October 2022 - Linux-stable-mirror

[v4 PATCH] fs/proc: task_mmu.c: don't read mapcount for migration entry

by Yang Shi

The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> page_mapcount include/linux/mm.h:837 [inline] smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466 smaps_pte_entry fs/proc/task_mmu.c:538 [inline] smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601 walk_pmd_range mm/pagewalk.c:128 [inline] walk_pud_range mm/pagewalk.c:205 [inline] walk_p4d_range mm/pagewalk.c:240 [inline] walk_pgd_range mm/pagewalk.c:277 [inline] __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379 walk_page_vma+0x277/0x350 mm/pagewalk.c:530 smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768 smap_gather_stats fs/proc/task_mmu.c:741 [inline] show_smap+0xc6/0x440 fs/proc/task_mmu.c:822 seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272 seq_read+0x3e0/0x5b0 fs/seq_file.c:162 vfs_read+0x1b5/0x600 fs/read_write.c:479 ksys_read+0x12d/0x250 fs/read_write.c:619 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7faa2af6c969 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007faa2aefd288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007faa2aff4418 RCX: 00007faa2af6c969 RDX: 0000000000002025 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00007faa2aff4410 R08: 00007faa2aefd700 R09: 0000000000000000 R10: 00007faa2aefd700 R11: 0000000000000246 R12: 00007faa2afc20ac R13: 00007fff7e6632bf R14: 00007faa2aefd400 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 24ec93ff95e4ac3d ]--- RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 The reproducer was trying to reading /proc/$PID/smaps when calling MADV_FREE at the mean time. MADV_FREE may split THPs if it is called for partial THP. It may trigger the below race: CPU A CPU B ----- ----- smaps walk: MADV_FREE: page_mapcount() PageCompound() split_huge_page() page = compound_head(page) PageDoubleMap(page) When calling PageDoubleMap() this page is not a tail page of THP anymore so the BUG is triggered. This could be fixed by elevated refcount of the page before calling mapcount, but it prevents from counting migration entries, and it seems overkilling because the race just could happen when PMD is split so all PTE entries of tail pages are actually migration entries, and smaps_account() does treat migration entries as mapcount == 1 as Kirill pointed out. Add a new parameter for smaps_account() to tell this entry is migration entry then skip calling page_mapcount(). Don't skip getting mapcount for device private entries since they do track references with mapcount. Pagemap also has the similar issue although it was not reported. Fixed it as well. Fixes: e9b61f19858a ("thp: reintroduce split_huge_page()") Reported-by: syzbot+1f52b3a18d5633fa7f82(a)syzkaller.appspotmail.com Acked-by: David Hildenbrand <david(a)redhat.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Jann Horn <jannh(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Yang Shi <shy828301(a)gmail.com> --- v4: * s/Treated/Treat per David * Collected acked-by tag from David v3: * Fixed the fix tag, the one used by v2 was not accurate * Added comment about the risk calling page_mapcount() per David * Fix pagemap v2: * Added proper fix tag per Jann Horn * Rebased to the latest linus's tree fs/proc/task_mmu.c | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 18f8c3acbb85..bc2f46033231 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -440,7 +440,8 @@ static void smaps_page_accumulate(struct mem_size_stats *mss, } static void smaps_account(struct mem_size_stats *mss, struct page *page, - bool compound, bool young, bool dirty, bool locked) + bool compound, bool young, bool dirty, bool locked, + bool migration) { int i, nr = compound ? compound_nr(page) : 1; unsigned long size = nr * PAGE_SIZE; @@ -467,8 +468,15 @@ static void smaps_account(struct mem_size_stats *mss, struct page *page, * page_count(page) == 1 guarantees the page is mapped exactly once. * If any subpage of the compound page mapped with PTE it would elevate * page_count(). + * + * The page_mapcount() is called to get a snapshot of the mapcount. + * Without holding the page lock this snapshot can be slightly wrong as + * we cannot always read the mapcount atomically. It is not safe to + * call page_mapcount() even with PTL held if the page is not mapped, + * especially for migration entries. Treat regular migration entries + * as mapcount == 1. */ - if (page_count(page) == 1) { + if ((page_count(page) == 1) || migration) { smaps_page_accumulate(mss, page, size, size << PSS_SHIFT, dirty, locked, true); return; @@ -517,6 +525,7 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pte_present(*pte)) { page = vm_normal_page(vma, addr, *pte); @@ -536,8 +545,11 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, } else { mss->swap_pss += (u64)PAGE_SIZE << PSS_SHIFT; } - } else if (is_pfn_swap_entry(swpent)) + } else if (is_pfn_swap_entry(swpent)) { + if (is_migration_entry(swpent)) + migration = true; page = pfn_swap_entry_to_page(swpent); + } } else { smaps_pte_hole_lookup(addr, walk); return; @@ -546,7 +558,8 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, if (!page) return; - smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), locked); + smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), + locked, migration); } #ifdef CONFIG_TRANSPARENT_HUGEPAGE @@ -557,6 +570,7 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pmd_present(*pmd)) { /* FOLL_DUMP will return -EFAULT on huge zero page */ @@ -564,8 +578,10 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, } else if (unlikely(thp_migration_supported() && is_swap_pmd(*pmd))) { swp_entry_t entry = pmd_to_swp_entry(*pmd); - if (is_migration_entry(entry)) + if (is_migration_entry(entry)) { + migration = true; page = pfn_swap_entry_to_page(entry); + } } if (IS_ERR_OR_NULL(page)) return; @@ -577,7 +593,9 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, /* pass */; else mss->file_thp += HPAGE_PMD_SIZE; - smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), locked); + + smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), + locked, migration); } #else static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, @@ -1378,6 +1396,7 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, { u64 frame = 0, flags = 0; struct page *page = NULL; + bool migration = false; if (pte_present(pte)) { if (pm->show_pfn) @@ -1399,13 +1418,14 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, frame = swp_type(entry) | (swp_offset(entry) << MAX_SWAPFILES_SHIFT); flags |= PM_SWAP; + migration = is_migration_entry(entry); if (is_pfn_swap_entry(entry)) page = pfn_swap_entry_to_page(entry); } if (page && !PageAnon(page)) flags |= PM_FILE; - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; if (vma->vm_flags & VM_SOFTDIRTY) flags |= PM_SOFT_DIRTY; @@ -1421,6 +1441,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, spinlock_t *ptl; pte_t *pte, *orig_pte; int err = 0; + bool migration = false; #ifdef CONFIG_TRANSPARENT_HUGEPAGE ptl = pmd_trans_huge_lock(pmdp, vma); @@ -1461,11 +1482,12 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, if (pmd_swp_uffd_wp(pmd)) flags |= PM_UFFD_WP; VM_BUG_ON(!is_pmd_migration_entry(pmd)); + migration = is_migration_entry(entry); page = pfn_swap_entry_to_page(entry); } #endif - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; for (; addr != end; addr += PAGE_SIZE) { -- 2.26.3

1 year

5
12
0 0

Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()

by Greg Kroah-Hartman

On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote: > On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > wrote: > > > From: Stefan Roese <sr(a)denx.de> > > > > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ] > > > > There's an open regression related to this commit: > > https://bugzilla.kernel.org/show_bug.cgi?id=216373 This is already in the following released stable kernels: 5.10.137 5.15.61 5.18.18 5.19.2 I'll go drop it from the 4.19 and 5.4 queues, but when this gets resolved in Linus's tree, make sure there's a cc: stable on the fix so that we know to backport it to the above branches as well. Or at the least, a "Fixes:" tag. thanks, greg k-h

1 year

5
14
0 0

[PATCH] drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path

by Boris Brezillon

Make sure all bo->base.pages entries are either NULL or pointing to a valid page before calling drm_gem_shmem_put_pages(). Reported-by: Tomeu Vizoso <tomeu.vizoso(a)collabora.com> Cc: <stable(a)vger.kernel.org> Fixes: 187d2929206e ("drm/panfrost: Add support for GPU heap allocations") Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panfrost/panfrost_mmu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c index 569509c2ba27..d76dff201ea6 100644 --- a/drivers/gpu/drm/panfrost/panfrost_mmu.c +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c @@ -460,6 +460,7 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, if (IS_ERR(pages[i])) { mutex_unlock(&bo->base.pages_lock); ret = PTR_ERR(pages[i]); + pages[i] = NULL; goto err_pages; } } -- 2.31.1

1 year

2
2
0 0

tcpci module in Kernel 5.15.74 with PTN5110 not working correctly

by Christian Bach

Hello For a few weeks now I am trying to make the PTN5110 chip work with the new Kernel 5.15.74. The same hardware setup was working with the 4.19.72 Kernel. The steps I took so far are as follows: 1. Study the Documentation and look at example Device Tree's in the Kernel 2. Try out different Device Tree configurations derived from the Documentation and examples 3. I did look on Stackoverflow, the NXP and other forums for any similar issue but could not find any 4. Updating the Kernel to the newest Version I was able to find: 5.15.74 (Hash: f0bee94053065c7cb8eacadfdd6bf739a2042b35 in Repo: git://git.yoctoproject.org/linux-yocto.git;branch=v5.15/standard/base) 5. Downgrade to the earliest Kernel possible: v5.10-rc1 (Hash: 3650b228f83adda7e5ee532e2b90429c03f7b9ec in Repo: git://git.yoctoproject.org/linux-yocto.git;branch=v5.15/standard/base) None of those steps had any effect. Every time I plug in a USB-A to USB-C cable the Kernel gets stuck in the ISR until I unplug the cable. (Attaching a full USB-PD capable Power Source over a USB-C cable works fine) This results in an unreasonable high CPU usage (most of the times the CPU gets blocked completely). I did analyze the I2C bus and found that the old Kernel did change many configurations after the A-C cable got attached while the new Kernel does nothing (please see logs below). I also did compare what happens on the I2C bus during chip initialization but did not find any mentionable differences. My HW setup is an i.mx6ul with the PTN5110 attached on I2C4. ================================================= My device tree looks like this: / { regulators { compatible = "simple-bus"; #address-cells = <1>; #size-cells = <0>; reg_usb_otg1_vbus: regulator@2 { compatible = "regulator-fixed"; reg = <2>; regulator-name = "usb_otg1_vbus"; pinctrl-names = "default"; pinctrl-0 = <&pinctrl_usb_otg1_vbus>; regulator-min-microvolt = <5000000>; regulator-max-microvolt = <5000000>; gpio = <&gpio2 8 GPIO_ACTIVE_HIGH>; enable-active-high; status = "okay"; }; }; }; &usbotg1 { /*pinctrl-names = "default"; pinctrl-0 = <&pinctrl_usbotg1>;*/ dr_mode = "otg"; status = "okay"; disable-over-current; vbus-supply = <&reg_usb_otg1_vbus>; }; &i2c4 { clock-frequency = <100000>; pinctrl-names = "default"; pinctrl-0 = <&pinctrl_i2c4>; status = "okay"; usb_pd: ptn5110@50 { compatible = "nxp,ptn5110"; reg = <0x50>; pinctrl-names = "default"; pinctrl-0 = <&pinctrl_usb_pd>; interrupt-parent = <&gpio2>; interrupts = <11 IRQ_TYPE_LEVEL_LOW>; wakeup-source; usb_con: connector { compatible = "usb-c-connector"; label = "USB-C"; data-role = "dual"; power-role = "dual"; try-power-role = "sink"; source-pdos = <PDO_FIXED(VSAFE5V, 2000, PDO_FIXED_USB_COMM | PDO_FIXED_DUAL_ROLE)>; sink-pdos = <PDO_FIXED(VSAFE5V, 2000, PDO_FIXED_USB_COMM | PDO_FIXED_DUAL_ROLE) //PDO_FIXED(VSAFE5V, 3000, 0) //PDO_FIXED(9000, 3000, 0) PDO_FIXED(12000, 3000, 0) PDO_FIXED(20000, 3000, 0)>; //PDO_FIXED(20000, 5000, 0)>; op-sink-microwatt = <10000000>; }; }; }; &iomuxc { pinctrl_i2c4: i2c4grp { fsl,pins = < MX6UL_PAD_UART2_TX_DATA__I2C4_SCL 0x4001b8b0 MX6UL_PAD_UART2_RX_DATA__I2C4_SDA 0x4001b8b0 >; }; pinctrl_usb_pd: usbpdgrp { fsl,pins = < MX6UL_PAD_ENET2_TX_DATA0__GPIO2_IO11 0x0001b020 /* Alert Interrupt */ MX6UL_PAD_ENET2_TX_CLK__GPIO2_IO14 0x0001b020 /* Fault Interrupt */ >; }; pinctrl_usb_otg1_vbus: usbotg1 { fsl,pins = < MX6UL_PAD_ENET2_RX_DATA0__GPIO2_IO08 0x000000b9 MX6UL_PAD_ENET2_RX_DATA1__USB_OTG1_OC 0x000010b0 >; }; }; ================================================= I2C Log on plug in event of Kernel 5.15.68: Direction | Address | Data ------------------------------- Read | 10 | 02 22 Write | 10 | 02 22 Read | 14 | 04 Read | 10 | 02 02 Write | 10 | 02 02 Read | 1E | 0C Read | 14 | 04 Read | 10 | 03 02 Write | 10 | 03 02 Read | 1E | 0C Read | 1A | 4A Read | 14 | 04 Read | 1D | 11 Read | 1E | 0C Pause for 200ms Read | 1A | 4A Read | 1A | 4A Read | 1D | 11 Write | 1A | 0E Write | 19 | 00 Write | 2E | 02 Write | 23 | 66 Write | 23 | 55 Write | 2F | 21 Pause for 300ms Write | 51 | 02 Write | 52 | 00 00 Write | 50 | 25 Read | 10 | 50 02 Write | 10 | 50 02 Read | 10 | 00 02 Write | 10 | 00 02 Write | 72 | 8C 00 Read | 1C | 60 Read | 10 | 00 02 Write | 10 | 00 02 Write | 2F | 00 Read | 1C | 60 Read | 10 | 00 02 Write | 10 | 00 02 Write | 2E | 02 Read | 10 | 00 02 Write | 10 | 00 02 Read | 10 | 00 02 Write | 10 | 00 02 Read | 10 | 00 02 Write | 10 | 00 02 Read | 10 | 00 02 Write | 10 | 00 02 (It will loop like this until the cable gets detached) I2C Log on plug in event of Kernel 5.15.68: Direction | Address | Data ------------------------------- Read | 10 | 02 22 Write | 10 | 02 22 Read | 14 | 04 Read | 10 | 02 02 Write | 10 | 02 02 Read | 1E | 0C Read | 14 | 04 Read | 10 | 02 02 Write | 10 | 02 02 Read | 1E | 0C Read | 14 | 04 Read | 1E | 0C Pause for 200ms Read | 10 | 01 02 Write | 10 | 01 02 Read | 1D | 11 Pause for 250ms Read | 1A | 4A Write | 1A | 4E Write | 19 | 00 Write | 2E | 02 Write | 23 | 66 Write | 23 | 55 Write | 2F | 21 Pause for 4ms Write | 51 | 02 Write | 52 | 00 00 Write | 50 | 35 Read | 10 | 50 02 Write | 10 | 50 02 Read | 10 | 00 02 Write | 10 | 00 02 Write | 2F | 00 Read | 10 | 00 02 Write | 10 | 00 02 Read | 1C | 60 Read | 10 | 00 02 Write | 10 | 00 02 Write | 23 | 66 Read | 10 | 02 02 Write | 10 | 02 02 Write | 23 | 44 Read | 14 | FF Write | 2E | 02 Read | 1E | 0C Write | 10 | FF FF Write | 14 | 04 Write | 23 | 33 Write | 12 | 7F 00 Write | 2F | 00 Write | 23 | 66 Write | 23 | 44 Read | 1C | 60 Read | 1A | 4E Write | 1A | 4E Write | 19 | 00 Write | 2E | 02 Read | 1E | 0C Read | 1D | 11 Write | 2F | 00 Write | 23 | 66 Write | 23 | 44 Read | 1C | 60 Read | 1A | 4E Write | 1A | 4E Write | 19 | 00 Write | 2E | 02 Write | 1A | 0F Read | 10 | 01 02 Write | 10 | 01 02 Read | 1D | 00 Write | 1A | 4A Write | 23 | 99 Read | 10 | 01 02 Write | 10 | 01 02 Read | 1D | 11 (no more communication after this point) -- Dipl. El-Ing. FH Christian Bach, Projektleiter Direct +41 43 456 16 96 . http://www.scs.ch Supercomputing Systems AG . Technoparkstrasse 1 . CH-8005 Zürich

1 year, 2 months

3
9
0 0

[PATCH v2] KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID

by Paolo Bonzini

Passing the host topology to the guest is almost certainly wrong and will confuse the scheduler. In addition, several fields of these CPUID leaves vary on each processor; it is simply impossible to return the right values from KVM_GET_SUPPORTED_CPUID in such a way that they can be passed to KVM_SET_CPUID2. The values that will most likely prevent confusion are all zeroes. Userspace will have to override it anyway if it wishes to present a specific topology to the guest. Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- Documentation/virt/kvm/api.rst | 14 ++++++++++++++ arch/x86/kvm/cpuid.c | 32 ++++++++++++++++---------------- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index eee9f857a986..20f4f6b302ff 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -8249,6 +8249,20 @@ CPU[EAX=1]:ECX[24] (TSC_DEADLINE) is not reported by ``KVM_GET_SUPPORTED_CPUID`` It can be enabled if ``KVM_CAP_TSC_DEADLINE_TIMER`` is present and the kernel has enabled in-kernel emulation of the local APIC. +CPU topology +~~~~~~~~~~~~ + +Several CPUID values include topology information for the host CPU: +0x0b and 0x1f for Intel systems, 0x8000001e for AMD systems. Different +versions of KVM return different values for this information and userspace +should not rely on it. Currently they return all zeroes. + +If userspace wishes to set up a guest topology, it should be careful that +the values of these three leaves differ for each CPU. In particular, +the APIC ID is found in EDX for all subleaves of 0x0b and 0x1f, and in EAX +for 0x8000001e; the latter also encodes the core id and node id in bits +7:0 of EBX and ECX respectively. + Obsolete ioctls and capabilities ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0810e93cbedc..164bfb7e7a16 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -759,16 +759,22 @@ struct kvm_cpuid_array { int nent; }; +static struct kvm_cpuid_entry2 *get_next_cpuid(struct kvm_cpuid_array *array) +{ + if (array->nent >= array->maxnent) + return NULL; + + return &array->entries[array->nent++]; +} + static struct kvm_cpuid_entry2 *do_host_cpuid(struct kvm_cpuid_array *array, u32 function, u32 index) { - struct kvm_cpuid_entry2 *entry; + struct kvm_cpuid_entry2 *entry = get_next_cpuid(array); - if (array->nent >= array->maxnent) + if (!entry) return NULL; - entry = &array->entries[array->nent++]; - memset(entry, 0, sizeof(*entry)); entry->function = function; entry->index = index; @@ -945,22 +951,13 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function) entry->edx = edx.full; break; } - /* - * Per Intel's SDM, the 0x1f is a superset of 0xb, - * thus they can be handled by common code. - */ case 0x1f: case 0xb: /* - * Populate entries until the level type (ECX[15:8]) of the - * previous entry is zero. Note, CPUID EAX.{0x1f,0xb}.0 is - * the starting entry, filled by the primary do_host_cpuid(). + * No topology; a valid topology is indicated by the presence + * of subleaf 1. */ - for (i = 1; entry->ecx & 0xff00; ++i) { - entry = do_host_cpuid(array, function, i); - if (!entry) - goto out; - } + entry->eax = entry->ebx = entry->ecx = 0; break; case 0xd: { u64 permitted_xcr0 = kvm_caps.supported_xcr0 & xstate_get_guest_group_perm(); @@ -1193,6 +1190,9 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function) entry->ebx = entry->ecx = entry->edx = 0; break; case 0x8000001e: + /* Do not return host topology information. */ + entry->eax = entry->ebx = entry->ecx = 0; + entry->edx = 0; /* reserved */ break; case 0x8000001F: if (!kvm_cpu_cap_has(X86_FEATURE_SEV)) { -- 2.31.1

1 year, 3 months

3
12
0 0

[PATCH 1/5] pwm: jz4740: Fix pin level of disabled TCU2 channels, part 1

by Paul Cercueil

The "duty > cycle" trick to force the pin level of a disabled TCU2 channel would only work when the channel had been enabled previously. Address this issue by enabling the PWM mode in jz4740_pwm_disable (I know, right) so that the "duty > cycle" trick works before disabling the PWM channel right after. This issue went unnoticed, as the PWM pins on the majority of the boards tested would default to the inactive level once the corresponding TCU clock was enabled, so the first call to jz4740_pwm_disable() would not actually change the pin levels. On the GCW Zero however, the PWM pin for the backlight (PWM1, which is a TCU2 channel) goes active as soon as the timer1 clock is enabled. Since the jz4740_pwm_disable() function did not work on channels not previously enabled, the backlight would shine at full brightness from the moment the backlight driver would probe, until the backlight driver tried to *enable* the PWM output. With this fix, the PWM pins will be forced inactive as soon as jz4740_pwm_apply() is called (and might be reconfigured to active if dictated by the pwm_state). This means that there is still a tiny time frame between the .request() and .apply() callbacks where the PWM pin might be active. Sadly, there is no way to fix this issue: it is impossible to write a PWM channel's registers if the corresponding clock is not enabled, and enabling the clock is what causes the PWM pin to go active. There is a workaround, though, which complements this fix: simply starting the backlight driver (or any PWM client driver) with a "init" pinctrl state that sets the pin as an inactive GPIO. Once the driver is probed and the pinctrl state switches to "default", the regular PWM pin configuration can be used as it will be properly driven. Fixes: c2693514a0a1 ("pwm: jz4740: Obtain regmap from parent node") Signed-off-by: Paul Cercueil <paul(a)crapouillou.net> Cc: stable(a)vger.kernel.org --- drivers/pwm/pwm-jz4740.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/pwm/pwm-jz4740.c b/drivers/pwm/pwm-jz4740.c index a5fdf97c0d2e..228eb104bf1e 100644 --- a/drivers/pwm/pwm-jz4740.c +++ b/drivers/pwm/pwm-jz4740.c @@ -102,11 +102,14 @@ static void jz4740_pwm_disable(struct pwm_chip *chip, struct pwm_device *pwm) struct jz4740_pwm_chip *jz = to_jz4740(chip); /* - * Set duty > period. This trick allows the TCU channels in TCU2 mode to - * properly return to their init level. + * Set duty > period, then enable PWM mode and start the counter. + * This trick allows to force the inactive pin level for the TCU2 + * channels. */ regmap_write(jz->map, TCU_REG_TDHRc(pwm->hwpwm), 0xffff); regmap_write(jz->map, TCU_REG_TDFRc(pwm->hwpwm), 0x0); + regmap_set_bits(jz->map, TCU_REG_TCSRc(pwm->hwpwm), TCU_TCSR_PWM_EN); + regmap_write(jz->map, TCU_REG_TESR, BIT(pwm->hwpwm)); /* * Disable PWM output. -- 2.35.1

1 year, 3 months

2
7
0 0

[PATCH 5.15 000/230] 5.15.54-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.54 release. There are 230 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 13 Jul 2022 09:05:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.54-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.54-rc1 Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: fix section name when using xdp_dummy.o Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: force wq context cleanup on device disable path Miaoqian Lin <linmq006(a)gmail.com> dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate Caleb Connolly <caleb.connolly(a)linaro.org> dmaengine: qcom: bam_dma: fix runtime PM underflow Miaoqian Lin <linmq006(a)gmail.com> dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate Michael Walle <michael(a)walle.cc> dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: lgm: Fix an error handling path in intel_ldma_probe() Dmitry Osipenko <dmitry.osipenko(a)collabora.com> dmaengine: pl330: Fix lockdep warning about non-static key Linus Torvalds <torvalds(a)linux-foundation.org> ida: don't use BUG_ON() for debugging Samuel Holland <samuel(a)sholland.org> dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL" Naoya Horiguchi <naoya.horiguchi(a)nec.com> Revert "mm/memory-failure.c: fix race with changing page compound again" Shuah Khan <skhan(a)linuxfoundation.org> misc: rtsx_usb: set return value in rsp_buf alloc err path Shuah Khan <skhan(a)linuxfoundation.org> misc: rtsx_usb: use separate command and response buffers Shuah Khan <skhan(a)linuxfoundation.org> misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer Peter Robinson <pbrobinson(a)gmail.com> dmaengine: imx-sdma: Allow imx8m for imx7 FW revs Satish Nagireddy <satish.nagireddy(a)getcruise.com> i2c: cadence: Unregister the clk notifier in error path Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix accessing unset transport header Vladimir Oltean <vladimir.oltean(a)nxp.com> selftests: forwarding: fix error message in learning_test Vladimir Oltean <vladimir.oltean(a)nxp.com> selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT Vladimir Oltean <vladimir.oltean(a)nxp.com> selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT Rick Lindsley <ricklind(a)us.ibm.com> ibmvnic: Properly dispose of all skbs during a failover. Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 Amelie Delaunay <amelie.delaunay(a)foss.st.com> ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on stm32mp151 Norbert Zulinski <norbertx.zulinski(a)intel.com> i40e: Fix VF's MAC Address change on VM Lukasz Cieplicki <lukaszx.cieplicki(a)intel.com> i40e: Fix dropped jumbo frames statistics Jean Delvare <jdelvare(a)suse.de> i2c: piix4: Fix a memory leak in the EFCH MMIO support Ivan Malov <ivan.malov(a)oktetlabs.ru> xsk: Clear page contiguity bit when unmapping pool Mihai Sain <mihai.sain(a)microchip.com> ARM: at91: fix soc detection for SAM9X60 SiPs Eugen Hristev <eugen.hristev(a)microchip.com> ARM: dts: at91: sama5d2_icp: fix eeprom compatibles Eugen Hristev <eugen.hristev(a)microchip.com> ARM: dts: at91: sam9x60ek: fix eeprom compatible and size Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: at91: pm: use proper compatible for sama5d2's rtc Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo Andrei Lalaev <andrey.lalaev(a)gmail.com> pinctrl: sunxi: sunxi_pconf_set: use correct offset Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-evk: correct I2C3 pad settings Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-evk: correct I2C1 pad settings Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-evk: correct eqos pad settings Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-evk: correct vbus pad settings Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-evk: correct gpio-led pad settings Sherry Sun <sherry.sun(a)nxp.com> arm64: dts: imx8mp-evk: correct the uart2 pinctl value Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp-evk: correct mmc pad settings Fabio Estevam <festevam(a)denx.de> ARM: mxs_defconfig: Enable the framebuffer Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node Konrad Dybcio <konrad.dybcio(a)somainline.org> arm64: dts: qcom: msm8994: Fix CPU6/7 reg values Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: rt711: Add endianness flag in snd_soc_component_driver Samuel Holland <samuel(a)sholland.org> pinctrl: sunxi: a83t: Fix NAND function name for some pins Miaoqian Lin <linmq006(a)gmail.com> ARM: meson: Fix refcount leak in meson_smp_prepare_cpus daniel.starke(a)siemens.com <daniel.starke(a)siemens.com> tty: n_gsm: fix encoding of command/response bit Tom Rix <trix(a)redhat.com> btrfs: fix use of uninitialized variable at rm device ioctl Ye Guojin <ye.guojin(a)zte.com.cn> virtio-blk: modify the value type of num in virtio_queue_rq() Dan Carpenter <dan.carpenter(a)oracle.com> btrfs: fix error pointer dereference in btrfs_ioctl_rm_dev_v2() Hui Wang <hui.wang(a)canonical.com> Revert "serial: sc16is7xx: Clear RS485 bits in the shutdown" Eric Sandeen <sandeen(a)redhat.com> xfs: remove incorrect ASSERT in xfs_rename Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info Christian Marangi <ansuelsmth(a)gmail.com> net: dsa: qca8k: reset cpu port on MTU change Jason A. Donenfeld <Jason(a)zx2c4.com> powerpc/powernv: delay rng platform device creation until later in boot Hsin-Yi Wang <hsinyi(a)chromium.org> video: of_display_timing.h: include errno.h Dan Williams <dan.j.williams(a)intel.com> memregion: Fix memregion_free() fallback definition Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Redefine pm_runtime_release_supplier() Helge Deller <deller(a)gmx.de> fbcon: Prevent that screen size is smaller than font size Helge Deller <deller(a)gmx.de> fbcon: Disallow setting font bigger than screen size Helge Deller <deller(a)gmx.de> fbmem: Check virtual screen sizes in fb_set_var() Guiling Deng <greens9(a)163.com> fbdev: fbmem: Fix logo center image dx issue Yian Chen <yian.chen(a)intel.com> iommu/vt-d: Fix PCI bus rescan device hot add Alexey Dobriyan <adobriyan(a)gmail.com> module: fix [e_shstrndx].sh_size=0 OOB access Shuah Khan <skhan(a)linuxfoundation.org> module: change to print useful messages from elf_validity_check() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible Vladimir Lypak <vladimir.lypak(a)gmail.com> dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC David Howells <dhowells(a)redhat.com> rxrpc: Fix locking issue Mark Rutland <mark.rutland(a)arm.com> irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling Pavel Begunkov <asml.silence(a)gmail.com> io_uring: avoid io-wq -EAGAIN looping for !IOPOLL Sean Wang <sean.wang(a)mediatek.com> Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event Niels Dossche <dossche.niels(a)gmail.com> Bluetooth: protect le accept and resolv lists with hdev->lock Rex-BC Chen <rex-bc.chen(a)mediatek.com> drm/mediatek: Add vblank register/unregister callback functions Chun-Kuang Hu <chunkuang.hu(a)kernel.org> drm/mediatek: Add cmdq_handle in mtk_crtc Chun-Kuang Hu <chunkuang.hu(a)kernel.org> drm/mediatek: Detect CMDQ execution timeout Chun-Kuang Hu <chunkuang.hu(a)kernel.org> drm/mediatek: Remove the pointer of struct cmdq_client Chun-Kuang Hu <chunkuang.hu(a)kernel.org> drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/i915: Fix a race between vma / object destruction and unbinding Richard Gong <richard.gong(a)amd.com> drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Refactor `amdgpu_aspm` to be evaluated per device Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: drop flags check for CHIP_IP_DISCOVERY Lukas Fink <lukas.fink1(a)gmail.com> drm/amdgpu: Fix rejecting Tahiti GPUs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bind to any 0x1002 PCI diplay class device Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix invalid gsmtty_write_room() result AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> serial: 8250_mtk: Make sure to select the right FEATURE_SEL Michael Ellerman <mpe(a)ellerman.id.au> powerpc/vdso: Fix incorrect CFI in gettimeofday.S Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Move cvdso_call macro into gettimeofday.S Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Remove cvdso_call_time macro Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix invalid use of MSC in advanced option Naoya Horiguchi <naoya.horiguchi(a)nec.com> mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb() Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure.c: fix race with changing page compound again luofei <luofei(a)unicloud.com> mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce handler Naoya Horiguchi <naoya.horiguchi(a)nec.com> mm/hwpoison: mf_mutex for soft offline and unpoison Sean Christopherson <seanjc(a)google.com> KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: use dedicated lock for data relocation Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: encapsulate inode locking for zoned relocation Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix missing update of modem controls after DLCI open Maurizio Avogadro <mavoga(a)gmail.com> ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX. Johannes Schickel <lordhoto(a)gmail.com> ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi. Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix frame reception handling Zhenguo Zhao <Zhenguo.Zhao1(a)unisoc.com> tty: n_gsm: Save dlci address open status when config requester Zhenguo Zhao <Zhenguo.Zhao1(a)unisoc.com> tty: n_gsm: Modify CR,PF bit when config requester Oliver Upton <oupton(a)google.com> KVM: Don't create VM debugfs files outside of the VM directory tiancyin <tianci.yin(a)amd.com> drm/amd/vcn: fix an error msg on vcn 3.0 Xiaomeng Tong <xiam0nd.tong(a)gmail.com> ASoC: rt5682: fix an incorrect NULL check on list iterator Jack Yu <jack.yu(a)realtek.com> ASoC: rt5682: move clk related code to rt5682_i2c_probe Tadeusz Struk <tadeusz.struk(a)linaro.org> uapi/linux/stddef.h: Add include guards Kees Cook <keescook(a)chromium.org> stddef: Introduce DECLARE_FLEX_ARRAY() helper Paul Davey <paul.davey(a)alliedtelesis.co.nz> bus: mhi: Fix pm_state conversion to string Kees Cook <keescook(a)chromium.org> bus: mhi: core: Use correctly sized arguments for bit field Hui Wang <hui.wang(a)canonical.com> serial: sc16is7xx: Clear RS485 bits in the shutdown Nicholas Piggin <npiggin(a)gmail.com> powerpc/tm: Fix more userspace r13 corruption Nicholas Piggin <npiggin(a)gmail.com> powerpc: flexible GPR range save/restore macros Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Don't use lmw/stmw for saving/restoring non volatile regs Arun Easi <aeasi(a)marvell.com> scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390x: fix SCK locking Dongliang Mu <mudongliangabcd(a)gmail.com> btrfs: don't access possibly stale fs_info data in device_list_add Paolo Bonzini <pbonzini(a)redhat.com> KVM: use __vcalloc for very large allocations Paolo Bonzini <pbonzini(a)redhat.com> mm: vmalloc: introduce array allocation functions Kees Cook <keescook(a)chromium.org> Compiler Attributes: add __alloc_size() for better bounds checking Tudor Ambarus <tudor.ambarus(a)microchip.com> mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> batman-adv: Use netif_rx(). Haibo Chen <haibo.chen(a)nxp.com> iio: accel: mma8452: use the correct logic to get mma8452_data Palmer Dabbelt <palmer(a)rivosinc.com> riscv/mm: Add XIP_FIXUP for riscv_pfn_base Chuck Lever <chuck.lever(a)oracle.com> NFSD: COMMIT operations must not return NFS?ERR_INVAL Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) CHANDAN VURDIGERE NATARAJ <chandan.vurdigerenataraj(a)amd.com> drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Set min dcfclk if pipe count is 0 Xiaomeng Tong <xiam0nd.tong(a)gmail.com> drbd: fix an invalid memory access caused by incorrect use of list iterator Wu Bo <wubo40(a)huawei.com> drbd: Fix double free problem in drbd_create_device Luis Chamberlain <mcgrof(a)kernel.org> drbd: add error handling support for add_disk() Qu Wenruo <wqu(a)suse.com> btrfs: remove device item and update super block in the same transaction Josef Bacik <josef(a)toxicpanda.com> btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls Josef Bacik <josef(a)toxicpanda.com> btrfs: add a btrfs_get_dev_args_from_path helper Josef Bacik <josef(a)toxicpanda.com> btrfs: handle device lookup with btrfs_dev_lookup_args Eli Cohen <elic(a)nvidia.com> vdpa/mlx5: Avoid processing works if workqueue was destroyed Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix gfs2_file_buffered_write endless loop workaround Arun Easi <aeasi(a)marvell.com> scsi: qla2xxx: Fix crash during module load unload test Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix laggy FC remote port session recovery Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g044: Update multiplier and divider values for PLL2/3 Dan Williams <dan.j.williams(a)intel.com> cxl/port: Hold port reference until decoder release Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7921: do not always disable fw runtime-pm Sean Wang <sean.wang(a)mediatek.com> mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error Johan Hovold <johan(a)kernel.org> media: davinci: vpif: fix use-after-free on driver unbind Kees Cook <keescook(a)chromium.org> media: omap3isp: Use struct_group() for memcpy() region Kees Cook <keescook(a)chromium.org> stddef: Introduce struct_group() helper macro Tejun Heo <tj(a)kernel.org> block: fix rq-qos breakage from skipping rq_qos_done_bio() Jens Axboe <axboe(a)kernel.dk> block: only mark bio as tracked if it really is tracked Pavel Begunkov <asml.silence(a)gmail.com> block: use bdev_get_queue() in bio.c Jens Axboe <axboe(a)kernel.dk> io_uring: ensure that fsnotify is always called Max Gurtovoy <mgurtovoy(a)nvidia.com> virtio-blk: avoid preallocating big SGL for data Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: Allow queueing resets during probe Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: clear fop when retrying probe Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: init init_done_rc earlier Alexander Egorenkov <egorenar(a)linux.ibm.com> s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE Alexander Gordeev <agordeev(a)linux.ibm.com> s390/setup: use physical pointers for memblock_reserve() Alexander Gordeev <agordeev(a)linux.ibm.com> s390/boot: allocate amode31 section in decompressor Florian Westphal <fw(a)strlen.de> netfilter: nft_payload: don't allow th access for fragments Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: support for inner header matching / mangling Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: convert pktinfo->tprot_set to flags field Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: rt5682: Fix deadlock on resume Derek Fang <derek.fang(a)realtek.com> ASoC: rt5682: Re-detect the combo jack after resuming Derek Fang <derek.fang(a)realtek.com> ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend Roi Dayan <roid(a)nvidia.com> net/mlx5e: TC, Reject rules with forward and drop actions Roi Dayan <roid(a)nvidia.com> net/mlx5e: TC, Reject rules with drop and modify hdr action Roi Dayan <roid(a)nvidia.com> net/mlx5e: Split actions_match_supported() into a sub function Roi Dayan <roid(a)nvidia.com> net/mlx5e: Check action fwd/drop flag exists also for nic flows Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: defconfigs: Set CONFIG_FB=y, for FB console Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: defconfig: enable DRM_NOUVEAU Hou Tao <houtao1(a)huawei.com> bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7921: fix a possible race enabling/disabling runtime-pm Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7921: get rid of mt7921_mac_set_beacon_filter Hans de Goede <hdegoede(a)redhat.com> platform/x86: wmi: Fix driver->notify() vs ->probe() race Hans de Goede <hdegoede(a)redhat.com> platform/x86: wmi: Replace read_takes_no_args with a flags field Barnabás Pőcze <pobrn(a)protonmail.com> platform/x86: wmi: introduce helper to convert driver to WMI driver Shai Malin <smalin(a)marvell.com> qed: Improve the stack space of filter_config() Seevalamuthu Mariappan <quic_seevalam(a)quicinc.com> ath11k: add hw_param for wakeup_mhi Andrew Gabbasov <andrew_gabbasov(a)mentor.com> memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash Sean Young <sean(a)mess.org> media: ir_toy: prevent device from hanging during transmit Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset Lukas Wunner <lukas(a)wunner.de> PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Replace the unconditional clflush with drm_clflush_virt_range() Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/i915/gt: Register the migrate contexts with their engines Matthew Brost <matthew.brost(a)intel.com> drm/i915: Disable bonding on gen12+ platforms Filipe Manana <fdmanana(a)suse.com> btrfs: fix deadlock between chunk allocation and chunk btree modifications Michel Dänzer <mdaenzer(a)redhat.com> dma-buf/poll: Get a file reference for outstanding fence callbacks Hans de Goede <hdegoede(a)redhat.com> Input: goodix - try not to touch the reset-pin on x86/ACPI devices Hans de Goede <hdegoede(a)redhat.com> Input: goodix - refactor reset handling Hans de Goede <hdegoede(a)redhat.com> Input: goodix - add a goodix.h header file Hans de Goede <hdegoede(a)redhat.com> Input: goodix - change goodix_i2c_write() len parameter type to int Tang Bin <tangbin(a)cmss.chinamobile.com> Input: cpcap-pwrbutton - handle errors from platform_get_irq() Filipe Manana <fdmanana(a)suse.com> btrfs: fix warning when freeing leaf after subvolume creation failure Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid delayed ref after subvolume creation failure Nikolay Borisov <nborisov(a)suse.com> btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref Nikolay Borisov <nborisov(a)suse.com> btrfs: rename btrfs_alloc_chunk to btrfs_create_chunk Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: stricter validation of element data Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: release elements in clone from abort path Duoming Zhou <duoming(a)zju.edu.cn> net: rose: fix UAF bug caused by rose_t0timer_expiry Oliver Neukum <oneukum(a)suse.com> usbnet: fix memory leak in error case Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix incorrect verifier simulation around jmp32's jeq/jne Thomas Kopp <thomas.kopp(a)microchip.com> can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register Thomas Kopp <thomas.kopp(a)microchip.com> can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_chip_config(): actually enable internal timestamping Rhett Aultman <rhett.aultman(a)samsara.com> can: gs_usb: gs_usb_open/close(): fix memory leak Liang He <windhl(a)126.com> can: grcan: grcan_probe(): remove extra of_node_get() Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: use call_rcu() instead of costly synchronize_rcu() Takashi Iwai <tiwai(a)suse.de> ALSA: cs46xx: Fix missing snd_card_free() call at probe error Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirk for Clevo L140PU Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD Po-Hsu Lin <po-hsu.lin(a)canonical.com> Revert "selftests/bpf: Add test for bpf_timer overwriting crash" Liu Shixin <liushixin2(a)huawei.com> mm/filemap: fix UAF in find_lock_entries Jann Horn <jannh(a)google.com> mm/slub: add missing TID updates on slab deactivation ------------- Diffstat: .../bindings/dma/allwinner,sun50i-a64-dma.yaml | 2 +- .../devicetree/bindings/soc/qcom/qcom,smd-rpm.yaml | 3 + MAINTAINERS | 3 +- Makefile | 19 +- arch/arm/boot/dts/at91-sam9x60ek.dts | 3 +- arch/arm/boot/dts/at91-sama5d2_icp.dts | 6 +- arch/arm/boot/dts/stm32mp151.dtsi | 4 +- arch/arm/configs/mxs_defconfig | 1 + arch/arm/mach-at91/pm.c | 10 +- arch/arm/mach-meson/platsmp.c | 2 + arch/arm64/boot/dts/freescale/imx8mp-evk.dts | 54 ++-- .../dts/freescale/imx8mp-phyboard-pollux-rdk.dts | 48 ++-- .../boot/dts/qcom/msm8992-bullhead-rev-101.dts | 2 +- arch/arm64/boot/dts/qcom/msm8992-xiaomi-libra.dts | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 4 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 +- arch/arm64/net/bpf_jit_comp.c | 5 +- arch/powerpc/boot/crt0.S | 31 +-- arch/powerpc/crypto/md5-asm.S | 10 +- arch/powerpc/crypto/sha1-powerpc-asm.S | 6 +- arch/powerpc/include/asm/ppc_asm.h | 43 +-- arch/powerpc/include/asm/vdso/gettimeofday.h | 69 +---- arch/powerpc/kernel/entry_32.S | 23 +- arch/powerpc/kernel/exceptions-64e.S | 14 +- arch/powerpc/kernel/exceptions-64s.S | 6 +- arch/powerpc/kernel/head_32.h | 3 +- arch/powerpc/kernel/head_booke.h | 3 +- arch/powerpc/kernel/interrupt_64.S | 34 +-- arch/powerpc/kernel/optprobes_head.S | 4 +- arch/powerpc/kernel/tm.S | 38 +-- arch/powerpc/kernel/trace/ftrace_64_mprofile.S | 15 +- arch/powerpc/kernel/vdso32/gettimeofday.S | 51 +++- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 5 +- arch/powerpc/kvm/book3s_hv_uvmem.c | 2 +- arch/powerpc/lib/test_emulate_step_exec_instr.S | 8 +- arch/powerpc/platforms/powernv/rng.c | 16 +- arch/riscv/configs/defconfig | 8 +- arch/riscv/configs/rv32_defconfig | 1 + arch/riscv/mm/init.c | 1 + arch/s390/boot/compressed/decompressor.h | 1 + arch/s390/boot/startup.c | 8 + arch/s390/kernel/entry.h | 1 + arch/s390/kernel/setup.c | 31 +-- arch/s390/kernel/vmlinux.lds.S | 1 + arch/s390/kvm/kvm-s390.c | 19 +- arch/s390/kvm/kvm-s390.h | 4 +- arch/s390/kvm/priv.c | 15 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kvm/mmu/page_track.c | 4 +- arch/x86/kvm/mmu/tdp_mmu.c | 9 +- arch/x86/kvm/x86.c | 4 +- block/bio.c | 11 +- block/blk-iolatency.c | 2 +- block/blk-rq-qos.h | 23 +- drivers/base/core.c | 3 +- drivers/base/memory.c | 2 + drivers/base/power/runtime.c | 20 +- drivers/block/Kconfig | 1 + drivers/block/drbd/drbd_main.c | 8 +- drivers/block/virtio_blk.c | 158 +++++++---- drivers/bluetooth/btmtksdio.c | 3 +- drivers/bus/mhi/core/init.c | 9 +- drivers/bus/mhi/core/internal.h | 2 +- drivers/clk/renesas/r9a07g044-cpg.c | 4 +- drivers/cxl/core/bus.c | 4 + drivers/dma-buf/dma-buf.c | 19 +- drivers/dma/at_xdmac.c | 5 + drivers/dma/idxd/device.c | 5 +- drivers/dma/imx-sdma.c | 2 +- drivers/dma/lgm/lgm-dma.c | 3 +- drivers/dma/pl330.c | 2 +- drivers/dma/qcom/bam_dma.c | 39 +-- drivers/dma/ti/dma-crossbar.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 25 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 + drivers/gpu/drm/amd/amdgpu/cik.c | 2 +- drivers/gpu/drm/amd/amdgpu/nv.c | 2 +- drivers/gpu/drm/amd/amdgpu/si.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 2 +- drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/vi.c | 17 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 2 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.h | 7 + .../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 65 ++++- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 2 +- drivers/gpu/drm/i915/gem/i915_gem_context.c | 7 + drivers/gpu/drm/i915/gem/i915_gem_object.c | 6 + drivers/gpu/drm/i915/gt/intel_context_types.h | 8 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 4 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 23 ++ drivers/gpu/drm/i915/gt/intel_engine_pm.h | 2 + drivers/gpu/drm/i915/gt/intel_engine_types.h | 7 + .../gpu/drm/i915/gt/intel_execlists_submission.c | 2 + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 5 +- drivers/gpu/drm/i915/gt/mock_engine.c | 2 + drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 12 +- drivers/gpu/drm/mediatek/mtk_disp_drv.h | 16 +- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 22 +- drivers/gpu/drm/mediatek/mtk_disp_rdma.c | 20 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 133 +++++++-- drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 4 + drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h | 29 +- drivers/i2c/busses/i2c-cadence.c | 1 + drivers/i2c/busses/i2c-piix4.c | 16 +- drivers/iio/accel/mma8452.c | 4 +- drivers/input/misc/cpcap-pwrbutton.c | 6 +- drivers/input/touchscreen/goodix.c | 150 +++++----- drivers/input/touchscreen/goodix.h | 75 +++++ drivers/iommu/intel/dmar.c | 2 +- drivers/irqchip/irq-gic-v3.c | 3 + drivers/media/platform/davinci/vpif.c | 97 +++++-- drivers/media/platform/omap3isp/ispstat.c | 5 +- drivers/media/rc/ir_toy.c | 2 +- drivers/memory/renesas-rpc-if.c | 48 +++- drivers/misc/cardreader/rtsx_usb.c | 27 +- drivers/mtd/spi-nor/core.c | 3 +- drivers/net/can/grcan.c | 1 - drivers/net/can/m_can/m_can.c | 8 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 22 +- drivers/net/can/usb/gs_usb.c | 23 +- drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 25 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 286 ++++++++++--------- drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 4 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 119 ++++---- drivers/net/dsa/qca8k.c | 23 +- drivers/net/ethernet/ibm/ibmvnic.c | 147 +++++++++- drivers/net/ethernet/ibm/ibmvnic.h | 1 + drivers/net/ethernet/intel/i40e/i40e.h | 16 ++ drivers/net/ethernet/intel/i40e/i40e_main.c | 73 +++++ drivers/net/ethernet/intel/i40e/i40e_register.h | 13 + drivers/net/ethernet/intel/i40e/i40e_type.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 88 +++--- drivers/net/ethernet/qlogic/qed/qed_l2.c | 23 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 47 ++-- drivers/net/ethernet/realtek/r8169_main.c | 10 +- drivers/net/usb/usbnet.c | 17 +- drivers/net/wireless/ath/ath11k/core.c | 5 + drivers/net/wireless/ath/ath11k/hw.h | 1 + drivers/net/wireless/ath/ath11k/pci.c | 12 +- .../net/wireless/mediatek/mt76/mt76_connac_mac.c | 3 - .../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 2 +- .../net/wireless/mediatek/mt76/mt7921/debugfs.c | 31 ++- drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 28 -- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 33 +-- drivers/net/wireless/mediatek/mt76/mt7921/mcu.c | 47 ++-- drivers/net/wireless/mediatek/mt76/mt7921/mt7921.h | 11 +- drivers/pci/hotplug/pciehp.h | 2 + drivers/pci/hotplug/pciehp_core.c | 2 + drivers/pci/hotplug/pciehp_hpc.c | 26 ++ drivers/pci/pcie/portdrv.h | 3 + drivers/pci/pcie/portdrv_core.c | 20 +- drivers/pci/pcie/portdrv_pci.c | 3 + drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c | 10 +- drivers/pinctrl/sunxi/pinctrl-sunxi.c | 2 + drivers/platform/x86/wmi.c | 39 +-- drivers/scsi/qla2xxx/qla_def.h | 5 +- drivers/scsi/qla2xxx/qla_edif.c | 39 +-- drivers/scsi/qla2xxx/qla_edif.h | 1 - drivers/scsi/qla2xxx/qla_init.c | 2 + drivers/scsi/qla2xxx/qla_nvme.c | 27 +- drivers/scsi/qla2xxx/qla_os.c | 102 ++++--- drivers/soc/atmel/soc.c | 12 +- drivers/tty/n_gsm.c | 263 ++++++++++++++--- drivers/vdpa/mlx5/net/mlx5_vnet.c | 7 +- drivers/video/fbdev/core/fbcon.c | 33 +++ drivers/video/fbdev/core/fbmem.c | 16 +- fs/btrfs/block-group.c | 152 ++++++---- fs/btrfs/block-group.h | 2 + fs/btrfs/ctree.c | 17 +- fs/btrfs/ctree.h | 8 +- fs/btrfs/delayed-ref.h | 5 +- fs/btrfs/dev-replace.c | 16 +- fs/btrfs/disk-io.c | 1 + fs/btrfs/extent-tree.c | 28 +- fs/btrfs/extent_io.c | 8 +- fs/btrfs/file.c | 13 +- fs/btrfs/free-space-tree.c | 4 +- fs/btrfs/inode.c | 3 +- fs/btrfs/ioctl.c | 96 ++++--- fs/btrfs/qgroup.c | 3 +- fs/btrfs/relocation.c | 25 +- fs/btrfs/scrub.c | 6 +- fs/btrfs/tree-log.c | 2 +- fs/btrfs/volumes.c | 310 +++++++++++++-------- fs/btrfs/volumes.h | 28 +- fs/btrfs/zoned.c | 2 +- fs/btrfs/zoned.h | 17 ++ fs/gfs2/file.c | 1 + fs/io_uring.c | 10 +- fs/nfsd/nfs3proc.c | 6 - fs/nfsd/vfs.c | 64 +++-- fs/nfsd/vfs.h | 4 +- fs/seq_file.c | 32 +++ fs/xfs/xfs_inode.c | 1 - include/linux/blk_types.h | 3 +- include/linux/compiler-gcc.h | 8 + include/linux/compiler_attributes.h | 10 + include/linux/compiler_types.h | 12 + include/linux/fbcon.h | 4 + include/linux/hugetlb.h | 6 + include/linux/list.h | 10 + include/linux/memregion.h | 2 +- include/linux/mm.h | 8 + include/linux/pm_runtime.h | 5 +- include/linux/qed/qed_eth_if.h | 21 +- include/linux/rtsx_usb.h | 2 - include/linux/seq_file.h | 4 + include/linux/stddef.h | 61 ++++ include/linux/vmalloc.h | 5 + include/net/netfilter/nf_tables.h | 10 +- include/net/netfilter/nf_tables_ipv4.h | 7 +- include/net/netfilter/nf_tables_ipv6.h | 6 +- include/uapi/linux/netfilter/nf_tables.h | 2 + include/uapi/linux/omap3isp.h | 21 +- include/uapi/linux/stddef.h | 41 +++ include/video/of_display_timing.h | 2 + kernel/bpf/verifier.c | 113 ++++---- kernel/module.c | 79 ++++-- lib/idr.c | 3 +- mm/filemap.c | 12 +- mm/hugetlb.c | 10 + mm/hwpoison-inject.c | 3 +- mm/madvise.c | 2 + mm/memory-failure.c | 205 ++++++++------ mm/slub.c | 2 + mm/util.c | 50 ++++ net/batman-adv/bridge_loop_avoidance.c | 2 +- net/bluetooth/hci_event.c | 12 + net/can/bcm.c | 18 +- net/netfilter/nf_tables_api.c | 9 +- net/netfilter/nf_tables_core.c | 2 +- net/netfilter/nf_tables_trace.c | 4 +- net/netfilter/nft_exthdr.c | 2 +- net/netfilter/nft_meta.c | 2 +- net/netfilter/nft_payload.c | 63 ++++- net/netfilter/nft_set_pipapo.c | 48 +++- net/rose/rose_route.c | 4 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_accept.c | 6 +- net/rxrpc/call_object.c | 18 +- net/rxrpc/net_ns.c | 2 +- net/rxrpc/proc.c | 10 +- net/xdp/xsk_buff_pool.c | 1 + scripts/checkpatch.pl | 3 +- scripts/kernel-doc | 9 + sound/pci/cs46xx/cs46xx.c | 22 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/rt5682-i2c.c | 36 ++- sound/soc/codecs/rt5682.c | 125 ++++----- sound/soc/codecs/rt5682.h | 4 +- sound/soc/codecs/rt700.c | 16 +- sound/soc/codecs/rt711-sdca.c | 27 +- sound/soc/codecs/rt711.c | 25 +- sound/usb/mixer_maps.c | 16 ++ sound/usb/quirks.c | 4 + .../testing/selftests/bpf/prog_tests/timer_crash.c | 32 --- tools/testing/selftests/bpf/progs/timer_crash.c | 54 ---- tools/testing/selftests/net/forwarding/lib.sh | 6 +- tools/testing/selftests/net/udpgro.sh | 2 +- tools/testing/selftests/net/udpgro_bench.sh | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 2 +- tools/testing/selftests/net/veth.sh | 6 +- virt/kvm/kvm_main.c | 14 +- 265 files changed, 3774 insertions(+), 2044 deletions(-)

1 year, 3 months

8
243
0 0

[PATCH 5.15 000/530] 5.15.75-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.75 release. There are 530 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.75-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.75-rc1 Rafael Mendonca <rafaelmendsr(a)gmail.com> io-wq: Fix memory leak in worker creation Martin Liska <mliska(a)suse.cz> gcov: support GCC 12.1 and newer compilers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: intel_powerclamp: Use first online CPU as control_cpu Jerry Lee 李修賢 <jerrylee(a)qnap.com> ext4: continue to expand file system when the target size doesn't reach Nathan Chancellor <nathan(a)kernel.org> lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 Masahiro Yamada <masahiroy(a)kernel.org> Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT Masahiro Yamada <masahiroy(a)kernel.org> Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> net/ieee802154: don't warn zero-sized raw_sendmsg() Alexander Aring <aahringo(a)redhat.com> Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses Yu Kuai <yukuai3(a)huawei.com> blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix last interface check for registration Alexander Aring <aahringo(a)redhat.com> net: ieee802154: return -EINVAL for unknown addr type Liu Shixin <liushixin2(a)huawei.com> mm: hugetlb: fix UAF in hugetlb_handle_userfault Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: fix unexpected link breakage Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: fix error'ed retry return values Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: fix short rw error handling Pavel Begunkov <asml.silence(a)gmail.com> io_uring: correct pinned_vm accounting Pavel Begunkov <asml.silence(a)gmail.com> io_uring/af_unix: defer registered files gc to io_uring release Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Ivan T. Ivanov <iivanov(a)suse.de> clk: bcm2835: Round UART input clock up Maxime Ripard <maxime(a)cerno.tech> clk: bcm2835: Make peripheral PLLC critical Dongliang Mu <mudongliangabcd(a)gmail.com> usb: idmouse: fix an uninit-value in idmouse_open Varun Prakash <varun(a)chelsio.com> nvmet-tcp: add bounds check on Transfer Tag Keith Busch <kbusch(a)kernel.org> nvme: copy firmware_rev on each init Jan Kara <jack(a)suse.cz> ext2: Use kvmalloc() for group descriptor array Arun Easi <aeasi(a)marvell.com> scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled Xiaoke Wang <xkernel.wang(a)foxmail.com> staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Xiaoke Wang <xkernel.wang(a)foxmail.com> staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() sunghwan jung <onenowy(a)gmail.com> Revert "usb: storage: Add quirk for Samsung Fit flash" Piyush Mehta <piyush.mehta(a)amd.com> usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes Robin Guo <guoweibin(a)inspur.com> usb: musb: Fix musb_gadget.c rxstate overflow bug Jianglei Nie <niejianglei2021(a)163.com> usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Logan Gunthorpe <logang(a)deltatee.com> md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Dylan Yudaken <dylany(a)fb.com> eventfd: guard wake_up in eventfd fs calls as well Hyunwoo Kim <imv4bel(a)gmail.com> HID: roccat: Fix use-after-free in roccat_read() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel: fix error handling on dai registration issues Richard Fitzgerald <rf(a)opensource.cirrus.com> soundwire: cadence: Don't overwrite msg->buf during write commands Coly Li <colyli(a)suse.de> bcache: fix set_at_max_writeback_rate() for multiple attached devices Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Sanity check the DT child nodes number Yu Kuai <yukuai3(a)huawei.com> blk-throttle: prevent overflow while calculating wait time Nam Cao <namcaov(a)gmail.com> staging: vt6655: fix potential memory leak Wei Yongjun <weiyongjun1(a)huawei.com> power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Yicong Yang <yangyicong(a)hisilicon.com> iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity Shigeru Yoshida <syoshida(a)redhat.com> nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Letu Ren <fantasquex(a)gmail.com> scsi: 3w-9xxx: Avoid disabling device if failing to enable it Vaishnav Achath <vaishnav.a(a)ti.com> dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow Justin Chen <justinpopo6(a)gmail.com> usb: host: xhci-plat: suspend/resume clks for brcm Justin Chen <justinpopo6(a)gmail.com> usb: host: xhci-plat: suspend and resume clocks Quanyang Wang <quanyang.wang(a)windriver.com> clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Hangyu Hua <hbh25y(a)gmail.com> media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc Zheyu Ma <zheyuma97(a)gmail.com> media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Ian Nam <young.kwan.nam(a)xilinx.com> clk: zynqmp: Fix stack-out-of-bounds in strncpy` Alex Sverdlin <alexander.sverdlin(a)nokia.com> ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n Maciej S. Szmigiero <maciej.szmigiero(a)oracle.com> btrfs: don't print information about space cache or tree every remount Qu Wenruo <wqu(a)suse.com> btrfs: scrub: try to fix super block errors Qu Wenruo <wqu(a)suse.com> btrfs: dump extra info if one free space cache has more bitmaps than it should Sebastian Krzyszkowiak <sebastian.krzyszkowiak(a)puri.sm> arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply Mark Brown <broonie(a)kernel.org> kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6sx: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6sll: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6sl: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6qp: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6dl: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6q: add missing properties for sram Haibo Chen <haibo.chen(a)nxp.com> ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Remove interface for periodic interrupt 1 Khaled Almahallawy <khaled.almahallawy(a)intel.com> drm/dp: Don't rewrite link config when setting phy test pattern Richard Acayan <mailingradian(a)gmail.com> mmc: sdhci-msm: add compatible string check for sdm670 Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/meson: explicitly remove aggregate driver at module unload time Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/meson: reorder driver deinit sequence to fix use-after-free bug hongao <hongao(a)uniontech.com> drm/amdgpu: fix initial connector audio value Jairaj Arava <jairaj.arava(a)intel.com> ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Hans de Goede <hdegoede(a)redhat.com> platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Jameson Thies <jthies(a)google.com> platform/chrome: cros_ec: Notify the PM of wake events during resume Maya Matuszczyk <maccraft123mc(a)gmail.com> drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Mateusz Kwiatkowski <kfyatek+publicgit(a)gmail.com> drm/vc4: vec: Fix timings for VEC modes Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Register card at the last interface Lucas Stach <l.stach(a)pengutronix.de> drm: bridge: dw_hdmi: only trigger hotplug event on link change Vivek Kasireddy <vivek.kasireddy(a)intel.com> udmabuf: Set ubuf->sg = NULL if the creation of sg table fails David Gow <davidgow(a)google.com> drm/amd/display: fix overflow on MIN_I64 definition Zeng Jingxiang <linuszeng(a)tencent.com> gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Liviu Dudau <liviu.dudau(a)arm.com> drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook Javier Martinez Canillas <javierm(a)redhat.com> drm: Prevent drm_copy_field() to attempt copying a NULL pointer Javier Martinez Canillas <javierm(a)redhat.com> drm: Use size_t type for len variable in drm_copy_field() Jianglei Nie <niejianglei2021(a)163.com> drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Andrew Gaul <gaul(a)gaul.org> r8152: Rate limit overflow messages Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix user-after-free Liu Jian <liujian56(a)huawei.com> net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Jason A. Donenfeld <Jason(a)zx2c4.com> hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: correctly set BBP register 86 for MT7620 Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: set SoC wmac clock register Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: set VGC gain for both chains of MT7620 Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 Ziyang Xuan <william.xuanziyang(a)huawei.com> can: bcm: check the result of can_send() in bcm_can_tx() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Sean Wang <sean.wang(a)mediatek.com> wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value Patrick Rudolph <patrick.rudolph(a)9elements.com> regulator: core: Prevent integer underflow Kiran K <kiran.k(a)intel.com> Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk Alexander Coffin <alex.coffin(a)matician.com> wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Michal Jaron <michalx.jaron(a)intel.com> iavf: Fix race between iavf_close and iavf_reset_task Khalid Masum <khalid.masum.92(a)gmail.com> xfrm: Update ipcomp_scratches with NULL when freed Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Jane Chu <jane.chu(a)oracle.com> x86/mce: Retrieve poison range from hardware Eric Dumazet <edumazet(a)google.com> tcp: annotate data-race around tcp_md5sig_pool_populated Mike Pattrick <mkp(a)redhat.com> openvswitch: Fix overreporting of drops in dropwatch Mike Pattrick <mkp(a)redhat.com> openvswitch: Fix double reporting of drops in dropwatch Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 Jacob Keller <jacob.e.keller(a)intel.com> ice: set tx_tstamps when creating new Tx rings via ethtool Quentin Monnet <quentin(a)isovalent.com> bpftool: Clear errno after libcap's checks Wright Feng <wright.feng(a)cypress.com> wifi: brcmfmac: fix invalid address access when enabling SCAN log level Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix use-after-free on source server when doing inter-server copy Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Kees Cook <keescook(a)chromium.org> x86/entry: Work around Clang __bdos() bug Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Kees Cook <keescook(a)chromium.org> ARM: decompressor: Include .data.rel.ro.local Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash Chao Qin <chao.qin(a)intel.com> powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Kees Cook <keescook(a)chromium.org> MIPS: BCM47XX: Cast memcmp() of function to (void *) Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode Hans de Goede <hdegoede(a)redhat.com> ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address Arvid Norlander <lkml(a)vorpal.se> ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Zqiang <qiang1.zhang(a)intel.com> rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Michal Hocko <mhocko(a)suse.com> rcu: Back off upon fill_page_cache_func() allocation failure Zqiang <qiang1.zhang(a)intel.com> rcu: Avoid triggering strict-GP irq-work when RCU is idle Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix race in lowcomms Stefan Berger <stefanb(a)linux.ibm.com> selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Chao Yu <chao(a)kernel.org> f2fs: fix to account FS_CP_DATA_IO correctly Zhang Qilong <zhangqilong3(a)huawei.com> f2fs: fix race condition on setting FI_NO_EXTENT flag Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Vincent Knecht <vincent.knecht(a)mailoo.org> thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Dan Carpenter <dan.carpenter(a)oracle.com> crypto: cavium - prevent integer overflow loading firmware Dan Carpenter <dan.carpenter(a)oracle.com> crypto: marvell/octeontx - prevent integer overflows Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> kbuild: rpm-pkg: fix breakage when V=1 is used Masahiro Yamada <masahiroy(a)kernel.org> kbuild: remove the target in signal traps when interrupted Nico Pache <npache(a)redhat.com> tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads Yipeng Zou <zouyipeng(a)huawei.com> tracing: kprobe: Make gen test module work in arm and riscv Yipeng Zou <zouyipeng(a)huawei.com> tracing: kprobe: Fix kprobe event gen test module on exit Robin Murphy <robin.murphy(a)arm.com> iommu/iova: Fix module config properly Enzo Matsumiya <ematsumiya(a)suse.de> cifs: return correct error in ->calc_signature() Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - fix DMA transfer direction Peter Harliman Liem <pliem(a)maxlinear.com> crypto: inside-secure - Change swab to swab32 Koba Ko <koba.ko(a)canonical.com> crypto: ccp - Release dma channels before dmaengine unrgister Ignat Korchagin <ignat(a)cloudflare.com> crypto: akcipher - default implementation for setting a private key Dan Carpenter <dan.carpenter(a)oracle.com> iommu/omap: Fix buffer overflow in debugfs Waiman Long <longman(a)redhat.com> cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - fix missing put dfx access Lucas Segarra Fernandez <lucas.segarra.fernandez(a)intel.com> crypto: qat - fix default value of WDT timer Kshitiz Varshney <kshitiz.varshney(a)nxp.com> hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Michal Koutný <mkoutny(a)suse.com> cgroup: Honor caller's cgroup NS when resolving path James Cowgill <james.cowgill(a)blaize.com> hwrng: arm-smccc-trng - fix NO_ENTROPY handling Ye Weihua <yeweihua4(a)huawei.com> crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Zhengchao Shao <shaozhengchao(a)huawei.com> crypto: sahara - don't sleep when in softirq Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL Li Huafei <lihuafei1(a)huawei.com> powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() Pali Rohár <pali(a)kernel.org> powerpc: Fix SPE Power ISA properties for e500v1 platforms Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition Rohan McLure <rmclure(a)linux.ibm.com> powerpc: Fix fallocate and fadvise64_64 compat parameter combination Zheng Yongjun <zhengyongjun3(a)huawei.com> powerpc/powernv: add missing of_node_put() in opal_export_attrs() Liang He <windhl(a)126.com> powerpc/pci_dn: Add missing of_node_put() Liang He <windhl(a)126.com> powerpc/sysdev/fsl_msi: Add missing of_node_put() Nathan Chancellor <nathan(a)kernel.org> powerpc/math_emu/efp: Include module.h Michael Ellerman <mpe(a)ellerman.id.au> powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig Jack Wang <jinpu.wang(a)ionos.com> mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Conor Dooley <conor.dooley(a)microchip.com> mailbox: mpfs: account for mbox offsets while sending Conor Dooley <conor.dooley(a)microchip.com> mailbox: mpfs: fix handling of the reg property Joel Stanley <joel(a)jms.id.au> clk: ast2600: BCLK comes from EPLL Miaoqian Lin <linmq006(a)gmail.com> clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Lin Yujun <linyujun809(a)huawei.com> clk: imx: scu: fix memleak on platform_device_add() fails Stefan Wahren <stefan.wahren(a)i2se.com> clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: baikal-t1: Add SATA internal ref clock buffer Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: baikal-t1: Fix invalid xGMAC PTP clock divider Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD David Collins <collinsd(a)codeaurora.org> spmi: pmic-arb: correct duplicate APID to PPID mapping logic Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix failed runtime suspend in host only mode Dave Jiang <dave.jiang(a)intel.com> dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mfd: sm501: Add check for platform_driver_register() Dan Carpenter <dan.carpenter(a)oracle.com> mfd: fsl-imx25: Fix check for platform_get_irq() errors Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: lp8788: Fix an error handling path in lp8788_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> fsi: core: Check error number after calling ida_simple_get Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix resize_finish() in rxe_queue.c Adam Skladowski <a_skl39(a)protonmail.com> clk: qcom: gcc-sm6115: Override default Alpha PLL regs Robert Marko <robimarko(a)gmail.com> clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: Run recv path from workqueue Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: Add recv workqueue helpers Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: Rename iscsi_conn_queue_work() Duoming Zhou <duoming(a)zju.edu.cn> scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Pali Rohár <pali(a)kernel.org> serial: 8250: Fix restoring termios speed after suspend Guilherme G. Piccoli <gpiccoli(a)igalia.com> firmware: google: Test spinlock on panic path to avoid lockups Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON Nam Cao <namcaov(a)gmail.com> staging: vt6655: fix some erroneous memory clean-up loops Dongliang Mu <mudongliangabcd(a)gmail.com> phy: qualcomm: call clk_disable_unprepare in the error handling Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Toggle IER bits on only after irq has been set up Dan Carpenter <dan.carpenter(a)oracle.com> drivers: serial: jsm: fix some leaks in probe Albert Briscoe <albertsbriscoe(a)gmail.com> usb: gadget: function: fix dangling pnp_string in f_printer.c Mario Limonciello <mario.limonciello(a)amd.com> xhci: Don't show warning for reinit on known broken suspend Daisuke Matsuda <matsuda-daisuke(a)fujitsu.com> IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Use SLID in the work completion as the DLID in responder side David Sloan <david.sloan(a)eideticom.com> md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() Logan Gunthorpe <logang(a)deltatee.com> md/raid5: Ensure stripe_fill happens on non-read IO with journal Saurabh Sengar <ssengar(a)linux.microsoft.com> md: Replace snprintf with scnprintf Dan Carpenter <dan.carpenter(a)oracle.com> mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_has_dipm() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_has_ncq_autosense() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_has_devslp() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Bernard Metzler <bmt(a)zurich.ibm.com> RDMA/siw: Fix QP destroy to wait for all references dropped. Bernard Metzler <bmt(a)zurich.ibm.com> RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. Bart Van Assche <bvanassche(a)acm.org> RDMA/srp: Fix srp_abort() Sindhu-Devale <sindhu.devale(a)intel.com> RDMA/irdma: Align AE id codes to correct flush code and event Pali Rohár <pali(a)kernel.org> mtd: rawnand: fsl_elbc: Fix none ECC mode Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> mtd: rawnand: intel: Remove undocumented compatible string Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> mtd: rawnand: intel: Read the chip-select line from the correct OF node Chunfeng Yun <chunfeng.yun(a)mediatek.com> phy: phy-mtk-tphy: fix the phy type setting issue Liang He <windhl(a)126.com> phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() William Dean <williamsukatube(a)gmail.com> mtd: devices: docg3: check the return value of devm_ioremap() in the probe Dang Huynh <danct12(a)riseup.net> clk: qcom: sm6115: Select QCOM_GDSC Jim Cromie <jim.cromie(a)gmail.com> dyndbg: drop EXPORTed dynamic_debug_exec_queries Jim Cromie <jim.cromie(a)gmail.com> dyndbg: let query-modname override actual module name Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix module.dyndbg handling Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix static_branch manipulation Jie Hai <haijie1(a)huawei.com> dmaengine: hisilicon: Add multi-thread support for a DMA channel Jie Hai <haijie1(a)huawei.com> dmaengine: hisilicon: Fix CQ head update Jie Hai <haijie1(a)huawei.com> dmaengine: hisilicon: Disable channels when unregister hisi_dma Dan Carpenter <dan.carpenter(a)oracle.com> fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Hangyu Hua <hbh25y(a)gmail.com> misc: ocxl: fix possible refcount leak in afu_ioctl() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the error caused by qp->sk Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix "kernel NULL pointer dereference" error Miaoqian Lin <linmq006(a)gmail.com> media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Yunke Cao <yunkec(a)google.com> media: uvcvideo: Use entity get_cur in uvc_ctrl_set José Expósito <jose.exposito89(a)gmail.com> media: uvcvideo: Fix memory leak in uvc_gpio_parse Xu Qiang <xuqiang36(a)huawei.com> media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> tty: xilinx_uartps: Fix the ignore_status Liang He <windhl(a)126.com> media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Jack Wang <jinpu.wang(a)ionos.com> HSI: omap_ssi_port: Fix dma_map_sg error check Miaoqian Lin <linmq006(a)gmail.com> HSI: omap_ssi: Fix refcount leak in ssi_probe Miaoqian Lin <linmq006(a)gmail.com> clk: tegra20: Fix refcount leak in tegra20_clock_init Miaoqian Lin <linmq006(a)gmail.com> clk: tegra: Fix refcount leak in tegra114_clock_init Miaoqian Lin <linmq006(a)gmail.com> clk: tegra: Fix refcount leak in tegra210_clock_init Liang He <windhl(a)126.com> clk: sprd: Hold reference returned by of_get_parent() Liang He <windhl(a)126.com> clk: berlin: Add of_node_put() for of_get_parent() Liang He <windhl(a)126.com> clk: qoriq: Hold reference returned by of_get_parent() Liang He <windhl(a)126.com> clk: oxnas: Hold reference returned by of_get_parent() Liang He <windhl(a)126.com> clk: meson: Hold reference returned by of_get_parent() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: common: debug: Check non-standard control requests Aharon Landau <aharonl(a)nvidia.com> RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey Jakob Hauser <jahau(a)rocketmail.com> iio: magnetometer: yas530: Change data type of hard_offsets to signed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: ABI: Fix wrong format of differential capacitance channel ABI. Nuno Sá <nuno.sa(a)analog.com> iio: inkern: fix return value in devm_of_iio_channel_get_by_name() Nuno Sá <nuno.sa(a)analog.com> iio: inkern: only release the device node when done with it Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: check return status for pressure and touch Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Mark Rutland <mark.rutland(a)arm.com> arm64: ftrace: fix module PLTs with mcount Josh Triplett <josh(a)joshtriplett.org> ext4: don't run ext4lazyinit for read-only filesystems Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: Drop CMDLINE_* dependency on ATAGS Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Matt Ranostay <mranostay(a)ti.com> arm64: dts: ti: k3-j7200: fix main pinmux range Dmitry Osipenko <digetx(a)gmail.com> soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA Randy Dunlap <rdunlap(a)infradead.org> ia64: export memory_add_physaddr_to_nid to fix cxl build error Michael Walle <michael(a)walle.cc> ARM: dts: kirkwood: lsxl: remove first ethernet port Michael Walle <michael(a)walle.cc> ARM: dts: kirkwood: lsxl: fix serial line Marek Behún <kabel(a)kernel.org> ARM: dts: turris-omnia: Fix mpp26 pin name and comment Lucas Stach <l.stach(a)pengutronix.de> ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus Liang He <windhl(a)126.com> soc: qcom: smem_state: Add refcounting for the 'state->of_node' Liang He <windhl(a)126.com> soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Amir Goldstein <amir73il(a)gmail.com> locks: fix TOCTOU race when granting write lease Liang He <windhl(a)126.com> memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Liang He <windhl(a)126.com> memory: of: Fix refcount leak bug in of_get_ddr_timings() Liang He <windhl(a)126.com> memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Don't skip notification handling during PM operation Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Andreas Pape <apape(a)de.adit-jv.com> ALSA: dmaengine: increment buffer pointer atomically Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: tx-macro: fix kcontrol put Rafael Mendonca <rafaelmendsr(a)gmail.com> drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Liang He <windhl(a)126.com> ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Rafael Mendonca <rafaelmendsr(a)gmail.com> drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() Liang He <windhl(a)126.com> drm/omap: dss: Fix refcount leak bugs Gerd Hoffmann <kraxel(a)redhat.com> drm/bochs: fix blanking Takashi Iwai <tiwai(a)suse.de> ALSA: hda: beep: Simplify keep-power-at-enable behavior Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: rsnd: Add check for rsnd_mod_power_on Zheyu Ma <zheyuma97(a)gmail.com> drm/bridge: megachips: Fix a null pointer dereference bug Yang Yingliang <yangyingliang(a)huawei.com> drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() Prashant Malani <pmalani(a)chromium.org> platform/chrome: cros_ec_typec: Correct alt mode index Hans de Goede <hdegoede(a)redhat.com> platform/x86: msi-laptop: Fix resource cleanup Hans de Goede <hdegoede(a)redhat.com> platform/x86: msi-laptop: Fix old-ec check for backlight registering Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Fix mute/unmute Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Drop conflicting set_bias_level power setting Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Allow mono streams Dan Carpenter <dan.carpenter(a)oracle.com> platform/chrome: fix memory corruption in ioctl Rustam Subkhankulov <subkhankulov(a)ispras.ru> platform/chrome: fix double-free in chromeos_laptop_prepare() Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: mt6359: fix tests for platform_get_irq() failure Liang He <windhl(a)126.com> drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Simon Ser <contact(a)emersion.fr> drm/dp_mst: fix drm_dp_dpcd_read return value checks Chen-Yu Tsai <wenst(a)chromium.org> drm/bridge: parade-ps8640: Fix regulator supply order Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling Maxime Ripard <maxime(a)cerno.tech> drm/mipi-dsi: Detach devices when removing the host Dan Carpenter <dan.carpenter(a)oracle.com> drm/bridge: Avoid uninitialized variable warning Alvin Šipraga <alsi(a)bang-olufsen.dk> drm: bridge: adv7511: unregister cec i2c device after cec adapter Alvin Šipraga <alsi(a)bang-olufsen.dk> drm: bridge: adv7511: fix CEC power down control register offset Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: mvpp2: fix mvpp2 debugfs leak Eric Dumazet <edumazet(a)google.com> once: add DO_ONCE_SLOW() for sleepable contexts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> net/ieee802154: reject zero-sized raw_sendmsg() Maxim Mikityanskiy <maxtram95(a)gmail.com> net: wwan: iosm: Call mutex_init before locking it Jianglei Nie <niejianglei2021(a)163.com> bnx2x: fix potential memory leak in bnx2x_tpa_stop() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() Oleksandr Shamray <oleksandrs(a)nvidia.com> hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller Marek Szyprowski <m.szyprowski(a)samsung.com> spi: Ensure that sg_table won't be used after being freed Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Xin Long <lucien.xin(a)gmail.com> sctp: handle the error returned from sctp_auth_asoc_init_active_key Duoming Zhou <duoming(a)zju.edu.cn> mISDN: fix use-after-free bugs in l1oip timer handlers Jakub Kicinski <kuba(a)kernel.org> eth: alx: take rtnl_lock on resume Junichi Uekawa <uekawa(a)chromium.org> vhost/vsock: Use kvmalloc/kvfree for larger packets. Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Vincent Whitchurch <vincent.whitchurch(a)axis.com> spi: s3c64xx: Fix large transfers with DMA Phil Sutter <phil(a)nwl.cc> netfilter: nft_fib: Fix for rpath check with VRF devices Liu Jian <liujian56(a)huawei.com> xfrm: Reinject transport-mode packets through workqueue Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling link timeouts propertly Asmaa Mnebhi <asmaa(a)nvidia.com> i2c: mlxbf: support lock mechanism Liu Jian <liujian56(a)huawei.com> skmsg: Schedule psock work if the cached skb exists on the psock Zhang Qilong <zhangqilong3(a)huawei.com> spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Zhang Qilong <zhangqilong3(a)huawei.com> spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Luciano Leão <lucianorsleao(a)gmail.com> x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype Kees Cook <keescook(a)chromium.org> x86/microcode/AMD: Track patch allocation size explicitly Jesus Fernandez Manzano <jesus.manzano(a)galgus.net> wifi: ath11k: fix number of VHT beamformee spatial streams Antoine Tenart <atenart(a)kernel.org> netfilter: conntrack: revisit the gc initial rescheduling bias Antoine Tenart <atenart(a)kernel.org> netfilter: conntrack: fix the gc rescheduling delay Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Lee Jones <lee(a)kernel.org> bpf: Ensure correct locking around vulnerable function find_vpid() Zheng Yongjun <zhengyongjun3(a)huawei.com> net: fs_enet: Fix wrong check in do_pd_setup Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7915: do not check state before configuring implicit beamform Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload YN Chen <yn.chen(a)mediatek.com> wifi: mt76: sdio: fix transmitting packet hangs Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Lorenz Bauer <oss(a)lmb.io> bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Neil Armstrong <narmstrong(a)baylibre.com> spi: meson-spicc: do not rely on busy flag in pow2 clk ops Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix skb misuse in TX queue selection Xu Qiang <xuqiang36(a)huawei.com> spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Xu Qiang <xuqiang36(a)huawei.com> spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Ian Rogers <irogers(a)google.com> selftests/xsk: Avoid use-after-free on ctx Yang Yingliang <yangyingliang(a)huawei.com> wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() Dan Carpenter <dan.carpenter(a)oracle.com> wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Sean Wang <sean.wang(a)mediatek.com> Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Hou Tao <houtao1(a)huawei.com> bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy Hou Tao <houtao1(a)huawei.com> bpf: Propagate error from htab_lock_bucket() to userspace Hou Tao <houtao1(a)huawei.com> bpf: Disable preemption when increasing per-cpu map_locked Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: Fix backpressure mechanism on Tx Kohei Tarumizu <tarumizu.kohei(a)fujitsu.com> x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: mt7621: Fix an error message in mt7621_spi_probe() Lam Thai <lamthai(a)arista.com> bpftool: Fix a wrong type cast in btf_dumper_int Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: allow bw change during channel switch in mesh Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Fix reference state management for synchronous callbacks Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> leds: lm3601x: Don't use mutex after it was destroyed Wen Gong <quic_wgong(a)quicinc.com> wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtlwifi: 8192de: correct checking of IQK reload Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix handling of oversized NFSv4 COMPOUND requests Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv2 READDIR Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_encode's buflen calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Fix a memory leak in an error handling path Sami Tolvanen <samitolvanen(a)google.com> objtool: Preserve special st_shndx indexes in elf_update_symbol Wang Kefeng <wangkefeng.wang(a)huawei.com> ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Wang Kefeng <wangkefeng.wang(a)huawei.com> ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Lin Yujun <linyujun809(a)huawei.com> MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> MIPS: SGI-IP27: Free some unused memory Kees Cook <keescook(a)chromium.org> sh: machvec: Use char[] for section boundaries Xuewen Yan <xuewen.yan(a)unisoc.com> thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() Christian Brauner <brauner(a)kernel.org> ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers Ondrej Mosnacek <omosnace(a)redhat.com> userfaultfd: open userfaultfds with O_RDONLY Mimi Zohar <zohar(a)linux.ibm.com> ima: fix blocking of security.ima xattrs of unsupported algorithms Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> selinux: use "grep -E" instead of "egrep" Steve French <stfrench(a)microsoft.com> smb3: must initialize two ACL struct fields to zero Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amd/display: Fix vblank refcount in vrr transition Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix watermark calculations for gen12+ MC CCS modifier Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Jianglei Nie <niejianglei2021(a)163.com> drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Lyude Paul <lyude(a)redhat.com> drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> staging: greybus: audio_helper: remove unused and wrong debugfs usage Sean Christopherson <seanjc(a)google.com> KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02 Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Michal Luczaj <mhal(a)rbox.co> KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Yu Kuai <yukuai3(a)huawei.com> blk-wbt: call rq_qos_add() after wb_normal is initialized Dmitry Osipenko <dmitry.osipenko(a)collabora.com> media: cedrus: Fix endless loop in cedrus_h265_skip_bits() Dmitry Osipenko <dmitry.osipenko(a)collabora.com> media: cedrus: Set the platform driver data earlier Ard Biesheuvel <ardb(a)kernel.org> efi: libstub: drop pointless get_memory_map() call Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Explicitly enable lane adapter hotplug events at startup Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix reading strings from synthetic events Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add "(fault)" name injection to kernel probes Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Move duplicate code of trace_kprobe/eprobe.c into header Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add ioctl() to force ring buffer waiters to wake up Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Wake up waiters when tracing is disabled Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Wake up ring buffer waiters on closing of the file Waiman Long <longman(a)redhat.com> tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix race between reset page and reading page Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Add ring_buffer_wake_waiters() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Check pending waiters when doing wake ups as well Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have the shortest_full queue be the shortest not longest Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Allow splice to read previous partially read pages Zheng Yejian <zhengyejian1(a)huawei.com> ftrace: Properly unset FTRACE_HASH_FL_MOD Rik van Riel <riel(a)surriel.com> livepatch: fix race between fork and KLP transition Ye Bin <yebin10(a)huawei.com> ext4: update 'state->fc_regions_size' after successful memory allocation Ye Bin <yebin10(a)huawei.com> ext4: fix potential memory leak in ext4_fc_record_regions() Ye Bin <yebin10(a)huawei.com> ext4: fix potential memory leak in ext4_fc_record_modified_inode() Ye Bin <yebin10(a)huawei.com> ext4: fix miss release buffer head in ext4_fc_write_inode Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: fix dir corruption when ext4_dx_add_entry() fails Jinke Han <hanjinke.666(a)bytedance.com> ext4: place buffer head allocation before handle start Zhang Yi <yi.zhang(a)huawei.com> ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate Lukas Czerner <lczerner(a)redhat.com> ext4: don't increase iversion counter for ea_inodes Jan Kara <jack(a)suse.cz> ext4: fix check for block being out of directory size Lalith Rajendran <lalithkraj(a)google.com> ext4: make ext4_lazyinit_thread freezable Baokun Li <libaokun1(a)huawei.com> ext4: fix null-ptr-deref in ext4_write_info Jan Kara <jack(a)suse.cz> ext4: avoid crash when inline data creation follows DIO write Ye Bin <yebin10(a)huawei.com> jbd2: add miss release buffer head in fc_do_one_pass() Ye Bin <yebin10(a)huawei.com> jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Ye Bin <yebin10(a)huawei.com> jbd2: fix potential buffer head reference count leak Andrew Perepechko <anserper(a)ya.ru> jbd2: wake up journal waiters in FIFO order, not LIFO Kees Cook <keescook(a)chromium.org> hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero Kees Cook <keescook(a)chromium.org> hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on summary info Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on destination blkaddr during recovery Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: increase the limit for reserve_root Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: flush pending checkpoints when freezing super Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: complete checkpoints during remount Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between quota enable and quota rescan ioctl Lukas Czerner <lczerner(a)redhat.com> fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE Mickaël Salaün <mic(a)digikod.net> ksmbd: Fix user namespace mapping Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> ksmbd: Fix wrong return value and message length check in smb2_ioctl() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix endless loop when encryption for response fails Hyunwoo Kim <imv4bel(a)gmail.com> fbdev: smscufx: Fix use-after-free in ufx_ops_open() Quentin Schulz <quentin.schulz(a)theobroma-systems.com> pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback Quentin Schulz <quentin.schulz(a)theobroma-systems.com> gpio: rockchip: request GPIO mux to pinctrl when setting direction Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Populate sysfs attributes for vport Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> slimbus: qcom-ngd: cleanup in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure Pali Rohár <pali(a)kernel.org> powerpc/boot: Explicitly disable usage of SPE instructions Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv3 READ Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv2 READ Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv3 READDIR Maciej W. Rozycki <macro(a)orcam.me.uk> serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices Maciej W. Rozycki <macro(a)orcam.me.uk> serial: 8250: Let drivers request full 16550A feature probing Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge M. Vefa Bicakci <m.v.b(a)runbox.com> xen/gntdev: Accommodate VMA splitting M. Vefa Bicakci <m.v.b(a)runbox.com> xen/gntdev: Prevent leaking grants Carlos Llamas <cmllamas(a)google.com> mm/mmap: undo ->mmap() when arch_validate_flags() fails Baolin Wang <baolin.wang(a)linux.alibaba.com> mm/damon: validate if the pmd entry is present before accessing James Morse <james.morse(a)arm.com> arm64: errata: Add Cortex-A55 to the repeat tlbi list Takashi Iwai <tiwai(a)suse.de> drm/udl: Restore display mode on resume Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Check whether transferred 2D BO is shmem Dario Binacchi <dario.binacchi(a)amarulasolutions.com> dmaengine: mxs: use platform_driver_register Hamza Mahfooz <hamza.mahfooz(a)amd.com> Revert "drm/amdgpu: use dirty framebuffer helper" Rishabh Bhatnagar <risbhat(a)amazon.com> nvme-pci: set min_align_mask before calculating max_hw_sectors Sagi Grimberg <sagi(a)grimberg.me> nvme-multipath: fix possible hang in live ns resize with ANA access Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmem: core: Fix memleak in nvmem_register() Huacai Chen <chenhuacai(a)kernel.org> UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Fangrui Song <maskray(a)google.com> riscv: Pass -mno-relax only on lld < 15.0.0 Wenting Zhang <zephray(a)outlook.com> riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb Andrew Bresticker <abrestic(a)rivosinc.com> riscv: Make VM_WRITE imply VM_READ Andrew Bresticker <abrestic(a)rivosinc.com> riscv: Allow PROT_WRITE-only mmap() Helge Deller <deller(a)gmx.de> parisc: fbdev/stifb: Align graphics memory size to 4MB Maciej W. Rozycki <macro(a)orcam.me.uk> RISC-V: Make port I/O string accessors actually work Conor Dooley <conor.dooley(a)microchip.com> riscv: topology: fix default topology reporting Conor Dooley <conor.dooley(a)microchip.com> arm64: topology: move store_cpu_topology() to shared code Linus Walleij <linus.walleij(a)linaro.org> regulator: qcom_rpm: Fix circular deferral regression Mika Westerberg <mika.westerberg(a)linux.intel.com> net: thunderbolt: Enable DMA paths only after rings are enabled Liang He <windhl(a)126.com> hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: wcd934x: fix order of Slimbus unprepare/disable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: wcd9335: fix order of Slimbus unprepare/disable Patryk Duda <pdk(a)semihalf.com> platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Zhihao Cheng <chengzhihao1(a)huawei.com> quota: Check next/prev free block number after reading from quota file Andri Yngvason <andri(a)yngvason.is> HID: multitouch: Add memory barriers Alexander Aring <aahringo(a)redhat.com> fs: dlm: handle -EBUSY first in lock arg validation Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix race between test_bit() and queue_work() Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix handling of real but unexpected device interrupts Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix minimum clock limit Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb_leaf: Fix CAN state after restart Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb_leaf: Fix TX queue out of sync after restart Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb_leaf: Fix overread with an invalid command Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb: Fix use of uninitialized completion Jean-Francois Le Fillatre <jflf_kernel(a)gmx.com> usb: add quirks for Lenovo OneLink+ Dock Rafael Mendonca <rafaelmendsr(a)gmail.com> xhci: dbc: Fix memory leak in xhci_alloc_dbc() Eddie James <eajames(a)linux.ibm.com> iio: pressure: dps310: Reset chip after timeout Eddie James <eajames(a)linux.ibm.com> iio: pressure: dps310: Refactor startup procedure Nuno Sá <nuno.sa(a)analog.com> iio: adc: ad7923: fix channel readings for some variants Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iio: ltc2497: Fix reading conversion results Michael Hennerich <michael.hennerich(a)analog.com> iio: dac: ad5593r: Fix i2c read protocol requirements Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: destage dirty pages before re-reading them for cache=none Gaurav Kohli <gauravkohli(a)linux.microsoft.com> hv_netvsc: Fix race between VF offering and VF association message from host Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: don't update msg_name if not provided Tudor Ambarus <tudor.ambarus(a)microchip.com> mtd: rawnand: atmel: Unmap streaming DMA mappings Saranya Gopal <saranya.gopal(a)intel.com> ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: Correct pin configs for ASUS G533Z Callum Osmotherly <callum.osmotherly(a)gmail.com> ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix NULL dererence at error path Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential memory leaks Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Takashi Iwai <tiwai(a)suse.de> ALSA: oss: Fix potential deadlock at unregistration Sasha Levin <sashal(a)kernel.org> Revert "fs: check FMODE_LSEEK to control internal pipe splicing" ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-iio | 2 +- Documentation/arm64/silicon-errata.rst | 2 + Documentation/filesystems/vfs.rst | 3 + Makefile | 10 +- arch/arm/Kconfig | 1 - arch/arm/boot/compressed/vmlinux.lds.S | 2 + arch/arm/boot/dts/armada-385-turris-omnia.dts | 4 +- arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/imx6dl.dtsi | 3 + arch/arm/boot/dts/imx6q.dtsi | 3 + arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 6 +- arch/arm/boot/dts/imx6qp.dtsi | 6 + arch/arm/boot/dts/imx6sl.dtsi | 3 + arch/arm/boot/dts/imx6sll.dtsi | 3 + arch/arm/boot/dts/imx6sx.dtsi | 6 + arch/arm/boot/dts/imx7d-sdb.dts | 7 +- arch/arm/boot/dts/kirkwood-lsxl.dtsi | 16 +- arch/arm/mm/dump.c | 2 +- arch/arm/mm/kasan_init.c | 9 +- arch/arm/mm/mmu.c | 4 + arch/arm64/Kconfig | 17 ++ arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 +- arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi | 1 + .../boot/dts/ti/k3-j7200-common-proc-board.dts | 10 +- arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 11 +- arch/arm64/kernel/cpu_errata.c | 5 + arch/arm64/kernel/ftrace.c | 17 +- arch/arm64/kernel/topology.c | 40 ---- arch/ia64/mm/numa.c | 1 + arch/mips/bcm47xx/prom.c | 4 +- arch/mips/sgi-ip27/ip27-xtalk.c | 74 ++++-- arch/powerpc/Makefile | 2 +- arch/powerpc/boot/Makefile | 1 + arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi | 51 ++++ arch/powerpc/boot/dts/fsl/mpc8540ads.dts | 2 +- arch/powerpc/boot/dts/fsl/mpc8541cds.dts | 2 +- arch/powerpc/boot/dts/fsl/mpc8555cds.dts | 2 +- arch/powerpc/boot/dts/fsl/mpc8560ads.dts | 2 +- arch/powerpc/configs/pseries_defconfig | 1 + arch/powerpc/include/asm/syscalls.h | 12 + arch/powerpc/kernel/kprobes.c | 8 +- arch/powerpc/kernel/pci_dn.c | 1 + arch/powerpc/kernel/sys_ppc32.c | 14 +- arch/powerpc/kernel/syscalls.c | 4 +- arch/powerpc/math-emu/math_efp.c | 1 + arch/powerpc/platforms/powernv/opal.c | 1 + arch/powerpc/platforms/pseries/vas.c | 2 +- arch/powerpc/sysdev/fsl_msi.c | 2 + arch/riscv/Kconfig | 2 +- arch/riscv/Makefile | 2 + arch/riscv/include/asm/io.h | 16 +- arch/riscv/kernel/setup.c | 4 +- arch/riscv/kernel/smpboot.c | 3 +- arch/riscv/kernel/sys_riscv.c | 3 - arch/riscv/mm/fault.c | 3 +- arch/sh/include/asm/sections.h | 2 +- arch/sh/kernel/machvec.c | 10 +- arch/um/kernel/um_arch.c | 2 +- arch/x86/include/asm/hyperv-tlfs.h | 4 +- arch/x86/include/asm/microcode.h | 1 + arch/x86/kernel/cpu/feat_ctl.c | 2 +- arch/x86/kernel/cpu/mce/apei.c | 13 +- arch/x86/kernel/cpu/microcode/amd.c | 3 +- arch/x86/kernel/cpu/resctrl/pseudo_lock.c | 12 +- arch/x86/kvm/emulate.c | 2 +- arch/x86/kvm/vmx/nested.c | 37 ++- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/xen/enlighten_pv.c | 3 +- block/blk-throttle.c | 8 +- block/blk-wbt.c | 10 +- crypto/akcipher.c | 8 + drivers/acpi/acpi_fpdt.c | 22 ++ drivers/acpi/acpi_video.c | 16 ++ drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/x86/utils.c | 19 +- drivers/ata/libahci_platform.c | 14 +- drivers/base/arch_topology.c | 19 ++ drivers/block/nbd.c | 6 +- drivers/bluetooth/btintel.c | 17 +- drivers/bluetooth/btusb.c | 14 ++ drivers/bluetooth/hci_ldisc.c | 7 +- drivers/bluetooth/hci_serdev.c | 10 +- drivers/char/hw_random/arm_smccc_trng.c | 4 +- drivers/char/hw_random/imx-rngc.c | 14 +- drivers/clk/baikal-t1/ccu-div.c | 65 +++++ drivers/clk/baikal-t1/ccu-div.h | 10 + drivers/clk/baikal-t1/clk-ccu-div.c | 26 +- drivers/clk/bcm/clk-bcm2835.c | 43 +++- drivers/clk/berlin/bg2.c | 5 +- drivers/clk/berlin/bg2q.c | 6 +- drivers/clk/clk-ast2600.c | 2 +- drivers/clk/clk-oxnas.c | 6 +- drivers/clk/clk-qoriq.c | 10 +- drivers/clk/clk-versaclock5.c | 2 +- drivers/clk/imx/clk-scu.c | 6 +- drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 6 +- drivers/clk/meson/meson-aoclk.c | 5 +- drivers/clk/meson/meson-eeclk.c | 5 +- drivers/clk/meson/meson8b.c | 5 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/apss-ipq6018.c | 2 +- drivers/clk/qcom/gcc-sm6115.c | 46 ++-- drivers/clk/sprd/common.c | 9 +- drivers/clk/tegra/clk-tegra114.c | 1 + drivers/clk/tegra/clk-tegra20.c | 1 + drivers/clk/tegra/clk-tegra210.c | 1 + drivers/clk/ti/clk-dra7-atl.c | 9 +- drivers/clk/zynqmp/clkc.c | 7 + drivers/clk/zynqmp/pll.c | 31 ++- drivers/cpufreq/intel_pstate.c | 1 + drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/crypto/ccp/ccp-dmaengine.c | 6 +- drivers/crypto/hisilicon/qm.c | 6 +- drivers/crypto/hisilicon/zip/zip_crypto.c | 4 +- drivers/crypto/inside-secure/safexcel_hash.c | 8 +- drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 18 +- drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 2 +- drivers/crypto/qat/qat_common/qat_algs.c | 18 +- drivers/crypto/sahara.c | 18 +- drivers/dma-buf/udmabuf.c | 9 +- drivers/dma/hisi_dma.c | 28 +-- drivers/dma/ioat/dma.c | 6 +- drivers/dma/mxs-dma.c | 11 +- drivers/dma/ti/k3-udma.c | 25 +- drivers/firmware/efi/libstub/fdt.c | 8 - drivers/firmware/google/gsmi.c | 9 + drivers/fpga/dfl.c | 2 +- drivers/fsi/fsi-core.c | 3 + drivers/gpio/gpio-rockchip.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 67 +++--- drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 16 +- drivers/gpu/drm/amd/display/dc/dc_stream.h | 6 +- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 35 +-- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 +- drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 +- drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 4 +- drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 21 +- drivers/gpu/drm/arm/display/komeda/komeda_kms.h | 2 + drivers/gpu/drm/bridge/adv7511/adv7511.h | 5 +- drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 4 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 4 +- drivers/gpu/drm/bridge/lontium-lt9611.c | 3 +- .../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 4 +- drivers/gpu/drm/bridge/parade-ps8640.c | 4 +- drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 13 +- drivers/gpu/drm/drm_bridge.c | 4 +- drivers/gpu/drm/drm_dp_helper.c | 9 - drivers/gpu/drm/drm_dp_mst_topology.c | 6 +- drivers/gpu/drm/drm_ioctl.c | 8 +- drivers/gpu/drm/drm_mipi_dsi.c | 1 + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/intel_pm.c | 10 +- drivers/gpu/drm/meson/meson_drv.c | 10 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 12 +- drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c | 29 +-- drivers/gpu/drm/msm/dp/dp_catalog.c | 2 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 4 +- drivers/gpu/drm/nouveau/nouveau_connector.c | 3 +- drivers/gpu/drm/nouveau/nouveau_prime.c | 1 - drivers/gpu/drm/omapdrm/dss/dss.c | 3 + drivers/gpu/drm/pl111/pl111_versatile.c | 1 + drivers/gpu/drm/tiny/bochs.c | 2 + drivers/gpu/drm/udl/udl_modeset.c | 3 - drivers/gpu/drm/vc4/vc4_vec.c | 4 +- drivers/gpu/drm/virtio/virtgpu_object.c | 3 + drivers/gpu/drm/virtio/virtgpu_plane.c | 6 +- drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 1 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-roccat.c | 4 + drivers/hsi/controllers/omap_ssi_core.c | 1 + drivers/hsi/controllers/omap_ssi_port.c | 8 +- drivers/hwmon/gsc-hwmon.c | 1 + drivers/hwmon/pmbus/mp2888.c | 13 +- drivers/hwmon/sht4x.c | 2 +- drivers/i2c/busses/i2c-designware-core.h | 7 +- drivers/i2c/busses/i2c-designware-master.c | 13 + drivers/i2c/busses/i2c-mlxbf.c | 44 +++- drivers/iio/adc/ad7923.c | 4 +- drivers/iio/adc/at91-sama5d2_adc.c | 28 ++- drivers/iio/adc/ltc2497.c | 13 + drivers/iio/dac/ad5593r.c | 46 ++-- drivers/iio/inkern.c | 8 +- drivers/iio/magnetometer/yamaha-yas530.c | 2 +- drivers/iio/pressure/dps310.c | 262 +++++++++++++-------- drivers/infiniband/core/cm.c | 14 +- drivers/infiniband/core/uverbs_cmd.c | 5 +- drivers/infiniband/core/verbs.c | 2 + drivers/infiniband/hw/hns/hns_roce_mr.c | 1 - drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 51 ++-- drivers/infiniband/hw/irdma/type.h | 1 + drivers/infiniband/hw/irdma/user.h | 1 + drivers/infiniband/hw/irdma/utils.c | 3 + drivers/infiniband/hw/irdma/verbs.c | 2 + drivers/infiniband/hw/mlx4/mr.c | 1 - drivers/infiniband/hw/mlx5/main.c | 3 + drivers/infiniband/hw/mlx5/odp.c | 3 +- drivers/infiniband/sw/rxe/rxe_qp.c | 10 +- drivers/infiniband/sw/rxe/rxe_queue.c | 12 +- drivers/infiniband/sw/siw/siw.h | 1 + drivers/infiniband/sw/siw/siw_qp.c | 2 +- drivers/infiniband/sw/siw/siw_qp_rx.c | 27 ++- drivers/infiniband/sw/siw/siw_verbs.c | 3 + drivers/infiniband/ulp/srp/ib_srp.c | 4 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 21 ++ drivers/iommu/omap-iommu-debug.c | 6 +- drivers/isdn/mISDN/l1oip.h | 1 + drivers/isdn/mISDN/l1oip_core.c | 13 +- drivers/leds/flash/leds-lm3601x.c | 2 - drivers/mailbox/bcm-flexrm-mailbox.c | 8 +- drivers/mailbox/mailbox-mpfs.c | 25 +- drivers/md/bcache/writeback.c | 73 ++++-- drivers/md/raid0.c | 2 +- drivers/md/raid5.c | 15 +- drivers/media/pci/cx88/cx88-vbi.c | 9 +- drivers/media/pci/cx88/cx88-video.c | 43 ++-- drivers/media/platform/exynos4-is/fimc-is.c | 1 + drivers/media/platform/meson/ge2d/ge2d.c | 1 - drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 1 - drivers/media/platform/s5p-mfc/s5p_mfc.c | 3 +- drivers/media/platform/xilinx/xilinx-vipp.c | 9 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 ++++--- drivers/media/usb/uvc/uvc_driver.c | 8 +- drivers/memory/of_memory.c | 2 + drivers/memory/pl353-smc.c | 1 + drivers/mfd/fsl-imx25-tsadc.c | 34 ++- drivers/mfd/intel_soc_pmic_core.c | 1 + drivers/mfd/lp8788-irq.c | 3 + drivers/mfd/lp8788.c | 12 +- drivers/mfd/sm501.c | 7 +- drivers/misc/ocxl/file.c | 2 + drivers/mmc/host/au1xmmc.c | 3 +- drivers/mmc/host/sdhci-msm.c | 1 + drivers/mmc/host/sdhci-sprd.c | 2 +- drivers/mmc/host/wmt-sdmmc.c | 5 +- drivers/mtd/devices/docg3.c | 7 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 1 + drivers/mtd/nand/raw/fsl_elbc_nand.c | 28 ++- drivers/mtd/nand/raw/intel-nand-controller.c | 12 +- drivers/mtd/nand/raw/meson_nand.c | 4 +- drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 2 + drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 3 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 79 +++++++ drivers/net/ethernet/atheros/alx/main.c | 5 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 + drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 177 +++++++++++--- drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 + drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 1 + drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c | 10 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 13 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/ethernet/ti/davinci_mdio.c | 242 ++++++++++++++++++- drivers/net/hyperv/hyperv_net.h | 3 +- drivers/net/hyperv/netvsc.c | 4 + drivers/net/hyperv/netvsc_drv.c | 19 ++ drivers/net/thunderbolt.c | 28 ++- drivers/net/usb/r8152.c | 4 +- drivers/net/wireless/ath/ath10k/mac.c | 54 +++-- drivers/net/wireless/ath/ath11k/mac.c | 25 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 43 ++-- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 12 +- drivers/net/wireless/mediatek/mt76/mt7615/main.c | 4 + .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + drivers/net/wireless/mediatek/mt76/sdio.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 34 ++- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 75 +++++- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 9 +- drivers/net/wireless/realtek/rtw88/main.c | 8 +- drivers/net/wwan/iosm/iosm_ipc_wwan.c | 5 +- drivers/nvme/host/core.c | 3 +- drivers/nvme/host/multipath.c | 1 + drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/tcp.c | 11 +- drivers/nvmem/core.c | 15 +- drivers/pci/setup-res.c | 11 + .../phy/amlogic/phy-meson-axg-mipi-pcie-analog.c | 6 +- drivers/phy/mediatek/phy-mtk-tphy.c | 7 +- drivers/phy/qualcomm/phy-qcom-usb-hsic.c | 6 +- drivers/pinctrl/pinctrl-rockchip.c | 13 + drivers/platform/chrome/chromeos_laptop.c | 24 +- drivers/platform/chrome/cros_ec.c | 8 +- drivers/platform/chrome/cros_ec_chardev.c | 3 + drivers/platform/chrome/cros_ec_proto.c | 32 +++ drivers/platform/chrome/cros_ec_typec.c | 2 +- drivers/platform/x86/msi-laptop.c | 14 +- drivers/power/supply/adp5061.c | 6 +- drivers/powercap/intel_rapl_common.c | 4 +- drivers/regulator/core.c | 2 +- drivers/regulator/qcom_rpm-regulator.c | 24 +- drivers/scsi/3w-9xxx.c | 2 +- drivers/scsi/cxgbi/libcxgbi.c | 2 +- drivers/scsi/iscsi_tcp.c | 140 ++++++++--- drivers/scsi/iscsi_tcp.h | 5 + drivers/scsi/libiscsi.c | 41 +++- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/qedf/qedf_main.c | 21 ++ drivers/slimbus/Kconfig | 3 +- drivers/slimbus/qcom-ngd-ctrl.c | 14 +- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/smsm.c | 20 +- drivers/soc/tegra/Kconfig | 1 - drivers/soundwire/cadence_master.c | 9 +- drivers/soundwire/intel.c | 1 - drivers/spi/spi-dw-bt1.c | 4 +- drivers/spi/spi-meson-spicc.c | 6 +- drivers/spi/spi-mt7621.c | 8 +- drivers/spi/spi-omap-100k.c | 1 + drivers/spi/spi-qup.c | 21 +- drivers/spi/spi-s3c64xx.c | 9 + drivers/spi/spi.c | 2 + drivers/spmi/spmi-pmic-arb.c | 13 +- drivers/staging/greybus/audio_helper.c | 11 - drivers/staging/media/meson/vdec/vdec_hevc.c | 6 +- drivers/staging/media/sunxi/cedrus/cedrus.c | 4 +- drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 5 +- drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 +- drivers/staging/rtl8723bs/os_dep/os_intfs.c | 60 ++--- drivers/staging/vt6655/device_main.c | 8 +- drivers/thermal/cpufreq_cooling.c | 10 +- drivers/thermal/intel/intel_powerclamp.c | 4 +- drivers/thermal/qcom/tsens-v0_1.c | 2 +- drivers/thunderbolt/nhi.c | 49 +++- drivers/thunderbolt/switch.c | 24 ++ drivers/thunderbolt/tb.h | 1 + drivers/thunderbolt/tb_regs.h | 1 + drivers/thunderbolt/usb4.c | 20 ++ drivers/tty/serial/8250/8250_core.c | 16 +- drivers/tty/serial/8250/8250_pci.c | 5 + drivers/tty/serial/8250/8250_port.c | 18 +- drivers/tty/serial/fsl_lpuart.c | 2 + drivers/tty/serial/jsm/jsm_driver.c | 3 +- drivers/tty/serial/xilinx_uartps.c | 2 + drivers/usb/common/debug.c | 96 +++++--- drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 17 ++ drivers/usb/dwc3/core.h | 4 + drivers/usb/gadget/function/f_printer.c | 12 +- drivers/usb/host/xhci-dbgcap.c | 2 +- drivers/usb/host/xhci-mem.c | 7 +- drivers/usb/host/xhci-plat.c | 18 +- drivers/usb/host/xhci.c | 3 +- drivers/usb/host/xhci.h | 1 + drivers/usb/misc/idmouse.c | 8 +- drivers/usb/mtu3/mtu3_core.c | 2 - drivers/usb/mtu3/mtu3_plat.c | 2 + drivers/usb/musb/musb_gadget.c | 3 + drivers/usb/storage/unusual_devs.h | 6 - drivers/vhost/vsock.c | 2 +- drivers/video/fbdev/smscufx.c | 14 +- drivers/video/fbdev/stifb.c | 2 +- drivers/xen/gntdev-common.h | 3 +- drivers/xen/gntdev.c | 80 ++++--- fs/btrfs/extent-tree.c | 3 + fs/btrfs/free-space-cache.c | 6 + fs/btrfs/qgroup.c | 15 ++ fs/btrfs/scrub.c | 36 +++ fs/btrfs/super.c | 11 +- fs/cifs/file.c | 9 + fs/cifs/smb2pdu.c | 7 +- fs/cifs/smb2transport.c | 10 +- fs/dlm/ast.c | 6 +- fs/dlm/lock.c | 16 +- fs/dlm/lowcomms.c | 4 + fs/eventfd.c | 10 +- fs/ext2/super.c | 6 +- fs/ext4/fast_commit.c | 40 ++-- fs/ext4/file.c | 6 + fs/ext4/inode.c | 14 +- fs/ext4/namei.c | 17 +- fs/ext4/resize.c | 2 +- fs/ext4/super.c | 25 +- fs/f2fs/checkpoint.c | 47 +++- fs/f2fs/data.c | 4 +- fs/f2fs/extent_cache.c | 3 +- fs/f2fs/f2fs.h | 9 +- fs/f2fs/gc.c | 10 +- fs/f2fs/recovery.c | 23 +- fs/f2fs/segment.c | 2 +- fs/f2fs/super.c | 15 +- fs/file_table.c | 7 +- fs/fs-writeback.c | 37 ++- fs/internal.h | 10 + fs/io-wq.c | 2 +- fs/io_uring.c | 43 ++-- fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 10 +- fs/jbd2/recovery.c | 1 + fs/jbd2/transaction.c | 6 +- fs/ksmbd/server.c | 4 +- fs/ksmbd/smb2pdu.c | 13 +- fs/ksmbd/smb_common.c | 6 +- fs/nfsd/nfs3proc.c | 11 +- fs/nfsd/nfs4proc.c | 19 +- fs/nfsd/nfs4recover.c | 4 +- fs/nfsd/nfs4state.c | 5 + fs/nfsd/nfs4xdr.c | 13 +- fs/nfsd/nfsproc.c | 6 +- fs/nfsd/xdr4.h | 3 +- fs/ntfs3/inode.c | 2 - fs/ntfs3/xattr.c | 102 +------- fs/open.c | 11 +- fs/quota/quota_tree.c | 38 +++ fs/splice.c | 10 +- fs/userfaultfd.c | 4 +- fs/xfs/xfs_super.c | 10 +- include/linux/ata.h | 39 +-- include/linux/bpf_verifier.h | 11 + include/linux/dynamic_debug.h | 11 +- include/linux/eventfd.h | 2 +- include/linux/fs.h | 9 +- include/linux/iova.h | 2 +- include/linux/once.h | 28 +++ include/linux/ring_buffer.h | 2 +- include/linux/sched.h | 2 +- include/linux/serial_8250.h | 1 + include/linux/serial_core.h | 3 +- include/linux/skbuff.h | 2 + include/linux/sunrpc/svc.h | 19 +- include/linux/tcp.h | 2 +- include/linux/trace.h | 36 ++- include/linux/trace_events.h | 1 + include/net/ieee802154_netdev.h | 12 +- include/net/tcp.h | 5 +- include/scsi/libiscsi.h | 6 +- include/uapi/rdma/mlx5-abi.h | 1 + kernel/bpf/bpf_local_storage.c | 4 +- kernel/bpf/bpf_task_storage.c | 8 +- kernel/bpf/btf.c | 2 +- kernel/bpf/hashtab.c | 30 ++- kernel/bpf/syscall.c | 2 + kernel/bpf/verifier.c | 42 +++- kernel/cgroup/cgroup.c | 6 +- kernel/cgroup/cpuset.c | 18 +- kernel/gcov/gcc_4_7.c | 18 +- kernel/livepatch/transition.c | 18 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree.c | 17 +- kernel/rcu/tree_plugin.h | 3 +- kernel/trace/ftrace.c | 8 +- kernel/trace/kprobe_event_gen_test.c | 49 +++- kernel/trace/ring_buffer.c | 87 ++++++- kernel/trace/trace.c | 66 ++++++ kernel/trace/trace_eprobe.c | 60 +---- kernel/trace/trace_events_synth.c | 23 +- kernel/trace/trace_kprobe.c | 60 +---- kernel/trace/trace_osnoise.c | 3 +- kernel/trace/trace_probe_kernel.h | 115 +++++++++ lib/Kconfig.debug | 8 +- lib/dynamic_debug.c | 45 +--- lib/once.c | 30 +++ mm/damon/vaddr.c | 10 + mm/hugetlb.c | 37 ++- mm/mmap.c | 5 +- net/bluetooth/hci_core.c | 34 ++- net/bluetooth/hci_sysfs.c | 3 + net/bluetooth/l2cap_core.c | 17 +- net/bluetooth/rfcomm/sock.c | 3 + net/can/bcm.c | 7 +- net/core/skmsg.c | 12 +- net/core/stream.c | 3 +- net/ieee802154/socket.c | 4 + net/ipv4/inet_hashtables.c | 4 +- net/ipv4/netfilter/nft_fib_ipv4.c | 3 + net/ipv4/tcp.c | 16 +- net/ipv4/tcp_output.c | 19 +- net/ipv6/netfilter/nft_fib_ipv6.c | 6 +- net/mac80211/cfg.c | 3 - net/netfilter/nf_conntrack_core.c | 18 +- net/openvswitch/datapath.c | 18 +- net/rds/tcp.c | 2 +- net/sctp/auth.c | 18 +- net/unix/garbage.c | 20 ++ net/vmw_vsock/virtio_transport_common.c | 2 +- net/xdp/xsk.c | 22 +- net/xdp/xsk_queue.h | 22 +- net/xfrm/xfrm_input.c | 18 +- net/xfrm/xfrm_ipcomp.c | 1 + scripts/Kbuild.include | 23 +- scripts/package/mkspec | 4 +- scripts/selinux/install_policy.sh | 2 +- security/Kconfig.hardening | 13 +- security/integrity/ima/ima_appraise.c | 12 +- sound/core/pcm_dmaengine.c | 8 +- sound/core/rawmidi.c | 2 - sound/core/sound_oss.c | 13 +- sound/pci/hda/hda_beep.c | 15 +- sound/pci/hda/hda_beep.h | 1 + sound/pci/hda/patch_hdmi.c | 6 - sound/pci/hda/patch_realtek.c | 11 +- sound/pci/hda/patch_sigmatel.c | 25 +- sound/soc/codecs/da7219.c | 5 +- sound/soc/codecs/lpass-tx-macro.c | 13 +- sound/soc/codecs/mt6359-accdet.c | 6 +- sound/soc/codecs/mt6660.c | 8 +- sound/soc/codecs/tas2764.c | 78 ++---- sound/soc/codecs/wcd9335.c | 2 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/codecs/wm5102.c | 6 +- sound/soc/codecs/wm5110.c | 6 +- sound/soc/codecs/wm8997.c | 6 +- sound/soc/fsl/eukrea-tlv320.c | 8 +- sound/soc/sh/rcar/ctu.c | 6 +- sound/soc/sh/rcar/dvc.c | 6 +- sound/soc/sh/rcar/mix.c | 6 +- sound/soc/sh/rcar/src.c | 5 +- sound/soc/sh/rcar/ssi.c | 4 +- sound/soc/sof/sof-pci-dev.c | 2 +- sound/usb/card.c | 32 ++- sound/usb/endpoint.c | 6 +- sound/usb/quirks.c | 42 ---- sound/usb/quirks.h | 2 - sound/usb/usbaudio.h | 1 + tools/bpf/bpftool/btf_dumper.c | 2 +- tools/bpf/bpftool/main.c | 10 + tools/lib/bpf/xsk.c | 6 +- tools/objtool/elf.c | 7 +- tools/perf/util/intel-pt.c | 9 +- .../selftests/arm64/signal/testcases/testcases.c | 2 +- tools/testing/selftests/tpm2/tpm2.py | 4 + 529 files changed, 4805 insertions(+), 2196 deletions(-)

1 year, 3 months

12
542
0 0

[PATCH v5.10.y] ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

by Zubin Mithra

From: Takashi Iwai <tiwai(a)suse.de> commit 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d upstream. There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted recently. The fix is simply to cover snd_pcm_oss_make_ready() call into the same params_lock mutex with snd_pcm_oss_make_ready_locked() variant. Reported-and-tested-by: butt3rflyh4ck <butterflyhuangxx(a)gmail.com> Reviewed-by: Jaroslav Kysela <perex(a)perex.cz> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aa… Link: https://lore.kernel.org/r/20220905060714.22549-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Zubin Mithra <zsm(a)google.com> --- Note: * 8423f0b6d513 is present in linux-5.15.y and linux-5.4.y; missing in linux-5.10.y. * Backport addresses conflict due to surrounding context. * Tests run: build and boot. sound/core/oss/pcm_oss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c index f88de74da1eb..de6f94bee50b 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1662,13 +1662,14 @@ static int snd_pcm_oss_sync(struct snd_pcm_oss_file *pcm_oss_file) runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) goto __direct; - if ((err = snd_pcm_oss_make_ready(substream)) < 0) - return err; atomic_inc(&runtime->oss.rw_ref); if (mutex_lock_interruptible(&runtime->oss.params_lock)) { atomic_dec(&runtime->oss.rw_ref); return -ERESTARTSYS; } + err = snd_pcm_oss_make_ready_locked(substream); + if (err < 0) + goto unlock; format = snd_pcm_oss_format_from(runtime->oss.format); width = snd_pcm_format_physical_width(format); if (runtime->oss.buffer_used > 0) { -- 2.38.0.rc1.362.ged0d419d3c-goog

1 year, 3 months

3
3
0 0

[PATCH] firmware: coreboot: Register bus in module init

by Brian Norris

The coreboot_table driver registers a coreboot bus while probing a "coreboot_table" device representing the coreboot table memory region. Probing this device (i.e., registering the bus) is a dependency for the module_init() functions of any driver for this bus (e.g., memconsole-coreboot.c / memconsole_driver_init()). With synchronous probe, this dependency works OK, as the link order in the Makefile ensures coreboot_table_driver_init() (and thus, coreboot_table_probe()) completes before a coreboot device driver tries to add itself to the bus. With asynchronous probe, however, coreboot_table_probe() may race with memconsole_driver_init(), and so we're liable to hit one of these two: 1. coreboot_driver_register() eventually hits "[...] the bus was not initialized.", and the memconsole driver fails to register; or 2. coreboot_driver_register() gets past #1, but still races with bus_register() and hits some other undefined/crashing behavior (e.g., in driver_find() [1]) We can resolve this by registering the bus in our initcall, and only deferring "device" work (scanning the coreboot memory region and creating sub-devices) to probe(). [1] Example failure, using 'driver_async_probe=*' kernel command line: [ 0.114217] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... [ 0.114307] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc1 #63 [ 0.114316] Hardware name: Google Scarlet (DT) ... [ 0.114488] Call trace: [ 0.114494] _raw_spin_lock+0x34/0x60 [ 0.114502] kset_find_obj+0x28/0x84 [ 0.114511] driver_find+0x30/0x50 [ 0.114520] driver_register+0x64/0x10c [ 0.114528] coreboot_driver_register+0x30/0x3c [ 0.114540] memconsole_driver_init+0x24/0x30 [ 0.114550] do_one_initcall+0x154/0x2e0 [ 0.114560] do_initcall_level+0x134/0x160 [ 0.114571] do_initcalls+0x60/0xa0 [ 0.114579] do_basic_setup+0x28/0x34 [ 0.114588] kernel_init_freeable+0xf8/0x150 [ 0.114596] kernel_init+0x2c/0x12c [ 0.114607] ret_from_fork+0x10/0x20 [ 0.114624] Code: 5280002b 1100054a b900092a f9800011 (885ffc01) [ 0.114631] ---[ end trace 0000000000000000 ]--- Fixes: b81e3140e412 ("firmware: coreboot: Make bus registration symmetric") Cc: <stable(a)vger.kernel.org> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- Currently, get_maintainers.pl tells me Greg should pick this up. But I CC the chrome-platform list too, since it seems reasonable for Google folks (probably ChromeOS folks are most active here?) to maintain Google/Chrome drivers. Let me know if y'all would like this official, and I'll push out a MAINTAINERS patch. drivers/firmware/google/coreboot_table.c | 37 +++++++++++++++++++----- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/google/coreboot_table.c b/drivers/firmware/google/coreboot_table.c index c52bcaa9def6..9ca21feb9d45 100644 --- a/drivers/firmware/google/coreboot_table.c +++ b/drivers/firmware/google/coreboot_table.c @@ -149,12 +149,8 @@ static int coreboot_table_probe(struct platform_device *pdev) if (!ptr) return -ENOMEM; - ret = bus_register(&coreboot_bus_type); - if (!ret) { - ret = coreboot_table_populate(dev, ptr); - if (ret) - bus_unregister(&coreboot_bus_type); - } + ret = coreboot_table_populate(dev, ptr); + memunmap(ptr); return ret; @@ -169,7 +165,6 @@ static int __cb_dev_unregister(struct device *dev, void *dummy) static int coreboot_table_remove(struct platform_device *pdev) { bus_for_each_dev(&coreboot_bus_type, NULL, NULL, __cb_dev_unregister); - bus_unregister(&coreboot_bus_type); return 0; } @@ -199,6 +194,32 @@ static struct platform_driver coreboot_table_driver = { .of_match_table = of_match_ptr(coreboot_of_match), }, }; -module_platform_driver(coreboot_table_driver); + +static int __init coreboot_table_driver_init(void) +{ + int ret; + + ret = bus_register(&coreboot_bus_type); + if (ret) + return ret; + + ret = platform_driver_register(&coreboot_table_driver); + if (ret) { + bus_unregister(&coreboot_bus_type); + return ret; + } + + return 0; +} + +static void __exit coreboot_table_driver_exit(void) +{ + platform_driver_unregister(&coreboot_table_driver); + bus_unregister(&coreboot_bus_type); +} + +module_init(coreboot_table_driver_init); +module_exit(coreboot_table_driver_exit); + MODULE_AUTHOR("Google, Inc."); MODULE_LICENSE("GPL"); -- 2.38.0.413.g74048e4d9e-goog

1 year, 4 months

4
5
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2022