November 2021 - Linux-stable-mirror

[PATCH] drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path

by Boris Brezillon

Make sure all bo->base.pages entries are either NULL or pointing to a valid page before calling drm_gem_shmem_put_pages(). Reported-by: Tomeu Vizoso <tomeu.vizoso(a)collabora.com> Cc: <stable(a)vger.kernel.org> Fixes: 187d2929206e ("drm/panfrost: Add support for GPU heap allocations") Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panfrost/panfrost_mmu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c index 569509c2ba27..d76dff201ea6 100644 --- a/drivers/gpu/drm/panfrost/panfrost_mmu.c +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c @@ -460,6 +460,7 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, if (IS_ERR(pages[i])) { mutex_unlock(&bo->base.pages_lock); ret = PTR_ERR(pages[i]); + pages[i] = NULL; goto err_pages; } } -- 2.31.1

1 year

2
2
0 0

[PATCH v2] mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()

by Alexander A Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> Erase can be zeroed in spi_nor_parse_4bait() or spi_nor_init_non_uniform_erase_map(). In practice it happened with mt25qu256a, which supports 4K, 32K, 64K erases with 3b address commands, but only 4K and 64K erase with 4b address commands. Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate current map conf") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> --- Changes in v2: erase->opcode -> erase->size drivers/mtd/spi-nor/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c index 88dd090..183ea9d 100644 --- a/drivers/mtd/spi-nor/core.c +++ b/drivers/mtd/spi-nor/core.c @@ -1400,6 +1400,8 @@ spi_nor_find_best_erase_type(const struct spi_nor_erase_map *map, continue; erase = &map->erase_type[i]; + if (!erase->size) + continue; /* Alignment is not mandatory for overlaid regions */ if (region->offset & SNOR_OVERLAID_REGION && -- 2.10.2

1 year, 5 months

4
5
0 0

[PATCH] Revert "ath: add support for special 0x0 regulatory domain"

by Brian Norris

This reverts commit 2dc016599cfa9672a147528ca26d70c3654a5423. Users are reporting regressions in regulatory domain detection and channel availability. The problem this was trying to resolve was fixed in firmware anyway: QCA6174 hw3.0: sdio-4.4.1: add firmware.bin_WLAN.RMH.4.4.1-00042 https://github.com/kvalo/ath10k-firmware/commit/4d382787f0efa77dba40394e0bc… Link: https://bbs.archlinux.org/viewtopic.php?id=254535 Link: http://lists.infradead.org/pipermail/ath10k/2020-April/014871.html Link: http://lists.infradead.org/pipermail/ath10k/2020-May/015152.html Fixes: 2dc016599cfa ("ath: add support for special 0x0 regulatory domain") Cc: <stable(a)vger.kernel.org> Cc: Wen Gong <wgong(a)codeaurora.org> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/net/wireless/ath/regd.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/ath/regd.c b/drivers/net/wireless/ath/regd.c index bee9110b91f3..20f4f8ea9f89 100644 --- a/drivers/net/wireless/ath/regd.c +++ b/drivers/net/wireless/ath/regd.c @@ -666,14 +666,14 @@ ath_regd_init_wiphy(struct ath_regulatory *reg, /* * Some users have reported their EEPROM programmed with - * 0x8000 or 0x0 set, this is not a supported regulatory - * domain but since we have more than one user with it we - * need a solution for them. We default to 0x64, which is - * the default Atheros world regulatory domain. + * 0x8000 set, this is not a supported regulatory domain + * but since we have more than one user with it we need + * a solution for them. We default to 0x64, which is the + * default Atheros world regulatory domain. */ static void ath_regd_sanitize(struct ath_regulatory *reg) { - if (reg->current_rd != COUNTRY_ERD_FLAG && reg->current_rd != 0) + if (reg->current_rd != COUNTRY_ERD_FLAG) return; printk(KERN_DEBUG "ath: EEPROM regdomain sanitized\n"); reg->current_rd = 0x64; -- 2.27.0.rc0.183.gde8f92d652-goog

1 year, 7 months

8
10
0 0

[PATCH] bluetooth: Add another Bluetooth part for Realtek 8852AE

by Larry Finger

This Realtek device has both wifi and BT components. The latter reports a USB ID of 0bda:4852, which is not in the table. The portion of /sys/kernel/debug/usb/devices pertaining to this device is T: Bus=06 Lev=01 Prnt=01 Port=03 Cnt=02 Dev#= 3 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=4852 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> Cc: Stable <stable(a)vger.kernel.org> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 60d2fce59a71..7e1e43c216ec 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -384,6 +384,8 @@ static const struct usb_device_id blacklist_table[] = { /* Realtek 8852AE Bluetooth devices */ { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, /* Realtek Bluetooth devices */ { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), -- 2.33.0

1 year, 8 months

4
3
0 0

[PATCH 5.10 000/575] 5.10.80-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.80 release. There are 575 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Nov 2021 16:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.80-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.80-rc1 Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Partial revert of commit 6f9f17287e78 Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix PCIe Max Payload Size setting Pali Rohár <pali(a)kernel.org> PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros Jernej Skrabec <jernej.skrabec(a)gmail.com> drm/sun4i: Fix macros in sun8i_csc.h Xiaoming Ni <nixiaoming(a)huawei.com> powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n Vasant Hegde <hegdevasant(a)linux.vnet.ibm.com> powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines Halil Pasic <pasic(a)linux.ibm.com> s390/cio: make ccw_device_dma_* more robust Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix hanging ioctl caused by orphaned replies Sven Schnelle <svens(a)linux.ibm.com> s390/tape: fix timer initialization in tape_std_assign() Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: check the subchannel validity for dev_busid Marek Vasut <marex(a)denx.de> video: backlight: Drop maximum brightness override for brightness zero Jack Andersen <jackoalan(a)gmail.com> mfd: dln2: Add cell for initializing DLN2 ADC Michal Hocko <mhocko(a)suse.com> mm, oom: do not trigger out_of_memory from the #PF Vasily Averin <vvs(a)virtuozzo.com> mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/security: Add a helper to query stf_barrier type Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/bpf: Validate branch ranges Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/lib: Add helper to check if offset is within conditional branch range Vasily Averin <vvs(a)virtuozzo.com> memcg: prohibit unconditional exceeding the limit of dying tasks Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix missing error check in p9_check_errors Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: should use GFP_NOFS for directory inodes Guo Ren <guoren(a)linux.alibaba.com> irqchip/sifive-plic: Fixup EOI failed when masked Michael Pratt <mpratt(a)google.com> posix-cpu-timers: Clear task::posix_cputimers_work in copy_process() Dave Jones <davej(a)codemonkey.org.uk> x86/mce: Add errata workaround for Skylake SKX37 Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL Helge Deller <deller(a)gmx.de> parisc: Fix backtrace to always include init funtion names Arnd Bergmann <arnd(a)arndb.de> ARM: 9156/1: drop cc-option fallbacks for architecture selection Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ARM: 9155/1: fix early early_iounmap() Willem de Bruijn <willemb(a)google.com> selftests/net: udpgso_bench_rx: fix port argument Rahul Lakkireddy <rahul.lakkireddy(a)chelsio.com> cxgb4: fix eeprom len when diagnostics not implemented Dust Li <dust.li(a)linux.alibaba.com> net/smc: fix sk_refcnt underflow on linkdown and fallback Eiichi Tsukata <eiichi.tsukata(a)nutanix.com> vsock: prevent unnecessary refcnt inc for nonblocking connect Vladimir Oltean <vladimir.oltean(a)nxp.com> net: stmmac: allow a tc-taprio base-time of zero Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: allow configure ETS bandwidth of all TCs Yufeng Mo <moyufeng(a)huawei.com> net: hns3: fix kernel crash when unload VF while it is being reset Eric Dumazet <edumazet(a)google.com> net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any Muchun Song <songmuchun(a)bytedance.com> seq_file: fix passing wrong private data Dan Carpenter <dan.carpenter(a)oracle.com> gve: Fix off by one in gve_tx_timeout() John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Remove unhash handler for BPF sockmap usage Arnd Bergmann <arnd(a)arndb.de> arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions Chengfeng Ye <cyeaa(a)connect.ust.hk> nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails Eric Dumazet <edumazet(a)google.com> llc: fix out-of-bound array index in llc_sk_dev_hash() Ian Rogers <irogers(a)google.com> perf bpf: Add missing free to bpf_event__print_bpf_prog_info() Dan Carpenter <dan.carpenter(a)oracle.com> zram: off by one in read_block_state() Miaohe Lin <linmiaohe(a)huawei.com> mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for mcp251xfd_chip_rx_int_enable() Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> mfd: core: Add missing of_node_put for loop iteration Huang Guobin <huangguobin4(a)huawei.com> bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: fix duplex out of sync problem while changing settings Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> ataflop: remove ataflop_probe_lock mutex Luis Chamberlain <mcgrof(a)kernel.org> block/ataflop: provide a helper for cleanup up an atari disk Luis Chamberlain <mcgrof(a)kernel.org> block/ataflop: add registration bool before calling del_gendisk() Luis Chamberlain <mcgrof(a)kernel.org> block/ataflop: use the blk_cleanup_disk() helper Chenyuan Mi <cymi20(a)fudan.edu.cn> drm/nouveau/svm: Fix refcount leak bug and missing check against null bug Hans de Goede <hdegoede(a)redhat.com> ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses Brett Creeley <brett.creeley(a)intel.com> ice: Fix not stopping Tx queues for VFs Sylwester Dziedziuch <sylwesterx.dziedziuch(a)intel.com> ice: Fix replacing VF hardware MAC to existing MAC filter Ziyang Xuan <william.xuanziyang(a)huawei.com> net: vlan: fix a UAF in vlan_dev_real_dev() Stafford Horne <shorne(a)gmail.com> openrisc: fix SMP tlb flush NULL pointer dereference Jakub Kicinski <kuba(a)kernel.org> ethtool: fix ethtool msg len calculation for pause stats Maxim Kiselev <bigunclemax(a)gmail.com> net: davinci_emac: Fix interrupt pacing disable YueHaibing <yuehaibing(a)huawei.com> xen-pciback: Fix return in pm_ctrl_init() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a regression in nfs_set_open_stateid_locked() Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Turn off target reset during issue_lip Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix gnl list corruption Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Relogin during fabric disturbance Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Changes to support FCP2 Target Jackie Liu <liuyun01(a)kylinos.cn> ar7: fix kernel builds for compiler test Ahmad Fatoum <a.fatoum(a)pengutronix.de> watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT Randy Dunlap <rdunlap(a)infradead.org> m68k: set a default value for MEMORY_RESERVE Eric W. Biederman <ebiederm(a)xmission.com> signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) Lars-Peter Clausen <lars(a)metafoo.de> dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: fix OOB when mac header was cleared Robert-Ionut Alexa <robert-ionut.alexa(a)nxp.com> soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: ht16k33: Fix frame buffer device blanking Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: ht16k33: Connect backlight to fbdev Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string Alexey Gladkov <legion(a)kernel.org> Fix user namespace leak Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix an Oops in pnfs_mark_request_commit() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix up commit deadlocks Claudiu Beznea <claudiu.beznea(a)microchip.com> dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro Dan Carpenter <dan.carpenter(a)oracle.com> rtc: rv3032: fix error handling in rv3032_clkout_set_rate() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()' Zev Weiss <zev(a)bewilderbeest.net> mtd: core: don't remove debugfs directory if device is in use Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation Evgeny Novikov <novikov(a)ispras.ru> mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: orangefs: fix error return code of orangefs_revalidate_lookup() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix deadlocks in nfs_scan_commit_list() YueHaibing <yuehaibing(a)huawei.com> opp: Fix return in _opp_add_static_v2() Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge Marek Behún <kabel(a)kernel.org> PCI: aardvark: Don't spam about PIO Response Status Alex Xu (Hello71) <alex_y_xu(a)yahoo.ca> drm/plane-helper: fix uninitialized variable reference Baptiste Lepers <baptiste.lepers(a)gmail.com> pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix dentry verifier races Kewei Xu <kewei.xu(a)mediatek.com> i2c: mediatek: fixing the incorrect register offset J. Bruce Fields <bfields(a)redhat.com> nfsd: don't alloc under spinlock in rpc_parse_scope_id Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined Tom Rix <trix(a)redhat.com> apparmor: fix error check Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx: Fix kernel crash on IRQ handler register error Geert Uytterhoeven <geert+renesas(a)glider.be> mips: cm: Convert to bitfield API to fix out-of-bounds access Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_ring: check desc == NULL when using indirect with packed Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Correct configuring of switch inversion from ts-inv Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Use device_property API instead of of_property Lucas Tanure <tanureal(a)opensource.cirrus.com> ASoC: cs42l42: Disable regulators if probe fails Bixuan Cui <cuibixuan(a)linux.alibaba.com> powerpc/44x/fsp2: add missing of_node_put Andrej Shadura <andrew.shadura(a)collabora.co.uk> HID: u2fzero: properly handle timeouts in usb_submit_urb Andrej Shadura <andrew.shadura(a)collabora.co.uk> HID: u2fzero: clarify error check and length calculations Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL Anssi Hannula <anssi.hannula(a)bitwise.fi> serial: xilinx_uartps: Fix race condition causing stuck TX Sandeep Maheswaram <quic_c_sanm(a)quicinc.com> phy: qcom-snps: Correct the FSEL_MASK Dan Carpenter <dan.carpenter(a)oracle.com> phy: ti: gmii-sel: check of_get_address() for failure Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> phy: qcom-qusb2: Fix a memory leak on probe Rahul Tanwar <rtanwar(a)maxlinear.com> pinctrl: equilibrium: Fix function addition in multiple groups Wan Jiabing <wanjiabing(a)vivo.com> soc: qcom: apr: Add of_node_put() before return Guru Das Srinagesh <quic_gurus(a)quicinc.com> firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() Amelie Delaunay <amelie.delaunay(a)foss.st.com> usb: dwc2: drd: reset current session before setting the new one Amelie Delaunay <amelie.delaunay(a)foss.st.com> usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled Amelie Delaunay <amelie.delaunay(a)foss.st.com> usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init Stefan Agner <stefan(a)agner.ch> serial: imx: fix detach/attach of serial console Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer Can Guo <cang(a)codeaurora.org> scsi: ufs: Refactor ufshcd_setup_clocks() to remove skip_ref_clk Nuno Sá <nuno.sa(a)analog.com> iio: adis: do not disabe IRQs in 'adis_init()' Randy Dunlap <rdunlap(a)infradead.org> usb: typec: STUSB160X should select REGMAP_I2C Bjorn Andersson <bjorn.andersson(a)linaro.org> soc: qcom: rpmhpd: Make power_on actually enable the domain Lee Jones <lee.jones(a)linaro.org> soc: qcom: rpmhpd: Provide some missing struct member descriptions Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Correct some register default values Olivier Moysan <olivier.moysan(a)foss.st.com> ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 Olivier Moysan <olivier.moysan(a)foss.st.com> ARM: dts: stm32: fix SAI sub nodes register range Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Fix off-by-one bug in drive register check Vegard Nossum <vegard.nossum(a)oracle.com> staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> staging: most: dim2: do not double-register the same device Randy Dunlap <rdunlap(a)infradead.org> usb: musb: select GENERIC_PHY instead of depending on it Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Return missed an error if device doesn't support steering Dan Carpenter <dan.carpenter(a)oracle.com> scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() Yang Yingliang <yangyingliang(a)huawei.com> power: supply: max17040: fix null-ptr-deref in max17040_probe() Jakob Hauser <jahau(a)rocketmail.com> power: supply: rt5033_battery: Change voltage values to µV Dan Carpenter <dan.carpenter(a)oracle.com> usb: gadget: hid: fix error code in do_config() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Drop wrong use of ACPI_PTR() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc: fix unbalanced node refcount in check_kvm_guest() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix is_kvm_guest() / kvm_para_available() Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc: Reintroduce is_kvm_guest() as a fast-path check Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc: Rename is_kvm_guest() to check_kvm_guest() Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc: Refactor is_kvm_guest() declaration to new header Christophe Leroy <christophe.leroy(a)csgroup.eu> video: fbdev: chipsfb: use memset_io() instead of memset() Clément Léger <clement.leger(a)bootlin.com> clk: at91: check pmc node status before registering syscore ops Dongliang Mu <mudongliangabcd(a)gmail.com> memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> soc/tegra: Fix an error handling path in tegra_powergate_power_up() Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: topology: do not power down primary core during topology removal Andreas Kemnade <andreas(a)kemnade.info> arm: dts: omap3-gta04a4: accelerometer irq fix Yang Yingliang <yangyingliang(a)huawei.com> driver core: Fix possible memory leak in device_link_add() Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> soundwire: debugfs: use controller id and link_id for debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Use position buffer for SKL+ again Imre Deak <imre.deak(a)intel.com> ALSA: hda: Fix hang during shutdown due to link reset Imre Deak <imre.deak(a)intel.com> ALSA: hda: Release controller display power during shutdown/reboot Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Reduce udelay() at SKL+ position reporting Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000 Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: beacon: Fix Ethernet PHY mode Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock Dongliang Mu <mudongliangabcd(a)gmail.com> JFS: fix memleak in jfs_mount Jackie Liu <liuyun01(a)kylinos.cn> MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT Tong Zhang <ztong0001(a)gmail.com> scsi: dc395: Fix error case unwinding Peter Rosin <peda(a)axentia.se> ARM: dts: at91: tse850: the emac<->phy interface is rmii Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix timekeeping_suspended warning on resume Anand Moon <linux.amoon(a)gmail.com> arm64: dts: meson-g12b: Fix the pwm regulator supply properties Anand Moon <linux.amoon(a)gmail.com> arm64: dts: meson-g12a: Fix the pwm regulator supply properties Kishon Vijay Abraham I <kishon(a)ti.com> arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe Kishon Vijay Abraham I <kishon(a)ti.com> arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix query SRQ failure Marijn Suijten <marijn.suijten(a)somainline.org> ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Fix GPU register width for RK3328 Jackie Liu <liuyun01(a)kylinos.cn> ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM5301X: Fix memory nodes names Junji Wei <weijunji(a)bytedance.com> RDMA/rxe: Fix wrong port_cap_flags Alexandru Ardelean <aardelean(a)deviqon.com> iio: st_sensors: disable regulators after device unregistration Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: st_sensors: Call st_sensors_power_enable() from bus drivers Frank Rowand <frank.rowand(a)sony.com> of: unittest: fix EXPECT text for gpio hog errors Alexei Starovoitov <ast(a)kernel.org> bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit. Alexei Starovoitov <ast(a)kernel.org> bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off. Dan Schatzberg <schatzberg.dan(a)gmail.com> cgroup: Fix rootcg cpu.stat guest double counting Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: Process crqs after enabling interrupts Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: don't stop queue in xmit Jakub Kicinski <kuba(a)kernel.org> udp6: allow SO_MARK ctrl msg to affect routing Andrea Righi <andrea.righi(a)canonical.com> selftests/bpf: Fix fclose/pclose mismatch in test_progs Daniel Jordan <daniel.m.jordan(a)oracle.com> crypto: pcrypt - Delay write to padata->info Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: phylink: avoid mvneta warning when setting pause parameters Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> net: amd-xgbe: Toggle PLL settings during rate change Kumar Kartikeya Dwivedi <memxor(a)gmail.com> selftests/bpf: Fix fd cleanup in sk_lookup test Lorenz Bauer <lmb(a)cloudflare.com> selftests: bpf: Convert sk_lookup ctx access tests to PROG_TEST_RUN Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix discarded frames due to wrong sequence number Benjamin Li <benl(a)squareup.com> wcn36xx: add proper DMA memory barriers in rx path Wang Hai <wanghai38(a)huawei.com> libertas: Fix possible memory leak in probe and disconnect Wang Hai <wanghai38(a)huawei.com> libertas_tf: Fix possible memory leak in probe and disconnect Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: Fix handle_sske page fault handling Tiezhu Yang <yangtiezhu(a)loongson.cn> samples/kretprobes: Fix return value if register_kretprobe() failed Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> spi: spi-rpc-if: Check return value of rpcif_sw_init() Jon Maxwell <jmaxwell37(a)gmail.com> tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() Ilya Leoshkevich <iii(a)linux.ibm.com> libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED() Mark Brown <broonie(a)kernel.org> tpm_tis_spi: Add missing SPI ID Hao Wu <hao.wu(a)rubrik.com> tpm: fix Atmel TPM crash caused by too frequent queries Michael Schmitz <schmitzmic(a)gmail.com> block: ataflop: more blk-mq refactoring fixes Dan Carpenter <dan.carpenter(a)oracle.com> ataflop: potential out of bounds in do_format() Christoph Hellwig <hch(a)lst.de> ataflop: use a separate gendisk for each media format Mark Rutland <mark.rutland(a)arm.com> irq: mips: avoid nested irq_enter() Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: pv: avoid double free of sida page David Hildenbrand <david(a)redhat.com> s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix BTF header parsing checks Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix overflow in BTF sanity checks Andrii Nakryiko <andrii(a)kernel.org> libbpf: Allow loading empty BTFs Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix BTF data layout checks and allow empty BTF Quentin Monnet <quentin(a)isovalent.com> bpftool: Avoid leaking the JSON writer prepared for program metadata Jim Mattson <jmattson(a)google.com> KVM: selftests: Fix nested SVM tests when built with clang Ricardo Koller <ricarkol(a)google.com> KVM: selftests: Add operand to vmsave/vmload/vmrun in svm.c Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi Jessica Zhang <jesszhan(a)codeaurora.org> drm/msm: Fix potential NULL dereference in DPU SSPP Joerg Roedel <jroedel(a)suse.de> x86/sev: Fix stack type check in vc_switch_off_ist() Kees Cook <keescook(a)chromium.org> clocksource/drivers/timer-ti-dm: Select TIMER_OF Anders Roxell <anders.roxell(a)linaro.org> PM: hibernate: fix sparse warnings Max Gurtovoy <mgurtovoy(a)nvidia.com> nvme-rdma: fix error code in nvme_rdma_setup_ctrl Stefan Agner <stefan(a)agner.ch> phy: micrel: ksz8041nl: do not use power down mode Tim Gardner <tim.gardner(a)canonical.com> net: enetc: unmap DMA in enetc_send_cmd() Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Send DELBA requests according to spec Ziyang Xuan <william.xuanziyang(a)huawei.com> rsi: stop thread firstly in rsi_91x_init() error handling Shayne Chen <shayne.chen(a)mediatek.com> mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() Shayne Chen <shayne.chen(a)mediatek.com> mt76: mt7915: fix sta_rec_wtbl tag len Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7915: fix possible infinite loop release semaphore Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt76x02: fix endianness warnings in mt76x02_mac.c Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi Nathan Chancellor <nathan(a)kernel.org> platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning Michael Schmitz <schmitzmic(a)gmail.com> block: ataflop: fix breakage introduced at blk-mq refactoring Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mmc: mxs-mmc: disable regulator on error and in the remove function Sean Young <sean(a)mess.org> media: ir_toy: assignment to be16 should be of correct type Jakub Kicinski <kuba(a)kernel.org> net: stream: don't purge sk_error_queue in sk_stream_kill_queues() Dan Carpenter <dan.carpenter(a)oracle.com> drm/msm: uninitialized variable in msm_gem_import() Dan Carpenter <dan.carpenter(a)oracle.com> drm/msm: potential error pointer dereference in init() Eric Dumazet <edumazet(a)google.com> tcp: switch orphan_count to bare per-cpu counters Zhang Qiao <zhangqiao22(a)huawei.com> kernel/sched: Fix sched_fork() access an invalid sched_task_group Sven Eckelmann <seckelmann(a)datto.com> ath10k: fix max antenna gain unit Zev Weiss <zev(a)bewilderbeest.net> hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff Yang Yingliang <yangyingliang(a)huawei.com> hwmon: Fix possible memleak in __hwmon_device_register() Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE Dan Carpenter <dan.carpenter(a)oracle.com> memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() Arnd Bergmann <arnd(a)arndb.de> memstick: avoid out-of-range warning Tony Lindgren <tony(a)atomide.com> mmc: sdhci-omap: Fix context restore Tony Lindgren <tony(a)atomide.com> mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured John Fraker <jfraker(a)google.com> gve: Recover from queue stall due to missed IRQ Dan Carpenter <dan.carpenter(a)oracle.com> b43: fix a lower bounds test Dan Carpenter <dan.carpenter(a)oracle.com> b43legacy: fix a lower bounds test Markus Schneider-Pargmann <msp(a)baylibre.com> hwrng: mtk - Force runtime pm ops for sleep ops Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - disregard spurious PFVF interrupts Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - detect PFVF collision after ACK Evgeny Novikov <novikov(a)ispras.ru> media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_dynset: relax superfluous check on set updates Peter Zijlstra <peterz(a)infradead.org> rcu: Always inline rcu_dynticks_task*_{enter,exit}() Yazen Ghannam <yazen.ghannam(a)amd.com> EDAC/amd64: Handle three rank interleaving mode Vincent Donnefort <vincent.donnefort(a)arm.com> PM: EM: Fix inefficient states detection Linus Lüssing <ll(a)simonwunderlich.de> ath9k: Fix potential interrupt storm on queue reset Colin Ian King <colin.king(a)canonical.com> media: em28xx: Don't use ops->suspend if it is NULL Anel Orazgaliyeva <anelkz(a)amazon.de> cpuidle: Fix kobject memory leaks in error paths Arnd Bergmann <arnd(a)arndb.de> crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency Punit Agrawal <punitagrawal(a)gmail.com> kprobes: Do not use local variable when creating debugfs file Colin Ian King <colin.king(a)canonical.com> media: cx23885: Fix snd_card_free call on null card pointer Kees Cook <keescook(a)chromium.org> media: tm6000: Avoid card name truncation Kees Cook <keescook(a)chromium.org> media: si470x: Avoid card name truncation Kees Cook <keescook(a)chromium.org> media: radio-wl1273: Avoid card name truncation Randy Dunlap <rdunlap(a)infradead.org> media: i2c: ths8200 needs V4L2_ASYNC Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' Tom Rix <trix(a)redhat.com> media: TDA1997x: handle short reads of hdmi info frame. Ricardo Ribalda <ribalda(a)chromium.org> media: v4l2-ioctl: S_CTRL output the right value Pavel Skripkin <paskripkin(a)gmail.com> media: dvb-usb: fix ununit-value in az6027_rc_query Colin Ian King <colin.king(a)canonical.com> media: cxd2880-spi: Fix a null pointer dereference on error handling path Pavel Skripkin <paskripkin(a)gmail.com> media: em28xx: add missing em28xx_close_extension Arnd Bergmann <arnd(a)arndb.de> drm/amdgpu: fix warning for overflow check Sudarshan Rajagopalan <quic_sudaraja(a)quicinc.com> arm64: mm: update max_pfn after memory hotplug Matthew Auld <matthew.auld(a)intel.com> drm/ttm: stop calling tt_swapin in vm_access Fabio Estevam <festevam(a)denx.de> ath10k: sdio: Add missing BH locking around napi_schdule() Loic Poulain <loic.poulain(a)linaro.org> ath10k: Fix missing frame timestamp for beacon/probe-resp Baochen Qiang <bqiang(a)codeaurora.org> ath11k: Fix memory leak in ath11k_qmi_driver_event_work Pradeep Kumar Chitrapu <pradeepc(a)codeaurora.org> ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status Sriram R <srirrama(a)codeaurora.org> ath11k: Avoid race during regd updates Dan Carpenter <dan.carpenter(a)oracle.com> ath11k: fix some sleeping in atomic bugs Linus Walleij <linus.walleij(a)linaro.org> net: dsa: rtl8366rb: Fix off-by-one bug Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() Michael Walle <michael(a)walle.cc> crypto: caam - disable pkc for non-E SoCs Dinghao Liu <dinghao.liu(a)zju.edu.cn> Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync Ajay Singh <ajay.kathat(a)microchip.com> wilc1000: fix possible memory leak in cfg_scan_result() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> wcn36xx: Fix Antenna Diversity Switching Waiman Long <longman(a)redhat.com> cgroup: Make rebind_subsystems() disable v2 controllers all at once Yajun Deng <yajun.deng(a)linux.dev> net: net_namespace: Fix undefined member in key_remove_domain() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Let lock_is_held_type() detect recursive read as read liuyuntao <liuyuntao10(a)huawei.com> virtio-gpu: fix possible memory allocation failure Iago Toral Quiroga <itoral(a)igalia.com> drm/v3d: fix wait for TMU write combiner flush Peter Zijlstra <peterz(a)infradead.org> objtool: Fix static_call list generation Peter Zijlstra <peterz(a)infradead.org> x86/xen: Mark cpu_bringup_and_idle() as dead_end_function Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Add xen_start_kernel() to noreturn list Aleksander Jan Bajkowski <olek2(a)wp.pl> MIPS: lantiq: dma: fix burst length for DEU Neeraj Upadhyay <neeraju(a)codeaurora.org> rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() Desmond Cheong Zhi Xi <desmondcheongzx(a)gmail.com> Bluetooth: fix init and cleanup of sco_conn.timeout_work Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: Fix strobemeta selftest regression Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state Sven Schnelle <svens(a)stackframe.org> parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling Sven Schnelle <svens(a)stackframe.org> parisc/unwind: fix unwinder when CONFIG_64BIT is enabled Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: don't trigger WARN() when decompression fails Helge Deller <deller(a)gmx.de> task_stack: Fix end_of_stack() for architectures with upwards-growing stack Sven Schnelle <svens(a)stackframe.org> parisc: fix warning in flush_tlb_all Shuah Khan <skhan(a)linuxfoundation.org> selftests/core: fix conflicting types compile error for close_range() Anson Jacob <Anson.Jacob(a)amd.com> drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Correct band/freq reporting on RX Yang Yingliang <yangyingliang(a)huawei.com> spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() Josef Bacik <josef(a)toxicpanda.com> btrfs: do not take the uuid_mutex in btrfs_rm_device Sidong Yang <realwakka(a)gmail.com> btrfs: reflink: initialize return value to 0 in btrfs_extent_same() Stefan Schaeckeler <schaecsn(a)gmx.net> ACPI: AC: Quirk GK45 to skip reading _PSR Eric Dumazet <edumazet(a)google.com> net: annotate data-race in neigh_output() Florian Westphal <fw(a)strlen.de> vrf: run conntrack only in context of lower/physdev for locally generated packets Arnd Bergmann <arnd(a)arndb.de> ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix glock_hash_walk bugs Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Cancel remote delete work asynchronously Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: lantiq_gswip: serialize access to the PCE table Stephen Suryaputra <ssuryaextr(a)gmail.com> gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE Masami Hiramatsu <mhiramat(a)kernel.org> ARM: clang: Do not rely on lr register for stacktrace Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> smackfs: use __GFP_NOFAIL for smk_cipso_doi() Johannes Berg <johannes.berg(a)intel.com> iwlwifi: mvm: disable RX-diversity in powersave Jiri Olsa <jolsa(a)redhat.com> selftests/bpf: Fix perf_buffer test on system with offline cpus Shuah Khan <skhan(a)linuxfoundation.org> selftests: kvm: fix mismatched fclose() after popen() Ye Bin <yebin10(a)huawei.com> PM: hibernate: Get block device exclusively in swsusp_check() Hannes Reinecke <hare(a)suse.de> nvme: drop scan_lock and always kick requeue list when removing namespaces Israel Rukshin <israelr(a)nvidia.com> nvmet-tcp: fix use-after-free when a port is removed Israel Rukshin <israelr(a)nvidia.com> nvmet-rdma: fix use-after-free when a port is removed Israel Rukshin <israelr(a)nvidia.com> nvmet: fix use-after-free when a port is removed Michael Tretter <m.tretter(a)pengutronix.de> media: allegro: ignore interrupt if mailbox is not initialized Jens Axboe <axboe(a)kernel.dk> block: remove inaccurate requeue check Zheyu Ma <zheyuma97(a)gmail.com> mwl8k: Fix use-after-free in mwl8k_fw_state_machine() Ryder Lee <ryder.lee(a)mediatek.com> mt76: mt7915: fix an off-by-one bound check Kalesh Singh <kaleshsingh(a)google.com> tracing/cfi: Fix cmp_entries_* functions signature mismatch Menglong Dong <imagedong(a)tencent.com> workqueue: make sysfs of unbound kworker cpumask more clever Lasse Collin <lasse.collin(a)tukaani.org> lib/xz: Validate the value before assigning it to an enum variable Lasse Collin <lasse.collin(a)tukaani.org> lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression Zheyu Ma <zheyuma97(a)gmail.com> memstick: r592: Fix a UAF bug when removing the driver Xiao Ni <xni(a)redhat.com> md: update superblock after changing rdev flags in state_store Jens Axboe <axboe(a)kernel.dk> block: bump max plugged deferred size from 16 to 32 Tim Gardner <tim.gardner(a)canonical.com> drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() Kees Cook <keescook(a)chromium.org> leaking_addresses: Always print a trailing newline Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: phy: micrel: make *-skew-ps check more lenient Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdkfd: fix resume error when iommu disabled in Picasso André Almeida <andrealmeid(a)collabora.com> ACPI: battery: Accept charges over the design capacity as full Andreas Gruenbacher <agruenba(a)redhat.com> iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value Xin Xiong <xiongx18(a)fudan.edu.cn> mmc: moxart: Fix reference count leaks in moxart_probe Tuo Li <islituo(a)gmail.com> ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracefs: Have tracefs directories not set OTH permission bits by default Antoine Tenart <atenart(a)kernel.org> net-sysfs: try not to restart the syscall if it will fail eventually Anant Thazhemadam <anant.thazhemadam(a)gmail.com> media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() Ricardo Ribalda <ribalda(a)chromium.org> media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info Ricardo Ribalda <ribalda(a)chromium.org> media: ipu3-imgu: imgu_fmt: Handle properly try Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Avoid evaluating methods too early during system resume Josh Don <joshdon(a)google.com> fs/proc/uptime.c: Fix idle time reporting in /proc/uptime Corey Minyard <cminyard(a)mvista.com> ipmi: Disable some operations during a panic Nadezda Lutovinova <lutovinova(a)ispras.ru> media: rcar-csi2: Add checking to rcsi2_start_receiver() Hans de Goede <hdegoede(a)redhat.com> brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet Zong-Zhe Yang <kevin_yang(a)realtek.com> rtw88: fix RX clock gate setting while fifo dump Randy Dunlap <rdunlap(a)infradead.org> ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK Rajat Asthana <rajatasthana4(a)gmail.com> media: mceusb: return without resubmitting URB in case of -EPROTO error. Martin Kepplinger <martink(a)posteo.de> media: imx: set a media_device bus_info string Nadezda Lutovinova <lutovinova(a)ispras.ru> media: s5p-mfc: Add checking to s5p_mfc_probe(). Tuo Li <islituo(a)gmail.com> media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set unique vdev name based in type Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Return -EIO for control errors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set capability in s_param Dmitriy Ulitin <ulitin(a)ispras.ru> media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() Evgeny Novikov <novikov(a)ispras.ru> media: atomisp: Fix error handling in probe Zheyu Ma <zheyuma97(a)gmail.com> media: netup_unidvb: handle interrupt properly according to the firmware Dirk Bender <d.bender(a)phytec.de> media: mt9p031: Fix corrupted frame after restarting stream Alagu Sankar <alagusankar(a)silex-india.com> ath10k: high latency fixes for beacon buffer Baochen Qiang <bqiang(a)codeaurora.org> ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets Wen Gong <wgong(a)codeaurora.org> ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED Sriram R <srirrama(a)codeaurora.org> ath11k: Avoid reg rules update during firmware recovery Andrey Grodzovsky <andrey.grodzovsky(a)amd.com> drm/amdgpu: Fix MMIO access page fault Eric Biggers <ebiggers(a)google.com> fscrypt: allow 256-bit master keys with AES-256-XTS Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Properly initialize private structure on interface type changes Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type Peter Zijlstra <peterz(a)infradead.org> x86: Increase exception stack sizes Seevalamuthu Mariappan <seevalam(a)codeaurora.org> ath11k: Align bss_chan_info structure with firmware Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> smackfs: Fix use-after-free in netlbl_catmap_walk() Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop Jakub Kicinski <kuba(a)kernel.org> net: sched: update default qdisc visibility after Tx queue cnt changes Peter Zijlstra <peterz(a)infradead.org> locking/lockdep: Avoid RCU-induced noinstr fail Aleksander Jan Bajkowski <olek2(a)wp.pl> MIPS: lantiq: dma: reset correct number of channel Aleksander Jan Bajkowski <olek2(a)wp.pl> MIPS: lantiq: dma: add small delay after reset Barnabás Pőcze <pobrn(a)protonmail.com> platform/x86: wmi: do not fail if disabling fails Scott Wood <swood(a)redhat.com> rcutorture: Avoid problematic critical section nesting on PREEMPT_RT Simon Ser <contact(a)emersion.fr> drm/panel-orientation-quirks: add Valve Steam Deck Wang ShaoBo <bobo.shaobowang(a)huawei.com> Bluetooth: fix use-after-free error in lock_sock_nested() Takashi Iwai <tiwai(a)suse.de> Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) Charan Teja Reddy <charante(a)codeaurora.org> dma-buf: WARN on dmabuf release with pending attachments Sebastian Krzyszkowiak <sebastian.krzyszkowiak(a)puri.sm> power: supply: max17042_battery: Clear status bits in interrupt handler Johan Hovold <johan(a)kernel.org> USB: chipidea: fix interrupt deadlock Johan Hovold <johan(a)kernel.org> USB: iowarrior: fix control-message timeouts Johan Hovold <johan(a)kernel.org> most: fix control-message timeouts Johan Hovold <johan(a)kernel.org> serial: 8250: fix racy uartclk update Wang Hai <wanghai38(a)huawei.com> USB: serial: keyspan: fix memleak on probe errors Nuno Sá <nuno.sa(a)analog.com> iio: ad5770r: make devicetree property reading consistent Pekka Korpinen <pekka.korpinen(a)iki.fi> iio: dac: ad5446: Fix ad5622_write() return value Tao Zhang <quic_taozha(a)quicinc.com> coresight: cti: Correct the parameter for pm_runtime_put Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak in pinctrl_enable() Zhang Yi <yi.zhang(a)huawei.com> quota: correct error number in free_dqentry() Zhang Yi <yi.zhang(a)huawei.com> quota: check block number when reading the block in quota file Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge Marek Behún <kabel(a)kernel.org> PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG Marek Behún <kabel(a)kernel.org> PCI: aardvark: Fix return value of MSI domain .alloc() method Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix configuring Reference clock Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix reporting Data Link Layer Link Active Pali Rohár <pali(a)kernel.org> PCI: aardvark: Do not unmask unused interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix checking for link up via LTSSM state Pali Rohár <pali(a)kernel.org> PCI: aardvark: Do not clear status bits of masked interrupts Li Chen <lchen(a)ambarella.com> PCI: cadence: Add cdns_plat_pcie_probe() missing return Marek Behún <kabel(a)kernel.org> PCI: pci-bridge-emul: Fix emulation of W1C bits yangerkun <yangerkun(a)huawei.com> ovl: fix use after free in struct ovl_aio_req Juergen Gross <jgross(a)suse.com> xen/balloon: add late_initcall_sync() for initial ballooning done Pavel Skripkin <paskripkin(a)gmail.com> ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume Takashi Iwai <tiwai(a)suse.de> ALSA: mixer: oss: Fix racy access to slots Arnd Bergmann <arnd(a)arndb.de> ifb: fix building without CONFIG_NET_CLS_ACT Pali Rohár <pali(a)kernel.org> serial: core: Fix initializing and restoring termios speed Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Protect ring_buffer_reset() from reentrancy Xiaoming Ni <nixiaoming(a)huawei.com> powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: j1939_can_recv(): ignore messages with invalid source address Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Extract ESR_ELx.EC only Henrik Grimler <henrik(a)grimler.se> power: supply: max17042_battery: use VFSOC for capacity when no rsns Sebastian Krzyszkowiak <sebastian.krzyszkowiak(a)puri.sm> power: supply: max17042_battery: Prevent int underflow in set_soc_threshold Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines Meng Li <Meng.Li(a)windriver.com> soc: fsl: dpio: use the combined functions to protect critical zone Meng Li <Meng.Li(a)windriver.com> soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id Eric W. Biederman <ebiederm(a)xmission.com> signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT Wolfram Sang <wsa+renesas(a)sang-engineering.com> memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode Eric W. Biederman <ebiederm(a)xmission.com> signal: Remove the bogus sigkill_pending in ptrace_stop Alok Prasad <palok(a)marvell.com> RDMA/qedr: Fix NULL deref for query_qp on the GSI QP Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix Intel ICX IIO event constraints Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server Marek Vasut <marex(a)denx.de> rsi: Fix module dev_oper_mode parameter description Martin Fuzzey <martin.fuzzey(a)flowbird.group> rsi: fix rate mask set leading to P2P failure Martin Fuzzey <martin.fuzzey(a)flowbird.group> rsi: fix key enabled check causing unwanted encryption for vap_id > 0 Martin Fuzzey <martin.fuzzey(a)flowbird.group> rsi: fix occasional initialisation failure with BT coex Benjamin Li <benl(a)squareup.com> wcn36xx: handle connection loss indication Reimar Döffinger <Reimar.Doeffinger(a)gmx.de> libata: fix checking of DMA state Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Try waking the firmware until we get an interrupt Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Read a PCI register after writing the TX ring write pointer Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix (QoS) null data frame bitrate/modulation Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix tx_status mechanism Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix HT40 capability for 2Ghz band Lukas Wunner <lukas(a)wunner.de> ifb: Depend on netfilter alternatively to tc Austin Kim <austin.kim(a)lge.com> evm: mark evm_fixmode as __ro_after_init Johan Hovold <johan(a)kernel.org> rtl8187: fix control-message timeouts Ingmar Klein <ingmar_klein(a)web.de> PCI: Mark Atheros QCA6174 to avoid bus reset Johan Hovold <johan(a)kernel.org> ath10k: fix division by zero in send path Johan Hovold <johan(a)kernel.org> ath10k: fix control-message timeout Johan Hovold <johan(a)kernel.org> ath6kl: fix control-message timeout Johan Hovold <johan(a)kernel.org> ath6kl: fix division by zero in send path Johan Hovold <johan(a)kernel.org> mwifiex: fix division by zero in fw download path Eric Badger <ebadger(a)purestorage.com> EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled Zev Weiss <zev(a)bewilderbeest.net> hwmon: (pmbus/lm25066) Add offset coefficients Ondrej Mosnacek <omosnace(a)redhat.com> selinux: fix race condition when computing ocontext SIDs Masami Hiramatsu <mhiramat(a)kernel.org> ia64: kprobes: Fix to pass correct trampoline address to the handler Andreas Gruenbacher <agruenba(a)redhat.com> powerpc/kvm: Fix kvm_use_magic_page Sean Christopherson <seanjc(a)google.com> KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup Anand Jain <anand.jain(a)oracle.com> btrfs: call btrfs_check_rw_degradable only if there is a missing device Filipe Manana <fdmanana(a)suse.com> btrfs: fix lost error handling when replaying directory deletes Li Zhang <zhanglikernel(a)gmail.com> btrfs: clear MISSING device status bit in btrfs_close_one_device Christoph Hellwig <hch(a)lst.de> rds: stop using dmapool Wen Gu <guwen(a)linux.alibaba.com> net/smc: Correct spelling mistake to TCPF_SYN_RECV Tony Lu <tonylu(a)linux.alibaba.com> net/smc: Fix smc_link->llc_testlink_time overflow Yu Xiao <yu.xiao(a)corigine.com> nfp: bpf: relax prog rejection for mtu check through max_pkt_offset Dongli Zhang <dongli.zhang(a)oracle.com> vmxnet3: do not stop tx queues after netif_device_detach() Janghyub Seo <jhyub06(a)gmail.com> r8169: Add device 10ec:8162 to driver r8169 Amit Engel <amit.engel(a)dell.com> nvmet-tcp: fix header digest verification Naohiro Aota <naohiro.aota(a)wdc.com> block: schedule queue restart after BLK_STS_ZONE_RESOURCE Mario <awxkrnl(a)gmail.com> drm: panel-orientation-quirks: Add quirk for GPD Win3 Walter Stoll <walter.stoll(a)duagon.com> watchdog: Fix OMAP watchdog early handling Cyril Strejc <cyril.strejc(a)skoda.cz> net: multicast: calculate csum of looped-back and forwarded packets Thomas Perrot <thomas.perrot(a)bootlin.com> spi: spl022: fix Microwire full duplex mode Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix a memory leak when releasing a queue Dongli Zhang <dongli.zhang(a)oracle.com> xen/netfront: stop tx queues during live migration Asmaa Mnebhi <asmaa(a)nvidia.com> gpio: mlxbf2.c: Add check for bgpio_init failure Lorenz Bauer <lmb(a)cloudflare.com> bpf: Prevent increasing bpf_jit_limit above max Lorenz Bauer <lmb(a)cloudflare.com> bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT Florian Westphal <fw(a)strlen.de> fcnal-test: kill hanging ping/nettest binaries on cleanup Bryant Mairs <bryant(a)mai.rs> drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 Randy Dunlap <rdunlap(a)infradead.org> mmc: winbond: don't build on M68K Paweł Anikiel <pan(a)semihalf.com> reset: socfpga: add empty driver allowing consumers to probe Mikko Perttunen <mperttunen(a)nvidia.com> reset: tegra-bpmp: Handle errors in BPMP response Bastien Roucariès <rouca(a)debian.org> ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode Arnd Bergmann <arnd(a)arndb.de> hyperv/vmbus: include linux/bitops.h Erik Ekman <erik(a)kryo.se> sfc: Don't use netif_info before net_device setup Erik Ekman <erik(a)kryo.se> sfc: Export fibre-specific supported link modes Zheyu Ma <zheyuma97(a)gmail.com> cavium: Fix return values of the probe function Zheyu Ma <zheyuma97(a)gmail.com> mISDN: Fix return values of the probe function Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: qla2xxx: Fix unmap of already freed sgl Zheyu Ma <zheyuma97(a)gmail.com> scsi: qla2xxx: Return -ENOMEM if kzalloc() fails Zheyu Ma <zheyuma97(a)gmail.com> cavium: Return negative value when pci_alloc_irq_vectors() fails Davide Baldo <davide(a)baldo.me> ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers Yang Yingliang <yangyingliang(a)huawei.com> ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() Sean Christopherson <seanjc(a)google.com> x86/irq: Ensure PI wakeup handler is unregistered before module unload Jane Malalane <jane.malalane(a)citrix.com> x86/cpu: Fix migration safety with X86_BUG_NULL_SEL Tom Lendacky <thomas.lendacky(a)amd.com> x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix page stealing yangerkun <yangerkun(a)huawei.com> ext4: refresh the ext4_ext_path struct after dropping i_data_sem. yangerkun <yangerkun(a)huawei.com> ext4: ensure enough credits in ext4_ext_shift_path_extents Shaoying Xu <shaoyi(a)amazon.com> ext4: fix lazy initialization next schedule time computation in more granular unit Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Unconditionally unlink slave instances, too Wang Wensheng <wangwensheng4(a)huawei.com> ALSA: timer: Fix use-after-free problem Austin Kim <austin.kim(a)lge.com> ALSA: synth: missing check for possible NULL after the call to kstrdup Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Free card instance properly at probe errors Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add registration quirk for JBL Quantum 400 Jason Ormes <skryking(a)gmail.com> ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk Johan Hovold <johan(a)kernel.org> ALSA: line6: fix control and interrupt message timeouts Johan Hovold <johan(a)kernel.org> ALSA: 6fire: fix control and bulk message timeouts Johan Hovold <johan(a)kernel.org> ALSA: ua101: fix division by zero at probe Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for ASUS UX550VE Jaroslav Kysela <perex(a)perex.cz> ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N Jeremy Soller <jeremy(a)system76.com> ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirk for Clevo PC70HS Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED Johnathon Clark <john.clark(a)cantab.net> ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 Ricardo Ribalda <ribalda(a)chromium.org> media: v4l2-ioctl: Fix check_ext_ctrls Sean Young <sean(a)mess.org> media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers Chen-Yu Tsai <wenst(a)chromium.org> media: rkvdec: Support dynamic resolution changes Sean Young <sean(a)mess.org> media: ite-cir: IR receiver stop working after receive overflow Chen-Yu Tsai <wenst(a)chromium.org> media: rkvdec: Do not override sizeimage for output format Tang Bin <tangbin(a)cmss.chinamobile.com> crypto: s5p-sss - Add error handling in s5p_aes_probe() jing yangyang <cgel.zte(a)gmail.com> firmware/psci: fix application of sizeof to pointer Dan Carpenter <dan.carpenter(a)oracle.com> tpm: Check for integer overflow in tpm2_map_response_body() Helge Deller <deller(a)gmx.de> parisc: Fix ptrace check on syscall return Helge Deller <deller(a)gmx.de> parisc: Fix set_fixmap() on PA1.x CPUs Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix incorrect loading of i_blocks for large files Christian Löhle <CLoehle(a)hyperstone.com> mmc: dw_mmc: Dont wait for DRTO on Write RSP error Derong Liu <derong.liu(a)mediatek.com> mmc: mtk-sd: Add wait dma stop done flow Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix use after free in eh_abort path Arun Easi <aeasi(a)marvell.com> scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file Tadeusz Struk <tadeusz.struk(a)linaro.org> scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd() Jan Kara <jack(a)suse.cz> ocfs2: fix data corruption on truncate Damien Le Moal <damien.lemoal(a)opensource.wdc.com> libata: fix read log timeout value Takashi Iwai <tiwai(a)suse.de> Input: i8042 - Add quirk for Fujitsu Lifebook T725 Phoenix Huang <phoenix(a)emc.com.tw> Input: elantench - fix misreporting trackpoint coordinates Johan Hovold <johan(a)kernel.org> Input: iforce - fix control-message timeout Todd Kjos <tkjos(a)google.com> binder: use cred instead of task for getsecid Todd Kjos <tkjos(a)google.com> binder: use cred instead of task for selinux checks Todd Kjos <tkjos(a)google.com> binder: use euid from cred instead of using task Nehal Bakulchandra Shah <Nehal-Bakulchandra.shah(a)amd.com> usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 7 + .../bindings/regulator/samsung,s5m8767.txt | 23 +- Documentation/filesystems/fscrypt.rst | 10 +- Makefile | 4 +- arch/arm/Makefile | 22 +- arch/arm/boot/dts/at91-tse850-3.dts | 2 +- arch/arm/boot/dts/bcm4708-netgear-r6250.dts | 2 +- arch/arm/boot/dts/bcm4709-asus-rt-ac87u.dts | 2 +- arch/arm/boot/dts/bcm4709-buffalo-wxr-1900dhp.dts | 2 +- arch/arm/boot/dts/bcm4709-linksys-ea9200.dts | 2 +- arch/arm/boot/dts/bcm4709-netgear-r7000.dts | 2 +- arch/arm/boot/dts/bcm4709-netgear-r8000.dts | 2 +- arch/arm/boot/dts/bcm4709-tplink-archer-c9-v1.dts | 2 +- arch/arm/boot/dts/bcm47094-luxul-xwc-2000.dts | 2 +- arch/arm/boot/dts/bcm53016-meraki-mr32.dts | 2 +- arch/arm/boot/dts/bcm94708.dts | 2 +- arch/arm/boot/dts/bcm94709.dts | 2 +- arch/arm/boot/dts/omap3-gta04.dtsi | 2 +- arch/arm/boot/dts/qcom-msm8974.dtsi | 4 +- arch/arm/boot/dts/stm32mp15-pinctrl.dtsi | 8 +- arch/arm/boot/dts/stm32mp151.dtsi | 16 +- arch/arm/boot/dts/stm32mp15xx-dhcor-som.dtsi | 2 +- arch/arm/boot/dts/sun7i-a20-olinuxino-lime2.dts | 2 +- arch/arm/kernel/stacktrace.c | 3 +- arch/arm/mach-s3c/irq-s3c24xx.c | 22 +- arch/arm/mm/Kconfig | 2 +- arch/arm/mm/mmu.c | 4 +- arch/arm64/boot/dts/amlogic/meson-g12a-sei510.dts | 2 +- arch/arm64/boot/dts/amlogic/meson-g12a-u200.dts | 2 +- arch/arm64/boot/dts/amlogic/meson-g12a-x96-max.dts | 2 +- .../boot/dts/amlogic/meson-g12b-khadas-vim3.dtsi | 4 +- .../boot/dts/amlogic/meson-g12b-odroid-n2.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-g12b-w400.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 8 +- arch/arm64/boot/dts/qcom/pm8916.dtsi | 1 - .../arm64/boot/dts/renesas/beacon-renesom-som.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-j721e-main.dtsi | 16 +- arch/arm64/include/asm/esr.h | 1 + arch/arm64/include/asm/pgtable.h | 12 +- arch/arm64/kvm/hyp/hyp-entry.S | 2 +- arch/arm64/kvm/hyp/nvhe/host.S | 2 +- arch/arm64/mm/mmu.c | 5 + arch/arm64/net/bpf_jit_comp.c | 5 + arch/ia64/Kconfig.debug | 2 +- arch/ia64/kernel/kprobes.c | 9 +- arch/m68k/Kconfig.machine | 1 + arch/mips/Kconfig | 1 + arch/mips/include/asm/cmpxchg.h | 5 +- arch/mips/include/asm/mips-cm.h | 12 +- arch/mips/kernel/mips-cm.c | 21 +- arch/mips/kernel/r2300_fpu.S | 4 +- arch/mips/kernel/syscall.c | 9 - arch/mips/lantiq/xway/dma.c | 23 +- arch/openrisc/kernel/dma.c | 4 +- arch/openrisc/kernel/smp.c | 6 +- arch/parisc/kernel/entry.S | 2 +- arch/parisc/kernel/smp.c | 19 +- arch/parisc/kernel/unwind.c | 21 +- arch/parisc/kernel/vmlinux.lds.S | 3 +- arch/parisc/mm/fixmap.c | 5 +- arch/parisc/mm/init.c | 4 +- arch/powerpc/include/asm/code-patching.h | 1 + arch/powerpc/include/asm/firmware.h | 6 - arch/powerpc/include/asm/kvm_guest.h | 25 ++ arch/powerpc/include/asm/kvm_para.h | 2 +- arch/powerpc/include/asm/security_features.h | 5 + arch/powerpc/kernel/firmware.c | 12 +- arch/powerpc/kernel/kvm.c | 2 +- arch/powerpc/kernel/security.c | 5 + arch/powerpc/lib/code-patching.c | 7 +- arch/powerpc/net/bpf_jit.h | 33 ++- arch/powerpc/net/bpf_jit64.h | 8 +- arch/powerpc/net/bpf_jit_comp64.c | 64 +++++- arch/powerpc/platforms/44x/fsp2.c | 2 + arch/powerpc/platforms/85xx/Makefile | 4 +- arch/powerpc/platforms/85xx/mpc85xx_pm_ops.c | 7 +- arch/powerpc/platforms/85xx/smp.c | 12 +- arch/powerpc/platforms/powernv/opal-prd.c | 12 +- arch/powerpc/platforms/pseries/smp.c | 3 + arch/s390/kvm/priv.c | 2 + arch/s390/kvm/pv.c | 21 +- arch/s390/mm/gmap.c | 5 +- arch/sh/kernel/cpu/fpu.c | 10 +- arch/x86/events/intel/uncore_snbep.c | 6 +- arch/x86/hyperv/hv_init.c | 5 +- arch/x86/include/asm/page_64_types.h | 2 +- arch/x86/kernel/cpu/amd.c | 2 + arch/x86/kernel/cpu/common.c | 44 +++- arch/x86/kernel/cpu/cpu.h | 1 + arch/x86/kernel/cpu/hygon.c | 2 + arch/x86/kernel/cpu/mce/intel.c | 5 +- arch/x86/kernel/irq.c | 4 +- arch/x86/kernel/traps.c | 2 +- arch/x86/kvm/vmx/vmx.c | 15 +- arch/x86/mm/mem_encrypt_identity.c | 9 + block/blk-mq.c | 18 +- block/blk.h | 6 + crypto/Kconfig | 2 +- crypto/pcrypt.c | 12 +- drivers/acpi/ac.c | 19 ++ drivers/acpi/acpica/acglobal.h | 2 + drivers/acpi/acpica/hwesleep.c | 8 +- drivers/acpi/acpica/hwsleep.c | 11 +- drivers/acpi/acpica/hwxfsleep.c | 7 + drivers/acpi/battery.c | 2 +- drivers/acpi/pmic/intel_pmic.c | 51 +++-- drivers/android/binder.c | 22 +- drivers/ata/libata-core.c | 2 +- drivers/ata/libata-eh.c | 8 + drivers/auxdisplay/ht16k33.c | 66 +++--- drivers/auxdisplay/img-ascii-lcd.c | 10 + drivers/base/core.c | 4 +- drivers/base/power/main.c | 9 +- drivers/block/ataflop.c | 237 ++++++++++++------- drivers/block/zram/zram_drv.c | 2 +- drivers/bluetooth/btmtkuart.c | 13 +- drivers/bus/ti-sysc.c | 65 +++++- drivers/char/hw_random/mtk-rng.c | 9 +- drivers/char/ipmi/ipmi_msghandler.c | 10 +- drivers/char/ipmi/ipmi_watchdog.c | 17 +- drivers/char/tpm/tpm2-space.c | 3 + drivers/char/tpm/tpm_tis_core.c | 26 ++- drivers/char/tpm/tpm_tis_core.h | 4 + drivers/char/tpm/tpm_tis_spi_main.c | 1 + drivers/clk/at91/clk-sam9x60-pll.c | 4 +- drivers/clk/at91/pmc.c | 5 + drivers/clk/mvebu/ap-cpu-clk.c | 14 +- drivers/clocksource/Kconfig | 1 + drivers/cpuidle/sysfs.c | 5 +- drivers/crypto/caam/caampkc.c | 19 +- drivers/crypto/caam/regs.h | 3 + drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 13 ++ drivers/crypto/qat/qat_common/adf_vf_isr.c | 6 + drivers/crypto/s5p-sss.c | 2 + drivers/dma-buf/dma-buf.c | 1 + drivers/dma/at_xdmac.c | 2 +- drivers/dma/dmaengine.h | 2 +- drivers/edac/amd64_edac.c | 22 +- drivers/edac/sb_edac.c | 2 +- drivers/firmware/psci/psci_checker.c | 2 +- drivers/firmware/qcom_scm.c | 2 +- drivers/gpio/gpio-mlxbf2.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.h | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 1 + .../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 16 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 47 +++- drivers/gpu/drm/drm_plane_helper.c | 1 - drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c | 8 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 + drivers/gpu/drm/msm/msm_gem.c | 4 +- drivers/gpu/drm/msm/msm_gpu.c | 2 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 4 + drivers/gpu/drm/sun4i/sun8i_csc.h | 4 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 5 - drivers/gpu/drm/v3d/v3d_gem.c | 4 +- drivers/gpu/drm/virtio/virtgpu_vq.c | 8 +- drivers/hid/hid-u2fzero.c | 10 +- drivers/hv/hyperv_vmbus.h | 1 + drivers/hwmon/hwmon.c | 6 +- drivers/hwmon/pmbus/lm25066.c | 25 +- drivers/hwtracing/coresight/coresight-cti-core.c | 2 +- drivers/i2c/busses/i2c-mt65xx.c | 2 +- drivers/i2c/busses/i2c-xlr.c | 6 +- drivers/iio/accel/st_accel_core.c | 21 +- drivers/iio/accel/st_accel_i2c.c | 17 +- drivers/iio/accel/st_accel_spi.c | 17 +- drivers/iio/dac/ad5446.c | 9 +- drivers/iio/dac/ad5770r.c | 2 +- drivers/iio/gyro/st_gyro_core.c | 15 +- drivers/iio/gyro/st_gyro_i2c.c | 17 +- drivers/iio/gyro/st_gyro_spi.c | 17 +- drivers/iio/imu/adis.c | 4 +- drivers/iio/magnetometer/st_magn_core.c | 15 +- drivers/iio/magnetometer/st_magn_i2c.c | 14 +- drivers/iio/magnetometer/st_magn_spi.c | 14 +- drivers/iio/pressure/st_pressure_core.c | 15 +- drivers/iio/pressure/st_pressure_i2c.c | 17 +- drivers/iio/pressure/st_pressure_spi.c | 17 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/mlx4/qp.c | 4 +- drivers/infiniband/hw/qedr/verbs.c | 15 +- drivers/infiniband/sw/rxe/rxe_param.h | 2 +- drivers/input/joystick/iforce/iforce-usb.c | 2 +- drivers/input/mouse/elantech.c | 13 ++ drivers/input/serio/i8042-x86ia64io.h | 14 ++ drivers/irqchip/irq-bcm6345-l1.c | 2 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/isdn/hardware/mISDN/hfcpci.c | 8 +- drivers/md/md.c | 11 +- drivers/media/dvb-frontends/mn88443x.c | 18 +- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/ir-kbd-i2c.c | 1 + drivers/media/i2c/mt9p031.c | 28 ++- drivers/media/i2c/tda1997x.c | 8 +- drivers/media/pci/cx23885/cx23885-alsa.c | 3 +- drivers/media/pci/netup_unidvb/netup_unidvb_core.c | 27 ++- drivers/media/platform/mtk-vpu/mtk_vpu.c | 5 +- drivers/media/platform/rcar-vin/rcar-csi2.c | 2 + drivers/media/platform/s5p-mfc/s5p_mfc.c | 6 +- drivers/media/platform/stm32/stm32-dcmi.c | 19 +- drivers/media/radio/radio-wl1273.c | 2 +- drivers/media/radio/si470x/radio-si470x-i2c.c | 2 +- drivers/media/radio/si470x/radio-si470x-usb.c | 2 +- drivers/media/rc/ir_toy.c | 2 +- drivers/media/rc/ite-cir.c | 2 +- drivers/media/rc/mceusb.c | 1 + drivers/media/spi/cxd2880-spi.c | 2 +- drivers/media/usb/dvb-usb/az6027.c | 1 + drivers/media/usb/dvb-usb/dibusb-common.c | 2 +- drivers/media/usb/em28xx/em28xx-cards.c | 5 +- drivers/media/usb/em28xx/em28xx-core.c | 5 +- drivers/media/usb/tm6000/tm6000-video.c | 3 +- drivers/media/usb/uvc/uvc_driver.c | 7 +- drivers/media/usb/uvc/uvc_v4l2.c | 7 +- drivers/media/usb/uvc/uvc_video.c | 5 + drivers/media/v4l2-core/v4l2-ioctl.c | 67 ++++-- drivers/memory/fsl_ifc.c | 13 +- drivers/memory/renesas-rpc-if.c | 113 +++++++--- drivers/memstick/core/ms_block.c | 2 +- drivers/memstick/host/jmb38x_ms.c | 2 +- drivers/memstick/host/r592.c | 8 +- drivers/mfd/dln2.c | 18 ++ drivers/mfd/mfd-core.c | 2 + drivers/mmc/host/Kconfig | 2 +- drivers/mmc/host/dw_mmc.c | 3 +- drivers/mmc/host/moxart-mmc.c | 16 +- drivers/mmc/host/mtk-sd.c | 5 + drivers/mmc/host/mxs-mmc.c | 10 + drivers/mmc/host/sdhci-omap.c | 18 +- drivers/most/most_usb.c | 5 +- drivers/mtd/mtdcore.c | 4 +- drivers/mtd/nand/raw/ams-delta.c | 12 +- drivers/mtd/nand/raw/au1550nd.c | 12 +- drivers/mtd/nand/raw/gpio.c | 12 +- drivers/mtd/nand/raw/mpc5121_nfc.c | 12 +- drivers/mtd/nand/raw/orion_nand.c | 12 +- drivers/mtd/nand/raw/pasemi_nand.c | 12 +- drivers/mtd/nand/raw/plat_nand.c | 12 +- drivers/mtd/nand/raw/socrates_nand.c | 12 +- drivers/mtd/nand/raw/xway_nand.c | 12 +- drivers/mtd/spi-nor/controllers/hisi-sfc.c | 1 - drivers/net/Kconfig | 2 +- drivers/net/bonding/bond_sysfs_slave.c | 36 +-- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 2 +- drivers/net/dsa/lantiq_gswip.c | 28 ++- drivers/net/dsa/rtl8366rb.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 8 + drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 20 +- drivers/net/ethernet/cavium/thunder/nic_main.c | 2 +- drivers/net/ethernet/cavium/thunder/nicvf_main.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 7 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.h | 2 + .../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.h | 2 +- drivers/net/ethernet/freescale/enetc/enetc_qos.c | 18 +- drivers/net/ethernet/google/gve/gve.h | 4 +- drivers/net/ethernet/google/gve/gve_adminq.h | 1 + drivers/net/ethernet/google/gve/gve_main.c | 48 +++- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 5 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 + drivers/net/ethernet/ibm/ibmvnic.c | 5 +- drivers/net/ethernet/intel/ice/ice_base.c | 2 +- drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 20 +- drivers/net/ethernet/netronome/nfp/bpf/main.c | 16 +- drivers/net/ethernet/netronome/nfp/bpf/main.h | 2 + drivers/net/ethernet/netronome/nfp/bpf/offload.c | 17 +- drivers/net/ethernet/realtek/r8169_main.c | 1 + drivers/net/ethernet/sfc/mcdi_port_common.c | 37 ++- drivers/net/ethernet/sfc/ptp.c | 4 +- drivers/net/ethernet/sfc/siena_sriov.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 2 - drivers/net/ethernet/ti/davinci_emac.c | 16 +- drivers/net/ifb.c | 2 + drivers/net/phy/micrel.c | 9 +- drivers/net/phy/phy.c | 7 +- drivers/net/phy/phylink.c | 2 +- drivers/net/vmxnet3/vmxnet3_drv.c | 1 - drivers/net/vrf.c | 28 ++- drivers/net/wireless/ath/ath10k/mac.c | 37 ++- drivers/net/wireless/ath/ath10k/sdio.c | 5 +- drivers/net/wireless/ath/ath10k/usb.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 4 + drivers/net/wireless/ath/ath10k/wmi.h | 3 + drivers/net/wireless/ath/ath11k/dbring.c | 16 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 13 +- drivers/net/wireless/ath/ath11k/mac.c | 2 +- drivers/net/wireless/ath/ath11k/qmi.c | 4 +- drivers/net/wireless/ath/ath11k/reg.c | 11 +- drivers/net/wireless/ath/ath11k/reg.h | 2 +- drivers/net/wireless/ath/ath11k/wmi.c | 40 ++-- drivers/net/wireless/ath/ath11k/wmi.h | 3 +- drivers/net/wireless/ath/ath6kl/usb.c | 7 +- drivers/net/wireless/ath/ath9k/main.c | 4 +- drivers/net/wireless/ath/dfs_pattern_detector.c | 10 +- drivers/net/wireless/ath/wcn36xx/dxe.c | 49 ++-- drivers/net/wireless/ath/wcn36xx/main.c | 8 +- drivers/net/wireless/ath/wcn36xx/smd.c | 44 +++- drivers/net/wireless/ath/wcn36xx/txrx.c | 64 +++--- drivers/net/wireless/ath/wcn36xx/txrx.h | 3 +- drivers/net/wireless/broadcom/b43/phy_g.c | 2 +- drivers/net/wireless/broadcom/b43legacy/radio.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 10 + drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 3 + drivers/net/wireless/marvell/libertas/if_usb.c | 2 + drivers/net/wireless/marvell/libertas_tf/if_usb.c | 2 + drivers/net/wireless/marvell/mwifiex/11n.c | 5 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +-- drivers/net/wireless/marvell/mwifiex/pcie.c | 36 ++- drivers/net/wireless/marvell/mwifiex/usb.c | 16 ++ drivers/net/wireless/marvell/mwl8k.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 15 +- drivers/net/wireless/mediatek/mt76/mt76x02_mac.c | 13 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 8 +- drivers/net/wireless/microchip/wilc1000/cfg80211.c | 3 +- .../net/wireless/realtek/rtl818x/rtl8187/rtl8225.c | 14 +- drivers/net/wireless/realtek/rtw88/fw.c | 7 +- drivers/net/wireless/realtek/rtw88/reg.h | 1 + drivers/net/wireless/rsi/rsi_91x_core.c | 2 + drivers/net/wireless/rsi/rsi_91x_hal.c | 10 +- drivers/net/wireless/rsi/rsi_91x_mac80211.c | 74 ++---- drivers/net/wireless/rsi/rsi_91x_main.c | 17 +- drivers/net/wireless/rsi/rsi_91x_mgmt.c | 24 +- drivers/net/wireless/rsi/rsi_91x_sdio.c | 5 +- drivers/net/wireless/rsi/rsi_91x_usb.c | 5 +- drivers/net/wireless/rsi/rsi_hal.h | 11 + drivers/net/wireless/rsi/rsi_main.h | 15 +- drivers/net/xen-netfront.c | 8 + drivers/nfc/pn533/pn533.c | 6 +- drivers/nvme/host/multipath.c | 9 +- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/configfs.c | 2 + drivers/nvme/target/rdma.c | 24 ++ drivers/nvme/target/tcp.c | 21 +- drivers/of/unittest.c | 16 +- drivers/opp/of.c | 2 +- drivers/pci/controller/cadence/pcie-cadence-plat.c | 2 + drivers/pci/controller/dwc/pcie-uniphier.c | 26 +-- drivers/pci/controller/pci-aardvark.c | 251 ++++++++++++++++++--- drivers/pci/pci-bridge-emul.c | 13 ++ drivers/pci/quirks.c | 1 + drivers/phy/qualcomm/phy-qcom-qusb2.c | 16 +- drivers/phy/qualcomm/phy-qcom-snps-femto-v2.c | 2 +- drivers/phy/ti/phy-gmii-sel.c | 2 + drivers/pinctrl/core.c | 2 + drivers/pinctrl/pinctrl-equilibrium.c | 7 +- drivers/pinctrl/renesas/core.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 2 +- drivers/platform/x86/wmi.c | 9 +- drivers/power/supply/bq27xxx_battery_i2c.c | 3 +- drivers/power/supply/max17040_battery.c | 2 + drivers/power/supply/max17042_battery.c | 12 +- drivers/power/supply/rt5033_battery.c | 2 +- drivers/regulator/s5m8767.c | 21 +- drivers/remoteproc/remoteproc_core.c | 8 +- drivers/reset/reset-socfpga.c | 26 +++ drivers/reset/tegra/reset-bpmp.c | 9 +- drivers/rtc/rtc-rv3032.c | 4 +- drivers/s390/char/tape_std.c | 3 +- drivers/s390/cio/css.c | 4 +- drivers/s390/cio/device_ops.c | 12 +- drivers/s390/crypto/ap_queue.c | 2 + drivers/scsi/csiostor/csio_lnode.c | 2 +- drivers/scsi/dc395x.c | 1 + drivers/scsi/pm8001/pm8001_hwi.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 24 +- drivers/scsi/qla2xxx/qla_dbg.c | 3 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 - drivers/scsi/qla2xxx/qla_init.c | 54 ++++- drivers/scsi/qla2xxx/qla_mr.c | 23 -- drivers/scsi/qla2xxx/qla_os.c | 47 ++-- drivers/scsi/qla2xxx/qla_target.c | 14 +- drivers/scsi/scsi_lib.c | 2 - drivers/scsi/ufs/ufshcd-pltfrm.c | 6 +- drivers/scsi/ufs/ufshcd.c | 29 +-- drivers/scsi/ufs/ufshcd.h | 3 + drivers/soc/fsl/dpaa2-console.c | 1 + drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/soc/fsl/dpio/qbman-portal.c | 9 +- drivers/soc/qcom/apr.c | 2 + drivers/soc/qcom/rpmhpd.c | 21 +- drivers/soc/tegra/pmc.c | 2 +- drivers/soundwire/debugfs.c | 2 +- drivers/spi/spi-bcm-qspi.c | 5 +- drivers/spi/spi-pl022.c | 5 +- drivers/spi/spi-rpc-if.c | 4 +- drivers/staging/ks7010/Kconfig | 3 + drivers/staging/media/allegro-dvt/allegro-core.c | 9 + drivers/staging/media/atomisp/i2c/atomisp-lm3554.c | 37 +-- drivers/staging/media/imx/imx-media-dev-common.c | 2 + drivers/staging/media/ipu3/ipu3-v4l2.c | 7 +- drivers/staging/media/rkvdec/rkvdec-h264.c | 5 +- drivers/staging/media/rkvdec/rkvdec.c | 40 ++-- drivers/staging/most/dim2/Makefile | 2 +- drivers/staging/most/dim2/dim2.c | 24 +- drivers/staging/most/dim2/sysfs.c | 49 ---- drivers/staging/most/dim2/sysfs.h | 11 - drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/tty/serial/8250/8250_port.c | 21 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/serial_core.c | 16 +- drivers/tty/serial/xilinx_uartps.c | 3 +- drivers/usb/chipidea/core.c | 23 +- drivers/usb/dwc2/drd.c | 24 +- drivers/usb/gadget/legacy/hid.c | 4 +- drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-pci.c | 16 ++ drivers/usb/misc/iowarrior.c | 8 +- drivers/usb/musb/Kconfig | 2 +- drivers/usb/serial/keyspan.c | 15 +- drivers/usb/typec/Kconfig | 4 +- drivers/video/backlight/backlight.c | 6 - drivers/video/fbdev/chipsfb.c | 2 +- drivers/virtio/virtio_ring.c | 14 +- drivers/watchdog/Kconfig | 2 +- drivers/watchdog/f71808e_wdt.c | 4 +- drivers/watchdog/omap_wdt.c | 6 +- drivers/xen/balloon.c | 86 +++++-- drivers/xen/xen-pciback/conf_space_capability.c | 2 +- fs/btrfs/disk-io.c | 3 +- fs/btrfs/reflink.c | 2 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 14 +- fs/crypto/fscrypt_private.h | 5 +- fs/crypto/hkdf.c | 11 +- fs/crypto/keysetup.c | 57 ++++- fs/erofs/decompressor.c | 1 - fs/exfat/inode.c | 2 +- fs/ext4/extents.c | 63 +++--- fs/ext4/super.c | 9 +- fs/f2fs/inode.c | 2 +- fs/f2fs/namei.c | 2 +- fs/fuse/dev.c | 14 +- fs/gfs2/glock.c | 24 +- fs/jfs/jfs_mount.c | 51 ++--- fs/nfs/dir.c | 7 +- fs/nfs/direct.c | 2 +- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 4 +- fs/nfs/nfs4idmap.c | 2 +- fs/nfs/nfs4proc.c | 15 +- fs/nfs/pnfs.h | 2 +- fs/nfs/pnfs_nfs.c | 6 +- fs/nfs/write.c | 26 +-- fs/ocfs2/file.c | 8 +- fs/orangefs/dcache.c | 4 +- fs/overlayfs/file.c | 16 +- fs/proc/stat.c | 4 +- fs/proc/uptime.c | 14 +- fs/quota/quota_tree.c | 15 ++ fs/tracefs/inode.c | 3 +- include/linux/blkdev.h | 2 - include/linux/console.h | 2 + include/linux/ethtool_netlink.h | 3 + include/linux/filter.h | 1 + include/linux/kernel_stat.h | 1 + include/linux/libata.h | 2 +- include/linux/lsm_hook_defs.h | 14 +- include/linux/lsm_hooks.h | 14 +- include/linux/nfs_fs.h | 1 + include/linux/posix-timers.h | 2 + include/linux/rpmsg.h | 2 +- include/linux/sched/task.h | 3 +- include/linux/sched/task_stack.h | 4 + include/linux/security.h | 33 +-- include/linux/seq_file.h | 2 +- include/linux/tpm.h | 1 + include/memory/renesas-rpc-if.h | 1 + include/net/inet_connection_sock.h | 2 +- include/net/llc.h | 4 +- include/net/neighbour.h | 12 +- include/net/sch_generic.h | 4 + include/net/sock.h | 2 +- include/net/strparser.h | 16 +- include/net/tcp.h | 17 +- include/net/udp.h | 5 +- include/uapi/linux/ethtool_netlink.h | 4 +- include/uapi/linux/pci_regs.h | 6 + kernel/bpf/core.c | 4 +- kernel/bpf/verifier.c | 4 +- kernel/cgroup/cgroup.c | 31 ++- kernel/cgroup/rstat.c | 2 - kernel/fork.c | 3 +- kernel/kprobes.c | 3 +- kernel/locking/lockdep.c | 4 +- kernel/power/energy_model.c | 23 +- kernel/power/swap.c | 7 +- kernel/rcu/rcutorture.c | 48 +++- kernel/rcu/tasks.h | 3 +- kernel/rcu/tree_exp.h | 2 +- kernel/rcu/tree_plugin.h | 8 +- kernel/sched/core.c | 43 ++-- kernel/signal.c | 18 +- kernel/time/posix-cpu-timers.c | 19 +- kernel/trace/ring_buffer.c | 5 + kernel/trace/tracing_map.c | 40 ++-- kernel/workqueue.c | 15 +- lib/decompress_unxz.c | 2 +- lib/iov_iter.c | 5 +- lib/xz/xz_dec_lzma2.c | 21 +- lib/xz/xz_dec_stream.c | 6 +- mm/memcontrol.c | 27 +-- mm/oom_kill.c | 23 +- mm/zsmalloc.c | 7 +- net/8021q/vlan.c | 3 - net/8021q/vlan_dev.c | 3 + net/9p/client.c | 2 + net/bluetooth/l2cap_sock.c | 10 +- net/bluetooth/sco.c | 33 +-- net/can/j1939/main.c | 7 + net/can/j1939/transport.c | 6 + net/core/dev.c | 5 +- net/core/filter.c | 21 ++ net/core/neighbour.c | 48 ++-- net/core/net-sysfs.c | 55 +++++ net/core/net_namespace.c | 4 + net/core/stream.c | 3 - net/core/sysctl_net_core.c | 2 +- net/dccp/dccp.h | 2 +- net/dccp/proto.c | 14 +- net/ethtool/pause.c | 3 +- net/ipv4/inet_connection_sock.c | 4 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/proc.c | 2 +- net/ipv4/tcp.c | 40 +++- net/ipv4/tcp_bpf.c | 1 - net/ipv6/addrconf.c | 3 + net/ipv6/udp.c | 2 +- net/netfilter/nf_conntrack_proto_udp.c | 7 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netfilter/nft_dynset.c | 11 +- net/rds/ib.c | 10 - net/rds/ib.h | 6 - net/rds/ib_cm.c | 128 +++++++---- net/rds/ib_recv.c | 18 +- net/rds/ib_send.c | 8 + net/rxrpc/rtt.c | 2 +- net/sched/sch_generic.c | 9 + net/sched/sch_mq.c | 24 ++ net/sched/sch_mqprio.c | 23 ++ net/sched/sch_taprio.c | 27 ++- net/smc/af_smc.c | 20 +- net/smc/smc_llc.c | 2 +- net/strparser/strparser.c | 10 +- net/sunrpc/addr.c | 40 ++-- net/sunrpc/xprt.c | 28 +-- net/vmw_vsock/af_vsock.c | 2 + samples/kprobes/kretprobe_example.c | 2 +- scripts/leaking_addresses.pl | 3 +- security/apparmor/label.c | 4 +- security/integrity/evm/evm_main.c | 2 +- security/security.c | 14 +- security/selinux/hooks.c | 36 ++- security/selinux/ss/services.c | 162 +++++++------ security/smack/smackfs.c | 11 +- sound/core/oss/mixer_oss.c | 43 +++- sound/core/timer.c | 17 +- sound/pci/hda/hda_intel.c | 74 +++--- sound/pci/hda/patch_realtek.c | 82 +++++++ sound/soc/codecs/cs42l42.c | 88 ++++---- sound/soc/soc-core.c | 1 + sound/soc/sof/topology.c | 9 + sound/synth/emux/emux.c | 2 +- sound/usb/6fire/comm.c | 2 +- sound/usb/6fire/firmware.c | 6 +- sound/usb/format.c | 1 + sound/usb/line6/driver.c | 14 +- sound/usb/line6/driver.h | 2 +- sound/usb/line6/podhd.c | 6 +- sound/usb/line6/toneport.c | 2 +- sound/usb/misc/ua101.c | 4 +- sound/usb/quirks.c | 1 + tools/bpf/bpftool/prog.c | 16 +- tools/lib/bpf/bpf_core_read.h | 2 +- tools/lib/bpf/btf.c | 25 +- tools/objtool/check.c | 19 +- tools/perf/util/bpf-event.c | 4 +- .../testing/selftests/bpf/prog_tests/perf_buffer.c | 4 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 85 +++++-- tools/testing/selftests/bpf/progs/strobemeta.h | 11 + tools/testing/selftests/bpf/progs/test_sk_lookup.c | 62 +++-- tools/testing/selftests/bpf/test_progs.c | 4 +- .../testing/selftests/bpf/verifier/array_access.c | 2 +- tools/testing/selftests/core/close_range_test.c | 2 +- tools/testing/selftests/kvm/lib/x86_64/svm.c | 22 +- .../selftests/kvm/x86_64/mmio_warning_test.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 3 + tools/testing/selftests/net/udpgso_bench_rx.c | 11 +- 593 files changed, 4821 insertions(+), 2452 deletions(-)

1 year, 8 months

14
595
0 0

[PATCH v3] i2c: i801: Safely share SMBus with BIOS/ACPI

by Hector Martin

The i801 controller provides a locking mechanism that the OS is supposed to use to safely share the SMBus with ACPI AML or other firmware. Previously, Linux attempted to get out of the way of ACPI AML entirely, but left the bus locked if it used it before the first AML access. This causes AML implementations that *do* attempt to safely share the bus to time out if Linux uses it first; notably, this regressed ACPI video backlight controls on 2015 iMacs after 01590f361e started instantiating SPD EEPROMs on boot. Commit 065b6211a8 fixed the immediate problem of leaving the bus locked, but we can do better. The controller does have a proper locking mechanism, so let's use it as intended. Since we can't rely on the BIOS doing this properly, we implement the following logic: - If ACPI AML uses the bus at all, we make a note and disable power management. The latter matches already existing behavior. - When we want to use the bus, we attempt to lock it first. If the locking attempt times out, *and* ACPI hasn't tried to use the bus at all yet, we cautiously go ahead and assume the BIOS forgot to unlock the bus after boot. This preserves existing behavior. - We always unlock the bus after a transfer. - If ACPI AML tries to use the bus (except trying to lock it) while we're in the middle of a transfer, or after we've determined locking is broken, we know we cannot safely share the bus and give up. Upon first usage of SMBus by ACPI AML, if nothing has gone horribly wrong so far, users will see: i801_smbus 0000:00:1f.4: SMBus controller is shared with ACPI AML. This seems safe so far. If locking the SMBus times out, users will see: i801_smbus 0000:00:1f.4: BIOS left SMBus locked And if ACPI AML tries to use the bus concurrently with Linux, or it previously used the bus and we failed to subsequently lock it as above, the driver will give up and users will get: i801_smbus 0000:00:1f.4: BIOS uses SMBus unsafely i801_smbus 0000:00:1f.4: Driver SMBus register access inhibited This fixes the regression introduced by 01590f361e, and further allows safely sharing the SMBus on 2015 iMacs. Tested by running `i2cdump` in a loop while changing backlight levels via the ACPI video device. Fixes: 01590f361e ("i2c: i801: Instantiate SPD EEPROMs automatically") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hector Martin <marcan(a)marcan.st> --- drivers/i2c/busses/i2c-i801.c | 96 ++++++++++++++++++++++++++++------- 1 file changed, 79 insertions(+), 17 deletions(-) diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c index 04a1e38f2a6f..03be6310d6d7 100644 --- a/drivers/i2c/busses/i2c-i801.c +++ b/drivers/i2c/busses/i2c-i801.c @@ -287,11 +287,18 @@ struct i801_priv { #endif struct platform_device *tco_pdev; + /* BIOS left the controller marked busy. */ + bool inuse_stuck; /* - * If set to true the host controller registers are reserved for - * ACPI AML use. Protected by acpi_lock. + * If set to true, ACPI AML uses the host controller registers. + * Protected by acpi_lock. */ - bool acpi_reserved; + bool acpi_usage; + /* + * If set to true, ACPI AML uses the host controller registers in an + * unsafe way. Protected by acpi_lock. + */ + bool acpi_unsafe; struct mutex acpi_lock; }; @@ -854,10 +861,37 @@ static s32 i801_access(struct i2c_adapter *adap, u16 addr, int hwpec; int block = 0; int ret = 0, xact = 0; + int timeout = 0; struct i801_priv *priv = i2c_get_adapdata(adap); + /* + * The controller provides a bit that implements a mutex mechanism + * between users of the bus. First, try to lock the hardware mutex. + * If this doesn't work, we give up trying to do this, but then + * bail if ACPI uses SMBus at all. + */ + if (!priv->inuse_stuck) { + while (inb_p(SMBHSTSTS(priv)) & SMBHSTSTS_INUSE_STS) { + if (++timeout >= MAX_RETRIES) { + dev_warn(&priv->pci_dev->dev, + "BIOS left SMBus locked\n"); + priv->inuse_stuck = true; + break; + } + usleep_range(250, 500); + } + } + mutex_lock(&priv->acpi_lock); - if (priv->acpi_reserved) { + if (priv->acpi_usage && priv->inuse_stuck && !priv->acpi_unsafe) { + priv->acpi_unsafe = true; + + dev_warn(&priv->pci_dev->dev, "BIOS uses SMBus unsafely\n"); + dev_warn(&priv->pci_dev->dev, + "Driver SMBus register access inhibited\n"); + } + + if (priv->acpi_unsafe) { mutex_unlock(&priv->acpi_lock); return -EBUSY; } @@ -1639,6 +1673,16 @@ static bool i801_acpi_is_smbus_ioport(const struct i801_priv *priv, address <= pci_resource_end(priv->pci_dev, SMBBAR); } +static acpi_status +i801_acpi_do_access(u32 function, acpi_physical_address address, + u32 bits, u64 *value) +{ + if ((function & ACPI_IO_MASK) == ACPI_READ) + return acpi_os_read_port(address, (u32 *)value, bits); + else + return acpi_os_write_port(address, (u32)*value, bits); +} + static acpi_status i801_acpi_io_handler(u32 function, acpi_physical_address address, u32 bits, u64 *value, void *handler_context, void *region_context) @@ -1648,17 +1692,38 @@ i801_acpi_io_handler(u32 function, acpi_physical_address address, u32 bits, acpi_status status; /* - * Once BIOS AML code touches the OpRegion we warn and inhibit any - * further access from the driver itself. This device is now owned - * by the system firmware. + * Non-i801 accesses pass through. */ - mutex_lock(&priv->acpi_lock); + if (!i801_acpi_is_smbus_ioport(priv, address)) + return i801_acpi_do_access(function, address, bits, value); - if (!priv->acpi_reserved && i801_acpi_is_smbus_ioport(priv, address)) { - priv->acpi_reserved = true; + if (!mutex_trylock(&priv->acpi_lock)) { + mutex_lock(&priv->acpi_lock); + /* + * This better be a read of the status register to acquire + * the lock... + */ + if (!priv->acpi_unsafe && + !(address == SMBHSTSTS(priv) && + (function & ACPI_IO_MASK) == ACPI_READ)) { + /* + * Uh-oh, ACPI AML is trying to do something with the + * controller without locking it properly. + */ + priv->acpi_unsafe = true; + + dev_warn(&pdev->dev, "BIOS uses SMBus unsafely\n"); + dev_warn(&pdev->dev, + "Driver SMBus register access inhibited\n"); + } + } - dev_warn(&pdev->dev, "BIOS is accessing SMBus registers\n"); - dev_warn(&pdev->dev, "Driver SMBus register access inhibited\n"); + if (!priv->acpi_usage) { + priv->acpi_usage = true; + + if (!priv->acpi_unsafe) + dev_info(&pdev->dev, + "SMBus controller is shared with ACPI AML. This seems safe so far.\n"); /* * BIOS is accessing the host controller so prevent it from @@ -1667,10 +1732,7 @@ i801_acpi_io_handler(u32 function, acpi_physical_address address, u32 bits, pm_runtime_get_sync(&pdev->dev); } - if ((function & ACPI_IO_MASK) == ACPI_READ) - status = acpi_os_read_port(address, (u32 *)value, bits); - else - status = acpi_os_write_port(address, (u32)*value, bits); + status = i801_acpi_do_access(function, address, bits, value); mutex_unlock(&priv->acpi_lock); @@ -1706,7 +1768,7 @@ static void i801_acpi_remove(struct i801_priv *priv) ACPI_ADR_SPACE_SYSTEM_IO, i801_acpi_io_handler); mutex_lock(&priv->acpi_lock); - if (priv->acpi_reserved) + if (priv->acpi_usage) pm_runtime_put(&priv->pci_dev->dev); mutex_unlock(&priv->acpi_lock); } -- 2.32.0

1 year, 9 months

5
4
0 0

[PATCH 1/2] x86/mpparse: avoid overwriting boot_cpu_physical_apicid

by Kevin Mitchell

When booting with ACPI unavailable or disabled, get_smp_config() ends up calling MP_processor_info() for each CPU found in the MPS table. Previously, this resulted in boot_cpu_physical_apicid getting unconditionally overwritten by the apicid of whatever processor had the CPU_BOOTPROCESSOR flag. This occurred even if boot_cpu_physical_apicid had already been more reliably determined in register_lapic_address() by calling read_apic_id() from the actual boot processor. Ordinariliy, this is not a problem because the boot processor really is the one with the CPU_BOOTPROCESSOR flag. However, kexec is an exception in which the kernel may be booted from any processor regardless of the MPS table contents. In this case, boot_cpu_physical_apicid may not indicate the actual boot processor. This was particularly problematic when the second kernel was booted with NR_CPUS fewer than the number of physical processors. It's the job of generic_processor_info() to decide which CPUs to bring up in this case. That obviously must include the real boot processor which it takes care to save a slot for. It relies upon the contents of boot_cpu_physical_apicid to do this, which if incorrect, may result in the boot processor getting left out. This condition can be discovered by smp_sanity_check() and rectified by adding the boot processor to the phys_cpu_present_map with the warning "weird, boot CPU (#%d) not listed by the BIOS". However, commit 3e730dad3b6da ("x86/apic: Unify interrupt mode setup for SMP-capable system") caused setup_local_APIC() to be called before this could happen resulting in a BUG_ON(!apic->apic_id_registered()): [ 0.655452] ------------[ cut here ]------------ [ 0.660610] Kernel BUG at setup_local_APIC+0x74/0x280 [verbose debug info unavailable] [ 0.669466] invalid opcode: 0000 [#1] SMP [ 0.673948] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.109.Ar-16509018.eostrunkkernel419 #1 [ 0.683670] Hardware name: Quanta Quanta LY6 (1LY6UZZ0FBC), BIOS 1.0.6.0-e7d6a55 11/26/2015 [ 0.693007] RIP: 0010:setup_local_APIC+0x74/0x280 [ 0.698264] Code: 80 e4 fe bf f0 00 00 00 89 c6 48 8b 05 0f 1a 8e 00 ff 50 10 e8 12 53 fd ff 48 8b 05 00 1a 8e 00 ff 90 a0 00 00 00 85 c0 75 02 <0f> 0b 48 8b 05 ed 19 8e 00 41 be 00 02 00 00 ff 90 b0 00 00 00 48 [ 0.719251] RSP: 0000:ffffffff81a03e20 EFLAGS: 00010246 [ 0.725091] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 0.733066] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000020 [ 0.741041] RBP: ffffffff81a03e98 R08: 0000000000000002 R09: 0000000000000000 [ 0.749014] R10: ffffffff81a204e0 R11: ffffffff81b50ea7 R12: 0000000000000000 [ 0.756989] R13: ffffffff81aef920 R14: ffffffff81af60a0 R15: 0000000000000000 [ 0.764965] FS: 0000000000000000(0000) GS:ffff888036800000(0000) knlGS:0000000000000000 [ 0.774007] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.780427] CR2: ffff888035c01000 CR3: 0000000035a08000 CR4: 00000000000006b0 [ 0.788401] Call Trace: [ 0.791137] ? amd_iommu_prepare+0x15/0x2a [ 0.795717] apic_bsp_setup+0x55/0x75 [ 0.799808] apic_intr_mode_init+0x169/0x16e [ 0.804579] x86_late_time_init+0x10/0x17 [ 0.809062] start_kernel+0x37e/0x3fe [ 0.813154] x86_64_start_reservations+0x2a/0x2c [ 0.818316] x86_64_start_kernel+0x72/0x75 [ 0.822886] secondary_startup_64+0xa4/0xb0 [ 0.827564] ---[ end trace 237b64da0fd9b22e ]--- This change avoids these issues by only setting boot_cpu_physical_apicid from the MPS table if it is not already set, which can occur in the construct_default_ISA_mptable() path. Otherwise, boot_cpu_physical_apicid will already have been set in register_lapic_address() and should therefore remain untouched. Looking through all the places where boot_cpu_physical_apicid is accessed, nearly all of them assume that boot_cpu_physical_apicid should match read_apic_id() on the booting processor. The only place that might intend to use the BSP apicid listed in the MPS table is amd_numa_init(), which explicitly requires boot_cpu_physical_apicid to be the lowest apicid of all processors. Ironically, due to the early exit short circuit in early_get_smp_config(), it instead gets boot_cpu_physical_apicid = read_apic_id() rather than the MPS table BSP. The behaviour of amd_numa_init() is therefore unaffected by this change. Fixes: 3e730dad3b6da ("x86/apic: Unify interrupt mode setup for SMP-capable system") Signed-off-by: Kevin Mitchell <kevmitch(a)arista.com> Cc: <stable(a)vger.kernel.org> --- arch/x86/kernel/mpparse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel/mpparse.c index afac7ccce72f..6f22f09bfe11 100644 --- a/arch/x86/kernel/mpparse.c +++ b/arch/x86/kernel/mpparse.c @@ -64,7 +64,8 @@ static void __init MP_processor_info(struct mpc_cpu *m) if (m->cpuflag & CPU_BOOTPROCESSOR) { bootup_cpu = " (Bootup-CPU)"; - boot_cpu_physical_apicid = m->apicid; + if (boot_cpu_physical_apicid == -1U) + boot_cpu_physical_apicid = m->apicid; } pr_info("Processor #%d%s\n", m->apicid, bootup_cpu); -- 2.26.2

1 year, 11 months

1
1
0 0

[PATCH 01/12] kexec: Allow architecture code to opt-out at runtime

by Joerg Roedel

From: Joerg Roedel <jroedel(a)suse.de> Allow a runtime opt-out of kexec support for architecture code in case the kernel is running in an environment where kexec is not properly supported yet. This will be used on x86 when the kernel is running as an SEV-ES guest. SEV-ES guests need special handling for kexec to hand over all CPUs to the new kernel. This requires special hypervisor support and handling code in the guest which is not yet implemented. Cc: stable(a)vger.kernel.org # v5.10+ Signed-off-by: Joerg Roedel <jroedel(a)suse.de> --- include/linux/kexec.h | 1 + kernel/kexec.c | 14 ++++++++++++++ kernel/kexec_file.c | 9 +++++++++ 3 files changed, 24 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 0c994ae37729..85c30dcd0bdc 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -201,6 +201,7 @@ int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len); #endif int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf); +bool arch_kexec_supported(void); extern int kexec_add_buffer(struct kexec_buf *kbuf); int kexec_locate_mem_hole(struct kexec_buf *kbuf); diff --git a/kernel/kexec.c b/kernel/kexec.c index c82c6c06f051..d03134160458 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -195,11 +195,25 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments, * that to happen you need to do that yourself. */ +bool __weak arch_kexec_supported(void) +{ + return true; +} + static inline int kexec_load_check(unsigned long nr_segments, unsigned long flags) { int result; + /* + * The architecture may support kexec in general, but the kernel could + * run in an environment where it is not (yet) possible to execute a new + * kernel. Allow the architecture code to opt-out of kexec support when + * it is running in such an environment. + */ + if (!arch_kexec_supported()) + return -ENOSYS; + /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) return -EPERM; diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 33400ff051a8..96d08a512e9c 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -358,6 +358,15 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, int ret = 0, i; struct kimage **dest_image, *image; + /* + * The architecture may support kexec in general, but the kernel could + * run in an environment where it is not (yet) possible to execute a new + * kernel. Allow the architecture code to opt-out of kexec support when + * it is running in such an environment. + */ + if (!arch_kexec_supported()) + return -ENOSYS; + /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) return -EPERM; -- 2.31.1

2 years

2
1
0 0

[PATCH] mmc: sdhci-xenon: fix 1.8v regulator stabilization

by Marcin Wojtas

From: Alex Leibovich <alexl(a)marvell.com> Automatic Clock Gating is a feature used for the power consumption optimisation. It turned out that during early init phase it may prevent the stable voltage switch to 1.8V - due to that on some platfroms an endless printout in dmesg can be observed: "mmc1: 1.8V regulator output did not became stable" Fix the problem by disabling the ACG at very beginning of the sdhci_init and let that be enabled later. Fixes: 3a3748dba881 ("mmc: sdhci-xenon: Add Marvell Xenon SDHC core functionality") Signed-off-by: Alex Leibovich <alexl(a)marvell.com> Signed-off-by: Marcin Wojtas <mw(a)semihalf.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/host/sdhci-xenon.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-xenon.c b/drivers/mmc/host/sdhci-xenon.c index c67611fdaa8a..4b05f6fdefb4 100644 --- a/drivers/mmc/host/sdhci-xenon.c +++ b/drivers/mmc/host/sdhci-xenon.c @@ -168,7 +168,12 @@ static void xenon_reset_exit(struct sdhci_host *host, /* Disable tuning request and auto-retuning again */ xenon_retune_setup(host); - xenon_set_acg(host, true); + /* + * The ACG should be turned off at the early init time, in order + * to solve a possile issues with the 1.8V regulator stabilization. + * The feature is enabled in later stage. + */ + xenon_set_acg(host, false); xenon_set_sdclk_off_idle(host, sdhc_id, false); -- 2.29.0

2 years, 1 month

4
10
0 0

FAILED: patch "[PATCH] bpf: Fix toctou on read-only map's constant scalar tracking" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 353050be4c19e102178ccc05988101887c25ae53 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann <daniel(a)iogearbox.net> Date: Tue, 9 Nov 2021 18:48:08 +0000 Subject: [PATCH] bpf: Fix toctou on read-only map's constant scalar tracking Commit a23740ec43ba ("bpf: Track contents of read-only maps as scalars") is checking whether maps are read-only both from BPF program side and user space side, and then, given their content is constant, reading out their data via map->ops->map_direct_value_addr() which is then subsequently used as known scalar value for the register, that is, it is marked as __mark_reg_known() with the read value at verification time. Before a23740ec43ba, the register content was marked as an unknown scalar so the verifier could not make any assumptions about the map content. The current implementation however is prone to a TOCTOU race, meaning, the value read as known scalar for the register is not guaranteed to be exactly the same at a later point when the program is executed, and as such, the prior made assumptions of the verifier with regards to the program will be invalid which can cause issues such as OOB access, etc. While the BPF_F_RDONLY_PROG map flag is always fixed and required to be specified at map creation time, the map->frozen property is initially set to false for the map given the map value needs to be populated, e.g. for global data sections. Once complete, the loader "freezes" the map from user space such that no subsequent updates/deletes are possible anymore. For the rest of the lifetime of the map, this freeze one-time trigger cannot be undone anymore after a successful BPF_MAP_FREEZE cmd return. Meaning, any new BPF_* cmd calls which would update/delete map entries will be rejected with -EPERM since map_get_sys_perms() removes the FMODE_CAN_WRITE permission. This also means that pending update/delete map entries must still complete before this guarantee is given. This corner case is not an issue for loaders since they create and prepare such program private map in successive steps. However, a malicious user is able to trigger this TOCTOU race in two different ways: i) via userfaultfd, and ii) via batched updates. For i) userfaultfd is used to expand the competition interval, so that map_update_elem() can modify the contents of the map after map_freeze() and bpf_prog_load() were executed. This works, because userfaultfd halts the parallel thread which triggered a map_update_elem() at the time where we copy key/value from the user buffer and this already passed the FMODE_CAN_WRITE capability test given at that time the map was not "frozen". Then, the main thread performs the map_freeze() and bpf_prog_load(), and once that had completed successfully, the other thread is woken up to complete the pending map_update_elem() which then changes the map content. For ii) the idea of the batched update is similar, meaning, when there are a large number of updates to be processed, it can increase the competition interval between the two. It is therefore possible in practice to modify the contents of the map after executing map_freeze() and bpf_prog_load(). One way to fix both i) and ii) at the same time is to expand the use of the map's map->writecnt. The latter was introduced in fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY") and further refined in 1f6cb19be2e2 ("bpf: Prevent re-mmap()'ing BPF map as writable for initially r/o mapping") with the rationale to make a writable mmap()'ing of a map mutually exclusive with read-only freezing. The counter indicates writable mmap() mappings and then prevents/fails the freeze operation. Its semantics can be expanded beyond just mmap() by generally indicating ongoing write phases. This would essentially span any parallel regular and batched flavor of update/delete operation and then also have map_freeze() fail with -EBUSY. For the check_mem_access() in the verifier we expand upon the bpf_map_is_rdonly() check ensuring that all last pending writes have completed via bpf_map_write_active() test. Once the map->frozen is set and bpf_map_write_active() indicates a map->writecnt of 0 only then we are really guaranteed to use the map's data as known constants. For map->frozen being set and pending writes in process of still being completed we fall back to marking that register as unknown scalar so we don't end up making assumptions about it. With this, both TOCTOU reproducers from i) and ii) are fixed. Note that the map->writecnt has been converted into a atomic64 in the fix in order to avoid a double freeze_mutex mutex_{un,}lock() pair when updating map->writecnt in the various map update/delete BPF_* cmd flavors. Spanning the freeze_mutex over entire map update/delete operations in syscall side would not be possible due to then causing everything to be serialized. Similarly, something like synchronize_rcu() after setting map->frozen to wait for update/deletes to complete is not possible either since it would also have to span the user copy which can sleep. On the libbpf side, this won't break d66562fba1ce ("libbpf: Add BPF object skeleton support") as the anonymous mmap()-ed "map initialization image" is remapped as a BPF map-backed mmap()-ed memory where for .rodata it's non-writable. Fixes: a23740ec43ba ("bpf: Track contents of read-only maps as scalars") Reported-by: w1tcher.bupt(a)gmail.com Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/include/linux/bpf.h b/include/linux/bpf.h index f715e8863f4d..e7a163a3146b 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -193,7 +193,7 @@ struct bpf_map { atomic64_t usercnt; struct work_struct work; struct mutex freeze_mutex; - u64 writecnt; /* writable mmap cnt; protected by freeze_mutex */ + atomic64_t writecnt; }; static inline bool map_value_has_spin_lock(const struct bpf_map *map) @@ -1419,6 +1419,7 @@ void bpf_map_put(struct bpf_map *map); void *bpf_map_area_alloc(u64 size, int numa_node); void *bpf_map_area_mmapable_alloc(u64 size, int numa_node); void bpf_map_area_free(void *base); +bool bpf_map_write_active(const struct bpf_map *map); void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr); int generic_map_lookup_batch(struct bpf_map *map, const union bpf_attr *attr, diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 50f96ea4452a..1033ee8c0caf 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -132,6 +132,21 @@ static struct bpf_map *find_and_alloc_map(union bpf_attr *attr) return map; } +static void bpf_map_write_active_inc(struct bpf_map *map) +{ + atomic64_inc(&map->writecnt); +} + +static void bpf_map_write_active_dec(struct bpf_map *map) +{ + atomic64_dec(&map->writecnt); +} + +bool bpf_map_write_active(const struct bpf_map *map) +{ + return atomic64_read(&map->writecnt) != 0; +} + static u32 bpf_map_value_size(const struct bpf_map *map) { if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH || @@ -601,11 +616,8 @@ static void bpf_map_mmap_open(struct vm_area_struct *vma) { struct bpf_map *map = vma->vm_file->private_data; - if (vma->vm_flags & VM_MAYWRITE) { - mutex_lock(&map->freeze_mutex); - map->writecnt++; - mutex_unlock(&map->freeze_mutex); - } + if (vma->vm_flags & VM_MAYWRITE) + bpf_map_write_active_inc(map); } /* called for all unmapped memory region (including initial) */ @@ -613,11 +625,8 @@ static void bpf_map_mmap_close(struct vm_area_struct *vma) { struct bpf_map *map = vma->vm_file->private_data; - if (vma->vm_flags & VM_MAYWRITE) { - mutex_lock(&map->freeze_mutex); - map->writecnt--; - mutex_unlock(&map->freeze_mutex); - } + if (vma->vm_flags & VM_MAYWRITE) + bpf_map_write_active_dec(map); } static const struct vm_operations_struct bpf_map_default_vmops = { @@ -668,7 +677,7 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) goto out; if (vma->vm_flags & VM_MAYWRITE) - map->writecnt++; + bpf_map_write_active_inc(map); out: mutex_unlock(&map->freeze_mutex); return err; @@ -1139,6 +1148,7 @@ static int map_update_elem(union bpf_attr *attr, bpfptr_t uattr) map = __bpf_map_get(f); if (IS_ERR(map)) return PTR_ERR(map); + bpf_map_write_active_inc(map); if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { err = -EPERM; goto err_put; @@ -1174,6 +1184,7 @@ static int map_update_elem(union bpf_attr *attr, bpfptr_t uattr) free_key: kvfree(key); err_put: + bpf_map_write_active_dec(map); fdput(f); return err; } @@ -1196,6 +1207,7 @@ static int map_delete_elem(union bpf_attr *attr) map = __bpf_map_get(f); if (IS_ERR(map)) return PTR_ERR(map); + bpf_map_write_active_inc(map); if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { err = -EPERM; goto err_put; @@ -1226,6 +1238,7 @@ static int map_delete_elem(union bpf_attr *attr) out: kvfree(key); err_put: + bpf_map_write_active_dec(map); fdput(f); return err; } @@ -1533,6 +1546,7 @@ static int map_lookup_and_delete_elem(union bpf_attr *attr) map = __bpf_map_get(f); if (IS_ERR(map)) return PTR_ERR(map); + bpf_map_write_active_inc(map); if (!(map_get_sys_perms(map, f) & FMODE_CAN_READ) || !(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { err = -EPERM; @@ -1597,6 +1611,7 @@ static int map_lookup_and_delete_elem(union bpf_attr *attr) free_key: kvfree(key); err_put: + bpf_map_write_active_dec(map); fdput(f); return err; } @@ -1624,8 +1639,7 @@ static int map_freeze(const union bpf_attr *attr) } mutex_lock(&map->freeze_mutex); - - if (map->writecnt) { + if (bpf_map_write_active(map)) { err = -EBUSY; goto err_put; } @@ -4171,6 +4185,9 @@ static int bpf_map_do_batch(const union bpf_attr *attr, union bpf_attr __user *uattr, int cmd) { + bool has_read = cmd == BPF_MAP_LOOKUP_BATCH || + cmd == BPF_MAP_LOOKUP_AND_DELETE_BATCH; + bool has_write = cmd != BPF_MAP_LOOKUP_BATCH; struct bpf_map *map; int err, ufd; struct fd f; @@ -4183,16 +4200,13 @@ static int bpf_map_do_batch(const union bpf_attr *attr, map = __bpf_map_get(f); if (IS_ERR(map)) return PTR_ERR(map); - - if ((cmd == BPF_MAP_LOOKUP_BATCH || - cmd == BPF_MAP_LOOKUP_AND_DELETE_BATCH) && - !(map_get_sys_perms(map, f) & FMODE_CAN_READ)) { + if (has_write) + bpf_map_write_active_inc(map); + if (has_read && !(map_get_sys_perms(map, f) & FMODE_CAN_READ)) { err = -EPERM; goto err_put; } - - if (cmd != BPF_MAP_LOOKUP_BATCH && - !(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { + if (has_write && !(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { err = -EPERM; goto err_put; } @@ -4205,8 +4219,9 @@ static int bpf_map_do_batch(const union bpf_attr *attr, BPF_DO_BATCH(map->ops->map_update_batch); else BPF_DO_BATCH(map->ops->map_delete_batch); - err_put: + if (has_write) + bpf_map_write_active_dec(map); fdput(f); return err; } diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 65d2f93b7030..50efda51515b 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4056,7 +4056,22 @@ static void coerce_reg_to_size(struct bpf_reg_state *reg, int size) static bool bpf_map_is_rdonly(const struct bpf_map *map) { - return (map->map_flags & BPF_F_RDONLY_PROG) && map->frozen; + /* A map is considered read-only if the following condition are true: + * + * 1) BPF program side cannot change any of the map content. The + * BPF_F_RDONLY_PROG flag is throughout the lifetime of a map + * and was set at map creation time. + * 2) The map value(s) have been initialized from user space by a + * loader and then "frozen", such that no new map update/delete + * operations from syscall side are possible for the rest of + * the map's lifetime from that point onwards. + * 3) Any parallel/pending map update/delete operations from syscall + * side have been completed. Only after that point, it's safe to + * assume that map value(s) are immutable. + */ + return (map->map_flags & BPF_F_RDONLY_PROG) && + READ_ONCE(map->frozen) && + !bpf_map_write_active(map); } static int bpf_map_direct_read(struct bpf_map *map, int off, int size, u64 *val)

2 years, 1 month

5
10
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2021