <pablo(a)netfilter.org> net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Joshua Washington <joshwash(a)google.com> gve: Fix XDP TX completion handling when counters overflow Chen Hanxiao <chenhx.fnst(a)fujitsu.com> ipvs: properly dereference pe in ip_vs_add_service Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo: fix initial map fill Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: ctnetlink: use helper function to calculate expect ID Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Fix fallback march for SB1 Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Set correct device into ib Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: set node_guid Jack Wang <jinpu.wang(a)ionos.com> bnxt_re: Fix imm_data endianness David Ahern <dsahern(a)kernel.org> RDMA: Fix netdev tracker in ib_device_set_netdev David Gstir <david(a)sigma-star.at> crypto: mxs-dcp - Ensure payload is zero when using key slot Jon Pan-Doh <pandoh(a)google.com> iommu/vt-d: Fix identity map bounds in si_domain_init() Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix mbx timing out before CMD execution is completed Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix insufficient extend DB for VFs. Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix undifined behavior caused by invalid max_sge Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix missing pagesize and alignment check in FRMR Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatch exception handling when init eq table fails Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup under heavy CEQE load Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Check atomic wr length Nick Bowler <nbowler(a)draconx.ca> macintosh/therm_windtunnel: fix module unload. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/xmon: Fix disassembly CPU feature checks Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix aligned pages in calculate_psi_aligned_address() Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Limit max address mask to MAX_AGAW_PFN_WIDTH Frank Li <Frank.Li(a)nxp.com> PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom-ep: Disable resources unconditionally during PERST# assert Dominique Martinet <dominique.martinet(a)atmark-techno.com> MIPS: Octeron: remove source file executable bit Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: fix rate divider for slic and spi clocks Stephen Boyd <swboyd(a)chromium.org> clk: qcom: Park shared RCGs upon registration Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Set parent rate for USB3 sec and tert PHY pipe clks Chen Ni <nichen(a)iscas.ac.cn> clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error Nivas Varadharajan Mugunthakumar <nivasx.varadharajan.mugunthakumar(a)intel.com> crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Heiko Stuebner <heiko.stuebner(a)cherry.de> nvmem: rockchip-otp: set add_legacy_fixed_of_cells config option Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages Denis Arefev <arefev(a)swemel.ru> net: missing check virtio Michael S. Tsirkin <mst(a)redhat.com> vhost/vsock: always initialize seqpacket_allow Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Clean up error handling in vpci_scan_bus() Georgi Djakov <quic_c_gdjako(a)quicinc.com> iommu/arm-smmu-qcom: Register the TBU driver in qcom_smmu_impl_init Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: amd: Adjust error handling in case of absent codec device Guenter Roeck <linux(a)roeck-us.net> eeprom: ee1004: Call i2c_new_scanned_device to instantiate thermal sensor Christoph Schlameuss <schlameuss(a)linux.ibm.com> kvm: s390: Reject memory region operations for ucontrol VMs Benjamin Marzinski <bmarzins(a)redhat.com> dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Fix halt_check for all pipe clocks Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - do not leave interrupt disabled on suspend failure Leon Romanovsky <leon(a)kernel.org> RDMA/device: Return error earlier if port in not valid Arnd Bergmann <arnd(a)arndb.de> mtd: make mtd_test.c a separate module Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Check iova_bitmap_done() after set ahead Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Fix tests to use MOCK_PAGE_SIZE based buffer sizes Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Add tests for <= u8 bitmap sizes Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Fix iommufd_test_dirty() to handle <u8 bitmaps Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Fix dirty bitmap tests with u8 bitmaps Chen Ni <nichen(a)iscas.ac.cn> ASoC: max98088: Check for clk_prepare_enable() error Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/prom: Add CPU info to hardware description string later Harald Freudenberger <freude(a)linux.ibm.com> hwrng: core - Fix wrong quality calculation at hw rng registration Huai-Yuan Liu <qq810974084(a)gmail.com> scsi: lpfc: Fix a possible null pointer dereference Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() Honggang LI <honggangli(a)163.com> RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in alias_GUID.c Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in mad.c Andrei Lalaev <andrei.lalaev(a)anton-paar.com> Input: qt1050 - handle CHIP_ID reading error Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: winbond: fix w25q128 regression Leon Romanovsky <leon(a)kernel.org> RDMA/cache: Release GID table even if leak is detected Hao Ge <gehao(a)kylinos.cn> ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe() Neil Armstrong <neil.armstrong(a)linaro.org> usb: typec-mux: nb7vpq904m: unregister typec switch on probe error and remove Neil Armstrong <neil.armstrong(a)linaro.org> usb: typec-mux: ptn36502: unregister typec switch on probe error and remove Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: cs35l56: Accept values greater than 0 as IRQ numbers Shenghao Ding <shenghao-ding(a)ti.com> ASoc: tas2781: Enable RCA-based playback without DSP firmware download Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec_file: fix cpus node update to FDT Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE James Clark <james.clark(a)arm.com> coresight: Fix ref leak when of_coresight_parse_endpoint() fails Shivaprasad G Bhat <sbhat(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix the get_one_reg of SDAR Shivaprasad G Bhat <sbhat(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 Mostafa Saleh <smostafa(a)google.com> iommu/arm-smmu-v3: Avoid uninitialized asid in case of error Nuno Sa <nuno.sa(a)analog.com> iio: adc: adi-axi-adc: don't allow concurrent enable/disable calls Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: frequency: adrf6780: rm clk provider include Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad9467: use DMA safe buffer for spi Xianwei Zhao <xianwei.zhao(a)amlogic.com> clk: meson: s4: fix pwm_j_div parent clock Xianwei Zhao <xianwei.zhao(a)amlogic.com> clk: meson: s4: fix fixed_pll_dco clock Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock Lothar Rubusch <l.rubusch(a)gmail.com> crypto: atmel-sha204a - fix negated return value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: tegra - Remove an incorrect iommu_fwspec_free() call in tegra_se_remove() Minwoo Im <minwoo.im(a)samsung.com> scsi: ufs: mcq: Fix missing argument 'hba' in MCQ_OPR_OFFSET_n Andy Chiu <andy.chiu(a)sifive.com> riscv: smp: fail booting up smp if inconsistent vlen is detected Jon Hunter <jonathanh(a)nvidia.com> PCI: tegra194: Set EP alignment restriction for inbound ATU Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Don't enable BAR 0 for AM654x Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix resource double counting on remove & rescan Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Chenyuan Yang <chenyuan0y(a)gmail.com> iio: Fix the sorting functionality in iio_gts_build_avail_time_table Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup gss_status tracepoint error output Christoph Hellwig <hch(a)lst.de> nfs: pass explicit offset/count to trace events Luke D. Jones <luke(a)ljones.dev> platform/x86: asus-wmi: fix TUF laptop RGB variant Ian Rogers <irogers(a)google.com> perf dso: Fix address sanitizer build Andreas Larsson <andreas(a)gaisler.com> sparc64: Fix incorrect function signature and add prototype for prom_cif_init Dan Carpenter <dan.carpenter(a)linaro.org> leds: flash: leds-qcom-flash: Test the correct variable in init Thomas Zimmermann <tzimmermann(a)suse.de> drm/qxl: Pin buffer objects for internal mappings Jan Kara <jack(a)suse.cz> ext4: avoid writing unitialized memory to disk in EA inodes Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: don't track ranges in fast_commit if inode has inlined data Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server NeilBrown <neilb(a)suse.de> SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix rpcrdma_reqs_reset() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mfd: omap-usb-tll: Use struct_size to allocate tll Arnd Bergmann <arnd(a)arndb.de> mfd: rsmu: Split core code into separate module Steven Price <steven.price(a)arm.com> drm/panthor: Record devfreq busy as soon as a job is started Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix exclude_guest setting Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix aux_watermark calculation for 64-bit size Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: flush all buffers in output plane streamoff Namhyung Kim <namhyung(a)kernel.org> perf stat: Fix a segfault with --per-cluster --metric-only Michael Walle <mwalle(a)kernel.org> drm/mediatek/dp: Fix spurious kfree() Michael Walle <mwalle(a)kernel.org> drm/mediatek: dpi/dsi: Fix possible_crtcs calculation Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Add null check before access structs Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix infinite loop when replaying fast_commit Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Remove less-than-zero comparison of an unsigned value Geert Uytterhoeven <geert+renesas(a)glider.be> drm/panic: Do not select DRM_KMS_HELPER Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: depends on !VT_CONSOLE Luca Ceresoli <luca.ceresoli(a)bootlin.com> Revert "leds: led-core: Fix refcount leak in of_led_get()" Anjelique Melendez <quic_amelende(a)quicinc.com> leds: rgb: leds-qcom-lpg: Add PPG check for setting/clearing PBS triggers Chen Ni <nichen(a)iscas.ac.cn> drm/qxl: Add check for drm_cvt_mode Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix DMA direction handling for cached RW buffers Namhyung Kim <namhyung(a)kernel.org> perf report: Fix condition in sort__sym_cmp() Junhao He <hejunhao3(a)huawei.com> perf pmus: Fixes always false when compare duplicates aliases Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load James Clark <james.clark(a)arm.com> perf test: Make test_arm_callgraph_fp.sh more robust Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> platform/arm64: build drivers even on non-ARM64 platforms Geert Uytterhoeven <geert+renesas(a)glider.be> drm/panic: Fix off-by-one logo size checks Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: only draw the foreground color in drm_panic_blit() Karolina Stolarek <karolina.stolarek(a)intel.com> drm/ttm/tests: Fix a warning in ttm_bo_unreserve_bulk Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: set video mode widebus enable bit when widebus is enabled Hans de Goede <hdegoede(a)redhat.com> leds: trigger: Unregister sysfs attributes before calling deactivate() Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Drop initial source change event if capture has been setup Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/a6xx: Fix A702 UBWC mode Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/a6xx: use __unused__ to fix compiler warnings for gen7_* includes Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Set DRM mode configs accordingly Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add OVL compatible name for MT8195 Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Turn off the layers with zero width or height Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Fix destination alpha error in OVL Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Fix XRGB setting error in Mixer Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Fix XRGB setting error in OVL Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Use 8-bit alpha in ETHDR Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add missing plane settings when async update Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> drm/ttm/tests: Let ttm_bo_test consider different ww_mutex implementation. Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Store RPF partition configuration per RPF instance Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix _irqsave and _irq mix Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Cleanup subdevice in remove() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Disable runtime_pm in probe error Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Set SU area width as pipe src width Sean Anderson <sean.anderson(a)linux.dev> drm: zynqmp_kms: Fix AUX bus not getting unregistered Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() Daniel Schaefer <dhs(a)frame.work> media: uvcvideo: Override default flags Oleksandr Natalenko <oleksandr(a)natalenko.name> media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 Conor Dooley <conor.dooley(a)microchip.com> media: i2c: imx219: fix msr access command sequence Ricardo Ribalda <ribalda(a)chromium.org> media: c8sectpfe: Add missing parameter names Aleksandr Burakov <a.burakov(a)rosalinux.ru> saa7134: Unchecked i2c_transfer function result fixed Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: use pre-allocated temp structure for bounding box Dan Carpenter <dan.carpenter(a)linaro.org> ipmi: ssif_bmc: prevent integer overflow on 32bit systems Jiri Olsa <jolsa(a)kernel.org> x86/shstk: Make return uprobe work with shadow stack Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Print Panel Replay status instead of frame lock status Jouni Högander <jouni.hogander(a)intel.com> drm/i915/display: Skip Panel Replay on pipe comparison if no active planes Adam Ford <aford173(a)gmail.com> drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix unreasonable data conversion Irui Wang <irui.wang(a)mediatek.com> media: mediatek: vcodec: Handle invalid decoder vsi Ian Rogers <irogers(a)google.com> perf maps: Fix use after free in __maps__fixup_overlap_and_insert Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: fix runtime_pm handling in dp_wait_hpd_asserted Junhao Xie <bigfoot(a)classfun.cn> drm/msm/dpu: drop duplicate drm formats from wb2_formats arrays Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Revert "drm/msm/dpu: drop dpu_encoder_phys_ops.atomic_mode_set" Barnabás Czémán <trabarni(a)gmail.com> drm/msm/dpu: fix encoder irq wait skip David Hildenbrand <david(a)redhat.com> s390/uv: Don't call folio_wait_writeback() without a folio reference Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix type mismatch in amdgpu_gfx_kiq_init_ring ChiYuan Huang <cy_huang(a)richtek.com> media: v4l: async: Fix NULL pointer dereference in adding ancillary links Ricardo Ribalda <ribalda(a)chromium.org> media: i2c: hi846: Fix V4L2_SUBDEV_FORMAT_TRY get_selection() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: i2c: Fix imx412 exposure control Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Use enable boolean from intel_crtc_state for Early Transport Ricardo Ribalda <ribalda(a)chromium.org> media: imon: Fix race getting ictx->lock Zheng Yejian <zhengyejian1(a)huawei.com> media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: Move 'struct scaler_data' off stack Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: fix graphics_object_id size Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: dynamically allocate dml2_configuration_options structures Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix snprintf usage in amdgpu_gfx_kiq_init_ring Kuro Chung <kuro.chung(a)ite.com.tw> drm/bridge: it6505: fix hibernate to resume no display issue Douglas Anderson <dianders(a)chromium.org> drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators Douglas Anderson <dianders(a)chromium.org> drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better Tim Van Patten <timvp(a)google.com> drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix memory range calculation Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix aldebaran pcie speed reporting Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: lg-sw43408: add missing error handling Douglas Anderson <dianders(a)chromium.org> drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() Douglas Anderson <dianders(a)chromium.org> drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() Jouni Högander <jouni.hogander(a)intel.com> drm/i915/display: Do not print "psr: enabled" for on Panel Replay Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Rename has_psr2 as has_sel_update Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Fix CU Masking for GFX 9.4.3 Faiz Abbas <faiz.abbas(a)arm.com> drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the port mux of VP2 Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't access uninit tcp_rsk(req)->ao_keyid in tcp_create_openreq_child(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix usage of __hci_cmd_sync_status Elliot Ayrey <elliot.ayrey(a)alliedtelesis.co.nz> net: bridge: mst: Check vlan state for egress decision Taehee Yoo <ap420073(a)gmail.com> xdp: fix invalid wait context of page_pool_destroy() Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: hci_core, hci_sync: cleanup struct discovery_state Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: hci_event: Set QoS encryption from BIGInfo report Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Add handling for boot-signature timeout errors Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix irq leak Kiran K <kiran.k(a)intel.com> Bluetooth: btintel: Refactor btintel_set_ppag() Sven Peter <sven(a)svenpeter.dev> Bluetooth: hci_bcm4377: Use correct unit for timeouts Amit Cohen <amcohen(a)nvidia.com> selftests: forwarding: devlink_lib: Wait for udev events after reloading Kory Maincent <kory.maincent(a)bootlin.com> net: ethtool: pse-pd: Fix possible null-deref Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Do not return EOPNOSUPP if config is null Tengda Wu <wutengda(a)huaweicloud.com> bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Jeff Layton <jlayton(a)kernel.org> nfsd: nfsd_file_lease_notifier_call gets a file_lease as an argument Shung-Hsi Yu <shung-hsi.yu(a)suse.com> bpf: fix overflow check in adjust_jmp_off() Alan Maguire <alan.maguire(a)oracle.com> bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Alan Maguire <alan.maguire(a)oracle.com> bpf: annotate BTF show functions with __printf Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Fix closing IMC fds on error and open-code R+W instead of loops Puranjay Mohan <puranjay(a)kernel.org> bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Geliang Tang <geliang(a)kernel.org> selftests/bpf: Close obj in error path in xdp_adjust_tail Geliang Tang <geliang(a)kernel.org> selftests/bpf: Null checks for links in bpf_tcp_ca Geliang Tang <geliang(a)kernel.org> selftests/bpf: Close fd in error path in drop_on_reuseport John Stultz <jstultz(a)google.com> locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Johannes Berg <johannes.berg(a)intel.com> wifi: virt_wifi: don't use strlen() in const context Johannes Berg <johannes.berg(a)intel.com> net: page_pool: fix warning code Gaosheng Cui <cuigaosheng1(a)huawei.com> gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsdcld warning Benjamin Tissoires <bentiss(a)kernel.org> bpf: helpers: fix bpf_wq_set_callback_impl signature En-Wei Wu <en-wei.wu(a)canonical.com> wifi: virt_wifi: avoid reporting connection success with wrong SSID Jianbo Liu <jianbol(a)nvidia.com> xfrm: call xfrm_dev_policy_delete when kill policy Jianbo Liu <jianbol(a)nvidia.com> xfrm: fix netdev reference count imbalance Aleksandr Mishin <amishin(a)t-argos.ru> wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Fix DF and UMC domain identification Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Avoid PMU registration if counters are unavailable Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix default aux_watermark calculation Adrian Hunter <adrian.hunter(a)intel.com> perf: Prevent passing zero nr_pages to rb_alloc_aux() Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix perf_aux_size() for greater-than 32-bit size Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation Ilya Leoshkevich <iii(a)linux.ibm.com> bpf: Fix atomic probe zero-extension Tao Chen <chen.dylane(a)gmail.com> bpftool: Mount bpffs when pinmaps path not under the bpffs Pu Lehui <pulehui(a)huawei.com> riscv, bpf: Fix out-of-bounds issue when preparing trampoline image Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Export symbol xfrm_dev_state_delete. Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: 8188f: Limit TX power index Kuan-Chung Chen <damon.chen(a)realtek.com> wifi: rtw89: 8852b: fix definition of KIP register number Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: wow: fix GTK offload H2C skbuff issue Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix peer metadata parsing Aloka Dixit <quic_alokad(a)quicinc.com> wifi: ath12k: advertise driver capabilities for MBSSID and EMA Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: always unblock EMLSR on ROC end Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: correcty limit wider BW TDLS STAs Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add ieee80211_tdls_sta_link_id() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rise cap on SELinux secmark context Ismael Luceno <iluceno(a)suse.de> ipvs: Avoid unnecessary calls to skb_is_gso_sctp Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Fix unregister netdevice hang on hardware offload. Antoine Tenart <atenart(a)kernel.org> libbpf: Skip base btf sanity checks Donglin Peng <dolinux.peng(a)gmail.com> libbpf: Checking the btf_type kind when fixing variable offsets Jiri Olsa <jolsa(a)kernel.org> bpf: Change bpf_session_cookie return value to __u64 * Lukasz Majewski <lukma(a)denx.de> net: dsa: ksz_common: Allow only up to two HSR HW offloaded ports for KSZ9477 Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Fix FEC_ECR_EN1588 being cleared on link-down Jan Kara <jack(a)suse.cz> udf: Fix bogus checksum computation in udf_rename() Antony Antony <antony.antony(a)secunet.com> xfrm: Log input direction mismatch error in one place Antony Antony <antony.antony(a)secunet.com> xfrm: Fix input error path memory access Daniel Xu <dxu(a)dxuuu.xyz> bpf: Make bpf_session_cookie() kfunc return long * Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: separate non-BSS/ROC EMLSR blocking Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: fix re-enabling EMLSR Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: expose can-monitor channel property Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: ath12k: fix per pdev debugfs registration Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix ACPI warning when resume Thomas Gleixner <tglx(a)linutronix.de> jump_label: Fix concurrency issues in static_key_slow_dec() Thomas Gleixner <tglx(a)linutronix.de> perf/x86: Serialize set_attr_rdpmc() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix object nesting warning Ido Schimmel <idosch(a)nvidia.com> lib: objagg: Fix general protection fault Sean Christopherson <seanjc(a)google.com> sched/core: Drop spinlocks on contention iff kernel is preemptible Sean Christopherson <seanjc(a)google.com> sched/core: Move preempt_model_*() helpers from sched.h to preempt.h Jan Kara <jack(a)suse.cz> udf: Fix lock ordering in udf_evict_inode() Geliang Tang <geliang(a)kernel.org> selftests/bpf: Check length of recv in test_sockmap Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Andrii Nakryiko <andrii(a)kernel.org> libbpf: keep FD_CLOEXEC flag when dup()'ing FD Arnd Bergmann <arnd(a)arndb.de> hns3: avoid linking objects into multiple modules Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_v[46]_err() Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_abort() Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_write_err() Eric Dumazet <edumazet(a)google.com> tcp: add tcp_done_with_error() helper Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Restore TSO support Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix wrong definition of CE ring's base address Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong definition of CE ring's base address Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: 8852c: correct logic and restore PCI PHY EQ after device resume P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix firmware crash during reo reinject P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix invalid memory access while processing fragmented packets P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: change DMA direction while mapping reinjected packets Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: restore country code during resume Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: refactor setting country code logic Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reset negotiated TTLM on disconnect Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: cancel TTLM teardown work earlier Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: cancel multi-link reconf work on disconnect Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix TTLM teardown work Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: don't skip link selection Hagar Hemdan <hagarhem(a)amazon.com> net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: 8852b: restore setting for RFE type 5 after device resume Geliang Tang <geliang(a)kernel.org> selftests/bpf: Fix prog numbers in test_sockmap Ivan Babrou <ivan(a)cloudflare.com> bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix Smatch warnings on ath12k_core_suspend() Nithyanantham Paramasivam <quic_nithp(a)quicinc.com> wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure Pradeep Kumar Chitrapu <quic_pradeepc(a)quicinc.com> wifi: ath12k: Correct 6 GHz frequency value in rx status Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath12k: avoid duplicated vdev stop Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: drop failed transmitted frames from metric calculation. Sven Eckelmann <sven(a)narfation.org> wifi: ath12k: Don't drop tx_status in failure case Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Do not complete if there are no waiters Christophe Leroy <christophe.leroy(a)csgroup.eu> vmlinux.lds.h: catch .bss..L* sections into BSS") Tom Lendacky <thomas.lendacky(a)amd.com> x86/sev: Do RMP memory coverage check after max_pfn has been set Yanjun Yang <yangyj.ee(a)gmail.com> ARM: Remove address checking for MMUless devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: spitz: fix GPIO assignment for backlight Thorsten Blum <thorsten.blum(a)toblux.com> m68k: cmpxchg: Fix return value for default case in __arch_xchg() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fixes PHY reset for Lunzn Fastrhino R68S Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: disable display subsystem for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: remove unused usb2 nodes for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fix pmu_io supply for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fix usb regulator for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fix regulator name for Lunzn Fastrhino R6xS Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu Dang Huynh <danct12(a)riseup.net> arm64: dts: qcom: qrb4210-rb2: Correct max current draw for VBUS Chen Ni <nichen(a)iscas.ac.cn> x86/xen: Convert comma to semicolon Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix USB HS PHY 0.8V supply Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp: Fix pgc vpu locations Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp: Fix pgc_mlmix location Eero Tamminen <oak(a)helsinkinet.fi> m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a08g045: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779h0: Drop "opp-shared" from opp-table-0 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: setup hdmi system clock Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: add power domain to hdmitx Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: gx: correct hdmi clocks AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-mutex: Add MDP_TCC0 mod to MT8188 mutex table Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix wake-on-X event node names Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Fix the value of `dlg,jack-det-rate` mismatch Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7981: fix code alignment for PWM clocks Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Add off-on-delay-us for pp3300_mipibrdg Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: medaitek: mt8395-nio-12l: Set i2c6 pins to bias-disable AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8192: Fix GPU thermal zone name for SVS AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Fix GPU thermal zone name for SVS Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix board reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: sm1: fix spdif compatibles Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Increase VOP clk rate on RK3328 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: fix parsing of domains lists Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: protect locator_addr with the main mutex Sibi Sankar <quic_sibis(a)quicinc.com> soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove Komal Bajaj <quic_kbajaj(a)quicinc.com> arm64: dts: qcom: qdu1000: Add secure qfprom node Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: qcom: sc7180-trogdor: Disable pwmleds node where unused Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62p5-sk: Fix pinmux for McASP1 TX Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am625-phyboard-lyra-rdk: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62-verdin: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am625-beagleplay: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62p5: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62a7: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62x: Drop McASP AFIFOs Vaishnav Achath <vaishnav.a(a)ti.com> arm64: dts: ti: k3-j722s: Fix main domain GPIO count Josua Mayer <josua(a)solid-run.com> arm64: dts: ti: k3-am642-hummingboard-t: correct rs485 rts polarity Jayesh Choudhary <j-choudhary(a)ti.com> arm64: dts: ti: k3-am62p-main: Fix the reg-range for main_pktdma Jayesh Choudhary <j-choudhary(a)ti.com> arm64: dts: ti: k3-am62a-main: Fix the reg-range for main_pktdma Jayesh Choudhary <j-choudhary(a)ti.com> arm64: dts: ti: k3-am62-main: Fix the reg-range for main_pktdma Esben Haabendal <esben(a)geanix.com> memory: fsl_ifc: Make FSL_IFC config visible and selectable Primoz Fiser <primoz.fiser(a)norik.com> OPP: ti: Fix ti_opp_supply_probe wrong return values Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc8280xp: Throttle the GPU when overheating Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc8280xp-*: Remove thermal zone polling delays Primoz Fiser <primoz.fiser(a)norik.com> cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: make L9A always-on Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Add arm,no-tick-in-suspend to STM32MP15xx STGEN timer Pavel Löbl <pavel(a)loebl.cz> ARM: dts: sunxi: remove duplicated entries in makefile Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> soc: xilinx: rename cpu_number1 to dummy_cpu_number Sagar Cheluvegowda <quic_scheluve(a)quicinc.com> arm64: dts: qcom: sa8775p: mark ethernet devices as DMA-coherent Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996: specify UFS core_clk frequencies Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Fix missing cleanup on error in _opp_attach_genpd() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> cpufreq: sun50i: fix memory leak in dt_has_supported_hw() Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s Stephen Boyd <swboyd(a)chromium.org> soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers Chen Ni <nichen(a)iscas.ac.cn> soc: qcom: pmic_glink: Handle the return value of pmic_glink_init Marc Gonzalez <mgonzalez(a)freebox.fr> arm64: dts: qcom: msm8998: enable adreno_smmu by default Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm850-lenovo-yoga-c630: fix IPA firmware path Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6350: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6115: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc8180x: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7180: drop extra UFS PHY compat Rayyan Ansari <rayyan(a)ansari.sh> ARM: dts: qcom: msm8226-microsoft-common: Enable smbb explicitly Viken Dadhaniya <quic_vdadhani(a)quicinc.com> arm64: dts: qcom: sc7280: Remove CTS/RTS configuration Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: sc8180x: Correct PCIe slave ports Konrad Dybcio <konrad.dybcio(a)linaro.org> soc: qcom: socinfo: Update X1E PMICs Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix swapped temp{1,8} critical alarms Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix underflow when writing limit attributes Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/display/xe_hdcp_gsc: Free arbiter on driver removal Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: atmel-tcb: Fix race condition and convert to guards Yao Zi <ziyao(a)disroot.org> drm/meson: fix canvas release in bind function Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmet-auth: fix nvmet_auth hash error handling Jinjie Ruan <ruanjinjie(a)huawei.com> arm64: smp: Fix missing IPI statistics Adam Ford <aford173(a)gmail.com> drm/bridge: adv7511: Fix Intermittent EDID failures Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Always do lazy disabling Dan Carpenter <dan.carpenter(a)linaro.org> hwmon: (ltc2991) re-order conditions to fix off by one bug Benjamin Marzinski <bmarzins(a)redhat.com> md/raid5: recheck if reshape has finished with device_lock held Yu Kuai <yukuai3(a)huawei.com> md: Don't wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl Rob Herring (Arm) <robh(a)kernel.org> perf: arm_pmuv3: Avoid assigning fixed cycle counter with threshold Christoph Hellwig <hch(a)lst.de> xen-blkfront: fix sector_size propagation to the block layer Bart Van Assche <bvanassche(a)acm.org> block/mq-deadline: Fix the tag reservation code Bart Van Assche <bvanassche(a)acm.org> block: Call .limit_depth() after .hctx has been set Wayne Tung <chineweff(a)gmail.com> hwmon: (adt7475) Fix default duty on fan is disabled Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Josh Poimboeuf <jpoimboe(a)kernel.org> x86/syscall: Mark exit[_group] syscall handlers __noreturn Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/xen: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/of: Return consistent error type from x86_of_pci_irq_enable() Chao Yu <chao(a)kernel.org> hfsplus: fix to avoid false alarm of circular locking Masahiro Yamada <masahiroy(a)kernel.org> x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix remote root partition creation problem Waiman Long <longman(a)redhat.com> cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls Gabriel Krisman Bertazi <krisman(a)suse.de> io_uring: Fix probe of disabled operations Damien Le Moal <dlemoal(a)kernel.org> dm: Call dm_revalidate_zones() after setting the queue limits Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Christoph Hellwig <hch(a)lst.de> ubd: untagle discard vs write zeroes not support handling Christoph Hellwig <hch(a)lst.de> ubd: refactor the interrupt handler Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_debugfs: fix wrong EC message version Christoph Hellwig <hch(a)lst.de> md/raid1: don't free conf on raid0_run failure Christoph Hellwig <hch(a)lst.de> md/raid0: don't free conf on raid0_run failure Li Nan <linan122(a)huawei.com> md: fix deadlock between mddev_suspend and flush bio Frederic Weisbecker <frederic(a)kernel.org> rcu/tasks: Fix stale task snaphot for Tasks Trace Arnd Bergmann <arnd(a)arndb.de> EDAC, i10nm: make skx_common.o a separate module Chen Ni <nichen(a)iscas.ac.cn> spi: atmel-quadspi: Add missing check for clk_prepare Prajna Rajendra Kumar <prajna.rajendrakumar(a)microchip.com> spi: spi-microchip-core: Fix the number of chip selects supported ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/powerpc/kvm-nested.rst | 4 +- .../phy/qcom,sc8280xp-qmp-usb3-uni-phy.yaml | 2 +- .../devicetree/bindings/thermal/thermal-zones.yaml | 5 +- Documentation/networking/xsk-tx-metadata.rst | 16 +- Documentation/virt/kvm/api.rst | 12 + Makefile | 4 +- arch/arm/boot/dts/allwinner/Makefile | 62 -- .../arm/boot/dts/nxp/imx/imx6q-kontron-samx6i.dtsi | 23 - .../boot/dts/nxp/imx/imx6qdl-kontron-samx6i.dtsi | 14 +- .../dts/qcom/qcom-msm8226-microsoft-common.dtsi | 4 + arch/arm/boot/dts/st/stm32mp151.dtsi | 1 + arch/arm/mach-pxa/spitz.c | 30 +- arch/arm/mm/fault.c | 4 +- arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 5 + arch/arm64/boot/dts/amlogic/meson-g12.dtsi | 4 + arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 10 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 10 +- arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 8 +- arch/arm64/boot/dts/freescale/imx8mp.dtsi | 89 +-- .../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7981b.dtsi | 8 +- .../dts/mediatek/mt8183-kukui-audio-da7219.dtsi | 2 +- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 8 +- .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8192.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +- .../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 +- .../arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 - arch/arm64/boot/dts/qcom/qcm6490-fairphone-fp5.dts | 1 - arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 1 - arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 1 - arch/arm64/boot/dts/qcom/qdu1000.dtsi | 15 + arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 4 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 + .../boot/dts/qcom/sc7180-trogdor-lazor-r1-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r1-lte.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r10-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r10-lte.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r3-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r3-lte.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r9-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r9-lte.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 5 +- arch/arm64/boot/dts/qcom/sc7180.dtsi | 3 +- arch/arm64/boot/dts/qcom/sc7280-idp.dtsi | 1 - arch/arm64/boot/dts/qcom/sc7280-qcard.dtsi | 1 - arch/arm64/boot/dts/qcom/sc7280.dtsi | 14 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 8 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 +- arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi | 4 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 28 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + .../boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 1 + arch/arm64/boot/dts/qcom/sm6115.dtsi | 2 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 + arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 5 +- arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 5 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 5 +- arch/arm64/boot/dts/renesas/r8a779h0.dtsi | 1 - arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 5 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 5 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 5 +- arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 5 +- arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3566-roc-pc.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 +- .../boot/dts/rockchip/rk3568-fastrhino-r66s.dts | 4 + .../boot/dts/rockchip/rk3568-fastrhino-r66s.dtsi | 48 +- .../boot/dts/rockchip/rk3568-fastrhino-r68s.dts | 16 +- arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 - arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 4 - arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 - .../boot/dts/ti/k3-am625-phyboard-lyra-rdk.dts | 2 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 2 - arch/arm64/boot/dts/ti/k3-am62p-main.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 4 +- arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 2 - arch/arm64/boot/dts/ti/k3-am642-hummingboard-t.dts | 1 - arch/arm64/boot/dts/ti/k3-j722s.dtsi | 8 + arch/arm64/include/asm/pgtable.h | 22 + arch/arm64/kernel/smp.c | 6 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/loongarch/kernel/hw_breakpoint.c | 2 +- arch/loongarch/kernel/ptrace.c | 3 + arch/m68k/amiga/config.c | 9 + arch/m68k/atari/ataints.c | 6 +- arch/m68k/include/asm/cmpxchg.h | 2 +- arch/mips/Makefile | 2 +- arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 2 + arch/mips/include/asm/mips-cm.h | 4 + arch/mips/kernel/smp-cps.c | 5 +- arch/mips/loongson64/env.c | 8 + arch/mips/loongson64/reset.c | 38 +- arch/mips/loongson64/smp.c | 23 +- arch/mips/pci/pcie-octeon.c | 0 arch/mips/sgi-ip30/ip30-console.c | 1 + arch/parisc/Kconfig | 1 + arch/powerpc/configs/85xx-hw.config | 2 + arch/powerpc/include/asm/guest-state-buffer.h | 3 +- arch/powerpc/include/asm/kvm_book3s.h | 1 + arch/powerpc/kernel/prom.c | 12 +- arch/powerpc/kexec/core_64.c | 55 +- arch/powerpc/kvm/book3s_hv.c | 9 +- arch/powerpc/kvm/book3s_hv_nestedv2.c | 7 + arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/kvm/test-guest-state-buffer.c | 2 +- arch/powerpc/mm/nohash/8xx.c | 3 +- arch/powerpc/xmon/ppc-dis.c | 33 +- arch/riscv/kernel/head.S | 19 +- arch/riscv/kernel/smpboot.c | 14 +- arch/riscv/net/bpf_jit_comp64.c | 18 +- arch/s390/kernel/perf_cpum_cf.c | 14 +- arch/s390/kernel/setup.c | 2 +- arch/s390/kernel/uv.c | 8 + arch/s390/kvm/kvm-s390.c | 3 + arch/s390/pci/pci_irq.c | 110 ++-- arch/sparc/include/asm/oplib_64.h | 1 + arch/sparc/prom/init_64.c | 3 - arch/sparc/prom/p1275.c | 2 +- arch/um/drivers/ubd_kern.c | 50 +- arch/um/kernel/time.c | 4 +- arch/um/os-Linux/signal.c | 118 +++- arch/x86/Kconfig.assembler | 2 +- arch/x86/Makefile.um | 1 + arch/x86/entry/syscall_32.c | 10 +- arch/x86/entry/syscall_64.c | 9 +- arch/x86/entry/syscall_x32.c | 7 +- arch/x86/entry/syscalls/syscall_32.tbl | 6 +- arch/x86/entry/syscalls/syscall_64.tbl | 6 +- arch/x86/events/amd/uncore.c | 28 +- arch/x86/events/core.c | 3 + arch/x86/events/intel/cstate.c | 7 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/pt.c | 4 +- arch/x86/events/intel/pt.h | 4 +- arch/x86/events/intel/uncore_snbep.c | 6 +- arch/x86/include/asm/kvm-x86-ops.h | 1 - arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/include/asm/shstk.h | 2 + arch/x86/kernel/devicetree.c | 2 +- arch/x86/kernel/shstk.c | 11 + arch/x86/kernel/uprobes.c | 7 +- arch/x86/kvm/vmx/main.c | 1 - arch/x86/kvm/vmx/nested.c | 47 +- arch/x86/kvm/vmx/posted_intr.h | 10 + arch/x86/kvm/vmx/vmx.c | 31 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/vmx/x86_ops.h | 1 - arch/x86/kvm/x86.c | 14 +- arch/x86/pci/intel_mid_pci.c | 4 +- arch/x86/pci/xen.c | 4 +- arch/x86/platform/intel/iosf_mbi.c | 4 +- arch/x86/um/sys_call_table_32.c | 10 +- arch/x86/um/sys_call_table_64.c | 11 +- arch/x86/virt/svm/sev.c | 44 +- arch/x86/xen/p2m.c | 4 +- block/bio-integrity.c | 11 +- block/blk-mq.c | 32 +- block/genhd.c | 2 +- block/mq-deadline.c | 20 +- drivers/android/binder.c | 4 +- drivers/ata/libata-scsi.c | 176 ++--- drivers/auxdisplay/ht16k33.c | 1 + drivers/base/devres.c | 11 +- drivers/block/null_blk/main.c | 2 +- drivers/block/rbd.c | 35 +- drivers/block/ublk_drv.c | 5 +- drivers/block/xen-blkfront.c | 16 +- drivers/bluetooth/btintel.c | 119 +--- drivers/bluetooth/btintel_pcie.c | 6 + drivers/bluetooth/btnxpuart.c | 52 +- drivers/bluetooth/btusb.c | 4 + drivers/bluetooth/hci_bcm4377.c | 2 +- drivers/bus/mhi/ep/main.c | 14 +- drivers/char/hw_random/amd-rng.c | 4 +- drivers/char/hw_random/core.c | 4 +- drivers/char/ipmi/ssif_bmc.c | 6 +- drivers/char/tpm/eventlog/common.c | 2 + drivers/char/tpm/tpm_tis_spi_main.c | 1 + drivers/clk/clk-en7523.c | 9 +- drivers/clk/davinci/da8xx-cfgchip.c | 4 +- drivers/clk/meson/s4-peripherals.c | 2 +- drivers/clk/meson/s4-pll.c | 5 + drivers/clk/qcom/camcc-sc7280.c | 5 + drivers/clk/qcom/clk-rcg2.c | 32 + drivers/clk/qcom/gcc-sa8775p.c | 40 ++ drivers/clk/qcom/gcc-sc7280.c | 3 + drivers/clk/qcom/gcc-x1e80100.c | 46 +- drivers/clk/qcom/gpucc-sa8775p.c | 41 +- drivers/clk/qcom/gpucc-sm8350.c | 5 +- drivers/clk/qcom/kpss-xcc.c | 4 +- drivers/clk/samsung/clk-exynos4.c | 13 +- drivers/cpufreq/amd-pstate-ut.c | 12 +- drivers/cpufreq/amd-pstate.c | 43 +- drivers/cpufreq/qcom-cpufreq-nvmem.c | 13 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 4 +- drivers/cpufreq/ti-cpufreq.c | 2 +- drivers/crypto/atmel-sha204a.c | 2 +- drivers/crypto/ccp/sev-dev.c | 8 +- drivers/crypto/intel/qat/qat_common/adf_cfg.c | 6 +- drivers/crypto/mxs-dcp.c | 3 +- drivers/crypto/tegra/tegra-se-main.c | 1 - drivers/dma/fsl-edma-common.c | 3 + drivers/dma/fsl-edma-common.h | 1 + drivers/dma/fsl-edma-main.c | 2 +- drivers/dma/ti/k3-udma.c | 4 +- drivers/edac/Makefile | 10 +- drivers/edac/skx_common.c | 21 +- drivers/edac/skx_common.h | 4 +- drivers/firmware/efi/libstub/screen_info.c | 2 + drivers/firmware/efi/libstub/x86-stub.c | 25 +- drivers/firmware/turris-mox-rwtm.c | 23 +- drivers/gpu/drm/Kconfig | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 9 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 + drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c | 2 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 6 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 6 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 6 + drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 +- drivers/gpu/drm/amd/display/dc/dc.h | 1 + .../drm/amd/display/dc/dml2/dml2_mall_phantom.c | 2 + .../amd/display/dc/dml2/dml2_translation_helper.c | 56 +- .../gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.c | 15 +- .../gpu/drm/amd/display/dc/optc/dcn20/dcn20_optc.c | 10 + .../amd/display/dc/resource/dcn32/dcn32_resource.c | 12 +- .../display/dc/resource/dcn321/dcn321_resource.c | 12 +- .../gpu/drm/amd/display/include/grph_object_id.h | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 +- drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 43 +- drivers/gpu/drm/bridge/adv7511/adv7511.h | 2 +- drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 13 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +- drivers/gpu/drm/bridge/ite-it6505.c | 81 ++- drivers/gpu/drm/bridge/samsung-dsim.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 +- drivers/gpu/drm/drm_fbdev_dma.c | 3 +- drivers/gpu/drm/drm_panic.c | 70 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 +- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 + drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 + .../gpu/drm/i915/display/intel_crtc_state_dump.c | 7 +- drivers/gpu/drm/i915/display/intel_display.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 4 +- .../gpu/drm/i915/display/intel_dp_link_training.c | 55 +- drivers/gpu/drm/i915/display/intel_fbc.c | 2 +- drivers/gpu/drm/i915/display/intel_psr.c | 36 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 6 +- drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 107 +-- drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 8 +- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 41 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 2 +- drivers/gpu/drm/mediatek/mtk_dp.c | 10 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 5 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 24 + drivers/gpu/drm/mediatek/mtk_drm_drv.h | 4 + drivers/gpu/drm/mediatek/mtk_dsi.c | 5 +- drivers/gpu/drm/mediatek/mtk_ethdr.c | 21 +- drivers/gpu/drm/mediatek/mtk_plane.c | 4 +- drivers/gpu/drm/meson/meson_drv.c | 37 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 13 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 7 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys.h | 5 + .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 32 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 13 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 6 - drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 +- drivers/gpu/drm/msm/dp/dp_aux.c | 5 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 6 +- drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/panel/panel-himax-hx8394.c | 3 +- drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 8 +- drivers/gpu/drm/panel/panel-lg-sw43408.c | 33 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + drivers/gpu/drm/panthor/panthor_sched.c | 1 + drivers/gpu/drm/qxl/qxl_display.c | 17 +- drivers/gpu/drm/qxl/qxl_object.c | 13 +- drivers/gpu/drm/qxl/qxl_object.h | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 48 +- drivers/gpu/drm/ttm/tests/ttm_kunit_helpers.c | 7 +- drivers/gpu/drm/ttm/tests/ttm_kunit_helpers.h | 3 +- drivers/gpu/drm/ttm/tests/ttm_pool_test.c | 4 +- drivers/gpu/drm/ttm/tests/ttm_resource_test.c | 2 +- drivers/gpu/drm/ttm/tests/ttm_tt_test.c | 20 +- drivers/gpu/drm/udl/udl_modeset.c | 3 +- drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 12 +- drivers/gpu/drm/xe/xe_bo.c | 47 +- drivers/gpu/drm/xe/xe_bo_types.h | 3 +- drivers/gpu/drm/xe/xe_exec.c | 14 +- drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 1 + drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 1 + drivers/gpu/drm/xlnx/zynqmp_kms.c | 12 +- drivers/hwmon/adt7475.c | 2 +- drivers/hwmon/ltc2991.c | 4 +- drivers/hwmon/max6697.c | 5 +- drivers/hwtracing/coresight/coresight-platform.c | 4 +- drivers/i3c/master/mipi-i3c-hci/core.c | 8 + drivers/iio/adc/ad9467.c | 65 +- drivers/iio/adc/adi-axi-adc.c | 2 + drivers/iio/frequency/adrf6780.c | 1 - drivers/iio/industrialio-gts-helper.c | 7 +- drivers/infiniband/core/cache.c | 14 +- drivers/infiniband/core/device.c | 14 +- drivers/infiniband/core/iwcm.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 +- drivers/infiniband/hw/hns/hns_roce_device.h | 7 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 164 +++-- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 + drivers/infiniband/hw/hns/hns_roce_mr.c | 5 + drivers/infiniband/hw/hns/hns_roce_qp.c | 4 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 2 +- drivers/infiniband/hw/mana/device.c | 16 +- drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 + drivers/infiniband/hw/mlx5/odp.c | 6 +- drivers/infiniband/sw/rxe/rxe_req.c | 7 +- drivers/input/keyboard/qt1050.c | 7 +- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/interconnect/qcom/qcm2290.c | 2 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom-debug.c | 17 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 39 ++ drivers/iommu/arm/arm-smmu/arm-smmu-qcom.h | 2 + drivers/iommu/intel/cache.c | 3 +- drivers/iommu/intel/iommu.c | 2 +- drivers/iommu/iommufd/iova_bitmap.c | 5 +- drivers/iommu/iommufd/selftest.c | 2 +- drivers/iommu/sprd-iommu.c | 2 +- drivers/irqchip/irq-imx-irqsteer.c | 24 +- drivers/isdn/hardware/mISDN/hfcmulti.c | 7 +- drivers/leds/flash/leds-mt6360.c | 5 +- drivers/leds/flash/leds-qcom-flash.c | 10 +- drivers/leds/led-class.c | 1 - drivers/leds/led-triggers.c | 8 +- drivers/leds/leds-ss4200.c | 7 +- drivers/leds/rgb/leds-qcom-lpg.c | 8 +- drivers/leds/trigger/ledtrig-timer.c | 5 - drivers/macintosh/therm_windtunnel.c | 2 +- drivers/mailbox/imx-mailbox.c | 10 +- drivers/mailbox/mtk-cmdq-mailbox.c | 12 +- drivers/mailbox/omap-mailbox.c | 3 +- drivers/md/dm-raid.c | 7 +- drivers/md/dm-table.c | 15 +- drivers/md/dm-verity-target.c | 16 +- drivers/md/dm-zone.c | 25 +- drivers/md/dm.h | 1 + drivers/md/md-bitmap.c | 6 +- drivers/md/md-cluster.c | 22 +- drivers/md/md.c | 32 +- drivers/md/raid0.c | 21 +- drivers/md/raid1.c | 15 +- drivers/md/raid5.c | 76 ++- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/alvium-csi2.c | 6 +- drivers/media/i2c/hi846.c | 2 +- drivers/media/i2c/imx219.c | 2 +- drivers/media/i2c/imx412.c | 9 +- drivers/media/pci/intel/ivsc/mei_csi.c | 14 +- drivers/media/pci/ivtv/ivtv-udma.c | 8 + drivers/media/pci/ivtv/ivtv-yuv.c | 6 + drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/pci/saa7134/saa7134-dvb.c | 8 +- .../mediatek/vcodec/decoder/vdec/vdec_vp8_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 6 + drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 3 + drivers/media/platform/nxp/imx-pxp.c | 3 + drivers/media/platform/qcom/venus/vdec.c | 3 +- drivers/media/platform/renesas/rcar-csi2.c | 5 +- drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 +- drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 +- drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 +- drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 +- .../platform/st/sti/c8sectpfe/c8sectpfe-debugfs.h | 4 +- .../platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 4 +- drivers/media/rc/imon.c | 5 +- drivers/media/rc/lirc_dev.c | 4 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 +- drivers/media/usb/uvc/uvc_ctrl.c | 9 +- drivers/media/usb/uvc/uvc_driver.c | 12 +- drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/media/v4l2-core/v4l2-async.c | 3 + drivers/memory/Kconfig | 2 +- drivers/mfd/Makefile | 6 +- drivers/mfd/omap-usb-tll.c | 3 +- drivers/mfd/rsmu_core.c | 2 + drivers/misc/eeprom/ee1004.c | 6 +- drivers/mtd/nand/raw/Kconfig | 3 +- drivers/mtd/spi-nor/winbond.c | 2 + drivers/mtd/tests/Makefile | 34 +- drivers/mtd/tests/mtd_test.c | 9 + drivers/mtd/ubi/eba.c | 3 +- drivers/net/bonding/bond_main.c | 7 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/microchip/ksz_common.c | 7 + drivers/net/dsa/mv88e6xxx/chip.c | 3 +- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 +- drivers/net/ethernet/cortina/gemini.c | 23 +- drivers/net/ethernet/freescale/fec_main.c | 6 + drivers/net/ethernet/google/gve/gve_tx.c | 5 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 +- drivers/net/ethernet/hisilicon/hns3/Makefile | 11 +- .../hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 11 + .../hisilicon/hns3/hns3_common/hclge_comm_rss.c | 14 + .../hns3/hns3_common/hclge_comm_tqp_stats.c | 5 + drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 + drivers/net/ethernet/intel/ice/ice_switch.c | 8 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +- .../ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 +- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 - .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 19 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/netconsole.c | 2 +- drivers/net/pse-pd/pse_core.c | 4 +- drivers/net/virtio_net.c | 8 +- drivers/net/wireless/ath/ath11k/ce.h | 6 +- drivers/net/wireless/ath/ath11k/core.c | 29 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 3 +- drivers/net/wireless/ath/ath11k/dp_rx.h | 3 + drivers/net/wireless/ath/ath11k/mac.c | 28 +- drivers/net/wireless/ath/ath11k/reg.c | 14 +- drivers/net/wireless/ath/ath11k/reg.h | 4 +- drivers/net/wireless/ath/ath12k/acpi.c | 2 + drivers/net/wireless/ath/ath12k/ce.h | 6 +- drivers/net/wireless/ath/ath12k/core.c | 7 +- drivers/net/wireless/ath/ath12k/dp.c | 18 +- drivers/net/wireless/ath/ath12k/dp.h | 1 + drivers/net/wireless/ath/ath12k/dp_rx.c | 67 +- drivers/net/wireless/ath/ath12k/dp_tx.c | 47 +- drivers/net/wireless/ath/ath12k/hal_desc.h | 48 +- drivers/net/wireless/ath/ath12k/hw.c | 8 +- drivers/net/wireless/ath/ath12k/hw.h | 3 +- drivers/net/wireless/ath/ath12k/mac.c | 17 +- drivers/net/wireless/ath/ath12k/wmi.c | 23 +- drivers/net/wireless/ath/ath12k/wmi.h | 12 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 +- drivers/net/wireless/intel/iwlwifi/mvm/link.c | 9 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 10 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 9 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/realtek/rtl8xxxu/8188f.c | 15 + drivers/net/wireless/realtek/rtw88/mac.c | 9 + drivers/net/wireless/realtek/rtw88/main.h | 2 + drivers/net/wireless/realtek/rtw88/reg.h | 1 + drivers/net/wireless/realtek/rtw88/rtw8703b.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8723d.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8821c.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8822b.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 1 + drivers/net/wireless/realtek/rtw88/usb.c | 6 +- drivers/net/wireless/realtek/rtw89/debug.c | 2 +- drivers/net/wireless/realtek/rtw89/fw.c | 13 +- drivers/net/wireless/realtek/rtw89/mac.c | 5 +- drivers/net/wireless/realtek/rtw89/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/rtw8852b.c | 6 +- drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 2 +- drivers/net/wireless/virtual/virt_wifi.c | 20 +- drivers/nvme/host/pci.c | 5 +- drivers/nvme/target/auth.c | 14 +- drivers/nvmem/rockchip-otp.c | 1 + drivers/opp/core.c | 6 +- drivers/opp/ti-opp-supply.c | 6 +- drivers/parport/procfs.c | 24 +- drivers/pci/controller/dwc/pci-keystone.c | 156 +++-- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 - drivers/pci/controller/dwc/pcie-tegra194.c | 1 + drivers/pci/controller/pci-hyperv.c | 4 +- drivers/pci/controller/pci-loongson.c | 13 + drivers/pci/controller/pcie-rcar-host.c | 6 +- drivers/pci/controller/pcie-rockchip.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 14 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +- drivers/pci/pci.c | 6 +- drivers/pci/setup-bus.c | 6 +- drivers/perf/arm_pmuv3.c | 10 +- drivers/phy/cadence/phy-cadence-torrent.c | 3 + drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 9 +- drivers/phy/rockchip/Kconfig | 2 + drivers/phy/xilinx/phy-zynqmp.c | 14 +- drivers/pinctrl/core.c | 12 +- drivers/pinctrl/freescale/pinctrl-mxs.c | 4 +- drivers/pinctrl/pinctrl-rockchip.c | 17 +- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 716 ++++++++++----------- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 11 +- drivers/platform/Makefile | 2 +- drivers/platform/chrome/cros_ec_debugfs.c | 1 + drivers/platform/mips/cpu_hwmon.c | 3 + drivers/platform/x86/asus-wmi.c | 6 +- drivers/power/supply/ab8500_charger.c | 16 +- drivers/power/supply/ingenic-battery.c | 10 +- drivers/pwm/pwm-atmel-tcb.c | 12 +- drivers/pwm/pwm-stm32.c | 5 +- drivers/remoteproc/imx_rproc.c | 10 +- drivers/remoteproc/mtk_scp.c | 21 +- drivers/remoteproc/stm32_rproc.c | 2 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 13 +- drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-abx80x.c | 12 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-isl1208.c | 11 +- drivers/rtc/rtc-tps6594.c | 4 - drivers/s390/block/dasd_devmap.c | 10 +- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 2 +- drivers/scsi/lpfc/lpfc_sli.c | 19 +- drivers/scsi/qla2xxx/qla_bsg.c | 98 +-- drivers/scsi/qla2xxx/qla_def.h | 17 +- drivers/scsi/qla2xxx/qla_gbl.h | 6 +- drivers/scsi/qla2xxx/qla_gs.c | 473 +++++++------- drivers/scsi/qla2xxx/qla_init.c | 92 ++- drivers/scsi/qla2xxx/qla_inline.h | 8 + drivers/scsi/qla2xxx/qla_mid.c | 2 +- drivers/scsi/qla2xxx/qla_nvme.c | 5 +- drivers/scsi/qla2xxx/qla_os.c | 19 +- drivers/scsi/qla2xxx/qla_sup.c | 108 +++- drivers/scsi/sr_ioctl.c | 2 +- drivers/soc/mediatek/mtk-mutex.c | 1 + drivers/soc/qcom/icc-bwmon.c | 4 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soc/qcom/pmic_glink.c | 13 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/soc/qcom/rpmh.c | 1 - drivers/soc/qcom/socinfo.c | 3 +- drivers/soc/xilinx/xlnx_event_manager.c | 15 +- drivers/soc/xilinx/zynqmp_power.c | 4 +- drivers/spi/atmel-quadspi.c | 11 +- drivers/spi/spi-microchip-core.c | 139 ++-- drivers/spi/spidev.c | 1 + drivers/thermal/broadcom/bcm2835_thermal.c | 19 +- drivers/thermal/thermal_core.c | 89 ++- drivers/thermal/thermal_core.h | 10 +- drivers/ufs/core/ufs-mcq.c | 10 +- drivers/usb/host/xhci-pci.c | 4 +- drivers/usb/typec/mux/nb7vpq904m.c | 7 +- drivers/usb/typec/mux/ptn36502.c | 11 +- drivers/vhost/vsock.c | 4 +- drivers/video/fbdev/vesafb.c | 2 +- drivers/watchdog/rzg2l_wdt.c | 22 +- fs/btrfs/compression.c | 2 +- fs/ceph/super.c | 3 +- fs/erofs/zutil.c | 3 + fs/exfat/dir.c | 2 +- fs/ext2/balloc.c | 11 +- fs/ext4/extents_status.c | 2 + fs/ext4/fast_commit.c | 6 + fs/ext4/namei.c | 73 ++- fs/ext4/xattr.c | 6 + fs/f2fs/checkpoint.c | 10 +- fs/f2fs/data.c | 10 +- fs/f2fs/f2fs.h | 19 +- fs/f2fs/file.c | 47 +- fs/f2fs/gc.c | 13 +- fs/f2fs/inline.c | 8 +- fs/f2fs/inode.c | 14 +- fs/f2fs/segment.c | 6 +- fs/f2fs/segment.h | 3 +- fs/fuse/inode.c | 24 +- fs/hfs/inode.c | 3 + fs/hfsplus/bfind.c | 15 +- fs/hfsplus/extents.c | 9 +- fs/hfsplus/hfsplus_fs.h | 21 + fs/hostfs/hostfs.h | 7 +- fs/hostfs/hostfs_kern.c | 10 +- fs/hostfs/hostfs_user.c | 7 +- fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 56 +- fs/jbd2/transaction.c | 45 +- fs/jfs/jfs_imap.c | 5 +- fs/netfs/write_issue.c | 1 + fs/nfs/file.c | 5 +- fs/nfs/nfs4client.c | 6 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/nfstrace.h | 36 +- fs/nfs/read.c | 8 +- fs/nfs/write.c | 10 +- fs/nfsd/Kconfig | 2 +- fs/nfsd/filecache.c | 2 +- fs/nfsd/nfs4proc.c | 5 +- fs/nfsd/nfs4recover.c | 4 +- fs/nilfs2/btnode.c | 25 +- fs/nilfs2/btree.c | 4 +- fs/nilfs2/segment.c | 2 +- fs/ntfs3/attrib.c | 30 +- fs/ntfs3/bitmap.c | 2 +- fs/ntfs3/dir.c | 3 +- fs/ntfs3/file.c | 5 +- fs/ntfs3/frecord.c | 2 +- fs/ntfs3/fslog.c | 5 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/inode.c | 13 +- fs/ntfs3/ntfs.h | 12 +- fs/ntfs3/super.c | 4 +- fs/proc/proc_sysctl.c | 6 +- fs/proc/task_mmu.c | 30 +- fs/smb/client/cifsfs.c | 8 +- fs/smb/client/connect.c | 24 +- fs/super.c | 11 + fs/udf/balloc.c | 15 +- fs/udf/file.c | 2 + fs/udf/inode.c | 11 +- fs/udf/namei.c | 2 - fs/udf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 2 +- include/drm/drm_mipi_dsi.h | 46 +- include/linux/alloc_tag.h | 2 +- include/linux/bpf_verifier.h | 2 +- include/linux/firewire.h | 5 +- include/linux/huge_mm.h | 12 +- include/linux/hugetlb.h | 1 + include/linux/interrupt.h | 2 +- include/linux/jbd2.h | 12 +- include/linux/lsm_hook_defs.h | 1 + include/linux/mlx5/qp.h | 9 +- include/linux/mm.h | 16 +- include/linux/objagg.h | 1 - include/linux/perf_event.h | 1 + include/linux/pgalloc_tag.h | 7 +- include/linux/preempt.h | 41 ++ include/linux/sbitmap.h | 5 + include/linux/sched.h | 41 -- include/linux/screen_info.h | 10 + include/linux/spinlock.h | 14 +- include/linux/task_work.h | 3 +- include/linux/virtio_net.h | 11 + include/net/bluetooth/hci_core.h | 4 - include/net/ip6_route.h | 22 +- include/net/ip_fib.h | 1 + include/net/mana/mana.h | 2 + include/net/tcp.h | 1 + include/net/xfrm.h | 36 +- include/sound/tas2781-dsp.h | 11 +- include/trace/events/rpcgss.h | 2 +- include/uapi/drm/xe_drm.h | 8 +- include/uapi/linux/if_xdp.h | 4 + include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/zorro_ids.h | 3 + include/ufs/ufshcd.h | 6 + io_uring/io-wq.c | 10 +- io_uring/io_uring.c | 5 +- io_uring/napi.c | 2 + io_uring/opdef.c | 8 + io_uring/opdef.h | 4 +- io_uring/register.c | 2 +- io_uring/timeout.c | 2 +- io_uring/uring_cmd.c | 2 +- kernel/bpf/btf.c | 10 +- kernel/bpf/helpers.c | 2 +- kernel/bpf/verifier.c | 5 +- kernel/cgroup/cpuset.c | 76 ++- kernel/debug/kdb/kdb_io.c | 6 +- kernel/dma/mapping.c | 2 +- kernel/events/core.c | 77 ++- kernel/events/internal.h | 2 +- kernel/events/ring_buffer.c | 4 +- kernel/irq/irqdomain.c | 7 +- kernel/irq/manage.c | 2 +- kernel/jump_label.c | 45 +- kernel/locking/rwsem.c | 6 +- kernel/rcu/tasks.h | 10 + kernel/sched/core.c | 37 +- kernel/sched/fair.c | 7 +- kernel/sched/sched.h | 2 +- kernel/signal.c | 8 + kernel/task_work.c | 34 +- kernel/time/tick-broadcast.c | 23 + kernel/time/timer_migration.c | 33 +- kernel/time/timer_migration.h | 12 +- kernel/trace/pid_list.c | 4 +- kernel/watchdog_perf.c | 11 +- kernel/workqueue.c | 6 +- lib/decompress_bunzip2.c | 3 +- lib/kobject_uevent.c | 17 +- lib/objagg.c | 18 +- lib/sbitmap.c | 36 +- mm/huge_memory.c | 14 +- mm/hugetlb.c | 49 +- mm/memory.c | 2 +- mm/mempolicy.c | 18 +- mm/mmap_lock.c | 175 +---- mm/page_alloc.c | 35 +- mm/vmscan.c | 83 ++- net/bluetooth/hci_core.c | 27 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/hci_sync.c | 2 - net/bridge/br_forward.c | 4 +- net/core/filter.c | 15 +- net/core/flow_dissector.c | 2 +- net/core/page_pool.c | 2 +- net/core/xdp.c | 4 +- net/ethtool/pse-pd.c | 8 +- net/ipv4/esp4.c | 3 +- net/ipv4/esp4_offload.c | 7 + net/ipv4/fib_semantics.c | 13 +- net/ipv4/fib_trie.c | 1 + net/ipv4/nexthop.c | 7 +- net/ipv4/route.c | 18 +- net/ipv4/tcp.c | 8 +- net/ipv4/tcp_input.c | 32 +- net/ipv4/tcp_ipv4.c | 11 +- net/ipv4/tcp_minisocks.c | 15 +- net/ipv4/tcp_timer.c | 6 +- net/ipv6/addrconf.c | 3 +- net/ipv6/esp6.c | 3 +- net/ipv6/esp6_offload.c | 7 + net/ipv6/ip6_output.c | 1 + net/ipv6/route.c | 2 +- net/ipv6/tcp_ipv6.c | 10 +- net/mac80211/chan.c | 11 + net/mac80211/main.c | 2 +- net/mac80211/mlme.c | 15 +- net/mac80211/sta_info.h | 6 + net/mac80211/tx.c | 6 +- net/netfilter/ipvs/ip_vs_ctl.c | 10 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 3 +- net/netfilter/nft_set_pipapo.c | 4 +- net/netfilter/nft_set_pipapo.h | 21 + net/netfilter/nft_set_pipapo_avx2.c | 22 +- net/packet/af_packet.c | 86 ++- net/smc/smc_core.c | 5 +- net/sunrpc/auth_gss/gss_krb5_keys.c | 2 +- net/sunrpc/clnt.c | 3 +- net/sunrpc/xprtrdma/frwr_ops.c | 3 +- net/sunrpc/xprtrdma/verbs.c | 16 +- net/tipc/udp_media.c | 5 +- net/unix/af_unix.c | 41 +- net/unix/unix_bpf.c | 3 + net/wireless/nl80211.c | 3 + net/wireless/util.c | 8 +- net/xdp/xdp_umem.c | 9 +- net/xfrm/xfrm_input.c | 8 +- net/xfrm/xfrm_policy.c | 5 +- net/xfrm/xfrm_state.c | 65 +- net/xfrm/xfrm_user.c | 1 - scripts/Kconfig.include | 3 +- scripts/Makefile.lib | 6 +- scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- scripts/syscalltbl.sh | 18 +- security/apparmor/lsm.c | 7 + security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 43 +- security/keys/keyctl.c | 2 +- security/landlock/cred.c | 11 +- security/security.c | 70 +- security/selinux/hooks.c | 38 +- security/smack/smack_lsm.c | 34 +- sound/core/ump.c | 13 + sound/firewire/amdtp-stream.c | 3 +- sound/pci/hda/patch_realtek.c | 6 +- sound/soc/amd/acp-es8336.c | 4 +- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/codecs/max98088.c | 10 +- sound/soc/codecs/pcm6240.c | 6 +- sound/soc/codecs/tas2781-fmwlib.c | 20 +- sound/soc/codecs/tas2781-i2c.c | 39 +- sound/soc/codecs/wcd939x.c | 113 ++-- sound/soc/fsl/fsl_qmc_audio.c | 2 + sound/soc/intel/common/soc-acpi-intel-ssp-common.c | 9 + sound/soc/intel/common/soc-intel-quirks.h | 2 +- sound/soc/qcom/lpass-cpu.c | 4 + sound/soc/sof/amd/pci-vangogh.c | 1 - sound/soc/sof/imx/imx8m.c | 2 +- sound/soc/sof/intel/hda-loader.c | 18 +- sound/soc/sof/intel/hda.c | 17 +- sound/soc/sof/ipc4-topology.c | 46 +- sound/usb/mixer.c | 7 + sound/usb/quirks.c | 4 + tools/bpf/bpftool/common.c | 2 +- tools/bpf/bpftool/prog.c | 4 + tools/bpf/resolve_btfids/main.c | 2 +- tools/lib/bpf/btf.c | 2 +- tools/lib/bpf/btf_dump.c | 8 +- tools/lib/bpf/libbpf_internal.h | 10 +- tools/lib/bpf/linker.c | 11 +- tools/memory-model/lock.cat | 20 +- tools/objtool/noreturns.h | 4 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 8 +- tools/perf/arch/x86/util/intel-pt.c | 15 +- tools/perf/tests/shell/test_arm_callgraph_fp.sh | 27 +- tools/perf/tests/workloads/leafloop.c | 20 +- tools/perf/ui/gtk/annotate.c | 5 +- tools/perf/util/cs-etm.c | 10 +- tools/perf/util/disasm.c | 10 +- tools/perf/util/dso.c | 14 +- tools/perf/util/dso.h | 19 + tools/perf/util/maps.c | 9 +- tools/perf/util/pmus.c | 5 +- tools/perf/util/sort.c | 2 +- tools/perf/util/srcline.c | 12 +- tools/perf/util/stat-display.c | 3 + tools/perf/util/stat-shadow.c | 7 + tools/perf/util/symbol.c | 18 +- tools/perf/util/unwind-libdw.c | 12 +- tools/perf/util/unwind-libunwind-local.c | 18 +- tools/testing/selftests/bpf/bpf_kfuncs.h | 2 +- .../testing/selftests/bpf/prog_tests/bpf_tcp_ca.c | 16 +- .../testing/selftests/bpf/prog_tests/fexit_sleep.c | 8 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 +- .../selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 +- .../bpf/progs/btf_dump_test_case_multidim.c | 4 +- .../bpf/progs/btf_dump_test_case_syntax.c | 4 +- .../bpf/progs/kprobe_multi_session_cookie.c | 2 +- tools/testing/selftests/bpf/test_sockmap.c | 9 +- tools/testing/selftests/damon/access_memory.c | 2 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 +- tools/testing/selftests/iommu/iommufd.c | 76 ++- tools/testing/selftests/iommu/iommufd_utils.h | 6 +- tools/testing/selftests/landlock/base_test.c | 74 +++ tools/testing/selftests/landlock/config | 1 + tools/testing/selftests/net/fib_tests.sh | 24 +- .../net/forwarding/bridge_fdb_learning_limit.sh | 18 + .../selftests/net/forwarding/devlink_lib.sh | 2 + tools/testing/selftests/nolibc/nolibc-test.c | 2 +- tools/testing/selftests/resctrl/resctrl_val.c | 54 +- .../selftests/sigaltstack/current_stack_pointer.h | 2 +- 858 files changed, 7467 insertions(+), 4533 deletions(-)

10 months, 3 weeks

18
23
0 0

[PATCH] f2fs: prevent possible int overflow in dir_block_index()

by Nikita Zhandarovich

The result of multiplication between values derived from functions dir_buckets() and bucket_blocks() *could* technically reach 2^30 * 2^2 = 2^32. While unlikely to happen, it is prudent to ensure that it will not lead to integer overflow. Thus, use mul_u32_u32() as it's more appropriate to mitigate the issue. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 3843154598a0 ("f2fs: introduce large directory support") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> --- fs/f2fs/dir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index cbd7a5e96a37..14900ca8a9ff 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -166,7 +166,8 @@ static unsigned long dir_block_index(unsigned int level, unsigned long bidx = 0; for (i = 0; i < level; i++) - bidx += dir_buckets(i, dir_level) * bucket_blocks(i); + bidx += mul_u32_u32(dir_buckets(i, dir_level), + bucket_blocks(i)); bidx += idx * bucket_blocks(level); return bidx; }

10 months, 3 weeks

3
2
0 0

[PATCH] f2fs: avoid potential int overflow in sanity_check_area_boundary()

by Nikita Zhandarovich

While calculating the end addresses of main area and segment 0, u32 may be not enough to hold the result without the danger of int overflow. Just in case, play it safe and cast one of the operands to a wider type (u64). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: fd694733d523 ("f2fs: cover large section in sanity check of super") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 3959fd137cc9..4d8f38ca6fcd 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -3356,9 +3356,9 @@ static inline bool sanity_check_area_boundary(struct f2fs_sb_info *sbi, u32 segment_count = le32_to_cpu(raw_super->segment_count); u32 log_blocks_per_seg = le32_to_cpu(raw_super->log_blocks_per_seg); u64 main_end_blkaddr = main_blkaddr + - (segment_count_main << log_blocks_per_seg); + ((u64)segment_count_main << log_blocks_per_seg); u64 seg_end_blkaddr = segment0_blkaddr + - (segment_count << log_blocks_per_seg); + ((u64)segment_count << log_blocks_per_seg); if (segment0_blkaddr != cp_blkaddr) { f2fs_info(sbi, "Mismatch start address, segment0(%u) cp_blkaddr(%u)",

10 months, 3 weeks

3
2
0 0

[PATCH] f2fs: fix several potential integer overflows in file offsets

by Nikita Zhandarovich

When dealing with large extents and calculating file offsets by summing up according extent offsets and lengths of unsigned int type, one may encounter possible integer overflow if the values are big enough. Prevent this from happening by expanding one of the addends to (pgoff_t) type. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: d323d005ac4a ("f2fs: support file defragment") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> --- As the patch covers several code fragments, one singular Fixes: tag is hard to pinpoint. Hopefully, it's not critical at this stage. fs/f2fs/extent_cache.c | 4 ++-- fs/f2fs/file.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c index fd1fc06359ee..62ac440d9416 100644 --- a/fs/f2fs/extent_cache.c +++ b/fs/f2fs/extent_cache.c @@ -366,7 +366,7 @@ static unsigned int __free_extent_tree(struct f2fs_sb_info *sbi, static void __drop_largest_extent(struct extent_tree *et, pgoff_t fofs, unsigned int len) { - if (fofs < et->largest.fofs + et->largest.len && + if (fofs < (pgoff_t)et->largest.fofs + et->largest.len && fofs + len > et->largest.fofs) { et->largest.len = 0; et->largest_updated = true; @@ -456,7 +456,7 @@ static bool __lookup_extent_tree(struct inode *inode, pgoff_t pgofs, if (type == EX_READ && et->largest.fofs <= pgofs && - et->largest.fofs + et->largest.len > pgofs) { + (pgoff_t)et->largest.fofs + et->largest.len > pgofs) { *ei = et->largest; ret = true; stat_inc_largest_node_hit(sbi); diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 168f08507004..c598cfe5e0ed 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2710,7 +2710,7 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi, * block addresses are continuous. */ if (f2fs_lookup_read_extent_cache(inode, pg_start, &ei)) { - if (ei.fofs + ei.len >= pg_end) + if ((pgoff_t)ei.fofs + ei.len >= pg_end) goto out; }

10 months, 3 weeks

3
2
0 0

[PATCH] f2fs: fix to wait dio completion

by Chao Yu

It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. Cc: stable(a)vger.kernel.org Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/file.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 76a6043caf27..f2d0e0de775f 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1056,6 +1056,13 @@ int f2fs_setattr(struct mnt_idmap *idmap, struct dentry *dentry, return err; } + /* + * wait for inflight dio, blocks should be removed after + * IO completion. + */ + if (attr->ia_size < old_size) + inode_dio_wait(inode); + f2fs_down_write(&fi->i_gc_rwsem[WRITE]); filemap_invalidate_lock(inode->i_mapping); @@ -1892,6 +1899,12 @@ static long f2fs_fallocate(struct file *file, int mode, if (ret) goto out; + /* + * wait for inflight dio, blocks should be removed after IO + * completion. + */ + inode_dio_wait(inode); + if (mode & FALLOC_FL_PUNCH_HOLE) { if (offset >= inode->i_size) goto out; -- 2.40.1

10 months, 3 weeks

2
1
0 0

[PATCH 6.1 000/440] 6.1.103-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.103 release. There are 440 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 02 Aug 2024 09:59:35 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.103-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.103-rc3 Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Avoid hcall in plpks_is_available() on non-pseries Seth Forshee (DigitalOcean) <sforshee(a)kernel.org> fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Leon Romanovsky <leon(a)kernel.org> nvme-pci: add missing condition check for existence of mapped data Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_match_task must_hold Artem Chernyshev <artem.chernyshev(a)red-soft.ru> iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Allow allocation of more than 1 MSI interrupt Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Refactor arch_setup_msi_irqs() ethanwu <ethanwu(a)synology.com> ceph: fix incorrect kmalloc size of pagevec mempool Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Conor Dooley <conor.dooley(a)microchip.com> spi: spidev: add correct compatible for Rohm BH2228FV Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> spi: spidev: order compatibles alphabetically Vincent Tremblay <vincent(a)vtremblay.dev> spidev: Add Silicon Labs EM3581 device compatible Bart Van Assche <bvanassche(a)acm.org> nvme-pci: Fix the instructions for disabling power management Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: fix init function not setting the master and motorola modes Yang Yingliang <yangyingliang(a)huawei.com> spi: microchip-core: switch to use modern name Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: only disable SPI controller when register value change requires it Naga Sureshkumar Relli <nagasuresh.relli(a)microchip.com> spi: microchip-core: fix the issues in the isr Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: SOF: imx8m: Fix DSP control regmap retrieval Markus Elfring <elfring(a)users.sourceforge.net> auxdisplay: ht16k33: Drop reference after LED registration Al Viro <viro(a)zeniv.linux.org.uk> lirc: rc_dev_get_from_fd(): fix file leak Al Viro <viro(a)zeniv.linux.org.uk> powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() Xiao Liang <shaw.leon(a)gmail.com> apparmor: Fix null pointer deref when receiving skb during sock creation Dan Carpenter <dan.carpenter(a)linaro.org> mISDN: Fix a use after free in hfcmulti_tx() Fred Li <dracodingfly(a)gmail.com> bpf: Fix a segment issue when downgrading gso_size Petr Machata <petrm(a)nvidia.com> net: nexthop: Initialize all fields in dumped nexthops Simon Horman <horms(a)kernel.org> net: stmmac: Correct byte order of perfect_match Shigeru Yoshida <syoshida(a)redhat.com> tipc: Return non-zero value from tipc_udp_addr2str() on error Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo_avx2: disable softinterrupts Johannes Berg <johannes.berg(a)intel.com> net: bonding: correctly annotate RCU in bond_should_notify_peers() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect source address in Record Route option Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Liwei Song <liwei.song.lsong(a)gmail.com> tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Hou Tao <houtao1(a)huawei.com> bpf, events: Use prog to emit ksymbol event for main program Lance Richardson <rlance(a)google.com> dma: fix call order in dmam_free_coherent Michal Luczaj <mhal(a)rbox.co> af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix no-args func prototype BTF dumping syntax Masahiro Yamada <masahiroy(a)kernel.org> kbuild: avoid build error when single DTB is turned into composite DTB Chao Yu <chao(a)kernel.org> f2fs: fix to update user block counts in block_operations() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() Sheng Yong <shengyong(a)oppo.com> f2fs: fix start segno of large section Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix signal blocking race/hang Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time-travel-start option Ma Ke <make24(a)iscas.ac.cn> phy: cadence-torrent: Check return value on register read Vignesh Raghavendra <vigneshr(a)ti.com> dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels Jeongjun Park <aha310510(a)gmail.com> jfs: Fix array-index-out-of-bounds in diFree Douglas Anderson <dianders(a)chromium.org> kdb: Use the passed prompt in kdb_position_cursor() Arnd Bergmann <arnd(a)arndb.de> kdb: address -Wformat-security warnings Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: check basic rates validity Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: track capability/opmode NSS separately Rameshkumar Sundaram <quic_ramess(a)quicinc.com> wifi: mac80211: Allow NSS change only up to capability Pavel Begunkov <asml.silence(a)gmail.com> io_uring/io-wq: limit retrying worker initialisation Lukas Wunner <lukas(a)wunner.de> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Ira Weiny <ira.weiny(a)intel.com> PCI: Introduce cleanup helpers for device reference counts and locks Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle inconsistent state in nilfs_btnode_create_block() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Jiri Olsa <jolsa(a)kernel.org> bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Dryomov <idryomov(a)gmail.com> rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait Dragan Simic <dsimic(a)manjaro.org> drm/panfrost: Mark simple_ondemand governor as softdep Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: don't block scheduler when GPU is still active Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Test register availability before use Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: reset: Prioritise firmware service Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Remove memory node for builtin-dtb Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: env: Hook up Loongsson-2K Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Fix GMAC phy node Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: ip30: ip30-console: Add missing include Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Add ISA node Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Skip over memory region when node value is NULL Gwenael Treuveur <gwenael.treuveur(a)foss.st.com> remoteproc: stm32_rproc: Fix mailbox interrupts queuing Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume rbd_is_lock_owner() for exclusive mappings Eric Biggers <ebiggers(a)kernel.org> dm-verity: fix dm_is_verity_target() when dm-verity is builtin Michael Ellerman <mpe(a)ellerman.id.au> selftests/sigaltstack: Fix ppc64 GCC build Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Jiaxun Yang <jiaxun.yang(a)flygoat.com> platform: mips: cpu_hwmon: Disable driver on unsupported hardware Thomas Gleixner <tglx(a)linutronix.de> watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Joy Chakraborty <joychakr(a)google.com> rtc: isl1208: Fix return value of nvmem callbacks Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Reset intel_dp->link_trained before retraining the link Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Nitin Gote <nitin.r.gote(a)intel.com> drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix a topa_entry base address calculation Marco Cavenati <cavenati.marco(a)gmail.com> perf/x86/intel/pt: Fix topa_entry base length Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exec and file release Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exit Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: validate nvme_local_port correctly Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Complete command early within lock Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix flash read failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Use QP lock to search for bsg Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix for possible memory corruption Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Unable to act on RSCN for port online Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: During vport delete send async logout explicitly Joy Chakraborty <joychakr(a)google.com> rtc: cmos: Fix return value of nvmem callbacks Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> mm/numa_balancing: teach mpol_to_str about the balancing mode Shenwei Wang <shenwei.wang(a)nxp.com> irqchip/imx-irqsteer: Handle runtime power management correctly Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix memory leakage caused by driver API devm_free_percpu() Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix devm_krealloc() wasting memory Ahmed Zaki <ahmed.zaki(a)intel.com> ice: Add a per-VF limit on number of FDIR filters Bailey Forrest <bcf(a)google.com> gve: Fix an edge case for TSO skb validity check Zijun Hu <quic_zijuhu(a)quicinc.com> kobject_uevent: Fix OOB access within zap_modalias_env() Takashi Iwai <tiwai(a)suse.de> ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix '-S -c' in x86 stack protector scripts Ross Lagerwall <ross.lagerwall(a)citrix.com> decompress_bunzip2: fix rare decompression failure Fedor Pchelkin <pchelkin(a)ispras.ru> ubi: eba: properly rollback inside self_check_eba Bastien Curutchet <bastien.curutchet(a)bootlin.com> clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_convert_inline_inode() Chao Yu <chao(a)kernel.org> f2fs: fix to don't dirty inode for readonly filesystem Chao Yu <chao(a)kernel.org> f2fs: fix to force buffered IO on inline_data inode Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Huacai Chen <chenhuacai(a)kernel.org> fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed tuhaowen <tuhaowen(a)uniontech.com> dev/parport: fix the array out-of-bounds risk Carlos Llamas <cmllamas(a)google.com> binder: fix hang of unregistered readers Huacai Chen <chenhuacai(a)kernel.org> PCI: loongson: Enable MSI in LS7A Root Complex Manivannan Sadhasivam <mani(a)kernel.org> PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Niklas Cassel <cassel(a)kernel.org> PCI: dw-rockchip: Fix initial PERST# GPIO value Wei Liu <wei.liu(a)kernel.org> PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN John David Anglin <dave(a)mx3210.local> parisc: Fix warning at drivers/pci/msi/msi.h:121 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> hwrng: amd - Convert PCIBIOS_* return codes to errnos Alan Stern <stern(a)rowland.harvard.edu> tools/memory-model: Fix bug in lock.cat wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Add a quirk for Sonix HD USB Camera Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Move HD Webcam quirk to the right place wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Fix microphone sound on HD webcam. Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Request immediate exit iff pending nested event needs injection Sean Christopherson <seanjc(a)google.com> KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Jan Kara <jack(a)suse.cz> jbd2: make jbd2_journal_get_max_txn_bufs() internal Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> leds: ss4200: Convert PCIBIOS_* return codes to errnos Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: soc: xilinx: check return status of get_api_version() Rafael Beims <rafael.beims(a)toradex.com> wifi: mwifiex: Fix interface type change Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add cred_transfer test levi.yun <yeoreum.yun(a)arm.com> trace/pid_list: Change gfp flags in pid_list_fill_irq() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: tighten task exit cancellations Baokun Li <libaokun1(a)huawei.com> ext4: make sure the first directory block is not a hole Baokun Li <libaokun1(a)huawei.com> ext4: check dot and dotdot of dx_root before making dir indexed Paolo Pisati <p.pisati(a)gmail.com> m68k: amiga: Turn off Warp1260 interrupts during boot Jan Kara <jack(a)suse.cz> udf: Avoid using corrupted block bitmap buffer Frederic Weisbecker <frederic(a)kernel.org> task_work: Introduce task_work_cancel() again Frederic Weisbecker <frederic(a)kernel.org> task_work: s/task_work_cancel()/task_work_cancel_func()/ Steve French <stfrench(a)microsoft.com> cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve French <stfrench(a)microsoft.com> cifs: fix reconnect with SMB1 UNIX Extensions Steve French <stfrench(a)microsoft.com> cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: use kvfree_sensitive to free data->data Pierre Gondois <pierre.gondois(a)arm.com> sched/fair: Use all little CPUs for CPU-bound workloads Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Check for NULL pointer Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix optrom version displayed in FDMI Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes Jan Kara <jack(a)suse.cz> ext2: Verify bitmap and itable block numbers before using them Chao Yu <chao(a)kernel.org> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: fix use after free in vdec_close Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Eric Sandeen <sandeen(a)redhat.com> fuse: verify {g,u}id mount options correctly Tejun Heo <tj(a)kernel.org> sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: take care of scope when choosing the src addr Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv4: fix source address selection with route leak Pavel Begunkov <asml.silence(a)gmail.com> kernel: rerun task_work while freezing in get_signal() Chengen Du <chengen.du(a)canonical.com> af_packet: Handle outgoing VLAN packets without hardware offloading Breno Leitao <leitao(a)debian.org> net: netconsole: Disable target before netpoll cleanup Yu Liao <liaoyu15(a)huawei.com> tick/broadcast: Make takeover of broadcast hrtimer reliable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: thermal: correct thermal zone node name limit Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Revert to heap allocated boot_params for PE entrypoint Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid returning EFI_SUCCESS on error Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Yu Zhao <yuzhao(a)google.com> mm/mglru: fix div-by-zero in vmpressure_calc_level() Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix possible recursive locking detected warning Jann Horn <jannh(a)google.com> landlock: Don't lose track of restrictions on cred_transfer Yang Yang <yang.yang(a)vivo.com> sbitmap: fix io hung due to race on sbitmap_word::cleared linke li <lilinke99(a)qq.com> sbitmap: use READ_ONCE to access map->word Kemeng Shi <shikemeng(a)huaweicloud.com> sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code Kemeng Shi <shikemeng(a)huaweicloud.com> sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow Carlos López <clopez(a)suse.de> s390/dasd: fix error checks in dasd_copy_pair_store() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed error return Csókás, Bence <csokas.bence(a)prolan.hu> rtc: interface: Add RTC offset to alarm after fix-up Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TPU suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TCLK suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: FIX PWM suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix IRQ suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix CANFD5 suffix Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix field-spanning write in INDEX_HDR Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Replace inode_trylock with inode_lock Peng Fan <peng.fan(a)nxp.com> pinctrl: freescale: mxs: Fix refcount of child Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pinctrl: ti: ti-iodelay: Drop if block with always false condition Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak when pinctrl_enable() fails Dmitry Yashin <dmt.yashin(a)gmail.com> pinctrl: rockchip: update rk3308 iomux routes Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add missing .dirty_folio in address_space_operations Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix getting file type Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix transform resident to nonresident for compressed files Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use ALIGN kernel macro Martin Willi <martin(a)strongswan.org> net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Martin Willi <martin(a)strongswan.org> net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in fibmatch route get reply Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in route get reply Pablo Neira Ayuso <pablo(a)netfilter.org> net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo: fix initial map fill Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: constify lookup fn args where possible Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: ctnetlink: use helper function to calculate expect ID Jack Wang <jinpu.wang(a)ionos.com> bnxt_re: Fix imm_data endianness Jon Pan-Doh <pandoh(a)google.com> iommu/vt-d: Fix identity map bounds in si_domain_init() Yanfei Xu <yanfei.xu(a)intel.com> iommu/vt-d: Fix to convert mm pfn to dma pfn Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix insufficient extend DB for VFs. Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix undifined behavior caused by invalid max_sge Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix missing pagesize and alignment check in FRMR Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatch exception handling when init eq table fails Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Check atomic wr length Nick Bowler <nbowler(a)draconx.ca> macintosh/therm_windtunnel: fix module unload. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/xmon: Fix disassembly CPU feature checks Frank Li <Frank.Li(a)nxp.com> PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom-ep: Disable resources unconditionally during PERST# assert Dominique Martinet <dominique.martinet(a)atmark-techno.com> MIPS: Octeron: remove source file executable bit Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: fix rate divider for slic and spi clocks Stephen Boyd <swboyd(a)chromium.org> clk: qcom: Park shared RCGs upon registration Nivas Varadharajan Mugunthakumar <nivasx.varadharajan.mugunthakumar(a)intel.com> crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Denis Arefev <arefev(a)swemel.ru> net: missing check virtio Michael S. Tsirkin <mst(a)redhat.com> vhost/vsock: always initialize seqpacket_allow Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Clean up error handling in vpci_scan_bus() Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: amd: Adjust error handling in case of absent codec device Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - do not leave interrupt disabled on suspend failure Leon Romanovsky <leon(a)kernel.org> RDMA/device: Return error earlier if port in not valid Arnd Bergmann <arnd(a)arndb.de> mtd: make mtd_test.c a separate module Chen Ni <nichen(a)iscas.ac.cn> ASoC: max98088: Check for clk_prepare_enable() error Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/prom: Add CPU info to hardware description string later Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() Honggang LI <honggangli(a)163.com> RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in alias_GUID.c Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in mad.c Andrei Lalaev <andrei.lalaev(a)anton-paar.com> Input: qt1050 - handle CHIP_ID reading error Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable Leon Romanovsky <leon(a)kernel.org> RDMA/cache: Release GID table even if leak is detected Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec_file: fix cpus node update to FDT Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec: make the update_cpus_node() function public Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Add helper to get PLPKS password length Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: Expose PLPKS config values, support additional fields Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move plpks.h to include directory Andrew Donnellan <ajd(a)linux.ibm.com> powerpc/pseries: Fix alignment of PLPKS structures and buffers Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE James Clark <james.clark(a)arm.com> coresight: Fix ref leak when of_coresight_parse_endpoint() fails Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: frequency: adrf6780: rm clk provider include Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: branch: Add helper functions for setting retain bits Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Don't enable BAR 0 for AM654x Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix resource double counting on remove & rescan Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup gss_status tracepoint error output Andreas Larsson <andreas(a)gaisler.com> sparc64: Fix incorrect function signature and add prototype for prom_cif_init Jan Kara <jack(a)suse.cz> ext4: avoid writing unitialized memory to disk in EA inodes Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: don't track ranges in fast_commit if inode has inlined data Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server NeilBrown <neilb(a)suse.de> SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix rpcrdma_reqs_reset() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mfd: omap-usb-tll: Use struct_size to allocate tll Arnd Bergmann <arnd(a)arndb.de> mfd: rsmu: Split core code into separate module Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix exclude_guest setting Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix aux_watermark calculation for 64-bit size Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: flush all buffers in output plane streamoff Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix infinite loop when replaying fast_commit Luca Ceresoli <luca.ceresoli(a)bootlin.com> Revert "leds: led-core: Fix refcount leak in of_led_get()" Chen Ni <nichen(a)iscas.ac.cn> drm/qxl: Add check for drm_cvt_mode Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix DMA direction handling for cached RW buffers Namhyung Kim <namhyung(a)kernel.org> perf report: Fix condition in sort__sym_cmp() James Clark <james.clark(a)arm.com> perf test: Make test_arm_callgraph_fp.sh more robust James Clark <james.clark(a)arm.com> perf tests: Fix test_arm_callgraph_fp variable expansion Spoorthy S <spoorts2(a)in.ibm.com> perf tests arm_callgraph_fp: Address shellcheck warnings about signal names and adding double quotes for expression Namhyung Kim <namhyung(a)kernel.org> perf test: Replace arm callgraph fp test workload with leafloop Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Hans de Goede <hdegoede(a)redhat.com> leds: trigger: Unregister sysfs attributes before calling deactivate() Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add OVL compatible name for MT8195 Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add missing plane settings when async update Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Store RPF partition configuration per RPF instance Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix _irqsave and _irq mix Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Cleanup subdevice in remove() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Disable runtime_pm in probe error Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 Daniel Schaefer <dhs(a)frame.work> media: uvcvideo: Override default flags Aleksandr Burakov <a.burakov(a)rosalinux.ru> saa7134: Unchecked i2c_transfer function result fixed David Hildenbrand <david(a)redhat.com> s390/uv: Don't call folio_wait_writeback() without a folio reference Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert gmap_make_secure to use a folio Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert make_page_secure to use a folio ChiYuan Huang <cy_huang(a)richtek.com> media: v4l: async: Fix NULL pointer dereference in adding ancillary links Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: i2c: Fix imx412 exposure control Ricardo Ribalda <ribalda(a)chromium.org> media: imon: Fix race getting ictx->lock Zheng Yejian <zhengyejian1(a)huawei.com> media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators Tim Van Patten <timvp(a)google.com> drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix aldebaran pcie speed reporting Douglas Anderson <dianders(a)chromium.org> drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() Javier Martinez Canillas <javierm(a)redhat.com> drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the port mux of VP2 Elliot Ayrey <elliot.ayrey(a)alliedtelesis.co.nz> net: bridge: mst: Check vlan state for egress decision Taehee Yoo <ap420073(a)gmail.com> xdp: fix invalid wait context of page_pool_destroy() Amit Cohen <amcohen(a)nvidia.com> selftests: forwarding: devlink_lib: Wait for udev events after reloading Tengda Wu <wutengda(a)huaweicloud.com> bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Alan Maguire <alan.maguire(a)oracle.com> bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Alan Maguire <alan.maguire(a)oracle.com> bpf: annotate BTF show functions with __printf Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close obj in error path in xdp_adjust_tail Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close fd in error path in drop_on_reuseport John Stultz <jstultz(a)google.com> locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Johannes Berg <johannes.berg(a)intel.com> wifi: virt_wifi: don't use strlen() in const context Gaosheng Cui <cuigaosheng1(a)huawei.com> gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey En-Wei Wu <en-wei.wu(a)canonical.com> wifi: virt_wifi: avoid reporting connection success with wrong SSID Aleksandr Mishin <amishin(a)t-argos.ru> wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix default aux_watermark calculation Adrian Hunter <adrian.hunter(a)intel.com> perf: Prevent passing zero nr_pages to rb_alloc_aux() Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix perf_aux_size() for greater-than 32-bit size Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation Tao Chen <chen.dylane(a)gmail.com> bpftool: Mount bpffs when pinmaps path not under the bpffs Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rise cap on SELinux secmark context Ismael Luceno <iluceno(a)suse.de> ipvs: Avoid unnecessary calls to skb_is_gso_sctp Donglin Peng <dolinux.peng(a)gmail.com> libbpf: Checking the btf_type kind when fixing variable offsets Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Fix FEC_ECR_EN1588 being cleared on link-down Csókás Bence <csokas.bence(a)prolan.hu> net: fec: Refactor: #define magic constants Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers Thomas Gleixner <tglx(a)linutronix.de> jump_label: Fix concurrency issues in static_key_slow_dec() Dmitry Safonov <0x7f454c46(a)gmail.com> jump_label: Prevent key->enabled int overflow Uros Bizjak <ubizjak(a)gmail.com> jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked() Thomas Gleixner <tglx(a)linutronix.de> perf/x86: Serialize set_attr_rdpmc() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix object nesting warning Ido Schimmel <idosch(a)nvidia.com> lib: objagg: Fix general protection fault Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Check length of recv in test_sockmap Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_v[46]_err() Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_write_err() Eric Dumazet <edumazet(a)google.com> tcp: add tcp_done_with_error() helper Eric Dumazet <edumazet(a)google.com> tcp: annotate lockless access to sk->sk_err Eric Dumazet <edumazet(a)google.com> tcp: annotate lockless accesses to sk->sk_err_soft Hagar Hemdan <hagarhem(a)amazon.com> net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix prog numbers in test_sockmap Ivan Babrou <ivan(a)cloudflare.com> bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Do not complete if there are no waiters Christophe Leroy <christophe.leroy(a)csgroup.eu> vmlinux.lds.h: catch .bss..L* sections into BSS") Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: spitz: fix GPIO assignment for backlight Thorsten Blum <thorsten.blum(a)toblux.com> m68k: cmpxchg: Fix return value for default case in __arch_xchg() Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu Chen Ni <nichen(a)iscas.ac.cn> x86/xen: Convert comma to semicolon Eero Tamminen <oak(a)helsinkinet.fi> m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3 systems Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add secondary CA76 CPU cores Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add L3 cache controller Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: gx: correct hdmi clocks Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix board reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: sm1: fix spdif compatibles Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Increase VOP clk rate on RK3328 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: fix parsing of domains lists Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: protect locator_addr with the main mutex Esben Haabendal <esben(a)geanix.com> memory: fsl_ifc: Make FSL_IFC config visible and selectable Primoz Fiser <primoz.fiser(a)norik.com> OPP: ti: Fix ti_opp_supply_probe wrong return values Primoz Fiser <primoz.fiser(a)norik.com> cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> soc: xilinx: rename cpu_number1 to dummy_cpu_number Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996: specify UFS core_clk frequencies Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s Stephen Boyd <swboyd(a)chromium.org> soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers Marc Gonzalez <mgonzalez(a)freebox.fr> arm64: dts: qcom: msm8998: enable adreno_smmu by default Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6350: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: add power-domain to UFS PHY Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix swapped temp{1,8} critical alarms Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix underflow when writing limit attributes Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: atmel-tcb: Fix race condition and convert to guards Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Don't track polarity in driver data Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Unroll atmel_tcb_pwm_set_polarity() into only caller Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Put per-channel data into driver data Yao Zi <ziyao(a)disroot.org> drm/meson: fix canvas release in bind function Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmet-auth: fix nvmet_auth hash error handling Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Always do lazy disabling Wayne Tung <chineweff(a)gmail.com> hwmon: (adt7475) Fix default duty on fan is disabled Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Kees Cook <keescook(a)chromium.org> kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() Randy Dunlap <rdunlap(a)infradead.org> kernfs: fix all kernel-doc warnings and multiple typos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/xen: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/of: Return consistent error type from x86_of_pci_irq_enable() Chao Yu <chao(a)kernel.org> hfsplus: fix to avoid false alarm of circular locking Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Jinyoung Choi <j-young.choi(a)samsung.com> block: cleanup bio_integrity_prep Nitesh Shetty <nj.shetty(a)samsung.com> block: refactor to use helper Christoph Hellwig <hch(a)lst.de> ubd: untagle discard vs write zeroes not support handling Christoph Hellwig <hch(a)lst.de> ubd: refactor the interrupt handler Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_debugfs: fix wrong EC message version Li Nan <linan122(a)huawei.com> md: fix deadlock between mddev_suspend and flush bio Frederic Weisbecker <frederic(a)kernel.org> rcu/tasks: Fix stale task snaphot for Tasks Trace Arnd Bergmann <arnd(a)arndb.de> EDAC, i10nm: make skx_common.o a separate module Chen Ni <nichen(a)iscas.ac.cn> spi: atmel-quadspi: Add missing check for clk_prepare Prajna Rajendra Kumar <prajna.rajendrakumar(a)microchip.com> spi: spi-microchip-core: Fix the number of chip selects supported Esben Haabendal <esben(a)geanix.com> powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC ------------- Diffstat: .../devicetree/bindings/thermal/thermal-zones.yaml | 5 +- Makefile | 4 +- arch/arm/boot/dts/imx6q-kontron-samx6i.dtsi | 23 - arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 14 +- arch/arm/mach-pxa/spitz.c | 30 +- arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 4 +- .../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 +- .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 2 - .../arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 - arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 + arch/arm64/boot/dts/qcom/sm8250.dtsi | 22 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 14 +- arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 14 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 82 ++- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g044c1.dtsi | 7 - arch/arm64/boot/dts/renesas/r9a07g044l1.dtsi | 7 - arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g054l1.dtsi | 7 - arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 - arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 + arch/m68k/amiga/config.c | 9 + arch/m68k/atari/ataints.c | 6 +- arch/m68k/include/asm/cmpxchg.h | 2 +- arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 2 + arch/mips/include/asm/mips-cm.h | 4 + arch/mips/kernel/smp-cps.c | 5 +- arch/mips/loongson64/env.c | 8 + arch/mips/loongson64/reset.c | 38 +- arch/mips/loongson64/smp.c | 23 +- arch/mips/pci/pcie-octeon.c | 0 arch/mips/sgi-ip30/ip30-console.c | 1 + arch/parisc/Kconfig | 1 + arch/powerpc/configs/85xx-hw.config | 2 + arch/powerpc/include/asm/kexec.h | 4 + .../{platforms/pseries => include/asm}/plpks.h | 73 ++- arch/powerpc/kernel/prom.c | 12 +- arch/powerpc/kexec/core_64.c | 112 ++++ arch/powerpc/kexec/file_load_64.c | 87 --- arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/platforms/pseries/plpks.c | 173 ++++- arch/powerpc/xmon/ppc-dis.c | 33 +- arch/s390/kernel/uv.c | 58 +- arch/s390/pci/pci_irq.c | 110 ++-- arch/sparc/include/asm/oplib_64.h | 1 + arch/sparc/prom/init_64.c | 3 - arch/sparc/prom/p1275.c | 2 +- arch/um/drivers/ubd_kern.c | 50 +- arch/um/kernel/time.c | 4 +- arch/um/os-Linux/signal.c | 118 +++- arch/x86/events/core.c | 3 + arch/x86/events/intel/cstate.c | 7 +- arch/x86/events/intel/pt.c | 4 +- arch/x86/events/intel/pt.h | 4 +- arch/x86/events/intel/uncore_snbep.c | 6 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/devicetree.c | 2 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 4 +- arch/x86/pci/intel_mid_pci.c | 4 +- arch/x86/pci/xen.c | 4 +- arch/x86/platform/intel/iosf_mbi.c | 4 +- arch/x86/xen/p2m.c | 4 +- block/bio-integrity.c | 21 +- drivers/android/binder.c | 4 +- drivers/ata/libata-scsi.c | 7 +- drivers/auxdisplay/ht16k33.c | 1 + drivers/base/devres.c | 11 +- drivers/block/rbd.c | 35 +- drivers/bluetooth/btusb.c | 4 + drivers/char/hw_random/amd-rng.c | 4 +- drivers/char/tpm/eventlog/common.c | 2 + drivers/clk/clk-en7523.c | 9 +- drivers/clk/davinci/da8xx-cfgchip.c | 4 +- drivers/clk/qcom/camcc-sc7280.c | 5 + drivers/clk/qcom/clk-branch.h | 26 + drivers/clk/qcom/clk-rcg2.c | 32 + drivers/clk/qcom/gcc-sc7280.c | 3 + drivers/clk/qcom/gpucc-sm8350.c | 5 +- drivers/cpufreq/ti-cpufreq.c | 2 +- drivers/crypto/qat/qat_common/adf_cfg.c | 6 +- drivers/dma/ti/k3-udma.c | 4 +- drivers/edac/Makefile | 10 +- drivers/edac/skx_common.c | 21 +- drivers/edac/skx_common.h | 4 +- drivers/firmware/efi/libstub/x86-stub.c | 25 +- drivers/firmware/turris-mox-rwtm.c | 23 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 - drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 + drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 +- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 + drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 + drivers/gpu/drm/i915/display/intel_dp.c | 2 + .../gpu/drm/i915/gt/intel_execlists_submission.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 + drivers/gpu/drm/mediatek/mtk_drm_plane.c | 2 + drivers/gpu/drm/meson/meson_drv.c | 37 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 3 + drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + drivers/gpu/drm/qxl/qxl_display.c | 3 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/hwmon/adt7475.c | 2 +- drivers/hwmon/max6697.c | 5 +- drivers/hwtracing/coresight/coresight-platform.c | 4 +- drivers/iio/frequency/adrf6780.c | 1 - drivers/infiniband/core/cache.c | 14 +- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/core/iwcm.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 +- drivers/infiniband/hw/hns/hns_roce_device.h | 6 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 40 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 5 + drivers/infiniband/hw/hns/hns_roce_qp.c | 4 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 2 +- drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 + drivers/infiniband/hw/mlx5/odp.c | 6 +- drivers/infiniband/sw/rxe/rxe_req.c | 7 +- drivers/input/keyboard/qt1050.c | 7 +- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/interconnect/qcom/qcm2290.c | 2 +- drivers/iommu/intel/iommu.c | 22 +- drivers/iommu/sprd-iommu.c | 2 +- drivers/irqchip/irq-imx-irqsteer.c | 24 +- drivers/isdn/hardware/mISDN/hfcmulti.c | 7 +- drivers/leds/flash/leds-mt6360.c | 5 +- drivers/leds/led-class.c | 1 - drivers/leds/led-triggers.c | 2 +- drivers/leds/leds-ss4200.c | 7 +- drivers/macintosh/therm_windtunnel.c | 2 +- drivers/md/dm-verity-target.c | 16 +- drivers/md/md.c | 26 +- drivers/media/i2c/imx412.c | 9 +- drivers/media/pci/ivtv/ivtv-udma.c | 8 + drivers/media/pci/ivtv/ivtv-yuv.c | 6 + drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/pci/saa7134/saa7134-dvb.c | 8 +- drivers/media/platform/qcom/venus/vdec.c | 3 +- .../media/platform/renesas/rcar-vin/rcar-csi2.c | 5 +- drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 +- drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 +- drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 +- drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 +- drivers/media/rc/imon.c | 5 +- drivers/media/rc/lirc_dev.c | 4 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 +- drivers/media/usb/uvc/uvc_ctrl.c | 9 +- drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/media/v4l2-core/v4l2-async.c | 3 + drivers/memory/Kconfig | 2 +- drivers/mfd/Makefile | 6 +- drivers/mfd/omap-usb-tll.c | 3 +- drivers/mfd/rsmu_core.c | 2 + drivers/mtd/nand/raw/Kconfig | 3 +- drivers/mtd/tests/Makefile | 34 +- drivers/mtd/tests/mtd_test.c | 9 + drivers/mtd/ubi/eba.c | 3 +- drivers/net/bonding/bond_main.c | 7 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/mv88e6xxx/chip.c | 3 +- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 52 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + .../ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 +- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 - .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/netconsole.c | 2 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 3 +- drivers/net/wireless/ath/ath11k/dp_rx.h | 3 + drivers/net/wireless/ath/ath11k/mac.c | 15 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/realtek/rtw89/debug.c | 2 +- drivers/net/wireless/virt_wifi.c | 20 +- drivers/nvme/host/pci.c | 5 +- drivers/nvme/target/auth.c | 14 +- drivers/opp/ti-opp-supply.c | 6 +- drivers/parport/procfs.c | 24 +- drivers/pci/controller/dwc/pci-keystone.c | 156 +++-- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 - drivers/pci/controller/pci-hyperv.c | 4 +- drivers/pci/controller/pci-loongson.c | 13 + drivers/pci/controller/pcie-rcar-host.c | 6 +- drivers/pci/controller/pcie-rockchip.c | 2 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +- drivers/pci/pci.c | 6 +- drivers/pci/setup-bus.c | 6 +- drivers/phy/cadence/phy-cadence-torrent.c | 3 + drivers/pinctrl/core.c | 12 +- drivers/pinctrl/freescale/pinctrl-mxs.c | 4 +- drivers/pinctrl/pinctrl-rockchip.c | 17 +- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 716 ++++++++++----------- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 +- drivers/platform/chrome/cros_ec_debugfs.c | 1 + drivers/platform/mips/cpu_hwmon.c | 3 + drivers/pwm/pwm-atmel-tcb.c | 66 +- drivers/pwm/pwm-stm32.c | 5 +- drivers/remoteproc/imx_rproc.c | 10 +- drivers/remoteproc/stm32_rproc.c | 2 +- drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-isl1208.c | 11 +- drivers/s390/block/dasd_devmap.c | 10 +- drivers/scsi/qla2xxx/qla_bsg.c | 98 +-- drivers/scsi/qla2xxx/qla_def.h | 3 + drivers/scsi/qla2xxx/qla_gs.c | 35 +- drivers/scsi/qla2xxx/qla_init.c | 87 ++- drivers/scsi/qla2xxx/qla_inline.h | 8 + drivers/scsi/qla2xxx/qla_mid.c | 2 +- drivers/scsi/qla2xxx/qla_nvme.c | 5 +- drivers/scsi/qla2xxx/qla_os.c | 7 +- drivers/scsi/qla2xxx/qla_sup.c | 108 +++- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/soc/qcom/rpmh.c | 1 - drivers/soc/xilinx/xlnx_event_manager.c | 15 +- drivers/soc/xilinx/zynqmp_power.c | 4 +- drivers/spi/atmel-quadspi.c | 11 +- drivers/spi/spi-microchip-core.c | 188 +++--- drivers/spi/spidev.c | 15 +- drivers/vhost/vsock.c | 4 +- drivers/watchdog/rzg2l_wdt.c | 22 +- fs/ceph/super.c | 3 +- fs/ext2/balloc.c | 11 +- fs/ext4/extents_status.c | 2 + fs/ext4/fast_commit.c | 6 + fs/ext4/namei.c | 73 ++- fs/ext4/xattr.c | 6 + fs/f2fs/checkpoint.c | 10 +- fs/f2fs/file.c | 2 + fs/f2fs/inline.c | 6 +- fs/f2fs/inode.c | 3 + fs/f2fs/segment.h | 3 +- fs/fuse/inode.c | 24 +- fs/hfs/inode.c | 3 + fs/hfsplus/bfind.c | 15 +- fs/hfsplus/extents.c | 9 +- fs/hfsplus/hfsplus_fs.h | 21 + fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 5 + fs/jfs/jfs_imap.c | 5 +- fs/kernfs/dir.c | 112 ++-- fs/kernfs/file.c | 18 +- fs/kernfs/inode.c | 8 +- fs/kernfs/kernfs-internal.h | 2 +- fs/kernfs/mount.c | 10 +- fs/kernfs/symlink.c | 2 +- fs/nfs/nfs4client.c | 6 +- fs/nfs/nfs4proc.c | 2 +- fs/nilfs2/btnode.c | 25 +- fs/nilfs2/btree.c | 4 +- fs/nilfs2/segment.c | 2 +- fs/ntfs3/attrib.c | 17 +- fs/ntfs3/bitmap.c | 2 +- fs/ntfs3/dir.c | 3 +- fs/ntfs3/file.c | 5 +- fs/ntfs3/frecord.c | 2 +- fs/ntfs3/fslog.c | 5 +- fs/ntfs3/fsntfs.c | 2 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/inode.c | 3 +- fs/ntfs3/ntfs.h | 13 +- fs/ntfs3/ntfs_fs.h | 2 + fs/proc/task_mmu.c | 2 + fs/smb/client/cifsfs.c | 8 +- fs/smb/client/connect.c | 24 +- fs/super.c | 11 + fs/udf/balloc.c | 15 +- fs/udf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 2 +- include/drm/drm_mipi_dsi.h | 21 +- include/linux/bpf_verifier.h | 2 +- include/linux/hugetlb.h | 1 + include/linux/jbd2.h | 5 - include/linux/jump_label.h | 21 +- include/linux/mlx5/qp.h | 9 +- include/linux/objagg.h | 1 - include/linux/pci.h | 2 + include/linux/perf_event.h | 1 + include/linux/sbitmap.h | 5 + include/linux/task_work.h | 3 +- include/linux/virtio_net.h | 11 + include/net/ip_fib.h | 1 + include/net/tcp.h | 1 + include/trace/events/rpcgss.h | 2 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/zorro_ids.h | 3 + io_uring/io-wq.c | 10 +- io_uring/io_uring.c | 5 +- io_uring/timeout.c | 2 +- kernel/bpf/btf.c | 10 +- kernel/bpf/dispatcher.c | 5 + kernel/cgroup/cgroup-v1.c | 2 +- kernel/cgroup/cgroup.c | 4 +- kernel/cgroup/cpuset.c | 15 +- kernel/debug/kdb/kdb_io.c | 6 +- kernel/dma/mapping.c | 2 +- kernel/events/core.c | 77 ++- kernel/events/internal.h | 2 +- kernel/events/ring_buffer.c | 4 +- kernel/irq/manage.c | 2 +- kernel/jump_label.c | 101 ++- kernel/locking/rwsem.c | 6 +- kernel/rcu/tasks.h | 10 + kernel/sched/core.c | 37 +- kernel/sched/fair.c | 9 +- kernel/sched/sched.h | 2 +- kernel/signal.c | 8 + kernel/task_work.c | 34 +- kernel/time/tick-broadcast.c | 23 + kernel/trace/pid_list.c | 4 +- kernel/watchdog_hld.c | 11 +- lib/decompress_bunzip2.c | 3 +- lib/kobject_uevent.c | 17 +- lib/objagg.c | 18 +- lib/sbitmap.c | 83 ++- mm/hugetlb.c | 2 +- mm/mempolicy.c | 18 +- mm/mmap_lock.c | 175 +---- mm/vmscan.c | 1 - net/bridge/br_forward.c | 4 +- net/core/filter.c | 15 +- net/core/flow_dissector.c | 2 +- net/core/xdp.c | 4 +- net/ipv4/esp4.c | 3 +- net/ipv4/fib_semantics.c | 13 +- net/ipv4/fib_trie.c | 1 + net/ipv4/nexthop.c | 7 +- net/ipv4/route.c | 18 +- net/ipv4/tcp.c | 13 +- net/ipv4/tcp_input.c | 34 +- net/ipv4/tcp_ipv4.c | 19 +- net/ipv4/tcp_output.c | 2 +- net/ipv4/tcp_timer.c | 10 +- net/ipv6/addrconf.c | 3 +- net/ipv6/esp6.c | 3 +- net/ipv6/tcp_ipv6.c | 19 +- net/mac80211/cfg.c | 23 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/rate.c | 2 +- net/mac80211/sta_info.h | 6 +- net/mac80211/vht.c | 37 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 3 +- net/netfilter/nft_set_pipapo.c | 22 +- net/netfilter/nft_set_pipapo.h | 27 +- net/netfilter/nft_set_pipapo_avx2.c | 81 ++- net/packet/af_packet.c | 86 ++- net/smc/smc_core.c | 5 +- net/sunrpc/auth_gss/gss_krb5_keys.c | 2 +- net/sunrpc/clnt.c | 3 +- net/sunrpc/xprtrdma/frwr_ops.c | 3 +- net/sunrpc/xprtrdma/verbs.c | 16 +- net/tipc/udp_media.c | 5 +- net/unix/af_unix.c | 41 +- net/unix/unix_bpf.c | 3 + net/wireless/util.c | 8 +- scripts/Makefile.lib | 6 +- scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- security/apparmor/lsm.c | 7 + security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 1 + security/keys/keyctl.c | 2 +- security/landlock/cred.c | 11 +- sound/soc/amd/acp-es8336.c | 4 +- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/max98088.c | 10 +- sound/soc/intel/common/soc-intel-quirks.h | 2 +- sound/soc/qcom/lpass-cpu.c | 4 + sound/soc/sof/imx/imx8m.c | 2 +- sound/usb/mixer.c | 7 + sound/usb/quirks.c | 4 + tools/bpf/bpftool/common.c | 2 +- tools/bpf/bpftool/prog.c | 4 + tools/bpf/resolve_btfids/main.c | 2 +- tools/lib/bpf/btf_dump.c | 8 +- tools/lib/bpf/linker.c | 11 +- tools/memory-model/lock.cat | 20 +- tools/perf/arch/x86/util/intel-pt.c | 15 +- tools/perf/tests/shell/test_arm_callgraph_fp.sh | 64 +- tools/perf/tests/workloads/leafloop.c | 20 +- tools/perf/util/sort.c | 2 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 +- .../selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 +- .../bpf/progs/btf_dump_test_case_multidim.c | 4 +- .../bpf/progs/btf_dump_test_case_syntax.c | 4 +- tools/testing/selftests/bpf/test_sockmap.c | 9 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 +- tools/testing/selftests/landlock/base_test.c | 74 +++ tools/testing/selftests/landlock/config | 5 +- tools/testing/selftests/net/fib_tests.sh | 24 +- .../selftests/net/forwarding/devlink_lib.sh | 2 + .../selftests/sigaltstack/current_stack_pointer.h | 2 +- 433 files changed, 4154 insertions(+), 2479 deletions(-)

10 months, 3 weeks

12
12
0 0

[PATCH AUTOSEL 4.19] Input: MT - limit max slots

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit 99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb ] syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. Reported-by: syzbot <syzbot+0122fa359a69694395d5(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=0122fa359a69694395d5 Suggested-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/input-mt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/input/input-mt.c b/drivers/input/input-mt.c index 6c7326c93721c..fd01c9306e66c 100644 --- a/drivers/input/input-mt.c +++ b/drivers/input/input-mt.c @@ -48,6 +48,9 @@ int input_mt_init_slots(struct input_dev *dev, unsigned int num_slots, return 0; if (mt) return mt->num_slots != num_slots ? -EINVAL : 0; + /* Arbitrary limit for avoiding too large memory allocation. */ + if (num_slots > 1024) + return -EINVAL; mt = kzalloc(struct_size(mt, slots, num_slots), GFP_KERNEL); if (!mt) -- 2.43.0

10 months, 3 weeks

1
0
0 0

[PATCH AUTOSEL 5.4 1/2] drm: panel-orientation-quirks: Add quirk for OrangePi Neo

by Sasha Levin

From: Philip Mueller <philm(a)manjaro.org> [ Upstream commit d60c429610a14560085d98fa6f4cdb43040ca8f0 ] This adds a DMI orientation quirk for the OrangePi Neo Linux Gaming Handheld. Signed-off-by: Philip Mueller <philm(a)manjaro.org> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240715045818.1019979-1-phil… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c index 43de9dfcba19a..f1091cb87de0c 100644 --- a/drivers/gpu/drm/drm_panel_orientation_quirks.c +++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c @@ -318,6 +318,12 @@ static const struct dmi_system_id orientation_data[] = { DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "ONE XPLAYER"), }, .driver_data = (void *)&lcd1600x2560_leftside_up, + }, { /* OrangePi Neo */ + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "OrangePi"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "NEO-01"), + }, + .driver_data = (void *)&lcd1200x1920_rightside_up, }, { /* Samsung GalaxyBook 10.6 */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD."), -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH AUTOSEL 5.10 1/4] drm: panel-orientation-quirks: Add quirk for OrangePi Neo

by Sasha Levin

From: Philip Mueller <philm(a)manjaro.org> [ Upstream commit d60c429610a14560085d98fa6f4cdb43040ca8f0 ] This adds a DMI orientation quirk for the OrangePi Neo Linux Gaming Handheld. Signed-off-by: Philip Mueller <philm(a)manjaro.org> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240715045818.1019979-1-phil… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c index 43de9dfcba19a..f1091cb87de0c 100644 --- a/drivers/gpu/drm/drm_panel_orientation_quirks.c +++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c @@ -318,6 +318,12 @@ static const struct dmi_system_id orientation_data[] = { DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "ONE XPLAYER"), }, .driver_data = (void *)&lcd1600x2560_leftside_up, + }, { /* OrangePi Neo */ + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "OrangePi"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "NEO-01"), + }, + .driver_data = (void *)&lcd1200x1920_rightside_up, }, { /* Samsung GalaxyBook 10.6 */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD."), -- 2.43.0

10 months, 3 weeks

1
3
0 0

[PATCH AUTOSEL 5.15 1/4] drm: panel-orientation-quirks: Add quirk for OrangePi Neo

by Sasha Levin

From: Philip Mueller <philm(a)manjaro.org> [ Upstream commit d60c429610a14560085d98fa6f4cdb43040ca8f0 ] This adds a DMI orientation quirk for the OrangePi Neo Linux Gaming Handheld. Signed-off-by: Philip Mueller <philm(a)manjaro.org> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240715045818.1019979-1-phil… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c index 43de9dfcba19a..f1091cb87de0c 100644 --- a/drivers/gpu/drm/drm_panel_orientation_quirks.c +++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c @@ -318,6 +318,12 @@ static const struct dmi_system_id orientation_data[] = { DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "ONE XPLAYER"), }, .driver_data = (void *)&lcd1600x2560_leftside_up, + }, { /* OrangePi Neo */ + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "OrangePi"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "NEO-01"), + }, + .driver_data = (void *)&lcd1200x1920_rightside_up, }, { /* Samsung GalaxyBook 10.6 */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD."), -- 2.43.0

10 months, 3 weeks

1
3
0 0

[PATCH AUTOSEL 6.1 1/5] drm: panel-orientation-quirks: Add quirk for OrangePi Neo

by Sasha Levin

From: Philip Mueller <philm(a)manjaro.org> [ Upstream commit d60c429610a14560085d98fa6f4cdb43040ca8f0 ] This adds a DMI orientation quirk for the OrangePi Neo Linux Gaming Handheld. Signed-off-by: Philip Mueller <philm(a)manjaro.org> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240715045818.1019979-1-phil… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c index 5db52d6c5c35c..039da0d1a613b 100644 --- a/drivers/gpu/drm/drm_panel_orientation_quirks.c +++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c @@ -414,6 +414,12 @@ static const struct dmi_system_id orientation_data[] = { DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "ONE XPLAYER"), }, .driver_data = (void *)&lcd1600x2560_leftside_up, + }, { /* OrangePi Neo */ + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "OrangePi"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "NEO-01"), + }, + .driver_data = (void *)&lcd1200x1920_rightside_up, }, { /* Samsung GalaxyBook 10.6 */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD."), -- 2.43.0

10 months, 3 weeks

1
4
0 0

[PATCH AUTOSEL 6.6 01/15] drm/fb-helper: Don't schedule_work() to flush frame buffer during panic()

by Sasha Levin

From: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> [ Upstream commit 833cd3e9ad8360785b6c23c82dd3856df00732d9 ] Sometimes the system [1] hangs on x86 I/O machine checks. However, the expected behavior is to reboot the system, as the machine check handler ultimately triggers a panic(), initiating a reboot in the last step. The root cause is that sometimes the panic() is blocked when drm_fb_helper_damage() invoking schedule_work() to flush the frame buffer. This occurs during the process of flushing all messages to the frame buffer driver as shown in the following call trace: Machine check occurs [2]: panic() console_flush_on_panic() console_flush_all() console_emit_next_record() con->write() vt_console_print() hide_cursor() vc->vc_sw->con_cursor() fbcon_cursor() ops->cursor() bit_cursor() soft_cursor() info->fbops->fb_imageblit() drm_fbdev_generic_defio_imageblit() drm_fb_helper_damage_area() drm_fb_helper_damage() schedule_work() // <--- blocked here ... emergency_restart() // wasn't invoked, so no reboot. During panic(), except the panic CPU, all the other CPUs are stopped. In schedule_work(), the panic CPU requires the lock of worker_pool to queue the work on that pool, while the lock may have been token by some other stopped CPU. So schedule_work() is blocked. Additionally, during a panic(), since there is no opportunity to execute any scheduled work, it's safe to fix this issue by skipping schedule_work() on 'oops_in_progress' in drm_fb_helper_damage(). [1] Enable the kernel option CONFIG_FRAMEBUFFER_CONSOLE, CONFIG_DRM_FBDEV_EMULATION, and boot with the 'console=tty0' kernel command line parameter. [2] Set 'panic_timeout' to a non-zero value before calling panic(). Acked-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: Yudong Wang <yudong.wang(a)intel.com> Tested-by: Yudong Wang <yudong.wang(a)intel.com> Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240703141737.75378-1-qiuxu.… Signed-off-by: Maarten Lankhorst,,, <maarten.lankhorst(a)linux.intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/drm_fb_helper.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 117237d3528bd..618b045230336 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -631,6 +631,17 @@ static void drm_fb_helper_add_damage_clip(struct drm_fb_helper *helper, u32 x, u static void drm_fb_helper_damage(struct drm_fb_helper *helper, u32 x, u32 y, u32 width, u32 height) { + /* + * This function may be invoked by panic() to flush the frame + * buffer, where all CPUs except the panic CPU are stopped. + * During the following schedule_work(), the panic CPU needs + * the worker_pool lock, which might be held by a stopped CPU, + * causing schedule_work() and panic() to block. Return early on + * oops_in_progress to prevent this blocking. + */ + if (oops_in_progress) + return; + drm_fb_helper_add_damage_clip(helper, x, y, width, height); schedule_work(&helper->damage_work); -- 2.43.0

10 months, 3 weeks

1
14
0 0

[PATCH AUTOSEL 6.10 01/16] drm/fb-helper: Don't schedule_work() to flush frame buffer during panic()

by Sasha Levin

From: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> [ Upstream commit 833cd3e9ad8360785b6c23c82dd3856df00732d9 ] Sometimes the system [1] hangs on x86 I/O machine checks. However, the expected behavior is to reboot the system, as the machine check handler ultimately triggers a panic(), initiating a reboot in the last step. The root cause is that sometimes the panic() is blocked when drm_fb_helper_damage() invoking schedule_work() to flush the frame buffer. This occurs during the process of flushing all messages to the frame buffer driver as shown in the following call trace: Machine check occurs [2]: panic() console_flush_on_panic() console_flush_all() console_emit_next_record() con->write() vt_console_print() hide_cursor() vc->vc_sw->con_cursor() fbcon_cursor() ops->cursor() bit_cursor() soft_cursor() info->fbops->fb_imageblit() drm_fbdev_generic_defio_imageblit() drm_fb_helper_damage_area() drm_fb_helper_damage() schedule_work() // <--- blocked here ... emergency_restart() // wasn't invoked, so no reboot. During panic(), except the panic CPU, all the other CPUs are stopped. In schedule_work(), the panic CPU requires the lock of worker_pool to queue the work on that pool, while the lock may have been token by some other stopped CPU. So schedule_work() is blocked. Additionally, during a panic(), since there is no opportunity to execute any scheduled work, it's safe to fix this issue by skipping schedule_work() on 'oops_in_progress' in drm_fb_helper_damage(). [1] Enable the kernel option CONFIG_FRAMEBUFFER_CONSOLE, CONFIG_DRM_FBDEV_EMULATION, and boot with the 'console=tty0' kernel command line parameter. [2] Set 'panic_timeout' to a non-zero value before calling panic(). Acked-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: Yudong Wang <yudong.wang(a)intel.com> Tested-by: Yudong Wang <yudong.wang(a)intel.com> Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240703141737.75378-1-qiuxu.… Signed-off-by: Maarten Lankhorst,,, <maarten.lankhorst(a)linux.intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/drm_fb_helper.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 117237d3528bd..618b045230336 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -631,6 +631,17 @@ static void drm_fb_helper_add_damage_clip(struct drm_fb_helper *helper, u32 x, u static void drm_fb_helper_damage(struct drm_fb_helper *helper, u32 x, u32 y, u32 width, u32 height) { + /* + * This function may be invoked by panic() to flush the frame + * buffer, where all CPUs except the panic CPU are stopped. + * During the following schedule_work(), the panic CPU needs + * the worker_pool lock, which might be held by a stopped CPU, + * causing schedule_work() and panic() to block. Return early on + * oops_in_progress to prevent this blocking. + */ + if (oops_in_progress) + return; + drm_fb_helper_add_damage_clip(helper, x, y, width, height); schedule_work(&helper->damage_work); -- 2.43.0

10 months, 3 weeks

1
15
0 0

[PATCH 2/2] drm/xe/display: Make display suspend/resume work on discrete

by Maarten Lankhorst

We should unpin before evicting all memory, and repin after GT resume. This way, we preserve the contents of the framebuffers, and won't hang on resume due to migration engine not being restored yet. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/xe_display.c | 23 +++++++++++++++++++++++ drivers/gpu/drm/xe/xe_pm.c | 11 ++++++----- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index 44405f17c1d28..3ff7ed278e08b 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -283,6 +283,27 @@ static bool suspend_to_idle(void) return false; } +static void xe_display_flush_cleanup_work(struct xe_device *xe) +{ + struct intel_crtc *crtc; + + for_each_intel_crtc(&xe->drm, crtc) { + struct drm_crtc_commit *commit; + + spin_lock(&crtc->base.commit_lock); + commit = list_first_entry_or_null(&crtc->base.commit_list, + struct drm_crtc_commit, commit_entry); + if (commit) + drm_crtc_commit_get(commit); + spin_unlock(&crtc->base.commit_lock); + + if (commit) { + wait_for_completion(&commit->cleanup_done); + drm_crtc_commit_put(commit); + } + } +} + void xe_display_pm_suspend(struct xe_device *xe, bool runtime) { bool s2idle = suspend_to_idle(); @@ -304,6 +325,8 @@ void xe_display_pm_suspend(struct xe_device *xe, bool runtime) if (!runtime) intel_display_driver_suspend(xe); + xe_display_flush_cleanup_work(xe); + intel_dp_mst_suspend(xe); intel_hpd_cancel_work(xe); diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index 9f3c14fd9f337..fcfb49af8c891 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -93,13 +93,13 @@ int xe_pm_suspend(struct xe_device *xe) for_each_gt(gt, xe, id) xe_gt_suspend_prepare(gt); + xe_display_pm_suspend(xe, false); + /* FIXME: Super racey... */ err = xe_bo_evict_all(xe); if (err) goto err; - xe_display_pm_suspend(xe, false); - for_each_gt(gt, xe, id) { err = xe_gt_suspend(gt); if (err) { @@ -154,11 +154,11 @@ int xe_pm_resume(struct xe_device *xe) xe_irq_resume(xe); - xe_display_pm_resume(xe, false); - for_each_gt(gt, xe, id) xe_gt_resume(gt); + xe_display_pm_resume(xe, false); + err = xe_bo_restore_user(xe); if (err) goto err; @@ -367,10 +367,11 @@ int xe_pm_runtime_suspend(struct xe_device *xe) mutex_unlock(&xe->mem_access.vram_userfault.lock); if (xe->d3cold.allowed) { + xe_display_pm_suspend(xe, true); + err = xe_bo_evict_all(xe); if (err) goto out; - xe_display_pm_suspend(xe, true); } for_each_gt(gt, xe, id) { -- 2.45.2

10 months, 3 weeks

1
0
0 0

[tip: timers/urgent] ntp: Safeguard against time_constant overflow

by tip-bot2 for Justin Stitt

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 06c03c8edce333b9ad9c6b207d93d3a5ae7c10c0 Gitweb: https://git.kernel.org/tip/06c03c8edce333b9ad9c6b207d93d3a5ae7c10c0 Author: Justin Stitt <justinstitt(a)google.com> AuthorDate: Fri, 17 May 2024 00:47:10 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 05 Aug 2024 16:14:14 +02:00 ntp: Safeguard against time_constant overflow Using syzkaller with the recently reintroduced signed integer overflow sanitizer produces this UBSAN report: UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:738:18 9223372036854775806 + 4 cannot be represented in type 'long' Call Trace: handle_overflow+0x171/0x1b0 __do_adjtimex+0x1236/0x1440 do_adjtimex+0x2be/0x740 The user supplied time_constant value is incremented by four and then clamped to the operating range. Before commit eea83d896e31 ("ntp: NTP4 user space bits update") the user supplied value was sanity checked to be in the operating range. That change removed the sanity check and relied on clamping after incrementing which does not work correctly when the user supplied value is in the overflow zone of the '+ 4' operation. The operation requires CAP_SYS_TIME and the side effect of the overflow is NTP getting out of sync. Similar to the fixups for time_maxerror and time_esterror, clamp the user space supplied value to the operating range. [ tglx: Switch to clamping ] Fixes: eea83d896e31 ("ntp: NTP4 user space bits update") Signed-off-by: Justin Stitt <justinstitt(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Miroslav Lichvar <mlichvar(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240517-b4-sio-ntp-c-v2-1-f3a80096f36f@google.… Closes: https://github.com/KSPP/linux/issues/352 --- kernel/time/ntp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index 502e1e5..8d2dd21 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -733,11 +733,10 @@ static inline void process_adjtimex_modes(const struct __kernel_timex *txc, time_esterror = clamp(txc->esterror, 0, NTP_PHASE_LIMIT); if (txc->modes & ADJ_TIMECONST) { - time_constant = txc->constant; + time_constant = clamp(txc->constant, 0, MAXTC); if (!(time_status & STA_NANO)) time_constant += 4; - time_constant = min(time_constant, (long)MAXTC); - time_constant = max(time_constant, 0l); + time_constant = clamp(time_constant, 0, MAXTC); } if (txc->modes & ADJ_TAI &&

10 months, 3 weeks

1
0
0 0

[tip: timers/urgent] timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex()

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 5916be8a53de6401871bdd953f6c60237b47d6d3 Gitweb: https://git.kernel.org/tip/5916be8a53de6401871bdd953f6c60237b47d6d3 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Sat, 03 Aug 2024 17:07:51 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 05 Aug 2024 16:14:14 +02:00 timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() The addition of the bases argument to clock_was_set() fixed up all call sites correctly except for do_adjtimex(). This uses CLOCK_REALTIME instead of CLOCK_SET_WALL as argument. CLOCK_REALTIME is 0. As a result the effect of that clock_was_set() notification is incomplete and might result in timers expiring late because the hrtimer code does not re-evaluate the affected clock bases. Use CLOCK_SET_WALL instead of CLOCK_REALTIME to tell the hrtimers code which clock bases need to be re-evaluated. Fixes: 17a1b8826b45 ("hrtimer: Add bases argument to clock_was_set()") Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/877ccx7igo.ffs@tglx --- kernel/time/timekeeping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 2fa87dc..5391e41 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -2606,7 +2606,7 @@ int do_adjtimex(struct __kernel_timex *txc) clock_set |= timekeeping_advance(TK_ADV_FREQ); if (clock_set) - clock_was_set(CLOCK_REALTIME); + clock_was_set(CLOCK_SET_WALL); ntp_notify_cmos_timer();

10 months, 3 weeks

1
0
0 0

[PATCH v2 1/1] hrtimer: Ignore slack time for RT tasks in hrtimer_start_range_ns()

by Felix Moessbauer

RT tasks do not have any timerslack, as this induces jitter. By that, the timer slack is already ignored in the nanosleep family and schedule_hrtimeout_range() (fixed in 0c52310f2600). The hrtimer_start_range_ns function is indirectly used by glibc-2.33+ for timed waits on condition variables. These are sometimes used in RT applications for realtime queue processing. At least on the combination of kernel 5.10 and glibc-2.31, the timed wait on condition variables in rt tasks was precise (no slack), however glibc-2.33 changed the internal wait implementation, exposing this oversight. Make the timer slack consistent across all hrtimer programming code, by ignoring the timerslack for tasks with rt policies also in the last remaining location in hrtimer_start_range_ns(). Cc: stable(a)vger.kernel.org Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> --- kernel/time/hrtimer.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index b8ee320208d4..e8b44e7c281f 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -1274,7 +1274,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * hrtimer_start_range_ns - (re)start an hrtimer * @timer: the timer to be added * @tim: expiry time - * @delta_ns: "slack" range for the timer + * @delta_ns: "slack" range for the timer for SCHED_OTHER tasks * @mode: timer mode: absolute (HRTIMER_MODE_ABS) or * relative (HRTIMER_MODE_REL), and pinned (HRTIMER_MODE_PINNED); * softirq based mode is considered for debug purpose only! @@ -1299,6 +1299,10 @@ void hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, base = lock_hrtimer_base(timer, &flags); + /* rt-tasks do not have a timer slack for obvious reasons */ + if (task_is_realtime(current)) + delta_ns = 0; + if (__hrtimer_start_range_ns(timer, tim, delta_ns, mode, base)) hrtimer_reprogram(timer, true); -- 2.39.2

10 months, 3 weeks

1
0
0 0

[PATCH 2/2] hrtimer: Ignore slack time for RT tasks in hrtimer_start_range_ns()

by Felix Moessbauer

RT tasks do not have any timerslack, as this induces jitter. By that, the timer slack is already ignored in the nanosleep family and schedule_hrtimeout_range() (fixed in 0c52310f2600). The hrtimer_start_range_ns function is indirectly used by glibc-2.33+ for timed waits on condition variables. These are sometimes used in RT applications for realtime queue processing. At least on the combination of kernel 5.10 and glibc-2.31, the timed wait on condition variables in rt tasks was precise (no slack), however glibc-2.33 changed the internal wait implementation, exposing the kernel bug. This patch makes the timer slack consistent across all hrtimer programming code, by ignoring the timerslack for rt tasks also in the last remaining location in hrtimer_start_range_ns(). Similar to 0c52310f2600, this fix should be backported as well. Cc: stable(a)vger.kernel.org Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> --- kernel/time/hrtimer.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 2b1469f61d9c..1b26e095114d 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -1274,7 +1274,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * hrtimer_start_range_ns - (re)start an hrtimer * @timer: the timer to be added * @tim: expiry time - * @delta_ns: "slack" range for the timer + * @delta_ns: "slack" range for the timer for SCHED_OTHER tasks * @mode: timer mode: absolute (HRTIMER_MODE_ABS) or * relative (HRTIMER_MODE_REL), and pinned (HRTIMER_MODE_PINNED); * softirq based mode is considered for debug purpose only! @@ -1299,6 +1299,10 @@ void hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, base = lock_hrtimer_base(timer, &flags); + /* rt-tasks do not have a timer slack for obvious reasons */ + if (rt_task(current)) + delta_ns = 0; + if (__hrtimer_start_range_ns(timer, tim, delta_ns, mode, base)) hrtimer_reprogram(timer, true); -- 2.39.2

10 months, 3 weeks

2
1
0 0

CI build failure in v6.6-rt

by Clark Williams

Greg, Kernel CI is reporting a build failure on v6.6-rt: https://grafana.kernelci.org/d/build/build?orgId=1&var-datasource=default&v… It's in arch/riscv/kernel/cpufeature.c where a return statement in check_unaligned_access() doesn't have a value (and check_unaligned_access returns int). Is 6.6 stable supporting RiscV? If so then we either have to fix that return, or backport the refactor of arch/riscv/kernel/cpufeature.c (f413aae96cda0). If it's not then who should I talk to about turning off riscv CI builds for v6.6-rt? Thanks, Clark

10 months, 3 weeks

3
2
0 0

Re: [REGRESSION] [PATCH v2] net: missing check virtio

by Jason Wang

On Mon, Aug 5, 2024 at 2:10 PM Blake Sperling <breakingspell(a)gmail.com> wrote: > > Hello, I noticed a regression from v.6.6.43 to v6.6.44 caused by this commit. > > When using virtio NIC with a QEMU/KVM Windows guest, network traffic from the VM stalls in the outbound (upload) direction.This affects remote access and file shares most noticeably, and the inbound (download) direction does not have the issue. > > iperf3 will show consistent results, 0 bytes/sec when initiating a test within the guest to a server on LAN, and reverse will be full speed. Nothing out of the ordinary in host dmesg or guest Event Viewer while the behavior is being displayed. > > Crucially, this only seems to affect Windows guests, Ubuntu guest with the same NIC configuration tests fine both directions. > I wonder if NetKVM guest drivers may be related, the current latest version of the drivers (v248) did not make a difference, but it is several months old. > > Let me know if there are any further tests or info I can provide, thanks! Does Willem's patch fix the issue? https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=8… Thanks

10 months, 3 weeks

2
1
0 0

[git:media_stage/master] media: ipu-bridge: fix ipu6 Kconfig dependencies

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ipu-bridge: fix ipu6 Kconfig dependencies Author: Arnd Bergmann <arnd(a)arndb.de> Date: Fri Jul 19 11:53:50 2024 +0200 Commit 4670c8c3fb04 ("media: ipu-bridge: Fix Kconfig dependencies") changed how IPU_BRIDGE dependencies are handled for all drivers, but the IPU6 variant was added the old way, which causes build time warnings when I2C is turned off: WARNING: unmet direct dependencies detected for IPU_BRIDGE Depends on [n]: MEDIA_SUPPORT [=m] && PCI [=y] && MEDIA_PCI_SUPPORT [=y] && (ACPI [=y] || COMPILE_TEST [=y]) && I2C [=n] Selected by [m]: - VIDEO_INTEL_IPU6 [=m] && MEDIA_SUPPORT [=m] && PCI [=y] && MEDIA_PCI_SUPPORT [=y] && (ACPI [=y] || COMPILE_TEST [=y]) && VIDEO_DEV [=m] && X86 [=y] && X86_64 [=y] && HAS_DMA [=y] To make it consistent with the other IPU drivers as well as avoid this warning, change the 'select' into 'depends on'. Fixes: c70281cc83d6 ("media: intel/ipu6: add Kconfig and Makefile") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> [Sakari Ailus: Alternatively depend on !IPU_BRIDGE.] Cc: stable(a)vger.kernel.org # for v6.10 Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/pci/intel/ipu6/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/pci/intel/ipu6/Kconfig b/drivers/media/pci/intel/ipu6/Kconfig index 154343080c82..b7ab24b89836 100644 --- a/drivers/media/pci/intel/ipu6/Kconfig +++ b/drivers/media/pci/intel/ipu6/Kconfig @@ -3,13 +3,13 @@ config VIDEO_INTEL_IPU6 depends on ACPI || COMPILE_TEST depends on VIDEO_DEV depends on X86 && X86_64 && HAS_DMA + depends on IPU_BRIDGE || !IPU_BRIDGE select DMA_OPS select IOMMU_IOVA select VIDEO_V4L2_SUBDEV_API select MEDIA_CONTROLLER select VIDEOBUF2_DMA_CONTIG select V4L2_FWNODE - select IPU_BRIDGE help This is the 6th Gen Intel Image Processing Unit, found in Intel SoCs and used for capturing images and video from camera sensors.

10 months, 3 weeks

1
0
0 0

[git:media_stage/master] media: uvcvideo: Fix custom control mapping probing

by Laurent Pinchart

This is an automatic generated email to let you know that the following patch were queued: Subject: media: uvcvideo: Fix custom control mapping probing Author: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon Jul 22 11:52:26 2024 +0000 Custom control mapping introduced a bug, where the filter function was applied to every single control. Fix it so it is only applied to the matching controls. The following dmesg errors during probe are now fixed: usb 1-5: Found UVC 1.00 device Integrated_Webcam_HD (0c45:670c) usb 1-5: Failed to query (GET_CUR) UVC control 2 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 3 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 6 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 7 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 8 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 9 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 10 on unit 2: -75 (exp. 1). Reported-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Closes: https://lore.kernel.org/linux-media/518cd6b4-68a8-4895-b8fc-97d4dae1ddc4@mo… Cc: stable(a)vger.kernel.org Fixes: 8f4362a8d42b ("media: uvcvideo: Allow custom control mapping") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20240722-fix-filter-mapping-v2-1-7ed5bb6c1185@chr… Tested-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/usb/uvc/uvc_ctrl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 0136df5732ba..4fe26e82e3d1 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2680,6 +2680,10 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, for (i = 0; i < ARRAY_SIZE(uvc_ctrl_mappings); ++i) { const struct uvc_control_mapping *mapping = &uvc_ctrl_mappings[i]; + if (!uvc_entity_match_guid(ctrl->entity, mapping->entity) || + ctrl->info.selector != mapping->selector) + continue; + /* Let the device provide a custom mapping. */ if (mapping->filter_mapping) { mapping = mapping->filter_mapping(chain, ctrl); @@ -2687,9 +2691,7 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, continue; } - if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && - ctrl->info.selector == mapping->selector) - __uvc_ctrl_add_mapping(chain, ctrl, mapping); + __uvc_ctrl_add_mapping(chain, ctrl, mapping); } }

10 months, 3 weeks

1
0
0 0

[git:media_stage/master] media: intel/ipu6: select AUXILIARY_BUS in Kconfig

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: intel/ipu6: select AUXILIARY_BUS in Kconfig Author: Bingbu Cao <bingbu.cao(a)intel.com> Date: Wed Jul 17 15:40:50 2024 +0800 Intel IPU6 PCI driver need register its devices on auxiliary bus, so it needs to select the AUXILIARY_BUS in Kconfig. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202407161833.7BEFXejx-lkp@intel.com/ Fixes: c70281cc83d6 ("media: intel/ipu6: add Kconfig and Makefile") Signed-off-by: Bingbu Cao <bingbu.cao(a)intel.com> Cc: stable(a)vger.kernel.org # for v6.10 Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/pci/intel/ipu6/Kconfig | 1 + 1 file changed, 1 insertion(+) --- diff --git a/drivers/media/pci/intel/ipu6/Kconfig b/drivers/media/pci/intel/ipu6/Kconfig index b7ab24b89836..40e20f0aa5ae 100644 --- a/drivers/media/pci/intel/ipu6/Kconfig +++ b/drivers/media/pci/intel/ipu6/Kconfig @@ -4,6 +4,7 @@ config VIDEO_INTEL_IPU6 depends on VIDEO_DEV depends on X86 && X86_64 && HAS_DMA depends on IPU_BRIDGE || !IPU_BRIDGE + select AUXILIARY_BUS select DMA_OPS select IOMMU_IOVA select VIDEO_V4L2_SUBDEV_API

10 months, 3 weeks

1
0
0 0

[git:media_stage/master] media: v4l: Fix missing tabular column hint for Y14P format

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: Fix missing tabular column hint for Y14P format Author: Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> Date: Sat Jun 8 18:41:27 2024 +0200 The original patch added two columns in the flat-table of Luma-Only Image Formats, without updating hints to latex: above it. This results in wrong column count in the output of Sphinx's latex builder. Fix it. Reported-by: Akira Yokosawa <akiyks(a)gmail.com> Closes: https://lore.kernel.org/linux-media/bdbc27ba-5098-49fb-aabf-753c81361cc7@gm… Fixes: adb1d4655e53 ("media: v4l: Add V4L2-PIX-FMT-Y14P format") Cc: stable(a)vger.kernel.org # for v6.10 Signed-off-by: Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- diff --git a/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst b/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst index f02e6cf3516a..74df19be91f6 100644 --- a/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst +++ b/Documentation/userspace-api/media/v4l/pixfmt-yuv-luma.rst @@ -21,9 +21,9 @@ are often referred to as greyscale formats. .. raw:: latex - \scriptsize + \tiny -.. tabularcolumns:: |p{3.6cm}|p{3.0cm}|p{1.3cm}|p{2.6cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}| +.. tabularcolumns:: |p{3.6cm}|p{2.4cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}|p{1.3cm}| .. flat-table:: Luma-Only Image Formats :header-rows: 1

10 months, 3 weeks

1
0
0 0

[REGRESSION] [PATCH v2] net: missing check virtio

by Blake Sperling

Hello, I noticed a regression from v.6.6.43 to v6.6.44 caused by this commit. When using virtio NIC with a QEMU/KVM Windows guest, network traffic from the VM stalls in the outbound (upload) direction.This affects remote access and file shares most noticeably, and the inbound (download) direction does not have the issue. iperf3 will show consistent results, 0 bytes/sec when initiating a test within the guest to a server on LAN, and reverse will be full speed. Nothing out of the ordinary in host dmesg or guest Event Viewer while the behavior is being displayed. Crucially, this only seems to affect Windows guests, a Ubuntu guest with the same NIC configuration works fine in both directions. I wonder if NetKVM guest drivers may be related, the current latest version of the drivers (v248) did not make a difference, but it is several months old. Let me know if there are any further tests or info I can provide, thanks!

10 months, 3 weeks

1
0
0 0

Re: [PATCH 3.2 054/102] iscsi-target: avoid NULL pointer in iscsi_copy_param_list failure

by Jasoor WW

Sent from my iPhone

10 months, 3 weeks

1
0
0 0

[PATCH v2] usb: dwc3: Runtime get and put usb power_supply handle

by Kyle Tso

It is possible that the usb power_supply is registered after the probe of dwc3. In this case, trying to get the usb power_supply during the probe will fail and there is no chance to try again. Also the usb power_supply might be unregistered at anytime so that the handle of it in dwc3 would become invalid. To fix this, get the handle right before calling to power_supply functions and put it afterward. Fixes: 6f0764b5adea ("usb: dwc3: add a power supply for current control") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- v1 -> v2: - move power_supply_put out of interrupt context drivers/usb/dwc3/core.c | 62 ++++++++++++++++++++++++++------------- drivers/usb/dwc3/core.h | 10 +++++-- drivers/usb/dwc3/gadget.c | 10 +------ 3 files changed, 51 insertions(+), 31 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 734de2a8bd21..9978067b7734 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -283,6 +283,38 @@ void dwc3_set_mode(struct dwc3 *dwc, u32 mode) queue_work(system_freezable_wq, &dwc->drd_work); } +static void __dwc3_set_gadget_vbus_draw(struct work_struct *work) +{ + struct dwc3 *dwc = vbus_work_to_dwc(work); + struct power_supply *usb_psy; + union power_supply_propval val = {}; + int ret; + + usb_psy = power_supply_get_by_name(dwc->usb_psy_name); + if (!usb_psy) { + dev_err(dwc->dev, "couldn't get usb power supply\n"); + return; + } + + val.intval = 1000 * READ_ONCE(dwc->vbus_draw_ma); + ret = power_supply_set_property(usb_psy, POWER_SUPPLY_PROP_INPUT_CURRENT_LIMIT, &val); + if (ret < 0) + dev_err(dwc->dev, "failed to set power supply property\n"); + + power_supply_put(usb_psy); +} + +int dwc3_set_gadget_vbus_draw(struct dwc3 *dwc, unsigned int mA) +{ + if (!dwc->usb_psy_name) + return -EOPNOTSUPP; + + WRITE_ONCE(dwc->vbus_draw_ma, mA); + queue_work(system_highpri_wq, &dwc->vbus_draw_work); + + return 0; +} + u32 dwc3_core_fifo_space(struct dwc3_ep *dep, u8 type) { struct dwc3 *dwc = dep->dwc; @@ -1631,8 +1663,6 @@ static void dwc3_get_properties(struct dwc3 *dwc) u8 tx_thr_num_pkt_prd = 0; u8 tx_max_burst_prd = 0; u8 tx_fifo_resize_max_num; - const char *usb_psy_name; - int ret; /* default to highest possible threshold */ lpm_nyet_threshold = 0xf; @@ -1667,12 +1697,7 @@ static void dwc3_get_properties(struct dwc3 *dwc) dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); - ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); - if (ret >= 0) { - dwc->usb_psy = power_supply_get_by_name(usb_psy_name); - if (!dwc->usb_psy) - dev_err(dev, "couldn't get usb power supply\n"); - } + device_property_read_string(dev, "usb-psy-name", &dwc->usb_psy_name); dwc->has_lpm_erratum = device_property_read_bool(dev, "snps,has-lpm-erratum"); @@ -2130,21 +2155,22 @@ static int dwc3_probe(struct platform_device *pdev) dwc3_get_properties(dwc); + if (dwc->usb_psy_name) + INIT_WORK(&dwc->vbus_draw_work, __dwc3_set_gadget_vbus_draw); + dwc3_get_software_properties(dwc); dwc->reset = devm_reset_control_array_get_optional_shared(dev); - if (IS_ERR(dwc->reset)) { - ret = PTR_ERR(dwc->reset); - goto err_put_psy; - } + if (IS_ERR(dwc->reset)) + return PTR_ERR(dwc->reset); ret = dwc3_get_clocks(dwc); if (ret) - goto err_put_psy; + return ret; ret = reset_control_deassert(dwc->reset); if (ret) - goto err_put_psy; + return ret; ret = dwc3_clk_enable(dwc); if (ret) @@ -2245,9 +2271,6 @@ static int dwc3_probe(struct platform_device *pdev) dwc3_clk_disable(dwc); err_assert_reset: reset_control_assert(dwc->reset); -err_put_psy: - if (dwc->usb_psy) - power_supply_put(dwc->usb_psy); return ret; } @@ -2258,6 +2281,8 @@ static void dwc3_remove(struct platform_device *pdev) pm_runtime_get_sync(&pdev->dev); + if (dwc->usb_psy_name) + cancel_work_sync(&dwc->vbus_draw_work); dwc3_core_exit_mode(dwc); dwc3_debugfs_exit(dwc); @@ -2276,9 +2301,6 @@ static void dwc3_remove(struct platform_device *pdev) pm_runtime_set_suspended(&pdev->dev); dwc3_free_event_buffers(dwc); - - if (dwc->usb_psy) - power_supply_put(dwc->usb_psy); } #ifdef CONFIG_PM diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 1e561fd8b86e..b82eed4ad2b2 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -993,6 +993,8 @@ struct dwc3_scratchpad_array { /** * struct dwc3 - representation of our controller * @drd_work: workqueue used for role swapping + * @vbus_draw_work: work used for setting Vbus current through power_supply + * @vbus_draw_ma: Vbus current draw to be set * @ep0_trb: trb which is used for the ctrl_req * @bounce: address of bounce buffer * @setup_buf: used while precessing STD USB requests @@ -1045,7 +1047,7 @@ struct dwc3_scratchpad_array { * @role_sw: usb_role_switch handle * @role_switch_default_mode: default operation mode of controller while * usb role is USB_ROLE_NONE. - * @usb_psy: pointer to power supply interface. + * @usb_psy_name: name of the usb power supply interface. * @usb2_phy: pointer to USB2 PHY * @usb3_phy: pointer to USB3 PHY * @usb2_generic_phy: pointer to array of USB2 PHYs @@ -1163,6 +1165,8 @@ struct dwc3_scratchpad_array { */ struct dwc3 { struct work_struct drd_work; + struct work_struct vbus_draw_work; + unsigned int vbus_draw_ma; struct dwc3_trb *ep0_trb; void *bounce; u8 *setup_buf; @@ -1223,7 +1227,7 @@ struct dwc3 { struct usb_role_switch *role_sw; enum usb_dr_mode role_switch_default_mode; - struct power_supply *usb_psy; + const char *usb_psy_name; u32 fladj; u32 ref_clk_per; @@ -1394,6 +1398,7 @@ struct dwc3 { #define INCRX_UNDEF_LENGTH_BURST_MODE 1 #define work_to_dwc(w) (container_of((w), struct dwc3, drd_work)) +#define vbus_work_to_dwc(w) container_of((w), struct dwc3, vbus_draw_work) /* -------------------------------------------------------------------------- */ @@ -1554,6 +1559,7 @@ struct dwc3_gadget_ep_cmd_params { /* prototypes */ void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode); void dwc3_set_mode(struct dwc3 *dwc, u32 mode); +int dwc3_set_gadget_vbus_draw(struct dwc3 *dwc, unsigned int mA); u32 dwc3_core_fifo_space(struct dwc3_ep *dep, u8 type); #define DWC3_IP_IS(_ip) \ diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89fc690fdf34..93bf348c24eb 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -3050,19 +3050,11 @@ static void dwc3_gadget_set_ssp_rate(struct usb_gadget *g, static int dwc3_gadget_vbus_draw(struct usb_gadget *g, unsigned int mA) { struct dwc3 *dwc = gadget_to_dwc(g); - union power_supply_propval val = {0}; - int ret; if (dwc->usb2_phy) return usb_phy_set_power(dwc->usb2_phy, mA); - if (!dwc->usb_psy) - return -EOPNOTSUPP; - - val.intval = 1000 * mA; - ret = power_supply_set_property(dwc->usb_psy, POWER_SUPPLY_PROP_INPUT_CURRENT_LIMIT, &val); - - return ret; + return dwc3_set_gadget_vbus_draw(dwc, mA); } /** -- 2.46.0.rc1.232.g9752f9e123-goog

10 months, 3 weeks

1
2
0 0

+ mm-only-enforce-minimum-stack-gap-size-if-its-sensible.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: only enforce minimum stack gap size if it's sensible has been added to the -mm mm-unstable branch. Its filename is mm-only-enforce-minimum-stack-gap-size-if-its-sensible.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Gow <davidgow(a)google.com> Subject: mm: only enforce minimum stack gap size if it's sensible Date: Sat, 3 Aug 2024 15:46:41 +0800 The generic mmap_base code tries to leave a gap between the top of the stack and the mmap base address, but enforces a minimum gap size (MIN_GAP) of 128MB, which is too large on some setups. In particular, on arm tasks without ADDR_LIMIT_32BIT, the STACK_TOP value is less than 128MB, so it's impossible to fit such a gap in. Only enforce this minimum if MIN_GAP < MAX_GAP, as we'd prefer to honour MAX_GAP, which is defined proportionally, so scales better and always leaves us with both _some_ stack space and some room for mmap. This fixes the usercopy KUnit test suite on 32-bit arm, as it doesn't set any personality flags so gets the default (in this case 26-bit) task size. This test can be run with: ./tools/testing/kunit/kunit.py run --arch arm usercopy --make_options LLVM=1 Link: https://lkml.kernel.org/r/20240803074642.1849623-2-davidgow@google.com Fixes: dba79c3df4a2 ("arm: use generic mmap top-down layout and brk randomization") Signed-off-by: David Gow <davidgow(a)google.com> Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: Kees Cook <kees(a)kernel.org> Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Russell King <linux(a)armlinux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/util.c~mm-only-enforce-minimum-stack-gap-size-if-its-sensible +++ a/mm/util.c @@ -463,7 +463,7 @@ static unsigned long mmap_base(unsigned if (gap + pad > gap) gap += pad; - if (gap < MIN_GAP) + if (gap < MIN_GAP && MIN_GAP < MAX_GAP) gap = MIN_GAP; else if (gap > MAX_GAP) gap = MAX_GAP; _ Patches currently in -mm which might be from davidgow(a)google.com are mm-only-enforce-minimum-stack-gap-size-if-its-sensible.patch

10 months, 3 weeks

1
0
0 0

[git:media_stage/fixes] media: uvcvideo: Fix custom control mapping probing

by Laurent Pinchart

This is an automatic generated email to let you know that the following patch were queued: Subject: media: uvcvideo: Fix custom control mapping probing Author: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon Jul 22 11:52:26 2024 +0000 Custom control mapping introduced a bug, where the filter function was applied to every single control. Fix it so it is only applied to the matching controls. The following dmesg errors during probe are now fixed: usb 1-5: Found UVC 1.00 device Integrated_Webcam_HD (0c45:670c) usb 1-5: Failed to query (GET_CUR) UVC control 2 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 3 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 6 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 7 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 8 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 9 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 10 on unit 2: -75 (exp. 1). Reported-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Closes: https://lore.kernel.org/linux-media/518cd6b4-68a8-4895-b8fc-97d4dae1ddc4@mo… Cc: stable(a)vger.kernel.org Fixes: 8f4362a8d42b ("media: uvcvideo: Allow custom control mapping") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Link: https://lore.kernel.org/r/20240722-fix-filter-mapping-v2-1-7ed5bb6c1185@chr… Tested-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/usb/uvc/uvc_ctrl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 0136df5732ba..4fe26e82e3d1 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2680,6 +2680,10 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, for (i = 0; i < ARRAY_SIZE(uvc_ctrl_mappings); ++i) { const struct uvc_control_mapping *mapping = &uvc_ctrl_mappings[i]; + if (!uvc_entity_match_guid(ctrl->entity, mapping->entity) || + ctrl->info.selector != mapping->selector) + continue; + /* Let the device provide a custom mapping. */ if (mapping->filter_mapping) { mapping = mapping->filter_mapping(chain, ctrl); @@ -2687,9 +2691,7 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, continue; } - if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && - ctrl->info.selector == mapping->selector) - __uvc_ctrl_add_mapping(chain, ctrl, mapping); + __uvc_ctrl_add_mapping(chain, ctrl, mapping); } }

10 months, 3 weeks

1
0
0 0

Linux 6.10.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.3 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 4 Documentation/arch/powerpc/kvm-nested.rst | 4 Documentation/devicetree/bindings/phy/qcom,sc8280xp-qmp-usb3-uni-phy.yaml | 2 Documentation/devicetree/bindings/thermal/thermal-zones.yaml | 5 Documentation/networking/xsk-tx-metadata.rst | 16 Documentation/virt/kvm/api.rst | 12 Makefile | 2 arch/arm/boot/dts/allwinner/Makefile | 62 arch/arm/boot/dts/nxp/imx/imx6q-kontron-samx6i.dtsi | 23 arch/arm/boot/dts/nxp/imx/imx6qdl-kontron-samx6i.dtsi | 14 arch/arm/boot/dts/qcom/qcom-msm8226-microsoft-common.dtsi | 4 arch/arm/boot/dts/st/stm32mp151.dtsi | 1 arch/arm/mach-pxa/spitz.c | 30 arch/arm/mm/fault.c | 4 arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 5 arch/arm64/boot/dts/amlogic/meson-g12.dtsi | 4 arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 10 arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 10 arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 8 arch/arm64/boot/dts/freescale/imx8mp.dtsi | 89 - arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 arch/arm64/boot/dts/mediatek/mt7981b.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8183-kukui-audio-da7219.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 8 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8192.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 arch/arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 arch/arm64/boot/dts/qcom/qcm6490-fairphone-fp5.dts | 1 arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 1 arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 1 arch/arm64/boot/dts/qcom/qdu1000.dtsi | 15 arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 4 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r1-kb.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r1-lte.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r10-kb.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r10-lte.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r3-kb.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r3-lte.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r9-kb.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor-r9-lte.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 5 arch/arm64/boot/dts/qcom/sc7180.dtsi | 3 arch/arm64/boot/dts/qcom/sc7280-idp.dtsi | 1 arch/arm64/boot/dts/qcom/sc7280-qcard.dtsi | 1 arch/arm64/boot/dts/qcom/sc7280.dtsi | 14 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 8 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi | 4 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 28 arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 1 arch/arm64/boot/dts/qcom/sm6115.dtsi | 2 arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 5 arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 5 arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 5 arch/arm64/boot/dts/renesas/r8a779h0.dtsi | 1 arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 5 arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 5 arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 5 arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3566-roc-pc.dts | 2 arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 arch/arm64/boot/dts/rockchip/rk3568-fastrhino-r66s.dts | 4 arch/arm64/boot/dts/rockchip/rk3568-fastrhino-r66s.dtsi | 48 arch/arm64/boot/dts/rockchip/rk3568-fastrhino-r68s.dts | 16 arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 4 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 4 arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 arch/arm64/boot/dts/ti/k3-am625-phyboard-lyra-rdk.dts | 2 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 4 arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 2 arch/arm64/boot/dts/ti/k3-am62p-main.dtsi | 4 arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 4 arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 2 arch/arm64/boot/dts/ti/k3-am642-hummingboard-t.dts | 1 arch/arm64/boot/dts/ti/k3-j722s.dtsi | 8 arch/arm64/include/asm/pgtable.h | 22 arch/arm64/kernel/smp.c | 6 arch/arm64/net/bpf_jit_comp.c | 4 arch/loongarch/kernel/hw_breakpoint.c | 2 arch/loongarch/kernel/ptrace.c | 3 arch/m68k/amiga/config.c | 9 arch/m68k/atari/ataints.c | 6 arch/m68k/include/asm/cmpxchg.h | 2 arch/mips/Makefile | 2 arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 arch/mips/include/asm/mach-loongson64/boot_param.h | 2 arch/mips/include/asm/mips-cm.h | 4 arch/mips/kernel/smp-cps.c | 5 arch/mips/loongson64/env.c | 8 arch/mips/loongson64/reset.c | 38 arch/mips/loongson64/smp.c | 23 arch/mips/sgi-ip30/ip30-console.c | 1 arch/parisc/Kconfig | 1 arch/powerpc/configs/85xx-hw.config | 2 arch/powerpc/include/asm/guest-state-buffer.h | 3 arch/powerpc/include/asm/kvm_book3s.h | 1 arch/powerpc/kernel/prom.c | 12 arch/powerpc/kexec/core_64.c | 53 arch/powerpc/kvm/book3s_hv.c | 9 arch/powerpc/kvm/book3s_hv_nestedv2.c | 7 arch/powerpc/kvm/powerpc.c | 4 arch/powerpc/kvm/test-guest-state-buffer.c | 2 arch/powerpc/mm/nohash/8xx.c | 3 arch/powerpc/xmon/ppc-dis.c | 33 arch/riscv/kernel/head.S | 19 arch/riscv/kernel/smpboot.c | 14 arch/riscv/net/bpf_jit_comp64.c | 18 arch/s390/kernel/perf_cpum_cf.c | 14 arch/s390/kernel/setup.c | 2 arch/s390/kernel/uv.c | 8 arch/s390/kvm/kvm-s390.c | 3 arch/s390/pci/pci_irq.c | 110 - arch/sparc/include/asm/oplib_64.h | 1 arch/sparc/prom/init_64.c | 3 arch/sparc/prom/p1275.c | 2 arch/um/drivers/ubd_kern.c | 50 arch/um/kernel/time.c | 4 arch/um/os-Linux/signal.c | 118 + arch/x86/Kconfig.assembler | 2 arch/x86/Makefile.um | 1 arch/x86/entry/syscall_32.c | 10 arch/x86/entry/syscall_64.c | 9 arch/x86/entry/syscall_x32.c | 7 arch/x86/entry/syscalls/syscall_32.tbl | 6 arch/x86/entry/syscalls/syscall_64.tbl | 6 arch/x86/events/amd/uncore.c | 28 arch/x86/events/core.c | 3 arch/x86/events/intel/cstate.c | 7 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/pt.c | 4 arch/x86/events/intel/pt.h | 4 arch/x86/events/intel/uncore_snbep.c | 6 arch/x86/include/asm/kvm-x86-ops.h | 1 arch/x86/include/asm/kvm_host.h | 3 arch/x86/include/asm/shstk.h | 2 arch/x86/kernel/devicetree.c | 2 arch/x86/kernel/shstk.c | 11 arch/x86/kernel/uprobes.c | 7 arch/x86/kvm/vmx/main.c | 1 arch/x86/kvm/vmx/nested.c | 47 arch/x86/kvm/vmx/posted_intr.h | 10 arch/x86/kvm/vmx/vmx.c | 31 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/vmx/x86_ops.h | 1 arch/x86/kvm/x86.c | 14 arch/x86/pci/intel_mid_pci.c | 4 arch/x86/pci/xen.c | 4 arch/x86/platform/intel/iosf_mbi.c | 4 arch/x86/um/sys_call_table_32.c | 10 arch/x86/um/sys_call_table_64.c | 11 arch/x86/virt/svm/sev.c | 44 arch/x86/xen/p2m.c | 4 block/bio-integrity.c | 11 block/blk-mq.c | 32 block/genhd.c | 2 block/mq-deadline.c | 20 drivers/android/binder.c | 4 drivers/ata/libata-scsi.c | 176 +- drivers/auxdisplay/ht16k33.c | 1 drivers/base/devres.c | 11 drivers/block/null_blk/main.c | 2 drivers/block/rbd.c | 35 drivers/block/ublk_drv.c | 5 drivers/block/xen-blkfront.c | 16 drivers/bluetooth/btintel.c | 119 - drivers/bluetooth/btintel_pcie.c | 6 drivers/bluetooth/btnxpuart.c | 52 drivers/bluetooth/btusb.c | 4 drivers/bluetooth/hci_bcm4377.c | 2 drivers/bus/mhi/ep/main.c | 14 drivers/char/hw_random/amd-rng.c | 4 drivers/char/hw_random/core.c | 4 drivers/char/ipmi/ssif_bmc.c | 6 drivers/char/tpm/eventlog/common.c | 2 drivers/char/tpm/tpm_tis_spi_main.c | 1 drivers/clk/clk-en7523.c | 9 drivers/clk/davinci/da8xx-cfgchip.c | 4 drivers/clk/meson/s4-peripherals.c | 2 drivers/clk/meson/s4-pll.c | 5 drivers/clk/qcom/camcc-sc7280.c | 5 drivers/clk/qcom/clk-rcg2.c | 32 drivers/clk/qcom/gcc-sa8775p.c | 40 drivers/clk/qcom/gcc-sc7280.c | 3 drivers/clk/qcom/gcc-x1e80100.c | 46 drivers/clk/qcom/gpucc-sa8775p.c | 41 drivers/clk/qcom/gpucc-sm8350.c | 5 drivers/clk/qcom/kpss-xcc.c | 4 drivers/clk/samsung/clk-exynos4.c | 13 drivers/cpufreq/amd-pstate-ut.c | 12 drivers/cpufreq/amd-pstate.c | 43 drivers/cpufreq/qcom-cpufreq-nvmem.c | 13 drivers/cpufreq/sun50i-cpufreq-nvmem.c | 4 drivers/cpufreq/ti-cpufreq.c | 2 drivers/crypto/atmel-sha204a.c | 2 drivers/crypto/ccp/sev-dev.c | 8 drivers/crypto/intel/qat/qat_common/adf_cfg.c | 6 drivers/crypto/mxs-dcp.c | 3 drivers/crypto/tegra/tegra-se-main.c | 1 drivers/dma/fsl-edma-common.c | 3 drivers/dma/fsl-edma-common.h | 1 drivers/dma/fsl-edma-main.c | 2 drivers/dma/ti/k3-udma.c | 4 drivers/edac/Makefile | 10 drivers/edac/skx_common.c | 21 drivers/edac/skx_common.h | 4 drivers/firmware/efi/libstub/screen_info.c | 2 drivers/firmware/efi/libstub/x86-stub.c | 25 drivers/firmware/turris-mox-rwtm.c | 23 drivers/gpu/drm/Kconfig | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 9 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c | 2 drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 6 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 6 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 drivers/gpu/drm/amd/display/dc/dc.h | 1 drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c | 2 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 56 drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.c | 15 drivers/gpu/drm/amd/display/dc/optc/dcn20/dcn20_optc.c | 10 drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c | 12 drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c | 12 drivers/gpu/drm/amd/display/include/grph_object_id.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 43 drivers/gpu/drm/bridge/adv7511/adv7511.h | 2 drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 13 drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 drivers/gpu/drm/bridge/ite-it6505.c | 73 - drivers/gpu/drm/bridge/samsung-dsim.c | 4 drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 drivers/gpu/drm/drm_fbdev_dma.c | 3 drivers/gpu/drm/drm_panic.c | 70 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 drivers/gpu/drm/i915/display/intel_crtc_state_dump.c | 7 drivers/gpu/drm/i915/display/intel_display.c | 6 drivers/gpu/drm/i915/display/intel_display_types.h | 2 drivers/gpu/drm/i915/display/intel_dp.c | 4 drivers/gpu/drm/i915/display/intel_dp_link_training.c | 55 drivers/gpu/drm/i915/display/intel_fbc.c | 2 drivers/gpu/drm/i915/display/intel_psr.c | 36 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 6 drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 109 + drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 8 drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 41 drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 2 drivers/gpu/drm/mediatek/mtk_dp.c | 10 drivers/gpu/drm/mediatek/mtk_dpi.c | 5 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 24 drivers/gpu/drm/mediatek/mtk_drm_drv.h | 4 drivers/gpu/drm/mediatek/mtk_dsi.c | 5 drivers/gpu/drm/mediatek/mtk_ethdr.c | 21 drivers/gpu/drm/mediatek/mtk_plane.c | 4 drivers/gpu/drm/meson/meson_drv.c | 37 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 13 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 7 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys.h | 5 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 32 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 13 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 14 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 6 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 drivers/gpu/drm/msm/dp/dp_aux.c | 5 drivers/gpu/drm/msm/dsi/dsi_host.c | 6 drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 drivers/gpu/drm/panel/panel-himax-hx8394.c | 3 drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 8 drivers/gpu/drm/panel/panel-lg-sw43408.c | 33 drivers/gpu/drm/panfrost/panfrost_drv.c | 1 drivers/gpu/drm/panthor/panthor_sched.c | 1 drivers/gpu/drm/qxl/qxl_display.c | 17 drivers/gpu/drm/qxl/qxl_object.c | 13 drivers/gpu/drm/qxl/qxl_object.h | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 48 drivers/gpu/drm/ttm/tests/ttm_kunit_helpers.c | 7 drivers/gpu/drm/ttm/tests/ttm_kunit_helpers.h | 3 drivers/gpu/drm/ttm/tests/ttm_pool_test.c | 4 drivers/gpu/drm/ttm/tests/ttm_resource_test.c | 2 drivers/gpu/drm/ttm/tests/ttm_tt_test.c | 20 drivers/gpu/drm/udl/udl_modeset.c | 3 drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 12 drivers/gpu/drm/xe/xe_bo.c | 47 drivers/gpu/drm/xe/xe_bo_types.h | 3 drivers/gpu/drm/xe/xe_exec.c | 14 drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 1 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 1 drivers/gpu/drm/xlnx/zynqmp_kms.c | 12 drivers/hwmon/adt7475.c | 2 drivers/hwmon/ltc2991.c | 4 drivers/hwmon/max6697.c | 5 drivers/hwtracing/coresight/coresight-platform.c | 4 drivers/i3c/master/mipi-i3c-hci/core.c | 8 drivers/iio/adc/ad9467.c | 65 drivers/iio/adc/adi-axi-adc.c | 2 drivers/iio/frequency/adrf6780.c | 1 drivers/iio/industrialio-gts-helper.c | 7 drivers/infiniband/core/cache.c | 14 drivers/infiniband/core/device.c | 14 drivers/infiniband/core/iwcm.c | 11 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 drivers/infiniband/hw/hns/hns_roce_device.h | 7 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 164 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 drivers/infiniband/hw/hns/hns_roce_mr.c | 5 drivers/infiniband/hw/hns/hns_roce_qp.c | 4 drivers/infiniband/hw/hns/hns_roce_srq.c | 2 drivers/infiniband/hw/mana/device.c | 16 drivers/infiniband/hw/mlx4/alias_GUID.c | 2 drivers/infiniband/hw/mlx4/mad.c | 2 drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 drivers/infiniband/hw/mlx5/odp.c | 6 drivers/infiniband/sw/rxe/rxe_req.c | 7 drivers/input/keyboard/qt1050.c | 7 drivers/input/mouse/elan_i2c_core.c | 2 drivers/interconnect/qcom/qcm2290.c | 2 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/iommu/arm/arm-smmu/arm-smmu-qcom-debug.c | 17 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 39 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.h | 2 drivers/iommu/intel/cache.c | 3 drivers/iommu/intel/iommu.c | 2 drivers/iommu/iommufd/iova_bitmap.c | 5 drivers/iommu/iommufd/selftest.c | 2 drivers/iommu/sprd-iommu.c | 2 drivers/irqchip/irq-imx-irqsteer.c | 24 drivers/isdn/hardware/mISDN/hfcmulti.c | 7 drivers/leds/flash/leds-mt6360.c | 5 drivers/leds/flash/leds-qcom-flash.c | 10 drivers/leds/led-class.c | 1 drivers/leds/led-triggers.c | 8 drivers/leds/leds-ss4200.c | 7 drivers/leds/rgb/leds-qcom-lpg.c | 8 drivers/leds/trigger/ledtrig-timer.c | 5 drivers/macintosh/therm_windtunnel.c | 2 drivers/mailbox/imx-mailbox.c | 10 drivers/mailbox/mtk-cmdq-mailbox.c | 12 drivers/mailbox/omap-mailbox.c | 3 drivers/md/dm-raid.c | 5 drivers/md/dm-table.c | 15 drivers/md/dm-verity-target.c | 16 drivers/md/dm-zone.c | 25 drivers/md/dm.h | 1 drivers/md/md-bitmap.c | 6 drivers/md/md-cluster.c | 22 drivers/md/md.c | 32 drivers/md/raid0.c | 21 drivers/md/raid1.c | 15 drivers/md/raid5.c | 76 - drivers/media/i2c/Kconfig | 1 drivers/media/i2c/alvium-csi2.c | 6 drivers/media/i2c/hi846.c | 2 drivers/media/i2c/imx219.c | 2 drivers/media/i2c/imx412.c | 9 drivers/media/pci/intel/ivsc/mei_csi.c | 14 drivers/media/pci/ivtv/ivtv-udma.c | 8 drivers/media/pci/ivtv/ivtv-yuv.c | 6 drivers/media/pci/ivtv/ivtvfb.c | 6 drivers/media/pci/saa7134/saa7134-dvb.c | 8 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_if.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 6 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 3 drivers/media/platform/nxp/imx-pxp.c | 3 drivers/media/platform/qcom/venus/vdec.c | 3 drivers/media/platform/renesas/rcar-csi2.c | 5 drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 drivers/media/platform/st/sti/c8sectpfe/c8sectpfe-debugfs.h | 4 drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 4 drivers/media/rc/imon.c | 5 drivers/media/rc/lirc_dev.c | 4 drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 drivers/media/usb/uvc/uvc_ctrl.c | 9 drivers/media/usb/uvc/uvc_driver.c | 12 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/usb/uvc/uvcvideo.h | 1 drivers/media/v4l2-core/v4l2-async.c | 3 drivers/memory/Kconfig | 2 drivers/mfd/Makefile | 6 drivers/mfd/omap-usb-tll.c | 3 drivers/mfd/rsmu_core.c | 2 drivers/misc/eeprom/ee1004.c | 6 drivers/mtd/nand/raw/Kconfig | 3 drivers/mtd/spi-nor/winbond.c | 2 drivers/mtd/tests/Makefile | 34 drivers/mtd/tests/mtd_test.c | 9 drivers/mtd/ubi/eba.c | 3 drivers/net/bonding/bond_main.c | 7 drivers/net/dsa/b53/b53_common.c | 3 drivers/net/dsa/microchip/ksz_common.c | 7 drivers/net/dsa/mv88e6xxx/chip.c | 3 drivers/net/ethernet/brocade/bna/bna_types.h | 2 drivers/net/ethernet/brocade/bna/bnad.c | 11 drivers/net/ethernet/cortina/gemini.c | 23 drivers/net/ethernet/freescale/fec_main.c | 6 drivers/net/ethernet/google/gve/gve_tx.c | 5 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 drivers/net/ethernet/hisilicon/hns3/Makefile | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.c | 14 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_tqp_stats.c | 5 drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 drivers/net/ethernet/intel/ice/ice_fdir.h | 3 drivers/net/ethernet/intel/ice/ice_switch.c | 8 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 drivers/net/ethernet/microsoft/mana/mana_en.c | 19 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/netconsole.c | 2 drivers/net/pse-pd/pse_core.c | 4 drivers/net/virtio_net.c | 8 drivers/net/wireless/ath/ath11k/ce.h | 6 drivers/net/wireless/ath/ath11k/core.c | 29 drivers/net/wireless/ath/ath11k/dp_rx.c | 3 drivers/net/wireless/ath/ath11k/dp_rx.h | 3 drivers/net/wireless/ath/ath11k/mac.c | 28 drivers/net/wireless/ath/ath11k/reg.c | 14 drivers/net/wireless/ath/ath11k/reg.h | 4 drivers/net/wireless/ath/ath12k/acpi.c | 2 drivers/net/wireless/ath/ath12k/ce.h | 6 drivers/net/wireless/ath/ath12k/core.c | 7 drivers/net/wireless/ath/ath12k/dp.c | 18 drivers/net/wireless/ath/ath12k/dp.h | 1 drivers/net/wireless/ath/ath12k/dp_rx.c | 67 drivers/net/wireless/ath/ath12k/dp_tx.c | 47 drivers/net/wireless/ath/ath12k/hal_desc.h | 48 drivers/net/wireless/ath/ath12k/hw.c | 8 drivers/net/wireless/ath/ath12k/hw.h | 3 drivers/net/wireless/ath/ath12k/mac.c | 17 drivers/net/wireless/ath/ath12k/wmi.c | 23 drivers/net/wireless/ath/ath12k/wmi.h | 12 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 drivers/net/wireless/intel/iwlwifi/mvm/link.c | 9 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 9 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 5 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 drivers/net/wireless/realtek/rtl8xxxu/8188f.c | 15 drivers/net/wireless/realtek/rtw88/mac.c | 9 drivers/net/wireless/realtek/rtw88/main.h | 2 drivers/net/wireless/realtek/rtw88/reg.h | 1 drivers/net/wireless/realtek/rtw88/rtw8703b.c | 1 drivers/net/wireless/realtek/rtw88/rtw8723d.c | 1 drivers/net/wireless/realtek/rtw88/rtw8821c.c | 1 drivers/net/wireless/realtek/rtw88/rtw8822b.c | 1 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 1 drivers/net/wireless/realtek/rtw88/usb.c | 6 drivers/net/wireless/realtek/rtw89/debug.c | 2 drivers/net/wireless/realtek/rtw89/fw.c | 13 drivers/net/wireless/realtek/rtw89/mac.c | 5 drivers/net/wireless/realtek/rtw89/pci.c | 23 drivers/net/wireless/realtek/rtw89/rtw8852b.c | 6 drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 2 drivers/net/wireless/virtual/virt_wifi.c | 20 drivers/nvme/host/pci.c | 5 drivers/nvme/target/auth.c | 14 drivers/nvmem/rockchip-otp.c | 1 drivers/opp/core.c | 6 drivers/opp/ti-opp-supply.c | 6 drivers/parport/procfs.c | 24 drivers/pci/controller/dwc/pci-keystone.c | 156 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 drivers/pci/controller/dwc/pcie-tegra194.c | 1 drivers/pci/controller/pci-hyperv.c | 4 drivers/pci/controller/pci-loongson.c | 13 drivers/pci/controller/pcie-rcar-host.c | 6 drivers/pci/controller/pcie-rockchip.c | 2 drivers/pci/endpoint/functions/pci-epf-test.c | 14 drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 drivers/pci/pci.c | 6 drivers/pci/setup-bus.c | 6 drivers/perf/arm_pmuv3.c | 10 drivers/phy/cadence/phy-cadence-torrent.c | 3 drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 9 drivers/phy/rockchip/Kconfig | 2 drivers/phy/xilinx/phy-zynqmp.c | 14 drivers/pinctrl/core.c | 12 drivers/pinctrl/freescale/pinctrl-mxs.c | 4 drivers/pinctrl/pinctrl-rockchip.c | 17 drivers/pinctrl/pinctrl-single.c | 7 drivers/pinctrl/renesas/pfc-r8a779g0.c | 712 ++++------ drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 11 drivers/platform/Makefile | 2 drivers/platform/chrome/cros_ec_debugfs.c | 1 drivers/platform/mips/cpu_hwmon.c | 3 drivers/platform/x86/asus-wmi.c | 6 drivers/power/supply/ab8500_charger.c | 16 drivers/power/supply/ingenic-battery.c | 10 drivers/pwm/pwm-atmel-tcb.c | 12 drivers/pwm/pwm-stm32.c | 5 drivers/remoteproc/imx_rproc.c | 10 drivers/remoteproc/mtk_scp.c | 21 drivers/remoteproc/stm32_rproc.c | 2 drivers/remoteproc/ti_k3_r5_remoteproc.c | 13 drivers/rtc/interface.c | 9 drivers/rtc/rtc-abx80x.c | 12 drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-isl1208.c | 11 drivers/rtc/rtc-tps6594.c | 4 drivers/s390/block/dasd_devmap.c | 10 drivers/scsi/lpfc/lpfc_attr.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 19 drivers/scsi/qla2xxx/qla_bsg.c | 98 - drivers/scsi/qla2xxx/qla_def.h | 17 drivers/scsi/qla2xxx/qla_gbl.h | 6 drivers/scsi/qla2xxx/qla_gs.c | 467 ++---- drivers/scsi/qla2xxx/qla_init.c | 92 - drivers/scsi/qla2xxx/qla_inline.h | 8 drivers/scsi/qla2xxx/qla_mid.c | 2 drivers/scsi/qla2xxx/qla_nvme.c | 5 drivers/scsi/qla2xxx/qla_os.c | 19 drivers/scsi/qla2xxx/qla_sup.c | 108 + drivers/scsi/sr_ioctl.c | 2 drivers/soc/mediatek/mtk-mutex.c | 1 drivers/soc/qcom/icc-bwmon.c | 4 drivers/soc/qcom/pdr_interface.c | 8 drivers/soc/qcom/pmic_glink.c | 13 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/soc/qcom/rpmh.c | 1 drivers/soc/qcom/socinfo.c | 3 drivers/soc/xilinx/xlnx_event_manager.c | 15 drivers/soc/xilinx/zynqmp_power.c | 4 drivers/spi/atmel-quadspi.c | 11 drivers/spi/spi-microchip-core.c | 139 + drivers/spi/spidev.c | 1 drivers/thermal/broadcom/bcm2835_thermal.c | 19 drivers/thermal/thermal_core.c | 89 + drivers/thermal/thermal_core.h | 10 drivers/ufs/core/ufs-mcq.c | 10 drivers/usb/host/xhci-pci.c | 4 drivers/usb/typec/mux/nb7vpq904m.c | 7 drivers/usb/typec/mux/ptn36502.c | 11 drivers/vhost/vsock.c | 4 drivers/video/fbdev/vesafb.c | 2 drivers/watchdog/rzg2l_wdt.c | 22 fs/btrfs/compression.c | 2 fs/ceph/super.c | 3 fs/erofs/zutil.c | 3 fs/exfat/dir.c | 2 fs/ext2/balloc.c | 11 fs/ext4/extents_status.c | 2 fs/ext4/fast_commit.c | 6 fs/ext4/namei.c | 73 - fs/ext4/xattr.c | 6 fs/f2fs/checkpoint.c | 10 fs/f2fs/data.c | 10 fs/f2fs/f2fs.h | 19 fs/f2fs/file.c | 47 fs/f2fs/gc.c | 13 fs/f2fs/inline.c | 8 fs/f2fs/inode.c | 14 fs/f2fs/segment.c | 6 fs/f2fs/segment.h | 3 fs/fuse/inode.c | 24 fs/hfs/inode.c | 3 fs/hfsplus/bfind.c | 15 fs/hfsplus/extents.c | 9 fs/hfsplus/hfsplus_fs.h | 21 fs/hostfs/hostfs.h | 7 fs/hostfs/hostfs_kern.c | 10 fs/hostfs/hostfs_user.c | 7 fs/jbd2/commit.c | 2 fs/jbd2/journal.c | 56 fs/jbd2/transaction.c | 45 fs/jfs/jfs_imap.c | 5 fs/netfs/write_issue.c | 1 fs/nfs/file.c | 5 fs/nfs/nfs4client.c | 6 fs/nfs/nfs4proc.c | 2 fs/nfs/nfstrace.h | 36 fs/nfs/read.c | 8 fs/nfs/write.c | 10 fs/nfsd/Kconfig | 2 fs/nfsd/filecache.c | 2 fs/nfsd/nfs4proc.c | 5 fs/nfsd/nfs4recover.c | 4 fs/nilfs2/btnode.c | 25 fs/nilfs2/btree.c | 4 fs/nilfs2/segment.c | 2 fs/ntfs3/attrib.c | 30 fs/ntfs3/bitmap.c | 2 fs/ntfs3/dir.c | 3 fs/ntfs3/file.c | 5 fs/ntfs3/frecord.c | 2 fs/ntfs3/fslog.c | 5 fs/ntfs3/index.c | 4 fs/ntfs3/inode.c | 13 fs/ntfs3/ntfs.h | 12 fs/ntfs3/super.c | 4 fs/proc/proc_sysctl.c | 6 fs/proc/task_mmu.c | 30 fs/smb/client/cifsfs.c | 8 fs/smb/client/connect.c | 24 fs/super.c | 11 fs/udf/balloc.c | 15 fs/udf/file.c | 2 fs/udf/inode.c | 11 fs/udf/namei.c | 2 fs/udf/super.c | 3 include/asm-generic/vmlinux.lds.h | 2 include/drm/drm_mipi_dsi.h | 46 include/linux/alloc_tag.h | 2 include/linux/bpf_verifier.h | 2 include/linux/firewire.h | 5 include/linux/huge_mm.h | 12 include/linux/hugetlb.h | 1 include/linux/interrupt.h | 2 include/linux/jbd2.h | 12 include/linux/lsm_hook_defs.h | 1 include/linux/mlx5/qp.h | 9 include/linux/mm.h | 16 include/linux/objagg.h | 1 include/linux/perf_event.h | 1 include/linux/pgalloc_tag.h | 7 include/linux/preempt.h | 41 include/linux/sbitmap.h | 5 include/linux/sched.h | 41 include/linux/screen_info.h | 10 include/linux/spinlock.h | 14 include/linux/task_work.h | 3 include/linux/virtio_net.h | 11 include/net/bluetooth/hci_core.h | 4 include/net/ip6_route.h | 20 include/net/ip_fib.h | 1 include/net/mana/mana.h | 2 include/net/tcp.h | 1 include/net/xfrm.h | 36 include/sound/tas2781-dsp.h | 11 include/trace/events/rpcgss.h | 2 include/uapi/drm/xe_drm.h | 8 include/uapi/linux/if_xdp.h | 4 include/uapi/linux/netfilter/nf_tables.h | 2 include/uapi/linux/zorro_ids.h | 3 include/ufs/ufshcd.h | 6 io_uring/io-wq.c | 10 io_uring/io_uring.c | 5 io_uring/napi.c | 2 io_uring/opdef.c | 8 io_uring/opdef.h | 4 io_uring/register.c | 2 io_uring/timeout.c | 2 io_uring/uring_cmd.c | 2 kernel/bpf/btf.c | 10 kernel/bpf/helpers.c | 2 kernel/bpf/verifier.c | 5 kernel/cgroup/cpuset.c | 76 - kernel/debug/kdb/kdb_io.c | 6 kernel/dma/mapping.c | 2 kernel/events/core.c | 79 - kernel/events/internal.h | 2 kernel/events/ring_buffer.c | 4 kernel/irq/irqdomain.c | 7 kernel/irq/manage.c | 2 kernel/jump_label.c | 45 kernel/locking/rwsem.c | 6 kernel/rcu/tasks.h | 10 kernel/sched/core.c | 37 kernel/sched/fair.c | 7 kernel/sched/sched.h | 2 kernel/signal.c | 8 kernel/task_work.c | 34 kernel/time/tick-broadcast.c | 23 kernel/time/timer_migration.c | 33 kernel/time/timer_migration.h | 12 kernel/trace/pid_list.c | 4 kernel/watchdog_perf.c | 11 kernel/workqueue.c | 6 lib/decompress_bunzip2.c | 3 lib/kobject_uevent.c | 17 lib/objagg.c | 18 lib/sbitmap.c | 36 mm/huge_memory.c | 14 mm/hugetlb.c | 49 mm/memory.c | 2 mm/mempolicy.c | 18 mm/mmap_lock.c | 175 -- mm/page_alloc.c | 35 mm/vmscan.c | 83 - net/bluetooth/hci_core.c | 27 net/bluetooth/hci_event.c | 2 net/bluetooth/hci_sync.c | 2 net/bridge/br_forward.c | 4 net/core/filter.c | 15 net/core/flow_dissector.c | 2 net/core/page_pool.c | 2 net/core/xdp.c | 4 net/ethtool/pse-pd.c | 8 net/ipv4/esp4.c | 3 net/ipv4/esp4_offload.c | 7 net/ipv4/fib_semantics.c | 13 net/ipv4/fib_trie.c | 1 net/ipv4/nexthop.c | 7 net/ipv4/route.c | 18 net/ipv4/tcp.c | 8 net/ipv4/tcp_input.c | 32 net/ipv4/tcp_ipv4.c | 11 net/ipv4/tcp_minisocks.c | 15 net/ipv4/tcp_timer.c | 6 net/ipv6/addrconf.c | 3 net/ipv6/esp6.c | 3 net/ipv6/esp6_offload.c | 7 net/ipv6/ip6_output.c | 1 net/ipv6/route.c | 2 net/ipv6/tcp_ipv6.c | 10 net/mac80211/chan.c | 11 net/mac80211/main.c | 2 net/mac80211/mlme.c | 15 net/mac80211/sta_info.h | 6 net/mac80211/tx.c | 6 net/netfilter/ipvs/ip_vs_ctl.c | 10 net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 net/netfilter/nf_conntrack_netlink.c | 3 net/netfilter/nft_set_pipapo.c | 4 net/netfilter/nft_set_pipapo.h | 21 net/netfilter/nft_set_pipapo_avx2.c | 22 net/packet/af_packet.c | 86 + net/smc/smc_core.c | 5 net/sunrpc/auth_gss/gss_krb5_keys.c | 2 net/sunrpc/clnt.c | 3 net/sunrpc/xprtrdma/frwr_ops.c | 3 net/sunrpc/xprtrdma/verbs.c | 16 net/tipc/udp_media.c | 5 net/unix/af_unix.c | 41 net/unix/unix_bpf.c | 3 net/wireless/nl80211.c | 3 net/wireless/util.c | 8 net/xdp/xdp_umem.c | 9 net/xfrm/xfrm_input.c | 8 net/xfrm/xfrm_policy.c | 5 net/xfrm/xfrm_state.c | 65 net/xfrm/xfrm_user.c | 1 scripts/Kconfig.include | 3 scripts/Makefile.lib | 6 scripts/gcc-x86_32-has-stack-protector.sh | 2 scripts/gcc-x86_64-has-stack-protector.sh | 2 scripts/syscalltbl.sh | 18 security/apparmor/lsm.c | 7 security/apparmor/policy.c | 2 security/apparmor/policy_unpack.c | 43 security/keys/keyctl.c | 2 security/landlock/cred.c | 11 security/security.c | 70 security/selinux/hooks.c | 38 security/smack/smack_lsm.c | 34 sound/core/ump.c | 13 sound/firewire/amdtp-stream.c | 3 sound/pci/hda/patch_realtek.c | 6 sound/soc/amd/acp-es8336.c | 4 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l56-shared.c | 2 sound/soc/codecs/max98088.c | 10 sound/soc/codecs/pcm6240.c | 6 sound/soc/codecs/tas2781-fmwlib.c | 20 sound/soc/codecs/tas2781-i2c.c | 39 sound/soc/codecs/wcd939x.c | 113 - sound/soc/fsl/fsl_qmc_audio.c | 2 sound/soc/intel/common/soc-acpi-intel-ssp-common.c | 9 sound/soc/intel/common/soc-intel-quirks.h | 2 sound/soc/qcom/lpass-cpu.c | 4 sound/soc/sof/amd/pci-vangogh.c | 1 sound/soc/sof/imx/imx8m.c | 2 sound/soc/sof/intel/hda-loader.c | 20 sound/soc/sof/intel/hda.c | 17 sound/soc/sof/ipc4-topology.c | 46 sound/usb/mixer.c | 7 sound/usb/quirks.c | 4 tools/bpf/bpftool/common.c | 2 tools/bpf/bpftool/prog.c | 4 tools/bpf/resolve_btfids/main.c | 2 tools/lib/bpf/btf.c | 2 tools/lib/bpf/btf_dump.c | 8 tools/lib/bpf/libbpf_internal.h | 10 tools/lib/bpf/linker.c | 11 tools/memory-model/lock.cat | 20 tools/objtool/noreturns.h | 4 tools/perf/arch/powerpc/util/skip-callchain-idx.c | 8 tools/perf/arch/x86/util/intel-pt.c | 15 tools/perf/tests/shell/test_arm_callgraph_fp.sh | 27 tools/perf/tests/workloads/leafloop.c | 20 tools/perf/ui/gtk/annotate.c | 5 tools/perf/util/cs-etm.c | 10 tools/perf/util/disasm.c | 10 tools/perf/util/dso.c | 14 tools/perf/util/dso.h | 19 tools/perf/util/maps.c | 9 tools/perf/util/pmus.c | 5 tools/perf/util/sort.c | 2 tools/perf/util/srcline.c | 12 tools/perf/util/stat-display.c | 3 tools/perf/util/stat-shadow.c | 7 tools/perf/util/symbol.c | 18 tools/perf/util/unwind-libdw.c | 12 tools/perf/util/unwind-libunwind-local.c | 18 tools/testing/selftests/bpf/bpf_kfuncs.h | 2 tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c | 16 tools/testing/selftests/bpf/prog_tests/fexit_sleep.c | 8 tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 tools/testing/selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 tools/testing/selftests/bpf/progs/btf_dump_test_case_multidim.c | 4 tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c | 4 tools/testing/selftests/bpf/progs/kprobe_multi_session_cookie.c | 2 tools/testing/selftests/bpf/test_sockmap.c | 9 tools/testing/selftests/damon/access_memory.c | 2 tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 tools/testing/selftests/iommu/iommufd.c | 64 tools/testing/selftests/iommu/iommufd_utils.h | 6 tools/testing/selftests/landlock/base_test.c | 74 + tools/testing/selftests/landlock/config | 1 tools/testing/selftests/net/fib_tests.sh | 24 tools/testing/selftests/net/forwarding/bridge_fdb_learning_limit.sh | 18 tools/testing/selftests/net/forwarding/devlink_lib.sh | 2 tools/testing/selftests/nolibc/nolibc-test.c | 2 tools/testing/selftests/resctrl/resctrl_val.c | 54 tools/testing/selftests/sigaltstack/current_stack_pointer.h | 2 857 files changed, 7451 insertions(+), 4517 deletions(-) Abel Vesa (3): arm64: dts: qcom: x1e80100: Fix USB HS PHY 0.8V supply clk: qcom: gcc-x1e80100: Fix halt_check for all pipe clocks clk: qcom: gcc-x1e80100: Set parent rate for USB3 sec and tert PHY pipe clks Abhinav Kumar (2): drm/msm/a6xx: use __unused__ to fix compiler warnings for gen7_* includes drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Adam Ford (4): drm/bridge: adv7511: Fix Intermittent EDID failures arm64: dts: imx8mp: Fix pgc_mlmix location arm64: dts: imx8mp: Fix pgc vpu locations drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll Aditya Kumar Singh (1): wifi: ath12k: fix per pdev debugfs registration Adrian Hunter (7): perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation perf: Fix perf_aux_size() for greater-than 32-bit size perf: Prevent passing zero nr_pages to rb_alloc_aux() perf: Fix default aux_watermark calculation perf intel-pt: Fix aux_watermark calculation for 64-bit size perf intel-pt: Fix exclude_guest setting perf/x86/intel/pt: Fix a topa_entry base address calculation Ahmed Zaki (1): ice: Add a per-VF limit on number of FDIR filters Al Viro (2): powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() lirc: rc_dev_get_from_fd(): fix file leak Alain Volmat (1): media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs Alan Maguire (2): bpf: annotate BTF show functions with __printf bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alan Stern (1): tools/memory-model: Fix bug in lock.cat Aleksandr Burakov (1): saa7134: Unchecked i2c_transfer function result fixed Aleksandr Mishin (6): wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() ASoC: amd: Adjust error handling in case of absent codec device remoteproc: imx_rproc: Skip over memory region when node value is NULL remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Alex Deucher (3): drm/amd/display: use pre-allocated temp structure for bounding box drm/amd/display: fix corruption with high refresh rates on DCN 3.0 drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Alexey Kodanev (1): bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Aloka Dixit (1): wifi: ath12k: advertise driver capabilities for MBSSID and EMA Amit Cohen (1): selftests: forwarding: devlink_lib: Wait for udev events after reloading Andreas Larsson (1): sparc64: Fix incorrect function signature and add prototype for prom_cif_init Andrei Lalaev (1): Input: qt1050 - handle CHIP_ID reading error Andrew Davis (1): mailbox: omap: Fix mailbox interrupt sharing Andrii Nakryiko (2): libbpf: keep FD_CLOEXEC flag when dup()'ing FD libbpf: Fix no-args func prototype BTF dumping syntax Andy Chiu (1): riscv: smp: fail booting up smp if inconsistent vlen is detected Andy Shevchenko (1): fs/ntfs3: Drop stray '\' (backslash) in formatting string Andy Yan (1): drm/rockchip: vop2: Fix the port mux of VP2 AngeloGioacchino Del Regno (4): arm64: dts: mediatek: mt8195: Fix GPU thermal zone name for SVS arm64: dts: mediatek: mt8192: Fix GPU thermal zone name for SVS arm64: dts: medaitek: mt8395-nio-12l: Set i2c6 pins to bias-disable soc: mediatek: mtk-mutex: Add MDP_TCC0 mod to MT8188 mutex table Anjelique Melendez (1): leds: rgb: leds-qcom-lpg: Add PPG check for setting/clearing PBS triggers Anna-Maria Behnsen (1): timers/migration: Do not rely always on group->parent Antoine Tenart (1): libbpf: Skip base btf sanity checks Antoniu Miclaus (1): iio: frequency: adrf6780: rm clk provider include Antony Antony (2): xfrm: Fix input error path memory access xfrm: Log input direction mismatch error in one place Ard Biesheuvel (2): x86/efistub: Avoid returning EFI_SUCCESS on error x86/efistub: Revert to heap allocated boot_params for PE entrypoint Aristeu Rozanski (1): hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Arnd Bergmann (8): EDAC, i10nm: make skx_common.o a separate module hns3: avoid linking objects into multiple modules drm/amd/display: dynamically allocate dml2_configuration_options structures drm/amd/display: fix graphics_object_id size drm/amd/display: Move 'struct scaler_data' off stack mfd: rsmu: Split core code into separate module mtd: make mtd_test.c a separate module kdb: address -Wformat-security warnings Artem Chernyshev (1): iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Ashutosh Dixit (1): drm/xe/exec: Fix minor bug related to xe_sync_entry_cleanup Athira Rajeev (1): tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load Bailey Forrest (1): gve: Fix an edge case for TSO skb validity check Baochen Qiang (9): wifi: ath12k: fix Smatch warnings on ath12k_core_suspend() wifi: ath11k: refactor setting country code logic wifi: ath11k: restore country code during resume wifi: ath11k: fix wrong definition of CE ring's base address wifi: ath12k: fix wrong definition of CE ring's base address wifi: ath12k: fix ACPI warning when resume wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baokun Li (2): ext4: check dot and dotdot of dx_root before making dir indexed ext4: make sure the first directory block is not a hole Barnabás Czémán (1): drm/msm/dpu: fix encoder irq wait skip Bart Van Assche (4): block: Call .limit_depth() after .hctx has been set block/mq-deadline: Fix the tag reservation code RDMA/iwcm: Fix a use-after-free related to destroying CM IDs nvme-pci: Fix the instructions for disabling power management Bastien Curutchet (1): clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Benjamin Coddington (1): SUNRPC: Fixup gss_status tracepoint error output Benjamin Marzinski (2): md/raid5: recheck if reshape has finished with device_lock held dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume Benjamin Tissoires (1): bpf: helpers: fix bpf_wq_set_callback_impl signature Bitterblue Smith (2): wifi: rtw88: usb: Fix disconnection after beacon loss wifi: rtw88: usb: Further limit the TX aggregation Bjorn Andersson (1): arm64: dts: qcom: sc8180x: Correct PCIe slave ports Breno Leitao (3): virtio_net: Fix napi_skb_cache_put warning net: netconsole: Disable target before netpoll cleanup net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Bryan O'Donoghue (1): media: i2c: Fix imx412 exposure control Carlos Llamas (1): binder: fix hang of unregistered readers Carlos López (1): s390/dasd: fix error checks in dasd_copy_pair_store() Chao Yu (7): hfsplus: fix to avoid false alarm of circular locking hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() f2fs: fix to force buffered IO on inline_data inode f2fs: fix to don't dirty inode for readonly filesystem f2fs: fix return value of f2fs_convert_inline_inode() f2fs: fix to truncate preallocated blocks in f2fs_file_open() f2fs: fix to update user block counts in block_operations() Chen Hanxiao (1): ipvs: properly dereference pe in ip_vs_add_service Chen Ni (6): spi: atmel-quadspi: Add missing check for clk_prepare soc: qcom: pmic_glink: Handle the return value of pmic_glink_init x86/xen: Convert comma to semicolon drm/qxl: Add check for drm_cvt_mode ASoC: max98088: Check for clk_prepare_enable() error clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error Chen Ridong (1): cgroup/cpuset: Prevent UAF in proc_cpuset_show() Chen-Yu Tsai (3): arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property arm64: dts: mediatek: mt8183-pico6: Fix wake-on-X event node names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Chengchang Tang (5): RDMA/hns: Fix missing pagesize and alignment check in FRMR RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 RDMA/hns: Fix undifined behavior caused by invalid max_sge RDMA/hns: Fix insufficient extend DB for VFs. RDMA/hns: Fix mbx timing out before CMD execution is completed Chengen Du (1): af_packet: Handle outgoing VLAN packets without hardware offloading Chenyuan Yang (1): iio: Fix the sorting functionality in iio_gts_build_avail_time_table ChiYuan Huang (1): media: v4l: async: Fix NULL pointer dereference in adding ancillary links Chiara Meiohas (1): RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE Chih-Kang Chang (1): wifi: rtw89: wow: fix GTK offload H2C skbuff issue Christoph Hellwig (7): md/raid0: don't free conf on raid0_run failure md/raid1: don't free conf on raid0_run failure ubd: refactor the interrupt handler ubd: untagle discard vs write zeroes not support handling block: initialize integrity buffer to zero before writing it to media xen-blkfront: fix sector_size propagation to the block layer nfs: pass explicit offset/count to trace events Christoph Schlameuss (1): kvm: s390: Reject memory region operations for ucontrol VMs Christophe JAILLET (4): drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() crypto: tegra - Remove an incorrect iommu_fwspec_free() call in tegra_se_remove() power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() Christophe Leroy (2): vmlinux.lds.h: catch .bss..L* sections into BSS") powerpc/8xx: fix size given to set_huge_pte_at() Chuck Lever (3): NFSD: Fix nfsdcld warning xprtrdma: Fix rpcrdma_reqs_reset() NFSD: Support write delegations in LAYOUTGET Chukun Pan (6): arm64: dts: rockchip: fix regulator name for Lunzn Fastrhino R6xS arm64: dts: rockchip: fix usb regulator for Lunzn Fastrhino R6xS arm64: dts: rockchip: fix pmu_io supply for Lunzn Fastrhino R6xS arm64: dts: rockchip: remove unused usb2 nodes for Lunzn Fastrhino R6xS arm64: dts: rockchip: disable display subsystem for Lunzn Fastrhino R6xS arm64: dts: rockchip: fixes PHY reset for Lunzn Fastrhino R68S Claudiu Beznea (2): watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Conor Dooley (2): media: i2c: imx219: fix msr access command sequence spi: spidev: add correct compatible for Rohm BH2228FV Cristian Ciocaltea (5): arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu phy: phy-rockchip-samsung-hdptx: Select CONFIG_MFD_SYSCON Csókás, Bence (2): net: fec: Fix FEC_ECR_EN1588 being cleared on link-down rtc: interface: Add RTC offset to alarm after fix-up Curtis Malainey (1): ASoC: Intel: Fix RT5650 SSP lookup Daejun Park (1): f2fs: fix null reference error when checking end of zone Damien Le Moal (2): dm: Call dm_revalidate_zones() after setting the queue limits null_blk: Fix description of the fua parameter Dan Carpenter (7): hwmon: (ltc2991) re-order conditions to fix off by one bug ipmi: ssif_bmc: prevent integer overflow on 32bit systems leds: flash: leds-qcom-flash: Test the correct variable in init PCI: endpoint: Clean up error handling in vpci_scan_bus() PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() mISDN: Fix a use after free in hfcmulti_tx() ASoC: TAS2781: Fix tasdev_load_calibrated_data() Dang Huynh (1): arm64: dts: qcom: qrb4210-rb2: Correct max current draw for VBUS Daniel Baluta (1): ASoC: SOF: imx8m: Fix DSP control regmap retrieval Daniel Borkmann (1): selftests/bpf: DENYLIST.aarch64: Skip fexit_sleep again Daniel Gabay (1): wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() Daniel Schaefer (1): media: uvcvideo: Override default flags Daniel Xu (1): bpf: Make bpf_session_cookie() kfunc return long * David Ahern (1): RDMA: Fix netdev tracker in ib_device_set_netdev David Gow (1): arch: um: rust: Use the generated target.json again David Gstir (1): crypto: mxs-dcp - Ensure payload is zero when using key slot David Hildenbrand (4): s390/uv: Don't call folio_wait_writeback() without a folio reference fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP fs/proc/task_mmu: don't indicate PM_MMAP_EXCLUSIVE without PM_PRESENT fs/proc/task_mmu: properly detect PM_MMAP_EXCLUSIVE per page of PMD-mapped THPs David Howells (1): netfs: Fix writeback that needs to go to both server and cache Denis Arefev (1): net: missing check virtio Dhananjay Ugwekar (2): cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems Dikshita Agarwal (2): media: venus: flush all buffers in output plane streamoff media: venus: fix use after free in vdec_close Dmitry Antipov (1): Bluetooth: hci_core, hci_sync: cleanup struct discovery_state Dmitry Baryshkov (19): arm64: dts: qcom: sc7180: drop extra UFS PHY compat arm64: dts: qcom: sc8180x: add power-domain to UFS PHY arm64: dts: qcom: sdm845: add power-domain to UFS PHY arm64: dts: qcom: sm6115: add power-domain to UFS PHY arm64: dts: qcom: sm6350: add power-domain to UFS PHY arm64: dts: qcom: sm8250: add power-domain to UFS PHY arm64: dts: qcom: sm8350: add power-domain to UFS PHY arm64: dts: qcom: sm8450: add power-domain to UFS PHY arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY arm64: dts: qcom: sdm850-lenovo-yoga-c630: fix IPA firmware path arm64: dts: qcom: msm8996: specify UFS core_clk frequencies arm64: dts: qcom: qrb4210-rb2: make L9A always-on soc: qcom: pdr: protect locator_addr with the main mutex soc: qcom: pdr: fix parsing of domains lists drm/panel: lg-sw43408: add missing error handling Revert "drm/msm/dpu: drop dpu_encoder_phys_ops.atomic_mode_set" drm/msm/dp: fix runtime_pm handling in dp_wait_hpd_asserted platform/arm64: build drivers even on non-ARM64 platforms phy: qcom: qmp-pcie: restore compatibility with existing DTs Dmitry Torokhov (2): ARM: spitz: fix GPIO assignment for backlight Input: elan_i2c - do not leave interrupt disabled on suspend failure Dmitry Yashin (1): pinctrl: rockchip: update rk3308 iomux routes Dominique Martinet (1): MIPS: Octeron: remove source file executable bit Donglin Peng (1): libbpf: Checking the btf_type kind when fixing variable offsets Douglas Anderson (8): drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() kdb: Use the passed prompt in kdb_position_cursor() Dragan Simic (1): drm/panfrost: Mark simple_ondemand governor as softdep Eero Tamminen (1): m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Elliot Ayrey (1): net: bridge: mst: Check vlan state for egress decision En-Wei Wu (1): wifi: virt_wifi: avoid reporting connection success with wrong SSID Eric Biggers (1): dm-verity: fix dm_is_verity_target() when dm-verity is builtin Eric Dumazet (4): tcp: add tcp_done_with_error() helper tcp: fix race in tcp_write_err() tcp: fix races in tcp_abort() tcp: fix races in tcp_v[46]_err() Eric Sandeen (1): fuse: verify {g,u}id mount options correctly Esben Haabendal (2): memory: fsl_ifc: Make FSL_IFC config visible and selectable powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC Faiz Abbas (1): drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline Fedor Pchelkin (2): apparmor: use kvfree_sensitive to free data->data ubi: eba: properly rollback inside self_check_eba Filipe Manana (1): btrfs: fix extent map use-after-free when adding pages to compressed bio Florian Westphal (2): netfilter: nf_set_pipapo: fix initial map fill netfilter: nft_set_pipapo_avx2: disable softinterrupts Frank Li (1): PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Fred Li (1): bpf: Fix a segment issue when downgrading gso_size Frederic Weisbecker (5): rcu/tasks: Fix stale task snaphot for Tasks Trace task_work: s/task_work_cancel()/task_work_cancel_func()/ task_work: Introduce task_work_cancel() again perf: Fix event leak upon exit perf: Fix event leak upon exec and file release Friedrich Vock (1): drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Gabriel Krisman Bertazi (1): io_uring: Fix probe of disabled operations Gao Xiang (1): erofs: fix race in z_erofs_get_gbuf() Gaosheng Cui (2): nvmet-auth: fix nvmet_auth hash error handling gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey Gautam Menghani (2): KVM: PPC: Book3S HV nestedv2: Fix doorbell emulation KVM: PPC: Book3S HV nestedv2: Add DPDES support in helper library for Guest state buffer Gavin Shan (1): mm/huge_memory: avoid PMD-size page cache if needed Geert Uytterhoeven (18): arm64: dts: renesas: r8a779h0: Drop "opp-shared" from opp-table-0 arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a08g045: Add missing hypervisor virtual timer IRQ drm/panic: Fix off-by-one logo size checks drm/panic: Do not select DRM_KMS_HELPER pinctrl: renesas: r8a779g0: Fix CANFD5 suffix pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes pinctrl: renesas: r8a779g0: Fix IRQ suffixes pinctrl: renesas: r8a779g0: FIX PWM suffixes pinctrl: renesas: r8a779g0: Fix TCLK suffixes pinctrl: renesas: r8a779g0: Fix TPU suffixes Geliang Tang (5): selftests/bpf: Fix prog numbers in test_sockmap selftests/bpf: Check length of recv in test_sockmap selftests/bpf: Close fd in error path in drop_on_reuseport selftests/bpf: Null checks for links in bpf_tcp_ca selftests/bpf: Close obj in error path in xdp_adjust_tail Georgi Djakov (1): iommu/arm-smmu-qcom: Register the TBU driver in qcom_smmu_impl_init Georgia Garcia (1): apparmor: unpack transition table if dfa is not present Gerd Bayer (2): s390/pci: Refactor arch_setup_msi_irqs() s390/pci: Allow allocation of more than 1 MSI interrupt Greg Kroah-Hartman (1): Linux 6.10.3 Gregory CLEMENT (1): MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Guangguan Wang (1): net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Guenter Roeck (3): hwmon: (max6697) Fix underflow when writing limit attributes hwmon: (max6697) Fix swapped temp{1,8} critical alarms eeprom: ee1004: Call i2c_new_scanned_device to instantiate thermal sensor Gwenael Treuveur (1): remoteproc: stm32_rproc: Fix mailbox interrupts queuing Hagar Hemdan (1): net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Hangbin Liu (1): selftests: forwarding: skip if kernel not support setting bridge fdb learning limit Hans de Goede (1): leds: trigger: Unregister sysfs attributes before calling deactivate() Hao Ge (1): ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe() Harald Freudenberger (1): hwrng: core - Fix wrong quality calculation at hw rng registration Harshit Mogalapalli (1): media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() Heiko Stuebner (1): nvmem: rockchip-otp: set add_legacy_fixed_of_cells config option Heming Zhao (1): md-cluster: fix hanging issue while a new disk adding Herve Codina (2): ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value irqdomain: Fixed unbalanced fwnode get and put Hilda Wu (1): Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Honggang LI (1): RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Hou Tao (1): bpf, events: Use prog to emit ksymbol event for main program Hsiao Chien Sung (10): drm/mediatek: Add missing plane settings when async update drm/mediatek: Use 8-bit alpha in ETHDR drm/mediatek: Fix XRGB setting error in OVL drm/mediatek: Fix XRGB setting error in Mixer drm/mediatek: Fix destination alpha error in OVL drm/mediatek: Turn off the layers with zero width or height drm/mediatek: Add OVL compatible name for MT8195 drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property drm/mediatek: Set DRM mode configs accordingly drm/mediatek: Remove less-than-zero comparison of an unsigned value Hsin-Te Yuan (1): arm64: dts: mediatek: mt8183-kukui: Fix the value of `dlg,jack-det-rate` mismatch Huacai Chen (2): PCI: loongson: Enable MSI in LS7A Root Complex fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed Huai-Yuan Liu (1): scsi: lpfc: Fix a possible null pointer dereference Ian Rogers (2): perf maps: Fix use after free in __maps__fixup_overlap_and_insert perf dso: Fix address sanitizer build Ido Schimmel (6): lib: objagg: Fix general protection fault mlxsw: spectrum_acl_erp: Fix object nesting warning mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors ipv4: Fix incorrect TOS in route get reply ipv4: Fix incorrect TOS in fibmatch route get reply ipv4: Fix incorrect source address in Record Route option Igor Pylypiv (3): ata: libata-scsi: Fix offsets for the fixed format sense data ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Ilpo Järvinen (8): x86/of: Return consistent error type from x86_of_pci_irq_enable() x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling x86/pci/xen: Fix PCIBIOS_* return code handling x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos selftests/resctrl: Fix closing IMC fds on error and open-code R+W instead of loops PCI: Fix resource double counting on remove & rescan leds: ss4200: Convert PCIBIOS_* return codes to errnos hwrng: amd - Convert PCIBIOS_* return codes to errnos Ilya Dryomov (3): rbd: don't assume rbd_is_lock_owner() for exclusive mappings rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Leoshkevich (1): bpf: Fix atomic probe zero-extension Imre Deak (2): drm/i915/dp: Reset intel_dp->link_trained before retraining the link drm/i915/dp: Don't switch the LTTPR mode on an active link Irui Wang (1): media: mediatek: vcodec: Handle invalid decoder vsi Ismael Luceno (1): ipvs: Avoid unnecessary calls to skb_is_gso_sctp Iulia Tanasescu (1): Bluetooth: hci_event: Set QoS encryption from BIGInfo report Ivan Babrou (1): bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Jack Wang (1): bnxt_re: Fix imm_data endianness Jacopo Mondi (3): media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 media: rcar-csi2: Disable runtime_pm in probe error media: rcar-csi2: Cleanup subdevice in remove() Jai Luthra (7): arm64: dts: ti: k3-am62x: Drop McASP AFIFOs arm64: dts: ti: k3-am62a7: Drop McASP AFIFOs arm64: dts: ti: k3-am62p5: Drop McASP AFIFOs arm64: dts: ti: k3-am625-beagleplay: Drop McASP AFIFOs arm64: dts: ti: k3-am62-verdin: Drop McASP AFIFOs arm64: dts: ti: k3-am625-phyboard-lyra-rdk: Drop McASP AFIFOs arm64: dts: ti: k3-am62p5-sk: Fix pinmux for McASP1 TX James Clark (3): perf test: Make test_arm_callgraph_fp.sh more robust coresight: Fix ref leak when of_coresight_parse_endpoint() fails perf dso: Fix build when libunwind is enabled Jan Kara (8): udf: Fix lock ordering in udf_evict_inode() udf: Fix bogus checksum computation in udf_rename() ext4: avoid writing unitialized memory to disk in EA inodes ext2: Verify bitmap and itable block numbers before using them udf: Avoid using corrupted block bitmap buffer jbd2: make jbd2_journal_get_max_txn_bufs() internal jbd2: precompute number of transaction descriptor blocks jbd2: avoid infinite transaction commit loop Jann Horn (1): landlock: Don't lose track of restrictions on cred_transfer Jarkko Nikula (1): i3c: mipi-i3c-hci: Fix number of DAT/DCT entries for HCI versions < 1.1 Jason Chen (1): remoteproc: mediatek: Increase MT8188/MT8195 SCP core0 DRAM size Jason-JH.Lin (1): mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() Javier Carrasco (4): cpufreq: sun50i: fix memory leak in dt_has_supported_hw() mfd: omap-usb-tll: Use struct_size to allocate tll cpufreq: qcom-nvmem: fix memory leaks in probe error paths leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Jay Buddhabhatti (2): soc: xilinx: rename cpu_number1 to dummy_cpu_number drivers: soc: xilinx: check return status of get_api_version() Jayesh Choudhary (3): arm64: dts: ti: k3-am62-main: Fix the reg-range for main_pktdma arm64: dts: ti: k3-am62a-main: Fix the reg-range for main_pktdma arm64: dts: ti: k3-am62p-main: Fix the reg-range for main_pktdma Jeff Layton (1): nfsd: nfsd_file_lease_notifier_call gets a file_lease as an argument Jeongjun Park (1): jfs: Fix array-index-out-of-bounds in diFree Jerome Brunet (4): arm64: dts: amlogic: sm1: fix spdif compatibles arm64: dts: amlogic: gx: correct hdmi clocks arm64: dts: amlogic: add power domain to hdmitx arm64: dts: amlogic: setup hdmi system clock Jianbo Liu (2): xfrm: fix netdev reference count imbalance xfrm: call xfrm_dev_policy_delete when kill policy Jiaxun Yang (9): MIPS: Fix fallback march for SB1 platform: mips: cpu_hwmon: Disable driver on unsupported hardware MIPS: dts: loongson: Add ISA node MIPS: ip30: ip30-console: Add missing include MIPS: dts: loongson: Fix GMAC phy node MIPS: Loongson64: env: Hook up Loongsson-2K MIPS: Loongson64: Remove memory node for builtin-dtb MIPS: Loongson64: reset: Prioritise firmware service MIPS: Loongson64: Test register availability before use Jinjie Ruan (1): arm64: smp: Fix missing IPI statistics Jiri Olsa (2): bpf: Change bpf_session_cookie return value to __u64 * x86/shstk: Make return uprobe work with shadow stack Joao Martins (5): iommufd/selftest: Fix dirty bitmap tests with u8 bitmaps iommufd/selftest: Fix iommufd_test_dirty() to handle <u8 bitmaps iommufd/selftest: Add tests for <= u8 bitmap sizes iommufd/selftest: Fix tests to use MOCK_PAGE_SIZE based buffer sizes iommufd/iova_bitmap: Check iova_bitmap_done() after set ahead Jocelyn Falempe (2): drm/panic: only draw the foreground color in drm_panic_blit() drm/panic: depends on !VT_CONSOLE Joe Hattori (1): char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Johannes Berg (15): wifi: mac80211: fix TTLM teardown work wifi: mac80211: cancel multi-link reconf work on disconnect wifi: mac80211: cancel TTLM teardown work earlier wifi: mac80211: reset negotiated TTLM on disconnect wifi: nl80211: expose can-monitor channel property wifi: iwlwifi: mvm: separate non-BSS/ROC EMLSR blocking wifi: mac80211: add ieee80211_tdls_sta_link_id() wifi: mac80211: correcty limit wider BW TDLS STAs wifi: iwlwifi: mvm: always unblock EMLSR on ROC end net: page_pool: fix warning code wifi: virt_wifi: don't use strlen() in const context hostfs: fix dev_t handling um: time-travel: fix time-travel-start option um: time-travel: fix signal blocking race/hang net: bonding: correctly annotate RCU in bond_should_notify_peers() John David Anglin (1): parisc: Fix warning at drivers/pci/msi/msi.h:121 John Stultz (1): locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Jon Hunter (1): PCI: tegra194: Set EP alignment restriction for inbound ATU Jon Pan-Doh (1): iommu/vt-d: Fix identity map bounds in si_domain_init() Jonas Karlman (5): arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s arm64: dts: rockchip: Increase VOP clk rate on RK3328 Jonathan Marek (2): drm/msm/dsi: set video mode widebus enable bit when widebus is enabled drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Josh Poimboeuf (1): x86/syscall: Mark exit[_group] syscall handlers __noreturn Joshua Washington (1): gve: Fix XDP TX completion handling when counters overflow Josua Mayer (1): arm64: dts: ti: k3-am642-hummingboard-t: correct rs485 rts polarity Jouni Högander (6): drm/i915/psr: Rename has_psr2 as has_sel_update drm/i915/display: Do not print "psr: enabled" for on Panel Replay drm/i915/psr: Use enable boolean from intel_crtc_state for Early Transport drm/i915/display: Skip Panel Replay on pipe comparison if no active planes drm/i915/psr: Print Panel Replay status instead of frame lock status drm/i915/psr: Set SU area width as pipe src width Joy Chakraborty (3): rtc: cmos: Fix return value of nvmem callbacks rtc: isl1208: Fix return value of nvmem callbacks rtc: abx80x: Fix return value of nvmem callback on read Joy Zou (1): dmaengine: fsl-edma: change the memory access from local into remote mode in i.MX 8QM Junhao He (1): perf pmus: Fixes always false when compare duplicates aliases Junhao Xie (1): drm/msm/dpu: drop duplicate drm formats from wb2_formats arrays Junxian Huang (3): RDMA/hns: Check atomic wr length RDMA/hns: Fix soft lockup under heavy CEQE load RDMA/hns: Fix unmatch exception handling when init eq table fails Justin Tee (2): scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state Kan Liang (3): perf stat: Fix the hard-coded metrics calculation on the hybrid perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake Kang Yang (1): wifi: ath12k: avoid duplicated vdev stop Karolina Stolarek (1): drm/ttm/tests: Fix a warning in ttm_bo_unreserve_bulk Karthikeyan Kathirvel (1): wifi: ath12k: drop failed transmitted frames from metric calculation. Karthikeyan Periyasamy (2): wifi: ath12k: fix peer metadata parsing wifi: ath12k: fix mbssid max interface advertisement Kim Phillips (1): crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Kiran K (2): Bluetooth: btintel: Refactor btintel_set_ppag() Bluetooth: btintel_pcie: Fix irq leak Komal Bajaj (1): arm64: dts: qcom: qdu1000: Add secure qfprom node Konrad Dybcio (5): soc: qcom: socinfo: Update X1E PMICs arm64: dts: qcom: sc8280xp-*: Remove thermal zone polling delays arm64: dts: qcom: sc8280xp: Throttle the GPU when overheating drm/msm/a6xx: Fix A702 UBWC mode interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Konstantin Komarov (12): fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT fs/ntfs3: Fix transform resident to nonresident for compressed files fs/ntfs3: Deny getting attr data block in compressed frame fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting fs/ntfs3: Fix getting file type fs/ntfs3: Add missing .dirty_folio in address_space_operations fs/ntfs3: Replace inode_trylock with inode_lock fs/ntfs3: Correct undo if ntfs_create_inode failed fs/ntfs3: Fix field-spanning write in INDEX_HDR fs/ntfs3: Fix the format of the "nocase" mount option fs/ntfs3: Missed error return fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Konstantin Taranov (2): RDMA/mana_ib: set node_guid RDMA/mana_ib: Set correct device into ib Kory Maincent (3): net: pse-pd: Do not return EOPNOSUPP if config is null net: ethtool: pse-pd: Fix possible null-deref media: i2c: Kconfig: Fix missing firmware upload config select Krzysztof Kozlowski (4): thermal/drivers/broadcom: Fix race between removal and clock disable dt-bindings: thermal: correct thermal zone node name limit clk: samsung: fix getting Exynos4 fin_pll rate from external clocks ASoC: codecs: wcd939x: Fix typec mux and switch leak during device removal Kuan-Chung Chen (1): wifi: rtw89: 8852b: fix definition of KIP register number Kuniyuki Iwashima (1): tcp: Don't access uninit tcp_rsk(req)->ao_keyid in tcp_create_openreq_child(). Kuro Chung (1): drm/bridge: it6505: fix hibernate to resume no display issue Lai Jiangshan (1): workqueue: Always queue work items to the newest PWQ for order workqueues Lance Richardson (1): dma: fix call order in dmam_free_coherent Laurent Pinchart (2): media: renesas: vsp1: Fix _irqsave and _irq mix media: renesas: vsp1: Store RPF partition configuration per RPF instance Leon Romanovsky (5): RDMA/cache: Release GID table even if leak is detected RDMA/mlx4: Fix truncated output warning in mad.c RDMA/mlx4: Fix truncated output warning in alias_GUID.c RDMA/device: Return error earlier if port in not valid nvme-pci: add missing condition check for existence of mapped data Li Nan (1): md: fix deadlock between mddev_suspend and flush bio Li Zhijian (1): mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() Lijo Lazar (2): drm/amd/pm: Fix aldebaran pcie speed reporting drm/amdgpu: Fix memory range calculation Linus Torvalds (1): minmax: scsi: fix mis-use of 'clamp()' in sr.c Linus Walleij (1): net: ethernet: cortina: Restore TSO support Liwei Song (1): tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Lorenzo Bianconi (1): clk: en7523: fix rate divider for slic and spi clocks Lothar Rubusch (1): crypto: atmel-sha204a - fix negated return value Lu Baolu (2): iommu/vt-d: Limit max address mask to MAX_AGAW_PFN_WIDTH iommu/vt-d: Fix aligned pages in calculate_psi_aligned_address() Luca Ceresoli (1): Revert "leds: led-core: Fix refcount leak in of_led_get()" Luca Weiss (1): arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Lucas Stach (2): drm/etnaviv: fix DMA direction handling for cached RW buffers drm/etnaviv: don't block scheduler when GPU is still active Luis Henriques (SUSE) (2): ext4: fix infinite loop when replaying fast_commit ext4: don't track ranges in fast_commit if inode has inlined data Luiz Augusto von Dentz (1): Bluetooth: Fix usage of __hci_cmd_sync_status Lukas Wunner (1): PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Lukasz Majewski (1): net: dsa: ksz_common: Allow only up to two HSR HW offloaded ports for KSZ9477 Luke D. Jones (2): platform/x86: asus-wmi: fix TUF laptop RGB variant ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models Ma Ke (5): drm/amd/display: Add null check before access structs drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes drm/amd/amdgpu: Fix uninitialized variable warnings phy: cadence-torrent: Check return value on register read Manish Rangankar (1): scsi: qla2xxx: During vport delete send async logout explicitly Manivannan Sadhasivam (4): PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() PCI: qcom-ep: Disable resources unconditionally during PERST# assert PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone Marc Gonzalez (1): arm64: dts: qcom: msm8998: enable adreno_smmu by default Marco Cavenati (1): perf/x86/intel/pt: Fix topa_entry base length Marek Behún (3): firmware: turris-mox-rwtm: Do not complete if there are no waiters firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Vasut (2): ARM: dts: stm32: Add arm,no-tick-in-suspend to STM32MP15xx STGEN timer PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Markus Elfring (1): auxdisplay: ht16k33: Drop reference after LED registration Martin Kaistra (1): wifi: rtl8xxxu: 8188f: Limit TX power index Martin Willi (2): net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Masahiro Yamada (2): x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS kbuild: avoid build error when single DTB is turned into composite DTB Mateusz Jończyk (1): md/raid1: set max_sectors during early return from choose_slow_rdev() Miaohe Lin (1): mm/hugetlb: fix possible recursive locking detected warning Michael Ellerman (2): powerpc/xmon: Fix disassembly CPU feature checks selftests/sigaltstack: Fix ppc64 GCC build Michael S. Tsirkin (1): vhost/vsock: always initialize seqpacket_allow Michael Walle (8): ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset ARM: dts: imx6qdl-kontron-samx6i: fix board reset ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity drm/mediatek: dpi/dsi: Fix possible_crtcs calculation drm/mediatek/dp: Fix spurious kfree() mtd: spi-nor: winbond: fix w25q128 regression Michal Luczaj (1): af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Michal Wajdeczko (1): drm/xe/pf: Limit fair VF LMEM provisioning Mickaël Salaün (1): selftests/landlock: Add cred_transfer test Mikhail Kobuk (1): media: pci: ivtv: Add check for DMA map result Ming Lei (2): block: check bio alignment in blk_mq_submit_bio ublk: fix UBLK_CMD_DEL_DEV_ASYNC handling Ming Qian (1): media: imx-jpeg: Drop initial source change event if capture has been setup Minwoo Im (1): scsi: ufs: mcq: Fix missing argument 'hba' in MCQ_OPR_OFFSET_n Miri Korenblit (2): wifi: iwlwifi: mvm: don't skip link selection wifi: iwlwifi: mvm: fix re-enabling EMLSR Mostafa Saleh (1): iommu/arm-smmu-v3: Avoid uninitialized asid in case of error Mukul Joshi (1): drm/amdkfd: Fix CU Masking for GFX 9.4.3 Naga Sureshkumar Relli (1): spi: microchip-core: fix the issues in the isr Namhyung Kim (2): perf report: Fix condition in sort__sym_cmp() perf stat: Fix a segfault with --per-cluster --metric-only Nathan Chancellor (1): kbuild: Fix '-S -c' in x86 stack protector scripts Nathan Lynch (1): powerpc/prom: Add CPU info to hardware description string later Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Add handling for boot-signature timeout errors Neil Armstrong (2): usb: typec-mux: ptn36502: unregister typec switch on probe error and remove usb: typec-mux: nb7vpq904m: unregister typec switch on probe error and remove NeilBrown (1): SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Nick Bowler (1): macintosh/therm_windtunnel: fix module unload. Nicolas Dichtel (3): ipv6: fix source address selection with route leak ipv4: fix source address selection with route leak ipv6: take care of scope when choosing the src addr Niklas Cassel (1): PCI: dw-rockchip: Fix initial PERST# GPIO value Nilesh Javali (1): scsi: qla2xxx: validate nvme_local_port correctly Nirmoy Das (1): drm/xe/display/xe_hdcp_gsc: Free arbiter on driver removal Nithyanantham Paramasivam (1): wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure Nitin Gote (1): drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Nivas Varadharajan Mugunthakumar (1): crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Nuno Sa (2): iio: adc: ad9467: use DMA safe buffer for spi iio: adc: adi-axi-adc: don't allow concurrent enable/disable calls Nícolas F. R. A. Prado (2): arm64: dts: qcom: sc7180-trogdor: Disable pwmleds node where unused remoteproc: mediatek: Don't attempt to remap l1tcm memory if missing Ofir Gal (1): md/md-bitmap: fix writing non bitmap pages Oleksandr Natalenko (1): media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 Olga Kornievskaia (1): NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server Or Har-Toov (1): RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled P Praneesh (3): wifi: ath12k: change DMA direction while mapping reinjected packets wifi: ath12k: fix invalid memory access while processing fragmented packets wifi: ath12k: fix firmware crash during reo reinject Pablo Neira Ayuso (3): netfilter: nf_tables: rise cap on SELinux secmark context netfilter: ctnetlink: use helper function to calculate expect ID net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Paolo Pisati (1): m68k: amiga: Turn off Warp1260 interrupts during boot Paul Moore (2): lsm: fixup the inode xattr capability handling selinux,smack: remove the capability checks in the removexattr hooks Pavel Begunkov (6): kernel: rerun task_work while freezing in get_signal() io_uring/io-wq: limit retrying worker initialisation io_uring: fix lost getsockopt completions io_uring: tighten task exit cancellations io_uring: don't allow netpolling with SETUP_IOPOLL io_uring: fix io_match_task must_hold Pavel Löbl (1): ARM: dts: sunxi: remove duplicated entries in makefile Peng Fan (2): pinctrl: freescale: mxs: Fix refcount of child mailbox: imx: fix TXDB_V2 channel race condition Peter Ujfalusi (3): ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format Petr Machata (1): net: nexthop: Initialize all fields in dumped nexthops Pierre-Louis Bossart (2): ASOC: SOF: Intel: hda-loader: only wait for HDaudio IOC for IPC4 devices ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Pin-yen Lin (1): arm64: dts: mediatek: mt8192-asurada: Add off-on-delay-us for pp3300_mipibrdg Ping-Ke Shih (2): wifi: rtw89: 8852b: restore setting for RFE type 5 after device resume wifi: rtw89: 8852c: correct logic and restore PCI PHY EQ after device resume Po-Hao Huang (1): wifi: rtw89: fix HW scan not aborting properly Pradeep Kumar Chitrapu (1): wifi: ath12k: Correct 6 GHz frequency value in rx status Prajna Rajendra Kumar (1): spi: spi-microchip-core: Fix the number of chip selects supported Primoz Fiser (2): cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() OPP: ti: Fix ti_opp_supply_probe wrong return values Pu Lehui (1): riscv, bpf: Fix out-of-bounds issue when preparing trampoline image Puranjay Mohan (2): bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG selftests/bpf: fexit_sleep: Fix stack allocation for arm64 Qiang Ma (1): efi/libstub: Zero initialize heap allocated struct screen_info Quinn Tran (4): scsi: qla2xxx: Unable to act on RSCN for port online scsi: qla2xxx: Use QP lock to search for bsg scsi: qla2xxx: Reduce fabric scan duplicate code scsi: qla2xxx: Fix flash read failure Rafael Beims (1): wifi: mwifiex: Fix interface type change Rafael J. Wysocki (3): genirq: Set IRQF_COND_ONESHOT in request_irq() thermal: trip: Split thermal_zone_device_set_mode() thermal: core: Back off when polling thermal zones on errors Rafał Miłecki (2): arm64: dts: mediatek: mt7981: fix code alignment for PWM clocks arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Ram Tummala (1): mm: fix old/young bit handling in the faulting path Rayyan Ansari (1): ARM: dts: qcom: msm8226-microsoft-common: Enable smbb explicitly Reka Norman (1): xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL Ricardo Ribalda (5): media: imon: Fix race getting ictx->lock media: i2c: hi846: Fix V4L2_SUBDEV_FORMAT_TRY get_selection() media: c8sectpfe: Add missing parameter names media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 media: uvcvideo: Fix integer overflow calculating timestamp Richard Genoud (2): rtc: tps6594: Fix memleak in probe remoteproc: k3-r5: Fix IPC-only mode detection Rob Herring (Arm) (1): perf: arm_pmuv3: Avoid assigning fixed cycle counter with threshold Ross Lagerwall (1): decompress_bunzip2: fix rare decompression failure Ryusuke Konishi (2): nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro nilfs2: handle inconsistent state in nilfs_btnode_create_block() Sagar Cheluvegowda (1): arm64: dts: qcom: sa8775p: mark ethernet devices as DMA-coherent Samasth Norway Ananda (1): wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Sandipan Das (2): perf/x86/amd/uncore: Avoid PMU registration if counters are unavailable perf/x86/amd/uncore: Fix DF and UMC domain identification Saurav Kashyap (1): scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Sean Anderson (2): drm: zynqmp_kms: Fix AUX bus not getting unregistered phy: zynqmp: Enable reference clock correctly Sean Christopherson (7): sched/core: Move preempt_model_*() helpers from sched.h to preempt.h sched/core: Drop spinlocks on contention iff kernel is preemptible KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector KVM: nVMX: Request immediate exit iff pending nested event needs injection KVM: nVMX: Check for pending posted interrupts when looking for nested events KVM: nVMX: Fold requested virtual interrupt check into has_nested_events() Sebastian Andrzej Siewior (1): drm/ttm/tests: Let ttm_bo_test consider different ww_mutex implementation. SeongJae Park (1): selftests/damon/access_memory: use user-defined region size Seth Forshee (DigitalOcean) (1): fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Sheng Yong (1): f2fs: fix start segno of large section Shenghao Ding (1): ASoc: tas2781: Enable RCA-based playback without DSP firmware download Shenwei Wang (1): irqchip/imx-irqsteer: Handle runtime power management correctly Shigeru Yoshida (1): tipc: Return non-zero value from tipc_udp_addr2str() on error Shivaprasad G Bhat (2): KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 KVM: PPC: Book3S HV: Fix the get_one_reg of SDAR Shreyas Deodhar (3): scsi: qla2xxx: Fix optrom version displayed in FDMI scsi: qla2xxx: Fix for possible memory corruption scsi: qla2xxx: Complete command early within lock Shung-Hsi Yu (1): bpf: fix overflow check in adjust_jmp_off() Sibi Sankar (1): soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove Siddharth Vadapalli (2): PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() PCI: keystone: Don't enable BAR 0 for AM654x Simon Horman (1): net: stmmac: Correct byte order of perfect_match Simon Trimmer (1): ASoC: cs35l56: Accept values greater than 0 as IRQ numbers Sourabh Jain (1): powerpc/kexec_file: fix cpus node update to FDT Srinivasan Shanmugam (2): drm/amdgpu: Fix snprintf usage in amdgpu_gfx_kiq_init_ring drm/amdgpu: Fix type mismatch in amdgpu_gfx_kiq_init_ring Stanislav Fomichev (1): xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len Steffen Klassert (2): xfrm: Fix unregister netdevice hang on hardware offload. xfrm: Export symbol xfrm_dev_state_delete. Stephen Boyd (2): soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers clk: qcom: Park shared RCGs upon registration Steve French (3): cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path cifs: fix reconnect with SMB1 UNIX Extensions cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve Wilkins (4): spi: microchip-core: defer asserting chip select until just before write to TX FIFO spi: microchip-core: only disable SPI controller when register value change requires it spi: microchip-core: fix init function not setting the master and motorola modes spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer Steven Price (1): drm/panthor: Record devfreq busy as soon as a job is started Sung Joon Kim (1): drm/amd/display: Check for NULL pointer Sungjong Seo (1): exfat: fix potential deadlock on __exfat_get_dentry_set Sunmin Jeong (2): f2fs: use meta inode for GC of atomic file f2fs: use meta inode for GC of COW file Suren Baghdasaryan (4): lib: add missing newline character in the warning message lib: reuse page_ext_data() to obtain codetag_ref alloc_tag: fix page_ext_get/page_ext_put sequence during page splitting alloc_tag: outline and export free_reserved_page() Sven Eckelmann (1): wifi: ath12k: Don't drop tx_status in failure case Sven Peter (1): Bluetooth: hci_bcm4377: Use correct unit for timeouts Taehee Yoo (1): xdp: fix invalid wait context of page_pool_destroy() Takashi Iwai (4): ALSA: ump: Don't update FB name for static blocks ALSA: ump: Force 1 Group for MIDI1 FBs ALSA: usb-audio: Move HD Webcam quirk to the right place ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Takashi Sakamoto (2): Revert "firewire: Annotate struct fw_iso_packet with __counted_by()" ALSA: firewire-lib: fix wrong value as length of header for CIP_NO_HEADER case Taniya Das (7): clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's Tao Chen (1): bpftool: Mount bpffs when pinmaps path not under the bpffs Tejun Heo (1): sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Tengda Wu (1): bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Tetsuo Handa (1): mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Thomas Gleixner (3): perf/x86: Serialize set_attr_rdpmc() jump_label: Fix concurrency issues in static_key_slow_dec() watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Thomas Hellström (1): drm/xe: Use write-back caching mode for system memory on DGFX Thomas Huth (1): drm/fbdev-dma: Fix framebuffer mode for big endian devices Thomas Richter (1): s390/cpum_cf: Fix endless loop in CF_DIAG event stop Thomas Weißschuh (3): selftests/nolibc: fix printf format mismatch in expect_str_buf_eq() sysctl: always initialize i_uid/i_gid leds: triggers: Flush pending brightness before activating trigger Thomas Zimmermann (3): drm/qxl: Pin buffer objects for internal mappings fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes drm/udl: Remove DRM_CONNECTOR_POLL_HPD Thorsten Blum (1): m68k: cmpxchg: Fix return value for default case in __arch_xchg() Tiezhu Yang (1): LoongArch: Check TIF_LOAD_WATCH to enable user space watchpoint Tim Huang (1): drm/amdgpu: add missed harvest check for VCN IP v4/v5 Tim Van Patten (1): drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Tom Lendacky (1): x86/sev: Do RMP memory coverage check after max_pfn has been set Tommaso Merciai (1): media: i2c: alvium: Move V4L2_CID_GAIN to V4L2_CID_ANALOG_GAIN Tvrtko Ursulin (1): mm/numa_balancing: teach mpol_to_str about the balancing mode Tzung-Bi Shih (1): platform/chrome: cros_ec_debugfs: fix wrong EC message version Uwe Kleine-König (2): pwm: stm32: Always do lazy disabling pwm: atmel-tcb: Fix race condition and convert to guards Vaishnav Achath (1): arm64: dts: ti: k3-j722s: Fix main domain GPIO count Vasily Gorbik (1): s390/setup: Fix __pa/__va for modules under non-GPL licenses Venkata Prasad Potturu (1): ASoC: sof: amd: fix for firmware reload failure in Vangogh platform Vignesh Raghavendra (1): dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels Viken Dadhaniya (1): arm64: dts: qcom: sc7280: Remove CTS/RTS configuration Viresh Kumar (1): OPP: Fix missing cleanup on error in _opp_attach_genpd() Vitor Soares (1): tpm_tis_spi: add missing attpm20p SPI device ID entry Waiman Long (2): cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls cgroup/cpuset: Fix remote root partition creation problem WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Wayne Lin (1): drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Wayne Tung (1): hwmon: (adt7475) Fix default duty on fan is disabled Wei Liu (1): PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Wentong Wu (2): media: ivsc: csi: add separate lock for v4l2 control handler media: ivsc: csi: don't count privacy on as error Will Deacon (1): arm64: mm: Fix lockless walks with static and dynamic page-table folding Wojciech Drewek (1): ice: Fix recipe read procedure Xianwei Zhao (2): clk: meson: s4: fix fixed_pll_dco clock clk: meson: s4: fix pwm_j_div parent clock Xiao Liang (1): apparmor: Fix null pointer deref when receiving skb during sock creation Yang Shi (1): mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yang Yang (2): sbitmap: fix io hung due to race on sbitmap_word::cleared block: fix deadlock between sd_remove & sd_release Yang Yingliang (3): pinctrl: core: fix possible memory leak when pinctrl_enable() fails pinctrl: single: fix possible memory leak when pinctrl_enable() fails pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Yanjun Yang (1): ARM: Remove address checking for MMUless devices Yao Zi (1): drm/meson: fix canvas release in bind function Yijie Yang (1): dt-bindings: phy: qcom,qmp-usb: fix spelling error Yu Kuai (2): md: Don't wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl md/raid5: fix spares errors about rcu usage Yu Liao (1): tick/broadcast: Make takeover of broadcast hrtimer reliable Yu Zhao (3): mm/mglru: fix div-by-zero in vmpressure_calc_level() mm/mglru: fix overshooting shrinker memory mm/mglru: fix ineffective protection calculation Yunfei Dong (1): media: mediatek: vcodec: Fix unreasonable data conversion Zhang Rui (1): perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake ZhenGuo Yin (1): drm/amdgpu: reset vm state machine after gpu reset(vram lost) Zheng Yejian (1): media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Zijun Hu (3): kobject_uevent: Fix OOB access within zap_modalias_env() devres: Fix devm_krealloc() wasting memory devres: Fix memory leakage caused by driver API devm_free_percpu() Zong-Zhe Yang (1): wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig ethanwu (1): ceph: fix incorrect kmalloc size of pagevec mempool levi.yun (1): trace/pid_list: Change gfp flags in pid_list_fill_irq() tuhaowen (1): dev/parport: fix the array out-of-bounds risk wangdicheng (2): ALSA: usb-audio: Fix microphone sound on HD webcam. ALSA: usb-audio: Add a quirk for Sonix HD USB Camera

10 months, 3 weeks

1
1
0 0

Linux 6.6.44

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.44 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/thermal/thermal-zones.yaml | 5 Makefile | 2 arch/arm/boot/dts/allwinner/Makefile | 62 arch/arm/boot/dts/nxp/imx/imx6q-kontron-samx6i.dtsi | 23 arch/arm/boot/dts/nxp/imx/imx6qdl-kontron-samx6i.dtsi | 14 arch/arm/boot/dts/st/stm32mp151.dtsi | 1 arch/arm/mach-pxa/spitz.c | 30 arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 5 arch/arm64/boot/dts/amlogic/meson-g12.dtsi | 4 arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 10 arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 10 arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 8 arch/arm64/boot/dts/freescale/imx8mp.dtsi | 124 + arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-audio-da7219.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 arch/arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 arch/arm64/boot/dts/qcom/qdu1000.dtsi | 16 arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 28 arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 1 arch/arm64/boot/dts/qcom/sm6115.dtsi | 2 arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 22 arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 5 arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 5 arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 5 arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 5 arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 5 arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3566-roc-pc.dts | 2 arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 arch/arm64/boot/dts/rockchip/rk3568-fastrhino-r66s.dts | 4 arch/arm64/boot/dts/rockchip/rk3568-fastrhino-r66s.dtsi | 48 arch/arm64/boot/dts/rockchip/rk3568-fastrhino-r68s.dts | 16 arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 4 arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 2 arch/loongarch/kernel/hw_breakpoint.c | 2 arch/loongarch/kernel/ptrace.c | 3 arch/m68k/amiga/config.c | 9 arch/m68k/atari/ataints.c | 6 arch/m68k/include/asm/cmpxchg.h | 2 arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 arch/mips/include/asm/mach-loongson64/boot_param.h | 2 arch/mips/include/asm/mips-cm.h | 4 arch/mips/kernel/smp-cps.c | 5 arch/mips/loongson64/env.c | 8 arch/mips/loongson64/reset.c | 38 arch/mips/loongson64/smp.c | 23 arch/mips/sgi-ip30/ip30-console.c | 1 arch/parisc/Kconfig | 1 arch/powerpc/configs/85xx-hw.config | 2 arch/powerpc/kernel/prom.c | 12 arch/powerpc/kvm/book3s_hv.c | 4 arch/powerpc/kvm/powerpc.c | 4 arch/powerpc/mm/nohash/8xx.c | 3 arch/powerpc/xmon/ppc-dis.c | 33 arch/s390/kernel/perf_cpum_cf.c | 14 arch/s390/kernel/uv.c | 58 arch/s390/mm/fault.c | 6 arch/s390/pci/pci_irq.c | 110 - arch/sparc/include/asm/oplib_64.h | 1 arch/sparc/prom/init_64.c | 3 arch/sparc/prom/p1275.c | 2 arch/um/drivers/ubd_kern.c | 50 arch/um/kernel/time.c | 4 arch/um/os-Linux/signal.c | 118 + arch/x86/Kconfig.assembler | 2 arch/x86/events/core.c | 3 arch/x86/events/intel/cstate.c | 7 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/pt.c | 4 arch/x86/events/intel/pt.h | 4 arch/x86/events/intel/uncore_snbep.c | 6 arch/x86/include/asm/kvm_host.h | 2 arch/x86/include/asm/shstk.h | 2 arch/x86/kernel/devicetree.c | 2 arch/x86/kernel/shstk.c | 11 arch/x86/kernel/uprobes.c | 7 arch/x86/kvm/vmx/nested.c | 2 arch/x86/kvm/vmx/vmx.c | 11 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 4 arch/x86/pci/intel_mid_pci.c | 4 arch/x86/pci/xen.c | 4 arch/x86/platform/intel/iosf_mbi.c | 4 arch/x86/xen/p2m.c | 4 block/bio-integrity.c | 11 block/blk-mq.c | 12 block/genhd.c | 2 block/mq-deadline.c | 20 drivers/android/binder.c | 4 drivers/ata/libata-scsi.c | 176 +- drivers/auxdisplay/ht16k33.c | 1 drivers/base/devres.c | 11 drivers/block/rbd.c | 35 drivers/bluetooth/btintel.c | 119 - drivers/bluetooth/btnxpuart.c | 52 drivers/bluetooth/btusb.c | 4 drivers/bluetooth/hci_bcm4377.c | 2 drivers/char/hw_random/amd-rng.c | 4 drivers/char/hw_random/core.c | 4 drivers/char/ipmi/ssif_bmc.c | 6 drivers/char/tpm/eventlog/common.c | 2 drivers/clk/clk-en7523.c | 9 drivers/clk/davinci/da8xx-cfgchip.c | 4 drivers/clk/qcom/camcc-sc7280.c | 5 drivers/clk/qcom/clk-rcg2.c | 32 drivers/clk/qcom/gcc-sa8775p.c | 40 drivers/clk/qcom/gcc-sc7280.c | 3 drivers/clk/qcom/gpucc-sa8775p.c | 41 drivers/clk/qcom/gpucc-sm8350.c | 5 drivers/clk/qcom/kpss-xcc.c | 4 drivers/cpufreq/amd-pstate.c | 43 drivers/cpufreq/ti-cpufreq.c | 2 drivers/crypto/intel/qat/qat_common/adf_cfg.c | 6 drivers/dma/ti/k3-udma.c | 4 drivers/edac/Makefile | 10 drivers/edac/skx_common.c | 21 drivers/edac/skx_common.h | 4 drivers/firmware/efi/libstub/screen_info.c | 2 drivers/firmware/efi/libstub/x86-stub.c | 25 drivers/firmware/turris-mox-rwtm.c | 23 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 9 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 43 drivers/gpu/drm/bridge/ite-it6505.c | 77 - drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 drivers/gpu/drm/i915/display/intel_dp.c | 2 drivers/gpu/drm/i915/display/intel_dp_link_training.c | 55 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 6 drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 24 drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 2 drivers/gpu/drm/mediatek/mtk_dp.c | 39 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 2 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 drivers/gpu/drm/mediatek/mtk_drm_plane.c | 2 drivers/gpu/drm/mediatek/mtk_ethdr.c | 21 drivers/gpu/drm/meson/meson_drv.c | 37 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 drivers/gpu/drm/msm/dsi/dsi_host.c | 3 drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 drivers/gpu/drm/panel/panel-himax-hx8394.c | 3 drivers/gpu/drm/panfrost/panfrost_drv.c | 1 drivers/gpu/drm/qxl/qxl_display.c | 3 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/udl/udl_modeset.c | 3 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 1 drivers/gpu/drm/xlnx/zynqmp_kms.c | 12 drivers/hwmon/adt7475.c | 2 drivers/hwmon/max6697.c | 5 drivers/hwtracing/coresight/coresight-platform.c | 4 drivers/iio/frequency/adrf6780.c | 1 drivers/iio/industrialio-gts-helper.c | 7 drivers/infiniband/core/cache.c | 14 drivers/infiniband/core/device.c | 22 drivers/infiniband/core/iwcm.c | 11 drivers/infiniband/core/lag.c | 3 drivers/infiniband/core/roce_gid_mgmt.c | 3 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 drivers/infiniband/hw/hns/hns_roce_device.h | 6 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 40 drivers/infiniband/hw/hns/hns_roce_mr.c | 5 drivers/infiniband/hw/hns/hns_roce_qp.c | 4 drivers/infiniband/hw/hns/hns_roce_srq.c | 2 drivers/infiniband/hw/mlx4/alias_GUID.c | 2 drivers/infiniband/hw/mlx4/mad.c | 2 drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 drivers/infiniband/hw/mlx5/odp.c | 6 drivers/infiniband/sw/rxe/rxe_req.c | 7 drivers/input/keyboard/qt1050.c | 7 drivers/input/mouse/elan_i2c_core.c | 2 drivers/interconnect/qcom/qcm2290.c | 2 drivers/iommu/intel/iommu.c | 2 drivers/iommu/sprd-iommu.c | 2 drivers/irqchip/irq-imx-irqsteer.c | 24 drivers/isdn/hardware/mISDN/hfcmulti.c | 7 drivers/leds/flash/leds-mt6360.c | 5 drivers/leds/flash/leds-qcom-flash.c | 10 drivers/leds/led-class.c | 1 drivers/leds/led-triggers.c | 2 drivers/leds/leds-ss4200.c | 7 drivers/macintosh/therm_windtunnel.c | 2 drivers/md/dm-verity-target.c | 16 drivers/md/md-bitmap.c | 6 drivers/md/md.c | 32 drivers/media/i2c/imx219.c | 2 drivers/media/i2c/imx412.c | 9 drivers/media/pci/intel/ivsc/mei_csi.c | 14 drivers/media/pci/ivtv/ivtv-udma.c | 8 drivers/media/pci/ivtv/ivtv-yuv.c | 6 drivers/media/pci/ivtv/ivtvfb.c | 6 drivers/media/pci/saa7134/saa7134-dvb.c | 8 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 6 drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 3 drivers/media/platform/nxp/imx-pxp.c | 3 drivers/media/platform/qcom/venus/vdec.c | 3 drivers/media/platform/renesas/rcar-vin/rcar-csi2.c | 5 drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 drivers/media/rc/imon.c | 5 drivers/media/rc/lirc_dev.c | 4 drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 drivers/media/usb/uvc/uvc_ctrl.c | 9 drivers/media/usb/uvc/uvc_driver.c | 26 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/usb/uvc/uvcvideo.h | 2 drivers/media/v4l2-core/v4l2-async.c | 3 drivers/memory/Kconfig | 2 drivers/mfd/Makefile | 6 drivers/mfd/omap-usb-tll.c | 3 drivers/mfd/rsmu_core.c | 2 drivers/mtd/nand/raw/Kconfig | 3 drivers/mtd/tests/Makefile | 34 drivers/mtd/tests/mtd_test.c | 9 drivers/mtd/ubi/eba.c | 3 drivers/net/bonding/bond_main.c | 7 drivers/net/dsa/b53/b53_common.c | 3 drivers/net/dsa/mv88e6xxx/chip.c | 3 drivers/net/ethernet/brocade/bna/bna_types.h | 2 drivers/net/ethernet/brocade/bna/bnad.c | 11 drivers/net/ethernet/freescale/fec_main.c | 52 drivers/net/ethernet/google/gve/gve_tx.c | 5 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 drivers/net/ethernet/intel/ice/ice_fdir.h | 3 drivers/net/ethernet/intel/ice/ice_switch.c | 8 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/netconsole.c | 2 drivers/net/wireless/ath/ath11k/ce.c | 2 drivers/net/wireless/ath/ath11k/ce.h | 5 drivers/net/wireless/ath/ath11k/dbring.c | 1 drivers/net/wireless/ath/ath11k/dbring.h | 1 drivers/net/wireless/ath/ath11k/debug.c | 1 drivers/net/wireless/ath/ath11k/debug.h | 2 drivers/net/wireless/ath/ath11k/debugfs.c | 1 drivers/net/wireless/ath/ath11k/debugfs.h | 1 drivers/net/wireless/ath/ath11k/debugfs_htt_stats.c | 2 drivers/net/wireless/ath/ath11k/debugfs_htt_stats.h | 2 drivers/net/wireless/ath/ath11k/debugfs_sta.c | 1 drivers/net/wireless/ath/ath11k/debugfs_sta.h | 1 drivers/net/wireless/ath/ath11k/dp.c | 2 drivers/net/wireless/ath/ath11k/dp.h | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 4 drivers/net/wireless/ath/ath11k/dp_rx.h | 3 drivers/net/wireless/ath/ath11k/dp_tx.c | 2 drivers/net/wireless/ath/ath11k/dp_tx.h | 1 drivers/net/wireless/ath/ath11k/hal.c | 2 drivers/net/wireless/ath/ath11k/hal.h | 2 drivers/net/wireless/ath/ath11k/hal_desc.h | 1 drivers/net/wireless/ath/ath11k/hal_rx.c | 1 drivers/net/wireless/ath/ath11k/hal_rx.h | 1 drivers/net/wireless/ath/ath11k/hif.h | 1 drivers/net/wireless/ath/ath11k/htc.c | 1 drivers/net/wireless/ath/ath11k/htc.h | 1 drivers/net/wireless/ath/ath11k/hw.c | 2 drivers/net/wireless/ath/ath11k/hw.h | 2 drivers/net/wireless/ath/ath11k/mac.c | 15 drivers/net/wireless/ath/ath11k/mac.h | 1 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath11k/mhi.h | 1 drivers/net/wireless/ath/ath11k/pcic.c | 2 drivers/net/wireless/ath/ath11k/peer.c | 2 drivers/net/wireless/ath/ath11k/peer.h | 2 drivers/net/wireless/ath/ath11k/qmi.c | 2 drivers/net/wireless/ath/ath11k/qmi.h | 2 drivers/net/wireless/ath/ath11k/reg.c | 1 drivers/net/wireless/ath/ath11k/reg.h | 1 drivers/net/wireless/ath/ath11k/rx_desc.h | 1 drivers/net/wireless/ath/ath11k/spectral.c | 1 drivers/net/wireless/ath/ath11k/spectral.h | 1 drivers/net/wireless/ath/ath11k/thermal.c | 1 drivers/net/wireless/ath/ath11k/thermal.h | 1 drivers/net/wireless/ath/ath11k/trace.h | 1 drivers/net/wireless/ath/ath11k/wmi.c | 2 drivers/net/wireless/ath/ath11k/wmi.h | 2 drivers/net/wireless/ath/ath11k/wow.h | 1 drivers/net/wireless/ath/ath12k/ce.h | 6 drivers/net/wireless/ath/ath12k/dp.c | 18 drivers/net/wireless/ath/ath12k/dp_rx.c | 27 drivers/net/wireless/ath/ath12k/hw.c | 8 drivers/net/wireless/ath/ath12k/wmi.c | 10 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c | 15 drivers/net/wireless/realtek/rtw88/usb.c | 2 drivers/net/wireless/realtek/rtw89/debug.c | 2 drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 2 drivers/net/wireless/virtual/virt_wifi.c | 20 drivers/nvme/host/pci.c | 5 drivers/nvme/target/auth.c | 14 drivers/nvmem/rockchip-otp.c | 1 drivers/opp/ti-opp-supply.c | 6 drivers/parport/procfs.c | 24 drivers/pci/controller/dwc/pci-keystone.c | 156 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 drivers/pci/controller/pci-hyperv.c | 4 drivers/pci/controller/pci-loongson.c | 13 drivers/pci/controller/pcie-rcar-host.c | 6 drivers/pci/controller/pcie-rockchip.c | 2 drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 drivers/pci/pci.c | 6 drivers/pci/setup-bus.c | 6 drivers/phy/cadence/phy-cadence-torrent.c | 3 drivers/phy/xilinx/phy-zynqmp.c | 14 drivers/pinctrl/core.c | 12 drivers/pinctrl/freescale/pinctrl-mxs.c | 4 drivers/pinctrl/pinctrl-rockchip.c | 17 drivers/pinctrl/pinctrl-single.c | 7 drivers/pinctrl/renesas/pfc-r8a779g0.c | 712 ++++------ drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 drivers/platform/chrome/cros_ec_debugfs.c | 1 drivers/platform/mips/cpu_hwmon.c | 3 drivers/pwm/pwm-atmel-tcb.c | 12 drivers/pwm/pwm-stm32.c | 5 drivers/remoteproc/imx_rproc.c | 10 drivers/remoteproc/stm32_rproc.c | 2 drivers/rtc/interface.c | 9 drivers/rtc/rtc-abx80x.c | 12 drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-isl1208.c | 11 drivers/s390/block/dasd_devmap.c | 10 drivers/scsi/lpfc/lpfc_attr.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/qla2xxx/qla_bsg.c | 98 - drivers/scsi/qla2xxx/qla_def.h | 17 drivers/scsi/qla2xxx/qla_gbl.h | 6 drivers/scsi/qla2xxx/qla_gs.c | 467 ++---- drivers/scsi/qla2xxx/qla_init.c | 92 - drivers/scsi/qla2xxx/qla_inline.h | 8 drivers/scsi/qla2xxx/qla_mid.c | 2 drivers/scsi/qla2xxx/qla_nvme.c | 5 drivers/scsi/qla2xxx/qla_os.c | 19 drivers/scsi/qla2xxx/qla_sup.c | 108 + drivers/scsi/sr_ioctl.c | 2 drivers/soc/qcom/icc-bwmon.c | 4 drivers/soc/qcom/pdr_interface.c | 8 drivers/soc/qcom/pmic_glink.c | 13 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/soc/qcom/rpmh.c | 1 drivers/soc/xilinx/xlnx_event_manager.c | 15 drivers/soc/xilinx/zynqmp_power.c | 4 drivers/spi/atmel-quadspi.c | 11 drivers/spi/spi-microchip-core.c | 211 +- drivers/spi/spidev.c | 1 drivers/ufs/core/ufs-mcq.c | 10 drivers/usb/typec/mux/nb7vpq904m.c | 7 drivers/vhost/vsock.c | 4 drivers/video/logo/pnmtologo.c | 2 drivers/watchdog/rzg2l_wdt.c | 22 fs/btrfs/compression.c | 2 fs/ceph/super.c | 3 fs/exfat/dir.c | 2 fs/ext2/balloc.c | 11 fs/ext4/extents_status.c | 2 fs/ext4/fast_commit.c | 6 fs/ext4/namei.c | 73 - fs/ext4/xattr.c | 6 fs/f2fs/checkpoint.c | 10 fs/f2fs/data.c | 6 fs/f2fs/f2fs.h | 19 fs/f2fs/file.c | 47 fs/f2fs/gc.c | 13 fs/f2fs/inline.c | 8 fs/f2fs/inode.c | 14 fs/f2fs/segment.c | 6 fs/f2fs/segment.h | 3 fs/fuse/inode.c | 24 fs/hfs/inode.c | 3 fs/hfsplus/bfind.c | 15 fs/hfsplus/extents.c | 9 fs/hfsplus/hfsplus_fs.h | 21 fs/hostfs/hostfs.h | 7 fs/hostfs/hostfs_kern.c | 10 fs/hostfs/hostfs_user.c | 7 fs/jbd2/commit.c | 2 fs/jbd2/journal.c | 56 fs/jbd2/transaction.c | 45 fs/jfs/jfs_imap.c | 5 fs/kernfs/dir.c | 34 fs/nfs/nfs4client.c | 6 fs/nfs/nfs4proc.c | 2 fs/nfsd/nfs4proc.c | 5 fs/nilfs2/btnode.c | 25 fs/nilfs2/btree.c | 4 fs/nilfs2/segment.c | 2 fs/ntfs3/attrib.c | 30 fs/ntfs3/bitmap.c | 2 fs/ntfs3/dir.c | 3 fs/ntfs3/file.c | 5 fs/ntfs3/frecord.c | 2 fs/ntfs3/fslog.c | 5 fs/ntfs3/index.c | 4 fs/ntfs3/inode.c | 13 fs/ntfs3/ntfs.h | 12 fs/ntfs3/super.c | 4 fs/proc/task_mmu.c | 43 fs/smb/client/cifsfs.c | 8 fs/smb/client/connect.c | 24 fs/super.c | 11 fs/udf/balloc.c | 15 fs/udf/file.c | 2 fs/udf/inode.c | 11 fs/udf/namei.c | 2 fs/udf/super.c | 3 include/asm-generic/vmlinux.lds.h | 2 include/drm/drm_mipi_dsi.h | 46 include/linux/bpf_verifier.h | 2 include/linux/hugetlb.h | 1 include/linux/jbd2.h | 12 include/linux/mlx5/qp.h | 9 include/linux/objagg.h | 1 include/linux/pci.h | 2 include/linux/perf_event.h | 1 include/linux/sbitmap.h | 5 include/linux/task_work.h | 3 include/linux/virtio_net.h | 11 include/net/ip_fib.h | 1 include/net/tcp.h | 1 include/net/xfrm.h | 36 include/sound/tas2781-dsp.h | 11 include/trace/events/rpcgss.h | 2 include/uapi/linux/netfilter/nf_tables.h | 2 include/uapi/linux/zorro_ids.h | 3 include/ufs/ufshcd.h | 6 io_uring/io-wq.c | 10 io_uring/io_uring.c | 5 io_uring/timeout.c | 2 kernel/bpf/btf.c | 10 kernel/cgroup/cgroup-v1.c | 2 kernel/cgroup/cgroup.c | 4 kernel/cgroup/cpuset.c | 15 kernel/debug/kdb/kdb_io.c | 6 kernel/dma/mapping.c | 2 kernel/events/core.c | 79 - kernel/events/internal.h | 2 kernel/events/ring_buffer.c | 4 kernel/irq/irqdomain.c | 7 kernel/irq/manage.c | 2 kernel/jump_label.c | 45 kernel/locking/rwsem.c | 6 kernel/rcu/tasks.h | 10 kernel/sched/core.c | 37 kernel/sched/fair.c | 7 kernel/sched/sched.h | 2 kernel/signal.c | 8 kernel/task_work.c | 34 kernel/time/tick-broadcast.c | 23 kernel/trace/pid_list.c | 4 kernel/watchdog_perf.c | 11 lib/build_OID_registry | 5 lib/decompress_bunzip2.c | 3 lib/kobject_uevent.c | 17 lib/objagg.c | 18 lib/sbitmap.c | 44 mm/hugetlb.c | 49 mm/memory.c | 2 mm/mempolicy.c | 18 mm/mmap_lock.c | 175 -- mm/vmscan.c | 84 - net/bridge/br_forward.c | 4 net/core/filter.c | 15 net/core/flow_dissector.c | 2 net/core/xdp.c | 4 net/ipv4/esp4.c | 3 net/ipv4/fib_semantics.c | 13 net/ipv4/fib_trie.c | 1 net/ipv4/nexthop.c | 7 net/ipv4/route.c | 18 net/ipv4/tcp.c | 2 net/ipv4/tcp_input.c | 32 net/ipv4/tcp_ipv4.c | 11 net/ipv4/tcp_timer.c | 6 net/ipv6/addrconf.c | 3 net/ipv6/esp6.c | 3 net/ipv6/tcp_ipv6.c | 10 net/mac80211/cfg.c | 2 net/mac80211/ieee80211_i.h | 2 net/mac80211/rate.c | 2 net/mac80211/sta_info.h | 6 net/mac80211/vht.c | 46 net/netfilter/ipvs/ip_vs_ctl.c | 10 net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 net/netfilter/nf_conntrack_netlink.c | 3 net/netfilter/nft_set_pipapo.c | 22 net/netfilter/nft_set_pipapo.h | 27 net/netfilter/nft_set_pipapo_avx2.c | 81 - net/packet/af_packet.c | 86 + net/smc/smc_core.c | 5 net/sunrpc/auth_gss/gss_krb5_keys.c | 2 net/sunrpc/clnt.c | 3 net/sunrpc/xprtrdma/frwr_ops.c | 3 net/sunrpc/xprtrdma/verbs.c | 16 net/tipc/udp_media.c | 5 net/unix/af_unix.c | 41 net/unix/unix_bpf.c | 3 net/wireless/util.c | 8 net/xfrm/xfrm_policy.c | 5 net/xfrm/xfrm_state.c | 65 net/xfrm/xfrm_user.c | 1 scripts/Kconfig.include | 3 scripts/Makefile.lib | 6 scripts/gcc-x86_32-has-stack-protector.sh | 2 scripts/gcc-x86_64-has-stack-protector.sh | 2 security/apparmor/lsm.c | 7 security/apparmor/policy.c | 2 security/apparmor/policy_unpack.c | 1 security/keys/keyctl.c | 2 security/landlock/cred.c | 11 sound/core/ump.c | 13 sound/soc/amd/acp-es8336.c | 4 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l56-shared.c | 2 sound/soc/codecs/max98088.c | 10 sound/soc/codecs/tas2781-fmwlib.c | 20 sound/soc/codecs/tas2781-i2c.c | 39 sound/soc/fsl/fsl_qmc_audio.c | 2 sound/soc/intel/common/soc-intel-quirks.h | 2 sound/soc/qcom/lpass-cpu.c | 4 sound/soc/sof/amd/pci-vangogh.c | 1 sound/soc/sof/imx/imx8m.c | 2 sound/soc/sof/ipc4-topology.c | 8 sound/usb/mixer.c | 7 sound/usb/quirks.c | 4 tools/bpf/bpftool/common.c | 2 tools/bpf/bpftool/prog.c | 4 tools/bpf/resolve_btfids/main.c | 2 tools/lib/bpf/btf_dump.c | 8 tools/lib/bpf/linker.c | 11 tools/memory-model/lock.cat | 20 tools/perf/arch/x86/util/intel-pt.c | 15 tools/perf/tests/shell/test_arm_callgraph_fp.sh | 27 tools/perf/tests/workloads/leafloop.c | 20 tools/perf/util/pmus.c | 5 tools/perf/util/sort.c | 2 tools/perf/util/stat-shadow.c | 7 tools/testing/selftests/bpf/DENYLIST.aarch64 | 1 tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c | 16 tools/testing/selftests/bpf/prog_tests/fexit_sleep.c | 8 tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 tools/testing/selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 tools/testing/selftests/bpf/progs/btf_dump_test_case_multidim.c | 4 tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c | 4 tools/testing/selftests/bpf/test_sockmap.c | 9 tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 tools/testing/selftests/landlock/base_test.c | 74 + tools/testing/selftests/landlock/config | 1 tools/testing/selftests/net/fib_tests.sh | 24 tools/testing/selftests/net/forwarding/devlink_lib.sh | 2 tools/testing/selftests/resctrl/cache.c | 10 tools/testing/selftests/resctrl/cat_test.c | 8 tools/testing/selftests/resctrl/cmt_test.c | 2 tools/testing/selftests/resctrl/fill_buf.c | 2 tools/testing/selftests/resctrl/mba_test.c | 2 tools/testing/selftests/resctrl/mbm_test.c | 2 tools/testing/selftests/resctrl/resctrl.h | 4 tools/testing/selftests/resctrl/resctrl_val.c | 164 +- tools/testing/selftests/resctrl/resctrlfs.c | 94 - tools/testing/selftests/sigaltstack/current_stack_pointer.h | 2 601 files changed, 5310 insertions(+), 3389 deletions(-) Abhinav Kumar (1): drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Adam Ford (3): arm64: dts: imx8mp: Add NPU Node arm64: dts: imx8mp: Fix pgc_mlmix location arm64: dts: imx8mp: Fix pgc vpu locations Adrian Hunter (7): perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation perf: Fix perf_aux_size() for greater-than 32-bit size perf: Prevent passing zero nr_pages to rb_alloc_aux() perf: Fix default aux_watermark calculation perf intel-pt: Fix aux_watermark calculation for 64-bit size perf intel-pt: Fix exclude_guest setting perf/x86/intel/pt: Fix a topa_entry base address calculation Ahmed Zaki (1): ice: Add a per-VF limit on number of FDIR filters Al Viro (2): powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() lirc: rc_dev_get_from_fd(): fix file leak Alan Maguire (2): bpf: annotate BTF show functions with __printf bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alan Stern (1): tools/memory-model: Fix bug in lock.cat Aleksandr Burakov (1): saa7134: Unchecked i2c_transfer function result fixed Aleksandr Mishin (6): wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() ASoC: amd: Adjust error handling in case of absent codec device remoteproc: imx_rproc: Skip over memory region when node value is NULL remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Alex Deucher (1): drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Alexey Kodanev (1): bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Amit Cohen (1): selftests: forwarding: devlink_lib: Wait for udev events after reloading Andreas Larsson (1): sparc64: Fix incorrect function signature and add prototype for prom_cif_init Andrei Lalaev (1): Input: qt1050 - handle CHIP_ID reading error Andrii Nakryiko (1): libbpf: Fix no-args func prototype BTF dumping syntax Andy Shevchenko (1): fs/ntfs3: Drop stray '\' (backslash) in formatting string Andy Yan (1): drm/rockchip: vop2: Fix the port mux of VP2 AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8195: Fix GPU thermal zone name for SVS Antoniu Miclaus (1): iio: frequency: adrf6780: rm clk provider include Ard Biesheuvel (2): x86/efistub: Avoid returning EFI_SUCCESS on error x86/efistub: Revert to heap allocated boot_params for PE entrypoint Aristeu Rozanski (1): hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Arnd Bergmann (4): EDAC, i10nm: make skx_common.o a separate module mfd: rsmu: Split core code into separate module mtd: make mtd_test.c a separate module kdb: address -Wformat-security warnings Artem Chernyshev (1): iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Bailey Forrest (1): gve: Fix an edge case for TSO skb validity check Baochen Qiang (5): wifi: ath11k: fix wrong definition of CE ring's base address wifi: ath12k: fix wrong definition of CE ring's base address wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baokun Li (2): ext4: check dot and dotdot of dx_root before making dir indexed ext4: make sure the first directory block is not a hole Bart Van Assche (4): block: Call .limit_depth() after .hctx has been set block/mq-deadline: Fix the tag reservation code RDMA/iwcm: Fix a use-after-free related to destroying CM IDs nvme-pci: Fix the instructions for disabling power management Bastien Curutchet (1): clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Benjamin Coddington (1): SUNRPC: Fixup gss_status tracepoint error output Bitterblue Smith (1): wifi: rtw88: usb: Fix disconnection after beacon loss Bjorn Andersson (1): arm64: dts: qcom: sc8180x: Correct PCIe slave ports Breno Leitao (1): net: netconsole: Disable target before netpoll cleanup Bryan O'Donoghue (1): media: i2c: Fix imx412 exposure control Carlos Llamas (1): binder: fix hang of unregistered readers Carlos López (1): s390/dasd: fix error checks in dasd_copy_pair_store() Chao Yu (7): hfsplus: fix to avoid false alarm of circular locking hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() f2fs: fix to force buffered IO on inline_data inode f2fs: fix to don't dirty inode for readonly filesystem f2fs: fix return value of f2fs_convert_inline_inode() f2fs: fix to truncate preallocated blocks in f2fs_file_open() f2fs: fix to update user block counts in block_operations() Chen Hanxiao (1): ipvs: properly dereference pe in ip_vs_add_service Chen Ni (6): spi: atmel-quadspi: Add missing check for clk_prepare soc: qcom: pmic_glink: Handle the return value of pmic_glink_init x86/xen: Convert comma to semicolon drm/qxl: Add check for drm_cvt_mode ASoC: max98088: Check for clk_prepare_enable() error clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error Chen Ridong (1): cgroup/cpuset: Prevent UAF in proc_cpuset_show() Chen-Yu Tsai (2): arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Chengchang Tang (4): RDMA/hns: Fix missing pagesize and alignment check in FRMR RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 RDMA/hns: Fix undifined behavior caused by invalid max_sge RDMA/hns: Fix insufficient extend DB for VFs. Chengen Du (1): af_packet: Handle outgoing VLAN packets without hardware offloading Chenyuan Yang (1): iio: Fix the sorting functionality in iio_gts_build_avail_time_table ChiYuan Huang (1): media: v4l: async: Fix NULL pointer dereference in adding ancillary links Chiara Meiohas (1): RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE Christoph Hellwig (3): ubd: refactor the interrupt handler ubd: untagle discard vs write zeroes not support handling block: initialize integrity buffer to zero before writing it to media Christophe JAILLET (1): drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() Christophe Leroy (2): vmlinux.lds.h: catch .bss..L* sections into BSS") powerpc/8xx: fix size given to set_huge_pte_at() Chuck Lever (2): xprtrdma: Fix rpcrdma_reqs_reset() NFSD: Support write delegations in LAYOUTGET Chukun Pan (6): arm64: dts: rockchip: fix regulator name for Lunzn Fastrhino R6xS arm64: dts: rockchip: fix usb regulator for Lunzn Fastrhino R6xS arm64: dts: rockchip: fix pmu_io supply for Lunzn Fastrhino R6xS arm64: dts: rockchip: remove unused usb2 nodes for Lunzn Fastrhino R6xS arm64: dts: rockchip: disable display subsystem for Lunzn Fastrhino R6xS arm64: dts: rockchip: fixes PHY reset for Lunzn Fastrhino R68S Claudiu Beznea (2): watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Conor Dooley (2): media: i2c: imx219: fix msr access command sequence spi: spidev: add correct compatible for Rohm BH2228FV Cristian Ciocaltea (4): arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu Csókás Bence (1): net: fec: Refactor: #define magic constants Csókás, Bence (2): net: fec: Fix FEC_ECR_EN1588 being cleared on link-down rtc: interface: Add RTC offset to alarm after fix-up Dan Carpenter (6): ipmi: ssif_bmc: prevent integer overflow on 32bit systems leds: flash: leds-qcom-flash: Test the correct variable in init PCI: endpoint: Clean up error handling in vpci_scan_bus() PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() mISDN: Fix a use after free in hfcmulti_tx() ASoC: TAS2781: Fix tasdev_load_calibrated_data() Daniel Baluta (1): ASoC: SOF: imx8m: Fix DSP control regmap retrieval Daniel Schaefer (1): media: uvcvideo: Override default flags David Ahern (1): RDMA: Fix netdev tracker in ib_device_set_netdev David Hildenbrand (4): s390/uv: Don't call folio_wait_writeback() without a folio reference fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP fs/proc/task_mmu: don't indicate PM_MMAP_EXCLUSIVE without PM_PRESENT fs/proc/task_mmu: properly detect PM_MMAP_EXCLUSIVE per page of PMD-mapped THPs Denis Arefev (1): net: missing check virtio Dhananjay Ugwekar (1): cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems Dikshita Agarwal (2): media: venus: flush all buffers in output plane streamoff media: venus: fix use after free in vdec_close Dmitry Baryshkov (15): arm64: dts: qcom: sc8180x: switch UFS QMP PHY to new style of bindings arm64: dts: qcom: sc8180x: add power-domain to UFS PHY arm64: dts: qcom: sdm845: add power-domain to UFS PHY arm64: dts: qcom: sm6115: add power-domain to UFS PHY arm64: dts: qcom: sm6350: add power-domain to UFS PHY arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings arm64: dts: qcom: sm8250: add power-domain to UFS PHY arm64: dts: qcom: sm8350: add power-domain to UFS PHY arm64: dts: qcom: sm8450: add power-domain to UFS PHY arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY arm64: dts: qcom: sdm850-lenovo-yoga-c630: fix IPA firmware path arm64: dts: qcom: msm8996: specify UFS core_clk frequencies arm64: dts: qcom: qrb4210-rb2: make L9A always-on soc: qcom: pdr: protect locator_addr with the main mutex soc: qcom: pdr: fix parsing of domains lists Dmitry Torokhov (2): ARM: spitz: fix GPIO assignment for backlight Input: elan_i2c - do not leave interrupt disabled on suspend failure Dmitry Yashin (1): pinctrl: rockchip: update rk3308 iomux routes Dominique Martinet (1): MIPS: Octeron: remove source file executable bit Donglin Peng (1): libbpf: Checking the btf_type kind when fixing variable offsets Douglas Anderson (6): drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() kdb: Use the passed prompt in kdb_position_cursor() Dragan Simic (1): drm/panfrost: Mark simple_ondemand governor as softdep Eero Tamminen (1): m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Elliot Ayrey (1): net: bridge: mst: Check vlan state for egress decision En-Wei Wu (1): wifi: virt_wifi: avoid reporting connection success with wrong SSID Eric Biggers (1): dm-verity: fix dm_is_verity_target() when dm-verity is builtin Eric Dumazet (3): tcp: add tcp_done_with_error() helper tcp: fix race in tcp_write_err() tcp: fix races in tcp_v[46]_err() Eric Sandeen (1): fuse: verify {g,u}id mount options correctly Esben Haabendal (2): powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC memory: fsl_ifc: Make FSL_IFC config visible and selectable Faiz Abbas (1): drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline Fedor Pchelkin (2): apparmor: use kvfree_sensitive to free data->data ubi: eba: properly rollback inside self_check_eba Filipe Manana (1): btrfs: fix extent map use-after-free when adding pages to compressed bio Florian Westphal (3): netfilter: nft_set_pipapo: constify lookup fn args where possible netfilter: nf_set_pipapo: fix initial map fill netfilter: nft_set_pipapo_avx2: disable softinterrupts Frank Li (1): PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Fred Li (1): bpf: Fix a segment issue when downgrading gso_size Frederic Weisbecker (5): rcu/tasks: Fix stale task snaphot for Tasks Trace task_work: s/task_work_cancel()/task_work_cancel_func()/ task_work: Introduce task_work_cancel() again perf: Fix event leak upon exit perf: Fix event leak upon exec and file release Friedrich Vock (1): drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Gaosheng Cui (2): nvmet-auth: fix nvmet_auth hash error handling gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey Geert Uytterhoeven (14): arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ pinctrl: renesas: r8a779g0: Fix CANFD5 suffix pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes pinctrl: renesas: r8a779g0: Fix IRQ suffixes pinctrl: renesas: r8a779g0: FIX PWM suffixes pinctrl: renesas: r8a779g0: Fix TCLK suffixes pinctrl: renesas: r8a779g0: Fix TPU suffixes Geliang Tang (5): selftests/bpf: Fix prog numbers in test_sockmap selftests/bpf: Check length of recv in test_sockmap selftests/bpf: Close fd in error path in drop_on_reuseport selftests/bpf: Null checks for links in bpf_tcp_ca selftests/bpf: Close obj in error path in xdp_adjust_tail Gerald Schaefer (1): s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() Gerd Bayer (2): s390/pci: Refactor arch_setup_msi_irqs() s390/pci: Allow allocation of more than 1 MSI interrupt Greg Kroah-Hartman (1): Linux 6.6.44 Gregory CLEMENT (1): MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Guangguan Wang (1): net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Guenter Roeck (2): hwmon: (max6697) Fix underflow when writing limit attributes hwmon: (max6697) Fix swapped temp{1,8} critical alarms Gwenael Treuveur (1): remoteproc: stm32_rproc: Fix mailbox interrupts queuing Hagar Hemdan (1): net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Hans de Goede (1): leds: trigger: Unregister sysfs attributes before calling deactivate() Harald Freudenberger (1): hwrng: core - Fix wrong quality calculation at hw rng registration Harshit Mogalapalli (1): media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() Heiko Stuebner (1): nvmem: rockchip-otp: set add_legacy_fixed_of_cells config option Herve Codina (2): ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value irqdomain: Fixed unbalanced fwnode get and put Hilda Wu (1): Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Honggang LI (1): RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Hou Tao (1): bpf, events: Use prog to emit ksymbol event for main program Hsiao Chien Sung (8): drm/mediatek: Add missing plane settings when async update drm/mediatek: Use 8-bit alpha in ETHDR drm/mediatek: Fix XRGB setting error in OVL drm/mediatek: Fix XRGB setting error in Mixer drm/mediatek: Fix destination alpha error in OVL drm/mediatek: Turn off the layers with zero width or height drm/mediatek: Add OVL compatible name for MT8195 drm/mediatek: Remove less-than-zero comparison of an unsigned value Hsin-Te Yuan (1): arm64: dts: mediatek: mt8183-kukui: Fix the value of `dlg,jack-det-rate` mismatch Huacai Chen (2): PCI: loongson: Enable MSI in LS7A Root Complex fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed Huai-Yuan Liu (1): scsi: lpfc: Fix a possible null pointer dereference Hui Zhu (1): fs/proc/task_mmu.c: add_to_pagemap: remove useless parameter addr Ido Schimmel (6): lib: objagg: Fix general protection fault mlxsw: spectrum_acl_erp: Fix object nesting warning mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors ipv4: Fix incorrect TOS in route get reply ipv4: Fix incorrect TOS in fibmatch route get reply ipv4: Fix incorrect source address in Record Route option Igor Pylypiv (3): ata: libata-scsi: Fix offsets for the fixed format sense data ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Ilpo Järvinen (9): x86/of: Return consistent error type from x86_of_pci_irq_enable() x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling x86/pci/xen: Fix PCIBIOS_* return code handling x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos selftests/resctrl: Convert perror() to ksft_perror() or ksft_print_msg() selftests/resctrl: Fix closing IMC fds on error and open-code R+W instead of loops PCI: Fix resource double counting on remove & rescan leds: ss4200: Convert PCIBIOS_* return codes to errnos hwrng: amd - Convert PCIBIOS_* return codes to errnos Ilya Dryomov (3): rbd: don't assume rbd_is_lock_owner() for exclusive mappings rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Imre Deak (2): drm/i915/dp: Reset intel_dp->link_trained before retraining the link drm/i915/dp: Don't switch the LTTPR mode on an active link Ira Weiny (1): PCI: Introduce cleanup helpers for device reference counts and locks Irui Wang (1): media: mediatek: vcodec: Handle invalid decoder vsi Ismael Luceno (1): ipvs: Avoid unnecessary calls to skb_is_gso_sctp Ivan Babrou (1): bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Jack Wang (1): bnxt_re: Fix imm_data endianness Jacopo Mondi (3): media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 media: rcar-csi2: Disable runtime_pm in probe error media: rcar-csi2: Cleanup subdevice in remove() Jai Luthra (3): arm64: dts: ti: k3-am62x: Drop McASP AFIFOs arm64: dts: ti: k3-am625-beagleplay: Drop McASP AFIFOs arm64: dts: ti: k3-am62-verdin: Drop McASP AFIFOs James Clark (2): perf test: Make test_arm_callgraph_fp.sh more robust coresight: Fix ref leak when of_coresight_parse_endpoint() fails Jan Kara (8): udf: Fix lock ordering in udf_evict_inode() udf: Fix bogus checksum computation in udf_rename() ext4: avoid writing unitialized memory to disk in EA inodes ext2: Verify bitmap and itable block numbers before using them udf: Avoid using corrupted block bitmap buffer jbd2: make jbd2_journal_get_max_txn_bufs() internal jbd2: precompute number of transaction descriptor blocks jbd2: avoid infinite transaction commit loop Jani Nikula (1): drm/mediatek/dp: switch to ->edid_read callback Jann Horn (1): landlock: Don't lose track of restrictions on cred_transfer Javier Carrasco (2): mfd: omap-usb-tll: Use struct_size to allocate tll leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Jay Buddhabhatti (2): soc: xilinx: rename cpu_number1 to dummy_cpu_number drivers: soc: xilinx: check return status of get_api_version() Jeff Johnson (1): wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights Jeongjun Park (1): jfs: Fix array-index-out-of-bounds in diFree Jerome Brunet (4): arm64: dts: amlogic: sm1: fix spdif compatibles arm64: dts: amlogic: gx: correct hdmi clocks arm64: dts: amlogic: add power domain to hdmitx arm64: dts: amlogic: setup hdmi system clock Jianbo Liu (2): xfrm: fix netdev reference count imbalance xfrm: call xfrm_dev_policy_delete when kill policy Jiaxun Yang (8): platform: mips: cpu_hwmon: Disable driver on unsupported hardware MIPS: dts: loongson: Add ISA node MIPS: ip30: ip30-console: Add missing include MIPS: dts: loongson: Fix GMAC phy node MIPS: Loongson64: env: Hook up Loongsson-2K MIPS: Loongson64: Remove memory node for builtin-dtb MIPS: Loongson64: reset: Prioritise firmware service MIPS: Loongson64: Test register availability before use Jiri Olsa (1): x86/shstk: Make return uprobe work with shadow stack Joe Hattori (1): char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Johannes Berg (6): wifi: virt_wifi: don't use strlen() in const context hostfs: fix dev_t handling wifi: mac80211: track capability/opmode NSS separately um: time-travel: fix time-travel-start option um: time-travel: fix signal blocking race/hang net: bonding: correctly annotate RCU in bond_should_notify_peers() John David Anglin (1): parisc: Fix warning at drivers/pci/msi/msi.h:121 John Stultz (1): locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Jon Pan-Doh (1): iommu/vt-d: Fix identity map bounds in si_domain_init() Jonas Karlman (5): arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s arm64: dts: rockchip: Increase VOP clk rate on RK3328 Jonathan Marek (1): drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Joshua Washington (1): gve: Fix XDP TX completion handling when counters overflow Joy Chakraborty (3): rtc: cmos: Fix return value of nvmem callbacks rtc: isl1208: Fix return value of nvmem callbacks rtc: abx80x: Fix return value of nvmem callback on read Jules Irenge (1): RDMA/core: Remove NULL check before dev_{put, hold} Junhao He (1): perf pmus: Fixes always false when compare duplicates aliases Junxian Huang (2): RDMA/hns: Check atomic wr length RDMA/hns: Fix unmatch exception handling when init eq table fails Justin Tee (1): scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state Kan Liang (3): perf stat: Fix the hard-coded metrics calculation on the hybrid perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake Kees Cook (1): kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() Kiran K (1): Bluetooth: btintel: Refactor btintel_set_ppag() Komal Bajaj (1): arm64: dts: qcom: qdu1000: Add secure qfprom node Konrad Dybcio (1): interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Konstantin Komarov (12): fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT fs/ntfs3: Fix transform resident to nonresident for compressed files fs/ntfs3: Deny getting attr data block in compressed frame fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting fs/ntfs3: Fix getting file type fs/ntfs3: Add missing .dirty_folio in address_space_operations fs/ntfs3: Replace inode_trylock with inode_lock fs/ntfs3: Correct undo if ntfs_create_inode failed fs/ntfs3: Fix field-spanning write in INDEX_HDR fs/ntfs3: Fix the format of the "nocase" mount option fs/ntfs3: Missed error return fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Krzysztof Kozlowski (2): arm64: dts: qcom: qdu1000-idp: drop unused LLCC multi-ch-bit-off dt-bindings: thermal: correct thermal zone node name limit Kuan-Chung Chen (1): wifi: rtw89: 8852b: fix definition of KIP register number Kuro Chung (1): drm/bridge: it6505: fix hibernate to resume no display issue Lance Richardson (1): dma: fix call order in dmam_free_coherent Laurent Pinchart (2): media: renesas: vsp1: Fix _irqsave and _irq mix media: renesas: vsp1: Store RPF partition configuration per RPF instance Leon Romanovsky (5): RDMA/cache: Release GID table even if leak is detected RDMA/mlx4: Fix truncated output warning in mad.c RDMA/mlx4: Fix truncated output warning in alias_GUID.c RDMA/device: Return error earlier if port in not valid nvme-pci: add missing condition check for existence of mapped data Li Nan (1): md: fix deadlock between mddev_suspend and flush bio Lijo Lazar (2): drm/amd/pm: Fix aldebaran pcie speed reporting drm/amdgpu: Fix memory range calculation Linus Torvalds (1): minmax: scsi: fix mis-use of 'clamp()' in sr.c Liwei Song (1): tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Lorenzo Bianconi (1): clk: en7523: fix rate divider for slic and spi clocks Luca Ceresoli (1): Revert "leds: led-core: Fix refcount leak in of_led_get()" Luca Weiss (1): arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Lucas Stach (4): arm64: dts: imx8mp: add HDMI power-domains drm/etnaviv: fix DMA direction handling for cached RW buffers drm/etnaviv: don't block scheduler when GPU is still active video: logo: Drop full path of the input filename in generated file Luis Henriques (SUSE) (2): ext4: fix infinite loop when replaying fast_commit ext4: don't track ranges in fast_commit if inode has inlined data Lukas Wunner (1): PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Ma Ke (4): drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes drm/amd/amdgpu: Fix uninitialized variable warnings phy: cadence-torrent: Check return value on register read Maciej Wieczor-Retman (1): selftests/resctrl: Move run_benchmark() to a more fitting file Manish Rangankar (1): scsi: qla2xxx: During vport delete send async logout explicitly Manivannan Sadhasivam (2): PCI: qcom-ep: Disable resources unconditionally during PERST# assert PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Marc Gonzalez (1): arm64: dts: qcom: msm8998: enable adreno_smmu by default Marco Cavenati (1): perf/x86/intel/pt: Fix topa_entry base length Marek Behún (3): firmware: turris-mox-rwtm: Do not complete if there are no waiters firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Vasut (2): ARM: dts: stm32: Add arm,no-tick-in-suspend to STM32MP15xx STGEN timer PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Markus Elfring (1): auxdisplay: ht16k33: Drop reference after LED registration Martin Kaistra (1): wifi: rtl8xxxu: 8188f: Limit TX power index Martin Willi (2): net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Masahiro Yamada (2): x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS kbuild: avoid build error when single DTB is turned into composite DTB Matthew Wilcox (Oracle) (2): s390/mm: Convert make_page_secure to use a folio s390/mm: Convert gmap_make_secure to use a folio Miaohe Lin (1): mm/hugetlb: fix possible recursive locking detected warning Michael Ellerman (2): powerpc/xmon: Fix disassembly CPU feature checks selftests/sigaltstack: Fix ppc64 GCC build Michael S. Tsirkin (1): vhost/vsock: always initialize seqpacket_allow Michael Walle (6): ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset ARM: dts: imx6qdl-kontron-samx6i: fix board reset ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity drm/mediatek/dp: Fix spurious kfree() Michal Luczaj (1): af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Mickaël Salaün (1): selftests/landlock: Add cred_transfer test Mikhail Kobuk (1): media: pci: ivtv: Add check for DMA map result Ming Qian (1): media: imx-jpeg: Drop initial source change event if capture has been setup Minwoo Im (1): scsi: ufs: mcq: Fix missing argument 'hba' in MCQ_OPR_OFFSET_n Mukul Joshi (1): drm/amdkfd: Fix CU Masking for GFX 9.4.3 Naga Sureshkumar Relli (1): spi: microchip-core: fix the issues in the isr Namhyung Kim (1): perf report: Fix condition in sort__sym_cmp() Nathan Chancellor (1): kbuild: Fix '-S -c' in x86 stack protector scripts Nathan Lynch (1): powerpc/prom: Add CPU info to hardware description string later Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Add handling for boot-signature timeout errors Neil Armstrong (1): usb: typec-mux: nb7vpq904m: unregister typec switch on probe error and remove NeilBrown (1): SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Nick Bowler (1): macintosh/therm_windtunnel: fix module unload. Nicolas Dichtel (2): ipv4: fix source address selection with route leak ipv6: take care of scope when choosing the src addr Niklas Cassel (1): PCI: dw-rockchip: Fix initial PERST# GPIO value Nilesh Javali (1): scsi: qla2xxx: validate nvme_local_port correctly Nithyanantham Paramasivam (1): wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure Nitin Gote (1): drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Nivas Varadharajan Mugunthakumar (1): crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Ofir Gal (1): md/md-bitmap: fix writing non bitmap pages Oleksandr Natalenko (1): media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 Olga Kornievskaia (1): NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server Or Har-Toov (1): RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled P Praneesh (3): wifi: ath12k: change DMA direction while mapping reinjected packets wifi: ath12k: fix invalid memory access while processing fragmented packets wifi: ath12k: fix firmware crash during reo reinject Pablo Neira Ayuso (3): netfilter: nf_tables: rise cap on SELinux secmark context netfilter: ctnetlink: use helper function to calculate expect ID net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Paolo Pisati (1): m68k: amiga: Turn off Warp1260 interrupts during boot Pavel Begunkov (4): kernel: rerun task_work while freezing in get_signal() io_uring/io-wq: limit retrying worker initialisation io_uring: tighten task exit cancellations io_uring: fix io_match_task must_hold Pavel Löbl (1): ARM: dts: sunxi: remove duplicated entries in makefile Peng Fan (1): pinctrl: freescale: mxs: Fix refcount of child Peter Ujfalusi (1): ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare Petr Machata (1): net: nexthop: Initialize all fields in dumped nexthops Pierre-Louis Bossart (1): ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Pin-yen Lin (1): arm64: dts: mediatek: mt8192-asurada: Add off-on-delay-us for pp3300_mipibrdg Pradeep Kumar Chitrapu (1): wifi: ath12k: Correct 6 GHz frequency value in rx status Prajna Rajendra Kumar (1): spi: spi-microchip-core: Fix the number of chip selects supported Primoz Fiser (2): cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() OPP: ti: Fix ti_opp_supply_probe wrong return values Puranjay Mohan (1): selftests/bpf: fexit_sleep: Fix stack allocation for arm64 Qiang Ma (1): efi/libstub: Zero initialize heap allocated struct screen_info Quinn Tran (4): scsi: qla2xxx: Unable to act on RSCN for port online scsi: qla2xxx: Use QP lock to search for bsg scsi: qla2xxx: Reduce fabric scan duplicate code scsi: qla2xxx: Fix flash read failure Rafael Beims (1): wifi: mwifiex: Fix interface type change Rafał Miłecki (1): arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Ram Tummala (1): mm: fix old/young bit handling in the faulting path Ricardo Ribalda (4): media: imon: Fix race getting ictx->lock media: uvcvideo: Disable autosuspend for Insta360 Link media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 media: uvcvideo: Fix integer overflow calculating timestamp Ross Lagerwall (1): decompress_bunzip2: fix rare decompression failure Ryusuke Konishi (2): nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro nilfs2: handle inconsistent state in nilfs_btnode_create_block() Sagar Cheluvegowda (1): arm64: dts: qcom: sa8775p: mark ethernet devices as DMA-coherent Samasth Norway Ananda (1): wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Saurav Kashyap (1): scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Sean Anderson (2): drm: zynqmp_kms: Fix AUX bus not getting unregistered phy: zynqmp: Enable reference clock correctly Sean Christopherson (2): KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() KVM: nVMX: Request immediate exit iff pending nested event needs injection Seth Forshee (DigitalOcean) (1): fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Sheng Yong (1): f2fs: fix start segno of large section Shenghao Ding (1): ASoc: tas2781: Enable RCA-based playback without DSP firmware download Shenwei Wang (1): irqchip/imx-irqsteer: Handle runtime power management correctly Shigeru Yoshida (1): tipc: Return non-zero value from tipc_udp_addr2str() on error Shivaprasad G Bhat (2): KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 KVM: PPC: Book3S HV: Fix the get_one_reg of SDAR Shreyas Deodhar (3): scsi: qla2xxx: Fix optrom version displayed in FDMI scsi: qla2xxx: Fix for possible memory corruption scsi: qla2xxx: Complete command early within lock Sibi Sankar (1): soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove Siddharth Vadapalli (2): PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() PCI: keystone: Don't enable BAR 0 for AM654x Simon Horman (1): net: stmmac: Correct byte order of perfect_match Simon Trimmer (1): ASoC: cs35l56: Accept values greater than 0 as IRQ numbers Steffen Klassert (2): xfrm: Fix unregister netdevice hang on hardware offload. xfrm: Export symbol xfrm_dev_state_delete. Stephen Boyd (2): soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers clk: qcom: Park shared RCGs upon registration Steve French (3): cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path cifs: fix reconnect with SMB1 UNIX Extensions cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve Wilkins (4): spi: microchip-core: defer asserting chip select until just before write to TX FIFO spi: microchip-core: only disable SPI controller when register value change requires it spi: microchip-core: fix init function not setting the master and motorola modes spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer Sung Joon Kim (1): drm/amd/display: Check for NULL pointer Sungjong Seo (1): exfat: fix potential deadlock on __exfat_get_dentry_set Sunmin Jeong (2): f2fs: use meta inode for GC of atomic file f2fs: use meta inode for GC of COW file Sven Peter (1): Bluetooth: hci_bcm4377: Use correct unit for timeouts Taehee Yoo (1): xdp: fix invalid wait context of page_pool_destroy() Takashi Iwai (4): ALSA: ump: Don't update FB name for static blocks ALSA: ump: Force 1 Group for MIDI1 FBs ALSA: usb-audio: Move HD Webcam quirk to the right place ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Taniya Das (7): clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's Tao Chen (1): bpftool: Mount bpffs when pinmaps path not under the bpffs Tejun Heo (1): sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Tengda Wu (1): bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Tetsuo Handa (1): mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Thomas Gleixner (3): perf/x86: Serialize set_attr_rdpmc() jump_label: Fix concurrency issues in static_key_slow_dec() watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Thomas Richter (1): s390/cpum_cf: Fix endless loop in CF_DIAG event stop Thomas Zimmermann (1): drm/udl: Remove DRM_CONNECTOR_POLL_HPD Thorsten Blum (1): m68k: cmpxchg: Fix return value for default case in __arch_xchg() Tiezhu Yang (1): LoongArch: Check TIF_LOAD_WATCH to enable user space watchpoint Tim Van Patten (1): drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Tvrtko Ursulin (1): mm/numa_balancing: teach mpol_to_str about the balancing mode Tzung-Bi Shih (1): platform/chrome: cros_ec_debugfs: fix wrong EC message version Uwe Kleine-König (4): pwm: stm32: Always do lazy disabling pwm: atmel-tcb: Fix race condition and convert to guards pinctrl: ti: ti-iodelay: Drop if block with always false condition lib/build_OID_registry: don't mention the full path of the script in output Venkata Prasad Potturu (1): ASoC: sof: amd: fix for firmware reload failure in Vangogh platform Vignesh Raghavendra (1): dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Wayne Lin (1): drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Wayne Tung (1): hwmon: (adt7475) Fix default duty on fan is disabled Wei Liu (1): PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Wentong Wu (2): media: ivsc: csi: add separate lock for v4l2 control handler media: ivsc: csi: don't count privacy on as error Wojciech Drewek (1): ice: Fix recipe read procedure Xiao Liang (1): apparmor: Fix null pointer deref when receiving skb during sock creation Yang Yang (2): sbitmap: fix io hung due to race on sbitmap_word::cleared block: fix deadlock between sd_remove & sd_release Yang Yingliang (4): pinctrl: core: fix possible memory leak when pinctrl_enable() fails pinctrl: single: fix possible memory leak when pinctrl_enable() fails pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails spi: microchip-core: switch to use modern name Yao Zi (1): drm/meson: fix canvas release in bind function Yu Kuai (1): md: Don't wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl Yu Liao (1): tick/broadcast: Make takeover of broadcast hrtimer reliable Yu Zhao (3): mm/mglru: fix div-by-zero in vmpressure_calc_level() mm/mglru: fix overshooting shrinker memory mm/mglru: fix ineffective protection calculation Zhang Rui (1): perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake ZhenGuo Yin (1): drm/amdgpu: reset vm state machine after gpu reset(vram lost) Zheng Yejian (1): media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Zijun Hu (3): kobject_uevent: Fix OOB access within zap_modalias_env() devres: Fix devm_krealloc() wasting memory devres: Fix memory leakage caused by driver API devm_free_percpu() ethanwu (1): ceph: fix incorrect kmalloc size of pagevec mempool levi.yun (1): trace/pid_list: Change gfp flags in pid_list_fill_irq() linke li (1): sbitmap: use READ_ONCE to access map->word tuhaowen (1): dev/parport: fix the array out-of-bounds risk wangdicheng (2): ALSA: usb-audio: Fix microphone sound on HD webcam. ALSA: usb-audio: Add a quirk for Sonix HD USB Camera xiazhengqiao (1): drm/bridge: Fixed a DP link training bug

10 months, 3 weeks

1
1
0 0

Linux 6.1.103

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.103 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/thermal/thermal-zones.yaml | 5 Makefile | 2 arch/arm/boot/dts/imx6q-kontron-samx6i.dtsi | 23 arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 14 arch/arm/mach-pxa/spitz.c | 30 arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 4 arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 4 arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 4 arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 2 arch/arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 22 arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 14 arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 14 arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 82 + arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 11 arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 11 arch/arm64/boot/dts/renesas/r9a07g044c1.dtsi | 7 arch/arm64/boot/dts/renesas/r9a07g044l1.dtsi | 7 arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 11 arch/arm64/boot/dts/renesas/r9a07g054l1.dtsi | 7 arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 arch/m68k/amiga/config.c | 9 arch/m68k/atari/ataints.c | 6 arch/m68k/include/asm/cmpxchg.h | 2 arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 arch/mips/include/asm/mach-loongson64/boot_param.h | 2 arch/mips/include/asm/mips-cm.h | 4 arch/mips/kernel/smp-cps.c | 5 arch/mips/loongson64/env.c | 8 arch/mips/loongson64/reset.c | 38 arch/mips/loongson64/smp.c | 23 arch/mips/sgi-ip30/ip30-console.c | 1 arch/parisc/Kconfig | 1 arch/powerpc/configs/85xx-hw.config | 2 arch/powerpc/include/asm/kexec.h | 4 arch/powerpc/include/asm/plpks.h | 163 ++ arch/powerpc/kernel/prom.c | 12 arch/powerpc/kexec/core_64.c | 112 + arch/powerpc/kexec/file_load_64.c | 87 - arch/powerpc/kvm/powerpc.c | 4 arch/powerpc/platforms/pseries/plpks.c | 171 ++ arch/powerpc/platforms/pseries/plpks.h | 96 - arch/powerpc/xmon/ppc-dis.c | 33 arch/s390/kernel/uv.c | 58 arch/s390/pci/pci_irq.c | 110 - arch/sparc/include/asm/oplib_64.h | 1 arch/sparc/prom/init_64.c | 3 arch/sparc/prom/p1275.c | 2 arch/um/drivers/ubd_kern.c | 50 arch/um/kernel/time.c | 4 arch/um/os-Linux/signal.c | 118 + arch/x86/events/core.c | 3 arch/x86/events/intel/cstate.c | 7 arch/x86/events/intel/pt.c | 4 arch/x86/events/intel/pt.h | 4 arch/x86/events/intel/uncore_snbep.c | 6 arch/x86/include/asm/kvm_host.h | 2 arch/x86/kernel/devicetree.c | 2 arch/x86/kvm/vmx/nested.c | 2 arch/x86/kvm/vmx/vmx.c | 11 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 4 arch/x86/pci/intel_mid_pci.c | 4 arch/x86/pci/xen.c | 4 arch/x86/platform/intel/iosf_mbi.c | 4 arch/x86/xen/p2m.c | 4 block/bio-integrity.c | 21 drivers/android/binder.c | 4 drivers/ata/libata-scsi.c | 7 drivers/auxdisplay/ht16k33.c | 1 drivers/base/devres.c | 11 drivers/block/rbd.c | 35 drivers/bluetooth/btusb.c | 4 drivers/char/hw_random/amd-rng.c | 4 drivers/char/tpm/eventlog/common.c | 2 drivers/clk/clk-en7523.c | 9 drivers/clk/davinci/da8xx-cfgchip.c | 4 drivers/clk/qcom/camcc-sc7280.c | 5 drivers/clk/qcom/clk-branch.h | 26 drivers/clk/qcom/clk-rcg2.c | 32 drivers/clk/qcom/gcc-sc7280.c | 3 drivers/clk/qcom/gpucc-sm8350.c | 5 drivers/cpufreq/ti-cpufreq.c | 2 drivers/crypto/qat/qat_common/adf_cfg.c | 6 drivers/dma/ti/k3-udma.c | 4 drivers/edac/Makefile | 10 drivers/edac/skx_common.c | 21 drivers/edac/skx_common.h | 4 drivers/firmware/efi/libstub/x86-stub.c | 25 drivers/firmware/turris-mox-rwtm.c | 23 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 drivers/gpu/drm/i915/display/intel_dp.c | 2 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 6 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 drivers/gpu/drm/mediatek/mtk_drm_plane.c | 2 drivers/gpu/drm/meson/meson_drv.c | 37 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 drivers/gpu/drm/msm/dsi/dsi_host.c | 3 drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 drivers/gpu/drm/panfrost/panfrost_drv.c | 1 drivers/gpu/drm/qxl/qxl_display.c | 3 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/hwmon/adt7475.c | 2 drivers/hwmon/max6697.c | 5 drivers/hwtracing/coresight/coresight-platform.c | 4 drivers/iio/frequency/adrf6780.c | 1 drivers/infiniband/core/cache.c | 14 drivers/infiniband/core/device.c | 6 drivers/infiniband/core/iwcm.c | 11 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 drivers/infiniband/hw/hns/hns_roce_device.h | 6 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 40 drivers/infiniband/hw/hns/hns_roce_mr.c | 5 drivers/infiniband/hw/hns/hns_roce_qp.c | 4 drivers/infiniband/hw/hns/hns_roce_srq.c | 2 drivers/infiniband/hw/mlx4/alias_GUID.c | 2 drivers/infiniband/hw/mlx4/mad.c | 2 drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 drivers/infiniband/hw/mlx5/odp.c | 6 drivers/infiniband/sw/rxe/rxe_req.c | 7 drivers/input/keyboard/qt1050.c | 7 drivers/input/mouse/elan_i2c_core.c | 2 drivers/interconnect/qcom/qcm2290.c | 2 drivers/iommu/intel/iommu.c | 22 drivers/iommu/sprd-iommu.c | 2 drivers/irqchip/irq-imx-irqsteer.c | 24 drivers/isdn/hardware/mISDN/hfcmulti.c | 7 drivers/leds/flash/leds-mt6360.c | 5 drivers/leds/led-class.c | 1 drivers/leds/led-triggers.c | 2 drivers/leds/leds-ss4200.c | 7 drivers/macintosh/therm_windtunnel.c | 2 drivers/md/dm-verity-target.c | 16 drivers/md/md.c | 26 drivers/media/i2c/imx412.c | 9 drivers/media/pci/ivtv/ivtv-udma.c | 8 drivers/media/pci/ivtv/ivtv-yuv.c | 6 drivers/media/pci/ivtv/ivtvfb.c | 6 drivers/media/pci/saa7134/saa7134-dvb.c | 8 drivers/media/platform/qcom/venus/vdec.c | 3 drivers/media/platform/renesas/rcar-vin/rcar-csi2.c | 5 drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 drivers/media/rc/imon.c | 5 drivers/media/rc/lirc_dev.c | 4 drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 drivers/media/usb/uvc/uvc_ctrl.c | 9 drivers/media/usb/uvc/uvc_video.c | 10 drivers/media/v4l2-core/v4l2-async.c | 3 drivers/memory/Kconfig | 2 drivers/mfd/Makefile | 6 drivers/mfd/omap-usb-tll.c | 3 drivers/mfd/rsmu_core.c | 2 drivers/mtd/nand/raw/Kconfig | 3 drivers/mtd/tests/Makefile | 34 drivers/mtd/tests/mtd_test.c | 9 drivers/mtd/ubi/eba.c | 3 drivers/net/bonding/bond_main.c | 7 drivers/net/dsa/b53/b53_common.c | 3 drivers/net/dsa/mv88e6xxx/chip.c | 3 drivers/net/ethernet/brocade/bna/bna_types.h | 2 drivers/net/ethernet/brocade/bna/bnad.c | 11 drivers/net/ethernet/freescale/fec_main.c | 52 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 drivers/net/ethernet/intel/ice/ice_fdir.h | 3 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/netconsole.c | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 3 drivers/net/wireless/ath/ath11k/dp_rx.h | 3 drivers/net/wireless/ath/ath11k/mac.c | 15 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 drivers/net/wireless/realtek/rtw89/debug.c | 2 drivers/net/wireless/virt_wifi.c | 20 drivers/nvme/host/pci.c | 5 drivers/nvme/target/auth.c | 14 drivers/opp/ti-opp-supply.c | 6 drivers/parport/procfs.c | 24 drivers/pci/controller/dwc/pci-keystone.c | 156 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 drivers/pci/controller/pci-hyperv.c | 4 drivers/pci/controller/pci-loongson.c | 13 drivers/pci/controller/pcie-rcar-host.c | 6 drivers/pci/controller/pcie-rockchip.c | 2 drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 drivers/pci/pci.c | 6 drivers/pci/setup-bus.c | 6 drivers/phy/cadence/phy-cadence-torrent.c | 3 drivers/pinctrl/core.c | 12 drivers/pinctrl/freescale/pinctrl-mxs.c | 4 drivers/pinctrl/pinctrl-rockchip.c | 17 drivers/pinctrl/pinctrl-single.c | 7 drivers/pinctrl/renesas/pfc-r8a779g0.c | 712 ++++------ drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 drivers/platform/chrome/cros_ec_debugfs.c | 1 drivers/platform/mips/cpu_hwmon.c | 3 drivers/pwm/pwm-atmel-tcb.c | 66 drivers/pwm/pwm-stm32.c | 5 drivers/remoteproc/imx_rproc.c | 10 drivers/remoteproc/stm32_rproc.c | 2 drivers/rtc/interface.c | 9 drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-isl1208.c | 11 drivers/s390/block/dasd_devmap.c | 10 drivers/scsi/qla2xxx/qla_bsg.c | 98 - drivers/scsi/qla2xxx/qla_def.h | 3 drivers/scsi/qla2xxx/qla_gs.c | 35 drivers/scsi/qla2xxx/qla_init.c | 87 - drivers/scsi/qla2xxx/qla_inline.h | 8 drivers/scsi/qla2xxx/qla_mid.c | 2 drivers/scsi/qla2xxx/qla_nvme.c | 5 drivers/scsi/qla2xxx/qla_os.c | 7 drivers/scsi/qla2xxx/qla_sup.c | 108 + drivers/soc/qcom/pdr_interface.c | 8 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/soc/qcom/rpmh.c | 1 drivers/soc/xilinx/xlnx_event_manager.c | 15 drivers/soc/xilinx/zynqmp_power.c | 4 drivers/spi/atmel-quadspi.c | 11 drivers/spi/spi-microchip-core.c | 188 +- drivers/spi/spidev.c | 11 drivers/vhost/vsock.c | 4 drivers/watchdog/rzg2l_wdt.c | 22 fs/ceph/super.c | 3 fs/ext2/balloc.c | 11 fs/ext4/extents_status.c | 2 fs/ext4/fast_commit.c | 6 fs/ext4/namei.c | 73 - fs/ext4/xattr.c | 6 fs/f2fs/checkpoint.c | 10 fs/f2fs/file.c | 2 fs/f2fs/inline.c | 6 fs/f2fs/inode.c | 3 fs/f2fs/segment.h | 3 fs/fuse/inode.c | 24 fs/hfs/inode.c | 3 fs/hfsplus/bfind.c | 15 fs/hfsplus/extents.c | 9 fs/hfsplus/hfsplus_fs.h | 21 fs/jbd2/commit.c | 2 fs/jbd2/journal.c | 5 fs/jfs/jfs_imap.c | 5 fs/kernfs/dir.c | 112 - fs/kernfs/file.c | 18 fs/kernfs/inode.c | 8 fs/kernfs/kernfs-internal.h | 2 fs/kernfs/mount.c | 10 fs/kernfs/symlink.c | 2 fs/nfs/nfs4client.c | 6 fs/nfs/nfs4proc.c | 2 fs/nilfs2/btnode.c | 25 fs/nilfs2/btree.c | 4 fs/nilfs2/segment.c | 2 fs/ntfs3/attrib.c | 17 fs/ntfs3/bitmap.c | 2 fs/ntfs3/dir.c | 3 fs/ntfs3/file.c | 5 fs/ntfs3/frecord.c | 2 fs/ntfs3/fslog.c | 5 fs/ntfs3/fsntfs.c | 2 fs/ntfs3/index.c | 4 fs/ntfs3/inode.c | 3 fs/ntfs3/ntfs.h | 13 fs/ntfs3/ntfs_fs.h | 2 fs/proc/task_mmu.c | 2 fs/smb/client/cifsfs.c | 8 fs/smb/client/connect.c | 24 fs/super.c | 11 fs/udf/balloc.c | 15 fs/udf/super.c | 3 include/asm-generic/vmlinux.lds.h | 2 include/drm/drm_mipi_dsi.h | 21 include/linux/bpf_verifier.h | 2 include/linux/hugetlb.h | 1 include/linux/jbd2.h | 5 include/linux/jump_label.h | 21 include/linux/mlx5/qp.h | 9 include/linux/objagg.h | 1 include/linux/pci.h | 2 include/linux/perf_event.h | 1 include/linux/sbitmap.h | 5 include/linux/task_work.h | 3 include/linux/virtio_net.h | 11 include/net/ip_fib.h | 1 include/net/tcp.h | 1 include/trace/events/rpcgss.h | 2 include/uapi/linux/netfilter/nf_tables.h | 2 include/uapi/linux/zorro_ids.h | 3 io_uring/io-wq.c | 10 io_uring/io_uring.c | 5 io_uring/timeout.c | 2 kernel/bpf/btf.c | 10 kernel/bpf/dispatcher.c | 5 kernel/cgroup/cgroup-v1.c | 2 kernel/cgroup/cgroup.c | 4 kernel/cgroup/cpuset.c | 15 kernel/debug/kdb/kdb_io.c | 6 kernel/dma/mapping.c | 2 kernel/events/core.c | 79 - kernel/events/internal.h | 2 kernel/events/ring_buffer.c | 4 kernel/irq/manage.c | 2 kernel/jump_label.c | 101 - kernel/locking/rwsem.c | 6 kernel/rcu/tasks.h | 10 kernel/sched/core.c | 37 kernel/sched/fair.c | 9 kernel/sched/sched.h | 2 kernel/signal.c | 8 kernel/task_work.c | 34 kernel/time/tick-broadcast.c | 23 kernel/trace/pid_list.c | 4 kernel/watchdog_hld.c | 11 lib/decompress_bunzip2.c | 3 lib/kobject_uevent.c | 17 lib/objagg.c | 18 lib/sbitmap.c | 83 - mm/hugetlb.c | 2 mm/mempolicy.c | 18 mm/mmap_lock.c | 175 -- mm/vmscan.c | 1 net/bridge/br_forward.c | 4 net/core/filter.c | 15 net/core/flow_dissector.c | 2 net/core/xdp.c | 4 net/ipv4/esp4.c | 3 net/ipv4/fib_semantics.c | 13 net/ipv4/fib_trie.c | 1 net/ipv4/nexthop.c | 7 net/ipv4/route.c | 18 net/ipv4/tcp.c | 13 net/ipv4/tcp_input.c | 34 net/ipv4/tcp_ipv4.c | 19 net/ipv4/tcp_output.c | 2 net/ipv4/tcp_timer.c | 10 net/ipv6/addrconf.c | 3 net/ipv6/esp6.c | 3 net/ipv6/tcp_ipv6.c | 19 net/mac80211/cfg.c | 23 net/mac80211/ieee80211_i.h | 2 net/mac80211/rate.c | 2 net/mac80211/sta_info.h | 6 net/mac80211/vht.c | 37 net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 net/netfilter/nf_conntrack_netlink.c | 3 net/netfilter/nft_set_pipapo.c | 22 net/netfilter/nft_set_pipapo.h | 27 net/netfilter/nft_set_pipapo_avx2.c | 81 - net/packet/af_packet.c | 86 + net/smc/smc_core.c | 5 net/sunrpc/auth_gss/gss_krb5_keys.c | 2 net/sunrpc/clnt.c | 3 net/sunrpc/xprtrdma/frwr_ops.c | 3 net/sunrpc/xprtrdma/verbs.c | 16 net/tipc/udp_media.c | 5 net/unix/af_unix.c | 41 net/unix/unix_bpf.c | 3 net/wireless/util.c | 8 scripts/Makefile.lib | 6 scripts/gcc-x86_32-has-stack-protector.sh | 2 scripts/gcc-x86_64-has-stack-protector.sh | 2 security/apparmor/lsm.c | 7 security/apparmor/policy.c | 2 security/apparmor/policy_unpack.c | 1 security/keys/keyctl.c | 2 security/landlock/cred.c | 11 sound/soc/amd/acp-es8336.c | 4 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/max98088.c | 10 sound/soc/intel/common/soc-intel-quirks.h | 2 sound/soc/qcom/lpass-cpu.c | 4 sound/soc/sof/imx/imx8m.c | 2 sound/usb/mixer.c | 7 sound/usb/quirks.c | 4 tools/bpf/bpftool/common.c | 2 tools/bpf/bpftool/prog.c | 4 tools/bpf/resolve_btfids/main.c | 2 tools/lib/bpf/btf_dump.c | 8 tools/lib/bpf/linker.c | 11 tools/memory-model/lock.cat | 20 tools/perf/arch/x86/util/intel-pt.c | 15 tools/perf/tests/shell/test_arm_callgraph_fp.sh | 64 tools/perf/tests/workloads/leafloop.c | 20 tools/perf/util/sort.c | 2 tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 tools/testing/selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 tools/testing/selftests/bpf/progs/btf_dump_test_case_multidim.c | 4 tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c | 4 tools/testing/selftests/bpf/test_sockmap.c | 9 tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 tools/testing/selftests/landlock/base_test.c | 74 + tools/testing/selftests/landlock/config | 5 tools/testing/selftests/net/fib_tests.sh | 24 tools/testing/selftests/net/forwarding/devlink_lib.sh | 2 tools/testing/selftests/sigaltstack/current_stack_pointer.h | 2 433 files changed, 4242 insertions(+), 2567 deletions(-) Abhinav Kumar (1): drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Adrian Hunter (7): perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation perf: Fix perf_aux_size() for greater-than 32-bit size perf: Prevent passing zero nr_pages to rb_alloc_aux() perf: Fix default aux_watermark calculation perf intel-pt: Fix aux_watermark calculation for 64-bit size perf intel-pt: Fix exclude_guest setting perf/x86/intel/pt: Fix a topa_entry base address calculation Ahmed Zaki (1): ice: Add a per-VF limit on number of FDIR filters Al Viro (2): powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() lirc: rc_dev_get_from_fd(): fix file leak Alan Maguire (2): bpf: annotate BTF show functions with __printf bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alan Stern (1): tools/memory-model: Fix bug in lock.cat Aleksandr Burakov (1): saa7134: Unchecked i2c_transfer function result fixed Aleksandr Mishin (6): wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() ASoC: amd: Adjust error handling in case of absent codec device remoteproc: imx_rproc: Skip over memory region when node value is NULL remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Alex Deucher (1): drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Alexey Kodanev (1): bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Amit Cohen (1): selftests: forwarding: devlink_lib: Wait for udev events after reloading Andreas Larsson (1): sparc64: Fix incorrect function signature and add prototype for prom_cif_init Andrei Lalaev (1): Input: qt1050 - handle CHIP_ID reading error Andrew Donnellan (1): powerpc/pseries: Fix alignment of PLPKS structures and buffers Andrii Nakryiko (1): libbpf: Fix no-args func prototype BTF dumping syntax Andy Yan (1): drm/rockchip: vop2: Fix the port mux of VP2 Antoniu Miclaus (1): iio: frequency: adrf6780: rm clk provider include Ard Biesheuvel (2): x86/efistub: Avoid returning EFI_SUCCESS on error x86/efistub: Revert to heap allocated boot_params for PE entrypoint Arnd Bergmann (4): EDAC, i10nm: make skx_common.o a separate module mfd: rsmu: Split core code into separate module mtd: make mtd_test.c a separate module kdb: address -Wformat-security warnings Artem Chernyshev (1): iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Bailey Forrest (1): gve: Fix an edge case for TSO skb validity check Baochen Qiang (3): wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baokun Li (2): ext4: check dot and dotdot of dx_root before making dir indexed ext4: make sure the first directory block is not a hole Bart Van Assche (2): RDMA/iwcm: Fix a use-after-free related to destroying CM IDs nvme-pci: Fix the instructions for disabling power management Bastien Curutchet (1): clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Benjamin Coddington (1): SUNRPC: Fixup gss_status tracepoint error output Breno Leitao (1): net: netconsole: Disable target before netpoll cleanup Bryan O'Donoghue (1): media: i2c: Fix imx412 exposure control Carlos Llamas (1): binder: fix hang of unregistered readers Carlos López (1): s390/dasd: fix error checks in dasd_copy_pair_store() Chao Yu (6): hfsplus: fix to avoid false alarm of circular locking hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() f2fs: fix to force buffered IO on inline_data inode f2fs: fix to don't dirty inode for readonly filesystem f2fs: fix return value of f2fs_convert_inline_inode() f2fs: fix to update user block counts in block_operations() Chen Ni (4): spi: atmel-quadspi: Add missing check for clk_prepare x86/xen: Convert comma to semicolon drm/qxl: Add check for drm_cvt_mode ASoC: max98088: Check for clk_prepare_enable() error Chen Ridong (1): cgroup/cpuset: Prevent UAF in proc_cpuset_show() Chen-Yu Tsai (2): arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Chengchang Tang (4): RDMA/hns: Fix missing pagesize and alignment check in FRMR RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 RDMA/hns: Fix undifined behavior caused by invalid max_sge RDMA/hns: Fix insufficient extend DB for VFs. Chengen Du (1): af_packet: Handle outgoing VLAN packets without hardware offloading ChiYuan Huang (1): media: v4l: async: Fix NULL pointer dereference in adding ancillary links Chiara Meiohas (1): RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE Christoph Hellwig (3): ubd: refactor the interrupt handler ubd: untagle discard vs write zeroes not support handling block: initialize integrity buffer to zero before writing it to media Christophe Leroy (1): vmlinux.lds.h: catch .bss..L* sections into BSS") Chuck Lever (1): xprtrdma: Fix rpcrdma_reqs_reset() Claudiu Beznea (2): watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Conor Dooley (1): spi: spidev: add correct compatible for Rohm BH2228FV Cristian Ciocaltea (3): arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu Csókás Bence (1): net: fec: Refactor: #define magic constants Csókás, Bence (2): net: fec: Fix FEC_ECR_EN1588 being cleared on link-down rtc: interface: Add RTC offset to alarm after fix-up Dan Carpenter (3): PCI: endpoint: Clean up error handling in vpci_scan_bus() PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() mISDN: Fix a use after free in hfcmulti_tx() Daniel Baluta (1): ASoC: SOF: imx8m: Fix DSP control regmap retrieval Daniel Schaefer (1): media: uvcvideo: Override default flags David Hildenbrand (2): s390/uv: Don't call folio_wait_writeback() without a folio reference fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Denis Arefev (1): net: missing check virtio Dikshita Agarwal (2): media: venus: flush all buffers in output plane streamoff media: venus: fix use after free in vdec_close Dmitry Baryshkov (9): arm64: dts: qcom: sdm845: add power-domain to UFS PHY arm64: dts: qcom: sm6350: add power-domain to UFS PHY arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings arm64: dts: qcom: sm8250: add power-domain to UFS PHY arm64: dts: qcom: sm8450: add power-domain to UFS PHY arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY arm64: dts: qcom: msm8996: specify UFS core_clk frequencies soc: qcom: pdr: protect locator_addr with the main mutex soc: qcom: pdr: fix parsing of domains lists Dmitry Safonov (1): jump_label: Prevent key->enabled int overflow Dmitry Torokhov (2): ARM: spitz: fix GPIO assignment for backlight Input: elan_i2c - do not leave interrupt disabled on suspend failure Dmitry Yashin (1): pinctrl: rockchip: update rk3308 iomux routes Dominique Martinet (1): MIPS: Octeron: remove source file executable bit Donglin Peng (1): libbpf: Checking the btf_type kind when fixing variable offsets Douglas Anderson (4): drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() kdb: Use the passed prompt in kdb_position_cursor() Dragan Simic (1): drm/panfrost: Mark simple_ondemand governor as softdep Eero Tamminen (1): m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Elliot Ayrey (1): net: bridge: mst: Check vlan state for egress decision En-Wei Wu (1): wifi: virt_wifi: avoid reporting connection success with wrong SSID Eric Biggers (1): dm-verity: fix dm_is_verity_target() when dm-verity is builtin Eric Dumazet (5): tcp: annotate lockless accesses to sk->sk_err_soft tcp: annotate lockless access to sk->sk_err tcp: add tcp_done_with_error() helper tcp: fix race in tcp_write_err() tcp: fix races in tcp_v[46]_err() Eric Sandeen (1): fuse: verify {g,u}id mount options correctly Esben Haabendal (2): powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC memory: fsl_ifc: Make FSL_IFC config visible and selectable Fedor Pchelkin (2): apparmor: use kvfree_sensitive to free data->data ubi: eba: properly rollback inside self_check_eba Florian Westphal (3): netfilter: nft_set_pipapo: constify lookup fn args where possible netfilter: nf_set_pipapo: fix initial map fill netfilter: nft_set_pipapo_avx2: disable softinterrupts Frank Li (1): PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Fred Li (1): bpf: Fix a segment issue when downgrading gso_size Frederic Weisbecker (5): rcu/tasks: Fix stale task snaphot for Tasks Trace task_work: s/task_work_cancel()/task_work_cancel_func()/ task_work: Introduce task_work_cancel() again perf: Fix event leak upon exit perf: Fix event leak upon exec and file release Friedrich Vock (1): drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Gaosheng Cui (2): nvmet-auth: fix nvmet_auth hash error handling gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey Geert Uytterhoeven (16): arm64: dts: renesas: r8a779g0: Add L3 cache controller arm64: dts: renesas: r8a779g0: Add secondary CA76 CPU cores arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ pinctrl: renesas: r8a779g0: Fix CANFD5 suffix pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes pinctrl: renesas: r8a779g0: Fix IRQ suffixes pinctrl: renesas: r8a779g0: FIX PWM suffixes pinctrl: renesas: r8a779g0: Fix TCLK suffixes pinctrl: renesas: r8a779g0: Fix TPU suffixes Geliang Tang (4): selftests/bpf: Fix prog numbers in test_sockmap selftests/bpf: Check length of recv in test_sockmap selftests/bpf: Close fd in error path in drop_on_reuseport selftests/bpf: Close obj in error path in xdp_adjust_tail Gerd Bayer (2): s390/pci: Refactor arch_setup_msi_irqs() s390/pci: Allow allocation of more than 1 MSI interrupt Greg Kroah-Hartman (1): Linux 6.1.103 Gregory CLEMENT (1): MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Guangguan Wang (1): net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Guenter Roeck (2): hwmon: (max6697) Fix underflow when writing limit attributes hwmon: (max6697) Fix swapped temp{1,8} critical alarms Gwenael Treuveur (1): remoteproc: stm32_rproc: Fix mailbox interrupts queuing Hagar Hemdan (1): net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Hans de Goede (1): leds: trigger: Unregister sysfs attributes before calling deactivate() Hilda Wu (1): Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Honggang LI (1): RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Hou Tao (1): bpf, events: Use prog to emit ksymbol event for main program Hsiao Chien Sung (2): drm/mediatek: Add missing plane settings when async update drm/mediatek: Add OVL compatible name for MT8195 Huacai Chen (2): PCI: loongson: Enable MSI in LS7A Root Complex fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed Ido Schimmel (6): lib: objagg: Fix general protection fault mlxsw: spectrum_acl_erp: Fix object nesting warning mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors ipv4: Fix incorrect TOS in route get reply ipv4: Fix incorrect TOS in fibmatch route get reply ipv4: Fix incorrect source address in Record Route option Igor Pylypiv (1): ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Ilpo Järvinen (7): x86/of: Return consistent error type from x86_of_pci_irq_enable() x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling x86/pci/xen: Fix PCIBIOS_* return code handling x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos PCI: Fix resource double counting on remove & rescan leds: ss4200: Convert PCIBIOS_* return codes to errnos hwrng: amd - Convert PCIBIOS_* return codes to errnos Ilya Dryomov (3): rbd: don't assume rbd_is_lock_owner() for exclusive mappings rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Imre Deak (1): drm/i915/dp: Reset intel_dp->link_trained before retraining the link Ira Weiny (1): PCI: Introduce cleanup helpers for device reference counts and locks Ismael Luceno (1): ipvs: Avoid unnecessary calls to skb_is_gso_sctp Ivan Babrou (1): bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Jack Wang (1): bnxt_re: Fix imm_data endianness Jacopo Mondi (3): media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 media: rcar-csi2: Disable runtime_pm in probe error media: rcar-csi2: Cleanup subdevice in remove() James Clark (3): perf tests: Fix test_arm_callgraph_fp variable expansion perf test: Make test_arm_callgraph_fp.sh more robust coresight: Fix ref leak when of_coresight_parse_endpoint() fails Jan Kara (4): ext4: avoid writing unitialized memory to disk in EA inodes ext2: Verify bitmap and itable block numbers before using them udf: Avoid using corrupted block bitmap buffer jbd2: make jbd2_journal_get_max_txn_bufs() internal Jann Horn (1): landlock: Don't lose track of restrictions on cred_transfer Javier Carrasco (2): mfd: omap-usb-tll: Use struct_size to allocate tll leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Javier Martinez Canillas (1): drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format Jay Buddhabhatti (2): soc: xilinx: rename cpu_number1 to dummy_cpu_number drivers: soc: xilinx: check return status of get_api_version() Jeongjun Park (1): jfs: Fix array-index-out-of-bounds in diFree Jerome Brunet (2): arm64: dts: amlogic: sm1: fix spdif compatibles arm64: dts: amlogic: gx: correct hdmi clocks Jiaxun Yang (8): platform: mips: cpu_hwmon: Disable driver on unsupported hardware MIPS: dts: loongson: Add ISA node MIPS: ip30: ip30-console: Add missing include MIPS: dts: loongson: Fix GMAC phy node MIPS: Loongson64: env: Hook up Loongsson-2K MIPS: Loongson64: Remove memory node for builtin-dtb MIPS: Loongson64: reset: Prioritise firmware service MIPS: Loongson64: Test register availability before use Jinyoung Choi (1): block: cleanup bio_integrity_prep Jiri Olsa (1): bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func Joe Hattori (1): char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Johannes Berg (6): wifi: virt_wifi: don't use strlen() in const context wifi: mac80211: track capability/opmode NSS separately wifi: mac80211: check basic rates validity um: time-travel: fix time-travel-start option um: time-travel: fix signal blocking race/hang net: bonding: correctly annotate RCU in bond_should_notify_peers() John David Anglin (1): parisc: Fix warning at drivers/pci/msi/msi.h:121 John Stultz (1): locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Jon Pan-Doh (1): iommu/vt-d: Fix identity map bounds in si_domain_init() Jonas Karlman (5): arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s arm64: dts: rockchip: Increase VOP clk rate on RK3328 Jonathan Marek (1): drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Joy Chakraborty (2): rtc: cmos: Fix return value of nvmem callbacks rtc: isl1208: Fix return value of nvmem callbacks Junxian Huang (2): RDMA/hns: Check atomic wr length RDMA/hns: Fix unmatch exception handling when init eq table fails Kan Liang (1): perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR Kees Cook (1): kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() Kemeng Shi (2): sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code Konrad Dybcio (2): clk: qcom: branch: Add helper functions for setting retain bits interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Konstantin Komarov (10): fs/ntfs3: Use ALIGN kernel macro fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT fs/ntfs3: Fix transform resident to nonresident for compressed files fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting fs/ntfs3: Fix getting file type fs/ntfs3: Add missing .dirty_folio in address_space_operations fs/ntfs3: Replace inode_trylock with inode_lock fs/ntfs3: Fix field-spanning write in INDEX_HDR fs/ntfs3: Missed error return fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Krzysztof Kozlowski (2): dt-bindings: thermal: correct thermal zone node name limit spi: spidev: order compatibles alphabetically Lad Prabhakar (1): arm64: dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3 systems Lance Richardson (1): dma: fix call order in dmam_free_coherent Laurent Pinchart (2): media: renesas: vsp1: Fix _irqsave and _irq mix media: renesas: vsp1: Store RPF partition configuration per RPF instance Leon Romanovsky (5): RDMA/cache: Release GID table even if leak is detected RDMA/mlx4: Fix truncated output warning in mad.c RDMA/mlx4: Fix truncated output warning in alias_GUID.c RDMA/device: Return error earlier if port in not valid nvme-pci: add missing condition check for existence of mapped data Li Nan (1): md: fix deadlock between mddev_suspend and flush bio Lijo Lazar (1): drm/amd/pm: Fix aldebaran pcie speed reporting Liwei Song (1): tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Lorenzo Bianconi (1): clk: en7523: fix rate divider for slic and spi clocks Luca Ceresoli (1): Revert "leds: led-core: Fix refcount leak in of_led_get()" Luca Weiss (1): arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Lucas Stach (2): drm/etnaviv: fix DMA direction handling for cached RW buffers drm/etnaviv: don't block scheduler when GPU is still active Luis Henriques (SUSE) (2): ext4: fix infinite loop when replaying fast_commit ext4: don't track ranges in fast_commit if inode has inlined data Lukas Wunner (1): PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Ma Ke (3): drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes phy: cadence-torrent: Check return value on register read Manish Rangankar (1): scsi: qla2xxx: During vport delete send async logout explicitly Manivannan Sadhasivam (2): PCI: qcom-ep: Disable resources unconditionally during PERST# assert PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Marc Gonzalez (1): arm64: dts: qcom: msm8998: enable adreno_smmu by default Marco Cavenati (1): perf/x86/intel/pt: Fix topa_entry base length Marek Behún (3): firmware: turris-mox-rwtm: Do not complete if there are no waiters firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Vasut (1): PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Markus Elfring (1): auxdisplay: ht16k33: Drop reference after LED registration Martin Willi (2): net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Masahiro Yamada (1): kbuild: avoid build error when single DTB is turned into composite DTB Matthew Wilcox (Oracle) (2): s390/mm: Convert make_page_secure to use a folio s390/mm: Convert gmap_make_secure to use a folio Miaohe Lin (1): mm/hugetlb: fix possible recursive locking detected warning Michael Ellerman (2): powerpc/xmon: Fix disassembly CPU feature checks selftests/sigaltstack: Fix ppc64 GCC build Michael S. Tsirkin (1): vhost/vsock: always initialize seqpacket_allow Michael Walle (5): ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset ARM: dts: imx6qdl-kontron-samx6i: fix board reset ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michal Luczaj (1): af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Mickaël Salaün (1): selftests/landlock: Add cred_transfer test Mikhail Kobuk (1): media: pci: ivtv: Add check for DMA map result Naga Sureshkumar Relli (1): spi: microchip-core: fix the issues in the isr Namhyung Kim (2): perf test: Replace arm callgraph fp test workload with leafloop perf report: Fix condition in sort__sym_cmp() Nathan Chancellor (1): kbuild: Fix '-S -c' in x86 stack protector scripts Nathan Lynch (1): powerpc/prom: Add CPU info to hardware description string later Nayna Jain (1): powerpc/pseries: Expose PLPKS config values, support additional fields NeilBrown (1): SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Nick Bowler (1): macintosh/therm_windtunnel: fix module unload. Nicolas Dichtel (2): ipv4: fix source address selection with route leak ipv6: take care of scope when choosing the src addr Niklas Cassel (1): PCI: dw-rockchip: Fix initial PERST# GPIO value Nilesh Javali (1): scsi: qla2xxx: validate nvme_local_port correctly Nitesh Shetty (1): block: refactor to use helper Nitin Gote (1): drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Nivas Varadharajan Mugunthakumar (1): crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Olga Kornievskaia (1): NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server Or Har-Toov (1): RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled Pablo Neira Ayuso (3): netfilter: nf_tables: rise cap on SELinux secmark context netfilter: ctnetlink: use helper function to calculate expect ID net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Paolo Pisati (1): m68k: amiga: Turn off Warp1260 interrupts during boot Pavel Begunkov (4): kernel: rerun task_work while freezing in get_signal() io_uring: tighten task exit cancellations io_uring/io-wq: limit retrying worker initialisation io_uring: fix io_match_task must_hold Peng Fan (1): pinctrl: freescale: mxs: Fix refcount of child Petr Machata (1): net: nexthop: Initialize all fields in dumped nexthops Pierre Gondois (1): sched/fair: Use all little CPUs for CPU-bound workloads Pierre-Louis Bossart (1): ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Prajna Rajendra Kumar (1): spi: spi-microchip-core: Fix the number of chip selects supported Primoz Fiser (2): cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() OPP: ti: Fix ti_opp_supply_probe wrong return values Quinn Tran (3): scsi: qla2xxx: Unable to act on RSCN for port online scsi: qla2xxx: Use QP lock to search for bsg scsi: qla2xxx: Fix flash read failure Rafael Beims (1): wifi: mwifiex: Fix interface type change Rafał Miłecki (1): arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Rameshkumar Sundaram (1): wifi: mac80211: Allow NSS change only up to capability Randy Dunlap (1): kernfs: fix all kernel-doc warnings and multiple typos Ricardo Ribalda (2): media: imon: Fix race getting ictx->lock media: uvcvideo: Fix integer overflow calculating timestamp Ross Lagerwall (1): decompress_bunzip2: fix rare decompression failure Russell Currey (3): powerpc/pseries: Move plpks.h to include directory powerpc/pseries: Add helper to get PLPKS password length powerpc/pseries: Avoid hcall in plpks_is_available() on non-pseries Ryusuke Konishi (2): nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro nilfs2: handle inconsistent state in nilfs_btnode_create_block() Samasth Norway Ananda (1): wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Saurav Kashyap (1): scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Sean Christopherson (2): KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() KVM: nVMX: Request immediate exit iff pending nested event needs injection Seth Forshee (DigitalOcean) (1): fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Sheng Yong (1): f2fs: fix start segno of large section Shenwei Wang (1): irqchip/imx-irqsteer: Handle runtime power management correctly Shigeru Yoshida (1): tipc: Return non-zero value from tipc_udp_addr2str() on error Shreyas Deodhar (3): scsi: qla2xxx: Fix optrom version displayed in FDMI scsi: qla2xxx: Fix for possible memory corruption scsi: qla2xxx: Complete command early within lock Siddharth Vadapalli (2): PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() PCI: keystone: Don't enable BAR 0 for AM654x Simon Horman (1): net: stmmac: Correct byte order of perfect_match Sourabh Jain (2): powerpc/kexec: make the update_cpus_node() function public powerpc/kexec_file: fix cpus node update to FDT Spoorthy S (1): perf tests arm_callgraph_fp: Address shellcheck warnings about signal names and adding double quotes for expression Stephen Boyd (2): soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers clk: qcom: Park shared RCGs upon registration Steve French (3): cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path cifs: fix reconnect with SMB1 UNIX Extensions cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve Wilkins (2): spi: microchip-core: only disable SPI controller when register value change requires it spi: microchip-core: fix init function not setting the master and motorola modes Sung Joon Kim (1): drm/amd/display: Check for NULL pointer Taehee Yoo (1): xdp: fix invalid wait context of page_pool_destroy() Takashi Iwai (2): ALSA: usb-audio: Move HD Webcam quirk to the right place ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Taniya Das (3): clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable Tao Chen (1): bpftool: Mount bpffs when pinmaps path not under the bpffs Tejun Heo (1): sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Tengda Wu (1): bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Tetsuo Handa (1): mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Thomas Gleixner (3): perf/x86: Serialize set_attr_rdpmc() jump_label: Fix concurrency issues in static_key_slow_dec() watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Thorsten Blum (1): m68k: cmpxchg: Fix return value for default case in __arch_xchg() Tim Van Patten (1): drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Tvrtko Ursulin (1): mm/numa_balancing: teach mpol_to_str about the balancing mode Tzung-Bi Shih (1): platform/chrome: cros_ec_debugfs: fix wrong EC message version Uros Bizjak (1): jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked() Uwe Kleine-König (6): pwm: stm32: Always do lazy disabling pwm: atmel-tcb: Put per-channel data into driver data pwm: atmel-tcb: Unroll atmel_tcb_pwm_set_polarity() into only caller pwm: atmel-tcb: Don't track polarity in driver data pwm: atmel-tcb: Fix race condition and convert to guards pinctrl: ti: ti-iodelay: Drop if block with always false condition Vignesh Raghavendra (1): dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels Vincent Tremblay (1): spidev: Add Silicon Labs EM3581 device compatible WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Wayne Lin (1): drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Wayne Tung (1): hwmon: (adt7475) Fix default duty on fan is disabled Wei Liu (1): PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Xiao Liang (1): apparmor: Fix null pointer deref when receiving skb during sock creation Yanfei Xu (1): iommu/vt-d: Fix to convert mm pfn to dma pfn Yang Yang (1): sbitmap: fix io hung due to race on sbitmap_word::cleared Yang Yingliang (4): pinctrl: core: fix possible memory leak when pinctrl_enable() fails pinctrl: single: fix possible memory leak when pinctrl_enable() fails pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails spi: microchip-core: switch to use modern name Yao Zi (1): drm/meson: fix canvas release in bind function Yu Liao (1): tick/broadcast: Make takeover of broadcast hrtimer reliable Yu Zhao (1): mm/mglru: fix div-by-zero in vmpressure_calc_level() Zhang Rui (1): perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake Zheng Yejian (1): media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Zijun Hu (3): kobject_uevent: Fix OOB access within zap_modalias_env() devres: Fix devm_krealloc() wasting memory devres: Fix memory leakage caused by driver API devm_free_percpu() ethanwu (1): ceph: fix incorrect kmalloc size of pagevec mempool levi.yun (1): trace/pid_list: Change gfp flags in pid_list_fill_irq() linke li (1): sbitmap: use READ_ONCE to access map->word tuhaowen (1): dev/parport: fix the array out-of-bounds risk wangdicheng (2): ALSA: usb-audio: Fix microphone sound on HD webcam. ALSA: usb-audio: Add a quirk for Sonix HD USB Camera

10 months, 3 weeks

1
1
0 0

[PATCH UEK-4.1-QU7 1/3] hwrng: core - Fix page fault dead lock on mmap-ed hwrng

by lugomgom

From: Herbert Xu <herbert(a)gondor.apana.org.au> commit 78aafb3884f6bc6636efcc1760c891c8500b9922 upstream. There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user. Reported-by: Edward Adam Davis <eadavis(a)qq.com> Reported-by: syzbot+c52ab18308964d248092(a)syzkaller.appspotmail.com Fixes: 9996508b3353 ("hwrng: core - Replace u32 in driver API with byte array") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> (cherry picked from commit eafd83b92f6c044007a3591cbd476bcf90455990) Signed-off-by: Vegard Nossum <vegard.nossum(a)oracle.com> (cherry picked from commit 581445afd04cac92963d8b56b3eea08b320d6330) Orabug: 36806668 CVE: CVE-2023-52615 Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Reviewed-by: Saeed Mirzamohammadi <saeed.mirzamohammadi(a)oracle.com> Conflicts: drivers/char/hw_random/core.c -- Minor contextual conflicts due to missing commit: affdec58dafc ("hwrng: core - Replace asm/uaccess.h by linux/uaccess.h") in UEK4, and it is not a candidate for backporting, so resolved conflicts instead Signed-off-by: Alok Tiwari <alok.a.tiwari(a)oracle.com> --- drivers/char/hw_random/core.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 5643b65cee20..208d0fc2c923 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -43,6 +43,7 @@ #include <linux/slab.h> #include <linux/random.h> #include <linux/err.h> +#include <linux/string.h> #include <asm/uaccess.h> @@ -51,6 +52,8 @@ #define RNG_MISCDEV_MINOR 183 /* official */ +#define RNG_BUFFER_SIZE (SMP_CACHE_BYTES < 32 ? 32 : SMP_CACHE_BYTES) + static struct hwrng *current_rng; static struct task_struct *hwrng_fill; static LIST_HEAD(rng_list); @@ -79,7 +82,7 @@ static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size, static size_t rng_buffer_size(void) { - return SMP_CACHE_BYTES < 32 ? 32 : SMP_CACHE_BYTES; + return RNG_BUFFER_SIZE; } static void add_early_randomness(struct hwrng *rng) @@ -222,6 +225,7 @@ static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size, static ssize_t rng_dev_read(struct file *filp, char __user *buf, size_t size, loff_t *offp) { + u8 buffer[RNG_BUFFER_SIZE]; ssize_t ret = 0; int err = 0; int bytes_read, len; @@ -246,34 +250,37 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf, if (bytes_read < 0) { err = bytes_read; goto out_unlock_reading; + } else if (bytes_read == 0 && + (filp->f_flags & O_NONBLOCK)) { + err = -EAGAIN; + goto out_unlock_reading; } + data_avail = bytes_read; } - if (!data_avail) { - if (filp->f_flags & O_NONBLOCK) { - err = -EAGAIN; - goto out_unlock_reading; - } - } else { - len = data_avail; + len = data_avail; + if (len) { if (len > size) len = size; data_avail -= len; - if (copy_to_user(buf + ret, rng_buffer + data_avail, - len)) { + memcpy(buffer, rng_buffer + data_avail, len); + } + mutex_unlock(&reading_mutex); + put_rng(rng); + + if (len) { + if (copy_to_user(buf + ret, buffer, len)) { err = -EFAULT; - goto out_unlock_reading; + goto out; } size -= len; ret += len; } - mutex_unlock(&reading_mutex); - put_rng(rng); if (need_resched()) schedule_timeout_interruptible(1); @@ -284,6 +291,7 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf, } } out: + memzero_explicit(buffer, sizeof(buffer)); return ret ? : err; out_unlock_reading: -- 2.43.5

10 months, 3 weeks

2
1
0 0

+ crash-fix-riscv64-crash-memory-reserve-dead-loop.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: crash: Fix riscv64 crash memory reserve dead loop has been added to the -mm mm-hotfixes-unstable branch. Its filename is crash-fix-riscv64-crash-memory-reserve-dead-loop.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinjie Ruan <ruanjinjie(a)huawei.com> Subject: crash: Fix riscv64 crash memory reserve dead loop Date: Fri, 2 Aug 2024 17:01:05 +0800 On RISCV64 Qemu machine with 512MB memory, cmdline "crashkernel=500M,high" will cause system stall as below: Zone ranges: DMA32 [mem 0x0000000080000000-0x000000009fffffff] Normal empty Movable zone start for each node Early memory node ranges node 0: [mem 0x0000000080000000-0x000000008005ffff] node 0: [mem 0x0000000080060000-0x000000009fffffff] Initmem setup node 0 [mem 0x0000000080000000-0x000000009fffffff] (stall here) commit 5d99cadf1568 ("crash: fix x86_32 crash memory reserve dead loop bug") fix this on 32-bit architecture. However, the problem is not completely solved. If `CRASH_ADDR_LOW_MAX = CRASH_ADDR_HIGH_MAX` on 64-bit architecture, for example, when system memory is equal to CRASH_ADDR_LOW_MAX on RISCV64, the following infinite loop will also occur: -> reserve_crashkernel_generic() and high is true -> alloc at [CRASH_ADDR_LOW_MAX, CRASH_ADDR_HIGH_MAX] fail -> alloc at [0, CRASH_ADDR_LOW_MAX] fail and repeatedly (because CRASH_ADDR_LOW_MAX = CRASH_ADDR_HIGH_MAX). Before refactor in commit 9c08a2a139fe ("x86: kdump: use generic interface to simplify crashkernel reservation code"), x86 do not try to reserve crash memory at low if it fails to alloc above high 4G. However before refator in commit fdc268232dbba ("arm64: kdump: use generic interface to simplify crashkernel reservation"), arm64 try to reserve crash memory at low if it fails above high 4G. For 64-bit systems, this attempt is less beneficial than the opposite, remove it to fix this bug and align with native x86 implementation. After this patch, it print: cannot allocate crashkernel (size:0x1f400000) Link: https://lkml.kernel.org/r/20240802090105.3871929-1-ruanjinjie@huawei.com Fixes: 39365395046f ("riscv: kdump: use generic interface to simplify crashkernel reservation") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Chen Jiahao <chenjiahao16(a)huawei.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/crash_reserve.c | 9 --------- 1 file changed, 9 deletions(-) --- a/kernel/crash_reserve.c~crash-fix-riscv64-crash-memory-reserve-dead-loop +++ a/kernel/crash_reserve.c @@ -416,15 +416,6 @@ retry: goto retry; } - /* - * For crashkernel=size[KMG],high, if the first attempt was - * for high memory, fall back to low memory. - */ - if (high && search_end == CRASH_ADDR_HIGH_MAX) { - search_end = CRASH_ADDR_LOW_MAX; - search_base = 0; - goto retry; - } pr_warn("cannot allocate crashkernel (size:0x%llx)\n", crash_size); return; _ Patches currently in -mm which might be from ruanjinjie(a)huawei.com are crash-fix-riscv64-crash-memory-reserve-dead-loop.patch crash-fix-x86_32-crash-memory-reserve-dead-loop-bug.patch crash-fix-x86_32-crash-memory-reserve-dead-loop.patch arm-use-generic-interface-to-simplify-crashkernel-reservation.patch crash-fix-crash-memory-reserve-exceed-system-memory-bug.patch

10 months, 3 weeks

1
0
0 0

[tip: timers/urgent] clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()

by tip-bot2 for Paul E. McKenney

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: f2655ac2c06a15558e51ed6529de280e1553c86e Gitweb: https://git.kernel.org/tip/f2655ac2c06a15558e51ed6529de280e1553c86e Author: Paul E. McKenney <paulmck(a)kernel.org> AuthorDate: Fri, 02 Aug 2024 08:46:15 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 02 Aug 2024 18:29:28 +02:00 clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() The current "nretries > 1 || nretries >= max_retries" check in cs_watchdog_read() will always evaluate to true, and thus pr_warn(), if nretries is greater than 1. The intent is instead to never warn on the first try, but otherwise warn if the successful retry was the last retry. Therefore, change that "||" to "&&". Fixes: db3a34e17433 ("clocksource: Retry clock read if long delays detected") Reported-by: Borislav Petkov <bp(a)alien8.de> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240802154618.4149953-2-paulmck@kernel.org --- kernel/time/clocksource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c index d25ba49..d0538a7 100644 --- a/kernel/time/clocksource.c +++ b/kernel/time/clocksource.c @@ -246,7 +246,7 @@ static enum wd_read_status cs_watchdog_read(struct clocksource *cs, u64 *csnow, wd_delay = cycles_to_nsec_safe(watchdog, *wdnow, wd_end); if (wd_delay <= WATCHDOG_MAX_SKEW) { - if (nretries > 1 || nretries >= max_retries) { + if (nretries > 1 && nretries >= max_retries) { pr_warn("timekeeping watchdog on CPU%d: %s retried %d times before success\n", smp_processor_id(), watchdog->name, nretries); }

10 months, 3 weeks

1
0
0 0

[tip: timers/urgent] clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()

by tip-bot2 for Paul E. McKenney

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 305c821c3006c1f201eb85bcfb44a35930f54a71 Gitweb: https://git.kernel.org/tip/305c821c3006c1f201eb85bcfb44a35930f54a71 Author: Paul E. McKenney <paulmck(a)kernel.org> AuthorDate: Thu, 01 Aug 2024 17:16:36 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 02 Aug 2024 16:34:26 +02:00 clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() The current "nretries > 1 || nretries >= max_retries" check in cs_watchdog_read() will always evaluate to true, and thus pr_warn(), if nretries is greater than 1. The intent is instead to never warn on the first try, but otherwise warn if the successful retry was the last retry. Therefore, change that "||" to "&&". Fixes: db3a34e17433 ("clocksource: Retry clock read if long delays detected") Reported-by: Borislav Petkov <bp(a)alien8.de> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org --- kernel/time/clocksource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c index d25ba49..d0538a7 100644 --- a/kernel/time/clocksource.c +++ b/kernel/time/clocksource.c @@ -246,7 +246,7 @@ static enum wd_read_status cs_watchdog_read(struct clocksource *cs, u64 *csnow, wd_delay = cycles_to_nsec_safe(watchdog, *wdnow, wd_end); if (wd_delay <= WATCHDOG_MAX_SKEW) { - if (nretries > 1 || nretries >= max_retries) { + if (nretries > 1 && nretries >= max_retries) { pr_warn("timekeeping watchdog on CPU%d: %s retried %d times before success\n", smp_processor_id(), watchdog->name, nretries); }

10 months, 3 weeks

1
0
0 0

[PATCH 1/5] HID: wacom: Defer calculation of resolution until resolution_code is known

by Gerecke, Jason

From: Jason Gerecke <jason.gerecke(a)wacom.com> The Wacom driver maps the HID_DG_TWIST usage to ABS_Z (rather than ABS_RZ) for historic reasons. When the code to support twist was introduced in commit 50066a042da5 ("HID: wacom: generic: Add support for height, tilt, and twist usages"), we were careful to write it in such a way that it had HID calculate the resolution of the twist axis assuming ABS_RZ instead (so that we would get correct angular behavior). This was broken with the introduction of commit 08a46b4190d3 ("HID: wacom: Set a default resolution for older tablets"), which moved the resolution calculation to occur *before* the adjustment from ABS_Z to ABS_RZ occurred. This commit moves the calculation of resolution after the point that we are finished setting things up for its proper use. Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> Fixes: 08a46b4190d3 ("HID: wacom: Set a default resolution for older tablets") Cc: stable(a)vger.kernel.org --- drivers/hid/wacom_wac.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index 1f4564982b958..2541fa2e0fa3b 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -1878,12 +1878,14 @@ static void wacom_map_usage(struct input_dev *input, struct hid_usage *usage, int fmax = field->logical_maximum; unsigned int equivalent_usage = wacom_equivalent_usage(usage->hid); int resolution_code = code; - int resolution = hidinput_calc_abs_res(field, resolution_code); + int resolution; if (equivalent_usage == HID_DG_TWIST) { resolution_code = ABS_RZ; } + resolution = hidinput_calc_abs_res(field, resolution_code); + if (equivalent_usage == HID_GD_X) { fmin += features->offset_left; fmax -= features->offset_right; -- 2.45.2

10 months, 3 weeks

3
3
0 0

[PATCH v4] mm/hugetlb: fix hugetlb vs. core-mm PT locking

by David Hildenbrand

We recently made GUP's common page table walking code to also walk hugetlb VMAs without most hugetlb special-casing, preparing for the future of having less hugetlb-specific page table walking code in the codebase. Turns out that we missed one page table locking detail: page table locking for hugetlb folios that are not mapped using a single PMD/PUD. Assume we have hugetlb folio that spans multiple PTEs (e.g., 64 KiB hugetlb folios on arm64 with 4 KiB base page size). GUP, as it walks the page tables, will perform a pte_offset_map_lock() to grab the PTE table lock. However, hugetlb that concurrently modifies these page tables would actually grab the mm->page_table_lock: with USE_SPLIT_PTE_PTLOCKS, the locks would differ. Something similar can happen right now with hugetlb folios that span multiple PMDs when USE_SPLIT_PMD_PTLOCKS. This issue can be reproduced [1], for example triggering: [ 3105.936100] ------------[ cut here ]------------ [ 3105.939323] WARNING: CPU: 31 PID: 2732 at mm/gup.c:142 try_grab_folio+0x11c/0x188 [ 3105.944634] Modules linked in: [...] [ 3105.974841] CPU: 31 PID: 2732 Comm: reproducer Not tainted 6.10.0-64.eln141.aarch64 #1 [ 3105.980406] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-4.fc40 05/24/2024 [ 3105.986185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3105.991108] pc : try_grab_folio+0x11c/0x188 [ 3105.994013] lr : follow_page_pte+0xd8/0x430 [ 3105.996986] sp : ffff80008eafb8f0 [ 3105.999346] x29: ffff80008eafb900 x28: ffffffe8d481f380 x27: 00f80001207cff43 [ 3106.004414] x26: 0000000000000001 x25: 0000000000000000 x24: ffff80008eafba48 [ 3106.009520] x23: 0000ffff9372f000 x22: ffff7a54459e2000 x21: ffff7a546c1aa978 [ 3106.014529] x20: ffffffe8d481f3c0 x19: 0000000000610041 x18: 0000000000000001 [ 3106.019506] x17: 0000000000000001 x16: ffffffffffffffff x15: 0000000000000000 [ 3106.024494] x14: ffffb85477fdfe08 x13: 0000ffff9372ffff x12: 0000000000000000 [ 3106.029469] x11: 1fffef4a88a96be1 x10: ffff7a54454b5f0c x9 : ffffb854771b12f0 [ 3106.034324] x8 : 0008000000000000 x7 : ffff7a546c1aa980 x6 : 0008000000000080 [ 3106.038902] x5 : 00000000001207cf x4 : 0000ffff9372f000 x3 : ffffffe8d481f000 [ 3106.043420] x2 : 0000000000610041 x1 : 0000000000000001 x0 : 0000000000000000 [ 3106.047957] Call trace: [ 3106.049522] try_grab_folio+0x11c/0x188 [ 3106.051996] follow_pmd_mask.constprop.0.isra.0+0x150/0x2e0 [ 3106.055527] follow_page_mask+0x1a0/0x2b8 [ 3106.058118] __get_user_pages+0xf0/0x348 [ 3106.060647] faultin_page_range+0xb0/0x360 [ 3106.063651] do_madvise+0x340/0x598 Let's make huge_pte_lockptr() effectively use the same PT locks as any core-mm page table walker would. Add ptep_lockptr() to obtain the PTE page table lock using a pte pointer -- unfortunately we cannot convert pte_lockptr() because virt_to_page() doesn't work with kmap'ed page tables we can have with CONFIG_HIGHPTE. Handle CONFIG_PGTABLE_LEVELS correctly by checking in reverse order, such that when e.g., CONFIG_PGTABLE_LEVELS==2 with PGDIR_SIZE==P4D_SIZE==PUD_SIZE==PMD_SIZE will work as expected. Document why that works. There is one ugly case: powerpc 8xx, whereby we have an 8 MiB hugetlb folio being mapped using two PTE page tables. While hugetlb wants to take the PMD table lock, core-mm would grab the PTE table lock of one of both PTE page tables. In such corner cases, we have to make sure that both locks match, which is (fortunately!) currently guaranteed for 8xx as it does not support SMP and consequently doesn't use split PT locks. [1] https://lore.kernel.org/all/1bbfcc7f-f222-45a5-ac44-c5a1381c596d@redhat.com/ Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Acked-by: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- @James, I dropped your RB. Retested on arm64 and x86-64. Cross-compiled on a bunch of others. v3 -> v4: * Replace PTE pointer alignment by BUILD_BUG_ON() * Simplify lock lookup by looking up in reverse * Adjust comment and patch description v2 -> v3: * Handle CONFIG_PGTABLE_LEVELS oddities as good as possible. It's a mess. Remove the size >= P4D_SIZE check and simply default to the &mm->page_table_lock. * Align the PTE pointer to the start of the page table to handle PTE page tables bigger than a single page (unclear if this could currently trigger). * Extend patch description v1 -> 2: * Extend patch description * Drop "mm: let pte_lockptr() consume a pte_t pointer" * Introduce ptep_lockptr() in this patch --- include/linux/hugetlb.h | 33 ++++++++++++++++++++++++++++++--- include/linux/mm.h | 11 +++++++++++ 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 8e462205400d..ac3ea8596f93 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -938,10 +938,37 @@ static inline bool htlb_allow_alloc_fallback(int reason) static inline spinlock_t *huge_pte_lockptr(struct hstate *h, struct mm_struct *mm, pte_t *pte) { - if (huge_page_size(h) == PMD_SIZE) + const unsigned long size = huge_page_size(h); + + VM_WARN_ON(size == PAGE_SIZE); + + /* + * hugetlb must use the exact same PT locks as core-mm page table + * walkers would. When modifying a PTE table, hugetlb must take the + * PTE PT lock, when modifying a PMD table, hugetlb must take the PMD + * PT lock etc. + * + * The expectation is that any hugetlb folio smaller than a PMD is + * always mapped into a single PTE table and that any hugetlb folio + * smaller than a PUD (but at least as big as a PMD) is always mapped + * into a single PMD table. + * + * If that does not hold for an architecture, then that architecture + * must disable split PT locks such that all *_lockptr() functions + * will give us the same result: the per-MM PT lock. + * + * Note that with e.g., CONFIG_PGTABLE_LEVELS=2 where + * PGDIR_SIZE==P4D_SIZE==PUD_SIZE==PMD_SIZE, we'd use pud_lockptr() + * and core-mm would use pmd_lockptr(). However, in such configurations + * split PMD locks are disabled -- they don't make sense on a single + * PGDIR page table -- and the end result is the same. + */ + if (size >= PUD_SIZE) + return pud_lockptr(mm, (pud_t *) pte); + else if (size >= PMD_SIZE || IS_ENABLED(CONFIG_HIGHPTE)) return pmd_lockptr(mm, (pmd_t *) pte); - VM_BUG_ON(huge_page_size(h) == PAGE_SIZE); - return &mm->page_table_lock; + /* pte_alloc_huge() only applies with !CONFIG_HIGHPTE */ + return ptep_lockptr(mm, pte); } #ifndef hugepages_supported diff --git a/include/linux/mm.h b/include/linux/mm.h index a890a1731c14..bd219ac9c026 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2869,6 +2869,13 @@ static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) return ptlock_ptr(page_ptdesc(pmd_page(*pmd))); } +static inline spinlock_t *ptep_lockptr(struct mm_struct *mm, pte_t *pte) +{ + BUILD_BUG_ON(IS_ENABLED(CONFIG_HIGHPTE)); + BUILD_BUG_ON(MAX_PTRS_PER_PTE * sizeof(pte_t) > PAGE_SIZE); + return ptlock_ptr(virt_to_ptdesc(pte)); +} + static inline bool ptlock_init(struct ptdesc *ptdesc) { /* @@ -2893,6 +2900,10 @@ static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) { return &mm->page_table_lock; } +static inline spinlock_t *ptep_lockptr(struct mm_struct *mm, pte_t *pte) +{ + return &mm->page_table_lock; +} static inline void ptlock_cache_init(void) {} static inline bool ptlock_init(struct ptdesc *ptdesc) { return true; } static inline void ptlock_free(struct ptdesc *ptdesc) {} -- 2.45.2

10 months, 3 weeks

2
3
0 0

FAILED: patch "[PATCH] ipv4: fix source address selection with route leak" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6807352353561187a718e87204458999dbcbba1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072916-pastrami-suction-5192@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 680735235356 ("ipv4: fix source address selection with route leak") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6807352353561187a718e87204458999dbcbba1b Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:27 +0200 Subject: [PATCH] ipv4: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Link: https://patch.msgid.link/20240710081521.3809742-2-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index f669da98d11d..8956026bc0a2 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -2270,6 +2270,15 @@ void fib_select_path(struct net *net, struct fib_result *res, fib_select_default(fl4, res); check_saddr: - if (!fl4->saddr) - fl4->saddr = fib_result_prefsrc(net, res); + if (!fl4->saddr) { + struct net_device *l3mdev; + + l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); + + if (!l3mdev || + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) + fl4->saddr = fib_result_prefsrc(net, res); + else + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); + } }

10 months, 3 weeks

2
1
0 0

[PATCH 1/3] drm/amdgpu: Forward soft recovery errors to userspace

by Joshua Ashton

As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/ Signed-off-by: Joshua Ashton <joshua(a)froggi.es> Cc: Friedrich Vock <friedrich.vock(a)gmx.de> Cc: Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> Cc: Christian König <christian.koenig(a)amd.com> Cc: André Almeida <andrealmeid(a)igalia.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c index 4b3000c21ef2..aebf59855e9f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c @@ -262,9 +262,8 @@ amdgpu_job_prepare_job(struct drm_sched_job *sched_job, struct dma_fence *fence = NULL; int r; - /* Ignore soft recovered fences here */ r = drm_sched_entity_error(s_entity); - if (r && r != -ENODATA) + if (r) goto error; if (!fence && job->gang_submit) -- 2.44.0

10 months, 3 weeks

5
10
0 0

[PATCH net v1] net: wan: fsl_qmc_hdlc: Discard received CRC

by Herve Codina

Received frame from QMC contains the CRC. Upper layers don't need this CRC and tcpdump mentioned trailing junk data due to this CRC presence. As some other HDLC driver, simply discard this CRC. Fixes: d0f2258e79fd ("net: wan: Add support for QMC HDLC") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/net/wan/fsl_qmc_hdlc.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/net/wan/fsl_qmc_hdlc.c b/drivers/net/wan/fsl_qmc_hdlc.c index 64b4bfa6fea7..8fcfbde31a1c 100644 --- a/drivers/net/wan/fsl_qmc_hdlc.c +++ b/drivers/net/wan/fsl_qmc_hdlc.c @@ -250,6 +250,7 @@ static void qmc_hcld_recv_complete(void *context, size_t length, unsigned int fl struct qmc_hdlc_desc *desc = context; struct net_device *netdev; struct qmc_hdlc *qmc_hdlc; + size_t crc_size; int ret; netdev = desc->netdev; @@ -268,15 +269,26 @@ static void qmc_hcld_recv_complete(void *context, size_t length, unsigned int fl if (flags & QMC_RX_FLAG_HDLC_CRC) /* CRC error */ netdev->stats.rx_crc_errors++; kfree_skb(desc->skb); - } else { - netdev->stats.rx_packets++; - netdev->stats.rx_bytes += length; + goto re_queue; + } - skb_put(desc->skb, length); - desc->skb->protocol = hdlc_type_trans(desc->skb, netdev); - netif_rx(desc->skb); + /* Discard the CRC */ + crc_size = qmc_hdlc->is_crc32 ? 4 : 2; + if (length < crc_size) { + netdev->stats.rx_length_errors++; + kfree_skb(desc->skb); + goto re_queue; } + length -= crc_size; + + netdev->stats.rx_packets++; + netdev->stats.rx_bytes += length; + + skb_put(desc->skb, length); + desc->skb->protocol = hdlc_type_trans(desc->skb, netdev); + netif_rx(desc->skb); +re_queue: /* Re-queue a transfer using the same descriptor */ ret = qmc_hdlc_recv_queue(qmc_hdlc, desc, desc->dma_size); if (ret) { -- 2.45.0

10 months, 3 weeks

4
3
0 0

[PATCH v4 RESEND] drm/client: fix null pointer dereference in drm_client_modeset_probe

by Ma Ke

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - modified patch, set ret and break to handle error rightly. Changes in v3: - modified patch as suggestions, returned error directly when failing to get modeset->mode. Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipients. - added Cc stable. --- drivers/gpu/drm/drm_client_modeset.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 31af5cf37a09..cee5eafbfb81 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -880,6 +880,11 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, kfree(modeset->mode); modeset->mode = drm_mode_duplicate(dev, mode); + if (!modeset->mode) { + ret = -ENOMEM; + break; + } + drm_connector_get(connector); modeset->connectors[modeset->num_connectors++] = connector; modeset->x = offset->x; -- 2.25.1

10 months, 3 weeks

2
2
0 0

[PATCH v3 RESEND] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added the patch operations omitted in PATCH v2 RESEND compared to PATCH v2. Sorry for my oversight. Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..6f3da8d99eab 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { @@ -214,6 +217,9 @@ static int _emif_get_id(struct device_node *node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); edac_printk(KERN_INFO, EDAC_MOD_NAME, -- 2.25.1

10 months, 3 weeks

2
1
0 0

[PATCH RESEND] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..d6bf0eebeb41 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (!sdram_addr) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

10 months, 3 weeks

2
1
0 0

[PATCH RESEND] drm/nouveau: fix a possible null pointer dereference

by Ma Ke

In ch7006_encoder_get_modes(), the return value of drm_mode_duplicate() is used directly in drm_mode_probed_add(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 6ee738610f41 ("drm/nouveau: Add DRM driver for NVIDIA GPUs") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/i2c/ch7006_drv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i2c/ch7006_drv.c b/drivers/gpu/drm/i2c/ch7006_drv.c index 131512a5f3bd..48bf6e4e8bdb 100644 --- a/drivers/gpu/drm/i2c/ch7006_drv.c +++ b/drivers/gpu/drm/i2c/ch7006_drv.c @@ -229,6 +229,7 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, { struct ch7006_priv *priv = to_ch7006_priv(encoder); const struct ch7006_mode *mode; + struct drm_display_mode *encoder_mode = NULL; int n = 0; for (mode = ch7006_modes; mode->mode.clock; mode++) { @@ -236,8 +237,11 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, ~mode->valid_norms & 1<<priv->norm) continue; - drm_mode_probed_add(connector, - drm_mode_duplicate(encoder->dev, &mode->mode)); + encoder_mode = drm_mode_duplicate(encoder->dev, &mode->mode); + if (!encoder_mode) + return 0; + + drm_mode_probed_add(connector, encoder_mode); n++; } -- 2.25.1

10 months, 3 weeks

1
0
0 0

Kazakhstan Crude Oil Product Offer REF:fqgzib01

by Antonov|DPR

Dear stable, I hope this message finds you well. My name is Antonov, and I am a sales representative authorized by leading refineries in Kazakhstan to negotiate the sale of crude oil products worldwide. If you are interested in purchasing crude oil products, we can facilitate the process. The refinery has sufficient product allocation to supply to serious buyers. We currently offer a range of products including Petcoke, Ultra- Low Sulphur Diesel, East Siberia-Pacific Ocean (ESPO) Blend, Russian Light Cycle Oil (LCO), LNG, LPG, Jet Fuel, and more. All our products meet SGS and GOST-R standards, and we guarantee timely delivery. Thank you for your attention. I look forward to your response and to discussing further details. Best regards, Antonov Message REF1: ieztudr02Q Message Timestamp: 8/2/2024 4:19:59 a.m.

10 months, 3 weeks

1
0
0 0

[PATCH v2 RESEND] dmaengine: moxart: handle irq_of_parse_and_map() errors

by Ma Ke

Zero and negative number is not a valid IRQ for in-kernel code and the irq_of_parse_and_map() function returns zero on error. So this check for valid IRQs should only accept values > 0. Cc: stable(a)vger.kernel.org Fixes: 2d9e31b9412c ("dmaengine: moxart: remove NO_IRQ") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line; - added Fixes line. --- drivers/dma/moxart-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma/moxart-dma.c b/drivers/dma/moxart-dma.c index 66dc6d31b603..16dd3c5aba4d 100644 --- a/drivers/dma/moxart-dma.c +++ b/drivers/dma/moxart-dma.c @@ -568,7 +568,7 @@ static int moxart_probe(struct platform_device *pdev) return -ENOMEM; irq = irq_of_parse_and_map(node, 0); - if (!irq) { + if (irq <= 0) { dev_err(dev, "no IRQ resource\n"); return -EINVAL; } -- 2.25.1

10 months, 3 weeks

1
0
0 0

[PATCH net 0/7] mptcp: fix endpoints with 'signal' and 'subflow' flags

by Matthieu Baerts (NGI0)

When looking at improving the user experience around the MPTCP endpoints setup, I noticed that setting an endpoint with both the 'signal' and the 'subflow' flags -- as it has been done in the past by users according to bug reports we got -- was resulting on only announcing the endpoint, but not using it to create subflows: the 'subflow' flag was then ignored. My initial thought was to modify IPRoute2 to warn the user when the two flags were set, but it doesn't sound normal to ignore one of them. I then looked at modifying the kernel not to allow having the two flags set, but when discussing about that with Mat, we thought it was maybe not ideal to do that, as there might be use-cases, we might break some configs. Then I saw it was working before v5.17. So instead, I fixed the support on the kernel side (patch 5) using Paolo's suggestion. This also includes a fix on the options side (patch 1: for v5.11+), an explicit deny of some options combinations (patch 2: for v5.18+), and some refactoring (patches 3 and 4) to ease the inclusion of the patch 5. While at it, I added a new selftest (patch 7) to validate this case -- including a modification of the chk_add_nr helper to inverse the sides were the counters are checked (patch 6) -- and allowed ADD_ADDR echo just after the MP_JOIN 3WHS. The selftests modification have the same Fixes tag as the previous commit, but no 'Cc: Stable': if the backport can work, that's good -- but it still need to be verified by running the selftests -- if not, no need to worry, many CIs will use the selftests from the last stable version to validate previous stable releases. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (7): mptcp: fully established after ADD_ADDR echo on MPJ mptcp: pm: deny endp with signal + subflow + port mptcp: pm: reduce indentation blocks mptcp: pm: don't try to create sf if alloc failed mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set selftests: mptcp: join: ability to invert ADD_ADDR check selftests: mptcp: join: test both signal & subflow net/mptcp/options.c | 3 +- net/mptcp/pm_netlink.c | 47 +++++++++++++-------- tools/testing/selftests/net/mptcp/mptcp_join.sh | 55 ++++++++++++++++++------- 3 files changed, 73 insertions(+), 32 deletions(-) --- base-commit: 0bf50cead4c4710d9f704778c32ab8af47ddf070 change-id: 20240731-upstream-net-20240731-mptcp-endp-subflow-signal-181d640cf5e8 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

10 months, 3 weeks

2
5
0 0

[PATCH iwl-net 2/3] idpf: fix memleak in vport interrupt configuration

by Alexander Lobakin

From: Michal Kubiak <michal.kubiak(a)intel.com> The initialization of vport interrupt consists of two functions: 1) idpf_vport_intr_init() where a generic configuration is done 2) idpf_vport_intr_req_irq() where the irq for each q_vector is requested. The first function used to create a base name for each interrupt using "kasprintf()" call. Unfortunately, although that call allocated memory for a text buffer, that memory was never released. Fix this by removing creating the interrupt base name in 1). Instead, always create a full interrupt name in the function 2), because there is no need to create a base name separately, considering that the function 2) is never called out of idpf_vport_intr_init() context. Fixes: d4d558718266 ("idpf: initialize interrupts and enable vport") Cc: stable(a)vger.kernel.org # 6.7 Signed-off-by: Michal Kubiak <michal.kubiak(a)intel.com> Reviewed-by: Pavan Kumar Linga <pavan.kumar.linga(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> --- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_txrx.c index af2879f03b8d..a2f9f252694a 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c @@ -3780,13 +3780,15 @@ void idpf_vport_intr_update_itr_ena_irq(struct idpf_q_vector *q_vector) /** * idpf_vport_intr_req_irq - get MSI-X vectors from the OS for the vport * @vport: main vport structure - * @basename: name for the vector */ -static int idpf_vport_intr_req_irq(struct idpf_vport *vport, char *basename) +static int idpf_vport_intr_req_irq(struct idpf_vport *vport) { struct idpf_adapter *adapter = vport->adapter; + const char *drv_name, *if_name, *vec_name; int vector, err, irq_num, vidx; - const char *vec_name; + + drv_name = dev_driver_string(&adapter->pdev->dev); + if_name = netdev_name(vport->netdev); for (vector = 0; vector < vport->num_q_vectors; vector++) { struct idpf_q_vector *q_vector = &vport->q_vectors[vector]; @@ -3804,8 +3806,8 @@ static int idpf_vport_intr_req_irq(struct idpf_vport *vport, char *basename) else continue; - name = kasprintf(GFP_KERNEL, "%s-%s-%d", basename, vec_name, - vidx); + name = kasprintf(GFP_KERNEL, "%s-%s-%s-%d", drv_name, if_name, + vec_name, vidx); err = request_irq(irq_num, idpf_vport_intr_clean_queues, 0, name, q_vector); @@ -4326,7 +4328,6 @@ int idpf_vport_intr_alloc(struct idpf_vport *vport) */ int idpf_vport_intr_init(struct idpf_vport *vport) { - char *int_name; int err; err = idpf_vport_intr_init_vec_idx(vport); @@ -4340,11 +4341,7 @@ int idpf_vport_intr_init(struct idpf_vport *vport) if (err) goto unroll_vectors_alloc; - int_name = kasprintf(GFP_KERNEL, "%s-%s", - dev_driver_string(&vport->adapter->pdev->dev), - vport->netdev->name); - - err = idpf_vport_intr_req_irq(vport, int_name); + err = idpf_vport_intr_req_irq(vport); if (err) goto unroll_vectors_alloc; -- 2.45.2

10 months, 3 weeks

3
2
0 0

Re: [v6.1] WARNING in ieee80211_check_rate_mask

by syzbot

syzbot suspects this issue could be fixed by backporting the following commit: commit ce04abc3fcc62cd5640af981ebfd7c4dc3bded28 git tree: upstream Author: Johannes Berg <johannes.berg(a)intel.com> Date: Fri Feb 24 09:52:19 2023 +0000 wifi: mac80211: check basic rates validity bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15d0b26d980000 kernel config: https://syzkaller.appspot.com/x/.config?x=59059e181681c079 dashboard link: https://syzkaller.appspot.com/bug?extid=07bee335584b04e7c2f8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=122bb7a5180000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14dfa479180000 Please keep in mind that other backports might be required as well. For information about bisection process see: https://goo.gl/tpsmEJ#bisection

10 months, 3 weeks

1
0
0 0

+ mm-list_lru-fix-uaf-for-memory-cgroup-v2.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm-list_lru-fix-uaf-for-memory-cgroup-v2 has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-list_lru-fix-uaf-for-memory-cgroup-v2.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Muchun Song <songmuchun(a)bytedance.com> Subject: mm-list_lru-fix-uaf-for-memory-cgroup-v2 Date: Thu, 1 Aug 2024 10:46:03 +0800 only grab rcu lock when necessary, per Vlastimil Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com Fixes: 0a97c01cd20b ("list_lru: allow explicit memcg and NUMA node selection") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/list_lru.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) --- a/mm/list_lru.c~mm-list_lru-fix-uaf-for-memory-cgroup-v2 +++ a/mm/list_lru.c @@ -112,12 +112,14 @@ bool list_lru_add_obj(struct list_lru *l { bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg; - rcu_read_lock(); - memcg = list_lru_memcg_aware(lru) ? mem_cgroup_from_slab_obj(item) : NULL; - ret = list_lru_add(lru, item, nid, memcg); - rcu_read_unlock(); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_add(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_add(lru, item, nid, NULL); + } return ret; } @@ -148,12 +150,14 @@ bool list_lru_del_obj(struct list_lru *l { bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg; - rcu_read_lock(); - memcg = list_lru_memcg_aware(lru) ? mem_cgroup_from_slab_obj(item) : NULL; - ret = list_lru_del(lru, item, nid, memcg); - rcu_read_unlock(); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_del(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_del(lru, item, nid, NULL); + } return ret; } _ Patches currently in -mm which might be from songmuchun(a)bytedance.com are mm-list_lru-fix-uaf-for-memory-cgroup.patch mm-list_lru-fix-uaf-for-memory-cgroup-v2.patch mm-kmem-remove-mem_cgroup_from_obj.patch

10 months, 3 weeks

1
0
0 0

[PATCH v4 0/2] Rust and the shadow call stack sanitizer

by Alice Ryhl

This patch series makes it possible to use Rust together with the shadow call stack sanitizer. The first patch is intended to be backported to ensure that people don't try to use SCS with Rust on older kernel versions. The second patch makes it possible to use Rust with the shadow call stack sanitizer. The second patch in this series depends on the next version of [1], which Miguel will send soon. Link: https://lore.kernel.org/rust-for-linux/20240709160615.998336-12-ojeda@kerne… [1] Signed-off-by: Alice Ryhl <aliceryhl(a)google.com> --- Changes in v4: - Move `depends on` to CONFIG_RUST. - Rewrite commit messages to include more context. - Link to v3: https://lore.kernel.org/r/20240704-shadow-call-stack-v3-0-d11c7a6ebe30@goog… Changes in v3: - Use -Zfixed-x18. - Add logic to reject unsupported rustc versions. - Also include a fix to be backported. - Link to v2: https://lore.kernel.org/rust-for-linux/20240305-shadow-call-stack-v2-1-c7b4… Changes in v2: - Add -Cforce-unwind-tables flag. - Link to v1: https://lore.kernel.org/rust-for-linux/20240304-shadow-call-stack-v1-1-f055… --- Alice Ryhl (2): rust: SHADOW_CALL_STACK is incompatible with Rust rust: support for shadow call stack sanitizer Makefile | 1 + arch/arm64/Makefile | 3 +++ init/Kconfig | 1 + 3 files changed, 5 insertions(+) --- base-commit: 9cde54ad2f7ac3cf84f65df605570c5a00afc82f change-id: 20240304-shadow-call-stack-9c197a4361d9 Best regards, -- Alice Ryhl <aliceryhl(a)google.com>

10 months, 3 weeks

3
3
0 0

[PATCH v2 0/2] media: imx335: Fix reset-gpio handling

by Umang Jain

These couple of patches intends to fix the reset-gpio handling for imx335 driver. Patch 1/2 mentions reset-gpio polarity in DT binding example. It is ACTIVE_LOW according to the data sheet. Patch 2/2 fixes the logical value of reset-gpio during power-on/power-off sequence. -- Changes in v2: - Also include reset-gpio polarity, mention in DT binding - Add Fixes tag in 2/2 - Set the reset line to high during init time in 2/2 Link to v1: https://lore.kernel.org/linux-media/tyo5etjwsfznuk6vzwqmcphbu4pz4lskrg3fjie… Umang Jain (2): dt-bindings: imx335: Mention reset-gpio polarity media: imx335: Fix reset-gpio handling .../devicetree/bindings/media/i2c/sony,imx335.yaml | 2 ++ drivers/media/i2c/imx335.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) -- 2.45.0

10 months, 3 weeks

6
19
0 0

[PATCH V3 0/8] Add camera clock controller support for SM8150

by Satya Priya Kakitapalli

Add camcc support and Regera PLL ops. Also, fix the pll post div mask. Changes in V3: - Split the fixes into separate patches, remove RETAIN_FF flag for gdscs and document the BIT(15) of pll alpha value. - Link to v2: https://lore.kernel.org/all/20240702-camcc-support-sm8150-v2-1-4baf54ec7333… Changes in v2: - As per Konrad's comments, re-use the zonda pll code for regera, as both are mostly same. - Fix the zonda_set_rate API and also the pll_post_div shift used in trion pll post div set rate API - Link to v1: https://lore.kernel.org/r/20240229-camcc-support-sm8150-v1-0-8c28c6c87990@q… Satya Priya Kakitapalli (7): clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL dt-bindings: clock: qcom: Add SM8150 camera clock controller clk: qcom: Add camera clock controller driver for SM8150 arm64: dts: qcom: Add camera clock controller for sm8150 Taniya Das (1): clk: qcom: clk-alpha-pll: Add support for Regera PLL ops .../bindings/clock/qcom,sm8150-camcc.yaml | 77 + arch/arm64/boot/dts/qcom/sa8155p.dtsi | 4 + arch/arm64/boot/dts/qcom/sm8150.dtsi | 13 + drivers/clk/qcom/Kconfig | 9 + drivers/clk/qcom/Makefile | 1 + drivers/clk/qcom/camcc-sm8150.c | 2159 +++++++++++++++++ drivers/clk/qcom/clk-alpha-pll.c | 57 +- drivers/clk/qcom/clk-alpha-pll.h | 5 + include/dt-bindings/clock/qcom,sm8150-camcc.h | 135 ++ 9 files changed, 2456 insertions(+), 4 deletions(-) create mode 100644 Documentation/devicetree/bindings/clock/qcom,sm8150-camcc.yaml create mode 100644 drivers/clk/qcom/camcc-sm8150.c create mode 100644 include/dt-bindings/clock/qcom,sm8150-camcc.h -- 2.25.1

10 months, 3 weeks

4
15
0 0

[PATCH net 0/2] mptcp: fix duplicate data handling

by Matthieu Baerts (NGI0)

In some cases, the subflow-level's copied_seq counter was incorrectly increased, leading to an unexpected subflow reset. Patch 1/2 fixes the RCVPRUNED MIB counter that was attached to the wrong event since its introduction in v5.14, backported to v5.11. Patch 2/2 fixes the copied_seq counter issues, is present since v5.10. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Paolo Abeni (2): mptcp: fix bad RCVPRUNED mib accounting mptcp: fix duplicate data handling net/mptcp/protocol.c | 8 ++++---- net/mptcp/subflow.c | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) --- base-commit: 0bf50cead4c4710d9f704778c32ab8af47ddf070 change-id: 20240731-upstream-net-20240731-mptcp-dup-data-f922353130af Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

10 months, 3 weeks

2
3
0 0

[PATCH v2] mm: list_lru: fix UAF for memory cgroup

by Muchun Song

The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Fixes: 0a97c01cd20b ("list_lru: allow explicit memcg and NUMA node selection") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> --- v2: Only grab rcu lock when necessary (Vlastimil Babka) mm/list_lru.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/mm/list_lru.c b/mm/list_lru.c index a29d96929d7c7..9b7ff06e9d326 100644 --- a/mm/list_lru.c +++ b/mm/list_lru.c @@ -85,6 +85,7 @@ list_lru_from_memcg_idx(struct list_lru *lru, int nid, int idx) } #endif /* CONFIG_MEMCG */ +/* The caller must ensure the memcg lifetime. */ bool list_lru_add(struct list_lru *lru, struct list_head *item, int nid, struct mem_cgroup *memcg) { @@ -109,14 +110,22 @@ EXPORT_SYMBOL_GPL(list_lru_add); bool list_lru_add_obj(struct list_lru *lru, struct list_head *item) { + bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg = list_lru_memcg_aware(lru) ? - mem_cgroup_from_slab_obj(item) : NULL; - return list_lru_add(lru, item, nid, memcg); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_add(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_add(lru, item, nid, NULL); + } + + return ret; } EXPORT_SYMBOL_GPL(list_lru_add_obj); +/* The caller must ensure the memcg lifetime. */ bool list_lru_del(struct list_lru *lru, struct list_head *item, int nid, struct mem_cgroup *memcg) { @@ -139,11 +148,18 @@ EXPORT_SYMBOL_GPL(list_lru_del); bool list_lru_del_obj(struct list_lru *lru, struct list_head *item) { + bool ret; int nid = page_to_nid(virt_to_page(item)); - struct mem_cgroup *memcg = list_lru_memcg_aware(lru) ? - mem_cgroup_from_slab_obj(item) : NULL; - return list_lru_del(lru, item, nid, memcg); + if (list_lru_memcg_aware(lru)) { + rcu_read_lock(); + ret = list_lru_del(lru, item, nid, mem_cgroup_from_slab_obj(item)); + rcu_read_unlock(); + } else { + ret = list_lru_del(lru, item, nid, NULL); + } + + return ret; } EXPORT_SYMBOL_GPL(list_lru_del_obj); -- 2.20.1

10 months, 3 weeks

2
1
0 0

[PATCH iwl-net v2 0/3] igc bug fixes related to qbv_count usage

by Faizal Rahim

These igc bug fixes are sent as a patch series because: 1. The two patches below remove the reliance on using the qbv_count field. "igc: Fix qbv_config_change_errors logics" "igc: Fix reset adapter logics when tx mode change" qbv_count field will be removed in future patch via iwl-next. 2. The patch "igc: Fix qbv tx latency by setting gtxoffset" reuse the function igc_tsn_will_tx_mode_change() which was created in the patch: "igc: Fix reset adapter logics when tx mode change" v1: https://patchwork.kernel.org/project/netdevbpf/cover/20240702040926.3327530… Changelog: v1 -> v2 - Instead of casting to bool, use !! (Simon) - Simplify new functions created. Instead of if.. return true, else return false, use single return. (Simon) - Remove patch "igc: Remove unused qbv_coun" from this series which is targeting to iwl-net. This patch will be sent to iwl-next. (Simon) Faizal Rahim (3): igc: Fix qbv_config_change_errors logics igc: Fix reset adapter logics when tx mode change igc: Fix qbv tx latency by setting gtxoffset drivers/net/ethernet/intel/igc/igc_main.c | 8 +++-- drivers/net/ethernet/intel/igc/igc_tsn.c | 41 ++++++++++++++++------- drivers/net/ethernet/intel/igc/igc_tsn.h | 1 + 3 files changed, 36 insertions(+), 14 deletions(-) -- 2.25.1

10 months, 3 weeks

6
15
0 0

[PATCH 3/4] ext4: factor out write end code of inline file

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> Now that the inline_data file write end procedure are falled into the common write end functions, it is not clear. Factor them out and do some cleanup. This patch also drop ext4_da_write_inline_data_end() and switch to use ext4_write_inline_data_end() instead because we also need to do the same error processing if we failed to write data into inline entry. Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-4-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/ext4.h | 3 -- fs/ext4/inline.c | 127 ++++++++++++++++++++++++----------------------- fs/ext4/inode.c | 74 +++++++++------------------ 3 files changed, 89 insertions(+), 115 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index fa2579abea7d..6394c8a3803c 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3083,9 +3083,6 @@ extern int ext4_da_write_inline_data_begin(struct address_space *mapping, unsigned flags, struct page **pagep, void **fsdata); -extern int ext4_da_write_inline_data_end(struct inode *inode, loff_t pos, - unsigned len, unsigned copied, - struct page *page); extern int ext4_try_add_inline_entry(handle_t *handle, struct ext4_filename *fname, struct inode *dir, struct inode *inode); diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index de04bd5fb551..eeb696c85a61 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -741,40 +741,82 @@ int ext4_try_to_write_inline_data(struct address_space *mapping, int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, unsigned copied, struct page *page) { - int ret, no_expand; + handle_t *handle = ext4_journal_current_handle(); + int no_expand; void *kaddr; struct ext4_iloc iloc; + int ret = 0, ret2; if (unlikely(copied < len) && !PageUptodate(page)) - return 0; + copied = 0; - ret = ext4_get_inode_loc(inode, &iloc); - if (ret) { - ext4_std_error(inode->i_sb, ret); - return ret; - } + if (likely(copied)) { + ret = ext4_get_inode_loc(inode, &iloc); + if (ret) { + unlock_page(page); + put_page(page); + ext4_std_error(inode->i_sb, ret); + goto out; + } + ext4_write_lock_xattr(inode, &no_expand); + BUG_ON(!ext4_has_inline_data(inode)); - ext4_write_lock_xattr(inode, &no_expand); - BUG_ON(!ext4_has_inline_data(inode)); + kaddr = kmap_atomic(page); + ext4_write_inline_data(inode, &iloc, kaddr, pos, copied); + kunmap_atomic(kaddr); + SetPageUptodate(page); + /* clear page dirty so that writepages wouldn't work for us. */ + ClearPageDirty(page); - /* - * ei->i_inline_off may have changed since ext4_write_begin() - * called ext4_try_to_write_inline_data() - */ - (void) ext4_find_inline_data_nolock(inode); + /* + * ei->i_inline_off may have changed since ext4_write_begin() + * called ext4_try_to_write_inline_data() + */ + (void) ext4_find_inline_data_nolock(inode); - kaddr = kmap_atomic(page); - ext4_write_inline_data(inode, &iloc, kaddr, pos, copied); - kunmap_atomic(kaddr); - SetPageUptodate(page); - /* clear page dirty so that writepages wouldn't work for us. */ - ClearPageDirty(page); + ext4_write_unlock_xattr(inode, &no_expand); + brelse(iloc.bh); - ext4_write_unlock_xattr(inode, &no_expand); - brelse(iloc.bh); - mark_inode_dirty(inode); + /* + * It's important to update i_size while still holding page + * lock: page writeout could otherwise come in and zero + * beyond i_size. + */ + ext4_update_inode_size(inode, pos + copied); + } + unlock_page(page); + put_page(page); - return copied; + /* + * Don't mark the inode dirty under page lock. First, it unnecessarily + * makes the holding time of page lock longer. Second, it forces lock + * ordering of page lock and transaction start for journaling + * filesystems. + */ + if (likely(copied)) + mark_inode_dirty(inode); +out: + /* + * If we didn't copy as much data as expected, we need to trim back + * size of xattr containing inline data. + */ + if (pos + len > inode->i_size && ext4_can_truncate(inode)) + ext4_orphan_add(handle, inode); + + ret2 = ext4_journal_stop(handle); + if (!ret) + ret = ret2; + if (pos + len > inode->i_size) { + ext4_truncate_failed_write(inode); + /* + * If truncate failed early the inode might still be + * on the orphan list; we need to make sure the inode + * is removed from the orphan list in that case. + */ + if (inode->i_nlink) + ext4_orphan_del(NULL, inode); + } + return ret ? ret : copied; } struct buffer_head * @@ -955,43 +997,6 @@ int ext4_da_write_inline_data_begin(struct address_space *mapping, return ret; } -int ext4_da_write_inline_data_end(struct inode *inode, loff_t pos, - unsigned len, unsigned copied, - struct page *page) -{ - int ret; - - ret = ext4_write_inline_data_end(inode, pos, len, copied, page); - if (ret < 0) { - unlock_page(page); - put_page(page); - return ret; - } - copied = ret; - - /* - * No need to use i_size_read() here, the i_size - * cannot change under us because we hold i_mutex. - * - * But it's important to update i_size while still holding page lock: - * page writeout could otherwise come in and zero beyond i_size. - */ - if (pos+copied > inode->i_size) - i_size_write(inode, pos+copied); - unlock_page(page); - put_page(page); - - /* - * Don't mark the inode dirty under page lock. First, it unnecessarily - * makes the holding time of page lock longer. Second, it forces lock - * ordering of page lock and transaction start for journaling - * filesystems. - */ - mark_inode_dirty(inode); - - return copied; -} - #ifdef INLINE_DIR_DEBUG void ext4_show_inline_dir(struct inode *dir, struct buffer_head *bh, void *inline_start, int inline_size) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 44a715e6aae1..1e6753084a00 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1415,23 +1415,13 @@ static int ext4_write_end(struct file *file, loff_t old_size = inode->i_size; int ret = 0, ret2; int i_size_changed = 0; - int inline_data = ext4_has_inline_data(inode); trace_ext4_write_end(inode, pos, len, copied); - if (inline_data && - ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) { - ret = ext4_write_inline_data_end(inode, pos, len, - copied, page); - if (ret < 0) { - unlock_page(page); - put_page(page); - goto errout; - } - copied = ret; - ret = 0; - } else - copied = block_write_end(file, mapping, pos, - len, copied, page, fsdata); + + if (ext4_has_inline_data(inode)) + return ext4_write_inline_data_end(inode, pos, len, copied, page); + + copied = block_write_end(file, mapping, pos, len, copied, page, fsdata); /* * it's important to update i_size while still holding page lock: * page writeout could otherwise come in and zero beyond i_size. @@ -1448,10 +1438,9 @@ static int ext4_write_end(struct file *file, * ordering of page lock and transaction start for journaling * filesystems. */ - if (i_size_changed || inline_data) + if (i_size_changed) ext4_mark_inode_dirty(handle, inode); -errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside @@ -1523,7 +1512,6 @@ static int ext4_journalled_write_end(struct file *file, int partial = 0; unsigned from, to; int size_changed = 0; - int inline_data = ext4_has_inline_data(inode); trace_ext4_journalled_write_end(inode, pos, len, copied); from = pos & (PAGE_SIZE - 1); @@ -1531,17 +1519,10 @@ static int ext4_journalled_write_end(struct file *file, BUG_ON(!ext4_handle_valid(handle)); - if (inline_data) { - ret = ext4_write_inline_data_end(inode, pos, len, - copied, page); - if (ret < 0) { - unlock_page(page); - put_page(page); - goto errout; - } - copied = ret; - ret = 0; - } else if (unlikely(copied < len) && !PageUptodate(page)) { + if (ext4_has_inline_data(inode)) + return ext4_write_inline_data_end(inode, pos, len, copied, page); + + if (unlikely(copied < len) && !PageUptodate(page)) { copied = 0; ext4_journalled_zero_new_buffers(handle, page, from, to); } else { @@ -1563,13 +1544,12 @@ static int ext4_journalled_write_end(struct file *file, if (old_size < pos) pagecache_isize_extended(inode, old_size, pos); - if (size_changed || inline_data) { + if (size_changed) { ret2 = ext4_mark_inode_dirty(handle, inode); if (!ret) ret = ret2; } -errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside @@ -3195,7 +3175,7 @@ static int ext4_da_write_end(struct file *file, struct page *page, void *fsdata) { struct inode *inode = mapping->host; - int ret = 0, ret2; + int ret; handle_t *handle = ext4_journal_current_handle(); loff_t new_i_size; unsigned long start, end; @@ -3206,6 +3186,12 @@ static int ext4_da_write_end(struct file *file, len, copied, page, fsdata); trace_ext4_da_write_end(inode, pos, len, copied); + + if (write_mode != CONVERT_INLINE_DATA && + ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) && + ext4_has_inline_data(inode)) + return ext4_write_inline_data_end(inode, pos, len, copied, page); + start = pos & (PAGE_SIZE - 1); end = start + copied - 1; @@ -3225,26 +3211,12 @@ static int ext4_da_write_end(struct file *file, * ext4_da_write_inline_data_end(). */ new_i_size = pos + copied; - if (copied && new_i_size > inode->i_size) { - if (ext4_has_inline_data(inode) || - ext4_da_should_update_i_disksize(page, end)) - ext4_update_i_disksize(inode, new_i_size); - } - - if (write_mode != CONVERT_INLINE_DATA && - ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) && - ext4_has_inline_data(inode)) - ret = ext4_da_write_inline_data_end(inode, pos, len, copied, - page); - else - ret = generic_write_end(file, mapping, pos, len, copied, - page, fsdata); - - copied = ret; - ret2 = ext4_journal_stop(handle); - if (!ret) - ret = ret2; + if (copied && new_i_size > inode->i_size && + ext4_da_should_update_i_disksize(page, end)) + ext4_update_i_disksize(inode, new_i_size); + copied = generic_write_end(file, mapping, pos, len, copied, page, fsdata); + ret = ext4_journal_stop(handle); return ret ? ret : copied; } -- 2.43.4

10 months, 3 weeks

2
1
0 0

Re: Crash on boot with CONFIG_JUMP_LABEL in 6.10

by Sam James

Peter Zijlstra <peterz(a)infradead.org> writes: > On Tue, Jul 30, 2024 at 08:36:13PM -0400, matoro wrote: >> On 2024-07-30 09:50, John David Anglin wrote: >> > On 2024-07-30 9:41 a.m., John David Anglin wrote: >> > > On 2024-07-29 7:11 p.m., matoro wrote: >> > > > Hi all, just bumped to the newest mainline starting with 6.10.2 >> > > > and immediately ran into a crash on boot. Fully reproducible, >> > > > reverting back to last known good (6.9.8) resolves the issue. >> > > > Any clue what's going on here? >> > > > I can provide full boot logs, start bisecting, etc if needed... >> > > 6.10.2 built and booted okay on my c8000 with the attached config. >> > > You could start >> > > with it and incrementally add features to try to identify the one >> > > that causes boot failure. >> > Oh, I have an experimental clocksource patch installed. You will need >> > to regenerate config >> > with "make oldconfig" to use the current timer code. Probably, this >> > would happen automatically. >> > > >> > > Your config would be needed to duplicate. Full boot log would also help. >> > >> > Dave >> >> Hi Dave, bisecting quickly revealed the cause here. > > https://lkml.kernel.org/r/20240731105557.GY33588@noisy.programming.kicks-as… Greg, I see tglx's jump_label fix is queued for 6.10.3 but this one isn't as it came too late. Is there any chance of chucking it in? It's pretty nasty. thanks, sam

10 months, 3 weeks

3
3
0 0

[PATCH net v1] net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex

by Herve Codina

The carrier_lock spinlock protects the carrier detection. While it is hold, framer_get_status() is called witch in turn takes a mutex. This is not correct and can lead to a deadlock. A run with PROVE_LOCKING enabled detected the issue: [ BUG: Invalid wait context ] ... c204ddbc (&framer->mutex){+.+.}-{3:3}, at: framer_get_status+0x40/0x78 other info that might help us debug this: context-{4:4} 2 locks held by ifconfig/146: #0: c0926a38 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x12c/0x664 #1: c2006a40 (&qmc_hdlc->carrier_lock){....}-{2:2}, at: qmc_hdlc_framer_set_carrier+0x30/0x98 Avoid the spinlock usage and convert carrier_lock to a mutex. Fixes: 54762918ca85 ("net: wan: fsl_qmc_hdlc: Add framer support") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/net/wan/fsl_qmc_hdlc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/wan/fsl_qmc_hdlc.c b/drivers/net/wan/fsl_qmc_hdlc.c index c5e7ca793c43..64b4bfa6fea7 100644 --- a/drivers/net/wan/fsl_qmc_hdlc.c +++ b/drivers/net/wan/fsl_qmc_hdlc.c @@ -18,6 +18,7 @@ #include <linux/hdlc.h> #include <linux/mod_devicetable.h> #include <linux/module.h> +#include <linux/mutex.h> #include <linux/platform_device.h> #include <linux/slab.h> #include <linux/spinlock.h> @@ -37,7 +38,7 @@ struct qmc_hdlc { struct qmc_chan *qmc_chan; struct net_device *netdev; struct framer *framer; - spinlock_t carrier_lock; /* Protect carrier detection */ + struct mutex carrier_lock; /* Protect carrier detection */ struct notifier_block nb; bool is_crc32; spinlock_t tx_lock; /* Protect tx descriptors */ @@ -60,7 +61,7 @@ static int qmc_hdlc_framer_set_carrier(struct qmc_hdlc *qmc_hdlc) if (!qmc_hdlc->framer) return 0; - guard(spinlock_irqsave)(&qmc_hdlc->carrier_lock); + guard(mutex)(&qmc_hdlc->carrier_lock); ret = framer_get_status(qmc_hdlc->framer, &framer_status); if (ret) { @@ -706,7 +707,7 @@ static int qmc_hdlc_probe(struct platform_device *pdev) qmc_hdlc->dev = dev; spin_lock_init(&qmc_hdlc->tx_lock); - spin_lock_init(&qmc_hdlc->carrier_lock); + mutex_init(&qmc_hdlc->carrier_lock); qmc_hdlc->qmc_chan = devm_qmc_chan_get_bychild(dev, dev->of_node); if (IS_ERR(qmc_hdlc->qmc_chan)) -- 2.45.0

10 months, 3 weeks

4
3
0 0

[PATCH AUTOSEL 5.4 01/22] drm/amdgpu: fix overflowed array index read warning

by Sasha Levin

From: Tim Huang <Tim.Huang(a)amd.com> [ Upstream commit ebbc2ada5c636a6a63d8316a3408753768f5aa9f ] Clear overflowed array index read warning by cast operation. Signed-off-by: Tim Huang <Tim.Huang(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c index e5c83e164d82a..8fafda87d4ce8 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c @@ -437,8 +437,9 @@ static ssize_t amdgpu_debugfs_ring_read(struct file *f, char __user *buf, size_t size, loff_t *pos) { struct amdgpu_ring *ring = file_inode(f)->i_private; - int r, i; uint32_t value, result, early[3]; + loff_t i; + int r; if (*pos & 3 || size & 3) return -EINVAL; -- 2.43.0

10 months, 3 weeks

1
21
0 0

[PATCH AUTOSEL 6.6 01/83] drm/amd/display: Assign linear_pitch_alignment even for VM

by Sasha Levin

From: Alvin Lee <alvin.lee2(a)amd.com> [ Upstream commit 984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 ] [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Reviewed-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Acked-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Alvin Lee <alvin.lee2(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 72db370e2f21f..50e643bfdfbad 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -1298,6 +1298,7 @@ struct dc *dc_create(const struct dc_init_data *init_params) return NULL; if (init_params->dce_environment == DCE_ENV_VIRTUAL_HW) { + dc->caps.linear_pitch_alignment = 64; if (!dc_construct_ctx(dc, init_params)) goto destruct_dc; } else { -- 2.43.0

10 months, 3 weeks

1
82
0 0

[PATCH AUTOSEL 4.19 1/2] apparmor: fix possible NULL pointer dereference

by Sasha Levin

From: Leesoo Ahn <lsahn(a)ooseel.net> [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn(a)ooseel.net> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/apparmor/apparmorfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 80012d21f0386..1223b2648a549 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1593,6 +1593,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) struct aa_profile *p; p = aa_deref_parent(profile); dent = prof_dir(p); + if (!dent) { + error = -ENOENT; + goto fail2; + } /* adding to parent that previously didn't have children */ dent = aafs_create_dir("profiles", dent); if (IS_ERR(dent)) -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH AUTOSEL 5.4 1/2] apparmor: fix possible NULL pointer dereference

by Sasha Levin

From: Leesoo Ahn <lsahn(a)ooseel.net> [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn(a)ooseel.net> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/apparmor/apparmorfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 62736465ac82a..efe04f54be9ed 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1593,6 +1593,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) struct aa_profile *p; p = aa_deref_parent(profile); dent = prof_dir(p); + if (!dent) { + error = -ENOENT; + goto fail2; + } /* adding to parent that previously didn't have children */ dent = aafs_create_dir("profiles", dent); if (IS_ERR(dent)) -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH AUTOSEL 5.10 1/2] apparmor: fix possible NULL pointer dereference

by Sasha Levin

From: Leesoo Ahn <lsahn(a)ooseel.net> [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn(a)ooseel.net> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/apparmor/apparmorfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 49d97b331abca..06eac22665656 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1679,6 +1679,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) struct aa_profile *p; p = aa_deref_parent(profile); dent = prof_dir(p); + if (!dent) { + error = -ENOENT; + goto fail2; + } /* adding to parent that previously didn't have children */ dent = aafs_create_dir("profiles", dent); if (IS_ERR(dent)) -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH AUTOSEL 5.15 1/2] apparmor: fix possible NULL pointer dereference

by Sasha Levin

From: Leesoo Ahn <lsahn(a)ooseel.net> [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn(a)ooseel.net> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/apparmor/apparmorfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 8c7719108d7f7..c70b86f17124a 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1679,6 +1679,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) struct aa_profile *p; p = aa_deref_parent(profile); dent = prof_dir(p); + if (!dent) { + error = -ENOENT; + goto fail2; + } /* adding to parent that previously didn't have children */ dent = aafs_create_dir("profiles", dent); if (IS_ERR(dent)) -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH AUTOSEL 6.1 1/2] apparmor: fix possible NULL pointer dereference

by Sasha Levin

From: Leesoo Ahn <lsahn(a)ooseel.net> [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn(a)ooseel.net> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/apparmor/apparmorfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 7160e7aa58b94..ce7b2f43c3193 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1687,6 +1687,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) struct aa_profile *p; p = aa_deref_parent(profile); dent = prof_dir(p); + if (!dent) { + error = -ENOENT; + goto fail2; + } /* adding to parent that previously didn't have children */ dent = aafs_create_dir("profiles", dent); if (IS_ERR(dent)) -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH AUTOSEL 6.6 1/2] apparmor: fix possible NULL pointer dereference

by Sasha Levin

From: Leesoo Ahn <lsahn(a)ooseel.net> [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn(a)ooseel.net> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/apparmor/apparmorfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 63ddefb6ddd1c..23b2853ce3c42 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1698,6 +1698,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) struct aa_profile *p; p = aa_deref_parent(profile); dent = prof_dir(p); + if (!dent) { + error = -ENOENT; + goto fail2; + } /* adding to parent that previously didn't have children */ dent = aafs_create_dir("profiles", dent); if (IS_ERR(dent)) -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH AUTOSEL 6.10 1/2] apparmor: fix possible NULL pointer dereference

by Sasha Levin

From: Leesoo Ahn <lsahn(a)ooseel.net> [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn(a)ooseel.net> Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/apparmor/apparmorfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index bcfea073e3f2e..01b923d97a446 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1692,6 +1692,10 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) struct aa_profile *p; p = aa_deref_parent(profile); dent = prof_dir(p); + if (!dent) { + error = -ENOENT; + goto fail2; + } /* adding to parent that previously didn't have children */ dent = aafs_create_dir("profiles", dent); if (IS_ERR(dent)) -- 2.43.0

10 months, 3 weeks

1
1
0 0

[PATCH 4.19+] MIPS: Octeron: remove source file executable bit

by WangYuli

From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> commit 89c7f5078935872cf47a713a645affb5037be694 upstream This does not matter the least, but there is no other .[ch] file in the repo that is executable, so clean this up. Fixes: 29b83a64df3b ("MIPS: Octeon: Add PCIe link status check") Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Signed-off-by: Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/mips/pci/pcie-octeon.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 arch/mips/pci/pcie-octeon.c diff --git a/arch/mips/pci/pcie-octeon.c b/arch/mips/pci/pcie-octeon.c old mode 100755 new mode 100644 -- 2.43.4

10 months, 4 weeks

1
0
0 0

Re: [PATCH 6.10 000/809] 6.10.3-rc3 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

10 months, 4 weeks

1
0
0 0

[Regression] 6.11.0-rc1: BUG: using smp_processor_id() in preemptible when suspend the system

by David Wang

Hi, When I suspend my system, via `systemctl suspend`, kernel BUG shows up in log: kernel: [ 1734.412974] smpboot: CPU 2 is now offline kernel: [ 1734.414952] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-sleep/4619 kernel: [ 1734.414957] caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0 kernel: [ 1734.414964] CPU: 0 UID: 0 PID: 4619 Comm: systemd-sleep Tainted: P OE 6.11.0-rc1-linan-4 #292 kernel: [ 1734.414968] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE kernel: [ 1734.414969] Hardware name: Micro-Star International Co., Ltd. MS-7B89/B450M MORTAR MAX (MS-7B89), BIOS 2.80 06/10/2020 kernel: [ 1734.414970] Call Trace: kernel: [ 1734.414974] <TASK> kernel: [ 1734.414978] dump_stack_lvl+0x60/0x80 kernel: [ 1734.414982] check_preemption_disabled+0xce/0xe0 kernel: [ 1734.414987] hotplug_cpu__broadcast_tick_pull+0x1c/0xc0 kernel: [ 1734.414992] ? __pfx_takedown_cpu+0x10/0x10 kernel: [ 1734.414996] takedown_cpu+0x97/0x130 kernel: [ 1734.414999] cpuhp_invoke_callback+0xf8/0x450 kernel: [ 1734.415004] __cpuhp_invoke_callback_range+0x78/0xe0 kernel: [ 1734.415008] _cpu_down+0xf4/0x360 kernel: [ 1734.415012] freeze_secondary_cpus+0xae/0x290 kernel: [ 1734.415016] suspend_devices_and_enter+0x1da/0x920 kernel: [ 1734.415022] pm_suspend+0x1fa/0x500 kernel: [ 1734.415025] state_store+0x68/0xd0 kernel: [ 1734.415028] kernfs_fop_write_iter+0x169/0x1f0 kernel: [ 1734.415034] vfs_write+0x269/0x440 kernel: [ 1734.415041] ksys_write+0x63/0xe0 kernel: [ 1734.415044] do_syscall_64+0x4b/0x110 kernel: [ 1734.415048] entry_SYSCALL_64_after_hwframe+0x76/0x7e kernel: [ 1734.415052] RIP: 0033:0x7fe885cee240 kernel: [ 1734.415055] Code: 40 00 48 8b 15 c1 9b 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d a1 23 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 kernel: [ 1734.415057] RSP: 002b:00007ffc53ccec58 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 kernel: [ 1734.415060] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe885cee240 kernel: [ 1734.415062] RDX: 0000000000000004 RSI: 00007ffc53cced40 RDI: 0000000000000004 kernel: [ 1734.415063] RBP: 00007ffc53cced40 R08: 0000000000000007 R09: 000055f34dde8210 kernel: [ 1734.415064] R10: 6bccc22257390b18 R11: 0000000000000202 R12: 0000000000000004 kernel: [ 1734.415066] R13: 000055f34dde42d0 R14: 0000000000000004 R15: 00007fe885dc49e0 kernel: [ 1734.415071] </TASK> I confirmed that this was introduced by commit: f7d43dd206e7e18c182f200e67a8db8c209907fa tick/broadcast: Make takeover of broadcast hrtimer reliable , and revert this commit can fix it. Thanks David

10 months, 4 weeks

4
5
0 0

[PATCH 0/2] fix eMMC/SPI flash corruption when audio has been used on RK3399 Puma

by Quentin Schulz

In commit 91419ae0420f ("arm64: dts: rockchip: use BCLK to GPIO switch on rk3399"), an additional pinctrl state was added whose default pinmux is for 8ch i2s0. However, Puma only has 2ch i2s0. It's been overriding the pinctrl-0 property but the second property override was missed in the aforementioned commit. On Puma, a hardware slider called "BIOS Disable/Normal Boot" can disable eMMC and SPI to force booting from SD card. Another software-controlled GPIO is then configured to override this behavior to make eMMC and SPI available without human intervention. This is currently done in U-Boot and it was enough until the aforementioned commit. Indeed, because of this additional not-yet-overridden property, this software-controlled GPIO is now muxed in a state that does not override this hardware slider anymore, rendering SPI and eMMC flashes unusable. Let's override the property with the 2ch pinmux to fix this. While at it, add a GPIO hog for this software-controlled GPIO to make it explicit and also make it reserve the pin through the pinctrl subsystem to make sure nobody can mistakenly request it for something else: better have a non-working feature than eMMC/SPI being corrupted "randomly"! Signed-off-by: Quentin Schulz <quentin.schulz(a)cherry.de> --- Quentin Schulz (2): arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 36 ++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) --- base-commit: e4fc196f5ba36eb7b9758cf2c73df49a44199895 change-id: 20240731-puma-emmc-6-c141e891220b Best regards, -- Quentin Schulz <quentin.schulz(a)cherry.de>

10 months, 4 weeks

2
3
0 0

[PATCH] OPP: Fix support for required OPPs for multiple PM domains

by Ulf Hansson

In _set_opp() we are normally bailing out when trying to set an OPP that is the current one. This make perfect sense, but becomes a problem when _set_required_opps() calls it recursively. More precisely, when a required OPP is being shared by multiple PM domains, we end up skipping to request the corresponding performance-state for all of the PM domains, but the first one. Let's fix the problem, by calling _set_opp_level() from _set_required_opps() instead. Fixes: e37440e7e2c2 ("OPP: Call dev_pm_opp_set_opp() for required OPPs") Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> --- drivers/opp/core.c | 47 +++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index cb4611fe1b5b..45eca65f27f9 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1061,6 +1061,28 @@ static int _set_opp_bw(const struct opp_table *opp_table, return 0; } +static int _set_opp_level(struct device *dev, struct opp_table *opp_table, + struct dev_pm_opp *opp) +{ + unsigned int level = 0; + int ret = 0; + + if (opp) { + if (opp->level == OPP_LEVEL_UNSET) + return 0; + + level = opp->level; + } + + /* Request a new performance state through the device's PM domain. */ + ret = dev_pm_domain_set_performance_state(dev, level); + if (ret) + dev_err(dev, "Failed to set performance state %u (%d)\n", level, + ret); + + return ret; +} + /* This is only called for PM domain for now */ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, struct dev_pm_opp *opp, bool up) @@ -1091,7 +1113,8 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, if (devs[index]) { required_opp = opp ? opp->required_opps[index] : NULL; - ret = dev_pm_opp_set_opp(devs[index], required_opp); + ret = _set_opp_level(devs[index], opp_table, + required_opp); if (ret) return ret; } @@ -1102,28 +1125,6 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, return 0; } -static int _set_opp_level(struct device *dev, struct opp_table *opp_table, - struct dev_pm_opp *opp) -{ - unsigned int level = 0; - int ret = 0; - - if (opp) { - if (opp->level == OPP_LEVEL_UNSET) - return 0; - - level = opp->level; - } - - /* Request a new performance state through the device's PM domain. */ - ret = dev_pm_domain_set_performance_state(dev, level); - if (ret) - dev_err(dev, "Failed to set performance state %u (%d)\n", level, - ret); - - return ret; -} - static void _find_current_opp(struct device *dev, struct opp_table *opp_table) { struct dev_pm_opp *opp = ERR_PTR(-ENODEV); -- 2.34.1

10 months, 4 weeks

2
20
0 0

[PATCH 6.10 000/809] 6.10.3-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.3 release. There are 809 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 02 Aug 2024 07:30:18 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.3-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.3-rc2 Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: DENYLIST.aarch64: Skip fexit_sleep again Paul Moore <paul(a)paul-moore.com> selinux,smack: remove the capability checks in the removexattr hooks Esben Haabendal <esben(a)geanix.com> powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC James Clark <james.clark(a)linaro.org> perf dso: Fix build when libunwind is enabled Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix mbssid max interface advertisement Seth Forshee (DigitalOcean) <sforshee(a)kernel.org> fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Fix number of DAT/DCT entries for HCI versions < 1.1 Leon Romanovsky <leon(a)kernel.org> nvme-pci: add missing condition check for existence of mapped data Georgia Garcia <georgia.garcia(a)canonical.com> apparmor: unpack transition table if dfa is not present Ming Lei <ming.lei(a)redhat.com> ublk: fix UBLK_CMD_DEL_DEV_ASYNC handling Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_match_task must_hold Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Back off when polling thermal zones on errors Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: trip: Split thermal_zone_device_set_mode() Artem Chernyshev <artem.chernyshev(a)red-soft.ru> iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_cf: Fix endless loop in CF_DIAG event stop Vasily Gorbik <gor(a)linux.ibm.com> s390/setup: Fix __pa/__va for modules under non-GPL licenses Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Allow allocation of more than 1 MSI interrupt Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Refactor arch_setup_msi_irqs() ethanwu <ethanwu(a)synology.com> ceph: fix incorrect kmalloc size of pagevec mempool Anna-Maria Behnsen <anna-maria(a)linutronix.de> timers/migration: Do not rely always on group->parent Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: TAS2781: Fix tasdev_load_calibrated_data() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Limit fair VF LMEM provisioning Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/exec: Fix minor bug related to xe_sync_entry_cleanup Conor Dooley <conor.dooley(a)microchip.com> spi: spidev: add correct compatible for Rohm BH2228FV Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: sof: amd: fix for firmware reload failure in Vangogh platform Curtis Malainey <cujomalainey(a)chromium.org> ASoC: Intel: Fix RT5650 SSP lookup Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASOC: SOF: Intel: hda-loader: only wait for HDaudio IOC for IPC4 devices Bart Van Assche <bvanassche(a)acm.org> nvme-pci: Fix the instructions for disabling power management Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: fix init function not setting the master and motorola modes Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: only disable SPI controller when register value change requires it Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: defer asserting chip select until just before write to TX FIFO Naga Sureshkumar Relli <nagasuresh.relli(a)microchip.com> spi: microchip-core: fix the issues in the isr Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: SOF: imx8m: Fix DSP control regmap retrieval Markus Elfring <elfring(a)users.sourceforge.net> auxdisplay: ht16k33: Drop reference after LED registration Al Viro <viro(a)zeniv.linux.org.uk> lirc: rc_dev_get_from_fd(): fix file leak Al Viro <viro(a)zeniv.linux.org.uk> powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() Xiao Liang <shaw.leon(a)gmail.com> apparmor: Fix null pointer deref when receiving skb during sock creation Dan Carpenter <dan.carpenter(a)linaro.org> mISDN: Fix a use after free in hfcmulti_tx() Stanislav Fomichev <sdf(a)fomichev.me> xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len Fred Li <dracodingfly(a)gmail.com> bpf: Fix a segment issue when downgrading gso_size Breno Leitao <leitao(a)debian.org> net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Petr Machata <petrm(a)nvidia.com> net: nexthop: Initialize all fields in dumped nexthops Simon Horman <horms(a)kernel.org> net: stmmac: Correct byte order of perfect_match Hangbin Liu <liuhangbin(a)gmail.com> selftests: forwarding: skip if kernel not support setting bridge fdb learning limit Shigeru Yoshida <syoshida(a)redhat.com> tipc: Return non-zero value from tipc_udp_addr2str() on error David Howells <dhowells(a)redhat.com> netfs: Fix writeback that needs to go to both server and cache Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo_avx2: disable softinterrupts Wojciech Drewek <wojciech.drewek(a)intel.com> ice: Fix recipe read procedure Johannes Berg <johannes.berg(a)intel.com> net: bonding: correctly annotate RCU in bond_should_notify_peers() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect source address in Record Route option Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Liwei Song <liwei.song.lsong(a)gmail.com> tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Hou Tao <houtao1(a)huawei.com> bpf, events: Use prog to emit ksymbol event for main program Lance Richardson <rlance(a)google.com> dma: fix call order in dmam_free_coherent Michal Luczaj <mhal(a)rbox.co> af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix no-args func prototype BTF dumping syntax Puranjay Mohan <puranjay(a)kernel.org> selftests/bpf: fexit_sleep: Fix stack allocation for arm64 Masahiro Yamada <masahiroy(a)kernel.org> kbuild: avoid build error when single DTB is turned into composite DTB Chao Yu <chao(a)kernel.org> f2fs: fix to update user block counts in block_operations() Daejun Park <daejun7.park(a)samsung.com> f2fs: fix null reference error when checking end of zone Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() Sheng Yong <shengyong(a)oppo.com> f2fs: fix start segno of large section Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix signal blocking race/hang David Gow <davidgow(a)google.com> arch: um: rust: Use the generated target.json again Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time-travel-start option Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Enable reference clock correctly Ma Ke <make24(a)iscas.ac.cn> phy: cadence-torrent: Check return value on register read Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: phy-rockchip-samsung-hdptx: Select CONFIG_MFD_SYSCON Vignesh Raghavendra <vigneshr(a)ti.com> dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels Jeongjun Park <aha310510(a)gmail.com> jfs: Fix array-index-out-of-bounds in diFree Douglas Anderson <dianders(a)chromium.org> kdb: Use the passed prompt in kdb_position_cursor() Arnd Bergmann <arnd(a)arndb.de> kdb: address -Wformat-security warnings Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: qcom: qmp-pcie: restore compatibility with existing DTs Chao Yu <chao(a)kernel.org> f2fs: fix to truncate preallocated blocks in f2fs_file_open() Linus Torvalds <torvalds(a)linux-foundation.org> minmax: scsi: fix mis-use of 'clamp()' in sr.c WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Dryomov <idryomov(a)gmail.com> rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait Dragan Simic <dsimic(a)manjaro.org> drm/panfrost: Mark simple_ondemand governor as softdep Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: don't block scheduler when GPU is still active Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Test register availability before use Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: reset: Prioritise firmware service Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Remove memory node for builtin-dtb Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: env: Hook up Loongsson-2K Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Fix GMAC phy node Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: ip30: ip30-console: Add missing include Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Add ISA node Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Skip over memory region when node value is NULL Gwenael Treuveur <gwenael.treuveur(a)foss.st.com> remoteproc: stm32_rproc: Fix mailbox interrupts queuing Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume rbd_is_lock_owner() for exclusive mappings Eric Biggers <ebiggers(a)kernel.org> dm-verity: fix dm_is_verity_target() when dm-verity is builtin Michael Ellerman <mpe(a)ellerman.id.au> selftests/sigaltstack: Fix ppc64 GCC build Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Jiaxun Yang <jiaxun.yang(a)flygoat.com> platform: mips: cpu_hwmon: Disable driver on unsupported hardware Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd939x: Fix typec mux and switch leak during device removal Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone Thomas Gleixner <tglx(a)linutronix.de> watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Joy Chakraborty <joychakr(a)google.com> rtc: abx80x: Fix return value of nvmem callback on read Joy Chakraborty <joychakr(a)google.com> rtc: isl1208: Fix return value of nvmem callbacks Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Don't switch the LTTPR mode on an active link Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Reset intel_dp->link_trained before retraining the link Ma Ke <make24(a)iscas.ac.cn> drm/amd/amdgpu: Fix uninitialized variable warnings Tim Huang <tim.huang(a)amd.com> drm/amdgpu: add missed harvest check for VCN IP v4/v5 ZhenGuo Yin <zhenguo.yin(a)amd.com> drm/amdgpu: reset vm state machine after gpu reset(vram lost) Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Remove DRM_CONNECTOR_POLL_HPD Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Nitin Gote <nitin.r.gote(a)intel.com> drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix a topa_entry base address calculation Marco Cavenati <cavenati.marco(a)gmail.com> perf/x86/intel/pt: Fix topa_entry base length Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR Kan Liang <kan.liang(a)linux.intel.com> perf stat: Fix the hard-coded metrics calculation on the hybrid Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exec and file release Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exit Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: validate nvme_local_port correctly Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Complete command early within lock Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix flash read failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Reduce fabric scan duplicate code Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Use QP lock to search for bsg Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix for possible memory corruption Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Unable to act on RSCN for port online Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: During vport delete send async logout explicitly Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state Joy Chakraborty <joychakr(a)google.com> rtc: cmos: Fix return value of nvmem callbacks Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> mm/numa_balancing: teach mpol_to_str about the balancing mode Shenwei Wang <shenwei.wang(a)nxp.com> irqchip/imx-irqsteer: Handle runtime power management correctly Mateusz Jończyk <mat.jonczyk(a)o2.pl> md/raid1: set max_sectors during early return from choose_slow_rdev() Herve Codina <herve.codina(a)bootlin.com> irqdomain: Fixed unbalanced fwnode get and put Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix memory leakage caused by driver API devm_free_percpu() Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix devm_krealloc() wasting memory Yijie Yang <quic_yijiyang(a)quicinc.com> dt-bindings: phy: qcom,qmp-usb: fix spelling error Ahmed Zaki <ahmed.zaki(a)intel.com> ice: Add a per-VF limit on number of FDIR filters Bailey Forrest <bcf(a)google.com> gve: Fix an edge case for TSO skb validity check Zijun Hu <quic_zijuhu(a)quicinc.com> kobject_uevent: Fix OOB access within zap_modalias_env() Will Deacon <will(a)kernel.org> arm64: mm: Fix lockless walks with static and dynamic page-table folding Takashi Iwai <tiwai(a)suse.de> ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA Suren Baghdasaryan <surenb(a)google.com> alloc_tag: outline and export free_reserved_page() Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix '-S -c' in x86 stack protector scripts Ross Lagerwall <ross.lagerwall(a)citrix.com> decompress_bunzip2: fix rare decompression failure Ram Tummala <rtummala(a)nvidia.com> mm: fix old/young bit handling in the faulting path Yang Yang <yang.yang(a)vivo.com> block: fix deadlock between sd_remove & sd_release Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: samsung: fix getting Exynos4 fin_pll rate from external clocks Fedor Pchelkin <pchelkin(a)ispras.ru> ubi: eba: properly rollback inside self_check_eba Bastien Curutchet <bastien.curutchet(a)bootlin.com> clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle inconsistent state in nilfs_btnode_create_block() Joy Zou <joy.zou(a)nxp.com> dmaengine: fsl-edma: change the memory access from local into remote mode in i.MX 8QM Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: use meta inode for GC of COW file Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: use meta inode for GC of atomic file Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_convert_inline_inode() Chao Yu <chao(a)kernel.org> f2fs: fix to don't dirty inode for readonly filesystem Chao Yu <chao(a)kernel.org> f2fs: fix to force buffered IO on inline_data inode Herve Codina <herve.codina(a)bootlin.com> ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Huacai Chen <chenhuacai(a)kernel.org> fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed Li Zhijian <lizhijian(a)fujitsu.com> mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() Gao Xiang <xiang(a)kernel.org> erofs: fix race in z_erofs_get_gbuf() Qiang Ma <maqianga(a)uniontech.com> efi/libstub: Zero initialize heap allocated struct screen_info Johannes Berg <johannes.berg(a)intel.com> hostfs: fix dev_t handling tuhaowen <tuhaowen(a)uniontech.com> dev/parport: fix the array out-of-bounds risk Reka Norman <rekanorman(a)chromium.org> xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL Carlos Llamas <cmllamas(a)google.com> binder: fix hang of unregistered readers Huacai Chen <chenhuacai(a)kernel.org> PCI: loongson: Enable MSI in LS7A Root Complex Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Niklas Cassel <cassel(a)kernel.org> PCI: dw-rockchip: Fix initial PERST# GPIO value Wei Liu <wei.liu(a)kernel.org> PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Lukas Wunner <lukas(a)wunner.de> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal John David Anglin <dave(a)mx3210.local> parisc: Fix warning at drivers/pci/msi/msi.h:121 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> hwrng: amd - Convert PCIBIOS_* return codes to errnos Thomas Huth <thuth(a)redhat.com> drm/fbdev-dma: Fix framebuffer mode for big endian devices Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Alan Stern <stern(a)rowland.harvard.edu> tools/memory-model: Fix bug in lock.cat wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Add a quirk for Sonix HD USB Camera Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Move HD Webcam quirk to the right place wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Fix microphone sound on HD webcam. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Force 1 Group for MIDI1 FBs Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Don't update FB name for static blocks Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix wrong value as length of header for CIP_NO_HEADER case Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Fold requested virtual interrupt check into has_nested_events() Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Check for pending posted interrupts when looking for nested events Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Request immediate exit iff pending nested event needs injection Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector Sean Christopherson <seanjc(a)google.com> KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV nestedv2: Add DPDES support in helper library for Guest state buffer Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV nestedv2: Fix doorbell emulation Jason Chen <Jason-ch.Chen(a)mediatek.com> remoteproc: mediatek: Increase MT8188/MT8195 SCP core0 DRAM size Wentong Wu <wentong.wu(a)intel.com> media: ivsc: csi: don't count privacy on as error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Jan Kara <jack(a)suse.cz> jbd2: avoid infinite transaction commit loop Jan Kara <jack(a)suse.cz> jbd2: precompute number of transaction descriptor blocks Jan Kara <jack(a)suse.cz> jbd2: make jbd2_journal_get_max_txn_bufs() internal Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() Tommaso Merciai <tomm.merciai(a)gmail.com> media: i2c: alvium: Move V4L2_CID_GAIN to V4L2_CID_ANALOG_GAIN Wentong Wu <wentong.wu(a)intel.com> media: ivsc: csi: add separate lock for v4l2 control handler Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Thomas Weißschuh <linux(a)weissschuh.net> leds: triggers: Flush pending brightness before activating trigger Ofir Gal <ofir.gal(a)volumez.com> md/md-bitmap: fix writing non bitmap pages Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> leds: ss4200: Convert PCIBIOS_* return codes to errnos Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: soc: xilinx: check return status of get_api_version() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> cpufreq: qcom-nvmem: fix memory leaks in probe error paths Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: usb: Further limit the TX aggregation Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: usb: Fix disconnection after beacon loss Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix HW scan not aborting properly Rafael Beims <rafael.beims(a)toradex.com> wifi: mwifiex: Fix interface type change Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> genirq: Set IRQF_COND_ONESHOT in request_irq() levi.yun <yeoreum.yun(a)arm.com> trace/pid_list: Change gfp flags in pid_list_fill_irq() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't allow netpolling with SETUP_IOPOLL Pavel Begunkov <asml.silence(a)gmail.com> io_uring: tighten task exit cancellations Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix lost getsockopt completions Baokun Li <libaokun1(a)huawei.com> ext4: make sure the first directory block is not a hole Baokun Li <libaokun1(a)huawei.com> ext4: check dot and dotdot of dx_root before making dir indexed Ming Lei <ming.lei(a)redhat.com> block: check bio alignment in blk_mq_submit_bio Paolo Pisati <p.pisati(a)gmail.com> m68k: amiga: Turn off Warp1260 interrupts during boot Jan Kara <jack(a)suse.cz> udf: Avoid using corrupted block bitmap buffer Frederic Weisbecker <frederic(a)kernel.org> task_work: Introduce task_work_cancel() again Frederic Weisbecker <frederic(a)kernel.org> task_work: s/task_work_cancel()/task_work_cancel_func()/ Steve French <stfrench(a)microsoft.com> cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve French <stfrench(a)microsoft.com> cifs: fix reconnect with SMB1 UNIX Extensions Steve French <stfrench(a)microsoft.com> cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: use kvfree_sensitive to free data->data Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Check for NULL pointer Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix optrom version displayed in FDMI Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: fix corruption with high refresh rates on DCN 3.0 Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes Pavel Begunkov <asml.silence(a)gmail.com> io_uring/io-wq: limit retrying worker initialisation Paul Moore <paul(a)paul-moore.com> lsm: fixup the inode xattr capability handling Kory Maincent <kory.maincent(a)bootlin.com> media: i2c: Kconfig: Fix missing firmware upload config select Jan Kara <jack(a)suse.cz> ext2: Verify bitmap and itable block numbers before using them Chao Yu <chao(a)kernel.org> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Thomas Weißschuh <linux(a)weissschuh.net> sysctl: always initialize i_uid/i_gid Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: fix use after free in vdec_close Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Vitor Soares <vitor.soares(a)toradex.com> tpm_tis_spi: add missing attpm20p SPI device ID entry Thomas Weißschuh <linux(a)weissschuh.net> selftests/nolibc: fix printf format mismatch in expect_str_buf_eq() Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Fix offsets for the fixed format sense data Damien Le Moal <dlemoal(a)kernel.org> null_blk: Fix description of the fua parameter Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix spares errors about rcu usage Eric Sandeen <sandeen(a)redhat.com> fuse: verify {g,u}id mount options correctly Tejun Heo <tj(a)kernel.org> sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig Chuck Lever <chuck.lever(a)oracle.com> NFSD: Support write delegations in LAYOUTGET Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use write-back caching mode for system memory on DGFX Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: take care of scope when choosing the src addr Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv4: fix source address selection with route leak Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: fix source address selection with route leak Pavel Begunkov <asml.silence(a)gmail.com> kernel: rerun task_work while freezing in get_signal() Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map use-after-free when adding pages to compressed bio Lai Jiangshan <jiangshan.ljs(a)antgroup.com> workqueue: Always queue work items to the newest PWQ for order workqueues Chengen Du <chengen.du(a)canonical.com> af_packet: Handle outgoing VLAN packets without hardware offloading Breno Leitao <leitao(a)debian.org> net: netconsole: Disable target before netpoll cleanup Yu Liao <liaoyu15(a)huawei.com> tick/broadcast: Make takeover of broadcast hrtimer reliable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: thermal: correct thermal zone node name limit Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal/drivers/broadcom: Fix race between removal and clock disable Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential deadlock on __exfat_get_dentry_set Takashi Sakamoto <o-takashi(a)sakamocchi.jp> Revert "firewire: Annotate struct fw_iso_packet with __counted_by()" Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Revert to heap allocated boot_params for PE entrypoint Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid returning EFI_SUCCESS on error Yu Zhao <yuzhao(a)google.com> mm/mglru: fix ineffective protection calculation Yu Zhao <yuzhao(a)google.com> mm/mglru: fix overshooting shrinker memory Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Yu Zhao <yuzhao(a)google.com> mm/mglru: fix div-by-zero in vmpressure_calc_level() Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix possible recursive locking detected warning Aristeu Rozanski <aris(a)redhat.com> hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Gavin Shan <gshan(a)redhat.com> mm/huge_memory: avoid PMD-size page cache if needed Yang Shi <yang(a)os.amperecomputing.com> mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Jann Horn <jannh(a)google.com> landlock: Don't lose track of restrictions on cred_transfer Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add cred_transfer test Jason-JH.Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() Peng Fan <peng.fan(a)nxp.com> mailbox: imx: fix TXDB_V2 channel race condition Andrew Davis <afd(a)ti.com> mailbox: omap: Fix mailbox interrupt sharing Richard Genoud <richard.genoud(a)bootlin.com> remoteproc: k3-r5: Fix IPC-only mode detection Nícolas F. R. A. Prado <nfraprado(a)collabora.com> remoteproc: mediatek: Don't attempt to remap l1tcm memory if missing Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Check TIF_LOAD_WATCH to enable user space watchpoint Yang Yang <yang.yang(a)vivo.com> sbitmap: fix io hung due to race on sbitmap_word::cleared Suren Baghdasaryan <surenb(a)google.com> alloc_tag: fix page_ext_get/page_ext_put sequence during page splitting Suren Baghdasaryan <surenb(a)google.com> lib: reuse page_ext_data() to obtain codetag_ref Suren Baghdasaryan <surenb(a)google.com> lib: add missing newline character in the warning message Carlos López <clopez(a)suse.de> s390/dasd: fix error checks in dasd_copy_pair_store() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: fix size given to set_huge_pte_at() Heming Zhao <heming.zhao(a)suse.com> md-cluster: fix hanging issue while a new disk adding Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed error return Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix the format of the "nocase" mount option Csókás, Bence <csokas.bence(a)prolan.hu> rtc: interface: Add RTC offset to alarm after fix-up Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro SeongJae Park <sj(a)kernel.org> selftests/damon/access_memory: use user-defined region size David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: properly detect PM_MMAP_EXCLUSIVE per page of PMD-mapped THPs David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: don't indicate PM_MMAP_EXCLUSIVE without PM_PRESENT David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TPU suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TCLK suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: FIX PWM suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix IRQ suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix CANFD5 suffix Richard Genoud <richard.genoud(a)bootlin.com> rtc: tps6594: Fix memleak in probe Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix field-spanning write in INDEX_HDR Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> fs/ntfs3: Drop stray '\' (backslash) in formatting string Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct undo if ntfs_create_inode failed Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Replace inode_trylock with inode_lock Peng Fan <peng.fan(a)nxp.com> pinctrl: freescale: mxs: Fix refcount of child Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak when pinctrl_enable() fails Dmitry Yashin <dmt.yashin(a)gmail.com> pinctrl: rockchip: update rk3308 iomux routes Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add missing .dirty_folio in address_space_operations Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix getting file type Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Deny getting attr data block in compressed frame Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix transform resident to nonresident for compressed files Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT Martin Willi <martin(a)strongswan.org> net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Martin Willi <martin(a)strongswan.org> net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in fibmatch route get reply Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in route get reply Pablo Neira Ayuso <pablo(a)netfilter.org> net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Joshua Washington <joshwash(a)google.com> gve: Fix XDP TX completion handling when counters overflow Chen Hanxiao <chenhx.fnst(a)fujitsu.com> ipvs: properly dereference pe in ip_vs_add_service Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo: fix initial map fill Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: ctnetlink: use helper function to calculate expect ID Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Fix fallback march for SB1 Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Set correct device into ib Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: set node_guid Jack Wang <jinpu.wang(a)ionos.com> bnxt_re: Fix imm_data endianness David Ahern <dsahern(a)kernel.org> RDMA: Fix netdev tracker in ib_device_set_netdev David Gstir <david(a)sigma-star.at> crypto: mxs-dcp - Ensure payload is zero when using key slot Jon Pan-Doh <pandoh(a)google.com> iommu/vt-d: Fix identity map bounds in si_domain_init() Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix mbx timing out before CMD execution is completed Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix insufficient extend DB for VFs. Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix undifined behavior caused by invalid max_sge Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix missing pagesize and alignment check in FRMR Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatch exception handling when init eq table fails Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup under heavy CEQE load Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Check atomic wr length Nick Bowler <nbowler(a)draconx.ca> macintosh/therm_windtunnel: fix module unload. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/xmon: Fix disassembly CPU feature checks Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix aligned pages in calculate_psi_aligned_address() Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Limit max address mask to MAX_AGAW_PFN_WIDTH Frank Li <Frank.Li(a)nxp.com> PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom-ep: Disable resources unconditionally during PERST# assert Dominique Martinet <dominique.martinet(a)atmark-techno.com> MIPS: Octeron: remove source file executable bit Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: fix rate divider for slic and spi clocks Stephen Boyd <swboyd(a)chromium.org> clk: qcom: Park shared RCGs upon registration Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Set parent rate for USB3 sec and tert PHY pipe clks Chen Ni <nichen(a)iscas.ac.cn> clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error Nivas Varadharajan Mugunthakumar <nivasx.varadharajan.mugunthakumar(a)intel.com> crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Heiko Stuebner <heiko.stuebner(a)cherry.de> nvmem: rockchip-otp: set add_legacy_fixed_of_cells config option Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages Denis Arefev <arefev(a)swemel.ru> net: missing check virtio Michael S. Tsirkin <mst(a)redhat.com> vhost/vsock: always initialize seqpacket_allow Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Clean up error handling in vpci_scan_bus() Georgi Djakov <quic_c_gdjako(a)quicinc.com> iommu/arm-smmu-qcom: Register the TBU driver in qcom_smmu_impl_init Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: amd: Adjust error handling in case of absent codec device Guenter Roeck <linux(a)roeck-us.net> eeprom: ee1004: Call i2c_new_scanned_device to instantiate thermal sensor Christoph Schlameuss <schlameuss(a)linux.ibm.com> kvm: s390: Reject memory region operations for ucontrol VMs Benjamin Marzinski <bmarzins(a)redhat.com> dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Fix halt_check for all pipe clocks Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - do not leave interrupt disabled on suspend failure Leon Romanovsky <leon(a)kernel.org> RDMA/device: Return error earlier if port in not valid Arnd Bergmann <arnd(a)arndb.de> mtd: make mtd_test.c a separate module Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Check iova_bitmap_done() after set ahead Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Fix tests to use MOCK_PAGE_SIZE based buffer sizes Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Add tests for <= u8 bitmap sizes Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Fix iommufd_test_dirty() to handle <u8 bitmaps Joao Martins <joao.m.martins(a)oracle.com> iommufd/selftest: Fix dirty bitmap tests with u8 bitmaps Chen Ni <nichen(a)iscas.ac.cn> ASoC: max98088: Check for clk_prepare_enable() error Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/prom: Add CPU info to hardware description string later Harald Freudenberger <freude(a)linux.ibm.com> hwrng: core - Fix wrong quality calculation at hw rng registration Huai-Yuan Liu <qq810974084(a)gmail.com> scsi: lpfc: Fix a possible null pointer dereference Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() Honggang LI <honggangli(a)163.com> RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in alias_GUID.c Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in mad.c Andrei Lalaev <andrei.lalaev(a)anton-paar.com> Input: qt1050 - handle CHIP_ID reading error Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: winbond: fix w25q128 regression Leon Romanovsky <leon(a)kernel.org> RDMA/cache: Release GID table even if leak is detected Hao Ge <gehao(a)kylinos.cn> ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe() Neil Armstrong <neil.armstrong(a)linaro.org> usb: typec-mux: nb7vpq904m: unregister typec switch on probe error and remove Neil Armstrong <neil.armstrong(a)linaro.org> usb: typec-mux: ptn36502: unregister typec switch on probe error and remove Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: cs35l56: Accept values greater than 0 as IRQ numbers Shenghao Ding <shenghao-ding(a)ti.com> ASoc: tas2781: Enable RCA-based playback without DSP firmware download Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec_file: fix cpus node update to FDT Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE James Clark <james.clark(a)arm.com> coresight: Fix ref leak when of_coresight_parse_endpoint() fails Shivaprasad G Bhat <sbhat(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix the get_one_reg of SDAR Shivaprasad G Bhat <sbhat(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 Mostafa Saleh <smostafa(a)google.com> iommu/arm-smmu-v3: Avoid uninitialized asid in case of error Nuno Sa <nuno.sa(a)analog.com> iio: adc: adi-axi-adc: don't allow concurrent enable/disable calls Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: frequency: adrf6780: rm clk provider include Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad9467: use DMA safe buffer for spi Xianwei Zhao <xianwei.zhao(a)amlogic.com> clk: meson: s4: fix pwm_j_div parent clock Xianwei Zhao <xianwei.zhao(a)amlogic.com> clk: meson: s4: fix fixed_pll_dco clock Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock Lothar Rubusch <l.rubusch(a)gmail.com> crypto: atmel-sha204a - fix negated return value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: tegra - Remove an incorrect iommu_fwspec_free() call in tegra_se_remove() Minwoo Im <minwoo.im(a)samsung.com> scsi: ufs: mcq: Fix missing argument 'hba' in MCQ_OPR_OFFSET_n Andy Chiu <andy.chiu(a)sifive.com> riscv: smp: fail booting up smp if inconsistent vlen is detected Jon Hunter <jonathanh(a)nvidia.com> PCI: tegra194: Set EP alignment restriction for inbound ATU Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Don't enable BAR 0 for AM654x Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix resource double counting on remove & rescan Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Chenyuan Yang <chenyuan0y(a)gmail.com> iio: Fix the sorting functionality in iio_gts_build_avail_time_table Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup gss_status tracepoint error output Christoph Hellwig <hch(a)lst.de> nfs: pass explicit offset/count to trace events Luke D. Jones <luke(a)ljones.dev> platform/x86: asus-wmi: fix TUF laptop RGB variant Ian Rogers <irogers(a)google.com> perf dso: Fix address sanitizer build Andreas Larsson <andreas(a)gaisler.com> sparc64: Fix incorrect function signature and add prototype for prom_cif_init Dan Carpenter <dan.carpenter(a)linaro.org> leds: flash: leds-qcom-flash: Test the correct variable in init Thomas Zimmermann <tzimmermann(a)suse.de> drm/qxl: Pin buffer objects for internal mappings Jan Kara <jack(a)suse.cz> ext4: avoid writing unitialized memory to disk in EA inodes Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: don't track ranges in fast_commit if inode has inlined data Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server NeilBrown <neilb(a)suse.de> SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix rpcrdma_reqs_reset() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mfd: omap-usb-tll: Use struct_size to allocate tll Arnd Bergmann <arnd(a)arndb.de> mfd: rsmu: Split core code into separate module Steven Price <steven.price(a)arm.com> drm/panthor: Record devfreq busy as soon as a job is started Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix exclude_guest setting Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix aux_watermark calculation for 64-bit size Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: flush all buffers in output plane streamoff Namhyung Kim <namhyung(a)kernel.org> perf stat: Fix a segfault with --per-cluster --metric-only Michael Walle <mwalle(a)kernel.org> drm/mediatek/dp: Fix spurious kfree() Michael Walle <mwalle(a)kernel.org> drm/mediatek: dpi/dsi: Fix possible_crtcs calculation Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Add null check before access structs Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix infinite loop when replaying fast_commit Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Remove less-than-zero comparison of an unsigned value Geert Uytterhoeven <geert+renesas(a)glider.be> drm/panic: Do not select DRM_KMS_HELPER Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: depends on !VT_CONSOLE Luca Ceresoli <luca.ceresoli(a)bootlin.com> Revert "leds: led-core: Fix refcount leak in of_led_get()" Anjelique Melendez <quic_amelende(a)quicinc.com> leds: rgb: leds-qcom-lpg: Add PPG check for setting/clearing PBS triggers Chen Ni <nichen(a)iscas.ac.cn> drm/qxl: Add check for drm_cvt_mode Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix DMA direction handling for cached RW buffers Namhyung Kim <namhyung(a)kernel.org> perf report: Fix condition in sort__sym_cmp() Junhao He <hejunhao3(a)huawei.com> perf pmus: Fixes always false when compare duplicates aliases Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load James Clark <james.clark(a)arm.com> perf test: Make test_arm_callgraph_fp.sh more robust Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> platform/arm64: build drivers even on non-ARM64 platforms Geert Uytterhoeven <geert+renesas(a)glider.be> drm/panic: Fix off-by-one logo size checks Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: only draw the foreground color in drm_panic_blit() Karolina Stolarek <karolina.stolarek(a)intel.com> drm/ttm/tests: Fix a warning in ttm_bo_unreserve_bulk Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: set video mode widebus enable bit when widebus is enabled Hans de Goede <hdegoede(a)redhat.com> leds: trigger: Unregister sysfs attributes before calling deactivate() Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Drop initial source change event if capture has been setup Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/a6xx: Fix A702 UBWC mode Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/a6xx: use __unused__ to fix compiler warnings for gen7_* includes Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Set DRM mode configs accordingly Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add OVL compatible name for MT8195 Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Turn off the layers with zero width or height Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Fix destination alpha error in OVL Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Fix XRGB setting error in Mixer Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Fix XRGB setting error in OVL Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Use 8-bit alpha in ETHDR Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add missing plane settings when async update Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> drm/ttm/tests: Let ttm_bo_test consider different ww_mutex implementation. Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Store RPF partition configuration per RPF instance Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix _irqsave and _irq mix Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Cleanup subdevice in remove() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Disable runtime_pm in probe error Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Set SU area width as pipe src width Sean Anderson <sean.anderson(a)linux.dev> drm: zynqmp_kms: Fix AUX bus not getting unregistered Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() Daniel Schaefer <dhs(a)frame.work> media: uvcvideo: Override default flags Oleksandr Natalenko <oleksandr(a)natalenko.name> media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 Conor Dooley <conor.dooley(a)microchip.com> media: i2c: imx219: fix msr access command sequence Ricardo Ribalda <ribalda(a)chromium.org> media: c8sectpfe: Add missing parameter names Aleksandr Burakov <a.burakov(a)rosalinux.ru> saa7134: Unchecked i2c_transfer function result fixed Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: use pre-allocated temp structure for bounding box Dan Carpenter <dan.carpenter(a)linaro.org> ipmi: ssif_bmc: prevent integer overflow on 32bit systems Jiri Olsa <jolsa(a)kernel.org> x86/shstk: Make return uprobe work with shadow stack Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Print Panel Replay status instead of frame lock status Jouni Högander <jouni.hogander(a)intel.com> drm/i915/display: Skip Panel Replay on pipe comparison if no active planes Adam Ford <aford173(a)gmail.com> drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix unreasonable data conversion Irui Wang <irui.wang(a)mediatek.com> media: mediatek: vcodec: Handle invalid decoder vsi Ian Rogers <irogers(a)google.com> perf maps: Fix use after free in __maps__fixup_overlap_and_insert Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: fix runtime_pm handling in dp_wait_hpd_asserted Junhao Xie <bigfoot(a)classfun.cn> drm/msm/dpu: drop duplicate drm formats from wb2_formats arrays Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Revert "drm/msm/dpu: drop dpu_encoder_phys_ops.atomic_mode_set" Barnabás Czémán <trabarni(a)gmail.com> drm/msm/dpu: fix encoder irq wait skip David Hildenbrand <david(a)redhat.com> s390/uv: Don't call folio_wait_writeback() without a folio reference Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix type mismatch in amdgpu_gfx_kiq_init_ring ChiYuan Huang <cy_huang(a)richtek.com> media: v4l: async: Fix NULL pointer dereference in adding ancillary links Ricardo Ribalda <ribalda(a)chromium.org> media: i2c: hi846: Fix V4L2_SUBDEV_FORMAT_TRY get_selection() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: i2c: Fix imx412 exposure control Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Use enable boolean from intel_crtc_state for Early Transport Ricardo Ribalda <ribalda(a)chromium.org> media: imon: Fix race getting ictx->lock Zheng Yejian <zhengyejian1(a)huawei.com> media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: Move 'struct scaler_data' off stack Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: fix graphics_object_id size Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: dynamically allocate dml2_configuration_options structures Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix snprintf usage in amdgpu_gfx_kiq_init_ring Kuro Chung <kuro.chung(a)ite.com.tw> drm/bridge: it6505: fix hibernate to resume no display issue Douglas Anderson <dianders(a)chromium.org> drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators Douglas Anderson <dianders(a)chromium.org> drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better Tim Van Patten <timvp(a)google.com> drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix memory range calculation Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix aldebaran pcie speed reporting Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: lg-sw43408: add missing error handling Douglas Anderson <dianders(a)chromium.org> drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() Douglas Anderson <dianders(a)chromium.org> drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() Jouni Högander <jouni.hogander(a)intel.com> drm/i915/display: Do not print "psr: enabled" for on Panel Replay Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Rename has_psr2 as has_sel_update Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Fix CU Masking for GFX 9.4.3 Faiz Abbas <faiz.abbas(a)arm.com> drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the port mux of VP2 Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't access uninit tcp_rsk(req)->ao_keyid in tcp_create_openreq_child(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix usage of __hci_cmd_sync_status Elliot Ayrey <elliot.ayrey(a)alliedtelesis.co.nz> net: bridge: mst: Check vlan state for egress decision Taehee Yoo <ap420073(a)gmail.com> xdp: fix invalid wait context of page_pool_destroy() Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: hci_core, hci_sync: cleanup struct discovery_state Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: hci_event: Set QoS encryption from BIGInfo report Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Add handling for boot-signature timeout errors Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix irq leak Kiran K <kiran.k(a)intel.com> Bluetooth: btintel: Refactor btintel_set_ppag() Sven Peter <sven(a)svenpeter.dev> Bluetooth: hci_bcm4377: Use correct unit for timeouts Amit Cohen <amcohen(a)nvidia.com> selftests: forwarding: devlink_lib: Wait for udev events after reloading Kory Maincent <kory.maincent(a)bootlin.com> net: ethtool: pse-pd: Fix possible null-deref Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Do not return EOPNOSUPP if config is null Tengda Wu <wutengda(a)huaweicloud.com> bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Jeff Layton <jlayton(a)kernel.org> nfsd: nfsd_file_lease_notifier_call gets a file_lease as an argument Shung-Hsi Yu <shung-hsi.yu(a)suse.com> bpf: fix overflow check in adjust_jmp_off() Alan Maguire <alan.maguire(a)oracle.com> bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Alan Maguire <alan.maguire(a)oracle.com> bpf: annotate BTF show functions with __printf Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Fix closing IMC fds on error and open-code R+W instead of loops Puranjay Mohan <puranjay(a)kernel.org> bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Geliang Tang <geliang(a)kernel.org> selftests/bpf: Close obj in error path in xdp_adjust_tail Geliang Tang <geliang(a)kernel.org> selftests/bpf: Null checks for links in bpf_tcp_ca Geliang Tang <geliang(a)kernel.org> selftests/bpf: Close fd in error path in drop_on_reuseport John Stultz <jstultz(a)google.com> locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Johannes Berg <johannes.berg(a)intel.com> wifi: virt_wifi: don't use strlen() in const context Johannes Berg <johannes.berg(a)intel.com> net: page_pool: fix warning code Gaosheng Cui <cuigaosheng1(a)huawei.com> gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsdcld warning Benjamin Tissoires <bentiss(a)kernel.org> bpf: helpers: fix bpf_wq_set_callback_impl signature En-Wei Wu <en-wei.wu(a)canonical.com> wifi: virt_wifi: avoid reporting connection success with wrong SSID Jianbo Liu <jianbol(a)nvidia.com> xfrm: call xfrm_dev_policy_delete when kill policy Jianbo Liu <jianbol(a)nvidia.com> xfrm: fix netdev reference count imbalance Aleksandr Mishin <amishin(a)t-argos.ru> wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Fix DF and UMC domain identification Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Avoid PMU registration if counters are unavailable Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix default aux_watermark calculation Adrian Hunter <adrian.hunter(a)intel.com> perf: Prevent passing zero nr_pages to rb_alloc_aux() Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix perf_aux_size() for greater-than 32-bit size Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation Ilya Leoshkevich <iii(a)linux.ibm.com> bpf: Fix atomic probe zero-extension Tao Chen <chen.dylane(a)gmail.com> bpftool: Mount bpffs when pinmaps path not under the bpffs Pu Lehui <pulehui(a)huawei.com> riscv, bpf: Fix out-of-bounds issue when preparing trampoline image Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Export symbol xfrm_dev_state_delete. Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: 8188f: Limit TX power index Kuan-Chung Chen <damon.chen(a)realtek.com> wifi: rtw89: 8852b: fix definition of KIP register number Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: wow: fix GTK offload H2C skbuff issue Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix peer metadata parsing Aloka Dixit <quic_alokad(a)quicinc.com> wifi: ath12k: advertise driver capabilities for MBSSID and EMA Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: always unblock EMLSR on ROC end Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: correcty limit wider BW TDLS STAs Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add ieee80211_tdls_sta_link_id() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rise cap on SELinux secmark context Ismael Luceno <iluceno(a)suse.de> ipvs: Avoid unnecessary calls to skb_is_gso_sctp Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Fix unregister netdevice hang on hardware offload. Antoine Tenart <atenart(a)kernel.org> libbpf: Skip base btf sanity checks Donglin Peng <dolinux.peng(a)gmail.com> libbpf: Checking the btf_type kind when fixing variable offsets Jiri Olsa <jolsa(a)kernel.org> bpf: Change bpf_session_cookie return value to __u64 * Lukasz Majewski <lukma(a)denx.de> net: dsa: ksz_common: Allow only up to two HSR HW offloaded ports for KSZ9477 Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Fix FEC_ECR_EN1588 being cleared on link-down Jan Kara <jack(a)suse.cz> udf: Fix bogus checksum computation in udf_rename() Antony Antony <antony.antony(a)secunet.com> xfrm: Log input direction mismatch error in one place Antony Antony <antony.antony(a)secunet.com> xfrm: Fix input error path memory access Daniel Xu <dxu(a)dxuuu.xyz> bpf: Make bpf_session_cookie() kfunc return long * Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: separate non-BSS/ROC EMLSR blocking Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: fix re-enabling EMLSR Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: expose can-monitor channel property Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: ath12k: fix per pdev debugfs registration Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix ACPI warning when resume Thomas Gleixner <tglx(a)linutronix.de> jump_label: Fix concurrency issues in static_key_slow_dec() Thomas Gleixner <tglx(a)linutronix.de> perf/x86: Serialize set_attr_rdpmc() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix object nesting warning Ido Schimmel <idosch(a)nvidia.com> lib: objagg: Fix general protection fault Sean Christopherson <seanjc(a)google.com> sched/core: Drop spinlocks on contention iff kernel is preemptible Sean Christopherson <seanjc(a)google.com> sched/core: Move preempt_model_*() helpers from sched.h to preempt.h Jan Kara <jack(a)suse.cz> udf: Fix lock ordering in udf_evict_inode() Geliang Tang <geliang(a)kernel.org> selftests/bpf: Check length of recv in test_sockmap Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Andrii Nakryiko <andrii(a)kernel.org> libbpf: keep FD_CLOEXEC flag when dup()'ing FD Arnd Bergmann <arnd(a)arndb.de> hns3: avoid linking objects into multiple modules Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_v[46]_err() Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_abort() Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_write_err() Eric Dumazet <edumazet(a)google.com> tcp: add tcp_done_with_error() helper Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Restore TSO support Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix wrong definition of CE ring's base address Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong definition of CE ring's base address Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: 8852c: correct logic and restore PCI PHY EQ after device resume P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix firmware crash during reo reinject P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix invalid memory access while processing fragmented packets P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: change DMA direction while mapping reinjected packets Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: restore country code during resume Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: refactor setting country code logic Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reset negotiated TTLM on disconnect Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: cancel TTLM teardown work earlier Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: cancel multi-link reconf work on disconnect Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix TTLM teardown work Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: don't skip link selection Hagar Hemdan <hagarhem(a)amazon.com> net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: 8852b: restore setting for RFE type 5 after device resume Geliang Tang <geliang(a)kernel.org> selftests/bpf: Fix prog numbers in test_sockmap Ivan Babrou <ivan(a)cloudflare.com> bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix Smatch warnings on ath12k_core_suspend() Nithyanantham Paramasivam <quic_nithp(a)quicinc.com> wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure Pradeep Kumar Chitrapu <quic_pradeepc(a)quicinc.com> wifi: ath12k: Correct 6 GHz frequency value in rx status Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath12k: avoid duplicated vdev stop Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: drop failed transmitted frames from metric calculation. Sven Eckelmann <sven(a)narfation.org> wifi: ath12k: Don't drop tx_status in failure case Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Do not complete if there are no waiters Christophe Leroy <christophe.leroy(a)csgroup.eu> vmlinux.lds.h: catch .bss..L* sections into BSS") Tom Lendacky <thomas.lendacky(a)amd.com> x86/sev: Do RMP memory coverage check after max_pfn has been set Yanjun Yang <yangyj.ee(a)gmail.com> ARM: Remove address checking for MMUless devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: spitz: fix GPIO assignment for backlight Thorsten Blum <thorsten.blum(a)toblux.com> m68k: cmpxchg: Fix return value for default case in __arch_xchg() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fixes PHY reset for Lunzn Fastrhino R68S Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: disable display subsystem for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: remove unused usb2 nodes for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fix pmu_io supply for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fix usb regulator for Lunzn Fastrhino R6xS Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: fix regulator name for Lunzn Fastrhino R6xS Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu Dang Huynh <danct12(a)riseup.net> arm64: dts: qcom: qrb4210-rb2: Correct max current draw for VBUS Chen Ni <nichen(a)iscas.ac.cn> x86/xen: Convert comma to semicolon Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix USB HS PHY 0.8V supply Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp: Fix pgc vpu locations Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp: Fix pgc_mlmix location Eero Tamminen <oak(a)helsinkinet.fi> m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a08g045: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779h0: Drop "opp-shared" from opp-table-0 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: setup hdmi system clock Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: add power domain to hdmitx Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: gx: correct hdmi clocks AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-mutex: Add MDP_TCC0 mod to MT8188 mutex table Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix wake-on-X event node names Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Fix the value of `dlg,jack-det-rate` mismatch Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7981: fix code alignment for PWM clocks Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Add off-on-delay-us for pp3300_mipibrdg Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: medaitek: mt8395-nio-12l: Set i2c6 pins to bias-disable AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8192: Fix GPU thermal zone name for SVS AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Fix GPU thermal zone name for SVS Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix board reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: sm1: fix spdif compatibles Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Increase VOP clk rate on RK3328 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: fix parsing of domains lists Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: protect locator_addr with the main mutex Sibi Sankar <quic_sibis(a)quicinc.com> soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove Komal Bajaj <quic_kbajaj(a)quicinc.com> arm64: dts: qcom: qdu1000: Add secure qfprom node Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: qcom: sc7180-trogdor: Disable pwmleds node where unused Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62p5-sk: Fix pinmux for McASP1 TX Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am625-phyboard-lyra-rdk: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62-verdin: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am625-beagleplay: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62p5: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62a7: Drop McASP AFIFOs Jai Luthra <j-luthra(a)ti.com> arm64: dts: ti: k3-am62x: Drop McASP AFIFOs Vaishnav Achath <vaishnav.a(a)ti.com> arm64: dts: ti: k3-j722s: Fix main domain GPIO count Josua Mayer <josua(a)solid-run.com> arm64: dts: ti: k3-am642-hummingboard-t: correct rs485 rts polarity Jayesh Choudhary <j-choudhary(a)ti.com> arm64: dts: ti: k3-am62p-main: Fix the reg-range for main_pktdma Jayesh Choudhary <j-choudhary(a)ti.com> arm64: dts: ti: k3-am62a-main: Fix the reg-range for main_pktdma Jayesh Choudhary <j-choudhary(a)ti.com> arm64: dts: ti: k3-am62-main: Fix the reg-range for main_pktdma Esben Haabendal <esben(a)geanix.com> memory: fsl_ifc: Make FSL_IFC config visible and selectable Primoz Fiser <primoz.fiser(a)norik.com> OPP: ti: Fix ti_opp_supply_probe wrong return values Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc8280xp: Throttle the GPU when overheating Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc8280xp-*: Remove thermal zone polling delays Primoz Fiser <primoz.fiser(a)norik.com> cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: make L9A always-on Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Add arm,no-tick-in-suspend to STM32MP15xx STGEN timer Pavel Löbl <pavel(a)loebl.cz> ARM: dts: sunxi: remove duplicated entries in makefile Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> soc: xilinx: rename cpu_number1 to dummy_cpu_number Sagar Cheluvegowda <quic_scheluve(a)quicinc.com> arm64: dts: qcom: sa8775p: mark ethernet devices as DMA-coherent Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996: specify UFS core_clk frequencies Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Fix missing cleanup on error in _opp_attach_genpd() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> cpufreq: sun50i: fix memory leak in dt_has_supported_hw() Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s Stephen Boyd <swboyd(a)chromium.org> soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers Chen Ni <nichen(a)iscas.ac.cn> soc: qcom: pmic_glink: Handle the return value of pmic_glink_init Marc Gonzalez <mgonzalez(a)freebox.fr> arm64: dts: qcom: msm8998: enable adreno_smmu by default Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm850-lenovo-yoga-c630: fix IPA firmware path Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6350: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6115: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc8180x: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7180: drop extra UFS PHY compat Rayyan Ansari <rayyan(a)ansari.sh> ARM: dts: qcom: msm8226-microsoft-common: Enable smbb explicitly Viken Dadhaniya <quic_vdadhani(a)quicinc.com> arm64: dts: qcom: sc7280: Remove CTS/RTS configuration Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: sc8180x: Correct PCIe slave ports Konrad Dybcio <konrad.dybcio(a)linaro.org> soc: qcom: socinfo: Update X1E PMICs Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix swapped temp{1,8} critical alarms Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix underflow when writing limit attributes Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/display/xe_hdcp_gsc: Free arbiter on driver removal Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: atmel-tcb: Fix race condition and convert to guards Yao Zi <ziyao(a)disroot.org> drm/meson: fix canvas release in bind function Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmet-auth: fix nvmet_auth hash error handling Jinjie Ruan <ruanjinjie(a)huawei.com> arm64: smp: Fix missing IPI statistics Adam Ford <aford173(a)gmail.com> drm/bridge: adv7511: Fix Intermittent EDID failures Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Always do lazy disabling Dan Carpenter <dan.carpenter(a)linaro.org> hwmon: (ltc2991) re-order conditions to fix off by one bug Benjamin Marzinski <bmarzins(a)redhat.com> md/raid5: recheck if reshape has finished with device_lock held Yu Kuai <yukuai3(a)huawei.com> md: Don't wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl Rob Herring (Arm) <robh(a)kernel.org> perf: arm_pmuv3: Avoid assigning fixed cycle counter with threshold Christoph Hellwig <hch(a)lst.de> xen-blkfront: fix sector_size propagation to the block layer Bart Van Assche <bvanassche(a)acm.org> block/mq-deadline: Fix the tag reservation code Bart Van Assche <bvanassche(a)acm.org> block: Call .limit_depth() after .hctx has been set Wayne Tung <chineweff(a)gmail.com> hwmon: (adt7475) Fix default duty on fan is disabled Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Josh Poimboeuf <jpoimboe(a)kernel.org> x86/syscall: Mark exit[_group] syscall handlers __noreturn Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/xen: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/of: Return consistent error type from x86_of_pci_irq_enable() Chao Yu <chao(a)kernel.org> hfsplus: fix to avoid false alarm of circular locking Masahiro Yamada <masahiroy(a)kernel.org> x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix remote root partition creation problem Waiman Long <longman(a)redhat.com> cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls Gabriel Krisman Bertazi <krisman(a)suse.de> io_uring: Fix probe of disabled operations Damien Le Moal <dlemoal(a)kernel.org> dm: Call dm_revalidate_zones() after setting the queue limits Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Christoph Hellwig <hch(a)lst.de> ubd: untagle discard vs write zeroes not support handling Christoph Hellwig <hch(a)lst.de> ubd: refactor the interrupt handler Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_debugfs: fix wrong EC message version Christoph Hellwig <hch(a)lst.de> md/raid1: don't free conf on raid0_run failure Christoph Hellwig <hch(a)lst.de> md/raid0: don't free conf on raid0_run failure Li Nan <linan122(a)huawei.com> md: fix deadlock between mddev_suspend and flush bio Frederic Weisbecker <frederic(a)kernel.org> rcu/tasks: Fix stale task snaphot for Tasks Trace Arnd Bergmann <arnd(a)arndb.de> EDAC, i10nm: make skx_common.o a separate module Chen Ni <nichen(a)iscas.ac.cn> spi: atmel-quadspi: Add missing check for clk_prepare Prajna Rajendra Kumar <prajna.rajendrakumar(a)microchip.com> spi: spi-microchip-core: Fix the number of chip selects supported ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/powerpc/kvm-nested.rst | 4 +- .../phy/qcom,sc8280xp-qmp-usb3-uni-phy.yaml | 2 +- .../devicetree/bindings/thermal/thermal-zones.yaml | 5 +- Documentation/networking/xsk-tx-metadata.rst | 16 +- Documentation/virt/kvm/api.rst | 12 + Makefile | 4 +- arch/arm/boot/dts/allwinner/Makefile | 62 -- .../arm/boot/dts/nxp/imx/imx6q-kontron-samx6i.dtsi | 23 - .../boot/dts/nxp/imx/imx6qdl-kontron-samx6i.dtsi | 14 +- .../dts/qcom/qcom-msm8226-microsoft-common.dtsi | 4 + arch/arm/boot/dts/st/stm32mp151.dtsi | 1 + arch/arm/mach-pxa/spitz.c | 30 +- arch/arm/mm/fault.c | 4 +- arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 5 + arch/arm64/boot/dts/amlogic/meson-g12.dtsi | 4 + arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 10 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 10 +- arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 8 +- arch/arm64/boot/dts/freescale/imx8mp.dtsi | 89 +-- .../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7981b.dtsi | 8 +- .../dts/mediatek/mt8183-kukui-audio-da7219.dtsi | 2 +- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 8 +- .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8192.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +- .../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 +- .../arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 - arch/arm64/boot/dts/qcom/qcm6490-fairphone-fp5.dts | 1 - arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 1 - arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 1 - arch/arm64/boot/dts/qcom/qdu1000.dtsi | 15 + arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 4 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 + .../boot/dts/qcom/sc7180-trogdor-lazor-r1-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r1-lte.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r10-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r10-lte.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r3-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r3-lte.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r9-kb.dts | 2 +- .../boot/dts/qcom/sc7180-trogdor-lazor-r9-lte.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 5 +- arch/arm64/boot/dts/qcom/sc7180.dtsi | 3 +- arch/arm64/boot/dts/qcom/sc7280-idp.dtsi | 1 - arch/arm64/boot/dts/qcom/sc7280-qcard.dtsi | 1 - arch/arm64/boot/dts/qcom/sc7280.dtsi | 14 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 8 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 +- arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi | 4 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 28 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + .../boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 1 + arch/arm64/boot/dts/qcom/sm6115.dtsi | 2 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 + arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 5 +- arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 5 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 5 +- arch/arm64/boot/dts/renesas/r8a779h0.dtsi | 1 - arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 5 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 5 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 5 +- arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 5 +- arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3566-roc-pc.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 +- .../boot/dts/rockchip/rk3568-fastrhino-r66s.dts | 4 + .../boot/dts/rockchip/rk3568-fastrhino-r66s.dtsi | 48 +- .../boot/dts/rockchip/rk3568-fastrhino-r68s.dts | 16 +- arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 - arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 4 - arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 - .../boot/dts/ti/k3-am625-phyboard-lyra-rdk.dts | 2 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 2 - arch/arm64/boot/dts/ti/k3-am62p-main.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 4 +- arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 2 - arch/arm64/boot/dts/ti/k3-am642-hummingboard-t.dts | 1 - arch/arm64/boot/dts/ti/k3-j722s.dtsi | 8 + arch/arm64/include/asm/pgtable.h | 22 + arch/arm64/kernel/smp.c | 6 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/loongarch/kernel/hw_breakpoint.c | 2 +- arch/loongarch/kernel/ptrace.c | 3 + arch/m68k/amiga/config.c | 9 + arch/m68k/atari/ataints.c | 6 +- arch/m68k/include/asm/cmpxchg.h | 2 +- arch/mips/Makefile | 2 +- arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 2 + arch/mips/include/asm/mips-cm.h | 4 + arch/mips/kernel/smp-cps.c | 5 +- arch/mips/loongson64/env.c | 8 + arch/mips/loongson64/reset.c | 38 +- arch/mips/loongson64/smp.c | 23 +- arch/mips/pci/pcie-octeon.c | 0 arch/mips/sgi-ip30/ip30-console.c | 1 + arch/parisc/Kconfig | 1 + arch/powerpc/configs/85xx-hw.config | 2 + arch/powerpc/include/asm/guest-state-buffer.h | 3 +- arch/powerpc/include/asm/kvm_book3s.h | 1 + arch/powerpc/kernel/prom.c | 12 +- arch/powerpc/kexec/core_64.c | 55 +- arch/powerpc/kvm/book3s_hv.c | 9 +- arch/powerpc/kvm/book3s_hv_nestedv2.c | 7 + arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/kvm/test-guest-state-buffer.c | 2 +- arch/powerpc/mm/nohash/8xx.c | 3 +- arch/powerpc/xmon/ppc-dis.c | 33 +- arch/riscv/kernel/head.S | 19 +- arch/riscv/kernel/smpboot.c | 14 +- arch/riscv/net/bpf_jit_comp64.c | 18 +- arch/s390/kernel/perf_cpum_cf.c | 14 +- arch/s390/kernel/setup.c | 2 +- arch/s390/kernel/uv.c | 8 + arch/s390/kvm/kvm-s390.c | 3 + arch/s390/pci/pci_irq.c | 110 ++-- arch/sparc/include/asm/oplib_64.h | 1 + arch/sparc/prom/init_64.c | 3 - arch/sparc/prom/p1275.c | 2 +- arch/um/drivers/ubd_kern.c | 50 +- arch/um/kernel/time.c | 4 +- arch/um/os-Linux/signal.c | 118 +++- arch/x86/Kconfig.assembler | 2 +- arch/x86/Makefile.um | 1 + arch/x86/entry/syscall_32.c | 10 +- arch/x86/entry/syscall_64.c | 9 +- arch/x86/entry/syscall_x32.c | 7 +- arch/x86/entry/syscalls/syscall_32.tbl | 6 +- arch/x86/entry/syscalls/syscall_64.tbl | 6 +- arch/x86/events/amd/uncore.c | 28 +- arch/x86/events/core.c | 3 + arch/x86/events/intel/cstate.c | 7 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/pt.c | 4 +- arch/x86/events/intel/pt.h | 4 +- arch/x86/events/intel/uncore_snbep.c | 6 +- arch/x86/include/asm/kvm-x86-ops.h | 1 - arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/include/asm/shstk.h | 2 + arch/x86/kernel/devicetree.c | 2 +- arch/x86/kernel/shstk.c | 11 + arch/x86/kernel/uprobes.c | 7 +- arch/x86/kvm/vmx/main.c | 1 - arch/x86/kvm/vmx/nested.c | 47 +- arch/x86/kvm/vmx/posted_intr.h | 10 + arch/x86/kvm/vmx/vmx.c | 31 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/vmx/x86_ops.h | 1 - arch/x86/kvm/x86.c | 14 +- arch/x86/pci/intel_mid_pci.c | 4 +- arch/x86/pci/xen.c | 4 +- arch/x86/platform/intel/iosf_mbi.c | 4 +- arch/x86/um/sys_call_table_32.c | 10 +- arch/x86/um/sys_call_table_64.c | 11 +- arch/x86/virt/svm/sev.c | 44 +- arch/x86/xen/p2m.c | 4 +- block/bio-integrity.c | 11 +- block/blk-mq.c | 32 +- block/genhd.c | 2 +- block/mq-deadline.c | 20 +- drivers/android/binder.c | 4 +- drivers/ata/libata-scsi.c | 176 ++--- drivers/auxdisplay/ht16k33.c | 1 + drivers/base/devres.c | 11 +- drivers/block/null_blk/main.c | 2 +- drivers/block/rbd.c | 35 +- drivers/block/ublk_drv.c | 5 +- drivers/block/xen-blkfront.c | 16 +- drivers/bluetooth/btintel.c | 119 +--- drivers/bluetooth/btintel_pcie.c | 6 + drivers/bluetooth/btnxpuart.c | 52 +- drivers/bluetooth/btusb.c | 4 + drivers/bluetooth/hci_bcm4377.c | 2 +- drivers/bus/mhi/ep/main.c | 14 +- drivers/char/hw_random/amd-rng.c | 4 +- drivers/char/hw_random/core.c | 4 +- drivers/char/ipmi/ssif_bmc.c | 6 +- drivers/char/tpm/eventlog/common.c | 2 + drivers/char/tpm/tpm_tis_spi_main.c | 1 + drivers/clk/clk-en7523.c | 9 +- drivers/clk/davinci/da8xx-cfgchip.c | 4 +- drivers/clk/meson/s4-peripherals.c | 2 +- drivers/clk/meson/s4-pll.c | 5 + drivers/clk/qcom/camcc-sc7280.c | 5 + drivers/clk/qcom/clk-rcg2.c | 32 + drivers/clk/qcom/gcc-sa8775p.c | 40 ++ drivers/clk/qcom/gcc-sc7280.c | 3 + drivers/clk/qcom/gcc-x1e80100.c | 46 +- drivers/clk/qcom/gpucc-sa8775p.c | 41 +- drivers/clk/qcom/gpucc-sm8350.c | 5 +- drivers/clk/qcom/kpss-xcc.c | 4 +- drivers/clk/samsung/clk-exynos4.c | 13 +- drivers/cpufreq/amd-pstate-ut.c | 12 +- drivers/cpufreq/amd-pstate.c | 43 +- drivers/cpufreq/qcom-cpufreq-nvmem.c | 13 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 4 +- drivers/cpufreq/ti-cpufreq.c | 2 +- drivers/crypto/atmel-sha204a.c | 2 +- drivers/crypto/ccp/sev-dev.c | 8 +- drivers/crypto/intel/qat/qat_common/adf_cfg.c | 6 +- drivers/crypto/mxs-dcp.c | 3 +- drivers/crypto/tegra/tegra-se-main.c | 1 - drivers/dma/fsl-edma-common.c | 3 + drivers/dma/fsl-edma-common.h | 1 + drivers/dma/fsl-edma-main.c | 2 +- drivers/dma/ti/k3-udma.c | 4 +- drivers/edac/Makefile | 10 +- drivers/edac/skx_common.c | 21 +- drivers/edac/skx_common.h | 4 +- drivers/firmware/efi/libstub/screen_info.c | 2 + drivers/firmware/efi/libstub/x86-stub.c | 25 +- drivers/firmware/turris-mox-rwtm.c | 23 +- drivers/gpu/drm/Kconfig | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 9 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 + drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c | 2 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 6 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 6 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 6 + drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 +- drivers/gpu/drm/amd/display/dc/dc.h | 1 + .../drm/amd/display/dc/dml2/dml2_mall_phantom.c | 2 + .../amd/display/dc/dml2/dml2_translation_helper.c | 56 +- .../gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.c | 15 +- .../gpu/drm/amd/display/dc/optc/dcn20/dcn20_optc.c | 10 + .../amd/display/dc/resource/dcn32/dcn32_resource.c | 12 +- .../display/dc/resource/dcn321/dcn321_resource.c | 12 +- .../gpu/drm/amd/display/include/grph_object_id.h | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 +- drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 43 +- drivers/gpu/drm/bridge/adv7511/adv7511.h | 2 +- drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 13 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +- drivers/gpu/drm/bridge/ite-it6505.c | 81 ++- drivers/gpu/drm/bridge/samsung-dsim.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 +- drivers/gpu/drm/drm_fbdev_dma.c | 3 +- drivers/gpu/drm/drm_panic.c | 70 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 +- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 + drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 + .../gpu/drm/i915/display/intel_crtc_state_dump.c | 7 +- drivers/gpu/drm/i915/display/intel_display.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 4 +- .../gpu/drm/i915/display/intel_dp_link_training.c | 55 +- drivers/gpu/drm/i915/display/intel_fbc.c | 2 +- drivers/gpu/drm/i915/display/intel_psr.c | 36 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 6 +- drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 107 +-- drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 8 +- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 41 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 2 +- drivers/gpu/drm/mediatek/mtk_dp.c | 10 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 5 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 24 + drivers/gpu/drm/mediatek/mtk_drm_drv.h | 4 + drivers/gpu/drm/mediatek/mtk_dsi.c | 5 +- drivers/gpu/drm/mediatek/mtk_ethdr.c | 21 +- drivers/gpu/drm/mediatek/mtk_plane.c | 4 +- drivers/gpu/drm/meson/meson_drv.c | 37 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 13 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 7 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys.h | 5 + .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 32 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 13 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 6 - drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 +- drivers/gpu/drm/msm/dp/dp_aux.c | 5 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 6 +- drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/panel/panel-himax-hx8394.c | 3 +- drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 8 +- drivers/gpu/drm/panel/panel-lg-sw43408.c | 33 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + drivers/gpu/drm/panthor/panthor_sched.c | 1 + drivers/gpu/drm/qxl/qxl_display.c | 17 +- drivers/gpu/drm/qxl/qxl_object.c | 13 +- drivers/gpu/drm/qxl/qxl_object.h | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 48 +- drivers/gpu/drm/ttm/tests/ttm_kunit_helpers.c | 7 +- drivers/gpu/drm/ttm/tests/ttm_kunit_helpers.h | 3 +- drivers/gpu/drm/ttm/tests/ttm_pool_test.c | 4 +- drivers/gpu/drm/ttm/tests/ttm_resource_test.c | 2 +- drivers/gpu/drm/ttm/tests/ttm_tt_test.c | 20 +- drivers/gpu/drm/udl/udl_modeset.c | 3 +- drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 12 +- drivers/gpu/drm/xe/xe_bo.c | 47 +- drivers/gpu/drm/xe/xe_bo_types.h | 3 +- drivers/gpu/drm/xe/xe_exec.c | 14 +- drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 1 + drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 1 + drivers/gpu/drm/xlnx/zynqmp_kms.c | 12 +- drivers/hwmon/adt7475.c | 2 +- drivers/hwmon/ltc2991.c | 4 +- drivers/hwmon/max6697.c | 5 +- drivers/hwtracing/coresight/coresight-platform.c | 4 +- drivers/i3c/master/mipi-i3c-hci/core.c | 8 + drivers/iio/adc/ad9467.c | 65 +- drivers/iio/adc/adi-axi-adc.c | 2 + drivers/iio/frequency/adrf6780.c | 1 - drivers/iio/industrialio-gts-helper.c | 7 +- drivers/infiniband/core/cache.c | 14 +- drivers/infiniband/core/device.c | 14 +- drivers/infiniband/core/iwcm.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 +- drivers/infiniband/hw/hns/hns_roce_device.h | 7 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 164 +++-- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 + drivers/infiniband/hw/hns/hns_roce_mr.c | 5 + drivers/infiniband/hw/hns/hns_roce_qp.c | 4 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 2 +- drivers/infiniband/hw/mana/device.c | 16 +- drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 + drivers/infiniband/hw/mlx5/odp.c | 6 +- drivers/infiniband/sw/rxe/rxe_req.c | 7 +- drivers/input/keyboard/qt1050.c | 7 +- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/interconnect/qcom/qcm2290.c | 2 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom-debug.c | 17 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 39 ++ drivers/iommu/arm/arm-smmu/arm-smmu-qcom.h | 2 + drivers/iommu/intel/cache.c | 3 +- drivers/iommu/intel/iommu.c | 2 +- drivers/iommu/iommufd/iova_bitmap.c | 5 +- drivers/iommu/iommufd/selftest.c | 2 +- drivers/iommu/sprd-iommu.c | 2 +- drivers/irqchip/irq-imx-irqsteer.c | 24 +- drivers/isdn/hardware/mISDN/hfcmulti.c | 7 +- drivers/leds/flash/leds-mt6360.c | 5 +- drivers/leds/flash/leds-qcom-flash.c | 10 +- drivers/leds/led-class.c | 1 - drivers/leds/led-triggers.c | 8 +- drivers/leds/leds-ss4200.c | 7 +- drivers/leds/rgb/leds-qcom-lpg.c | 8 +- drivers/leds/trigger/ledtrig-timer.c | 5 - drivers/macintosh/therm_windtunnel.c | 2 +- drivers/mailbox/imx-mailbox.c | 10 +- drivers/mailbox/mtk-cmdq-mailbox.c | 12 +- drivers/mailbox/omap-mailbox.c | 3 +- drivers/md/dm-raid.c | 7 +- drivers/md/dm-table.c | 15 +- drivers/md/dm-verity-target.c | 16 +- drivers/md/dm-zone.c | 25 +- drivers/md/dm.h | 1 + drivers/md/md-bitmap.c | 6 +- drivers/md/md-cluster.c | 22 +- drivers/md/md.c | 32 +- drivers/md/raid0.c | 21 +- drivers/md/raid1.c | 15 +- drivers/md/raid5.c | 76 ++- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/alvium-csi2.c | 6 +- drivers/media/i2c/hi846.c | 2 +- drivers/media/i2c/imx219.c | 2 +- drivers/media/i2c/imx412.c | 9 +- drivers/media/pci/intel/ivsc/mei_csi.c | 14 +- drivers/media/pci/ivtv/ivtv-udma.c | 8 + drivers/media/pci/ivtv/ivtv-yuv.c | 6 + drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/pci/saa7134/saa7134-dvb.c | 8 +- .../mediatek/vcodec/decoder/vdec/vdec_vp8_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 6 + drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 3 + drivers/media/platform/nxp/imx-pxp.c | 3 + drivers/media/platform/qcom/venus/vdec.c | 3 +- drivers/media/platform/renesas/rcar-csi2.c | 5 +- drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 +- drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 +- drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 +- drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 +- .../platform/st/sti/c8sectpfe/c8sectpfe-debugfs.h | 4 +- .../platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 4 +- drivers/media/rc/imon.c | 5 +- drivers/media/rc/lirc_dev.c | 4 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 +- drivers/media/usb/uvc/uvc_ctrl.c | 9 +- drivers/media/usb/uvc/uvc_driver.c | 12 +- drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/media/v4l2-core/v4l2-async.c | 3 + drivers/memory/Kconfig | 2 +- drivers/mfd/Makefile | 6 +- drivers/mfd/omap-usb-tll.c | 3 +- drivers/mfd/rsmu_core.c | 2 + drivers/misc/eeprom/ee1004.c | 6 +- drivers/mtd/nand/raw/Kconfig | 3 +- drivers/mtd/spi-nor/winbond.c | 2 + drivers/mtd/tests/Makefile | 34 +- drivers/mtd/tests/mtd_test.c | 9 + drivers/mtd/ubi/eba.c | 3 +- drivers/net/bonding/bond_main.c | 7 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/microchip/ksz_common.c | 7 + drivers/net/dsa/mv88e6xxx/chip.c | 3 +- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 +- drivers/net/ethernet/cortina/gemini.c | 23 +- drivers/net/ethernet/freescale/fec_main.c | 6 + drivers/net/ethernet/google/gve/gve_tx.c | 5 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 +- drivers/net/ethernet/hisilicon/hns3/Makefile | 11 +- .../hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 11 + .../hisilicon/hns3/hns3_common/hclge_comm_rss.c | 14 + .../hns3/hns3_common/hclge_comm_tqp_stats.c | 5 + drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 + drivers/net/ethernet/intel/ice/ice_switch.c | 8 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +- .../ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 +- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 - .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 19 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/netconsole.c | 2 +- drivers/net/pse-pd/pse_core.c | 4 +- drivers/net/virtio_net.c | 8 +- drivers/net/wireless/ath/ath11k/ce.h | 6 +- drivers/net/wireless/ath/ath11k/core.c | 29 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 3 +- drivers/net/wireless/ath/ath11k/dp_rx.h | 3 + drivers/net/wireless/ath/ath11k/mac.c | 28 +- drivers/net/wireless/ath/ath11k/reg.c | 14 +- drivers/net/wireless/ath/ath11k/reg.h | 4 +- drivers/net/wireless/ath/ath12k/acpi.c | 2 + drivers/net/wireless/ath/ath12k/ce.h | 6 +- drivers/net/wireless/ath/ath12k/core.c | 7 +- drivers/net/wireless/ath/ath12k/dp.c | 18 +- drivers/net/wireless/ath/ath12k/dp.h | 1 + drivers/net/wireless/ath/ath12k/dp_rx.c | 67 +- drivers/net/wireless/ath/ath12k/dp_tx.c | 47 +- drivers/net/wireless/ath/ath12k/hal_desc.h | 48 +- drivers/net/wireless/ath/ath12k/hw.c | 8 +- drivers/net/wireless/ath/ath12k/hw.h | 3 +- drivers/net/wireless/ath/ath12k/mac.c | 17 +- drivers/net/wireless/ath/ath12k/wmi.c | 23 +- drivers/net/wireless/ath/ath12k/wmi.h | 12 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 +- drivers/net/wireless/intel/iwlwifi/mvm/link.c | 9 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 10 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 9 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/realtek/rtl8xxxu/8188f.c | 15 + drivers/net/wireless/realtek/rtw88/mac.c | 9 + drivers/net/wireless/realtek/rtw88/main.h | 2 + drivers/net/wireless/realtek/rtw88/reg.h | 1 + drivers/net/wireless/realtek/rtw88/rtw8703b.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8723d.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8821c.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8822b.c | 1 + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 1 + drivers/net/wireless/realtek/rtw88/usb.c | 6 +- drivers/net/wireless/realtek/rtw89/debug.c | 2 +- drivers/net/wireless/realtek/rtw89/fw.c | 13 +- drivers/net/wireless/realtek/rtw89/mac.c | 5 +- drivers/net/wireless/realtek/rtw89/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/rtw8852b.c | 6 +- drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 2 +- drivers/net/wireless/virtual/virt_wifi.c | 20 +- drivers/nvme/host/pci.c | 5 +- drivers/nvme/target/auth.c | 14 +- drivers/nvmem/rockchip-otp.c | 1 + drivers/opp/core.c | 6 +- drivers/opp/ti-opp-supply.c | 6 +- drivers/parport/procfs.c | 24 +- drivers/pci/controller/dwc/pci-keystone.c | 156 +++-- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 - drivers/pci/controller/dwc/pcie-tegra194.c | 1 + drivers/pci/controller/pci-hyperv.c | 4 +- drivers/pci/controller/pci-loongson.c | 13 + drivers/pci/controller/pcie-rcar-host.c | 6 +- drivers/pci/controller/pcie-rockchip.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 14 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +- drivers/pci/pci.c | 6 +- drivers/pci/setup-bus.c | 6 +- drivers/perf/arm_pmuv3.c | 10 +- drivers/phy/cadence/phy-cadence-torrent.c | 3 + drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 9 +- drivers/phy/rockchip/Kconfig | 2 + drivers/phy/xilinx/phy-zynqmp.c | 14 +- drivers/pinctrl/core.c | 12 +- drivers/pinctrl/freescale/pinctrl-mxs.c | 4 +- drivers/pinctrl/pinctrl-rockchip.c | 17 +- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 716 ++++++++++----------- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 11 +- drivers/platform/Makefile | 2 +- drivers/platform/chrome/cros_ec_debugfs.c | 1 + drivers/platform/mips/cpu_hwmon.c | 3 + drivers/platform/x86/asus-wmi.c | 6 +- drivers/power/supply/ab8500_charger.c | 16 +- drivers/power/supply/ingenic-battery.c | 10 +- drivers/pwm/pwm-atmel-tcb.c | 12 +- drivers/pwm/pwm-stm32.c | 5 +- drivers/remoteproc/imx_rproc.c | 10 +- drivers/remoteproc/mtk_scp.c | 21 +- drivers/remoteproc/stm32_rproc.c | 2 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 13 +- drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-abx80x.c | 12 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-isl1208.c | 11 +- drivers/rtc/rtc-tps6594.c | 4 - drivers/s390/block/dasd_devmap.c | 10 +- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 2 +- drivers/scsi/lpfc/lpfc_sli.c | 19 +- drivers/scsi/qla2xxx/qla_bsg.c | 98 +-- drivers/scsi/qla2xxx/qla_def.h | 17 +- drivers/scsi/qla2xxx/qla_gbl.h | 6 +- drivers/scsi/qla2xxx/qla_gs.c | 473 +++++++------- drivers/scsi/qla2xxx/qla_init.c | 92 ++- drivers/scsi/qla2xxx/qla_inline.h | 8 + drivers/scsi/qla2xxx/qla_mid.c | 2 +- drivers/scsi/qla2xxx/qla_nvme.c | 5 +- drivers/scsi/qla2xxx/qla_os.c | 19 +- drivers/scsi/qla2xxx/qla_sup.c | 108 +++- drivers/scsi/sr_ioctl.c | 2 +- drivers/soc/mediatek/mtk-mutex.c | 1 + drivers/soc/qcom/icc-bwmon.c | 4 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soc/qcom/pmic_glink.c | 13 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/soc/qcom/rpmh.c | 1 - drivers/soc/qcom/socinfo.c | 3 +- drivers/soc/xilinx/xlnx_event_manager.c | 15 +- drivers/soc/xilinx/zynqmp_power.c | 4 +- drivers/spi/atmel-quadspi.c | 11 +- drivers/spi/spi-microchip-core.c | 139 ++-- drivers/spi/spidev.c | 1 + drivers/thermal/broadcom/bcm2835_thermal.c | 19 +- drivers/thermal/thermal_core.c | 89 ++- drivers/thermal/thermal_core.h | 10 +- drivers/ufs/core/ufs-mcq.c | 10 +- drivers/usb/host/xhci-pci.c | 4 +- drivers/usb/typec/mux/nb7vpq904m.c | 7 +- drivers/usb/typec/mux/ptn36502.c | 11 +- drivers/vhost/vsock.c | 4 +- drivers/video/fbdev/vesafb.c | 2 +- drivers/watchdog/rzg2l_wdt.c | 22 +- fs/btrfs/compression.c | 2 +- fs/ceph/super.c | 3 +- fs/erofs/zutil.c | 3 + fs/exfat/dir.c | 2 +- fs/ext2/balloc.c | 11 +- fs/ext4/extents_status.c | 2 + fs/ext4/fast_commit.c | 6 + fs/ext4/namei.c | 73 ++- fs/ext4/xattr.c | 6 + fs/f2fs/checkpoint.c | 10 +- fs/f2fs/data.c | 10 +- fs/f2fs/f2fs.h | 19 +- fs/f2fs/file.c | 47 +- fs/f2fs/gc.c | 13 +- fs/f2fs/inline.c | 8 +- fs/f2fs/inode.c | 14 +- fs/f2fs/segment.c | 6 +- fs/f2fs/segment.h | 3 +- fs/fuse/inode.c | 24 +- fs/hfs/inode.c | 3 + fs/hfsplus/bfind.c | 15 +- fs/hfsplus/extents.c | 9 +- fs/hfsplus/hfsplus_fs.h | 21 + fs/hostfs/hostfs.h | 7 +- fs/hostfs/hostfs_kern.c | 10 +- fs/hostfs/hostfs_user.c | 7 +- fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 56 +- fs/jbd2/transaction.c | 45 +- fs/jfs/jfs_imap.c | 5 +- fs/netfs/write_issue.c | 1 + fs/nfs/file.c | 5 +- fs/nfs/nfs4client.c | 6 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/nfstrace.h | 36 +- fs/nfs/read.c | 8 +- fs/nfs/write.c | 10 +- fs/nfsd/Kconfig | 2 +- fs/nfsd/filecache.c | 2 +- fs/nfsd/nfs4proc.c | 5 +- fs/nfsd/nfs4recover.c | 4 +- fs/nilfs2/btnode.c | 25 +- fs/nilfs2/btree.c | 4 +- fs/nilfs2/segment.c | 2 +- fs/ntfs3/attrib.c | 30 +- fs/ntfs3/bitmap.c | 2 +- fs/ntfs3/dir.c | 3 +- fs/ntfs3/file.c | 5 +- fs/ntfs3/frecord.c | 2 +- fs/ntfs3/fslog.c | 5 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/inode.c | 13 +- fs/ntfs3/ntfs.h | 12 +- fs/ntfs3/super.c | 4 +- fs/proc/proc_sysctl.c | 6 +- fs/proc/task_mmu.c | 30 +- fs/smb/client/cifsfs.c | 8 +- fs/smb/client/connect.c | 24 +- fs/super.c | 11 + fs/udf/balloc.c | 15 +- fs/udf/file.c | 2 + fs/udf/inode.c | 11 +- fs/udf/namei.c | 2 - fs/udf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 2 +- include/drm/drm_mipi_dsi.h | 46 +- include/linux/alloc_tag.h | 2 +- include/linux/bpf_verifier.h | 2 +- include/linux/firewire.h | 5 +- include/linux/huge_mm.h | 12 +- include/linux/hugetlb.h | 1 + include/linux/interrupt.h | 2 +- include/linux/jbd2.h | 12 +- include/linux/lsm_hook_defs.h | 1 + include/linux/mlx5/qp.h | 9 +- include/linux/mm.h | 16 +- include/linux/objagg.h | 1 - include/linux/perf_event.h | 1 + include/linux/pgalloc_tag.h | 7 +- include/linux/preempt.h | 41 ++ include/linux/sbitmap.h | 5 + include/linux/sched.h | 41 -- include/linux/screen_info.h | 10 + include/linux/spinlock.h | 14 +- include/linux/task_work.h | 3 +- include/linux/virtio_net.h | 11 + include/net/bluetooth/hci_core.h | 4 - include/net/ip6_route.h | 22 +- include/net/ip_fib.h | 1 + include/net/mana/mana.h | 2 + include/net/tcp.h | 1 + include/net/xfrm.h | 36 +- include/sound/tas2781-dsp.h | 11 +- include/trace/events/rpcgss.h | 2 +- include/uapi/drm/xe_drm.h | 8 +- include/uapi/linux/if_xdp.h | 4 + include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/zorro_ids.h | 3 + include/ufs/ufshcd.h | 6 + io_uring/io-wq.c | 10 +- io_uring/io_uring.c | 5 +- io_uring/napi.c | 2 + io_uring/opdef.c | 8 + io_uring/opdef.h | 4 +- io_uring/register.c | 2 +- io_uring/timeout.c | 2 +- io_uring/uring_cmd.c | 2 +- kernel/bpf/btf.c | 10 +- kernel/bpf/helpers.c | 2 +- kernel/bpf/verifier.c | 5 +- kernel/cgroup/cpuset.c | 76 ++- kernel/debug/kdb/kdb_io.c | 6 +- kernel/dma/mapping.c | 2 +- kernel/events/core.c | 77 ++- kernel/events/internal.h | 2 +- kernel/events/ring_buffer.c | 4 +- kernel/irq/irqdomain.c | 7 +- kernel/irq/manage.c | 2 +- kernel/jump_label.c | 45 +- kernel/locking/rwsem.c | 6 +- kernel/rcu/tasks.h | 10 + kernel/sched/core.c | 37 +- kernel/sched/fair.c | 7 +- kernel/sched/sched.h | 2 +- kernel/signal.c | 8 + kernel/task_work.c | 34 +- kernel/time/tick-broadcast.c | 23 + kernel/time/timer_migration.c | 33 +- kernel/time/timer_migration.h | 12 +- kernel/trace/pid_list.c | 4 +- kernel/watchdog_perf.c | 11 +- kernel/workqueue.c | 6 +- lib/decompress_bunzip2.c | 3 +- lib/kobject_uevent.c | 17 +- lib/objagg.c | 18 +- lib/sbitmap.c | 36 +- mm/huge_memory.c | 14 +- mm/hugetlb.c | 49 +- mm/memory.c | 2 +- mm/mempolicy.c | 18 +- mm/mmap_lock.c | 175 +---- mm/page_alloc.c | 35 +- mm/vmscan.c | 83 ++- net/bluetooth/hci_core.c | 27 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/hci_sync.c | 2 - net/bridge/br_forward.c | 4 +- net/core/filter.c | 15 +- net/core/flow_dissector.c | 2 +- net/core/page_pool.c | 2 +- net/core/xdp.c | 4 +- net/ethtool/pse-pd.c | 8 +- net/ipv4/esp4.c | 3 +- net/ipv4/esp4_offload.c | 7 + net/ipv4/fib_semantics.c | 13 +- net/ipv4/fib_trie.c | 1 + net/ipv4/nexthop.c | 7 +- net/ipv4/route.c | 18 +- net/ipv4/tcp.c | 8 +- net/ipv4/tcp_input.c | 32 +- net/ipv4/tcp_ipv4.c | 11 +- net/ipv4/tcp_minisocks.c | 15 +- net/ipv4/tcp_timer.c | 6 +- net/ipv6/addrconf.c | 3 +- net/ipv6/esp6.c | 3 +- net/ipv6/esp6_offload.c | 7 + net/ipv6/ip6_output.c | 1 + net/ipv6/route.c | 2 +- net/ipv6/tcp_ipv6.c | 10 +- net/mac80211/chan.c | 11 + net/mac80211/main.c | 2 +- net/mac80211/mlme.c | 15 +- net/mac80211/sta_info.h | 6 + net/mac80211/tx.c | 6 +- net/netfilter/ipvs/ip_vs_ctl.c | 10 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 3 +- net/netfilter/nft_set_pipapo.c | 4 +- net/netfilter/nft_set_pipapo.h | 21 + net/netfilter/nft_set_pipapo_avx2.c | 22 +- net/packet/af_packet.c | 86 ++- net/smc/smc_core.c | 5 +- net/sunrpc/auth_gss/gss_krb5_keys.c | 2 +- net/sunrpc/clnt.c | 3 +- net/sunrpc/xprtrdma/frwr_ops.c | 3 +- net/sunrpc/xprtrdma/verbs.c | 16 +- net/tipc/udp_media.c | 5 +- net/unix/af_unix.c | 41 +- net/unix/unix_bpf.c | 3 + net/wireless/nl80211.c | 3 + net/wireless/util.c | 8 +- net/xdp/xdp_umem.c | 9 +- net/xfrm/xfrm_input.c | 8 +- net/xfrm/xfrm_policy.c | 5 +- net/xfrm/xfrm_state.c | 65 +- net/xfrm/xfrm_user.c | 1 - scripts/Kconfig.include | 3 +- scripts/Makefile.lib | 6 +- scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- scripts/syscalltbl.sh | 18 +- security/apparmor/lsm.c | 7 + security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 43 +- security/keys/keyctl.c | 2 +- security/landlock/cred.c | 11 +- security/security.c | 70 +- security/selinux/hooks.c | 38 +- security/smack/smack_lsm.c | 34 +- sound/core/ump.c | 13 + sound/firewire/amdtp-stream.c | 3 +- sound/pci/hda/patch_realtek.c | 6 +- sound/soc/amd/acp-es8336.c | 4 +- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/codecs/max98088.c | 10 +- sound/soc/codecs/pcm6240.c | 6 +- sound/soc/codecs/tas2781-fmwlib.c | 20 +- sound/soc/codecs/tas2781-i2c.c | 39 +- sound/soc/codecs/wcd939x.c | 113 ++-- sound/soc/fsl/fsl_qmc_audio.c | 2 + sound/soc/intel/common/soc-acpi-intel-ssp-common.c | 9 + sound/soc/intel/common/soc-intel-quirks.h | 2 +- sound/soc/qcom/lpass-cpu.c | 4 + sound/soc/sof/amd/pci-vangogh.c | 1 - sound/soc/sof/imx/imx8m.c | 2 +- sound/soc/sof/intel/hda-loader.c | 18 +- sound/soc/sof/intel/hda.c | 17 +- sound/soc/sof/ipc4-topology.c | 46 +- sound/usb/mixer.c | 7 + sound/usb/quirks.c | 4 + tools/bpf/bpftool/common.c | 2 +- tools/bpf/bpftool/prog.c | 4 + tools/bpf/resolve_btfids/main.c | 2 +- tools/lib/bpf/btf.c | 2 +- tools/lib/bpf/btf_dump.c | 8 +- tools/lib/bpf/libbpf_internal.h | 10 +- tools/lib/bpf/linker.c | 11 +- tools/memory-model/lock.cat | 20 +- tools/objtool/noreturns.h | 4 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 8 +- tools/perf/arch/x86/util/intel-pt.c | 15 +- tools/perf/tests/shell/test_arm_callgraph_fp.sh | 27 +- tools/perf/tests/workloads/leafloop.c | 20 +- tools/perf/ui/gtk/annotate.c | 5 +- tools/perf/util/cs-etm.c | 10 +- tools/perf/util/disasm.c | 10 +- tools/perf/util/dso.c | 14 +- tools/perf/util/dso.h | 19 + tools/perf/util/maps.c | 9 +- tools/perf/util/pmus.c | 5 +- tools/perf/util/sort.c | 2 +- tools/perf/util/srcline.c | 12 +- tools/perf/util/stat-display.c | 3 + tools/perf/util/stat-shadow.c | 7 + tools/perf/util/symbol.c | 18 +- tools/perf/util/unwind-libdw.c | 12 +- tools/perf/util/unwind-libunwind-local.c | 18 +- tools/testing/selftests/bpf/bpf_kfuncs.h | 2 +- .../testing/selftests/bpf/prog_tests/bpf_tcp_ca.c | 16 +- .../testing/selftests/bpf/prog_tests/fexit_sleep.c | 8 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 +- .../selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 +- .../bpf/progs/btf_dump_test_case_multidim.c | 4 +- .../bpf/progs/btf_dump_test_case_syntax.c | 4 +- .../bpf/progs/kprobe_multi_session_cookie.c | 2 +- tools/testing/selftests/bpf/test_sockmap.c | 9 +- tools/testing/selftests/damon/access_memory.c | 2 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 +- tools/testing/selftests/iommu/iommufd.c | 76 ++- tools/testing/selftests/iommu/iommufd_utils.h | 6 +- tools/testing/selftests/landlock/base_test.c | 74 +++ tools/testing/selftests/landlock/config | 1 + tools/testing/selftests/net/fib_tests.sh | 24 +- .../net/forwarding/bridge_fdb_learning_limit.sh | 18 + .../selftests/net/forwarding/devlink_lib.sh | 2 + tools/testing/selftests/nolibc/nolibc-test.c | 2 +- tools/testing/selftests/resctrl/resctrl_val.c | 54 +- .../selftests/sigaltstack/current_stack_pointer.h | 2 +- 858 files changed, 7467 insertions(+), 4533 deletions(-)

10 months, 4 weeks

3
3
0 0

[PATCH 6.1 000/441] 6.1.103-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.103 release. There are 441 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 02 Aug 2024 07:30:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.103-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.103-rc2 Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Avoid hcall in plpks_is_available() on non-pseries Seth Forshee (DigitalOcean) <sforshee(a)kernel.org> fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Leon Romanovsky <leon(a)kernel.org> nvme-pci: add missing condition check for existence of mapped data Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_match_task must_hold Artem Chernyshev <artem.chernyshev(a)red-soft.ru> iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_cf: Fix endless loop in CF_DIAG event stop Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Allow allocation of more than 1 MSI interrupt Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Refactor arch_setup_msi_irqs() ethanwu <ethanwu(a)synology.com> ceph: fix incorrect kmalloc size of pagevec mempool Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Conor Dooley <conor.dooley(a)microchip.com> spi: spidev: add correct compatible for Rohm BH2228FV Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> spi: spidev: order compatibles alphabetically Vincent Tremblay <vincent(a)vtremblay.dev> spidev: Add Silicon Labs EM3581 device compatible Bart Van Assche <bvanassche(a)acm.org> nvme-pci: Fix the instructions for disabling power management Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: fix init function not setting the master and motorola modes Yang Yingliang <yangyingliang(a)huawei.com> spi: microchip-core: switch to use modern name Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: only disable SPI controller when register value change requires it Naga Sureshkumar Relli <nagasuresh.relli(a)microchip.com> spi: microchip-core: fix the issues in the isr Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: SOF: imx8m: Fix DSP control regmap retrieval Markus Elfring <elfring(a)users.sourceforge.net> auxdisplay: ht16k33: Drop reference after LED registration Al Viro <viro(a)zeniv.linux.org.uk> lirc: rc_dev_get_from_fd(): fix file leak Al Viro <viro(a)zeniv.linux.org.uk> powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() Xiao Liang <shaw.leon(a)gmail.com> apparmor: Fix null pointer deref when receiving skb during sock creation Dan Carpenter <dan.carpenter(a)linaro.org> mISDN: Fix a use after free in hfcmulti_tx() Fred Li <dracodingfly(a)gmail.com> bpf: Fix a segment issue when downgrading gso_size Petr Machata <petrm(a)nvidia.com> net: nexthop: Initialize all fields in dumped nexthops Simon Horman <horms(a)kernel.org> net: stmmac: Correct byte order of perfect_match Shigeru Yoshida <syoshida(a)redhat.com> tipc: Return non-zero value from tipc_udp_addr2str() on error Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo_avx2: disable softinterrupts Johannes Berg <johannes.berg(a)intel.com> net: bonding: correctly annotate RCU in bond_should_notify_peers() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect source address in Record Route option Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Liwei Song <liwei.song.lsong(a)gmail.com> tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Hou Tao <houtao1(a)huawei.com> bpf, events: Use prog to emit ksymbol event for main program Lance Richardson <rlance(a)google.com> dma: fix call order in dmam_free_coherent Michal Luczaj <mhal(a)rbox.co> af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix no-args func prototype BTF dumping syntax Masahiro Yamada <masahiroy(a)kernel.org> kbuild: avoid build error when single DTB is turned into composite DTB Chao Yu <chao(a)kernel.org> f2fs: fix to update user block counts in block_operations() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() Sheng Yong <shengyong(a)oppo.com> f2fs: fix start segno of large section Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix signal blocking race/hang Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time-travel-start option Ma Ke <make24(a)iscas.ac.cn> phy: cadence-torrent: Check return value on register read Vignesh Raghavendra <vigneshr(a)ti.com> dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels Jeongjun Park <aha310510(a)gmail.com> jfs: Fix array-index-out-of-bounds in diFree Douglas Anderson <dianders(a)chromium.org> kdb: Use the passed prompt in kdb_position_cursor() Arnd Bergmann <arnd(a)arndb.de> kdb: address -Wformat-security warnings Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: check basic rates validity Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: track capability/opmode NSS separately Rameshkumar Sundaram <quic_ramess(a)quicinc.com> wifi: mac80211: Allow NSS change only up to capability Pavel Begunkov <asml.silence(a)gmail.com> io_uring/io-wq: limit retrying worker initialisation Lukas Wunner <lukas(a)wunner.de> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Ira Weiny <ira.weiny(a)intel.com> PCI: Introduce cleanup helpers for device reference counts and locks Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle inconsistent state in nilfs_btnode_create_block() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Jiri Olsa <jolsa(a)kernel.org> bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Dryomov <idryomov(a)gmail.com> rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait Dragan Simic <dsimic(a)manjaro.org> drm/panfrost: Mark simple_ondemand governor as softdep Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: don't block scheduler when GPU is still active Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Test register availability before use Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: reset: Prioritise firmware service Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Remove memory node for builtin-dtb Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: env: Hook up Loongsson-2K Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Fix GMAC phy node Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: ip30: ip30-console: Add missing include Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Add ISA node Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Skip over memory region when node value is NULL Gwenael Treuveur <gwenael.treuveur(a)foss.st.com> remoteproc: stm32_rproc: Fix mailbox interrupts queuing Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume rbd_is_lock_owner() for exclusive mappings Eric Biggers <ebiggers(a)kernel.org> dm-verity: fix dm_is_verity_target() when dm-verity is builtin Michael Ellerman <mpe(a)ellerman.id.au> selftests/sigaltstack: Fix ppc64 GCC build Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Jiaxun Yang <jiaxun.yang(a)flygoat.com> platform: mips: cpu_hwmon: Disable driver on unsupported hardware Thomas Gleixner <tglx(a)linutronix.de> watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Joy Chakraborty <joychakr(a)google.com> rtc: isl1208: Fix return value of nvmem callbacks Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Reset intel_dp->link_trained before retraining the link Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Nitin Gote <nitin.r.gote(a)intel.com> drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix a topa_entry base address calculation Marco Cavenati <cavenati.marco(a)gmail.com> perf/x86/intel/pt: Fix topa_entry base length Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exec and file release Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exit Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: validate nvme_local_port correctly Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Complete command early within lock Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix flash read failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Use QP lock to search for bsg Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix for possible memory corruption Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Unable to act on RSCN for port online Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: During vport delete send async logout explicitly Joy Chakraborty <joychakr(a)google.com> rtc: cmos: Fix return value of nvmem callbacks Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> mm/numa_balancing: teach mpol_to_str about the balancing mode Shenwei Wang <shenwei.wang(a)nxp.com> irqchip/imx-irqsteer: Handle runtime power management correctly Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix memory leakage caused by driver API devm_free_percpu() Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix devm_krealloc() wasting memory Ahmed Zaki <ahmed.zaki(a)intel.com> ice: Add a per-VF limit on number of FDIR filters Bailey Forrest <bcf(a)google.com> gve: Fix an edge case for TSO skb validity check Zijun Hu <quic_zijuhu(a)quicinc.com> kobject_uevent: Fix OOB access within zap_modalias_env() Takashi Iwai <tiwai(a)suse.de> ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix '-S -c' in x86 stack protector scripts Ross Lagerwall <ross.lagerwall(a)citrix.com> decompress_bunzip2: fix rare decompression failure Fedor Pchelkin <pchelkin(a)ispras.ru> ubi: eba: properly rollback inside self_check_eba Bastien Curutchet <bastien.curutchet(a)bootlin.com> clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_convert_inline_inode() Chao Yu <chao(a)kernel.org> f2fs: fix to don't dirty inode for readonly filesystem Chao Yu <chao(a)kernel.org> f2fs: fix to force buffered IO on inline_data inode Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Huacai Chen <chenhuacai(a)kernel.org> fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed tuhaowen <tuhaowen(a)uniontech.com> dev/parport: fix the array out-of-bounds risk Carlos Llamas <cmllamas(a)google.com> binder: fix hang of unregistered readers Huacai Chen <chenhuacai(a)kernel.org> PCI: loongson: Enable MSI in LS7A Root Complex Manivannan Sadhasivam <mani(a)kernel.org> PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Niklas Cassel <cassel(a)kernel.org> PCI: dw-rockchip: Fix initial PERST# GPIO value Wei Liu <wei.liu(a)kernel.org> PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN John David Anglin <dave(a)mx3210.local> parisc: Fix warning at drivers/pci/msi/msi.h:121 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> hwrng: amd - Convert PCIBIOS_* return codes to errnos Alan Stern <stern(a)rowland.harvard.edu> tools/memory-model: Fix bug in lock.cat wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Add a quirk for Sonix HD USB Camera Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Move HD Webcam quirk to the right place wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Fix microphone sound on HD webcam. Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Request immediate exit iff pending nested event needs injection Sean Christopherson <seanjc(a)google.com> KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Jan Kara <jack(a)suse.cz> jbd2: make jbd2_journal_get_max_txn_bufs() internal Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> leds: ss4200: Convert PCIBIOS_* return codes to errnos Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: soc: xilinx: check return status of get_api_version() Rafael Beims <rafael.beims(a)toradex.com> wifi: mwifiex: Fix interface type change Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add cred_transfer test levi.yun <yeoreum.yun(a)arm.com> trace/pid_list: Change gfp flags in pid_list_fill_irq() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: tighten task exit cancellations Baokun Li <libaokun1(a)huawei.com> ext4: make sure the first directory block is not a hole Baokun Li <libaokun1(a)huawei.com> ext4: check dot and dotdot of dx_root before making dir indexed Paolo Pisati <p.pisati(a)gmail.com> m68k: amiga: Turn off Warp1260 interrupts during boot Jan Kara <jack(a)suse.cz> udf: Avoid using corrupted block bitmap buffer Frederic Weisbecker <frederic(a)kernel.org> task_work: Introduce task_work_cancel() again Frederic Weisbecker <frederic(a)kernel.org> task_work: s/task_work_cancel()/task_work_cancel_func()/ Steve French <stfrench(a)microsoft.com> cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve French <stfrench(a)microsoft.com> cifs: fix reconnect with SMB1 UNIX Extensions Steve French <stfrench(a)microsoft.com> cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: use kvfree_sensitive to free data->data Pierre Gondois <pierre.gondois(a)arm.com> sched/fair: Use all little CPUs for CPU-bound workloads Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Check for NULL pointer Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix optrom version displayed in FDMI Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes Jan Kara <jack(a)suse.cz> ext2: Verify bitmap and itable block numbers before using them Chao Yu <chao(a)kernel.org> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: fix use after free in vdec_close Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Eric Sandeen <sandeen(a)redhat.com> fuse: verify {g,u}id mount options correctly Tejun Heo <tj(a)kernel.org> sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: take care of scope when choosing the src addr Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv4: fix source address selection with route leak Pavel Begunkov <asml.silence(a)gmail.com> kernel: rerun task_work while freezing in get_signal() Chengen Du <chengen.du(a)canonical.com> af_packet: Handle outgoing VLAN packets without hardware offloading Breno Leitao <leitao(a)debian.org> net: netconsole: Disable target before netpoll cleanup Yu Liao <liaoyu15(a)huawei.com> tick/broadcast: Make takeover of broadcast hrtimer reliable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: thermal: correct thermal zone node name limit Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Revert to heap allocated boot_params for PE entrypoint Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid returning EFI_SUCCESS on error Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Yu Zhao <yuzhao(a)google.com> mm/mglru: fix div-by-zero in vmpressure_calc_level() Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix possible recursive locking detected warning Jann Horn <jannh(a)google.com> landlock: Don't lose track of restrictions on cred_transfer Yang Yang <yang.yang(a)vivo.com> sbitmap: fix io hung due to race on sbitmap_word::cleared linke li <lilinke99(a)qq.com> sbitmap: use READ_ONCE to access map->word Kemeng Shi <shikemeng(a)huaweicloud.com> sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code Kemeng Shi <shikemeng(a)huaweicloud.com> sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow Carlos López <clopez(a)suse.de> s390/dasd: fix error checks in dasd_copy_pair_store() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed error return Csókás, Bence <csokas.bence(a)prolan.hu> rtc: interface: Add RTC offset to alarm after fix-up Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TPU suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TCLK suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: FIX PWM suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix IRQ suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix CANFD5 suffix Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix field-spanning write in INDEX_HDR Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Replace inode_trylock with inode_lock Peng Fan <peng.fan(a)nxp.com> pinctrl: freescale: mxs: Fix refcount of child Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pinctrl: ti: ti-iodelay: Drop if block with always false condition Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak when pinctrl_enable() fails Dmitry Yashin <dmt.yashin(a)gmail.com> pinctrl: rockchip: update rk3308 iomux routes Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add missing .dirty_folio in address_space_operations Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix getting file type Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix transform resident to nonresident for compressed files Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use ALIGN kernel macro Martin Willi <martin(a)strongswan.org> net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Martin Willi <martin(a)strongswan.org> net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in fibmatch route get reply Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in route get reply Pablo Neira Ayuso <pablo(a)netfilter.org> net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo: fix initial map fill Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: constify lookup fn args where possible Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: ctnetlink: use helper function to calculate expect ID Jack Wang <jinpu.wang(a)ionos.com> bnxt_re: Fix imm_data endianness Jon Pan-Doh <pandoh(a)google.com> iommu/vt-d: Fix identity map bounds in si_domain_init() Yanfei Xu <yanfei.xu(a)intel.com> iommu/vt-d: Fix to convert mm pfn to dma pfn Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix insufficient extend DB for VFs. Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix undifined behavior caused by invalid max_sge Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix missing pagesize and alignment check in FRMR Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatch exception handling when init eq table fails Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Check atomic wr length Nick Bowler <nbowler(a)draconx.ca> macintosh/therm_windtunnel: fix module unload. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/xmon: Fix disassembly CPU feature checks Frank Li <Frank.Li(a)nxp.com> PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom-ep: Disable resources unconditionally during PERST# assert Dominique Martinet <dominique.martinet(a)atmark-techno.com> MIPS: Octeron: remove source file executable bit Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: fix rate divider for slic and spi clocks Stephen Boyd <swboyd(a)chromium.org> clk: qcom: Park shared RCGs upon registration Nivas Varadharajan Mugunthakumar <nivasx.varadharajan.mugunthakumar(a)intel.com> crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Denis Arefev <arefev(a)swemel.ru> net: missing check virtio Michael S. Tsirkin <mst(a)redhat.com> vhost/vsock: always initialize seqpacket_allow Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Clean up error handling in vpci_scan_bus() Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: amd: Adjust error handling in case of absent codec device Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - do not leave interrupt disabled on suspend failure Leon Romanovsky <leon(a)kernel.org> RDMA/device: Return error earlier if port in not valid Arnd Bergmann <arnd(a)arndb.de> mtd: make mtd_test.c a separate module Chen Ni <nichen(a)iscas.ac.cn> ASoC: max98088: Check for clk_prepare_enable() error Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/prom: Add CPU info to hardware description string later Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() Honggang LI <honggangli(a)163.com> RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in alias_GUID.c Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in mad.c Andrei Lalaev <andrei.lalaev(a)anton-paar.com> Input: qt1050 - handle CHIP_ID reading error Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable Leon Romanovsky <leon(a)kernel.org> RDMA/cache: Release GID table even if leak is detected Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec_file: fix cpus node update to FDT Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec: make the update_cpus_node() function public Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Add helper to get PLPKS password length Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: Expose PLPKS config values, support additional fields Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move plpks.h to include directory Andrew Donnellan <ajd(a)linux.ibm.com> powerpc/pseries: Fix alignment of PLPKS structures and buffers Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE James Clark <james.clark(a)arm.com> coresight: Fix ref leak when of_coresight_parse_endpoint() fails Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: frequency: adrf6780: rm clk provider include Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: branch: Add helper functions for setting retain bits Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Don't enable BAR 0 for AM654x Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix resource double counting on remove & rescan Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup gss_status tracepoint error output Andreas Larsson <andreas(a)gaisler.com> sparc64: Fix incorrect function signature and add prototype for prom_cif_init Jan Kara <jack(a)suse.cz> ext4: avoid writing unitialized memory to disk in EA inodes Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: don't track ranges in fast_commit if inode has inlined data Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server NeilBrown <neilb(a)suse.de> SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix rpcrdma_reqs_reset() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mfd: omap-usb-tll: Use struct_size to allocate tll Arnd Bergmann <arnd(a)arndb.de> mfd: rsmu: Split core code into separate module Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix exclude_guest setting Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix aux_watermark calculation for 64-bit size Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: flush all buffers in output plane streamoff Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix infinite loop when replaying fast_commit Luca Ceresoli <luca.ceresoli(a)bootlin.com> Revert "leds: led-core: Fix refcount leak in of_led_get()" Chen Ni <nichen(a)iscas.ac.cn> drm/qxl: Add check for drm_cvt_mode Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix DMA direction handling for cached RW buffers Namhyung Kim <namhyung(a)kernel.org> perf report: Fix condition in sort__sym_cmp() James Clark <james.clark(a)arm.com> perf test: Make test_arm_callgraph_fp.sh more robust James Clark <james.clark(a)arm.com> perf tests: Fix test_arm_callgraph_fp variable expansion Spoorthy S <spoorts2(a)in.ibm.com> perf tests arm_callgraph_fp: Address shellcheck warnings about signal names and adding double quotes for expression Namhyung Kim <namhyung(a)kernel.org> perf test: Replace arm callgraph fp test workload with leafloop Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Hans de Goede <hdegoede(a)redhat.com> leds: trigger: Unregister sysfs attributes before calling deactivate() Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add OVL compatible name for MT8195 Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add missing plane settings when async update Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Store RPF partition configuration per RPF instance Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix _irqsave and _irq mix Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Cleanup subdevice in remove() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Disable runtime_pm in probe error Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 Daniel Schaefer <dhs(a)frame.work> media: uvcvideo: Override default flags Aleksandr Burakov <a.burakov(a)rosalinux.ru> saa7134: Unchecked i2c_transfer function result fixed David Hildenbrand <david(a)redhat.com> s390/uv: Don't call folio_wait_writeback() without a folio reference Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert gmap_make_secure to use a folio Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert make_page_secure to use a folio ChiYuan Huang <cy_huang(a)richtek.com> media: v4l: async: Fix NULL pointer dereference in adding ancillary links Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: i2c: Fix imx412 exposure control Ricardo Ribalda <ribalda(a)chromium.org> media: imon: Fix race getting ictx->lock Zheng Yejian <zhengyejian1(a)huawei.com> media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators Tim Van Patten <timvp(a)google.com> drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix aldebaran pcie speed reporting Douglas Anderson <dianders(a)chromium.org> drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() Javier Martinez Canillas <javierm(a)redhat.com> drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the port mux of VP2 Elliot Ayrey <elliot.ayrey(a)alliedtelesis.co.nz> net: bridge: mst: Check vlan state for egress decision Taehee Yoo <ap420073(a)gmail.com> xdp: fix invalid wait context of page_pool_destroy() Amit Cohen <amcohen(a)nvidia.com> selftests: forwarding: devlink_lib: Wait for udev events after reloading Tengda Wu <wutengda(a)huaweicloud.com> bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Alan Maguire <alan.maguire(a)oracle.com> bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Alan Maguire <alan.maguire(a)oracle.com> bpf: annotate BTF show functions with __printf Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close obj in error path in xdp_adjust_tail Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close fd in error path in drop_on_reuseport John Stultz <jstultz(a)google.com> locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Johannes Berg <johannes.berg(a)intel.com> wifi: virt_wifi: don't use strlen() in const context Gaosheng Cui <cuigaosheng1(a)huawei.com> gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey En-Wei Wu <en-wei.wu(a)canonical.com> wifi: virt_wifi: avoid reporting connection success with wrong SSID Aleksandr Mishin <amishin(a)t-argos.ru> wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix default aux_watermark calculation Adrian Hunter <adrian.hunter(a)intel.com> perf: Prevent passing zero nr_pages to rb_alloc_aux() Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix perf_aux_size() for greater-than 32-bit size Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation Tao Chen <chen.dylane(a)gmail.com> bpftool: Mount bpffs when pinmaps path not under the bpffs Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rise cap on SELinux secmark context Ismael Luceno <iluceno(a)suse.de> ipvs: Avoid unnecessary calls to skb_is_gso_sctp Donglin Peng <dolinux.peng(a)gmail.com> libbpf: Checking the btf_type kind when fixing variable offsets Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Fix FEC_ECR_EN1588 being cleared on link-down Csókás Bence <csokas.bence(a)prolan.hu> net: fec: Refactor: #define magic constants Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers Thomas Gleixner <tglx(a)linutronix.de> jump_label: Fix concurrency issues in static_key_slow_dec() Dmitry Safonov <0x7f454c46(a)gmail.com> jump_label: Prevent key->enabled int overflow Uros Bizjak <ubizjak(a)gmail.com> jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked() Thomas Gleixner <tglx(a)linutronix.de> perf/x86: Serialize set_attr_rdpmc() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix object nesting warning Ido Schimmel <idosch(a)nvidia.com> lib: objagg: Fix general protection fault Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Check length of recv in test_sockmap Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_v[46]_err() Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_write_err() Eric Dumazet <edumazet(a)google.com> tcp: add tcp_done_with_error() helper Eric Dumazet <edumazet(a)google.com> tcp: annotate lockless access to sk->sk_err Eric Dumazet <edumazet(a)google.com> tcp: annotate lockless accesses to sk->sk_err_soft Hagar Hemdan <hagarhem(a)amazon.com> net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix prog numbers in test_sockmap Ivan Babrou <ivan(a)cloudflare.com> bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Do not complete if there are no waiters Christophe Leroy <christophe.leroy(a)csgroup.eu> vmlinux.lds.h: catch .bss..L* sections into BSS") Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: spitz: fix GPIO assignment for backlight Thorsten Blum <thorsten.blum(a)toblux.com> m68k: cmpxchg: Fix return value for default case in __arch_xchg() Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu Chen Ni <nichen(a)iscas.ac.cn> x86/xen: Convert comma to semicolon Eero Tamminen <oak(a)helsinkinet.fi> m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3 systems Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add secondary CA76 CPU cores Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add L3 cache controller Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: gx: correct hdmi clocks Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix board reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: sm1: fix spdif compatibles Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Increase VOP clk rate on RK3328 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: fix parsing of domains lists Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: protect locator_addr with the main mutex Esben Haabendal <esben(a)geanix.com> memory: fsl_ifc: Make FSL_IFC config visible and selectable Primoz Fiser <primoz.fiser(a)norik.com> OPP: ti: Fix ti_opp_supply_probe wrong return values Primoz Fiser <primoz.fiser(a)norik.com> cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> soc: xilinx: rename cpu_number1 to dummy_cpu_number Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996: specify UFS core_clk frequencies Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s Stephen Boyd <swboyd(a)chromium.org> soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers Marc Gonzalez <mgonzalez(a)freebox.fr> arm64: dts: qcom: msm8998: enable adreno_smmu by default Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6350: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: add power-domain to UFS PHY Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix swapped temp{1,8} critical alarms Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix underflow when writing limit attributes Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: atmel-tcb: Fix race condition and convert to guards Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Don't track polarity in driver data Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Unroll atmel_tcb_pwm_set_polarity() into only caller Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Put per-channel data into driver data Yao Zi <ziyao(a)disroot.org> drm/meson: fix canvas release in bind function Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmet-auth: fix nvmet_auth hash error handling Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Always do lazy disabling Wayne Tung <chineweff(a)gmail.com> hwmon: (adt7475) Fix default duty on fan is disabled Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Kees Cook <keescook(a)chromium.org> kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() Randy Dunlap <rdunlap(a)infradead.org> kernfs: fix all kernel-doc warnings and multiple typos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/xen: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/of: Return consistent error type from x86_of_pci_irq_enable() Chao Yu <chao(a)kernel.org> hfsplus: fix to avoid false alarm of circular locking Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Jinyoung Choi <j-young.choi(a)samsung.com> block: cleanup bio_integrity_prep Nitesh Shetty <nj.shetty(a)samsung.com> block: refactor to use helper Christoph Hellwig <hch(a)lst.de> ubd: untagle discard vs write zeroes not support handling Christoph Hellwig <hch(a)lst.de> ubd: refactor the interrupt handler Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_debugfs: fix wrong EC message version Li Nan <linan122(a)huawei.com> md: fix deadlock between mddev_suspend and flush bio Frederic Weisbecker <frederic(a)kernel.org> rcu/tasks: Fix stale task snaphot for Tasks Trace Arnd Bergmann <arnd(a)arndb.de> EDAC, i10nm: make skx_common.o a separate module Chen Ni <nichen(a)iscas.ac.cn> spi: atmel-quadspi: Add missing check for clk_prepare Prajna Rajendra Kumar <prajna.rajendrakumar(a)microchip.com> spi: spi-microchip-core: Fix the number of chip selects supported Esben Haabendal <esben(a)geanix.com> powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC ------------- Diffstat: .../devicetree/bindings/thermal/thermal-zones.yaml | 5 +- Makefile | 4 +- arch/arm/boot/dts/imx6q-kontron-samx6i.dtsi | 23 - arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 14 +- arch/arm/mach-pxa/spitz.c | 30 +- arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 4 +- .../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 +- .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 2 - .../arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 - arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 + arch/arm64/boot/dts/qcom/sm8250.dtsi | 22 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 14 +- arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 14 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 82 ++- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g044c1.dtsi | 7 - arch/arm64/boot/dts/renesas/r9a07g044l1.dtsi | 7 - arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g054l1.dtsi | 7 - arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 - arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 + arch/m68k/amiga/config.c | 9 + arch/m68k/atari/ataints.c | 6 +- arch/m68k/include/asm/cmpxchg.h | 2 +- arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 2 + arch/mips/include/asm/mips-cm.h | 4 + arch/mips/kernel/smp-cps.c | 5 +- arch/mips/loongson64/env.c | 8 + arch/mips/loongson64/reset.c | 38 +- arch/mips/loongson64/smp.c | 23 +- arch/mips/pci/pcie-octeon.c | 0 arch/mips/sgi-ip30/ip30-console.c | 1 + arch/parisc/Kconfig | 1 + arch/powerpc/configs/85xx-hw.config | 2 + arch/powerpc/include/asm/kexec.h | 4 + .../{platforms/pseries => include/asm}/plpks.h | 73 ++- arch/powerpc/kernel/prom.c | 12 +- arch/powerpc/kexec/core_64.c | 112 ++++ arch/powerpc/kexec/file_load_64.c | 87 --- arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/platforms/pseries/plpks.c | 173 ++++- arch/powerpc/xmon/ppc-dis.c | 33 +- arch/s390/kernel/perf_cpum_cf.c | 14 +- arch/s390/kernel/uv.c | 58 +- arch/s390/pci/pci_irq.c | 110 ++-- arch/sparc/include/asm/oplib_64.h | 1 + arch/sparc/prom/init_64.c | 3 - arch/sparc/prom/p1275.c | 2 +- arch/um/drivers/ubd_kern.c | 50 +- arch/um/kernel/time.c | 4 +- arch/um/os-Linux/signal.c | 118 +++- arch/x86/events/core.c | 3 + arch/x86/events/intel/cstate.c | 7 +- arch/x86/events/intel/pt.c | 4 +- arch/x86/events/intel/pt.h | 4 +- arch/x86/events/intel/uncore_snbep.c | 6 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/devicetree.c | 2 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 4 +- arch/x86/pci/intel_mid_pci.c | 4 +- arch/x86/pci/xen.c | 4 +- arch/x86/platform/intel/iosf_mbi.c | 4 +- arch/x86/xen/p2m.c | 4 +- block/bio-integrity.c | 21 +- drivers/android/binder.c | 4 +- drivers/ata/libata-scsi.c | 7 +- drivers/auxdisplay/ht16k33.c | 1 + drivers/base/devres.c | 11 +- drivers/block/rbd.c | 35 +- drivers/bluetooth/btusb.c | 4 + drivers/char/hw_random/amd-rng.c | 4 +- drivers/char/tpm/eventlog/common.c | 2 + drivers/clk/clk-en7523.c | 9 +- drivers/clk/davinci/da8xx-cfgchip.c | 4 +- drivers/clk/qcom/camcc-sc7280.c | 5 + drivers/clk/qcom/clk-branch.h | 26 + drivers/clk/qcom/clk-rcg2.c | 32 + drivers/clk/qcom/gcc-sc7280.c | 3 + drivers/clk/qcom/gpucc-sm8350.c | 5 +- drivers/cpufreq/ti-cpufreq.c | 2 +- drivers/crypto/qat/qat_common/adf_cfg.c | 6 +- drivers/dma/ti/k3-udma.c | 4 +- drivers/edac/Makefile | 10 +- drivers/edac/skx_common.c | 21 +- drivers/edac/skx_common.h | 4 +- drivers/firmware/efi/libstub/x86-stub.c | 25 +- drivers/firmware/turris-mox-rwtm.c | 23 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 - drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 + drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 +- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 + drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 + drivers/gpu/drm/i915/display/intel_dp.c | 2 + .../gpu/drm/i915/gt/intel_execlists_submission.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 + drivers/gpu/drm/mediatek/mtk_drm_plane.c | 2 + drivers/gpu/drm/meson/meson_drv.c | 37 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 3 + drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + drivers/gpu/drm/qxl/qxl_display.c | 3 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/hwmon/adt7475.c | 2 +- drivers/hwmon/max6697.c | 5 +- drivers/hwtracing/coresight/coresight-platform.c | 4 +- drivers/iio/frequency/adrf6780.c | 1 - drivers/infiniband/core/cache.c | 14 +- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/core/iwcm.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 +- drivers/infiniband/hw/hns/hns_roce_device.h | 6 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 40 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 5 + drivers/infiniband/hw/hns/hns_roce_qp.c | 4 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 2 +- drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 + drivers/infiniband/hw/mlx5/odp.c | 6 +- drivers/infiniband/sw/rxe/rxe_req.c | 7 +- drivers/input/keyboard/qt1050.c | 7 +- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/interconnect/qcom/qcm2290.c | 2 +- drivers/iommu/intel/iommu.c | 22 +- drivers/iommu/sprd-iommu.c | 2 +- drivers/irqchip/irq-imx-irqsteer.c | 24 +- drivers/isdn/hardware/mISDN/hfcmulti.c | 7 +- drivers/leds/flash/leds-mt6360.c | 5 +- drivers/leds/led-class.c | 1 - drivers/leds/led-triggers.c | 2 +- drivers/leds/leds-ss4200.c | 7 +- drivers/macintosh/therm_windtunnel.c | 2 +- drivers/md/dm-verity-target.c | 16 +- drivers/md/md.c | 26 +- drivers/media/i2c/imx412.c | 9 +- drivers/media/pci/ivtv/ivtv-udma.c | 8 + drivers/media/pci/ivtv/ivtv-yuv.c | 6 + drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/pci/saa7134/saa7134-dvb.c | 8 +- drivers/media/platform/qcom/venus/vdec.c | 3 +- .../media/platform/renesas/rcar-vin/rcar-csi2.c | 5 +- drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 +- drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 +- drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 +- drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 +- drivers/media/rc/imon.c | 5 +- drivers/media/rc/lirc_dev.c | 4 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 +- drivers/media/usb/uvc/uvc_ctrl.c | 9 +- drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/media/v4l2-core/v4l2-async.c | 3 + drivers/memory/Kconfig | 2 +- drivers/mfd/Makefile | 6 +- drivers/mfd/omap-usb-tll.c | 3 +- drivers/mfd/rsmu_core.c | 2 + drivers/mtd/nand/raw/Kconfig | 3 +- drivers/mtd/tests/Makefile | 34 +- drivers/mtd/tests/mtd_test.c | 9 + drivers/mtd/ubi/eba.c | 3 +- drivers/net/bonding/bond_main.c | 7 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/mv88e6xxx/chip.c | 3 +- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 52 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + .../ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 +- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 - .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/netconsole.c | 2 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 3 +- drivers/net/wireless/ath/ath11k/dp_rx.h | 3 + drivers/net/wireless/ath/ath11k/mac.c | 15 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/realtek/rtw89/debug.c | 2 +- drivers/net/wireless/virt_wifi.c | 20 +- drivers/nvme/host/pci.c | 5 +- drivers/nvme/target/auth.c | 14 +- drivers/opp/ti-opp-supply.c | 6 +- drivers/parport/procfs.c | 24 +- drivers/pci/controller/dwc/pci-keystone.c | 156 +++-- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 - drivers/pci/controller/pci-hyperv.c | 4 +- drivers/pci/controller/pci-loongson.c | 13 + drivers/pci/controller/pcie-rcar-host.c | 6 +- drivers/pci/controller/pcie-rockchip.c | 2 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +- drivers/pci/pci.c | 6 +- drivers/pci/setup-bus.c | 6 +- drivers/phy/cadence/phy-cadence-torrent.c | 3 + drivers/pinctrl/core.c | 12 +- drivers/pinctrl/freescale/pinctrl-mxs.c | 4 +- drivers/pinctrl/pinctrl-rockchip.c | 17 +- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 716 ++++++++++----------- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 +- drivers/platform/chrome/cros_ec_debugfs.c | 1 + drivers/platform/mips/cpu_hwmon.c | 3 + drivers/pwm/pwm-atmel-tcb.c | 66 +- drivers/pwm/pwm-stm32.c | 5 +- drivers/remoteproc/imx_rproc.c | 10 +- drivers/remoteproc/stm32_rproc.c | 2 +- drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-isl1208.c | 11 +- drivers/s390/block/dasd_devmap.c | 10 +- drivers/scsi/qla2xxx/qla_bsg.c | 98 +-- drivers/scsi/qla2xxx/qla_def.h | 3 + drivers/scsi/qla2xxx/qla_gs.c | 35 +- drivers/scsi/qla2xxx/qla_init.c | 87 ++- drivers/scsi/qla2xxx/qla_inline.h | 8 + drivers/scsi/qla2xxx/qla_mid.c | 2 +- drivers/scsi/qla2xxx/qla_nvme.c | 5 +- drivers/scsi/qla2xxx/qla_os.c | 7 +- drivers/scsi/qla2xxx/qla_sup.c | 108 +++- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/soc/qcom/rpmh.c | 1 - drivers/soc/xilinx/xlnx_event_manager.c | 15 +- drivers/soc/xilinx/zynqmp_power.c | 4 +- drivers/spi/atmel-quadspi.c | 11 +- drivers/spi/spi-microchip-core.c | 188 +++--- drivers/spi/spidev.c | 15 +- drivers/vhost/vsock.c | 4 +- drivers/watchdog/rzg2l_wdt.c | 22 +- fs/ceph/super.c | 3 +- fs/ext2/balloc.c | 11 +- fs/ext4/extents_status.c | 2 + fs/ext4/fast_commit.c | 6 + fs/ext4/namei.c | 73 ++- fs/ext4/xattr.c | 6 + fs/f2fs/checkpoint.c | 10 +- fs/f2fs/file.c | 2 + fs/f2fs/inline.c | 6 +- fs/f2fs/inode.c | 3 + fs/f2fs/segment.h | 3 +- fs/fuse/inode.c | 24 +- fs/hfs/inode.c | 3 + fs/hfsplus/bfind.c | 15 +- fs/hfsplus/extents.c | 9 +- fs/hfsplus/hfsplus_fs.h | 21 + fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 5 + fs/jfs/jfs_imap.c | 5 +- fs/kernfs/dir.c | 112 ++-- fs/kernfs/file.c | 18 +- fs/kernfs/inode.c | 8 +- fs/kernfs/kernfs-internal.h | 2 +- fs/kernfs/mount.c | 10 +- fs/kernfs/symlink.c | 2 +- fs/nfs/nfs4client.c | 6 +- fs/nfs/nfs4proc.c | 2 +- fs/nilfs2/btnode.c | 25 +- fs/nilfs2/btree.c | 4 +- fs/nilfs2/segment.c | 2 +- fs/ntfs3/attrib.c | 17 +- fs/ntfs3/bitmap.c | 2 +- fs/ntfs3/dir.c | 3 +- fs/ntfs3/file.c | 5 +- fs/ntfs3/frecord.c | 2 +- fs/ntfs3/fslog.c | 5 +- fs/ntfs3/fsntfs.c | 2 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/inode.c | 3 +- fs/ntfs3/ntfs.h | 13 +- fs/ntfs3/ntfs_fs.h | 2 + fs/proc/task_mmu.c | 2 + fs/smb/client/cifsfs.c | 8 +- fs/smb/client/connect.c | 24 +- fs/super.c | 11 + fs/udf/balloc.c | 15 +- fs/udf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 2 +- include/drm/drm_mipi_dsi.h | 21 +- include/linux/bpf_verifier.h | 2 +- include/linux/hugetlb.h | 1 + include/linux/jbd2.h | 5 - include/linux/jump_label.h | 21 +- include/linux/mlx5/qp.h | 9 +- include/linux/objagg.h | 1 - include/linux/pci.h | 2 + include/linux/perf_event.h | 1 + include/linux/sbitmap.h | 5 + include/linux/task_work.h | 3 +- include/linux/virtio_net.h | 11 + include/net/ip_fib.h | 1 + include/net/tcp.h | 1 + include/trace/events/rpcgss.h | 2 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/zorro_ids.h | 3 + io_uring/io-wq.c | 10 +- io_uring/io_uring.c | 5 +- io_uring/timeout.c | 2 +- kernel/bpf/btf.c | 10 +- kernel/bpf/dispatcher.c | 5 + kernel/cgroup/cgroup-v1.c | 2 +- kernel/cgroup/cgroup.c | 4 +- kernel/cgroup/cpuset.c | 15 +- kernel/debug/kdb/kdb_io.c | 6 +- kernel/dma/mapping.c | 2 +- kernel/events/core.c | 77 ++- kernel/events/internal.h | 2 +- kernel/events/ring_buffer.c | 4 +- kernel/irq/manage.c | 2 +- kernel/jump_label.c | 101 ++- kernel/locking/rwsem.c | 6 +- kernel/rcu/tasks.h | 10 + kernel/sched/core.c | 37 +- kernel/sched/fair.c | 9 +- kernel/sched/sched.h | 2 +- kernel/signal.c | 8 + kernel/task_work.c | 34 +- kernel/time/tick-broadcast.c | 23 + kernel/trace/pid_list.c | 4 +- kernel/watchdog_hld.c | 11 +- lib/decompress_bunzip2.c | 3 +- lib/kobject_uevent.c | 17 +- lib/objagg.c | 18 +- lib/sbitmap.c | 83 ++- mm/hugetlb.c | 2 +- mm/mempolicy.c | 18 +- mm/mmap_lock.c | 175 +---- mm/vmscan.c | 1 - net/bridge/br_forward.c | 4 +- net/core/filter.c | 15 +- net/core/flow_dissector.c | 2 +- net/core/xdp.c | 4 +- net/ipv4/esp4.c | 3 +- net/ipv4/fib_semantics.c | 13 +- net/ipv4/fib_trie.c | 1 + net/ipv4/nexthop.c | 7 +- net/ipv4/route.c | 18 +- net/ipv4/tcp.c | 13 +- net/ipv4/tcp_input.c | 34 +- net/ipv4/tcp_ipv4.c | 19 +- net/ipv4/tcp_output.c | 2 +- net/ipv4/tcp_timer.c | 10 +- net/ipv6/addrconf.c | 3 +- net/ipv6/esp6.c | 3 +- net/ipv6/tcp_ipv6.c | 19 +- net/mac80211/cfg.c | 23 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/rate.c | 2 +- net/mac80211/sta_info.h | 6 +- net/mac80211/vht.c | 37 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 3 +- net/netfilter/nft_set_pipapo.c | 22 +- net/netfilter/nft_set_pipapo.h | 27 +- net/netfilter/nft_set_pipapo_avx2.c | 81 ++- net/packet/af_packet.c | 86 ++- net/smc/smc_core.c | 5 +- net/sunrpc/auth_gss/gss_krb5_keys.c | 2 +- net/sunrpc/clnt.c | 3 +- net/sunrpc/xprtrdma/frwr_ops.c | 3 +- net/sunrpc/xprtrdma/verbs.c | 16 +- net/tipc/udp_media.c | 5 +- net/unix/af_unix.c | 41 +- net/unix/unix_bpf.c | 3 + net/wireless/util.c | 8 +- scripts/Makefile.lib | 6 +- scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- security/apparmor/lsm.c | 7 + security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 1 + security/keys/keyctl.c | 2 +- security/landlock/cred.c | 11 +- sound/soc/amd/acp-es8336.c | 4 +- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/max98088.c | 10 +- sound/soc/intel/common/soc-intel-quirks.h | 2 +- sound/soc/qcom/lpass-cpu.c | 4 + sound/soc/sof/imx/imx8m.c | 2 +- sound/usb/mixer.c | 7 + sound/usb/quirks.c | 4 + tools/bpf/bpftool/common.c | 2 +- tools/bpf/bpftool/prog.c | 4 + tools/bpf/resolve_btfids/main.c | 2 +- tools/lib/bpf/btf_dump.c | 8 +- tools/lib/bpf/linker.c | 11 +- tools/memory-model/lock.cat | 20 +- tools/perf/arch/x86/util/intel-pt.c | 15 +- tools/perf/tests/shell/test_arm_callgraph_fp.sh | 64 +- tools/perf/tests/workloads/leafloop.c | 20 +- tools/perf/util/sort.c | 2 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 +- .../selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 +- .../bpf/progs/btf_dump_test_case_multidim.c | 4 +- .../bpf/progs/btf_dump_test_case_syntax.c | 4 +- tools/testing/selftests/bpf/test_sockmap.c | 9 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 +- tools/testing/selftests/landlock/base_test.c | 74 +++ tools/testing/selftests/landlock/config | 5 +- tools/testing/selftests/net/fib_tests.sh | 24 +- .../selftests/net/forwarding/devlink_lib.sh | 2 + .../selftests/sigaltstack/current_stack_pointer.h | 2 +- 434 files changed, 4164 insertions(+), 2483 deletions(-)

10 months, 4 weeks

2
2
0 0

[PATCH v4 0/2] ALSA: firewire-lib: restore process context workqueue to prevent deadlock

by Edmund Raile

This patchset serves to prevent an AB/BA deadlock: thread 0: * (lock A) acquire substream lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) wait for tasklet to finish by calling tasklet_unlock_spin_wait() in tasklet_disable_in_atomic() in ohci_flush_iso_completions() of ohci.c thread 1: * (lock B) enter tasklet * (lock A) attempt to acquire substream lock, waiting for it to be released: snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() in update_pcm_pointers() in process_ctx_payloads() in process_rx_packets() of amdtp-stream.c ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci The issue has been reported as a regression of kernel 5.14: Link: https://lore.kernel.org/regressions/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg7… ("[REGRESSION] ALSA: firewire-lib: snd_pcm_period_elapsed deadlock with Fireface 800") Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. Commit b5b519965c4c ("ALSA: firewire-lib: obsolete workqueue for period update") belongs to the same patch series and removed the now-unused workqueue entirely. Though being observed on RME Fireface 800, this issue would affect all Firewire audio interfaces using ohci amdtp + pcm streaming. ALSA streaming, especially under intensive CPU load will reveal this issue the soonest due to issuing more hardIRQs, with time to occurrence ranging from 2 secons to 30 minutes after starting playback. to reproduce the issue: direct ALSA playback to the device: mpv --audio-device=alsa/sysdefault:CARD=Fireface800 Spor-Ignition.flac Time to occurrence: 2s to 30m Likelihood increased by: - high CPU load stress --cpu $(nproc) - switching between applications via workspaces tested with i915 in Xfce PulsaAudio / PipeWire conceal the issue as they run PCM substream without period wakeup mode, issuing less hardIRQs. Cc: stable(a)vger.kernel.org Backport note: Also applies to and fixes on (tested): 6.10.2, 6.9.12, 6.6.43, 6.1.102, 5.15.164 Edmund Raile (2): Revert "ALSA: firewire-lib: obsolete workqueue for period update" Revert "ALSA: firewire-lib: operate for period elapse event in process context" sound/firewire/amdtp-stream.c | 38 ++++++++++++++++++++++------------- sound/firewire/amdtp-stream.h | 1 + 2 files changed, 25 insertions(+), 14 deletions(-) -- 2.45.2

10 months, 4 weeks

3
4
0 0

mmap 0-th page

by michal.hrachovec＠volny.cz

Good afternoon, I am trying to allocate the 0-th page with mmap function in my code. I am always getting this error with this error-code: mmap error ffffffff Then I was searching the internet for this topic and I have found the same topic at stackoverflow web pages. Here I am sending the link: https://stackoverflow.com/questions/63790813/allocating-address-zero-on-lin… I was setting value of |/proc/sys/vm/mmap_min_add to zero and using the root privileges along the link. And I am having the same problem still. Can you help, please. Thank you for the reply. Michal Hrachovec |

10 months, 4 weeks

3
3
0 0

[PATCH v3 0/2] media: imx335: Fix reset-gpio handling

by Umang Jain

These couple of patches intends to fix the reset-gpio handling for imx335 driver. Patch 1/2 mentions reset-gpio polarity in DT binding example. Patch 2/2 fixes the logical value of reset-gpio during power-on/power-off sequence. -- Changes in v3: - Rework 1/2 commit message - Fix gpio include in DT example in 1/2 - Remove not-so-informative XCLR comment in 2/2 Changes in v2: - Also include reset-gpio polarity, mention in DT binding - Add Fixes tag in 2/2 - Set the reset line to high during init time in 2/2 Link to v2: https://lore.kernel.org/linux-media/20240729110437.199428-1-umang.jain@idea… Link to v1: https://lore.kernel.org/linux-media/tyo5etjwsfznuk6vzwqmcphbu4pz4lskrg3fjie… Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- Umang Jain (2): dt-bindings: media: imx335: Add reset-gpios to the DT example media: imx335: Fix reset-gpio handling Documentation/devicetree/bindings/media/i2c/sony,imx335.yaml | 4 ++++ drivers/media/i2c/imx335.c | 9 ++++----- 2 files changed, 8 insertions(+), 5 deletions(-) --- base-commit: f3d2b941adafcdfba9ef63d9ca5bb2d9b263e2af change-id: 20240731-imx335-gpio-818d736f9295 Best regards, -- Umang Jain <umang.jain(a)ideasonboard.com>

10 months, 4 weeks

2
2
0 0

[PATCH 5.4/5.10] nvme/pci: Add APST quirk for Lenovo N60z laptop

by WangYuli

commit ab091ec536cb7b271983c0c063b17f62f3591583 upstream There is a hardware power-saving problem with the Lenovo N60z board. When turn it on and leave it for 10 hours, there is a 20% chance that a nvme disk will not wake up until reboot. Link: https://lore.kernel.org/all/2B5581C46AC6E335+9c7a81f1-05fb-4fd0-9fbb-108757… Signed-off-by: hmy <huanglin(a)uniontech.com> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Keith Busch <kbusch(a)kernel.org> --- drivers/nvme/host/pci.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 486e44d20b43..e4776cff4208 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -2821,6 +2821,13 @@ static unsigned long check_vendor_combination_bug(struct pci_dev *pdev) return NVME_QUIRK_SIMPLE_SUSPEND; } + /* + * NVMe SSD drops off the PCIe bus after system idle + * for 10 hours on a Lenovo N60z board. + */ + if (dmi_match(DMI_BOARD_NAME, "LXKT-ZXEG-N6")) + return NVME_QUIRK_NO_APST; + return 0; } -- 2.43.4

10 months, 4 weeks

1
0
0 0

[PATCH 4.19] nvme/pci: Add APST quirk for Lenovo N60z laptop

by WangYuli

commit ab091ec536cb7b271983c0c063b17f62f3591583 upstream There is a hardware power-saving problem with the Lenovo N60z board. When turn it on and leave it for 10 hours, there is a 20% chance that a nvme disk will not wake up until reboot. Link: https://lore.kernel.org/all/2B5581C46AC6E335+9c7a81f1-05fb-4fd0-9fbb-108757… Signed-off-by: hmy <huanglin(a)uniontech.com> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Keith Busch <kbusch(a)kernel.org> --- drivers/nvme/host/pci.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 163497ef48fd..a243c066d923 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -2481,6 +2481,13 @@ static unsigned long check_vendor_combination_bug(struct pci_dev *pdev) return NVME_QUIRK_NO_APST; } + /* + * NVMe SSD drops off the PCIe bus after system idle + * for 10 hours on a Lenovo N60z board. + */ + if (dmi_match(DMI_BOARD_NAME, "LXKT-ZXEG-N6")) + return NVME_QUIRK_NO_APST; + return 0; } -- 2.43.4

10 months, 4 weeks

1
0
0 0

[PATCH 2/3] arm64: dts: mediatek: mt8395-nio-12l: Mark USB 3.0 on xhci1 as disabled

by Chen-Yu Tsai

USB 3.0 on xhci1 is not used, as the controller shares the same PHY as pcie1. The latter is enabled to support the M.2 PCIe WLAN card on this design. Mark USB 3.0 as disabled on this controller using the "mediatek,u3p-dis-msk" property. Fixes: 96564b1e2ea4 ("arm64: dts: mediatek: Introduce the MT8395 Radxa NIO 12L board") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> --- arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts b/arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts index 4b5f6cf16f70..096fa999aa59 100644 --- a/arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts +++ b/arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts @@ -898,6 +898,7 @@ &xhci1 { usb2-lpm-disable; vusb33-supply = <&mt6359_vusb_ldo_reg>; vbus-supply = <&vsys>; + mediatek,u3p-dis-msk = <1>; status = "okay"; }; -- 2.46.0.rc1.232.g9752f9e123-goog

10 months, 4 weeks

1
0
0 0

[PATCH 1/3] arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled

by Chen-Yu Tsai

USB 3.0 on xhci1 is not used, as the controller shares the same PHY as pcie1. The latter is enabled to support the M.2 PCIe WLAN card on this design. Mark USB 3.0 as disabled on this controller using the "mediatek,u3p-dis-msk" property. Reported-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> #KernelCI Closes: https://lore.kernel.org/all/9fce9838-ef87-4d1b-b3df-63e1ddb0ec51@notapiano/ Fixes: b6267a396e1c ("arm64: dts: mediatek: cherry: Enable T-PHYs and USB XHCI controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> --- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi b/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi index fe5400e17b0f..d3a52acbe48a 100644 --- a/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi @@ -1404,6 +1404,7 @@ &xhci1 { rx-fifo-depth = <3072>; vusb33-supply = <&mt6359_vusb_ldo_reg>; vbus-supply = <&usb_vbus>; + mediatek,u3p-dis-msk = <1>; }; &xhci2 { -- 2.46.0.rc1.232.g9752f9e123-goog

10 months, 4 weeks

1
0
0 0

+ kcov-properly-check-for-softirq-context.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kcov: properly check for softirq context has been added to the -mm mm-hotfixes-unstable branch. Its filename is kcov-properly-check-for-softirq-context.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Andrey Konovalov <andreyknvl(a)gmail.com> Subject: kcov: properly check for softirq context Date: Mon, 29 Jul 2024 04:21:58 +0200 When collecting coverage from softirqs, KCOV uses in_serving_softirq() to check whether the code is running in the softirq context. Unfortunately, in_serving_softirq() is > 0 even when the code is running in the hardirq or NMI context for hardirqs and NMIs that happened during a softirq. As a result, if a softirq handler contains a remote coverage collection section and a hardirq with another remote coverage collection section happens during handling the softirq, KCOV incorrectly detects a nested softirq coverate collection section and prints a WARNING, as reported by syzbot. This issue was exposed by commit a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler"), which switched dummy_hcd to using hrtimer and made the timer's callback be executed in the hardirq context. Change the related checks in KCOV to account for this behavior of in_serving_softirq() and make KCOV ignore remote coverage collection sections in the hardirq and NMI contexts. This prevents the WARNING printed by syzbot but does not fix the inability of KCOV to collect coverage from the __usb_hcd_giveback_urb when dummy_hcd is in use (caused by a7f3813e589f); a separate patch is required for that. Link: https://lkml.kernel.org/r/20240729022158.92059-1-andrey.konovalov@linux.dev Fixes: 5ff3b30ab57d ("kcov: collect coverage from interrupts") Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> Reported-by: syzbot+2388cdaeb6b10f0c13ac(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2388cdaeb6b10f0c13ac Acked-by: Marco Elver <elver(a)google.com> Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Aleksandr Nogikh <nogikh(a)google.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Marcello Sylvester Bauer <sylv(a)sylv.io> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kcov.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) --- a/kernel/kcov.c~kcov-properly-check-for-softirq-context +++ a/kernel/kcov.c @@ -161,6 +161,15 @@ static void kcov_remote_area_put(struct kmsan_unpoison_memory(&area->list, sizeof(area->list)); } +/* + * Unlike in_serving_softirq(), this function returns false when called during + * a hardirq or an NMI that happened in the softirq context. + */ +static inline bool in_softirq_really(void) +{ + return in_serving_softirq() && !in_hardirq() && !in_nmi(); +} + static notrace bool check_kcov_mode(enum kcov_mode needed_mode, struct task_struct *t) { unsigned int mode; @@ -170,7 +179,7 @@ static notrace bool check_kcov_mode(enum * so we ignore code executed in interrupts, unless we are in a remote * coverage collection section in a softirq. */ - if (!in_task() && !(in_serving_softirq() && t->kcov_softirq)) + if (!in_task() && !(in_softirq_really() && t->kcov_softirq)) return false; mode = READ_ONCE(t->kcov_mode); /* @@ -849,7 +858,7 @@ void kcov_remote_start(u64 handle) if (WARN_ON(!kcov_check_handle(handle, true, true, true))) return; - if (!in_task() && !in_serving_softirq()) + if (!in_task() && !in_softirq_really()) return; local_lock_irqsave(&kcov_percpu_data.lock, flags); @@ -991,7 +1000,7 @@ void kcov_remote_stop(void) int sequence; unsigned long flags; - if (!in_task() && !in_serving_softirq()) + if (!in_task() && !in_softirq_really()) return; local_lock_irqsave(&kcov_percpu_data.lock, flags); _ Patches currently in -mm which might be from andreyknvl(a)gmail.com are kcov-properly-check-for-softirq-context.patch kcov-dont-instrument-lib-find_bitc.patch

10 months, 4 weeks

1
0
0 0

[PATCH v2] mm/hugetlb: fix hugetlb vs. core-mm PT locking

by David Hildenbrand

We recently made GUP's common page table walking code to also walk hugetlb VMAs without most hugetlb special-casing, preparing for the future of having less hugetlb-specific page table walking code in the codebase. Turns out that we missed one page table locking detail: page table locking for hugetlb folios that are not mapped using a single PMD/PUD. Assume we have hugetlb folio that spans multiple PTEs (e.g., 64 KiB hugetlb folios on arm64 with 4 KiB base page size). GUP, as it walks the page tables, will perform a pte_offset_map_lock() to grab the PTE table lock. However, hugetlb that concurrently modifies these page tables would actually grab the mm->page_table_lock: with USE_SPLIT_PTE_PTLOCKS, the locks would differ. Something similar can happen right now with hugetlb folios that span multiple PMDs when USE_SPLIT_PMD_PTLOCKS. This issue can be reproduced [1], for example triggering: [ 3105.936100] ------------[ cut here ]------------ [ 3105.939323] WARNING: CPU: 31 PID: 2732 at mm/gup.c:142 try_grab_folio+0x11c/0x188 [ 3105.944634] Modules linked in: [...] [ 3105.974841] CPU: 31 PID: 2732 Comm: reproducer Not tainted 6.10.0-64.eln141.aarch64 #1 [ 3105.980406] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-4.fc40 05/24/2024 [ 3105.986185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3105.991108] pc : try_grab_folio+0x11c/0x188 [ 3105.994013] lr : follow_page_pte+0xd8/0x430 [ 3105.996986] sp : ffff80008eafb8f0 [ 3105.999346] x29: ffff80008eafb900 x28: ffffffe8d481f380 x27: 00f80001207cff43 [ 3106.004414] x26: 0000000000000001 x25: 0000000000000000 x24: ffff80008eafba48 [ 3106.009520] x23: 0000ffff9372f000 x22: ffff7a54459e2000 x21: ffff7a546c1aa978 [ 3106.014529] x20: ffffffe8d481f3c0 x19: 0000000000610041 x18: 0000000000000001 [ 3106.019506] x17: 0000000000000001 x16: ffffffffffffffff x15: 0000000000000000 [ 3106.024494] x14: ffffb85477fdfe08 x13: 0000ffff9372ffff x12: 0000000000000000 [ 3106.029469] x11: 1fffef4a88a96be1 x10: ffff7a54454b5f0c x9 : ffffb854771b12f0 [ 3106.034324] x8 : 0008000000000000 x7 : ffff7a546c1aa980 x6 : 0008000000000080 [ 3106.038902] x5 : 00000000001207cf x4 : 0000ffff9372f000 x3 : ffffffe8d481f000 [ 3106.043420] x2 : 0000000000610041 x1 : 0000000000000001 x0 : 0000000000000000 [ 3106.047957] Call trace: [ 3106.049522] try_grab_folio+0x11c/0x188 [ 3106.051996] follow_pmd_mask.constprop.0.isra.0+0x150/0x2e0 [ 3106.055527] follow_page_mask+0x1a0/0x2b8 [ 3106.058118] __get_user_pages+0xf0/0x348 [ 3106.060647] faultin_page_range+0xb0/0x360 [ 3106.063651] do_madvise+0x340/0x598 Let's make huge_pte_lockptr() effectively uses the same PT locks as any core-mm page table walker would. Add ptep_lockptr() to obtain the PTE page table lock using a pte pointer -- unfortunately we cannot convert pte_lockptr() because virt_to_page() doesn't work with kmap'ed page tables we can have with CONFIG_HIGHPTE. There is one ugly case: powerpc 8xx, whereby we have an 8 MiB hugetlb folio being mapped using two PTE page tables. While hugetlb wants to take the PMD table lock, core-mm would grab the PTE table lock of one of both PTE page tables. In such corner cases, we have to make sure that both locks match, which is (fortunately!) currently guaranteed for 8xx as it does not support SMP and consequently doesn't use split PT locks. [1] https://lore.kernel.org/all/1bbfcc7f-f222-45a5-ac44-c5a1381c596d@redhat.com/ Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Cc: <stable(a)vger.kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- Still busy runtime-testing of this version -- have to set up my ARM environment again. Dropped the RB's/ACKs because there was significant change in the pte_lockptr() handling. v1 -> 2: * Extend patch description * Drop "mm: let pte_lockptr() consume a pte_t pointer" * Introduce ptep_lockptr() in this patch I wish there was a nicer way to avoid messing with CONFIG_HIGHPTE ... --- include/linux/hugetlb.h | 26 +++++++++++++++++++++++--- include/linux/mm.h | 10 ++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index c9bf68c239a01..dd6d4ee5ee59c 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -944,10 +944,30 @@ static inline bool htlb_allow_alloc_fallback(int reason) static inline spinlock_t *huge_pte_lockptr(struct hstate *h, struct mm_struct *mm, pte_t *pte) { - if (huge_page_size(h) == PMD_SIZE) + VM_WARN_ON(huge_page_size(h) == PAGE_SIZE); + VM_WARN_ON(huge_page_size(h) >= P4D_SIZE); + + /* + * hugetlb must use the exact same PT locks as core-mm page table + * walkers would. When modifying a PTE table, hugetlb must take the + * PTE PT lock, when modifying a PMD table, hugetlb must take the PMD + * PT lock etc. + * + * The expectation is that any hugetlb folio smaller than a PMD is + * always mapped into a single PTE table and that any hugetlb folio + * smaller than a PUD (but at least as big as a PMD) is always mapped + * into a single PMD table. + * + * If that does not hold for an architecture, then that architecture + * must disable split PT locks such that all *_lockptr() functions + * will give us the same result: the per-MM PT lock. + */ + if (huge_page_size(h) < PMD_SIZE && !IS_ENABLED(CONFIG_HIGHPTE)) + /* pte_alloc_huge() only applies with !CONFIG_HIGHPTE */ + return ptep_lockptr(mm, pte); + else if (huge_page_size(h) < PUD_SIZE) return pmd_lockptr(mm, (pmd_t *) pte); - VM_BUG_ON(huge_page_size(h) == PAGE_SIZE); - return &mm->page_table_lock; + return pud_lockptr(mm, (pud_t *) pte); } #ifndef hugepages_supported diff --git a/include/linux/mm.h b/include/linux/mm.h index b100df8cb5857..1b1f40ff00b7d 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2926,6 +2926,12 @@ static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) return ptlock_ptr(page_ptdesc(pmd_page(*pmd))); } +static inline spinlock_t *ptep_lockptr(struct mm_struct *mm, pte_t *pte) +{ + BUILD_BUG_ON(IS_ENABLED(CONFIG_HIGHPTE)); + return ptlock_ptr(virt_to_ptdesc(pte)); +} + static inline bool ptlock_init(struct ptdesc *ptdesc) { /* @@ -2950,6 +2956,10 @@ static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) { return &mm->page_table_lock; } +static inline spinlock_t *ptep_lockptr(struct mm_struct *mm, pte_t *pte) +{ + return &mm->page_table_lock; +} static inline void ptlock_cache_init(void) {} static inline bool ptlock_init(struct ptdesc *ptdesc) { return true; } static inline void ptlock_free(struct ptdesc *ptdesc) {} -- 2.45.2

10 months, 4 weeks

3
6
0 0

[PATCH net V1] net: phy: micrel: Fix the KSZ9131 MDI-X status issue

by Raju Lakkaraju

The MDIX status is not accurately reflecting the current state after the link partner has manually altered its MDIX configuration while operating in forced mode. Access information about Auto mdix completion and pair selection from the KSZ9131's Auto/MDI/MDI-X status register Fixes: b64e6a8794d9 ("net: phy: micrel: Add PHY Auto/MDI/MDI-X set driver for KSZ9131") Signed-off-by: Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> --- drivers/net/phy/micrel.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c index dd519805deee..65b0a3115e14 100644 --- a/drivers/net/phy/micrel.c +++ b/drivers/net/phy/micrel.c @@ -1389,6 +1389,8 @@ static int ksz9131_config_init(struct phy_device *phydev) const struct device *dev_walker; int ret; + phydev->mdix_ctrl = ETH_TP_MDI_AUTO; + dev_walker = &phydev->mdio.dev; do { of_node = dev_walker->of_node; @@ -1438,28 +1440,30 @@ static int ksz9131_config_init(struct phy_device *phydev) #define MII_KSZ9131_AUTO_MDIX 0x1C #define MII_KSZ9131_AUTO_MDI_SET BIT(7) #define MII_KSZ9131_AUTO_MDIX_SWAP_OFF BIT(6) +#define MII_KSZ9131_DIG_AXAN_STS 0x14 +#define MII_KSZ9131_DIG_AXAN_STS_LINK_DET BIT(14) +#define MII_KSZ9131_DIG_AXAN_STS_A_SELECT BIT(12) static int ksz9131_mdix_update(struct phy_device *phydev) { int ret; - ret = phy_read(phydev, MII_KSZ9131_AUTO_MDIX); - if (ret < 0) - return ret; - - if (ret & MII_KSZ9131_AUTO_MDIX_SWAP_OFF) { - if (ret & MII_KSZ9131_AUTO_MDI_SET) - phydev->mdix_ctrl = ETH_TP_MDI; - else - phydev->mdix_ctrl = ETH_TP_MDI_X; + if (phydev->mdix_ctrl != ETH_TP_MDI_AUTO) { + phydev->mdix = phydev->mdix_ctrl; } else { - phydev->mdix_ctrl = ETH_TP_MDI_AUTO; - } + ret = phy_read(phydev, MII_KSZ9131_DIG_AXAN_STS); + if (ret < 0) + return ret; - if (ret & MII_KSZ9131_AUTO_MDI_SET) - phydev->mdix = ETH_TP_MDI; - else - phydev->mdix = ETH_TP_MDI_X; + if (ret & MII_KSZ9131_DIG_AXAN_STS_LINK_DET) { + if (ret & MII_KSZ9131_DIG_AXAN_STS_A_SELECT) + phydev->mdix = ETH_TP_MDI; + else + phydev->mdix = ETH_TP_MDI_X; + } else { + phydev->mdix = ETH_TP_MDI_INVALID; + } + } return 0; } -- 2.34.1

10 months, 4 weeks

5
4
0 0

[to-be-updated] mm-let-pte_lockptr-consume-a-pte_t-pointer.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: let pte_lockptr() consume a pte_t pointer has been removed from the -mm tree. Its filename was mm-let-pte_lockptr-consume-a-pte_t-pointer.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm: let pte_lockptr() consume a pte_t pointer Date: Thu, 25 Jul 2024 20:39:54 +0200 Patch series "mm/hugetlb: fix hugetlb vs. core-mm PT locking". Working on another generic page table walker that tries to avoid special-casing hugetlb, I found a page table locking issue with hugetlb folios that are not mapped using a single PMD/PUD. For some hugetlb folio sizes, GUP will take different page table locks when walking the page tables than hugetlb when modifying the page tables. I did not actually try reproducing an issue, but looking at follow_pmd_mask() where we might be rereading a PMD value multiple times it's rather clear that concurrent modifications are rather unpleasant. In follow_page_pte() we might be better in that regard -- ptep_get() does a READ_ONCE() -- but who knows what else could happen concurrently in some weird corner cases (e.g., hugetlb folio getting unmapped and freed). This patch (of 2): pte_lockptr() is the only *_lockptr() function that doesn't consume what would be expected: it consumes a pmd_t pointer instead of a pte_t pointer. Let's change that. The two callers in pgtable-generic.c are easily adjusted. Adjust khugepaged.c:retract_page_tables() to simply do a pte_offset_map_nolock() to obtain the lock, even though we won't actually be traversing the page table. This makes the code more similar to the other variants and avoids other hacks to make the new pte_lockptr() version happy. pte_lockptr() users reside now only in pgtable-generic.c. Maybe, using pte_offset_map_nolock() is the right thing to do because the PTE table could have been removed in the meantime? At least it sounds more future proof if we ever have other means of page table reclaim. It's not quite clear if holding the PTE table lock is really required: what if someone else obtains the lock just after we unlock it? But we'll leave that as is for now, maybe there are good reasons. This is a preparation for adapting hugetlb page table locking logic to take the same locks as core-mm page table walkers would. Link: https://lkml.kernel.org/r/20240725183955.2268884-1-david@redhat.com Link: https://lkml.kernel.org/r/20240725183955.2268884-2-david@redhat.com Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 7 ++++--- mm/khugepaged.c | 21 +++++++++++++++------ mm/pgtable-generic.c | 4 ++-- 3 files changed, 21 insertions(+), 11 deletions(-) --- a/include/linux/mm.h~mm-let-pte_lockptr-consume-a-pte_t-pointer +++ a/include/linux/mm.h @@ -2915,9 +2915,10 @@ static inline spinlock_t *ptlock_ptr(str } #endif /* ALLOC_SPLIT_PTLOCKS */ -static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) +static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pte_t *pte) { - return ptlock_ptr(page_ptdesc(pmd_page(*pmd))); + /* PTE page tables don't currently exceed a single page. */ + return ptlock_ptr(virt_to_ptdesc(pte)); } static inline bool ptlock_init(struct ptdesc *ptdesc) @@ -2940,7 +2941,7 @@ static inline bool ptlock_init(struct pt /* * We use mm->page_table_lock to guard all pagetable pages of the mm. */ -static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) +static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pte_t *pte) { return &mm->page_table_lock; } --- a/mm/khugepaged.c~mm-let-pte_lockptr-consume-a-pte_t-pointer +++ a/mm/khugepaged.c @@ -1697,12 +1697,13 @@ static void retract_page_tables(struct a i_mmap_lock_read(mapping); vma_interval_tree_foreach(vma, &mapping->i_mmap, pgoff, pgoff) { struct mmu_notifier_range range; + bool retracted = false; struct mm_struct *mm; unsigned long addr; pmd_t *pmd, pgt_pmd; spinlock_t *pml; spinlock_t *ptl; - bool skipped_uffd = false; + pte_t *pte; /* * Check vma->anon_vma to exclude MAP_PRIVATE mappings that @@ -1739,9 +1740,17 @@ static void retract_page_tables(struct a mmu_notifier_invalidate_range_start(&range); pml = pmd_lock(mm, pmd); - ptl = pte_lockptr(mm, pmd); + + /* + * No need to check the PTE table content, but we'll grab the + * PTE table lock while we zap it. + */ + pte = pte_offset_map_nolock(mm, pmd, addr, &ptl); + if (!pte) + goto unlock_pmd; if (ptl != pml) spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); + pte_unmap(pte); /* * Huge page lock is still held, so normally the page table @@ -1752,20 +1761,20 @@ static void retract_page_tables(struct a * repeating the anon_vma check protects from one category, * and repeating the userfaultfd_wp() check from another. */ - if (unlikely(vma->anon_vma || userfaultfd_wp(vma))) { - skipped_uffd = true; - } else { + if (likely(!vma->anon_vma && !userfaultfd_wp(vma))) { pgt_pmd = pmdp_collapse_flush(vma, addr, pmd); pmdp_get_lockless_sync(); + retracted = true; } if (ptl != pml) spin_unlock(ptl); +unlock_pmd: spin_unlock(pml); mmu_notifier_invalidate_range_end(&range); - if (!skipped_uffd) { + if (retracted) { mm_dec_nr_ptes(mm); page_table_check_pte_clear_range(mm, addr, pgt_pmd); pte_free_defer(mm, pmd_pgtable(pgt_pmd)); --- a/mm/pgtable-generic.c~mm-let-pte_lockptr-consume-a-pte_t-pointer +++ a/mm/pgtable-generic.c @@ -313,7 +313,7 @@ pte_t *pte_offset_map_nolock(struct mm_s pte = __pte_offset_map(pmd, addr, &pmdval); if (likely(pte)) - *ptlp = pte_lockptr(mm, &pmdval); + *ptlp = pte_lockptr(mm, pte); return pte; } @@ -371,7 +371,7 @@ again: pte = __pte_offset_map(pmd, addr, &pmdval); if (unlikely(!pte)) return pte; - ptl = pte_lockptr(mm, &pmdval); + ptl = pte_lockptr(mm, pte); spin_lock(ptl); if (likely(pmd_same(pmdval, pmdp_get_lockless(pmd)))) { *ptlp = ptl; _ Patches currently in -mm which might be from david(a)redhat.com are mm-let-pte_lockptr-consume-a-pte_t-pointer-fix.patch mm-hugetlb-fix-hugetlb-vs-core-mm-pt-locking.patch mm-turn-use_split_pte_ptlocks-use_split_pte_ptlocks-into-kconfig-options.patch mm-hugetlb-enforce-that-pmd-pt-sharing-has-split-pmd-pt-locks.patch powerpc-8xx-document-and-enforce-that-split-pt-locks-are-not-used.patch mm-simplify-arch_make_folio_accessible.patch mm-gup-convert-to-arch_make_folio_accessible.patch s390-uv-drop-arch_make_page_accessible.patch

10 months, 4 weeks

1
0
0 0

[PATCH v4 2/2] Revert "ALSA: firewire-lib: operate for period elapse event in process context"

by Edmund Raile

Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with eventual system freeze under ALSA operation: thread 0: * (lock A) acquire substream lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) wait for tasklet to finish by calling tasklet_unlock_spin_wait() in tasklet_disable_in_atomic() in ohci_flush_iso_completions() of ohci.c thread 1: * (lock B) enter tasklet * (lock A) attempt to acquire substream lock, waiting for it to be released: snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() in update_pcm_pointers() in process_ctx_payloads() in process_rx_packets() of amdtp-stream.c ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restore the process context work queue to prevent deadlock AB/BA deadlock competition for ALSA substream lock of snd_pcm_stream_lock_irq() in snd_pcm_status64() and snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed(). revert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") Replace inline description to prevent future deadlock. Cc: stable(a)vger.kernel.org Fixes: 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") Reported-by: edmund.raile <edmund.raile(a)proton.me> Closes: https://lore.kernel.org/r/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg76hzeo4simn… Signed-off-by: Edmund Raile <edmund.raile(a)protonmail.com> --- sound/firewire/amdtp-stream.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index 31201d506a21..7438999e0510 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -615,16 +615,8 @@ static void update_pcm_pointers(struct amdtp_stream *s, // The program in user process should periodically check the status of intermediate // buffer associated to PCM substream to process PCM frames in the buffer, instead // of receiving notification of period elapsed by poll wait. - if (!pcm->runtime->no_period_wakeup) { - if (in_softirq()) { - // In software IRQ context for 1394 OHCI. - snd_pcm_period_elapsed(pcm); - } else { - // In process context of ALSA PCM application under acquired lock of - // PCM substream. - snd_pcm_period_elapsed_under_stream_lock(pcm); - } - } + if (!pcm->runtime->no_period_wakeup) + queue_work(system_highpri_wq, &s->period_work); } } @@ -1864,11 +1856,14 @@ unsigned long amdtp_domain_stream_pcm_pointer(struct amdtp_domain *d, { struct amdtp_stream *irq_target = d->irq_target; - // Process isochronous packets queued till recent isochronous cycle to handle PCM frames. if (irq_target && amdtp_stream_running(irq_target)) { - // In software IRQ context, the call causes dead-lock to disable the tasklet - // synchronously. - if (!in_softirq()) + // use wq to prevent AB/BA deadlock competition for + // substream lock: + // fw_iso_context_flush_completions() acquires + // lock by ohci_flush_iso_completions(), + // amdtp-stream process_rx_packets() attempts to + // acquire same lock by snd_pcm_elapsed() + if (current_work() != &s->period_work) fw_iso_context_flush_completions(irq_target->context); } -- 2.45.2

10 months, 4 weeks

1
0
0 0

[PATCH v4 1/2] Revert "ALSA: firewire-lib: obsolete workqueue for period update"

by Edmund Raile

prepare resolution of AB/BA deadlock competition for substream lock: restore workqueue previously used for process context: revert commit b5b519965c4c ("ALSA: firewire-lib: obsolete workqueue for period update") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg76hzeo4simn… Signed-off-by: Edmund Raile <edmund.raile(a)protonmail.com> --- sound/firewire/amdtp-stream.c | 15 +++++++++++++++ sound/firewire/amdtp-stream.h | 1 + 2 files changed, 16 insertions(+) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..31201d506a21 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -77,6 +77,8 @@ // overrun. Actual device can skip more, then this module stops the packet streaming. #define IR_JUMBO_PAYLOAD_MAX_SKIP_CYCLES 5 +static void pcm_period_work(struct work_struct *work); + /** * amdtp_stream_init - initialize an AMDTP stream structure * @s: the AMDTP stream to initialize @@ -105,6 +107,7 @@ int amdtp_stream_init(struct amdtp_stream *s, struct fw_unit *unit, s->flags = flags; s->context = ERR_PTR(-1); mutex_init(&s->mutex); + INIT_WORK(&s->period_work, pcm_period_work); s->packet_index = 0; init_waitqueue_head(&s->ready_wait); @@ -347,6 +350,7 @@ EXPORT_SYMBOL(amdtp_stream_get_max_payload); */ void amdtp_stream_pcm_prepare(struct amdtp_stream *s) { + cancel_work_sync(&s->period_work); s->pcm_buffer_pointer = 0; s->pcm_period_pointer = 0; } @@ -624,6 +628,16 @@ static void update_pcm_pointers(struct amdtp_stream *s, } } +static void pcm_period_work(struct work_struct *work) +{ + struct amdtp_stream *s = container_of(work, struct amdtp_stream, + period_work); + struct snd_pcm_substream *pcm = READ_ONCE(s->pcm); + + if (pcm) + snd_pcm_period_elapsed(pcm); +} + static int queue_packet(struct amdtp_stream *s, struct fw_iso_packet *params, bool sched_irq) { @@ -1910,6 +1924,7 @@ static void amdtp_stream_stop(struct amdtp_stream *s) return; } + cancel_work_sync(&s->period_work); fw_iso_context_stop(s->context); fw_iso_context_destroy(s->context); s->context = ERR_PTR(-1); diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h index a1ed2e80f91a..775db3fc4959 100644 --- a/sound/firewire/amdtp-stream.h +++ b/sound/firewire/amdtp-stream.h @@ -191,6 +191,7 @@ struct amdtp_stream { /* For a PCM substream processing. */ struct snd_pcm_substream *pcm; + struct work_struct period_work; snd_pcm_uframes_t pcm_buffer_pointer; unsigned int pcm_period_pointer; unsigned int pcm_frame_multiplier; -- 2.45.2

10 months, 4 weeks

1
0
0 0

Re: [PATCH 6.10 000/809] 6.10.3-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

10 months, 4 weeks

1
0
0 0

[PATCH v2] fs/netfs/fscache_io: remove the obsolete "using_pgpriv2" flag

by Max Kellermann

This fixes a crash bug caused by commit ae678317b95e ("netfs: Remove deprecated use of PG_private_2 as a second writeback flag") by removing a leftover folio_end_private_2() call after all calls to folio_start_private_2() had been removed by the commit. By calling folio_end_private_2() without folio_start_private_2(), the folio refcounter breaks and causes trouble like RCU stalls and general protection faults. Cc: stable(a)vger.kernel.org Fixes: ae678317b95e ("netfs: Remove deprecated use of PG_private_2 as a second writeback flag") Link: https://lore.kernel.org/ceph-devel/CAKPOu+_DA8XiMAA2ApMj7Pyshve_YWknw8Hdt1=… Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/ceph/addr.c | 2 +- fs/netfs/fscache_io.c | 29 +---------------------------- include/linux/fscache.h | 30 ++++-------------------------- 3 files changed, 6 insertions(+), 55 deletions(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 8c16bc5250ef..485cbd1730d1 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -512,7 +512,7 @@ static void ceph_fscache_write_to_cache(struct inode *inode, u64 off, u64 len, b struct fscache_cookie *cookie = ceph_fscache_cookie(ci); fscache_write_to_cache(cookie, inode->i_mapping, off, len, i_size_read(inode), - ceph_fscache_write_terminated, inode, true, caching); + ceph_fscache_write_terminated, inode, caching); } #else static inline void ceph_fscache_write_to_cache(struct inode *inode, u64 off, u64 len, bool caching) diff --git a/fs/netfs/fscache_io.c b/fs/netfs/fscache_io.c index 38637e5c9b57..0d8f3f646598 100644 --- a/fs/netfs/fscache_io.c +++ b/fs/netfs/fscache_io.c @@ -166,30 +166,10 @@ struct fscache_write_request { loff_t start; size_t len; bool set_bits; - bool using_pgpriv2; netfs_io_terminated_t term_func; void *term_func_priv; }; -void __fscache_clear_page_bits(struct address_space *mapping, - loff_t start, size_t len) -{ - pgoff_t first = start / PAGE_SIZE; - pgoff_t last = (start + len - 1) / PAGE_SIZE; - struct page *page; - - if (len) { - XA_STATE(xas, &mapping->i_pages, first); - - rcu_read_lock(); - xas_for_each(&xas, page, last) { - folio_end_private_2(page_folio(page)); - } - rcu_read_unlock(); - } -} -EXPORT_SYMBOL(__fscache_clear_page_bits); - /* * Deal with the completion of writing the data to the cache. */ @@ -198,10 +178,6 @@ static void fscache_wreq_done(void *priv, ssize_t transferred_or_error, { struct fscache_write_request *wreq = priv; - if (wreq->using_pgpriv2) - fscache_clear_page_bits(wreq->mapping, wreq->start, wreq->len, - wreq->set_bits); - if (wreq->term_func) wreq->term_func(wreq->term_func_priv, transferred_or_error, was_async); @@ -214,7 +190,7 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, loff_t start, size_t len, loff_t i_size, netfs_io_terminated_t term_func, void *term_func_priv, - bool using_pgpriv2, bool cond) + bool cond) { struct fscache_write_request *wreq; struct netfs_cache_resources *cres; @@ -232,7 +208,6 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, wreq->mapping = mapping; wreq->start = start; wreq->len = len; - wreq->using_pgpriv2 = using_pgpriv2; wreq->set_bits = cond; wreq->term_func = term_func; wreq->term_func_priv = term_func_priv; @@ -260,8 +235,6 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, abandon_free: kfree(wreq); abandon: - if (using_pgpriv2) - fscache_clear_page_bits(mapping, start, len, cond); if (term_func) term_func(term_func_priv, ret, false); } diff --git a/include/linux/fscache.h b/include/linux/fscache.h index 9de27643607f..f8c52bddaa15 100644 --- a/include/linux/fscache.h +++ b/include/linux/fscache.h @@ -177,8 +177,7 @@ void __fscache_write_to_cache(struct fscache_cookie *cookie, loff_t start, size_t len, loff_t i_size, netfs_io_terminated_t term_func, void *term_func_priv, - bool using_pgpriv2, bool cond); -extern void __fscache_clear_page_bits(struct address_space *, loff_t, size_t); + bool cond); /** * fscache_acquire_volume - Register a volume as desiring caching services @@ -573,24 +572,6 @@ int fscache_write(struct netfs_cache_resources *cres, return ops->write(cres, start_pos, iter, term_func, term_func_priv); } -/** - * fscache_clear_page_bits - Clear the PG_fscache bits from a set of pages - * @mapping: The netfs inode to use as the source - * @start: The start position in @mapping - * @len: The amount of data to unlock - * @caching: If PG_fscache has been set - * - * Clear the PG_fscache flag from a sequence of pages and wake up anyone who's - * waiting. - */ -static inline void fscache_clear_page_bits(struct address_space *mapping, - loff_t start, size_t len, - bool caching) -{ - if (caching) - __fscache_clear_page_bits(mapping, start, len); -} - /** * fscache_write_to_cache - Save a write to the cache and clear PG_fscache * @cookie: The cookie representing the cache object @@ -600,7 +581,6 @@ static inline void fscache_clear_page_bits(struct address_space *mapping, * @i_size: The new size of the inode * @term_func: The function to call upon completion * @term_func_priv: The private data for @term_func - * @using_pgpriv2: If we're using PG_private_2 to mark in-progress write * @caching: If we actually want to do the caching * * Helper function for a netfs to write dirty data from an inode into the cache @@ -612,21 +592,19 @@ static inline void fscache_clear_page_bits(struct address_space *mapping, * marked with PG_fscache. * * If given, @term_func will be called upon completion and supplied with - * @term_func_priv. Note that if @using_pgpriv2 is set, the PG_private_2 flags - * will have been cleared by this point, so the netfs must retain its own pin - * on the mapping. + * @term_func_priv. */ static inline void fscache_write_to_cache(struct fscache_cookie *cookie, struct address_space *mapping, loff_t start, size_t len, loff_t i_size, netfs_io_terminated_t term_func, void *term_func_priv, - bool using_pgpriv2, bool caching) + bool caching) { if (caching) __fscache_write_to_cache(cookie, mapping, start, len, i_size, term_func, term_func_priv, - using_pgpriv2, caching); + caching); else if (term_func) term_func(term_func_priv, -ENOBUFS, false); -- 2.43.0

10 months, 4 weeks

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror