December 2022 - Linux-stable-mirror

[PATCH v5 2/2] ceph: blocklist the kclient when receiving corrupted snap trace

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> When received corrupted snap trace we don't know what exactly has happened in MDS side. And we shouldn't continue IOs and metadatas access to MDS, which may corrupt or get incorrect contents. This patch will just block all the further IO/MDS requests immediately and then evict the kclient itself. The reason why we still need to evict the kclient just after blocking all the further IOs is that the MDS could revoke the caps faster. Cc: stable(a)vger.kernel.org URL: https://tracker.ceph.com/issues/57686 Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- fs/ceph/addr.c | 22 ++++++++++++++++++++-- fs/ceph/caps.c | 17 ++++++++++++++--- fs/ceph/file.c | 9 +++++++++ fs/ceph/mds_client.c | 28 +++++++++++++++++++++++++--- fs/ceph/snap.c | 37 +++++++++++++++++++++++++++++++++++-- fs/ceph/super.h | 1 + 6 files changed, 104 insertions(+), 10 deletions(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index da2fb2c97531..092f8d40abdc 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -305,13 +305,18 @@ static void ceph_netfs_issue_read(struct netfs_io_subrequest *subreq) struct inode *inode = rreq->inode; struct ceph_inode_info *ci = ceph_inode(inode); struct ceph_fs_client *fsc = ceph_inode_to_client(inode); - struct ceph_osd_request *req; + struct ceph_osd_request *req = NULL; struct ceph_vino vino = ceph_vino(inode); struct iov_iter iter; int err = 0; u64 len = subreq->len; bool sparse = ceph_test_mount_opt(fsc, SPARSEREAD); + if (READ_ONCE(fsc->mount_state) == CEPH_MOUNT_FENCE_IO) { + err = -EIO; + goto out; + } + if (ceph_has_inline_data(ci) && ceph_netfs_issue_op_inline(subreq)) return; @@ -559,6 +564,9 @@ static int writepage_nounlock(struct page *page, struct writeback_control *wbc) dout("writepage %p idx %lu\n", page, page->index); + if (READ_ONCE(fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return -EIO; + /* verify this is a writeable snap context */ snapc = page_snap_context(page); if (!snapc) { @@ -797,6 +805,11 @@ static int ceph_writepages_start(struct address_space *mapping, bool done = false; bool caching = ceph_is_cache_enabled(inode); + if (READ_ONCE(fsc->mount_state) == CEPH_MOUNT_FENCE_IO) { + mapping_set_error(mapping, -EIO); + return -EIO; + } + if (wbc->sync_mode == WB_SYNC_NONE && fsc->write_congested) return 0; @@ -1639,7 +1652,7 @@ int ceph_uninline_data(struct file *file) struct ceph_inode_info *ci = ceph_inode(inode); struct ceph_fs_client *fsc = ceph_inode_to_client(inode); struct ceph_osd_request *req = NULL; - struct ceph_cap_flush *prealloc_cf; + struct ceph_cap_flush *prealloc_cf = NULL; struct folio *folio = NULL; u64 inline_version = CEPH_INLINE_NONE; struct page *pages[1]; @@ -1653,6 +1666,11 @@ int ceph_uninline_data(struct file *file) dout("uninline_data %p %llx.%llx inline_version %llu\n", inode, ceph_vinop(inode), inline_version); + if (READ_ONCE(fsc->mount_state) == CEPH_MOUNT_FENCE_IO) { + err = -EIO; + goto out; + } + if (inline_version == CEPH_INLINE_NONE) return 0; diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c index 948136f81fc8..5230ab64fff0 100644 --- a/fs/ceph/caps.c +++ b/fs/ceph/caps.c @@ -4134,6 +4134,7 @@ void ceph_handle_caps(struct ceph_mds_session *session, void *p, *end; struct cap_extra_info extra_info = {}; bool queue_trunc; + bool close_sessions = false; dout("handle_caps from mds%d\n", session->s_mds); @@ -4275,9 +4276,13 @@ void ceph_handle_caps(struct ceph_mds_session *session, realm = NULL; if (snaptrace_len) { down_write(&mdsc->snap_rwsem); - ceph_update_snap_trace(mdsc, snaptrace, - snaptrace + snaptrace_len, - false, &realm); + if (ceph_update_snap_trace(mdsc, snaptrace, + snaptrace + snaptrace_len, + false, &realm)) { + up_write(&mdsc->snap_rwsem); + close_sessions = true; + goto done; + } downgrade_write(&mdsc->snap_rwsem); } else { down_read(&mdsc->snap_rwsem); @@ -4341,6 +4346,11 @@ void ceph_handle_caps(struct ceph_mds_session *session, iput(inode); out: ceph_put_string(extra_info.pool_ns); + + /* Defer closing the sessions after s_mutex lock being released */ + if (close_sessions) + ceph_mdsc_close_sessions(mdsc); + return; flush_cap_releases: @@ -4350,6 +4360,7 @@ void ceph_handle_caps(struct ceph_mds_session *session, * cap). */ ceph_flush_cap_releases(mdsc, session); + goto done; bad: diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 85afcbbb5648..76a5633b3f35 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -976,6 +976,9 @@ static ssize_t ceph_sync_read(struct kiocb *iocb, struct iov_iter *to, dout("sync_read on file %p %llu~%u %s\n", file, off, (unsigned)len, (file->f_flags & O_DIRECT) ? "O_DIRECT" : ""); + if (READ_ONCE(fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return -EIO; + if (!len) return 0; /* @@ -1342,6 +1345,9 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter, bool should_dirty = !write && user_backed_iter(iter); bool sparse = ceph_test_mount_opt(fsc, SPARSEREAD); + if (READ_ONCE(fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return -EIO; + if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP) return -EROFS; @@ -2078,6 +2084,9 @@ static int ceph_zero_partial_object(struct inode *inode, loff_t zero = 0; int op; + if (READ_ONCE(fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return -EIO; + if (!length) { op = offset ? CEPH_OSD_OP_DELETE : CEPH_OSD_OP_TRUNCATE; length = &zero; diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index cbbaf334b6b8..b60812707fce 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -957,6 +957,9 @@ static struct ceph_mds_session *register_session(struct ceph_mds_client *mdsc, { struct ceph_mds_session *s; + if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return ERR_PTR(-EIO); + if (mds >= mdsc->mdsmap->possible_max_rank) return ERR_PTR(-EINVAL); @@ -1632,6 +1635,9 @@ static int __open_session(struct ceph_mds_client *mdsc, int mstate; int mds = session->s_mds; + if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_FENCE_IO) + return -EIO; + /* wait for mds to go active? */ mstate = ceph_mdsmap_get_state(mdsc->mdsmap, mds); dout("open_session to mds%d (%s)\n", mds, @@ -3205,6 +3211,11 @@ static void __do_request(struct ceph_mds_client *mdsc, err = -ETIMEDOUT; goto finish; } + if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_FENCE_IO) { + dout("do_request metadata corrupted\n"); + err = -EIO; + goto finish; + } if (READ_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_SHUTDOWN) { dout("do_request forced umount\n"); err = -EIO; @@ -3584,6 +3595,7 @@ static void handle_reply(struct ceph_mds_session *session, struct ceph_msg *msg) u64 tid; int err, result; int mds = session->s_mds; + bool close_sessions = false; if (msg->front.iov_len < sizeof(*head)) { pr_err("mdsc_handle_reply got corrupt (short) reply\n"); @@ -3698,10 +3710,15 @@ static void handle_reply(struct ceph_mds_session *session, struct ceph_msg *msg) realm = NULL; if (rinfo->snapblob_len) { down_write(&mdsc->snap_rwsem); - ceph_update_snap_trace(mdsc, rinfo->snapblob, + err = ceph_update_snap_trace(mdsc, rinfo->snapblob, rinfo->snapblob + rinfo->snapblob_len, le32_to_cpu(head->op) == CEPH_MDS_OP_RMSNAP, &realm); + if (err) { + up_write(&mdsc->snap_rwsem); + close_sessions = true; + goto out_err; + } downgrade_write(&mdsc->snap_rwsem); } else { down_read(&mdsc->snap_rwsem); @@ -3759,6 +3776,10 @@ static void handle_reply(struct ceph_mds_session *session, struct ceph_msg *msg) req->r_end_latency, err); out: ceph_mdsc_put_request(req); + + /* Defer closing the sessions after s_mutex lock being released */ + if (close_sessions) + ceph_mdsc_close_sessions(mdsc); return; } @@ -5358,7 +5379,7 @@ static bool done_closing_sessions(struct ceph_mds_client *mdsc, int skipped) } /* - * called after sb is ro. + * called after sb is ro or when metadata corrupted. */ void ceph_mdsc_close_sessions(struct ceph_mds_client *mdsc) { @@ -5648,7 +5669,8 @@ static void mds_peer_reset(struct ceph_connection *con) struct ceph_mds_client *mdsc = s->s_mdsc; pr_warn("mds%d closed our session\n", s->s_mds); - send_mds_reconnect(mdsc, s); + if (READ_ONCE(mdsc->fsc->mount_state) != CEPH_MOUNT_FENCE_IO) + send_mds_reconnect(mdsc, s); } static void mds_dispatch(struct ceph_connection *con, struct ceph_msg *msg) diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c index c1c452afa84d..a73943e51a77 100644 --- a/fs/ceph/snap.c +++ b/fs/ceph/snap.c @@ -767,8 +767,10 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc, struct ceph_snap_realm *realm; struct ceph_snap_realm *first_realm = NULL; struct ceph_snap_realm *realm_to_rebuild = NULL; + struct ceph_client *client = mdsc->fsc->client; int rebuild_snapcs; int err = -ENOMEM; + int ret; LIST_HEAD(dirty_realms); lockdep_assert_held_write(&mdsc->snap_rwsem); @@ -885,6 +887,27 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc, if (first_realm) ceph_put_snap_realm(mdsc, first_realm); pr_err("%s error %d\n", __func__, err); + + /* + * When receiving a corrupted snap trace we don't know what + * exactly has happened in MDS side. And we shouldn't continue + * writing to OSD, which may corrupt the snapshot contents. + * + * Just try to blocklist this kclient and then this kclient + * must be remounted to continue after the corrupted metadata + * fixed in the MDS side. + */ + mdsc->fsc->mount_state = CEPH_MOUNT_FENCE_IO; + ret = ceph_monc_blocklist_add(&client->monc, &client->msgr.inst.addr); + if (ret) + pr_err("%s blocklist of %s failed: %d", __func__, + ceph_pr_addr(&client->msgr.inst.addr), ret); + + WARN(1, "%s:%s%s do remount to continue%s", + __func__, ret ? "" : ceph_pr_addr(&client->msgr.inst.addr), + ret ? "" : " was blocklisted,", + err == -EIO ? " after corrupted snaptrace fixed" : ""); + return err; } @@ -985,6 +1008,7 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc, __le64 *split_inos = NULL, *split_realms = NULL; int i; int locked_rwsem = 0; + bool close_sessions = false; /* decode */ if (msg->front.iov_len < sizeof(*h)) @@ -1093,8 +1117,12 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc, * update using the provided snap trace. if we are deleting a * snap, we can avoid queueing cap_snaps. */ - ceph_update_snap_trace(mdsc, p, e, - op == CEPH_SNAP_OP_DESTROY, NULL); + if (ceph_update_snap_trace(mdsc, p, e, + op == CEPH_SNAP_OP_DESTROY, + NULL)) { + close_sessions = true; + goto bad; + } if (op == CEPH_SNAP_OP_SPLIT) /* we took a reference when we created the realm, above */ @@ -1113,6 +1141,11 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc, out: if (locked_rwsem) up_write(&mdsc->snap_rwsem); + + /* Defer closing the sessions after s_mutex lock being released */ + if (close_sessions) + ceph_mdsc_close_sessions(mdsc); + return; } diff --git a/fs/ceph/super.h b/fs/ceph/super.h index 0d5cb0983831..f59fd4b4755b 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -111,6 +111,7 @@ enum { CEPH_MOUNT_UNMOUNTED, CEPH_MOUNT_SHUTDOWN, CEPH_MOUNT_RECOVER, + CEPH_MOUNT_FENCE_IO, }; #define CEPH_ASYNC_CREATE_CONFLICT_BITS 8 -- 2.31.1

1 year, 3 months

4
3
0 0

[PATCH v3 1/2] x86/resctrl: Fix event counts regression in reused RMIDs

by Peter Newman

When creating a new monitoring group, the RMID allocated for it may have been used by a group which was previously removed. In this case, the hardware counters will have non-zero values which should be deducted from what is reported in the new group's counts. resctrl_arch_reset_rmid() initializes the prev_msr value for counters to 0, causing the initial count to be charged to the new group. Resurrect __rmid_read() and use it to initialize prev_msr correctly. Unlike before, __rmid_read() checks for error bits in the MSR read so that callers don't need to. Fixes: 1d81d15db39c ("x86/resctrl: Move mbm_overflow_count() into resctrl_arch_rmid_read()") Signed-off-by: Peter Newman <peternewman(a)google.com> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org --- v3: - add changelog - CC stable v2: - move error bit processing into __rmid_read() v1: https://lore.kernel.org/lkml/20221207112924.3602960-1-peternewman@google.co… v2: https://lore.kernel.org/lkml/20221214160856.2164207-1-peternewman@google.co… --- arch/x86/kernel/cpu/resctrl/monitor.c | 49 ++++++++++++++++++--------- 1 file changed, 33 insertions(+), 16 deletions(-) diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index efe0c30d3a12..77538abeb72a 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -146,6 +146,30 @@ static inline struct rmid_entry *__rmid_entry(u32 rmid) return entry; } +static int __rmid_read(u32 rmid, enum resctrl_event_id eventid, u64 *val) +{ + u64 msr_val; + + /* + * As per the SDM, when IA32_QM_EVTSEL.EvtID (bits 7:0) is configured + * with a valid event code for supported resource type and the bits + * IA32_QM_EVTSEL.RMID (bits 41:32) are configured with valid RMID, + * IA32_QM_CTR.data (bits 61:0) reports the monitored data. + * IA32_QM_CTR.Error (bit 63) and IA32_QM_CTR.Unavailable (bit 62) + * are error bits. + */ + wrmsr(MSR_IA32_QM_EVTSEL, eventid, rmid); + rdmsrl(MSR_IA32_QM_CTR, msr_val); + + if (msr_val & RMID_VAL_ERROR) + return -EIO; + if (msr_val & RMID_VAL_UNAVAIL) + return -EINVAL; + + *val = msr_val; + return 0; +} + static struct arch_mbm_state *get_arch_mbm_state(struct rdt_hw_domain *hw_dom, u32 rmid, enum resctrl_event_id eventid) @@ -172,8 +196,12 @@ void resctrl_arch_reset_rmid(struct rdt_resource *r, struct rdt_domain *d, struct arch_mbm_state *am; am = get_arch_mbm_state(hw_dom, rmid, eventid); - if (am) + if (am) { memset(am, 0, sizeof(*am)); + + /* Record any initial, non-zero count value. */ + __rmid_read(rmid, eventid, &am->prev_msr); + } } static u64 mbm_overflow_count(u64 prev_msr, u64 cur_msr, unsigned int width) @@ -191,25 +219,14 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_domain *d, struct rdt_hw_domain *hw_dom = resctrl_to_arch_dom(d); struct arch_mbm_state *am; u64 msr_val, chunks; + int ret; if (!cpumask_test_cpu(smp_processor_id(), &d->cpu_mask)) return -EINVAL; - /* - * As per the SDM, when IA32_QM_EVTSEL.EvtID (bits 7:0) is configured - * with a valid event code for supported resource type and the bits - * IA32_QM_EVTSEL.RMID (bits 41:32) are configured with valid RMID, - * IA32_QM_CTR.data (bits 61:0) reports the monitored data. - * IA32_QM_CTR.Error (bit 63) and IA32_QM_CTR.Unavailable (bit 62) - * are error bits. - */ - wrmsr(MSR_IA32_QM_EVTSEL, eventid, rmid); - rdmsrl(MSR_IA32_QM_CTR, msr_val); - - if (msr_val & RMID_VAL_ERROR) - return -EIO; - if (msr_val & RMID_VAL_UNAVAIL) - return -EINVAL; + ret = __rmid_read(rmid, eventid, &msr_val); + if (ret) + return ret; am = get_arch_mbm_state(hw_dom, rmid, eventid); if (am) { base-commit: 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 -- 2.39.0.314.g84b9a713c41-goog

1 year, 3 months

3
2
0 0

[PATCH v9 02/10] rockchip-mailbox: Fix typo

by Allen Webb

A one character difference in the name supplied to MODULE_DEVICE_TABLE breaks a future patch set, so fix the typo. Cc: stable(a)vger.kernel.org Fixes: f70ed3b5dc8b ("mailbox: rockchip: Add Rockchip mailbox driver") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Allen Webb <allenwebb(a)google.com> --- drivers/mailbox/rockchip-mailbox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mailbox/rockchip-mailbox.c b/drivers/mailbox/rockchip-mailbox.c index 979acc810f30..ca50f7f176f6 100644 --- a/drivers/mailbox/rockchip-mailbox.c +++ b/drivers/mailbox/rockchip-mailbox.c @@ -159,7 +159,7 @@ static const struct of_device_id rockchip_mbox_of_match[] = { { .compatible = "rockchip,rk3368-mailbox", .data = &rk3368_drv_data}, { }, }; -MODULE_DEVICE_TABLE(of, rockchp_mbox_of_match); +MODULE_DEVICE_TABLE(of, rockchip_mbox_of_match); static int rockchip_mbox_probe(struct platform_device *pdev) { -- 2.37.3

1 year, 3 months

4
13
0 0

[PATCH] clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent

by Quentin Schulz

From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> clk_cifout is derived from clk_cifout_src through an integer divider limited to 32. clk_cifout_src is a child of either cpll, gpll or npll without any possibility of a divider of any sort. The default clock parent is cpll. Let's allow clk_cifout to ask its parent clk_cifout_src to reparent in order to find the real closest possible rate for clk_cifout and not one derived from cpll only. Cc: stable(a)vger.kernel.org # 4.10+ Fixes: fd8bc829336a ("clk: rockchip: fix the rk3399 cifout clock") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> --- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent This used to be correct before v4.10 but commit fd8bc829336a ("clk: rockchip: fix the rk3399 cifout clock") incorrectly removed this ability while reworking it. Note: this has been tested on top of v6.0.2 only but no changes were made to this driver since. As for older stable releases, the git context seems identical and there does not seem to have been any logical change introduced since v4.10 so it should be pretty safe to apply. To: Michael Turquette <mturquette(a)baylibre.com> To: Stephen Boyd <sboyd(a)kernel.org> To: Heiko Stuebner <heiko(a)sntech.de> To: Xing Zheng <zhengxing(a)rock-chips.com> Cc: linux-clk(a)vger.kernel.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-rockchip(a)lists.infradead.org Cc: linux-kernel(a)vger.kernel.org --- drivers/clk/rockchip/clk-rk3399.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/rockchip/clk-rk3399.c b/drivers/clk/rockchip/clk-rk3399.c index 306910a3a0d38..9ebd6c451b3db 100644 --- a/drivers/clk/rockchip/clk-rk3399.c +++ b/drivers/clk/rockchip/clk-rk3399.c @@ -1263,7 +1263,7 @@ static struct rockchip_clk_branch rk3399_clk_branches[] __initdata = { RK3399_CLKSEL_CON(56), 6, 2, MFLAGS, RK3399_CLKGATE_CON(10), 7, GFLAGS), - COMPOSITE_NOGATE(SCLK_CIF_OUT, "clk_cifout", mux_clk_cif_p, 0, + COMPOSITE_NOGATE(SCLK_CIF_OUT, "clk_cifout", mux_clk_cif_p, CLK_SET_RATE_PARENT, RK3399_CLKSEL_CON(56), 5, 1, MFLAGS, 0, 5, DFLAGS), /* gic */ --- base-commit: cc675d22e422442f6d230654a55a5fc5682ea018 change-id: 20221117-rk3399-cifout-set-rate-parent-1fbf0173ef2d Best regards, -- Quentin Schulz <quentin.schulz(a)theobroma-systems.com>

1 year, 3 months

3
2
0 0

[PATCH 5.15 000/530] 5.15.75-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.75 release. There are 530 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.75-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.75-rc1 Rafael Mendonca <rafaelmendsr(a)gmail.com> io-wq: Fix memory leak in worker creation Martin Liska <mliska(a)suse.cz> gcov: support GCC 12.1 and newer compilers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: intel_powerclamp: Use first online CPU as control_cpu Jerry Lee 李修賢 <jerrylee(a)qnap.com> ext4: continue to expand file system when the target size doesn't reach Nathan Chancellor <nathan(a)kernel.org> lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 Masahiro Yamada <masahiroy(a)kernel.org> Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT Masahiro Yamada <masahiroy(a)kernel.org> Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> net/ieee802154: don't warn zero-sized raw_sendmsg() Alexander Aring <aahringo(a)redhat.com> Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses Yu Kuai <yukuai3(a)huawei.com> blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix last interface check for registration Alexander Aring <aahringo(a)redhat.com> net: ieee802154: return -EINVAL for unknown addr type Liu Shixin <liushixin2(a)huawei.com> mm: hugetlb: fix UAF in hugetlb_handle_userfault Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: fix unexpected link breakage Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: fix error'ed retry return values Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: fix short rw error handling Pavel Begunkov <asml.silence(a)gmail.com> io_uring: correct pinned_vm accounting Pavel Begunkov <asml.silence(a)gmail.com> io_uring/af_unix: defer registered files gc to io_uring release Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Ivan T. Ivanov <iivanov(a)suse.de> clk: bcm2835: Round UART input clock up Maxime Ripard <maxime(a)cerno.tech> clk: bcm2835: Make peripheral PLLC critical Dongliang Mu <mudongliangabcd(a)gmail.com> usb: idmouse: fix an uninit-value in idmouse_open Varun Prakash <varun(a)chelsio.com> nvmet-tcp: add bounds check on Transfer Tag Keith Busch <kbusch(a)kernel.org> nvme: copy firmware_rev on each init Jan Kara <jack(a)suse.cz> ext2: Use kvmalloc() for group descriptor array Arun Easi <aeasi(a)marvell.com> scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled Xiaoke Wang <xkernel.wang(a)foxmail.com> staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Xiaoke Wang <xkernel.wang(a)foxmail.com> staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() sunghwan jung <onenowy(a)gmail.com> Revert "usb: storage: Add quirk for Samsung Fit flash" Piyush Mehta <piyush.mehta(a)amd.com> usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes Robin Guo <guoweibin(a)inspur.com> usb: musb: Fix musb_gadget.c rxstate overflow bug Jianglei Nie <niejianglei2021(a)163.com> usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Logan Gunthorpe <logang(a)deltatee.com> md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Dylan Yudaken <dylany(a)fb.com> eventfd: guard wake_up in eventfd fs calls as well Hyunwoo Kim <imv4bel(a)gmail.com> HID: roccat: Fix use-after-free in roccat_read() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel: fix error handling on dai registration issues Richard Fitzgerald <rf(a)opensource.cirrus.com> soundwire: cadence: Don't overwrite msg->buf during write commands Coly Li <colyli(a)suse.de> bcache: fix set_at_max_writeback_rate() for multiple attached devices Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Sanity check the DT child nodes number Yu Kuai <yukuai3(a)huawei.com> blk-throttle: prevent overflow while calculating wait time Nam Cao <namcaov(a)gmail.com> staging: vt6655: fix potential memory leak Wei Yongjun <weiyongjun1(a)huawei.com> power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Yicong Yang <yangyicong(a)hisilicon.com> iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity Shigeru Yoshida <syoshida(a)redhat.com> nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Letu Ren <fantasquex(a)gmail.com> scsi: 3w-9xxx: Avoid disabling device if failing to enable it Vaishnav Achath <vaishnav.a(a)ti.com> dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow Justin Chen <justinpopo6(a)gmail.com> usb: host: xhci-plat: suspend/resume clks for brcm Justin Chen <justinpopo6(a)gmail.com> usb: host: xhci-plat: suspend and resume clocks Quanyang Wang <quanyang.wang(a)windriver.com> clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Hangyu Hua <hbh25y(a)gmail.com> media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc Zheyu Ma <zheyuma97(a)gmail.com> media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Ian Nam <young.kwan.nam(a)xilinx.com> clk: zynqmp: Fix stack-out-of-bounds in strncpy` Alex Sverdlin <alexander.sverdlin(a)nokia.com> ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n Maciej S. Szmigiero <maciej.szmigiero(a)oracle.com> btrfs: don't print information about space cache or tree every remount Qu Wenruo <wqu(a)suse.com> btrfs: scrub: try to fix super block errors Qu Wenruo <wqu(a)suse.com> btrfs: dump extra info if one free space cache has more bitmaps than it should Sebastian Krzyszkowiak <sebastian.krzyszkowiak(a)puri.sm> arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply Mark Brown <broonie(a)kernel.org> kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6sx: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6sll: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6sl: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6qp: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6dl: add missing properties for sram Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx6q: add missing properties for sram Haibo Chen <haibo.chen(a)nxp.com> ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Remove interface for periodic interrupt 1 Khaled Almahallawy <khaled.almahallawy(a)intel.com> drm/dp: Don't rewrite link config when setting phy test pattern Richard Acayan <mailingradian(a)gmail.com> mmc: sdhci-msm: add compatible string check for sdm670 Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/meson: explicitly remove aggregate driver at module unload time Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/meson: reorder driver deinit sequence to fix use-after-free bug hongao <hongao(a)uniontech.com> drm/amdgpu: fix initial connector audio value Jairaj Arava <jairaj.arava(a)intel.com> ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Hans de Goede <hdegoede(a)redhat.com> platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Jameson Thies <jthies(a)google.com> platform/chrome: cros_ec: Notify the PM of wake events during resume Maya Matuszczyk <maccraft123mc(a)gmail.com> drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Mateusz Kwiatkowski <kfyatek+publicgit(a)gmail.com> drm/vc4: vec: Fix timings for VEC modes Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Register card at the last interface Lucas Stach <l.stach(a)pengutronix.de> drm: bridge: dw_hdmi: only trigger hotplug event on link change Vivek Kasireddy <vivek.kasireddy(a)intel.com> udmabuf: Set ubuf->sg = NULL if the creation of sg table fails David Gow <davidgow(a)google.com> drm/amd/display: fix overflow on MIN_I64 definition Zeng Jingxiang <linuszeng(a)tencent.com> gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Liviu Dudau <liviu.dudau(a)arm.com> drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook Javier Martinez Canillas <javierm(a)redhat.com> drm: Prevent drm_copy_field() to attempt copying a NULL pointer Javier Martinez Canillas <javierm(a)redhat.com> drm: Use size_t type for len variable in drm_copy_field() Jianglei Nie <niejianglei2021(a)163.com> drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Andrew Gaul <gaul(a)gaul.org> r8152: Rate limit overflow messages Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix user-after-free Liu Jian <liujian56(a)huawei.com> net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Jason A. Donenfeld <Jason(a)zx2c4.com> hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: correctly set BBP register 86 for MT7620 Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: set SoC wmac clock register Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: set VGC gain for both chains of MT7620 Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Daniel Golle <daniel(a)makrotopia.org> wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 Ziyang Xuan <william.xuanziyang(a)huawei.com> can: bcm: check the result of can_send() in bcm_can_tx() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Sean Wang <sean.wang(a)mediatek.com> wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value Patrick Rudolph <patrick.rudolph(a)9elements.com> regulator: core: Prevent integer underflow Kiran K <kiran.k(a)intel.com> Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk Alexander Coffin <alex.coffin(a)matician.com> wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Michal Jaron <michalx.jaron(a)intel.com> iavf: Fix race between iavf_close and iavf_reset_task Khalid Masum <khalid.masum.92(a)gmail.com> xfrm: Update ipcomp_scratches with NULL when freed Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Jane Chu <jane.chu(a)oracle.com> x86/mce: Retrieve poison range from hardware Eric Dumazet <edumazet(a)google.com> tcp: annotate data-race around tcp_md5sig_pool_populated Mike Pattrick <mkp(a)redhat.com> openvswitch: Fix overreporting of drops in dropwatch Mike Pattrick <mkp(a)redhat.com> openvswitch: Fix double reporting of drops in dropwatch Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 Jacob Keller <jacob.e.keller(a)intel.com> ice: set tx_tstamps when creating new Tx rings via ethtool Quentin Monnet <quentin(a)isovalent.com> bpftool: Clear errno after libcap's checks Wright Feng <wright.feng(a)cypress.com> wifi: brcmfmac: fix invalid address access when enabling SCAN log level Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix use-after-free on source server when doing inter-server copy Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Kees Cook <keescook(a)chromium.org> x86/entry: Work around Clang __bdos() bug Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Kees Cook <keescook(a)chromium.org> ARM: decompressor: Include .data.rel.ro.local Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash Chao Qin <chao.qin(a)intel.com> powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Kees Cook <keescook(a)chromium.org> MIPS: BCM47XX: Cast memcmp() of function to (void *) Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode Hans de Goede <hdegoede(a)redhat.com> ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address Arvid Norlander <lkml(a)vorpal.se> ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Zqiang <qiang1.zhang(a)intel.com> rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Michal Hocko <mhocko(a)suse.com> rcu: Back off upon fill_page_cache_func() allocation failure Zqiang <qiang1.zhang(a)intel.com> rcu: Avoid triggering strict-GP irq-work when RCU is idle Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix race in lowcomms Stefan Berger <stefanb(a)linux.ibm.com> selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Chao Yu <chao(a)kernel.org> f2fs: fix to account FS_CP_DATA_IO correctly Zhang Qilong <zhangqilong3(a)huawei.com> f2fs: fix race condition on setting FI_NO_EXTENT flag Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Vincent Knecht <vincent.knecht(a)mailoo.org> thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Dan Carpenter <dan.carpenter(a)oracle.com> crypto: cavium - prevent integer overflow loading firmware Dan Carpenter <dan.carpenter(a)oracle.com> crypto: marvell/octeontx - prevent integer overflows Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> kbuild: rpm-pkg: fix breakage when V=1 is used Masahiro Yamada <masahiroy(a)kernel.org> kbuild: remove the target in signal traps when interrupted Nico Pache <npache(a)redhat.com> tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads Yipeng Zou <zouyipeng(a)huawei.com> tracing: kprobe: Make gen test module work in arm and riscv Yipeng Zou <zouyipeng(a)huawei.com> tracing: kprobe: Fix kprobe event gen test module on exit Robin Murphy <robin.murphy(a)arm.com> iommu/iova: Fix module config properly Enzo Matsumiya <ematsumiya(a)suse.de> cifs: return correct error in ->calc_signature() Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - fix DMA transfer direction Peter Harliman Liem <pliem(a)maxlinear.com> crypto: inside-secure - Change swab to swab32 Koba Ko <koba.ko(a)canonical.com> crypto: ccp - Release dma channels before dmaengine unrgister Ignat Korchagin <ignat(a)cloudflare.com> crypto: akcipher - default implementation for setting a private key Dan Carpenter <dan.carpenter(a)oracle.com> iommu/omap: Fix buffer overflow in debugfs Waiman Long <longman(a)redhat.com> cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - fix missing put dfx access Lucas Segarra Fernandez <lucas.segarra.fernandez(a)intel.com> crypto: qat - fix default value of WDT timer Kshitiz Varshney <kshitiz.varshney(a)nxp.com> hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Michal Koutný <mkoutny(a)suse.com> cgroup: Honor caller's cgroup NS when resolving path James Cowgill <james.cowgill(a)blaize.com> hwrng: arm-smccc-trng - fix NO_ENTROPY handling Ye Weihua <yeweihua4(a)huawei.com> crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Zhengchao Shao <shaozhengchao(a)huawei.com> crypto: sahara - don't sleep when in softirq Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL Li Huafei <lihuafei1(a)huawei.com> powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() Pali Rohár <pali(a)kernel.org> powerpc: Fix SPE Power ISA properties for e500v1 platforms Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition Rohan McLure <rmclure(a)linux.ibm.com> powerpc: Fix fallocate and fadvise64_64 compat parameter combination Zheng Yongjun <zhengyongjun3(a)huawei.com> powerpc/powernv: add missing of_node_put() in opal_export_attrs() Liang He <windhl(a)126.com> powerpc/pci_dn: Add missing of_node_put() Liang He <windhl(a)126.com> powerpc/sysdev/fsl_msi: Add missing of_node_put() Nathan Chancellor <nathan(a)kernel.org> powerpc/math_emu/efp: Include module.h Michael Ellerman <mpe(a)ellerman.id.au> powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig Jack Wang <jinpu.wang(a)ionos.com> mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Conor Dooley <conor.dooley(a)microchip.com> mailbox: mpfs: account for mbox offsets while sending Conor Dooley <conor.dooley(a)microchip.com> mailbox: mpfs: fix handling of the reg property Joel Stanley <joel(a)jms.id.au> clk: ast2600: BCLK comes from EPLL Miaoqian Lin <linmq006(a)gmail.com> clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Lin Yujun <linyujun809(a)huawei.com> clk: imx: scu: fix memleak on platform_device_add() fails Stefan Wahren <stefan.wahren(a)i2se.com> clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: baikal-t1: Add SATA internal ref clock buffer Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: baikal-t1: Fix invalid xGMAC PTP clock divider Serge Semin <Sergey.Semin(a)baikalelectronics.ru> clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD David Collins <collinsd(a)codeaurora.org> spmi: pmic-arb: correct duplicate APID to PPID mapping logic Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix failed runtime suspend in host only mode Dave Jiang <dave.jiang(a)intel.com> dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mfd: sm501: Add check for platform_driver_register() Dan Carpenter <dan.carpenter(a)oracle.com> mfd: fsl-imx25: Fix check for platform_get_irq() errors Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: lp8788: Fix an error handling path in lp8788_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> fsi: core: Check error number after calling ida_simple_get Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix resize_finish() in rxe_queue.c Adam Skladowski <a_skl39(a)protonmail.com> clk: qcom: gcc-sm6115: Override default Alpha PLL regs Robert Marko <robimarko(a)gmail.com> clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: Run recv path from workqueue Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: Add recv workqueue helpers Mike Christie <michael.christie(a)oracle.com> scsi: iscsi: Rename iscsi_conn_queue_work() Duoming Zhou <duoming(a)zju.edu.cn> scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Pali Rohár <pali(a)kernel.org> serial: 8250: Fix restoring termios speed after suspend Guilherme G. Piccoli <gpiccoli(a)igalia.com> firmware: google: Test spinlock on panic path to avoid lockups Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON Nam Cao <namcaov(a)gmail.com> staging: vt6655: fix some erroneous memory clean-up loops Dongliang Mu <mudongliangabcd(a)gmail.com> phy: qualcomm: call clk_disable_unprepare in the error handling Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Toggle IER bits on only after irq has been set up Dan Carpenter <dan.carpenter(a)oracle.com> drivers: serial: jsm: fix some leaks in probe Albert Briscoe <albertsbriscoe(a)gmail.com> usb: gadget: function: fix dangling pnp_string in f_printer.c Mario Limonciello <mario.limonciello(a)amd.com> xhci: Don't show warning for reinit on known broken suspend Daisuke Matsuda <matsuda-daisuke(a)fujitsu.com> IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Use SLID in the work completion as the DLID in responder side David Sloan <david.sloan(a)eideticom.com> md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() Logan Gunthorpe <logang(a)deltatee.com> md/raid5: Ensure stripe_fill happens on non-read IO with journal Saurabh Sengar <ssengar(a)linux.microsoft.com> md: Replace snprintf with scnprintf Dan Carpenter <dan.carpenter(a)oracle.com> mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_has_dipm() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_has_ncq_autosense() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_has_devslp() Niklas Cassel <niklas.cassel(a)wdc.com> ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Bernard Metzler <bmt(a)zurich.ibm.com> RDMA/siw: Fix QP destroy to wait for all references dropped. Bernard Metzler <bmt(a)zurich.ibm.com> RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. Bart Van Assche <bvanassche(a)acm.org> RDMA/srp: Fix srp_abort() Sindhu-Devale <sindhu.devale(a)intel.com> RDMA/irdma: Align AE id codes to correct flush code and event Pali Rohár <pali(a)kernel.org> mtd: rawnand: fsl_elbc: Fix none ECC mode Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> mtd: rawnand: intel: Remove undocumented compatible string Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> mtd: rawnand: intel: Read the chip-select line from the correct OF node Chunfeng Yun <chunfeng.yun(a)mediatek.com> phy: phy-mtk-tphy: fix the phy type setting issue Liang He <windhl(a)126.com> phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() William Dean <williamsukatube(a)gmail.com> mtd: devices: docg3: check the return value of devm_ioremap() in the probe Dang Huynh <danct12(a)riseup.net> clk: qcom: sm6115: Select QCOM_GDSC Jim Cromie <jim.cromie(a)gmail.com> dyndbg: drop EXPORTed dynamic_debug_exec_queries Jim Cromie <jim.cromie(a)gmail.com> dyndbg: let query-modname override actual module name Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix module.dyndbg handling Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix static_branch manipulation Jie Hai <haijie1(a)huawei.com> dmaengine: hisilicon: Add multi-thread support for a DMA channel Jie Hai <haijie1(a)huawei.com> dmaengine: hisilicon: Fix CQ head update Jie Hai <haijie1(a)huawei.com> dmaengine: hisilicon: Disable channels when unregister hisi_dma Dan Carpenter <dan.carpenter(a)oracle.com> fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Hangyu Hua <hbh25y(a)gmail.com> misc: ocxl: fix possible refcount leak in afu_ioctl() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the error caused by qp->sk Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix "kernel NULL pointer dereference" error Miaoqian Lin <linmq006(a)gmail.com> media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Yunke Cao <yunkec(a)google.com> media: uvcvideo: Use entity get_cur in uvc_ctrl_set José Expósito <jose.exposito89(a)gmail.com> media: uvcvideo: Fix memory leak in uvc_gpio_parse Xu Qiang <xuqiang36(a)huawei.com> media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> tty: xilinx_uartps: Fix the ignore_status Liang He <windhl(a)126.com> media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Jack Wang <jinpu.wang(a)ionos.com> HSI: omap_ssi_port: Fix dma_map_sg error check Miaoqian Lin <linmq006(a)gmail.com> HSI: omap_ssi: Fix refcount leak in ssi_probe Miaoqian Lin <linmq006(a)gmail.com> clk: tegra20: Fix refcount leak in tegra20_clock_init Miaoqian Lin <linmq006(a)gmail.com> clk: tegra: Fix refcount leak in tegra114_clock_init Miaoqian Lin <linmq006(a)gmail.com> clk: tegra: Fix refcount leak in tegra210_clock_init Liang He <windhl(a)126.com> clk: sprd: Hold reference returned by of_get_parent() Liang He <windhl(a)126.com> clk: berlin: Add of_node_put() for of_get_parent() Liang He <windhl(a)126.com> clk: qoriq: Hold reference returned by of_get_parent() Liang He <windhl(a)126.com> clk: oxnas: Hold reference returned by of_get_parent() Liang He <windhl(a)126.com> clk: meson: Hold reference returned by of_get_parent() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: common: debug: Check non-standard control requests Aharon Landau <aharonl(a)nvidia.com> RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey Jakob Hauser <jahau(a)rocketmail.com> iio: magnetometer: yas530: Change data type of hard_offsets to signed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: ABI: Fix wrong format of differential capacitance channel ABI. Nuno Sá <nuno.sa(a)analog.com> iio: inkern: fix return value in devm_of_iio_channel_get_by_name() Nuno Sá <nuno.sa(a)analog.com> iio: inkern: only release the device node when done with it Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: check return status for pressure and touch Claudiu Beznea <claudiu.beznea(a)microchip.com> iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Mark Rutland <mark.rutland(a)arm.com> arm64: ftrace: fix module PLTs with mcount Josh Triplett <josh(a)joshtriplett.org> ext4: don't run ext4lazyinit for read-only filesystems Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: Drop CMDLINE_* dependency on ATAGS Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Matt Ranostay <mranostay(a)ti.com> arm64: dts: ti: k3-j7200: fix main pinmux range Dmitry Osipenko <digetx(a)gmail.com> soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA Randy Dunlap <rdunlap(a)infradead.org> ia64: export memory_add_physaddr_to_nid to fix cxl build error Michael Walle <michael(a)walle.cc> ARM: dts: kirkwood: lsxl: remove first ethernet port Michael Walle <michael(a)walle.cc> ARM: dts: kirkwood: lsxl: fix serial line Marek Behún <kabel(a)kernel.org> ARM: dts: turris-omnia: Fix mpp26 pin name and comment Lucas Stach <l.stach(a)pengutronix.de> ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus Liang He <windhl(a)126.com> soc: qcom: smem_state: Add refcounting for the 'state->of_node' Liang He <windhl(a)126.com> soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Amir Goldstein <amir73il(a)gmail.com> locks: fix TOCTOU race when granting write lease Liang He <windhl(a)126.com> memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Liang He <windhl(a)126.com> memory: of: Fix refcount leak bug in of_get_ddr_timings() Liang He <windhl(a)126.com> memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Don't skip notification handling during PM operation Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Andreas Pape <apape(a)de.adit-jv.com> ALSA: dmaengine: increment buffer pointer atomically Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: tx-macro: fix kcontrol put Rafael Mendonca <rafaelmendsr(a)gmail.com> drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Liang He <windhl(a)126.com> ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Rafael Mendonca <rafaelmendsr(a)gmail.com> drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() Liang He <windhl(a)126.com> drm/omap: dss: Fix refcount leak bugs Gerd Hoffmann <kraxel(a)redhat.com> drm/bochs: fix blanking Takashi Iwai <tiwai(a)suse.de> ALSA: hda: beep: Simplify keep-power-at-enable behavior Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: rsnd: Add check for rsnd_mod_power_on Zheyu Ma <zheyuma97(a)gmail.com> drm/bridge: megachips: Fix a null pointer dereference bug Yang Yingliang <yangyingliang(a)huawei.com> drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() Prashant Malani <pmalani(a)chromium.org> platform/chrome: cros_ec_typec: Correct alt mode index Hans de Goede <hdegoede(a)redhat.com> platform/x86: msi-laptop: Fix resource cleanup Hans de Goede <hdegoede(a)redhat.com> platform/x86: msi-laptop: Fix old-ec check for backlight registering Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Fix mute/unmute Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Drop conflicting set_bias_level power setting Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Allow mono streams Dan Carpenter <dan.carpenter(a)oracle.com> platform/chrome: fix memory corruption in ioctl Rustam Subkhankulov <subkhankulov(a)ispras.ru> platform/chrome: fix double-free in chromeos_laptop_prepare() Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: mt6359: fix tests for platform_get_irq() failure Liang He <windhl(a)126.com> drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Simon Ser <contact(a)emersion.fr> drm/dp_mst: fix drm_dp_dpcd_read return value checks Chen-Yu Tsai <wenst(a)chromium.org> drm/bridge: parade-ps8640: Fix regulator supply order Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling Maxime Ripard <maxime(a)cerno.tech> drm/mipi-dsi: Detach devices when removing the host Dan Carpenter <dan.carpenter(a)oracle.com> drm/bridge: Avoid uninitialized variable warning Alvin Šipraga <alsi(a)bang-olufsen.dk> drm: bridge: adv7511: unregister cec i2c device after cec adapter Alvin Šipraga <alsi(a)bang-olufsen.dk> drm: bridge: adv7511: fix CEC power down control register offset Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: mvpp2: fix mvpp2 debugfs leak Eric Dumazet <edumazet(a)google.com> once: add DO_ONCE_SLOW() for sleepable contexts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> net/ieee802154: reject zero-sized raw_sendmsg() Maxim Mikityanskiy <maxtram95(a)gmail.com> net: wwan: iosm: Call mutex_init before locking it Jianglei Nie <niejianglei2021(a)163.com> bnx2x: fix potential memory leak in bnx2x_tpa_stop() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() Oleksandr Shamray <oleksandrs(a)nvidia.com> hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller Marek Szyprowski <m.szyprowski(a)samsung.com> spi: Ensure that sg_table won't be used after being freed Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Xin Long <lucien.xin(a)gmail.com> sctp: handle the error returned from sctp_auth_asoc_init_active_key Duoming Zhou <duoming(a)zju.edu.cn> mISDN: fix use-after-free bugs in l1oip timer handlers Jakub Kicinski <kuba(a)kernel.org> eth: alx: take rtnl_lock on resume Junichi Uekawa <uekawa(a)chromium.org> vhost/vsock: Use kvmalloc/kvfree for larger packets. Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Vincent Whitchurch <vincent.whitchurch(a)axis.com> spi: s3c64xx: Fix large transfers with DMA Phil Sutter <phil(a)nwl.cc> netfilter: nft_fib: Fix for rpath check with VRF devices Liu Jian <liujian56(a)huawei.com> xfrm: Reinject transport-mode packets through workqueue Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling link timeouts propertly Asmaa Mnebhi <asmaa(a)nvidia.com> i2c: mlxbf: support lock mechanism Liu Jian <liujian56(a)huawei.com> skmsg: Schedule psock work if the cached skb exists on the psock Zhang Qilong <zhangqilong3(a)huawei.com> spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Zhang Qilong <zhangqilong3(a)huawei.com> spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Luciano Leão <lucianorsleao(a)gmail.com> x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype Kees Cook <keescook(a)chromium.org> x86/microcode/AMD: Track patch allocation size explicitly Jesus Fernandez Manzano <jesus.manzano(a)galgus.net> wifi: ath11k: fix number of VHT beamformee spatial streams Antoine Tenart <atenart(a)kernel.org> netfilter: conntrack: revisit the gc initial rescheduling bias Antoine Tenart <atenart(a)kernel.org> netfilter: conntrack: fix the gc rescheduling delay Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Lee Jones <lee(a)kernel.org> bpf: Ensure correct locking around vulnerable function find_vpid() Zheng Yongjun <zhengyongjun3(a)huawei.com> net: fs_enet: Fix wrong check in do_pd_setup Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7915: do not check state before configuring implicit beamform Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload YN Chen <yn.chen(a)mediatek.com> wifi: mt76: sdio: fix transmitting packet hangs Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Lorenz Bauer <oss(a)lmb.io> bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Neil Armstrong <narmstrong(a)baylibre.com> spi: meson-spicc: do not rely on busy flag in pow2 clk ops Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix skb misuse in TX queue selection Xu Qiang <xuqiang36(a)huawei.com> spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Xu Qiang <xuqiang36(a)huawei.com> spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Ian Rogers <irogers(a)google.com> selftests/xsk: Avoid use-after-free on ctx Yang Yingliang <yangyingliang(a)huawei.com> wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() Dan Carpenter <dan.carpenter(a)oracle.com> wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Sean Wang <sean.wang(a)mediatek.com> Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Hou Tao <houtao1(a)huawei.com> bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy Hou Tao <houtao1(a)huawei.com> bpf: Propagate error from htab_lock_bucket() to userspace Hou Tao <houtao1(a)huawei.com> bpf: Disable preemption when increasing per-cpu map_locked Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: Fix backpressure mechanism on Tx Kohei Tarumizu <tarumizu.kohei(a)fujitsu.com> x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: mt7621: Fix an error message in mt7621_spi_probe() Lam Thai <lamthai(a)arista.com> bpftool: Fix a wrong type cast in btf_dumper_int Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: allow bw change during channel switch in mesh Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Fix reference state management for synchronous callbacks Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> leds: lm3601x: Don't use mutex after it was destroyed Wen Gong <quic_wgong(a)quicinc.com> wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtlwifi: 8192de: correct checking of IQK reload Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix handling of oversized NFSv4 COMPOUND requests Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv2 READDIR Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_encode's buflen calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Fix a memory leak in an error handling path Sami Tolvanen <samitolvanen(a)google.com> objtool: Preserve special st_shndx indexes in elf_update_symbol Wang Kefeng <wangkefeng.wang(a)huawei.com> ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Wang Kefeng <wangkefeng.wang(a)huawei.com> ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Lin Yujun <linyujun809(a)huawei.com> MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> MIPS: SGI-IP27: Free some unused memory Kees Cook <keescook(a)chromium.org> sh: machvec: Use char[] for section boundaries Xuewen Yan <xuewen.yan(a)unisoc.com> thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() Christian Brauner <brauner(a)kernel.org> ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers Ondrej Mosnacek <omosnace(a)redhat.com> userfaultfd: open userfaultfds with O_RDONLY Mimi Zohar <zohar(a)linux.ibm.com> ima: fix blocking of security.ima xattrs of unsupported algorithms Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> selinux: use "grep -E" instead of "egrep" Steve French <stfrench(a)microsoft.com> smb3: must initialize two ACL struct fields to zero Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amd/display: Fix vblank refcount in vrr transition Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix watermark calculations for gen12+ MC CCS modifier Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Jianglei Nie <niejianglei2021(a)163.com> drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Lyude Paul <lyude(a)redhat.com> drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> staging: greybus: audio_helper: remove unused and wrong debugfs usage Sean Christopherson <seanjc(a)google.com> KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02 Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Michal Luczaj <mhal(a)rbox.co> KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Yu Kuai <yukuai3(a)huawei.com> blk-wbt: call rq_qos_add() after wb_normal is initialized Dmitry Osipenko <dmitry.osipenko(a)collabora.com> media: cedrus: Fix endless loop in cedrus_h265_skip_bits() Dmitry Osipenko <dmitry.osipenko(a)collabora.com> media: cedrus: Set the platform driver data earlier Ard Biesheuvel <ardb(a)kernel.org> efi: libstub: drop pointless get_memory_map() call Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Explicitly enable lane adapter hotplug events at startup Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix reading strings from synthetic events Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add "(fault)" name injection to kernel probes Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Move duplicate code of trace_kprobe/eprobe.c into header Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add ioctl() to force ring buffer waiters to wake up Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Wake up waiters when tracing is disabled Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Wake up ring buffer waiters on closing of the file Waiman Long <longman(a)redhat.com> tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix race between reset page and reading page Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Add ring_buffer_wake_waiters() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Check pending waiters when doing wake ups as well Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have the shortest_full queue be the shortest not longest Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Allow splice to read previous partially read pages Zheng Yejian <zhengyejian1(a)huawei.com> ftrace: Properly unset FTRACE_HASH_FL_MOD Rik van Riel <riel(a)surriel.com> livepatch: fix race between fork and KLP transition Ye Bin <yebin10(a)huawei.com> ext4: update 'state->fc_regions_size' after successful memory allocation Ye Bin <yebin10(a)huawei.com> ext4: fix potential memory leak in ext4_fc_record_regions() Ye Bin <yebin10(a)huawei.com> ext4: fix potential memory leak in ext4_fc_record_modified_inode() Ye Bin <yebin10(a)huawei.com> ext4: fix miss release buffer head in ext4_fc_write_inode Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: fix dir corruption when ext4_dx_add_entry() fails Jinke Han <hanjinke.666(a)bytedance.com> ext4: place buffer head allocation before handle start Zhang Yi <yi.zhang(a)huawei.com> ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate Lukas Czerner <lczerner(a)redhat.com> ext4: don't increase iversion counter for ea_inodes Jan Kara <jack(a)suse.cz> ext4: fix check for block being out of directory size Lalith Rajendran <lalithkraj(a)google.com> ext4: make ext4_lazyinit_thread freezable Baokun Li <libaokun1(a)huawei.com> ext4: fix null-ptr-deref in ext4_write_info Jan Kara <jack(a)suse.cz> ext4: avoid crash when inline data creation follows DIO write Ye Bin <yebin10(a)huawei.com> jbd2: add miss release buffer head in fc_do_one_pass() Ye Bin <yebin10(a)huawei.com> jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Ye Bin <yebin10(a)huawei.com> jbd2: fix potential buffer head reference count leak Andrew Perepechko <anserper(a)ya.ru> jbd2: wake up journal waiters in FIFO order, not LIFO Kees Cook <keescook(a)chromium.org> hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero Kees Cook <keescook(a)chromium.org> hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on summary info Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on destination blkaddr during recovery Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: increase the limit for reserve_root Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: flush pending checkpoints when freezing super Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: complete checkpoints during remount Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between quota enable and quota rescan ioctl Lukas Czerner <lczerner(a)redhat.com> fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE Mickaël Salaün <mic(a)digikod.net> ksmbd: Fix user namespace mapping Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> ksmbd: Fix wrong return value and message length check in smb2_ioctl() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix endless loop when encryption for response fails Hyunwoo Kim <imv4bel(a)gmail.com> fbdev: smscufx: Fix use-after-free in ufx_ops_open() Quentin Schulz <quentin.schulz(a)theobroma-systems.com> pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback Quentin Schulz <quentin.schulz(a)theobroma-systems.com> gpio: rockchip: request GPIO mux to pinctrl when setting direction Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Populate sysfs attributes for vport Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> slimbus: qcom-ngd: cleanup in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure Pali Rohár <pali(a)kernel.org> powerpc/boot: Explicitly disable usage of SPE instructions Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv3 READ Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv2 READ Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv3 READDIR Maciej W. Rozycki <macro(a)orcam.me.uk> serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices Maciej W. Rozycki <macro(a)orcam.me.uk> serial: 8250: Let drivers request full 16550A feature probing Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge M. Vefa Bicakci <m.v.b(a)runbox.com> xen/gntdev: Accommodate VMA splitting M. Vefa Bicakci <m.v.b(a)runbox.com> xen/gntdev: Prevent leaking grants Carlos Llamas <cmllamas(a)google.com> mm/mmap: undo ->mmap() when arch_validate_flags() fails Baolin Wang <baolin.wang(a)linux.alibaba.com> mm/damon: validate if the pmd entry is present before accessing James Morse <james.morse(a)arm.com> arm64: errata: Add Cortex-A55 to the repeat tlbi list Takashi Iwai <tiwai(a)suse.de> drm/udl: Restore display mode on resume Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Check whether transferred 2D BO is shmem Dario Binacchi <dario.binacchi(a)amarulasolutions.com> dmaengine: mxs: use platform_driver_register Hamza Mahfooz <hamza.mahfooz(a)amd.com> Revert "drm/amdgpu: use dirty framebuffer helper" Rishabh Bhatnagar <risbhat(a)amazon.com> nvme-pci: set min_align_mask before calculating max_hw_sectors Sagi Grimberg <sagi(a)grimberg.me> nvme-multipath: fix possible hang in live ns resize with ANA access Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmem: core: Fix memleak in nvmem_register() Huacai Chen <chenhuacai(a)kernel.org> UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Fangrui Song <maskray(a)google.com> riscv: Pass -mno-relax only on lld < 15.0.0 Wenting Zhang <zephray(a)outlook.com> riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb Andrew Bresticker <abrestic(a)rivosinc.com> riscv: Make VM_WRITE imply VM_READ Andrew Bresticker <abrestic(a)rivosinc.com> riscv: Allow PROT_WRITE-only mmap() Helge Deller <deller(a)gmx.de> parisc: fbdev/stifb: Align graphics memory size to 4MB Maciej W. Rozycki <macro(a)orcam.me.uk> RISC-V: Make port I/O string accessors actually work Conor Dooley <conor.dooley(a)microchip.com> riscv: topology: fix default topology reporting Conor Dooley <conor.dooley(a)microchip.com> arm64: topology: move store_cpu_topology() to shared code Linus Walleij <linus.walleij(a)linaro.org> regulator: qcom_rpm: Fix circular deferral regression Mika Westerberg <mika.westerberg(a)linux.intel.com> net: thunderbolt: Enable DMA paths only after rings are enabled Liang He <windhl(a)126.com> hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: wcd934x: fix order of Slimbus unprepare/disable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: wcd9335: fix order of Slimbus unprepare/disable Patryk Duda <pdk(a)semihalf.com> platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Zhihao Cheng <chengzhihao1(a)huawei.com> quota: Check next/prev free block number after reading from quota file Andri Yngvason <andri(a)yngvason.is> HID: multitouch: Add memory barriers Alexander Aring <aahringo(a)redhat.com> fs: dlm: handle -EBUSY first in lock arg validation Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix race between test_bit() and queue_work() Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix handling of real but unexpected device interrupts Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix minimum clock limit Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb_leaf: Fix CAN state after restart Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb_leaf: Fix TX queue out of sync after restart Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb_leaf: Fix overread with an invalid command Anssi Hannula <anssi.hannula(a)bitwise.fi> can: kvaser_usb: Fix use of uninitialized completion Jean-Francois Le Fillatre <jflf_kernel(a)gmx.com> usb: add quirks for Lenovo OneLink+ Dock Rafael Mendonca <rafaelmendsr(a)gmail.com> xhci: dbc: Fix memory leak in xhci_alloc_dbc() Eddie James <eajames(a)linux.ibm.com> iio: pressure: dps310: Reset chip after timeout Eddie James <eajames(a)linux.ibm.com> iio: pressure: dps310: Refactor startup procedure Nuno Sá <nuno.sa(a)analog.com> iio: adc: ad7923: fix channel readings for some variants Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iio: ltc2497: Fix reading conversion results Michael Hennerich <michael.hennerich(a)analog.com> iio: dac: ad5593r: Fix i2c read protocol requirements Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: destage dirty pages before re-reading them for cache=none Gaurav Kohli <gauravkohli(a)linux.microsoft.com> hv_netvsc: Fix race between VF offering and VF association message from host Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: don't update msg_name if not provided Tudor Ambarus <tudor.ambarus(a)microchip.com> mtd: rawnand: atmel: Unmap streaming DMA mappings Saranya Gopal <saranya.gopal(a)intel.com> ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: Correct pin configs for ASUS G533Z Callum Osmotherly <callum.osmotherly(a)gmail.com> ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix NULL dererence at error path Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential memory leaks Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Takashi Iwai <tiwai(a)suse.de> ALSA: oss: Fix potential deadlock at unregistration Sasha Levin <sashal(a)kernel.org> Revert "fs: check FMODE_LSEEK to control internal pipe splicing" ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-iio | 2 +- Documentation/arm64/silicon-errata.rst | 2 + Documentation/filesystems/vfs.rst | 3 + Makefile | 10 +- arch/arm/Kconfig | 1 - arch/arm/boot/compressed/vmlinux.lds.S | 2 + arch/arm/boot/dts/armada-385-turris-omnia.dts | 4 +- arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/imx6dl.dtsi | 3 + arch/arm/boot/dts/imx6q.dtsi | 3 + arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 6 +- arch/arm/boot/dts/imx6qp.dtsi | 6 + arch/arm/boot/dts/imx6sl.dtsi | 3 + arch/arm/boot/dts/imx6sll.dtsi | 3 + arch/arm/boot/dts/imx6sx.dtsi | 6 + arch/arm/boot/dts/imx7d-sdb.dts | 7 +- arch/arm/boot/dts/kirkwood-lsxl.dtsi | 16 +- arch/arm/mm/dump.c | 2 +- arch/arm/mm/kasan_init.c | 9 +- arch/arm/mm/mmu.c | 4 + arch/arm64/Kconfig | 17 ++ arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 +- arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi | 1 + .../boot/dts/ti/k3-j7200-common-proc-board.dts | 10 +- arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 11 +- arch/arm64/kernel/cpu_errata.c | 5 + arch/arm64/kernel/ftrace.c | 17 +- arch/arm64/kernel/topology.c | 40 ---- arch/ia64/mm/numa.c | 1 + arch/mips/bcm47xx/prom.c | 4 +- arch/mips/sgi-ip27/ip27-xtalk.c | 74 ++++-- arch/powerpc/Makefile | 2 +- arch/powerpc/boot/Makefile | 1 + arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi | 51 ++++ arch/powerpc/boot/dts/fsl/mpc8540ads.dts | 2 +- arch/powerpc/boot/dts/fsl/mpc8541cds.dts | 2 +- arch/powerpc/boot/dts/fsl/mpc8555cds.dts | 2 +- arch/powerpc/boot/dts/fsl/mpc8560ads.dts | 2 +- arch/powerpc/configs/pseries_defconfig | 1 + arch/powerpc/include/asm/syscalls.h | 12 + arch/powerpc/kernel/kprobes.c | 8 +- arch/powerpc/kernel/pci_dn.c | 1 + arch/powerpc/kernel/sys_ppc32.c | 14 +- arch/powerpc/kernel/syscalls.c | 4 +- arch/powerpc/math-emu/math_efp.c | 1 + arch/powerpc/platforms/powernv/opal.c | 1 + arch/powerpc/platforms/pseries/vas.c | 2 +- arch/powerpc/sysdev/fsl_msi.c | 2 + arch/riscv/Kconfig | 2 +- arch/riscv/Makefile | 2 + arch/riscv/include/asm/io.h | 16 +- arch/riscv/kernel/setup.c | 4 +- arch/riscv/kernel/smpboot.c | 3 +- arch/riscv/kernel/sys_riscv.c | 3 - arch/riscv/mm/fault.c | 3 +- arch/sh/include/asm/sections.h | 2 +- arch/sh/kernel/machvec.c | 10 +- arch/um/kernel/um_arch.c | 2 +- arch/x86/include/asm/hyperv-tlfs.h | 4 +- arch/x86/include/asm/microcode.h | 1 + arch/x86/kernel/cpu/feat_ctl.c | 2 +- arch/x86/kernel/cpu/mce/apei.c | 13 +- arch/x86/kernel/cpu/microcode/amd.c | 3 +- arch/x86/kernel/cpu/resctrl/pseudo_lock.c | 12 +- arch/x86/kvm/emulate.c | 2 +- arch/x86/kvm/vmx/nested.c | 37 ++- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/xen/enlighten_pv.c | 3 +- block/blk-throttle.c | 8 +- block/blk-wbt.c | 10 +- crypto/akcipher.c | 8 + drivers/acpi/acpi_fpdt.c | 22 ++ drivers/acpi/acpi_video.c | 16 ++ drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/x86/utils.c | 19 +- drivers/ata/libahci_platform.c | 14 +- drivers/base/arch_topology.c | 19 ++ drivers/block/nbd.c | 6 +- drivers/bluetooth/btintel.c | 17 +- drivers/bluetooth/btusb.c | 14 ++ drivers/bluetooth/hci_ldisc.c | 7 +- drivers/bluetooth/hci_serdev.c | 10 +- drivers/char/hw_random/arm_smccc_trng.c | 4 +- drivers/char/hw_random/imx-rngc.c | 14 +- drivers/clk/baikal-t1/ccu-div.c | 65 +++++ drivers/clk/baikal-t1/ccu-div.h | 10 + drivers/clk/baikal-t1/clk-ccu-div.c | 26 +- drivers/clk/bcm/clk-bcm2835.c | 43 +++- drivers/clk/berlin/bg2.c | 5 +- drivers/clk/berlin/bg2q.c | 6 +- drivers/clk/clk-ast2600.c | 2 +- drivers/clk/clk-oxnas.c | 6 +- drivers/clk/clk-qoriq.c | 10 +- drivers/clk/clk-versaclock5.c | 2 +- drivers/clk/imx/clk-scu.c | 6 +- drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 6 +- drivers/clk/meson/meson-aoclk.c | 5 +- drivers/clk/meson/meson-eeclk.c | 5 +- drivers/clk/meson/meson8b.c | 5 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/apss-ipq6018.c | 2 +- drivers/clk/qcom/gcc-sm6115.c | 46 ++-- drivers/clk/sprd/common.c | 9 +- drivers/clk/tegra/clk-tegra114.c | 1 + drivers/clk/tegra/clk-tegra20.c | 1 + drivers/clk/tegra/clk-tegra210.c | 1 + drivers/clk/ti/clk-dra7-atl.c | 9 +- drivers/clk/zynqmp/clkc.c | 7 + drivers/clk/zynqmp/pll.c | 31 ++- drivers/cpufreq/intel_pstate.c | 1 + drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/crypto/ccp/ccp-dmaengine.c | 6 +- drivers/crypto/hisilicon/qm.c | 6 +- drivers/crypto/hisilicon/zip/zip_crypto.c | 4 +- drivers/crypto/inside-secure/safexcel_hash.c | 8 +- drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 18 +- drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 2 +- drivers/crypto/qat/qat_common/qat_algs.c | 18 +- drivers/crypto/sahara.c | 18 +- drivers/dma-buf/udmabuf.c | 9 +- drivers/dma/hisi_dma.c | 28 +-- drivers/dma/ioat/dma.c | 6 +- drivers/dma/mxs-dma.c | 11 +- drivers/dma/ti/k3-udma.c | 25 +- drivers/firmware/efi/libstub/fdt.c | 8 - drivers/firmware/google/gsmi.c | 9 + drivers/fpga/dfl.c | 2 +- drivers/fsi/fsi-core.c | 3 + drivers/gpio/gpio-rockchip.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 67 +++--- drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 16 +- drivers/gpu/drm/amd/display/dc/dc_stream.h | 6 +- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 35 +-- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 +- drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 +- drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 4 +- drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 21 +- drivers/gpu/drm/arm/display/komeda/komeda_kms.h | 2 + drivers/gpu/drm/bridge/adv7511/adv7511.h | 5 +- drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 4 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 4 +- drivers/gpu/drm/bridge/lontium-lt9611.c | 3 +- .../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 4 +- drivers/gpu/drm/bridge/parade-ps8640.c | 4 +- drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 13 +- drivers/gpu/drm/drm_bridge.c | 4 +- drivers/gpu/drm/drm_dp_helper.c | 9 - drivers/gpu/drm/drm_dp_mst_topology.c | 6 +- drivers/gpu/drm/drm_ioctl.c | 8 +- drivers/gpu/drm/drm_mipi_dsi.c | 1 + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/intel_pm.c | 10 +- drivers/gpu/drm/meson/meson_drv.c | 10 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 12 +- drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c | 29 +-- drivers/gpu/drm/msm/dp/dp_catalog.c | 2 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 4 +- drivers/gpu/drm/nouveau/nouveau_connector.c | 3 +- drivers/gpu/drm/nouveau/nouveau_prime.c | 1 - drivers/gpu/drm/omapdrm/dss/dss.c | 3 + drivers/gpu/drm/pl111/pl111_versatile.c | 1 + drivers/gpu/drm/tiny/bochs.c | 2 + drivers/gpu/drm/udl/udl_modeset.c | 3 - drivers/gpu/drm/vc4/vc4_vec.c | 4 +- drivers/gpu/drm/virtio/virtgpu_object.c | 3 + drivers/gpu/drm/virtio/virtgpu_plane.c | 6 +- drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 1 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-roccat.c | 4 + drivers/hsi/controllers/omap_ssi_core.c | 1 + drivers/hsi/controllers/omap_ssi_port.c | 8 +- drivers/hwmon/gsc-hwmon.c | 1 + drivers/hwmon/pmbus/mp2888.c | 13 +- drivers/hwmon/sht4x.c | 2 +- drivers/i2c/busses/i2c-designware-core.h | 7 +- drivers/i2c/busses/i2c-designware-master.c | 13 + drivers/i2c/busses/i2c-mlxbf.c | 44 +++- drivers/iio/adc/ad7923.c | 4 +- drivers/iio/adc/at91-sama5d2_adc.c | 28 ++- drivers/iio/adc/ltc2497.c | 13 + drivers/iio/dac/ad5593r.c | 46 ++-- drivers/iio/inkern.c | 8 +- drivers/iio/magnetometer/yamaha-yas530.c | 2 +- drivers/iio/pressure/dps310.c | 262 +++++++++++++-------- drivers/infiniband/core/cm.c | 14 +- drivers/infiniband/core/uverbs_cmd.c | 5 +- drivers/infiniband/core/verbs.c | 2 + drivers/infiniband/hw/hns/hns_roce_mr.c | 1 - drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 51 ++-- drivers/infiniband/hw/irdma/type.h | 1 + drivers/infiniband/hw/irdma/user.h | 1 + drivers/infiniband/hw/irdma/utils.c | 3 + drivers/infiniband/hw/irdma/verbs.c | 2 + drivers/infiniband/hw/mlx4/mr.c | 1 - drivers/infiniband/hw/mlx5/main.c | 3 + drivers/infiniband/hw/mlx5/odp.c | 3 +- drivers/infiniband/sw/rxe/rxe_qp.c | 10 +- drivers/infiniband/sw/rxe/rxe_queue.c | 12 +- drivers/infiniband/sw/siw/siw.h | 1 + drivers/infiniband/sw/siw/siw_qp.c | 2 +- drivers/infiniband/sw/siw/siw_qp_rx.c | 27 ++- drivers/infiniband/sw/siw/siw_verbs.c | 3 + drivers/infiniband/ulp/srp/ib_srp.c | 4 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 21 ++ drivers/iommu/omap-iommu-debug.c | 6 +- drivers/isdn/mISDN/l1oip.h | 1 + drivers/isdn/mISDN/l1oip_core.c | 13 +- drivers/leds/flash/leds-lm3601x.c | 2 - drivers/mailbox/bcm-flexrm-mailbox.c | 8 +- drivers/mailbox/mailbox-mpfs.c | 25 +- drivers/md/bcache/writeback.c | 73 ++++-- drivers/md/raid0.c | 2 +- drivers/md/raid5.c | 15 +- drivers/media/pci/cx88/cx88-vbi.c | 9 +- drivers/media/pci/cx88/cx88-video.c | 43 ++-- drivers/media/platform/exynos4-is/fimc-is.c | 1 + drivers/media/platform/meson/ge2d/ge2d.c | 1 - drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 1 - drivers/media/platform/s5p-mfc/s5p_mfc.c | 3 +- drivers/media/platform/xilinx/xilinx-vipp.c | 9 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 ++++--- drivers/media/usb/uvc/uvc_driver.c | 8 +- drivers/memory/of_memory.c | 2 + drivers/memory/pl353-smc.c | 1 + drivers/mfd/fsl-imx25-tsadc.c | 34 ++- drivers/mfd/intel_soc_pmic_core.c | 1 + drivers/mfd/lp8788-irq.c | 3 + drivers/mfd/lp8788.c | 12 +- drivers/mfd/sm501.c | 7 +- drivers/misc/ocxl/file.c | 2 + drivers/mmc/host/au1xmmc.c | 3 +- drivers/mmc/host/sdhci-msm.c | 1 + drivers/mmc/host/sdhci-sprd.c | 2 +- drivers/mmc/host/wmt-sdmmc.c | 5 +- drivers/mtd/devices/docg3.c | 7 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 1 + drivers/mtd/nand/raw/fsl_elbc_nand.c | 28 ++- drivers/mtd/nand/raw/intel-nand-controller.c | 12 +- drivers/mtd/nand/raw/meson_nand.c | 4 +- drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 2 + drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 3 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 79 +++++++ drivers/net/ethernet/atheros/alx/main.c | 5 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 + drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 177 +++++++++++--- drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 + drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 1 + drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c | 10 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 13 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/ethernet/ti/davinci_mdio.c | 242 ++++++++++++++++++- drivers/net/hyperv/hyperv_net.h | 3 +- drivers/net/hyperv/netvsc.c | 4 + drivers/net/hyperv/netvsc_drv.c | 19 ++ drivers/net/thunderbolt.c | 28 ++- drivers/net/usb/r8152.c | 4 +- drivers/net/wireless/ath/ath10k/mac.c | 54 +++-- drivers/net/wireless/ath/ath11k/mac.c | 25 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 43 ++-- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 12 +- drivers/net/wireless/mediatek/mt76/mt7615/main.c | 4 + .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + drivers/net/wireless/mediatek/mt76/sdio.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 34 ++- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 75 +++++- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 9 +- drivers/net/wireless/realtek/rtw88/main.c | 8 +- drivers/net/wwan/iosm/iosm_ipc_wwan.c | 5 +- drivers/nvme/host/core.c | 3 +- drivers/nvme/host/multipath.c | 1 + drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/tcp.c | 11 +- drivers/nvmem/core.c | 15 +- drivers/pci/setup-res.c | 11 + .../phy/amlogic/phy-meson-axg-mipi-pcie-analog.c | 6 +- drivers/phy/mediatek/phy-mtk-tphy.c | 7 +- drivers/phy/qualcomm/phy-qcom-usb-hsic.c | 6 +- drivers/pinctrl/pinctrl-rockchip.c | 13 + drivers/platform/chrome/chromeos_laptop.c | 24 +- drivers/platform/chrome/cros_ec.c | 8 +- drivers/platform/chrome/cros_ec_chardev.c | 3 + drivers/platform/chrome/cros_ec_proto.c | 32 +++ drivers/platform/chrome/cros_ec_typec.c | 2 +- drivers/platform/x86/msi-laptop.c | 14 +- drivers/power/supply/adp5061.c | 6 +- drivers/powercap/intel_rapl_common.c | 4 +- drivers/regulator/core.c | 2 +- drivers/regulator/qcom_rpm-regulator.c | 24 +- drivers/scsi/3w-9xxx.c | 2 +- drivers/scsi/cxgbi/libcxgbi.c | 2 +- drivers/scsi/iscsi_tcp.c | 140 ++++++++--- drivers/scsi/iscsi_tcp.h | 5 + drivers/scsi/libiscsi.c | 41 +++- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/qedf/qedf_main.c | 21 ++ drivers/slimbus/Kconfig | 3 +- drivers/slimbus/qcom-ngd-ctrl.c | 14 +- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/smsm.c | 20 +- drivers/soc/tegra/Kconfig | 1 - drivers/soundwire/cadence_master.c | 9 +- drivers/soundwire/intel.c | 1 - drivers/spi/spi-dw-bt1.c | 4 +- drivers/spi/spi-meson-spicc.c | 6 +- drivers/spi/spi-mt7621.c | 8 +- drivers/spi/spi-omap-100k.c | 1 + drivers/spi/spi-qup.c | 21 +- drivers/spi/spi-s3c64xx.c | 9 + drivers/spi/spi.c | 2 + drivers/spmi/spmi-pmic-arb.c | 13 +- drivers/staging/greybus/audio_helper.c | 11 - drivers/staging/media/meson/vdec/vdec_hevc.c | 6 +- drivers/staging/media/sunxi/cedrus/cedrus.c | 4 +- drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 5 +- drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 +- drivers/staging/rtl8723bs/os_dep/os_intfs.c | 60 ++--- drivers/staging/vt6655/device_main.c | 8 +- drivers/thermal/cpufreq_cooling.c | 10 +- drivers/thermal/intel/intel_powerclamp.c | 4 +- drivers/thermal/qcom/tsens-v0_1.c | 2 +- drivers/thunderbolt/nhi.c | 49 +++- drivers/thunderbolt/switch.c | 24 ++ drivers/thunderbolt/tb.h | 1 + drivers/thunderbolt/tb_regs.h | 1 + drivers/thunderbolt/usb4.c | 20 ++ drivers/tty/serial/8250/8250_core.c | 16 +- drivers/tty/serial/8250/8250_pci.c | 5 + drivers/tty/serial/8250/8250_port.c | 18 +- drivers/tty/serial/fsl_lpuart.c | 2 + drivers/tty/serial/jsm/jsm_driver.c | 3 +- drivers/tty/serial/xilinx_uartps.c | 2 + drivers/usb/common/debug.c | 96 +++++--- drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 17 ++ drivers/usb/dwc3/core.h | 4 + drivers/usb/gadget/function/f_printer.c | 12 +- drivers/usb/host/xhci-dbgcap.c | 2 +- drivers/usb/host/xhci-mem.c | 7 +- drivers/usb/host/xhci-plat.c | 18 +- drivers/usb/host/xhci.c | 3 +- drivers/usb/host/xhci.h | 1 + drivers/usb/misc/idmouse.c | 8 +- drivers/usb/mtu3/mtu3_core.c | 2 - drivers/usb/mtu3/mtu3_plat.c | 2 + drivers/usb/musb/musb_gadget.c | 3 + drivers/usb/storage/unusual_devs.h | 6 - drivers/vhost/vsock.c | 2 +- drivers/video/fbdev/smscufx.c | 14 +- drivers/video/fbdev/stifb.c | 2 +- drivers/xen/gntdev-common.h | 3 +- drivers/xen/gntdev.c | 80 ++++--- fs/btrfs/extent-tree.c | 3 + fs/btrfs/free-space-cache.c | 6 + fs/btrfs/qgroup.c | 15 ++ fs/btrfs/scrub.c | 36 +++ fs/btrfs/super.c | 11 +- fs/cifs/file.c | 9 + fs/cifs/smb2pdu.c | 7 +- fs/cifs/smb2transport.c | 10 +- fs/dlm/ast.c | 6 +- fs/dlm/lock.c | 16 +- fs/dlm/lowcomms.c | 4 + fs/eventfd.c | 10 +- fs/ext2/super.c | 6 +- fs/ext4/fast_commit.c | 40 ++-- fs/ext4/file.c | 6 + fs/ext4/inode.c | 14 +- fs/ext4/namei.c | 17 +- fs/ext4/resize.c | 2 +- fs/ext4/super.c | 25 +- fs/f2fs/checkpoint.c | 47 +++- fs/f2fs/data.c | 4 +- fs/f2fs/extent_cache.c | 3 +- fs/f2fs/f2fs.h | 9 +- fs/f2fs/gc.c | 10 +- fs/f2fs/recovery.c | 23 +- fs/f2fs/segment.c | 2 +- fs/f2fs/super.c | 15 +- fs/file_table.c | 7 +- fs/fs-writeback.c | 37 ++- fs/internal.h | 10 + fs/io-wq.c | 2 +- fs/io_uring.c | 43 ++-- fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 10 +- fs/jbd2/recovery.c | 1 + fs/jbd2/transaction.c | 6 +- fs/ksmbd/server.c | 4 +- fs/ksmbd/smb2pdu.c | 13 +- fs/ksmbd/smb_common.c | 6 +- fs/nfsd/nfs3proc.c | 11 +- fs/nfsd/nfs4proc.c | 19 +- fs/nfsd/nfs4recover.c | 4 +- fs/nfsd/nfs4state.c | 5 + fs/nfsd/nfs4xdr.c | 13 +- fs/nfsd/nfsproc.c | 6 +- fs/nfsd/xdr4.h | 3 +- fs/ntfs3/inode.c | 2 - fs/ntfs3/xattr.c | 102 +------- fs/open.c | 11 +- fs/quota/quota_tree.c | 38 +++ fs/splice.c | 10 +- fs/userfaultfd.c | 4 +- fs/xfs/xfs_super.c | 10 +- include/linux/ata.h | 39 +-- include/linux/bpf_verifier.h | 11 + include/linux/dynamic_debug.h | 11 +- include/linux/eventfd.h | 2 +- include/linux/fs.h | 9 +- include/linux/iova.h | 2 +- include/linux/once.h | 28 +++ include/linux/ring_buffer.h | 2 +- include/linux/sched.h | 2 +- include/linux/serial_8250.h | 1 + include/linux/serial_core.h | 3 +- include/linux/skbuff.h | 2 + include/linux/sunrpc/svc.h | 19 +- include/linux/tcp.h | 2 +- include/linux/trace.h | 36 ++- include/linux/trace_events.h | 1 + include/net/ieee802154_netdev.h | 12 +- include/net/tcp.h | 5 +- include/scsi/libiscsi.h | 6 +- include/uapi/rdma/mlx5-abi.h | 1 + kernel/bpf/bpf_local_storage.c | 4 +- kernel/bpf/bpf_task_storage.c | 8 +- kernel/bpf/btf.c | 2 +- kernel/bpf/hashtab.c | 30 ++- kernel/bpf/syscall.c | 2 + kernel/bpf/verifier.c | 42 +++- kernel/cgroup/cgroup.c | 6 +- kernel/cgroup/cpuset.c | 18 +- kernel/gcov/gcc_4_7.c | 18 +- kernel/livepatch/transition.c | 18 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree.c | 17 +- kernel/rcu/tree_plugin.h | 3 +- kernel/trace/ftrace.c | 8 +- kernel/trace/kprobe_event_gen_test.c | 49 +++- kernel/trace/ring_buffer.c | 87 ++++++- kernel/trace/trace.c | 66 ++++++ kernel/trace/trace_eprobe.c | 60 +---- kernel/trace/trace_events_synth.c | 23 +- kernel/trace/trace_kprobe.c | 60 +---- kernel/trace/trace_osnoise.c | 3 +- kernel/trace/trace_probe_kernel.h | 115 +++++++++ lib/Kconfig.debug | 8 +- lib/dynamic_debug.c | 45 +--- lib/once.c | 30 +++ mm/damon/vaddr.c | 10 + mm/hugetlb.c | 37 ++- mm/mmap.c | 5 +- net/bluetooth/hci_core.c | 34 ++- net/bluetooth/hci_sysfs.c | 3 + net/bluetooth/l2cap_core.c | 17 +- net/bluetooth/rfcomm/sock.c | 3 + net/can/bcm.c | 7 +- net/core/skmsg.c | 12 +- net/core/stream.c | 3 +- net/ieee802154/socket.c | 4 + net/ipv4/inet_hashtables.c | 4 +- net/ipv4/netfilter/nft_fib_ipv4.c | 3 + net/ipv4/tcp.c | 16 +- net/ipv4/tcp_output.c | 19 +- net/ipv6/netfilter/nft_fib_ipv6.c | 6 +- net/mac80211/cfg.c | 3 - net/netfilter/nf_conntrack_core.c | 18 +- net/openvswitch/datapath.c | 18 +- net/rds/tcp.c | 2 +- net/sctp/auth.c | 18 +- net/unix/garbage.c | 20 ++ net/vmw_vsock/virtio_transport_common.c | 2 +- net/xdp/xsk.c | 22 +- net/xdp/xsk_queue.h | 22 +- net/xfrm/xfrm_input.c | 18 +- net/xfrm/xfrm_ipcomp.c | 1 + scripts/Kbuild.include | 23 +- scripts/package/mkspec | 4 +- scripts/selinux/install_policy.sh | 2 +- security/Kconfig.hardening | 13 +- security/integrity/ima/ima_appraise.c | 12 +- sound/core/pcm_dmaengine.c | 8 +- sound/core/rawmidi.c | 2 - sound/core/sound_oss.c | 13 +- sound/pci/hda/hda_beep.c | 15 +- sound/pci/hda/hda_beep.h | 1 + sound/pci/hda/patch_hdmi.c | 6 - sound/pci/hda/patch_realtek.c | 11 +- sound/pci/hda/patch_sigmatel.c | 25 +- sound/soc/codecs/da7219.c | 5 +- sound/soc/codecs/lpass-tx-macro.c | 13 +- sound/soc/codecs/mt6359-accdet.c | 6 +- sound/soc/codecs/mt6660.c | 8 +- sound/soc/codecs/tas2764.c | 78 ++---- sound/soc/codecs/wcd9335.c | 2 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/codecs/wm5102.c | 6 +- sound/soc/codecs/wm5110.c | 6 +- sound/soc/codecs/wm8997.c | 6 +- sound/soc/fsl/eukrea-tlv320.c | 8 +- sound/soc/sh/rcar/ctu.c | 6 +- sound/soc/sh/rcar/dvc.c | 6 +- sound/soc/sh/rcar/mix.c | 6 +- sound/soc/sh/rcar/src.c | 5 +- sound/soc/sh/rcar/ssi.c | 4 +- sound/soc/sof/sof-pci-dev.c | 2 +- sound/usb/card.c | 32 ++- sound/usb/endpoint.c | 6 +- sound/usb/quirks.c | 42 ---- sound/usb/quirks.h | 2 - sound/usb/usbaudio.h | 1 + tools/bpf/bpftool/btf_dumper.c | 2 +- tools/bpf/bpftool/main.c | 10 + tools/lib/bpf/xsk.c | 6 +- tools/objtool/elf.c | 7 +- tools/perf/util/intel-pt.c | 9 +- .../selftests/arm64/signal/testcases/testcases.c | 2 +- tools/testing/selftests/tpm2/tpm2.py | 4 + 529 files changed, 4805 insertions(+), 2196 deletions(-)

1 year, 3 months

12
542
0 0

[PATCH v6 1/2] sched: Fix use-after-free bug in dup_user_cpus_ptr()

by Waiman Long

Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to be restricted on asymmetric systems"), the setting and clearing of user_cpus_ptr are done under pi_lock for arm64 architecture. However, dup_user_cpus_ptr() accesses user_cpus_ptr without any lock protection. Since sched_setaffinity() can be invoked from another process, the process being modified may be undergoing fork() at the same time. When racing with the clearing of user_cpus_ptr in __set_cpus_allowed_ptr_locked(), it can lead to user-after-free and possibly double-free in arm64 kernel. Commit 8f9ea86fdf99 ("sched: Always preserve the user requested cpumask") fixes this problem as user_cpus_ptr, once set, will never be cleared in a task's lifetime. However, this bug was re-introduced in commit 851a723e45d1 ("sched: Always clear user_cpus_ptr in do_set_cpus_allowed()") which allows the clearing of user_cpus_ptr in do_set_cpus_allowed(). This time, it will affect all arches. Fix this bug by always clearing the user_cpus_ptr of the newly cloned/forked task before the copying process starts and check the user_cpus_ptr state of the source task under pi_lock. Note to stable, this patch won't be applicable to stable releases. Just copy the new dup_user_cpus_ptr() function over. Fixes: 07ec77a1d4e8 ("sched: Allow task CPU affinity to be restricted on asymmetric systems") Fixes: 851a723e45d1 ("sched: Always clear user_cpus_ptr in do_set_cpus_allowed()") CC: stable(a)vger.kernel.org Reported-by: David Wang 王标 <wangbiao3(a)xiaomi.com> Signed-off-by: Waiman Long <longman(a)redhat.com> --- kernel/sched/core.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 25b582b6ee5f..b93d030b9fd5 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2612,19 +2612,43 @@ void do_set_cpus_allowed(struct task_struct *p, const struct cpumask *new_mask) int dup_user_cpus_ptr(struct task_struct *dst, struct task_struct *src, int node) { + cpumask_t *user_mask; unsigned long flags; - if (!src->user_cpus_ptr) + /* + * Always clear dst->user_cpus_ptr first as their user_cpus_ptr's + * may differ by now due to racing. + */ + dst->user_cpus_ptr = NULL; + + /* + * This check is racy and losing the race is a valid situation. + * It is not worth the extra overhead of taking the pi_lock on + * every fork/clone. + */ + if (data_race(!src->user_cpus_ptr)) return 0; - dst->user_cpus_ptr = kmalloc_node(cpumask_size(), GFP_KERNEL, node); - if (!dst->user_cpus_ptr) + user_mask = kmalloc_node(cpumask_size(), GFP_KERNEL, node); + if (!user_mask) return -ENOMEM; - /* Use pi_lock to protect content of user_cpus_ptr */ + /* + * Use pi_lock to protect content of user_cpus_ptr + * + * Though unlikely, user_cpus_ptr can be reset to NULL by a concurrent + * do_set_cpus_allowed(). + */ raw_spin_lock_irqsave(&src->pi_lock, flags); - cpumask_copy(dst->user_cpus_ptr, src->user_cpus_ptr); + if (src->user_cpus_ptr) { + swap(dst->user_cpus_ptr, user_mask); + cpumask_copy(dst->user_cpus_ptr, src->user_cpus_ptr); + } raw_spin_unlock_irqrestore(&src->pi_lock, flags); + + if (unlikely(user_mask)) + kfree(user_mask); + return 0; } -- 2.31.1

1 year, 3 months

3
2
0 0

[PATCH v5.10.y] ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

by Zubin Mithra

From: Takashi Iwai <tiwai(a)suse.de> commit 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d upstream. There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted recently. The fix is simply to cover snd_pcm_oss_make_ready() call into the same params_lock mutex with snd_pcm_oss_make_ready_locked() variant. Reported-and-tested-by: butt3rflyh4ck <butterflyhuangxx(a)gmail.com> Reviewed-by: Jaroslav Kysela <perex(a)perex.cz> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aa… Link: https://lore.kernel.org/r/20220905060714.22549-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Zubin Mithra <zsm(a)google.com> --- Note: * 8423f0b6d513 is present in linux-5.15.y and linux-5.4.y; missing in linux-5.10.y. * Backport addresses conflict due to surrounding context. * Tests run: build and boot. sound/core/oss/pcm_oss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c index f88de74da1eb..de6f94bee50b 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1662,13 +1662,14 @@ static int snd_pcm_oss_sync(struct snd_pcm_oss_file *pcm_oss_file) runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) goto __direct; - if ((err = snd_pcm_oss_make_ready(substream)) < 0) - return err; atomic_inc(&runtime->oss.rw_ref); if (mutex_lock_interruptible(&runtime->oss.params_lock)) { atomic_dec(&runtime->oss.rw_ref); return -ERESTARTSYS; } + err = snd_pcm_oss_make_ready_locked(substream); + if (err < 0) + goto unlock; format = snd_pcm_oss_format_from(runtime->oss.format); width = snd_pcm_format_physical_width(format); if (runtime->oss.buffer_used > 0) { -- 2.38.0.rc1.362.ged0d419d3c-goog

1 year, 3 months

3
3
0 0

[PATCH] usb: cdnsp: : add scatter gather support for ISOC endpoint

by Pawel Laszczak

Patch implements scatter gather support for isochronous endpoint. This fix is forced by 'commit e81e7f9a0eb9 ("usb: gadget: uvc: add scatter gather support")'. After this fix CDNSP driver stop working with UVC class. cc: <stable(a)vger.kernel.org> Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-gadget.c | 2 +- drivers/usb/cdns3/cdnsp-gadget.h | 4 +- drivers/usb/cdns3/cdnsp-ring.c | 110 +++++++++++++++++-------------- 3 files changed, 63 insertions(+), 53 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index a8640516c895..e81dca0e62a8 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -382,7 +382,7 @@ int cdnsp_ep_enqueue(struct cdnsp_ep *pep, struct cdnsp_request *preq) ret = cdnsp_queue_bulk_tx(pdev, preq); break; case USB_ENDPOINT_XFER_ISOC: - ret = cdnsp_queue_isoc_tx_prepare(pdev, preq); + ret = cdnsp_queue_isoc_tx(pdev, preq); } if (ret) diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index f740fa6089d8..e1b5801fdddf 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -1532,8 +1532,8 @@ void cdnsp_queue_stop_endpoint(struct cdnsp_device *pdev, unsigned int ep_index); int cdnsp_queue_ctrl_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq); int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq); -int cdnsp_queue_isoc_tx_prepare(struct cdnsp_device *pdev, - struct cdnsp_request *preq); +int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, + struct cdnsp_request *preq); void cdnsp_queue_configure_endpoint(struct cdnsp_device *pdev, dma_addr_t in_ctx_ptr); void cdnsp_queue_reset_ep(struct cdnsp_device *pdev, unsigned int ep_index); diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index b23e543b3a3d..07f6068342d4 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -1333,6 +1333,20 @@ static int cdnsp_handle_tx_event(struct cdnsp_device *pdev, ep_ring->dequeue, td->last_trb, ep_trb_dma); + desc = td->preq->pep->endpoint.desc; + + if (ep_seg) { + ep_trb = &ep_seg->trbs[(ep_trb_dma - ep_seg->dma) + / sizeof(*ep_trb)]; + + trace_cdnsp_handle_transfer(ep_ring, + (struct cdnsp_generic_trb *)ep_trb); + + if (pep->skip && usb_endpoint_xfer_isoc(desc) && + td->last_trb != ep_trb) + return -EAGAIN; + } + /* * Skip the Force Stopped Event. The event_trb(ep_trb_dma) * of FSE is not in the current TD pointed by ep_ring->dequeue @@ -1347,7 +1361,6 @@ static int cdnsp_handle_tx_event(struct cdnsp_device *pdev, goto cleanup; } - desc = td->preq->pep->endpoint.desc; if (!ep_seg) { if (!pep->skip || !usb_endpoint_xfer_isoc(desc)) { /* Something is busted, give up! */ @@ -1374,12 +1387,6 @@ static int cdnsp_handle_tx_event(struct cdnsp_device *pdev, goto cleanup; } - ep_trb = &ep_seg->trbs[(ep_trb_dma - ep_seg->dma) - / sizeof(*ep_trb)]; - - trace_cdnsp_handle_transfer(ep_ring, - (struct cdnsp_generic_trb *)ep_trb); - if (cdnsp_trb_is_noop(ep_trb)) goto cleanup; @@ -1726,11 +1733,6 @@ static unsigned int count_sg_trbs_needed(struct cdnsp_request *preq) return num_trbs; } -static unsigned int count_isoc_trbs_needed(struct cdnsp_request *preq) -{ - return cdnsp_count_trbs(preq->request.dma, preq->request.length); -} - static void cdnsp_check_trb_math(struct cdnsp_request *preq, int running_total) { if (running_total != preq->request.length) @@ -2192,28 +2194,48 @@ static unsigned int } /* Queue function isoc transfer */ -static int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, - struct cdnsp_request *preq) +int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, + struct cdnsp_request *preq) { - int trb_buff_len, td_len, td_remain_len, ret; + unsigned int trb_buff_len, td_len, td_remain_len, block_len; unsigned int burst_count, last_burst_pkt; unsigned int total_pkt_count, max_pkt; struct cdnsp_generic_trb *start_trb; + struct scatterlist *sg = NULL; bool more_trbs_coming = true; struct cdnsp_ring *ep_ring; + unsigned int num_sgs = 0; int running_total = 0; u32 field, length_field; + u64 addr, send_addr; int start_cycle; int trbs_per_td; - u64 addr; - int i; + int i, sent_len, ret; ep_ring = preq->pep->ring; + + td_len = preq->request.length; + + if (preq->request.num_sgs) { + num_sgs = preq->request.num_sgs; + sg = preq->request.sg; + addr = (u64)sg_dma_address(sg); + block_len = sg_dma_len(sg); + trbs_per_td = count_sg_trbs_needed(preq); + } else { + addr = (u64)preq->request.dma; + block_len = td_len; + trbs_per_td = count_trbs_needed(preq); + } + + ret = cdnsp_prepare_transfer(pdev, preq, trbs_per_td); + if (ret) + return ret; + start_trb = &ep_ring->enqueue->generic; start_cycle = ep_ring->cycle_state; - td_len = preq->request.length; - addr = (u64)preq->request.dma; td_remain_len = td_len; + send_addr = addr; max_pkt = usb_endpoint_maxp(preq->pep->endpoint.desc); total_pkt_count = DIV_ROUND_UP(td_len, max_pkt); @@ -2225,11 +2247,6 @@ static int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, burst_count = cdnsp_get_burst_count(pdev, preq, total_pkt_count); last_burst_pkt = cdnsp_get_last_burst_packet_count(pdev, preq, total_pkt_count); - trbs_per_td = count_isoc_trbs_needed(preq); - - ret = cdnsp_prepare_transfer(pdev, preq, trbs_per_td); - if (ret) - goto cleanup; /* * Set isoc specific data for the first TRB in a TD. @@ -2248,6 +2265,7 @@ static int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, /* Calculate TRB length. */ trb_buff_len = TRB_BUFF_LEN_UP_TO_BOUNDARY(addr); + trb_buff_len = min(trb_buff_len, block_len); if (trb_buff_len > td_remain_len) trb_buff_len = td_remain_len; @@ -2256,7 +2274,8 @@ static int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, trb_buff_len, td_len, preq, more_trbs_coming, 0); - length_field = TRB_LEN(trb_buff_len) | TRB_INTR_TARGET(0); + length_field = TRB_LEN(trb_buff_len) | TRB_TD_SIZE(remainder) | + TRB_INTR_TARGET(0); /* Only first TRB is isoc, overwrite otherwise. */ if (i) { @@ -2281,12 +2300,27 @@ static int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, } cdnsp_queue_trb(pdev, ep_ring, more_trbs_coming, - lower_32_bits(addr), upper_32_bits(addr), + lower_32_bits(send_addr), upper_32_bits(send_addr), length_field, field); running_total += trb_buff_len; addr += trb_buff_len; td_remain_len -= trb_buff_len; + + sent_len = trb_buff_len; + while (sg && sent_len >= block_len) { + /* New sg entry */ + --num_sgs; + sent_len -= block_len; + if (num_sgs != 0) { + sg = sg_next(sg); + block_len = sg_dma_len(sg); + addr = (u64)sg_dma_address(sg); + addr += sent_len; + } + } + block_len -= sent_len; + send_addr = addr; } /* Check TD length */ @@ -2324,30 +2358,6 @@ static int cdnsp_queue_isoc_tx(struct cdnsp_device *pdev, return ret; } -int cdnsp_queue_isoc_tx_prepare(struct cdnsp_device *pdev, - struct cdnsp_request *preq) -{ - struct cdnsp_ring *ep_ring; - u32 ep_state; - int num_trbs; - int ret; - - ep_ring = preq->pep->ring; - ep_state = GET_EP_CTX_STATE(preq->pep->out_ctx); - num_trbs = count_isoc_trbs_needed(preq); - - /* - * Check the ring to guarantee there is enough room for the whole - * request. Do not insert any td of the USB Request to the ring if the - * check failed. - */ - ret = cdnsp_prepare_ring(pdev, ep_ring, ep_state, num_trbs, GFP_ATOMIC); - if (ret) - return ret; - - return cdnsp_queue_isoc_tx(pdev, preq); -} - /**** Command Ring Operations ****/ /* * Generic function for queuing a command TRB on the command ring. -- 2.25.1

1 year, 3 months

2
3
0 0

[PATCH] usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail

by cy_huang

From: ChiYuan Huang <cy_huang(a)richtek.com> There's the altmode re-registeration issue after data role swap (DR_SWAP). Comparing to USBPD 2.0, in USBPD 3.0, it loose the limit that only DFP can initiate the VDM command to get partner identity information. For a USBPD 3.0 UFP device, it may already get the identity information from its port partner before DR_SWAP. If DR_SWAP send or receive at the mean time, 'send_discover' flag will be raised again. It causes discover identify action restart while entering ready state. And after all discover actions are done, the 'tcpm_register_altmodes' will be called. If old altmode is not unregistered, this sysfs create fail can be found. In 'DR_SWAP_CHANGE_DR' state case, only DFP will unregister altmodes. For UFP, the original altmodes keep registered. This patch fix the logic that after DR_SWAP, 'tcpm_unregister_altmodes' must be called whatever the current data role is. Fixes: ae8a2ca8a221 ("usb: typec: Group all TCPCI/TCPM code together) Reported-by: TommyYl Chen <tommyyl.chen(a)mediatek.com> Cc: stable(a)vger.kernel.org Signed-off-by: ChiYuan Huang <cy_huang(a)richtek.com> --- Hi, Below's the issue log for the reference. *TCPM [ 3.856679] AMS DISCOVER_MODES start [ 3.856687] PD TX, header: 0x188f [ 3.858827] PD TX complete, status: 0 [ 3.865330] PD RX, header: 0x2daf [1] [ 3.865340] Rx VDM cmd 0xff01a043 type 1 cmd 3 len 2 [ 3.865348] AMS DISCOVER_MODES finished [ 3.865352] Alternate mode 0: SVID 0xff01, VDO 1: 0x001c0045 [ 3.865362] AMS DISCOVER_MODES start [ 3.865367] PD TX, header: 0x1a8f [ 3.867802] PD TX complete, status: 0 [ 3.875208] PD RX, header: 0x2faf [1] [ 3.875216] Rx VDM cmd 0x413ca043 type 1 cmd 3 len 2 [ 3.875222] AMS DISCOVER_MODES finished [ 3.875225] Alternate mode 1: SVID 0x413c, VDO 1: 0x00000001 [ 3.938243] AMS GET_SINK_CAPABILITIES start [ 3.938255] state change SNK_READY -> AMS_START [rev3 GET_SINK_CAPABILITIES] [ 3.938266] state change AMS_START -> GET_SINK_CAP [rev3 GET_SINK_CAPABILITIES] [ 3.938274] PD TX, header: 0xe88 [ 3.940268] PD TX complete, status: 0 [ 3.940310] pending state change GET_SINK_CAP -> GET_SINK_CAP_TIMEOUT @ 60 ms [rev3 GET_SINK_CAPABILITIES] [ 3.946291] PD RX, header: 0x13a4 [1] [ 3.946295] Port partner FRS capable partner_frs_current:0 port_frs_current:0 enable:n [ 3.946298] state change GET_SINK_CAP -> SNK_READY [rev3 GET_SINK_CAPABILITIES] [ 3.946304] AMS GET_SINK_CAPABILITIES finished [ 4.239342] CC1: 5 -> 4, CC2: 0 -> 0 [state SNK_READY, polarity 0, connected] [ 4.256594] PD RX, header: 0x5a9 [1] [ 4.256603] state change SNK_READY -> DR_SWAP_ACCEPT [rev3 DATA_ROLE_SWAP] [ 4.256609] PD TX, header: 0x83 [ 4.258528] PD TX complete, status: 0 [ 4.258584] state change DR_SWAP_ACCEPT -> DR_SWAP_CHANGE_DR [rev3 DATA_ROLE_SWAP] [ 4.258591] Requesting mux state 1, usb-role 1, orientation 1 [ 4.259588] AMS DATA_ROLE_SWAP finished [ 4.259592] state change DR_SWAP_CHANGE_DR -> SNK_READY [rev3 NONE_AMS] [ 4.259605] AMS DISCOVER_IDENTITY start [ 4.259609] Sink TX No Go [ 4.260874] CC1: 4 -> 5, CC2: 0 -> 0 [state SNK_READY, polarity 0, connected] [ 4.359636] AMS DISCOVER_IDENTITY start [ 4.359642] PD TX, header: 0x12af [ 4.361884] PD TX complete, status: 0 [ 4.369433] PD RX, header: 0x578f [1] [ 4.369439] Rx VDM cmd 0xff00a041 type 1 cmd 1 len 5 [ 4.369448] AMS DISCOVER_IDENTITY finished [ 4.369515] Identity: 413c:c013.0712 [ 4.369521] AMS DISCOVER_SVIDS start [ 4.369524] PD TX, header: 0x14af [ 4.371696] PD TX complete, status: 0 [ 4.378564] PD RX, header: 0x398f [1] [ 4.378573] Rx VDM cmd 0xff00a042 type 1 cmd 2 len 3 [ 4.378579] AMS DISCOVER_SVIDS finished [ 4.378582] SVID 1: 0xff01 [ 4.378584] SVID 2: 0x413c [ 4.378594] AMS DISCOVER_MODES start [ 4.378597] PD TX, header: 0x16af [ 4.380696] PD TX complete, status: 0 [ 4.387008] PD RX, header: 0x2b8f [1] [ 4.387014] Rx VDM cmd 0xff01a043 type 1 cmd 3 len 2 [ 4.387021] AMS DISCOVER_MODES finished [ 4.387023] Alternate mode 0: SVID 0xff01, VDO 1: 0x001c0045 [ 4.387029] AMS DISCOVER_MODES start [ 4.387031] PD TX, header: 0x18af [ 4.389134] PD TX complete, status: 0 [ 4.395528] PD RX, header: 0x2d8f [1] [ 4.395538] Rx VDM cmd 0x413ca043 type 1 cmd 3 len 2 [ 4.395546] AMS DISCOVER_MODES finished [ 4.395548] Alternate mode 1: SVID 0x413c, VDO 1: 0x00000001 *Kernel TRACE sysfs: cannot create duplicate filename '/devices/platform/soc/11d01000.i2c/i2c-0/0-0034/mt6360-tcpc.6.auto/typec/port0/port0.0/partner' CPU: 2 PID: 299 Comm: mt6360-tcpc.6.a Tainted: GO 5.15.37-mtk+g880abc5122e7 #1 Hardware name: MediaTek MT8195 demo board (DT) Call trace: dump_backtrace+0x0/0x1ac show_stack+0x24/0x30 dump_stack_lvl+0x68/0x84 dump_stack+0x1c/0x38 sysfs_warn_dup+0x70/0x90 typec_probe+0xa4/0x134 [typec] really_probe.part.0+0xa4/0x310 __device_attach_driver+0x100/0x16c bus_for_each_drv+0x84/0xe0 __device_attach+0xe0/0x1ac device_add+0x39c/0x8b0 device_register+0x2c/0x40 typec_register_altmode+0x1f4/0x360 [typec] typec_partner_register_altmode+0x1c/0x30 [typec] tcpm_pd_rx_handler+0x19d4/0x1c0c [tcpm] kthread_worker_fn+0xb8/0x290 kthread+0x15c/0x170 ret_from_fork+0x10/0x20 [ 4.395962] typec_displayport port0-partner.2: failed to create symlinks [ 4.395967] typec_displayport: probe of port0-partner.2 failed with error -17 It seems it's a common issue if typec port supports the modal operation. --- drivers/usb/typec/tcpm/tcpm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 904c7b4..59b366b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4594,14 +4594,13 @@ static void run_state_machine(struct tcpm_port *port) tcpm_set_state(port, ready_state(port), 0); break; case DR_SWAP_CHANGE_DR: - if (port->data_role == TYPEC_HOST) { - tcpm_unregister_altmodes(port); + tcpm_unregister_altmodes(port); + if (port->data_role == TYPEC_HOST) tcpm_set_roles(port, true, port->pwr_role, TYPEC_DEVICE); - } else { + else tcpm_set_roles(port, true, port->pwr_role, TYPEC_HOST); - } tcpm_ams_finish(port); tcpm_set_state(port, ready_state(port), 0); break; -- 2.7.4

1 year, 3 months

5
8
0 0

[RFC] IMA LSM based rule race condition issue on 4.19 LTS

by Guozihua (Scott)

Hi community. Previously our team reported a race condition in IMA relates to LSM based rules which would case IMA to match files that should be filtered out under normal condition. The issue was originally analyzed and fixed on mainstream. The patch and the discussion could be found here: https://lore.kernel.org/all/20220921125804.59490-1-guozihua@huawei.com/ After that, we did a regression test on 4.19 LTS and the same issue arises. Further analysis reveled that the issue is from a completely different cause. The cause is that selinux_audit_rule_init() would set the rule (which is a second level pointer) to NULL immediately after called. The relevant codes are as shown: security/selinux/ss/services.c: > int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) > { > struct selinux_state *state = &selinux_state; > struct policydb *policydb = &state->ss->policydb; > struct selinux_audit_rule *tmprule; > struct role_datum *roledatum; > struct type_datum *typedatum; > struct user_datum *userdatum; > struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule; > int rc = 0; > > *rule = NULL; *rule is set to NULL here, which means the rule on IMA side is also NULL. > > if (!state->initialized) > return -EOPNOTSUPP; ... > out: > read_unlock(&state->ss->policy_rwlock); > > if (rc) { > selinux_audit_rule_free(tmprule); > tmprule = NULL; > } > > *rule = tmprule; rule is updated at the end of the function. > > return rc; > } security/integrity/ima/ima_policy.c: > static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, > const struct cred *cred, u32 secid, > enum ima_hooks func, int mask) > {... > for (i = 0; i < MAX_LSM_RULES; i++) { > int rc = 0; > u32 osid; > int retried = 0; > > if (!rule->lsm[i].rule) > continue; Setting rule to NULL would lead to LSM based rule matching being skipped. > retry: > switch (i) { To solve this issue, there are multiple approaches we might take and I would like some input from the community. The first proposed solution would be to change selinux_audit_rule_init(). Remove the set to NULL bit and update the rule pointer with cmpxchg. > diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c > index a9f2bc8443bd..aa74b04ccaf7 100644 > --- a/security/selinux/ss/services.c > +++ b/security/selinux/ss/services.c > @@ -3297,10 +3297,9 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) > struct type_datum *typedatum; > struct user_datum *userdatum; > struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule; > + struct selinux_audit_rule *orig = rule; > int rc = 0; > > - *rule = NULL; > - > if (!state->initialized) > return -EOPNOTSUPP; > > @@ -3382,7 +3381,8 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) > tmprule = NULL; > } > > - *rule = tmprule; > + if (cmpxchg(rule, orig, tmprule) != orig) > + selinux_audit_rule_free(tmprule); > > return rc; > } This solution would be an easy fix, but might influence other modules calling selinux_audit_rule_init() directly or indirectly (on 4.19 LTS, only auditfilter and IMA it seems). And it might be worth returning an error code such as -EAGAIN. Or, we can access rules via RCU, similar to what we do on 5.10. This could means more code change and testing. Reported-by: Huaxin Lu <luhuaxin1(a)huawei.com> -- Best GUO Zihua

1 year, 3 months

4
29
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2022