March 2022 - Linux-stable-mirror

[RESEND][PATCH v2] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge

by Maciej W. Rozycki

Fix an issue with the Tyan Tomcat IV S1564D system, the BIOS of which does not assign PCI buses beyond #2, where our resource reallocation code preserves the reset default of an I/O BAR assignment outside its upstream PCI-to-PCI bridge's I/O forwarding range for device 06:08.0 in this log: pci_bus 0000:00: max bus depth: 4 pci_try_num: 5 [...] pci 0000:06:08.0: BAR 4: no space for [io size 0x0020] pci 0000:06:08.0: BAR 4: trying firmware assignment [io 0xfce0-0xfcff] pci 0000:06:08.0: BAR 4: assigned [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: trying firmware assignment [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] conflicts with 0000:06:08.0 [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: failed to assign [io size 0x0020] pci 0000:05:00.0: PCI bridge to [bus 06] pci 0000:05:00.0: bridge window [mem 0xd8000000-0xd85fffff] [...] pci 0000:00:11.0: PCI bridge to [bus 01-06] pci 0000:00:11.0: bridge window [io 0xe000-0xefff] pci 0000:00:11.0: bridge window [mem 0xd8000000-0xdfffffff] pci 0000:00:11.0: bridge window [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:00: No. 2 try to assign unassigned res [...] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: trying firmware assignment [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] conflicts with 0000:06:08.0 [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: failed to assign [io size 0x0020] pci 0000:05:00.0: PCI bridge to [bus 06] pci 0000:05:00.0: bridge window [mem 0xd8000000-0xd85fffff] [...] pci 0000:00:11.0: PCI bridge to [bus 01-06] pci 0000:00:11.0: bridge window [io 0xe000-0xefff] pci 0000:00:11.0: bridge window [mem 0xd8000000-0xdfffffff] pci 0000:00:11.0: bridge window [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:00: No. 3 try to assign unassigned res pci 0000:00:11.0: resource 7 [io 0xe000-0xefff] released [...] pci 0000:06:08.1: BAR 4: assigned [io 0x2000-0x201f] pci 0000:05:00.0: PCI bridge to [bus 06] pci 0000:05:00.0: bridge window [io 0x2000-0x2fff] pci 0000:05:00.0: bridge window [mem 0xd8000000-0xd85fffff] [...] pci 0000:00:11.0: PCI bridge to [bus 01-06] pci 0000:00:11.0: bridge window [io 0x1000-0x2fff] pci 0000:00:11.0: bridge window [mem 0xd8000000-0xdfffffff] pci 0000:00:11.0: bridge window [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:00: resource 4 [io 0x0000-0xffff] pci_bus 0000:00: resource 5 [mem 0x00000000-0xffffffff] pci_bus 0000:01: resource 0 [io 0x1000-0x2fff] pci_bus 0000:01: resource 1 [mem 0xd8000000-0xdfffffff] pci_bus 0000:01: resource 2 [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:02: resource 0 [io 0x1000-0x2fff] pci_bus 0000:02: resource 1 [mem 0xd8000000-0xd8bfffff] pci_bus 0000:04: resource 0 [io 0x1000-0x1fff] pci_bus 0000:04: resource 1 [mem 0xd8600000-0xd8afffff] pci_bus 0000:05: resource 0 [io 0x2000-0x2fff] pci_bus 0000:05: resource 1 [mem 0xd8000000-0xd85fffff] pci_bus 0000:06: resource 0 [io 0x2000-0x2fff] pci_bus 0000:06: resource 1 [mem 0xd8000000-0xd85fffff] -- note that the assignment of 0xfce0-0xfcff is outside the range of 0x2000-0x2fff assigned to bus #6: 05:00.0 PCI bridge: Texas Instruments XIO2000(A)/XIO2200A PCI Express-to-PCI Bridge (rev 03) (prog-if 00 [Normal decode]) Flags: bus master, fast devsel, latency 0 Bus: primary=05, secondary=06, subordinate=06, sec-latency=0 I/O behind bridge: 00002000-00002fff Memory behind bridge: d8000000-d85fffff Capabilities: [50] Power Management version 2 Capabilities: [60] Message Signalled Interrupts: 64bit+ Queue=0/4 Enable- Capabilities: [80] #0d [0000] Capabilities: [90] Express PCI/PCI-X Bridge IRQ 0 06:08.0 USB controller: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller (rev 61) (prog-if 00 [UHCI]) Subsystem: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller Flags: bus master, medium devsel, latency 22, IRQ 5 I/O ports at fce0 [size=32] Capabilities: [80] Power Management version 2 06:08.1 USB controller: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller (rev 61) (prog-if 00 [UHCI]) Subsystem: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller Flags: bus master, medium devsel, latency 22, IRQ 5 I/O ports at 2000 [size=32] Capabilities: [80] Power Management version 2 Since both 06:08.0 and 06:08.1 have the same reset defaults the latter device escapes its fate and gets a good assignment owing to an address conflict with the former device. Consequently when the device driver tries to access 06:08.0 according to its designated address range it pokes at an unassigned I/O location, likely subtractively decoded by the southbridge and forwarded to ISA, causing the driver to become confused and bail out: uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! uhci_hcd 0000:06:08.0: host controller halted, very bad! uhci_hcd 0000:06:08.0: HCRESET not completed yet! uhci_hcd 0000:06:08.0: HC died; cleaning up if good luck happens or if bad luck does, an infinite flood of messages: uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! [...] making the system virtually unusuable. This is because we have code to deal with a situation from PR #16263, where broken ACPI firmware reports the wrong address range for the host bridge's decoding window and trying to adjust to the window causes more breakage than leaving the BIOS assignments intact. This may work for a device directly on the root bus decoded by the host bridge only, but for a device behind one or more PCI-to-PCI (or CardBus) bridges those bridges' forwarding windows have been standardised and need to be respected, or leaving whatever has been there in a downstream device's BAR will have no effect as cycles for the addresses recorded there will have no chance to appear on the bus the device has been immediately attached to. Make sure then for a device behind a PCI-to-PCI bridge that any firmware assignment is within the bridge's relevant forwarding window or do not restore the assignment, fixing the system concerned as follows: pci_bus 0000:00: max bus depth: 4 pci_try_num: 5 [...] pci 0000:06:08.0: BAR 4: no space for [io size 0x0020] pci 0000:06:08.0: BAR 4: failed to assign [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: failed to assign [io 0xfce0-0xfcff] [...] pci_bus 0000:00: No. 2 try to assign unassigned res [...] pci 0000:06:08.0: BAR 4: no space for [io size 0x0020] pci 0000:06:08.0: BAR 4: failed to assign [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: failed to assign [io 0xfce0-0xfcff] [...] pci_bus 0000:00: No. 3 try to assign unassigned res [...] pci 0000:06:08.0: BAR 4: assigned [io 0x2000-0x201f] pci 0000:06:08.1: BAR 4: assigned [io 0x2020-0x203f] and making device 06:08.0 work correctly. Cf. <https://bugzilla.kernel.org/show_bug.cgi?id=16263> Signed-off-by: Maciej W. Rozycki <macro(a)orcam.me.uk> Fixes: 58c84eda0756 ("PCI: fall back to original BIOS BAR addresses") Cc: stable(a)vger.kernel.org # v2.6.35+ --- Hi, Resending this patch as it has gone into void. Patch re-verified against 5.17-rc2. For the record the system's bus topology is as follows: -[0000:00]-+-00.0 +-07.0 +-07.1 +-07.2 +-11.0-[0000:01-06]----00.0-[0000:02-06]--+-00.0-[0000:03]-- | +-01.0-[0000:04]--+-00.0 | | \-00.3 | \-02.0-[0000:05-06]----00.0-[0000:06]--+-05.0 | +-08.0 | +-08.1 | \-08.2 +-12.0 +-13.0 \-14.0 Maciej Changes from v1: - Do restore firmware BAR assignments behind a PCI-PCI bridge, but only if within the bridge's forwarding window. - Update the change description and heading accordingly (was: PCI: Do not restore firmware BAR assignments behind a PCI-PCI bridge). --- drivers/pci/setup-res.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) linux-pci-setup-res-fw-address-nobridge.diff Index: linux-macro/drivers/pci/setup-res.c =================================================================== --- linux-macro.orig/drivers/pci/setup-res.c +++ linux-macro/drivers/pci/setup-res.c @@ -212,9 +212,19 @@ static int pci_revert_fw_address(struct res->end = res->start + size - 1; res->flags &= ~IORESOURCE_UNSET; + /* + * If we're behind a P2P or CardBus bridge, make sure we're + * inside the relevant forwarding window, or otherwise the + * assignment must have been bogus and accesses intended for + * the range assigned would not reach the device anyway. + * On the root bus accept anything under the assumption the + * host bridge will let it through. + */ root = pci_find_parent_resource(dev, res); if (!root) { - if (res->flags & IORESOURCE_IO) + if (dev->bus->parent) + return -ENXIO; + else if (res->flags & IORESOURCE_IO) root = &ioport_resource; else root = &iomem_resource;

3 years, 3 months

2
8
0 0

FAILED: patch "[PATCH] KVM: arm64: Workaround Cortex-A510's single-step and PAC trap" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1dd498e5e26ad71e3e9130daf72cfb6a693fee03 Mon Sep 17 00:00:00 2001 From: James Morse <james.morse(a)arm.com> Date: Thu, 27 Jan 2022 12:20:52 +0000 Subject: [PATCH] KVM: arm64: Workaround Cortex-A510's single-step and PAC trap errata Cortex-A510's erratum #2077057 causes SPSR_EL2 to be corrupted when single-stepping authenticated ERET instructions. A single step is expected, but a pointer authentication trap is taken instead. The erratum causes SPSR_EL1 to be copied to SPSR_EL2, which could allow EL1 to cause a return to EL2 with a guest controlled ELR_EL2. Because the conditions require an ERET into active-not-pending state, this is only a problem for the EL2 when EL2 is stepping EL1. In this case the previous SPSR_EL2 value is preserved in struct kvm_vcpu, and can be restored. Cc: stable(a)vger.kernel.org # 53960faf2b73: arm64: Add Cortex-A510 CPU part definition Cc: stable(a)vger.kernel.org Signed-off-by: James Morse <james.morse(a)arm.com> [maz: fixup cpucaps ordering] Signed-off-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20220127122052.1584324-5-james.morse@arm.com diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst index 0ec7b7f1524b..ea281dd75517 100644 --- a/Documentation/arm64/silicon-errata.rst +++ b/Documentation/arm64/silicon-errata.rst @@ -100,6 +100,8 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ARM | Cortex-A510 | #2051678 | ARM64_ERRATUM_2051678 | +----------------+-----------------+-----------------+-----------------------------+ +| ARM | Cortex-A510 | #2077057 | ARM64_ERRATUM_2077057 | ++----------------+-----------------+-----------------+-----------------------------+ | ARM | Cortex-A710 | #2119858 | ARM64_ERRATUM_2119858 | +----------------+-----------------+-----------------+-----------------------------+ | ARM | Cortex-A710 | #2054223 | ARM64_ERRATUM_2054223 | diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index f2b5a4abef21..cbcd42decb2a 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -680,6 +680,22 @@ config ARM64_ERRATUM_2051678 If unsure, say Y. +config ARM64_ERRATUM_2077057 + bool "Cortex-A510: 2077057: workaround software-step corrupting SPSR_EL2" + help + This option adds the workaround for ARM Cortex-A510 erratum 2077057. + Affected Cortex-A510 may corrupt SPSR_EL2 when the a step exception is + expected, but a Pointer Authentication trap is taken instead. The + erratum causes SPSR_EL1 to be copied to SPSR_EL2, which could allow + EL1 to cause a return to EL2 with a guest controlled ELR_EL2. + + This can only happen when EL2 is stepping EL1. + + When these conditions occur, the SPSR_EL2 value is unchanged from the + previous guest entry, and can be restored from the in-memory copy. + + If unsure, say Y. + config ARM64_ERRATUM_2119858 bool "Cortex-A710/X2: 2119858: workaround TRBE overwriting trace data in FILL mode" default y diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 066098198c24..b217941713a8 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -600,6 +600,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { CAP_MIDR_RANGE_LIST(trbe_write_out_of_range_cpus), }, #endif +#ifdef CONFIG_ARM64_ERRATUM_2077057 + { + .desc = "ARM erratum 2077057", + .capability = ARM64_WORKAROUND_2077057, + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + ERRATA_MIDR_REV_RANGE(MIDR_CORTEX_A510, 0, 0, 2), + }, +#endif #ifdef CONFIG_ARM64_ERRATUM_2064142 { .desc = "ARM erratum 2064142", diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h index 331dd10821df..701cfb964905 100644 --- a/arch/arm64/kvm/hyp/include/hyp/switch.h +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h @@ -402,6 +402,24 @@ static inline bool kvm_hyp_handle_exit(struct kvm_vcpu *vcpu, u64 *exit_code) return false; } +static inline void synchronize_vcpu_pstate(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + /* + * Check for the conditions of Cortex-A510's #2077057. When these occur + * SPSR_EL2 can't be trusted, but isn't needed either as it is + * unchanged from the value in vcpu_gp_regs(vcpu)->pstate. + * Are we single-stepping the guest, and took a PAC exception from the + * active-not-pending state? + */ + if (cpus_have_final_cap(ARM64_WORKAROUND_2077057) && + vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP && + *vcpu_cpsr(vcpu) & DBG_SPSR_SS && + ESR_ELx_EC(read_sysreg_el2(SYS_ESR)) == ESR_ELx_EC_PAC) + write_sysreg_el2(*vcpu_cpsr(vcpu), SYS_SPSR); + + vcpu->arch.ctxt.regs.pstate = read_sysreg_el2(SYS_SPSR); +} + /* * Return true when we were able to fixup the guest exit and should return to * the guest, false when we should restore the host state and return to the @@ -413,7 +431,7 @@ static inline bool fixup_guest_exit(struct kvm_vcpu *vcpu, u64 *exit_code) * Save PSTATE early so that we can evaluate the vcpu mode * early on. */ - vcpu->arch.ctxt.regs.pstate = read_sysreg_el2(SYS_SPSR); + synchronize_vcpu_pstate(vcpu, exit_code); /* * Check whether we want to repaint the state one way or diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index e7719e8f18de..9c65b1e25a96 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -55,9 +55,10 @@ WORKAROUND_1418040 WORKAROUND_1463225 WORKAROUND_1508412 WORKAROUND_1542419 -WORKAROUND_2064142 -WORKAROUND_2038923 WORKAROUND_1902691 +WORKAROUND_2038923 +WORKAROUND_2064142 +WORKAROUND_2077057 WORKAROUND_TRBE_OVERWRITE_FILL_MODE WORKAROUND_TSB_FLUSH_FAILURE WORKAROUND_TRBE_WRITE_OUT_OF_RANGE

3 years, 4 months

2
1
0 0

[PATCH] bluetooth: Add another Bluetooth part for Realtek 8852AE

by Larry Finger

This Realtek device has both wifi and BT components. The latter reports a USB ID of 0bda:4852, which is not in the table. The portion of /sys/kernel/debug/usb/devices pertaining to this device is T: Bus=06 Lev=01 Prnt=01 Port=03 Cnt=02 Dev#= 3 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=4852 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> Cc: Stable <stable(a)vger.kernel.org> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 60d2fce59a71..7e1e43c216ec 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -384,6 +384,8 @@ static const struct usb_device_id blacklist_table[] = { /* Realtek 8852AE Bluetooth devices */ { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0bda, 0x4852), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, /* Realtek Bluetooth devices */ { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), -- 2.33.0

3 years, 4 months

4
3
0 0

[PATCH 5.10 000/575] 5.10.80-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.80 release. There are 575 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Nov 2021 16:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.80-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.80-rc1 Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Partial revert of commit 6f9f17287e78 Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix PCIe Max Payload Size setting Pali Rohár <pali(a)kernel.org> PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros Jernej Skrabec <jernej.skrabec(a)gmail.com> drm/sun4i: Fix macros in sun8i_csc.h Xiaoming Ni <nixiaoming(a)huawei.com> powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n Vasant Hegde <hegdevasant(a)linux.vnet.ibm.com> powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines Halil Pasic <pasic(a)linux.ibm.com> s390/cio: make ccw_device_dma_* more robust Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix hanging ioctl caused by orphaned replies Sven Schnelle <svens(a)linux.ibm.com> s390/tape: fix timer initialization in tape_std_assign() Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: check the subchannel validity for dev_busid Marek Vasut <marex(a)denx.de> video: backlight: Drop maximum brightness override for brightness zero Jack Andersen <jackoalan(a)gmail.com> mfd: dln2: Add cell for initializing DLN2 ADC Michal Hocko <mhocko(a)suse.com> mm, oom: do not trigger out_of_memory from the #PF Vasily Averin <vvs(a)virtuozzo.com> mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/security: Add a helper to query stf_barrier type Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/bpf: Validate branch ranges Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/lib: Add helper to check if offset is within conditional branch range Vasily Averin <vvs(a)virtuozzo.com> memcg: prohibit unconditional exceeding the limit of dying tasks Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix missing error check in p9_check_errors Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: should use GFP_NOFS for directory inodes Guo Ren <guoren(a)linux.alibaba.com> irqchip/sifive-plic: Fixup EOI failed when masked Michael Pratt <mpratt(a)google.com> posix-cpu-timers: Clear task::posix_cputimers_work in copy_process() Dave Jones <davej(a)codemonkey.org.uk> x86/mce: Add errata workaround for Skylake SKX37 Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL Helge Deller <deller(a)gmx.de> parisc: Fix backtrace to always include init funtion names Arnd Bergmann <arnd(a)arndb.de> ARM: 9156/1: drop cc-option fallbacks for architecture selection Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ARM: 9155/1: fix early early_iounmap() Willem de Bruijn <willemb(a)google.com> selftests/net: udpgso_bench_rx: fix port argument Rahul Lakkireddy <rahul.lakkireddy(a)chelsio.com> cxgb4: fix eeprom len when diagnostics not implemented Dust Li <dust.li(a)linux.alibaba.com> net/smc: fix sk_refcnt underflow on linkdown and fallback Eiichi Tsukata <eiichi.tsukata(a)nutanix.com> vsock: prevent unnecessary refcnt inc for nonblocking connect Vladimir Oltean <vladimir.oltean(a)nxp.com> net: stmmac: allow a tc-taprio base-time of zero Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: allow configure ETS bandwidth of all TCs Yufeng Mo <moyufeng(a)huawei.com> net: hns3: fix kernel crash when unload VF while it is being reset Eric Dumazet <edumazet(a)google.com> net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any Muchun Song <songmuchun(a)bytedance.com> seq_file: fix passing wrong private data Dan Carpenter <dan.carpenter(a)oracle.com> gve: Fix off by one in gve_tx_timeout() John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Remove unhash handler for BPF sockmap usage Arnd Bergmann <arnd(a)arndb.de> arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions Chengfeng Ye <cyeaa(a)connect.ust.hk> nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails Eric Dumazet <edumazet(a)google.com> llc: fix out-of-bound array index in llc_sk_dev_hash() Ian Rogers <irogers(a)google.com> perf bpf: Add missing free to bpf_event__print_bpf_prog_info() Dan Carpenter <dan.carpenter(a)oracle.com> zram: off by one in read_block_state() Miaohe Lin <linmiaohe(a)huawei.com> mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for mcp251xfd_chip_rx_int_enable() Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> mfd: core: Add missing of_node_put for loop iteration Huang Guobin <huangguobin4(a)huawei.com> bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: fix duplex out of sync problem while changing settings Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> ataflop: remove ataflop_probe_lock mutex Luis Chamberlain <mcgrof(a)kernel.org> block/ataflop: provide a helper for cleanup up an atari disk Luis Chamberlain <mcgrof(a)kernel.org> block/ataflop: add registration bool before calling del_gendisk() Luis Chamberlain <mcgrof(a)kernel.org> block/ataflop: use the blk_cleanup_disk() helper Chenyuan Mi <cymi20(a)fudan.edu.cn> drm/nouveau/svm: Fix refcount leak bug and missing check against null bug Hans de Goede <hdegoede(a)redhat.com> ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses Brett Creeley <brett.creeley(a)intel.com> ice: Fix not stopping Tx queues for VFs Sylwester Dziedziuch <sylwesterx.dziedziuch(a)intel.com> ice: Fix replacing VF hardware MAC to existing MAC filter Ziyang Xuan <william.xuanziyang(a)huawei.com> net: vlan: fix a UAF in vlan_dev_real_dev() Stafford Horne <shorne(a)gmail.com> openrisc: fix SMP tlb flush NULL pointer dereference Jakub Kicinski <kuba(a)kernel.org> ethtool: fix ethtool msg len calculation for pause stats Maxim Kiselev <bigunclemax(a)gmail.com> net: davinci_emac: Fix interrupt pacing disable YueHaibing <yuehaibing(a)huawei.com> xen-pciback: Fix return in pm_ctrl_init() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a regression in nfs_set_open_stateid_locked() Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Turn off target reset during issue_lip Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix gnl list corruption Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Relogin during fabric disturbance Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Changes to support FCP2 Target Jackie Liu <liuyun01(a)kylinos.cn> ar7: fix kernel builds for compiler test Ahmad Fatoum <a.fatoum(a)pengutronix.de> watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT Randy Dunlap <rdunlap(a)infradead.org> m68k: set a default value for MEMORY_RESERVE Eric W. Biederman <ebiederm(a)xmission.com> signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) Lars-Peter Clausen <lars(a)metafoo.de> dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: fix OOB when mac header was cleared Robert-Ionut Alexa <robert-ionut.alexa(a)nxp.com> soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: ht16k33: Fix frame buffer device blanking Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: ht16k33: Connect backlight to fbdev Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string Alexey Gladkov <legion(a)kernel.org> Fix user namespace leak Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix an Oops in pnfs_mark_request_commit() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix up commit deadlocks Claudiu Beznea <claudiu.beznea(a)microchip.com> dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro Dan Carpenter <dan.carpenter(a)oracle.com> rtc: rv3032: fix error handling in rv3032_clkout_set_rate() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()' Zev Weiss <zev(a)bewilderbeest.net> mtd: core: don't remove debugfs directory if device is in use Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation Evgeny Novikov <novikov(a)ispras.ru> mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: orangefs: fix error return code of orangefs_revalidate_lookup() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix deadlocks in nfs_scan_commit_list() YueHaibing <yuehaibing(a)huawei.com> opp: Fix return in _opp_add_static_v2() Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge Marek Behún <kabel(a)kernel.org> PCI: aardvark: Don't spam about PIO Response Status Alex Xu (Hello71) <alex_y_xu(a)yahoo.ca> drm/plane-helper: fix uninitialized variable reference Baptiste Lepers <baptiste.lepers(a)gmail.com> pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix dentry verifier races Kewei Xu <kewei.xu(a)mediatek.com> i2c: mediatek: fixing the incorrect register offset J. Bruce Fields <bfields(a)redhat.com> nfsd: don't alloc under spinlock in rpc_parse_scope_id Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined Tom Rix <trix(a)redhat.com> apparmor: fix error check Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx: Fix kernel crash on IRQ handler register error Geert Uytterhoeven <geert+renesas(a)glider.be> mips: cm: Convert to bitfield API to fix out-of-bounds access Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_ring: check desc == NULL when using indirect with packed Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Correct configuring of switch inversion from ts-inv Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Use device_property API instead of of_property Lucas Tanure <tanureal(a)opensource.cirrus.com> ASoC: cs42l42: Disable regulators if probe fails Bixuan Cui <cuibixuan(a)linux.alibaba.com> powerpc/44x/fsp2: add missing of_node_put Andrej Shadura <andrew.shadura(a)collabora.co.uk> HID: u2fzero: properly handle timeouts in usb_submit_urb Andrej Shadura <andrew.shadura(a)collabora.co.uk> HID: u2fzero: clarify error check and length calculations Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL Anssi Hannula <anssi.hannula(a)bitwise.fi> serial: xilinx_uartps: Fix race condition causing stuck TX Sandeep Maheswaram <quic_c_sanm(a)quicinc.com> phy: qcom-snps: Correct the FSEL_MASK Dan Carpenter <dan.carpenter(a)oracle.com> phy: ti: gmii-sel: check of_get_address() for failure Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> phy: qcom-qusb2: Fix a memory leak on probe Rahul Tanwar <rtanwar(a)maxlinear.com> pinctrl: equilibrium: Fix function addition in multiple groups Wan Jiabing <wanjiabing(a)vivo.com> soc: qcom: apr: Add of_node_put() before return Guru Das Srinagesh <quic_gurus(a)quicinc.com> firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() Amelie Delaunay <amelie.delaunay(a)foss.st.com> usb: dwc2: drd: reset current session before setting the new one Amelie Delaunay <amelie.delaunay(a)foss.st.com> usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled Amelie Delaunay <amelie.delaunay(a)foss.st.com> usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init Stefan Agner <stefan(a)agner.ch> serial: imx: fix detach/attach of serial console Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer Can Guo <cang(a)codeaurora.org> scsi: ufs: Refactor ufshcd_setup_clocks() to remove skip_ref_clk Nuno Sá <nuno.sa(a)analog.com> iio: adis: do not disabe IRQs in 'adis_init()' Randy Dunlap <rdunlap(a)infradead.org> usb: typec: STUSB160X should select REGMAP_I2C Bjorn Andersson <bjorn.andersson(a)linaro.org> soc: qcom: rpmhpd: Make power_on actually enable the domain Lee Jones <lee.jones(a)linaro.org> soc: qcom: rpmhpd: Provide some missing struct member descriptions Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Correct some register default values Olivier Moysan <olivier.moysan(a)foss.st.com> ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 Olivier Moysan <olivier.moysan(a)foss.st.com> ARM: dts: stm32: fix SAI sub nodes register range Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Fix off-by-one bug in drive register check Vegard Nossum <vegard.nossum(a)oracle.com> staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> staging: most: dim2: do not double-register the same device Randy Dunlap <rdunlap(a)infradead.org> usb: musb: select GENERIC_PHY instead of depending on it Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Return missed an error if device doesn't support steering Dan Carpenter <dan.carpenter(a)oracle.com> scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() Yang Yingliang <yangyingliang(a)huawei.com> power: supply: max17040: fix null-ptr-deref in max17040_probe() Jakob Hauser <jahau(a)rocketmail.com> power: supply: rt5033_battery: Change voltage values to µV Dan Carpenter <dan.carpenter(a)oracle.com> usb: gadget: hid: fix error code in do_config() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Drop wrong use of ACPI_PTR() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc: fix unbalanced node refcount in check_kvm_guest() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix is_kvm_guest() / kvm_para_available() Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc: Reintroduce is_kvm_guest() as a fast-path check Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc: Rename is_kvm_guest() to check_kvm_guest() Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc: Refactor is_kvm_guest() declaration to new header Christophe Leroy <christophe.leroy(a)csgroup.eu> video: fbdev: chipsfb: use memset_io() instead of memset() Clément Léger <clement.leger(a)bootlin.com> clk: at91: check pmc node status before registering syscore ops Dongliang Mu <mudongliangabcd(a)gmail.com> memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> soc/tegra: Fix an error handling path in tegra_powergate_power_up() Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: topology: do not power down primary core during topology removal Andreas Kemnade <andreas(a)kemnade.info> arm: dts: omap3-gta04a4: accelerometer irq fix Yang Yingliang <yangyingliang(a)huawei.com> driver core: Fix possible memory leak in device_link_add() Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> soundwire: debugfs: use controller id and link_id for debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Use position buffer for SKL+ again Imre Deak <imre.deak(a)intel.com> ALSA: hda: Fix hang during shutdown due to link reset Imre Deak <imre.deak(a)intel.com> ALSA: hda: Release controller display power during shutdown/reboot Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Reduce udelay() at SKL+ position reporting Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000 Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: beacon: Fix Ethernet PHY mode Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock Dongliang Mu <mudongliangabcd(a)gmail.com> JFS: fix memleak in jfs_mount Jackie Liu <liuyun01(a)kylinos.cn> MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT Tong Zhang <ztong0001(a)gmail.com> scsi: dc395: Fix error case unwinding Peter Rosin <peda(a)axentia.se> ARM: dts: at91: tse850: the emac<->phy interface is rmii Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix timekeeping_suspended warning on resume Anand Moon <linux.amoon(a)gmail.com> arm64: dts: meson-g12b: Fix the pwm regulator supply properties Anand Moon <linux.amoon(a)gmail.com> arm64: dts: meson-g12a: Fix the pwm regulator supply properties Kishon Vijay Abraham I <kishon(a)ti.com> arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe Kishon Vijay Abraham I <kishon(a)ti.com> arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix query SRQ failure Marijn Suijten <marijn.suijten(a)somainline.org> ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Fix GPU register width for RK3328 Jackie Liu <liuyun01(a)kylinos.cn> ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM5301X: Fix memory nodes names Junji Wei <weijunji(a)bytedance.com> RDMA/rxe: Fix wrong port_cap_flags Alexandru Ardelean <aardelean(a)deviqon.com> iio: st_sensors: disable regulators after device unregistration Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: st_sensors: Call st_sensors_power_enable() from bus drivers Frank Rowand <frank.rowand(a)sony.com> of: unittest: fix EXPECT text for gpio hog errors Alexei Starovoitov <ast(a)kernel.org> bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit. Alexei Starovoitov <ast(a)kernel.org> bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off. Dan Schatzberg <schatzberg.dan(a)gmail.com> cgroup: Fix rootcg cpu.stat guest double counting Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: Process crqs after enabling interrupts Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: don't stop queue in xmit Jakub Kicinski <kuba(a)kernel.org> udp6: allow SO_MARK ctrl msg to affect routing Andrea Righi <andrea.righi(a)canonical.com> selftests/bpf: Fix fclose/pclose mismatch in test_progs Daniel Jordan <daniel.m.jordan(a)oracle.com> crypto: pcrypt - Delay write to padata->info Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: phylink: avoid mvneta warning when setting pause parameters Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> net: amd-xgbe: Toggle PLL settings during rate change Kumar Kartikeya Dwivedi <memxor(a)gmail.com> selftests/bpf: Fix fd cleanup in sk_lookup test Lorenz Bauer <lmb(a)cloudflare.com> selftests: bpf: Convert sk_lookup ctx access tests to PROG_TEST_RUN Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix discarded frames due to wrong sequence number Benjamin Li <benl(a)squareup.com> wcn36xx: add proper DMA memory barriers in rx path Wang Hai <wanghai38(a)huawei.com> libertas: Fix possible memory leak in probe and disconnect Wang Hai <wanghai38(a)huawei.com> libertas_tf: Fix possible memory leak in probe and disconnect Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: Fix handle_sske page fault handling Tiezhu Yang <yangtiezhu(a)loongson.cn> samples/kretprobes: Fix return value if register_kretprobe() failed Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> spi: spi-rpc-if: Check return value of rpcif_sw_init() Jon Maxwell <jmaxwell37(a)gmail.com> tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() Ilya Leoshkevich <iii(a)linux.ibm.com> libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED() Mark Brown <broonie(a)kernel.org> tpm_tis_spi: Add missing SPI ID Hao Wu <hao.wu(a)rubrik.com> tpm: fix Atmel TPM crash caused by too frequent queries Michael Schmitz <schmitzmic(a)gmail.com> block: ataflop: more blk-mq refactoring fixes Dan Carpenter <dan.carpenter(a)oracle.com> ataflop: potential out of bounds in do_format() Christoph Hellwig <hch(a)lst.de> ataflop: use a separate gendisk for each media format Mark Rutland <mark.rutland(a)arm.com> irq: mips: avoid nested irq_enter() Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: pv: avoid double free of sida page David Hildenbrand <david(a)redhat.com> s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix BTF header parsing checks Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix overflow in BTF sanity checks Andrii Nakryiko <andrii(a)kernel.org> libbpf: Allow loading empty BTFs Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix BTF data layout checks and allow empty BTF Quentin Monnet <quentin(a)isovalent.com> bpftool: Avoid leaking the JSON writer prepared for program metadata Jim Mattson <jmattson(a)google.com> KVM: selftests: Fix nested SVM tests when built with clang Ricardo Koller <ricarkol(a)google.com> KVM: selftests: Add operand to vmsave/vmload/vmrun in svm.c Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi Jessica Zhang <jesszhan(a)codeaurora.org> drm/msm: Fix potential NULL dereference in DPU SSPP Joerg Roedel <jroedel(a)suse.de> x86/sev: Fix stack type check in vc_switch_off_ist() Kees Cook <keescook(a)chromium.org> clocksource/drivers/timer-ti-dm: Select TIMER_OF Anders Roxell <anders.roxell(a)linaro.org> PM: hibernate: fix sparse warnings Max Gurtovoy <mgurtovoy(a)nvidia.com> nvme-rdma: fix error code in nvme_rdma_setup_ctrl Stefan Agner <stefan(a)agner.ch> phy: micrel: ksz8041nl: do not use power down mode Tim Gardner <tim.gardner(a)canonical.com> net: enetc: unmap DMA in enetc_send_cmd() Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Send DELBA requests according to spec Ziyang Xuan <william.xuanziyang(a)huawei.com> rsi: stop thread firstly in rsi_91x_init() error handling Shayne Chen <shayne.chen(a)mediatek.com> mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() Shayne Chen <shayne.chen(a)mediatek.com> mt76: mt7915: fix sta_rec_wtbl tag len Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7915: fix possible infinite loop release semaphore Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt76x02: fix endianness warnings in mt76x02_mac.c Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi Nathan Chancellor <nathan(a)kernel.org> platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning Michael Schmitz <schmitzmic(a)gmail.com> block: ataflop: fix breakage introduced at blk-mq refactoring Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mmc: mxs-mmc: disable regulator on error and in the remove function Sean Young <sean(a)mess.org> media: ir_toy: assignment to be16 should be of correct type Jakub Kicinski <kuba(a)kernel.org> net: stream: don't purge sk_error_queue in sk_stream_kill_queues() Dan Carpenter <dan.carpenter(a)oracle.com> drm/msm: uninitialized variable in msm_gem_import() Dan Carpenter <dan.carpenter(a)oracle.com> drm/msm: potential error pointer dereference in init() Eric Dumazet <edumazet(a)google.com> tcp: switch orphan_count to bare per-cpu counters Zhang Qiao <zhangqiao22(a)huawei.com> kernel/sched: Fix sched_fork() access an invalid sched_task_group Sven Eckelmann <seckelmann(a)datto.com> ath10k: fix max antenna gain unit Zev Weiss <zev(a)bewilderbeest.net> hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff Yang Yingliang <yangyingliang(a)huawei.com> hwmon: Fix possible memleak in __hwmon_device_register() Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE Dan Carpenter <dan.carpenter(a)oracle.com> memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() Arnd Bergmann <arnd(a)arndb.de> memstick: avoid out-of-range warning Tony Lindgren <tony(a)atomide.com> mmc: sdhci-omap: Fix context restore Tony Lindgren <tony(a)atomide.com> mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured John Fraker <jfraker(a)google.com> gve: Recover from queue stall due to missed IRQ Dan Carpenter <dan.carpenter(a)oracle.com> b43: fix a lower bounds test Dan Carpenter <dan.carpenter(a)oracle.com> b43legacy: fix a lower bounds test Markus Schneider-Pargmann <msp(a)baylibre.com> hwrng: mtk - Force runtime pm ops for sleep ops Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - disregard spurious PFVF interrupts Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - detect PFVF collision after ACK Evgeny Novikov <novikov(a)ispras.ru> media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_dynset: relax superfluous check on set updates Peter Zijlstra <peterz(a)infradead.org> rcu: Always inline rcu_dynticks_task*_{enter,exit}() Yazen Ghannam <yazen.ghannam(a)amd.com> EDAC/amd64: Handle three rank interleaving mode Vincent Donnefort <vincent.donnefort(a)arm.com> PM: EM: Fix inefficient states detection Linus Lüssing <ll(a)simonwunderlich.de> ath9k: Fix potential interrupt storm on queue reset Colin Ian King <colin.king(a)canonical.com> media: em28xx: Don't use ops->suspend if it is NULL Anel Orazgaliyeva <anelkz(a)amazon.de> cpuidle: Fix kobject memory leaks in error paths Arnd Bergmann <arnd(a)arndb.de> crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency Punit Agrawal <punitagrawal(a)gmail.com> kprobes: Do not use local variable when creating debugfs file Colin Ian King <colin.king(a)canonical.com> media: cx23885: Fix snd_card_free call on null card pointer Kees Cook <keescook(a)chromium.org> media: tm6000: Avoid card name truncation Kees Cook <keescook(a)chromium.org> media: si470x: Avoid card name truncation Kees Cook <keescook(a)chromium.org> media: radio-wl1273: Avoid card name truncation Randy Dunlap <rdunlap(a)infradead.org> media: i2c: ths8200 needs V4L2_ASYNC Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' Tom Rix <trix(a)redhat.com> media: TDA1997x: handle short reads of hdmi info frame. Ricardo Ribalda <ribalda(a)chromium.org> media: v4l2-ioctl: S_CTRL output the right value Pavel Skripkin <paskripkin(a)gmail.com> media: dvb-usb: fix ununit-value in az6027_rc_query Colin Ian King <colin.king(a)canonical.com> media: cxd2880-spi: Fix a null pointer dereference on error handling path Pavel Skripkin <paskripkin(a)gmail.com> media: em28xx: add missing em28xx_close_extension Arnd Bergmann <arnd(a)arndb.de> drm/amdgpu: fix warning for overflow check Sudarshan Rajagopalan <quic_sudaraja(a)quicinc.com> arm64: mm: update max_pfn after memory hotplug Matthew Auld <matthew.auld(a)intel.com> drm/ttm: stop calling tt_swapin in vm_access Fabio Estevam <festevam(a)denx.de> ath10k: sdio: Add missing BH locking around napi_schdule() Loic Poulain <loic.poulain(a)linaro.org> ath10k: Fix missing frame timestamp for beacon/probe-resp Baochen Qiang <bqiang(a)codeaurora.org> ath11k: Fix memory leak in ath11k_qmi_driver_event_work Pradeep Kumar Chitrapu <pradeepc(a)codeaurora.org> ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status Sriram R <srirrama(a)codeaurora.org> ath11k: Avoid race during regd updates Dan Carpenter <dan.carpenter(a)oracle.com> ath11k: fix some sleeping in atomic bugs Linus Walleij <linus.walleij(a)linaro.org> net: dsa: rtl8366rb: Fix off-by-one bug Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() Michael Walle <michael(a)walle.cc> crypto: caam - disable pkc for non-E SoCs Dinghao Liu <dinghao.liu(a)zju.edu.cn> Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync Ajay Singh <ajay.kathat(a)microchip.com> wilc1000: fix possible memory leak in cfg_scan_result() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> wcn36xx: Fix Antenna Diversity Switching Waiman Long <longman(a)redhat.com> cgroup: Make rebind_subsystems() disable v2 controllers all at once Yajun Deng <yajun.deng(a)linux.dev> net: net_namespace: Fix undefined member in key_remove_domain() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Let lock_is_held_type() detect recursive read as read liuyuntao <liuyuntao10(a)huawei.com> virtio-gpu: fix possible memory allocation failure Iago Toral Quiroga <itoral(a)igalia.com> drm/v3d: fix wait for TMU write combiner flush Peter Zijlstra <peterz(a)infradead.org> objtool: Fix static_call list generation Peter Zijlstra <peterz(a)infradead.org> x86/xen: Mark cpu_bringup_and_idle() as dead_end_function Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Add xen_start_kernel() to noreturn list Aleksander Jan Bajkowski <olek2(a)wp.pl> MIPS: lantiq: dma: fix burst length for DEU Neeraj Upadhyay <neeraju(a)codeaurora.org> rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() Desmond Cheong Zhi Xi <desmondcheongzx(a)gmail.com> Bluetooth: fix init and cleanup of sco_conn.timeout_work Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: Fix strobemeta selftest regression Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state Sven Schnelle <svens(a)stackframe.org> parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling Sven Schnelle <svens(a)stackframe.org> parisc/unwind: fix unwinder when CONFIG_64BIT is enabled Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: don't trigger WARN() when decompression fails Helge Deller <deller(a)gmx.de> task_stack: Fix end_of_stack() for architectures with upwards-growing stack Sven Schnelle <svens(a)stackframe.org> parisc: fix warning in flush_tlb_all Shuah Khan <skhan(a)linuxfoundation.org> selftests/core: fix conflicting types compile error for close_range() Anson Jacob <Anson.Jacob(a)amd.com> drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Correct band/freq reporting on RX Yang Yingliang <yangyingliang(a)huawei.com> spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() Josef Bacik <josef(a)toxicpanda.com> btrfs: do not take the uuid_mutex in btrfs_rm_device Sidong Yang <realwakka(a)gmail.com> btrfs: reflink: initialize return value to 0 in btrfs_extent_same() Stefan Schaeckeler <schaecsn(a)gmx.net> ACPI: AC: Quirk GK45 to skip reading _PSR Eric Dumazet <edumazet(a)google.com> net: annotate data-race in neigh_output() Florian Westphal <fw(a)strlen.de> vrf: run conntrack only in context of lower/physdev for locally generated packets Arnd Bergmann <arnd(a)arndb.de> ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix glock_hash_walk bugs Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Cancel remote delete work asynchronously Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: lantiq_gswip: serialize access to the PCE table Stephen Suryaputra <ssuryaextr(a)gmail.com> gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE Masami Hiramatsu <mhiramat(a)kernel.org> ARM: clang: Do not rely on lr register for stacktrace Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> smackfs: use __GFP_NOFAIL for smk_cipso_doi() Johannes Berg <johannes.berg(a)intel.com> iwlwifi: mvm: disable RX-diversity in powersave Jiri Olsa <jolsa(a)redhat.com> selftests/bpf: Fix perf_buffer test on system with offline cpus Shuah Khan <skhan(a)linuxfoundation.org> selftests: kvm: fix mismatched fclose() after popen() Ye Bin <yebin10(a)huawei.com> PM: hibernate: Get block device exclusively in swsusp_check() Hannes Reinecke <hare(a)suse.de> nvme: drop scan_lock and always kick requeue list when removing namespaces Israel Rukshin <israelr(a)nvidia.com> nvmet-tcp: fix use-after-free when a port is removed Israel Rukshin <israelr(a)nvidia.com> nvmet-rdma: fix use-after-free when a port is removed Israel Rukshin <israelr(a)nvidia.com> nvmet: fix use-after-free when a port is removed Michael Tretter <m.tretter(a)pengutronix.de> media: allegro: ignore interrupt if mailbox is not initialized Jens Axboe <axboe(a)kernel.dk> block: remove inaccurate requeue check Zheyu Ma <zheyuma97(a)gmail.com> mwl8k: Fix use-after-free in mwl8k_fw_state_machine() Ryder Lee <ryder.lee(a)mediatek.com> mt76: mt7915: fix an off-by-one bound check Kalesh Singh <kaleshsingh(a)google.com> tracing/cfi: Fix cmp_entries_* functions signature mismatch Menglong Dong <imagedong(a)tencent.com> workqueue: make sysfs of unbound kworker cpumask more clever Lasse Collin <lasse.collin(a)tukaani.org> lib/xz: Validate the value before assigning it to an enum variable Lasse Collin <lasse.collin(a)tukaani.org> lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression Zheyu Ma <zheyuma97(a)gmail.com> memstick: r592: Fix a UAF bug when removing the driver Xiao Ni <xni(a)redhat.com> md: update superblock after changing rdev flags in state_store Jens Axboe <axboe(a)kernel.dk> block: bump max plugged deferred size from 16 to 32 Tim Gardner <tim.gardner(a)canonical.com> drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() Kees Cook <keescook(a)chromium.org> leaking_addresses: Always print a trailing newline Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: phy: micrel: make *-skew-ps check more lenient Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdkfd: fix resume error when iommu disabled in Picasso André Almeida <andrealmeid(a)collabora.com> ACPI: battery: Accept charges over the design capacity as full Andreas Gruenbacher <agruenba(a)redhat.com> iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value Xin Xiong <xiongx18(a)fudan.edu.cn> mmc: moxart: Fix reference count leaks in moxart_probe Tuo Li <islituo(a)gmail.com> ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracefs: Have tracefs directories not set OTH permission bits by default Antoine Tenart <atenart(a)kernel.org> net-sysfs: try not to restart the syscall if it will fail eventually Anant Thazhemadam <anant.thazhemadam(a)gmail.com> media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() Ricardo Ribalda <ribalda(a)chromium.org> media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info Ricardo Ribalda <ribalda(a)chromium.org> media: ipu3-imgu: imgu_fmt: Handle properly try Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Avoid evaluating methods too early during system resume Josh Don <joshdon(a)google.com> fs/proc/uptime.c: Fix idle time reporting in /proc/uptime Corey Minyard <cminyard(a)mvista.com> ipmi: Disable some operations during a panic Nadezda Lutovinova <lutovinova(a)ispras.ru> media: rcar-csi2: Add checking to rcsi2_start_receiver() Hans de Goede <hdegoede(a)redhat.com> brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet Zong-Zhe Yang <kevin_yang(a)realtek.com> rtw88: fix RX clock gate setting while fifo dump Randy Dunlap <rdunlap(a)infradead.org> ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK Rajat Asthana <rajatasthana4(a)gmail.com> media: mceusb: return without resubmitting URB in case of -EPROTO error. Martin Kepplinger <martink(a)posteo.de> media: imx: set a media_device bus_info string Nadezda Lutovinova <lutovinova(a)ispras.ru> media: s5p-mfc: Add checking to s5p_mfc_probe(). Tuo Li <islituo(a)gmail.com> media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set unique vdev name based in type Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Return -EIO for control errors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set capability in s_param Dmitriy Ulitin <ulitin(a)ispras.ru> media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() Evgeny Novikov <novikov(a)ispras.ru> media: atomisp: Fix error handling in probe Zheyu Ma <zheyuma97(a)gmail.com> media: netup_unidvb: handle interrupt properly according to the firmware Dirk Bender <d.bender(a)phytec.de> media: mt9p031: Fix corrupted frame after restarting stream Alagu Sankar <alagusankar(a)silex-india.com> ath10k: high latency fixes for beacon buffer Baochen Qiang <bqiang(a)codeaurora.org> ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets Wen Gong <wgong(a)codeaurora.org> ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED Sriram R <srirrama(a)codeaurora.org> ath11k: Avoid reg rules update during firmware recovery Andrey Grodzovsky <andrey.grodzovsky(a)amd.com> drm/amdgpu: Fix MMIO access page fault Eric Biggers <ebiggers(a)google.com> fscrypt: allow 256-bit master keys with AES-256-XTS Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Properly initialize private structure on interface type changes Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type Peter Zijlstra <peterz(a)infradead.org> x86: Increase exception stack sizes Seevalamuthu Mariappan <seevalam(a)codeaurora.org> ath11k: Align bss_chan_info structure with firmware Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> smackfs: Fix use-after-free in netlbl_catmap_walk() Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop Jakub Kicinski <kuba(a)kernel.org> net: sched: update default qdisc visibility after Tx queue cnt changes Peter Zijlstra <peterz(a)infradead.org> locking/lockdep: Avoid RCU-induced noinstr fail Aleksander Jan Bajkowski <olek2(a)wp.pl> MIPS: lantiq: dma: reset correct number of channel Aleksander Jan Bajkowski <olek2(a)wp.pl> MIPS: lantiq: dma: add small delay after reset Barnabás Pőcze <pobrn(a)protonmail.com> platform/x86: wmi: do not fail if disabling fails Scott Wood <swood(a)redhat.com> rcutorture: Avoid problematic critical section nesting on PREEMPT_RT Simon Ser <contact(a)emersion.fr> drm/panel-orientation-quirks: add Valve Steam Deck Wang ShaoBo <bobo.shaobowang(a)huawei.com> Bluetooth: fix use-after-free error in lock_sock_nested() Takashi Iwai <tiwai(a)suse.de> Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) Charan Teja Reddy <charante(a)codeaurora.org> dma-buf: WARN on dmabuf release with pending attachments Sebastian Krzyszkowiak <sebastian.krzyszkowiak(a)puri.sm> power: supply: max17042_battery: Clear status bits in interrupt handler Johan Hovold <johan(a)kernel.org> USB: chipidea: fix interrupt deadlock Johan Hovold <johan(a)kernel.org> USB: iowarrior: fix control-message timeouts Johan Hovold <johan(a)kernel.org> most: fix control-message timeouts Johan Hovold <johan(a)kernel.org> serial: 8250: fix racy uartclk update Wang Hai <wanghai38(a)huawei.com> USB: serial: keyspan: fix memleak on probe errors Nuno Sá <nuno.sa(a)analog.com> iio: ad5770r: make devicetree property reading consistent Pekka Korpinen <pekka.korpinen(a)iki.fi> iio: dac: ad5446: Fix ad5622_write() return value Tao Zhang <quic_taozha(a)quicinc.com> coresight: cti: Correct the parameter for pm_runtime_put Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak in pinctrl_enable() Zhang Yi <yi.zhang(a)huawei.com> quota: correct error number in free_dqentry() Zhang Yi <yi.zhang(a)huawei.com> quota: check block number when reading the block in quota file Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge Marek Behún <kabel(a)kernel.org> PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG Marek Behún <kabel(a)kernel.org> PCI: aardvark: Fix return value of MSI domain .alloc() method Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix configuring Reference clock Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix reporting Data Link Layer Link Active Pali Rohár <pali(a)kernel.org> PCI: aardvark: Do not unmask unused interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix checking for link up via LTSSM state Pali Rohár <pali(a)kernel.org> PCI: aardvark: Do not clear status bits of masked interrupts Li Chen <lchen(a)ambarella.com> PCI: cadence: Add cdns_plat_pcie_probe() missing return Marek Behún <kabel(a)kernel.org> PCI: pci-bridge-emul: Fix emulation of W1C bits yangerkun <yangerkun(a)huawei.com> ovl: fix use after free in struct ovl_aio_req Juergen Gross <jgross(a)suse.com> xen/balloon: add late_initcall_sync() for initial ballooning done Pavel Skripkin <paskripkin(a)gmail.com> ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume Takashi Iwai <tiwai(a)suse.de> ALSA: mixer: oss: Fix racy access to slots Arnd Bergmann <arnd(a)arndb.de> ifb: fix building without CONFIG_NET_CLS_ACT Pali Rohár <pali(a)kernel.org> serial: core: Fix initializing and restoring termios speed Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Protect ring_buffer_reset() from reentrancy Xiaoming Ni <nixiaoming(a)huawei.com> powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: j1939_can_recv(): ignore messages with invalid source address Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Extract ESR_ELx.EC only Henrik Grimler <henrik(a)grimler.se> power: supply: max17042_battery: use VFSOC for capacity when no rsns Sebastian Krzyszkowiak <sebastian.krzyszkowiak(a)puri.sm> power: supply: max17042_battery: Prevent int underflow in set_soc_threshold Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines Meng Li <Meng.Li(a)windriver.com> soc: fsl: dpio: use the combined functions to protect critical zone Meng Li <Meng.Li(a)windriver.com> soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id Eric W. Biederman <ebiederm(a)xmission.com> signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT Wolfram Sang <wsa+renesas(a)sang-engineering.com> memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode Eric W. Biederman <ebiederm(a)xmission.com> signal: Remove the bogus sigkill_pending in ptrace_stop Alok Prasad <palok(a)marvell.com> RDMA/qedr: Fix NULL deref for query_qp on the GSI QP Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix Intel ICX IIO event constraints Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server Marek Vasut <marex(a)denx.de> rsi: Fix module dev_oper_mode parameter description Martin Fuzzey <martin.fuzzey(a)flowbird.group> rsi: fix rate mask set leading to P2P failure Martin Fuzzey <martin.fuzzey(a)flowbird.group> rsi: fix key enabled check causing unwanted encryption for vap_id > 0 Martin Fuzzey <martin.fuzzey(a)flowbird.group> rsi: fix occasional initialisation failure with BT coex Benjamin Li <benl(a)squareup.com> wcn36xx: handle connection loss indication Reimar Döffinger <Reimar.Doeffinger(a)gmx.de> libata: fix checking of DMA state Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Try waking the firmware until we get an interrupt Jonas Dreßler <verdre(a)v0yd.nl> mwifiex: Read a PCI register after writing the TX ring write pointer Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix (QoS) null data frame bitrate/modulation Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix tx_status mechanism Loic Poulain <loic.poulain(a)linaro.org> wcn36xx: Fix HT40 capability for 2Ghz band Lukas Wunner <lukas(a)wunner.de> ifb: Depend on netfilter alternatively to tc Austin Kim <austin.kim(a)lge.com> evm: mark evm_fixmode as __ro_after_init Johan Hovold <johan(a)kernel.org> rtl8187: fix control-message timeouts Ingmar Klein <ingmar_klein(a)web.de> PCI: Mark Atheros QCA6174 to avoid bus reset Johan Hovold <johan(a)kernel.org> ath10k: fix division by zero in send path Johan Hovold <johan(a)kernel.org> ath10k: fix control-message timeout Johan Hovold <johan(a)kernel.org> ath6kl: fix control-message timeout Johan Hovold <johan(a)kernel.org> ath6kl: fix division by zero in send path Johan Hovold <johan(a)kernel.org> mwifiex: fix division by zero in fw download path Eric Badger <ebadger(a)purestorage.com> EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled Zev Weiss <zev(a)bewilderbeest.net> hwmon: (pmbus/lm25066) Add offset coefficients Ondrej Mosnacek <omosnace(a)redhat.com> selinux: fix race condition when computing ocontext SIDs Masami Hiramatsu <mhiramat(a)kernel.org> ia64: kprobes: Fix to pass correct trampoline address to the handler Andreas Gruenbacher <agruenba(a)redhat.com> powerpc/kvm: Fix kvm_use_magic_page Sean Christopherson <seanjc(a)google.com> KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup Anand Jain <anand.jain(a)oracle.com> btrfs: call btrfs_check_rw_degradable only if there is a missing device Filipe Manana <fdmanana(a)suse.com> btrfs: fix lost error handling when replaying directory deletes Li Zhang <zhanglikernel(a)gmail.com> btrfs: clear MISSING device status bit in btrfs_close_one_device Christoph Hellwig <hch(a)lst.de> rds: stop using dmapool Wen Gu <guwen(a)linux.alibaba.com> net/smc: Correct spelling mistake to TCPF_SYN_RECV Tony Lu <tonylu(a)linux.alibaba.com> net/smc: Fix smc_link->llc_testlink_time overflow Yu Xiao <yu.xiao(a)corigine.com> nfp: bpf: relax prog rejection for mtu check through max_pkt_offset Dongli Zhang <dongli.zhang(a)oracle.com> vmxnet3: do not stop tx queues after netif_device_detach() Janghyub Seo <jhyub06(a)gmail.com> r8169: Add device 10ec:8162 to driver r8169 Amit Engel <amit.engel(a)dell.com> nvmet-tcp: fix header digest verification Naohiro Aota <naohiro.aota(a)wdc.com> block: schedule queue restart after BLK_STS_ZONE_RESOURCE Mario <awxkrnl(a)gmail.com> drm: panel-orientation-quirks: Add quirk for GPD Win3 Walter Stoll <walter.stoll(a)duagon.com> watchdog: Fix OMAP watchdog early handling Cyril Strejc <cyril.strejc(a)skoda.cz> net: multicast: calculate csum of looped-back and forwarded packets Thomas Perrot <thomas.perrot(a)bootlin.com> spi: spl022: fix Microwire full duplex mode Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix a memory leak when releasing a queue Dongli Zhang <dongli.zhang(a)oracle.com> xen/netfront: stop tx queues during live migration Asmaa Mnebhi <asmaa(a)nvidia.com> gpio: mlxbf2.c: Add check for bgpio_init failure Lorenz Bauer <lmb(a)cloudflare.com> bpf: Prevent increasing bpf_jit_limit above max Lorenz Bauer <lmb(a)cloudflare.com> bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT Florian Westphal <fw(a)strlen.de> fcnal-test: kill hanging ping/nettest binaries on cleanup Bryant Mairs <bryant(a)mai.rs> drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 Randy Dunlap <rdunlap(a)infradead.org> mmc: winbond: don't build on M68K Paweł Anikiel <pan(a)semihalf.com> reset: socfpga: add empty driver allowing consumers to probe Mikko Perttunen <mperttunen(a)nvidia.com> reset: tegra-bpmp: Handle errors in BPMP response Bastien Roucariès <rouca(a)debian.org> ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode Arnd Bergmann <arnd(a)arndb.de> hyperv/vmbus: include linux/bitops.h Erik Ekman <erik(a)kryo.se> sfc: Don't use netif_info before net_device setup Erik Ekman <erik(a)kryo.se> sfc: Export fibre-specific supported link modes Zheyu Ma <zheyuma97(a)gmail.com> cavium: Fix return values of the probe function Zheyu Ma <zheyuma97(a)gmail.com> mISDN: Fix return values of the probe function Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: qla2xxx: Fix unmap of already freed sgl Zheyu Ma <zheyuma97(a)gmail.com> scsi: qla2xxx: Return -ENOMEM if kzalloc() fails Zheyu Ma <zheyuma97(a)gmail.com> cavium: Return negative value when pci_alloc_irq_vectors() fails Davide Baldo <davide(a)baldo.me> ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers Yang Yingliang <yangyingliang(a)huawei.com> ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() Sean Christopherson <seanjc(a)google.com> x86/irq: Ensure PI wakeup handler is unregistered before module unload Jane Malalane <jane.malalane(a)citrix.com> x86/cpu: Fix migration safety with X86_BUG_NULL_SEL Tom Lendacky <thomas.lendacky(a)amd.com> x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix page stealing yangerkun <yangerkun(a)huawei.com> ext4: refresh the ext4_ext_path struct after dropping i_data_sem. yangerkun <yangerkun(a)huawei.com> ext4: ensure enough credits in ext4_ext_shift_path_extents Shaoying Xu <shaoyi(a)amazon.com> ext4: fix lazy initialization next schedule time computation in more granular unit Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Unconditionally unlink slave instances, too Wang Wensheng <wangwensheng4(a)huawei.com> ALSA: timer: Fix use-after-free problem Austin Kim <austin.kim(a)lge.com> ALSA: synth: missing check for possible NULL after the call to kstrdup Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Free card instance properly at probe errors Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add registration quirk for JBL Quantum 400 Jason Ormes <skryking(a)gmail.com> ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk Johan Hovold <johan(a)kernel.org> ALSA: line6: fix control and interrupt message timeouts Johan Hovold <johan(a)kernel.org> ALSA: 6fire: fix control and bulk message timeouts Johan Hovold <johan(a)kernel.org> ALSA: ua101: fix division by zero at probe Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for ASUS UX550VE Jaroslav Kysela <perex(a)perex.cz> ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N Jeremy Soller <jeremy(a)system76.com> ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirk for Clevo PC70HS Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED Johnathon Clark <john.clark(a)cantab.net> ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 Ricardo Ribalda <ribalda(a)chromium.org> media: v4l2-ioctl: Fix check_ext_ctrls Sean Young <sean(a)mess.org> media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers Chen-Yu Tsai <wenst(a)chromium.org> media: rkvdec: Support dynamic resolution changes Sean Young <sean(a)mess.org> media: ite-cir: IR receiver stop working after receive overflow Chen-Yu Tsai <wenst(a)chromium.org> media: rkvdec: Do not override sizeimage for output format Tang Bin <tangbin(a)cmss.chinamobile.com> crypto: s5p-sss - Add error handling in s5p_aes_probe() jing yangyang <cgel.zte(a)gmail.com> firmware/psci: fix application of sizeof to pointer Dan Carpenter <dan.carpenter(a)oracle.com> tpm: Check for integer overflow in tpm2_map_response_body() Helge Deller <deller(a)gmx.de> parisc: Fix ptrace check on syscall return Helge Deller <deller(a)gmx.de> parisc: Fix set_fixmap() on PA1.x CPUs Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix incorrect loading of i_blocks for large files Christian Löhle <CLoehle(a)hyperstone.com> mmc: dw_mmc: Dont wait for DRTO on Write RSP error Derong Liu <derong.liu(a)mediatek.com> mmc: mtk-sd: Add wait dma stop done flow Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix use after free in eh_abort path Arun Easi <aeasi(a)marvell.com> scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file Tadeusz Struk <tadeusz.struk(a)linaro.org> scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd() Jan Kara <jack(a)suse.cz> ocfs2: fix data corruption on truncate Damien Le Moal <damien.lemoal(a)opensource.wdc.com> libata: fix read log timeout value Takashi Iwai <tiwai(a)suse.de> Input: i8042 - Add quirk for Fujitsu Lifebook T725 Phoenix Huang <phoenix(a)emc.com.tw> Input: elantench - fix misreporting trackpoint coordinates Johan Hovold <johan(a)kernel.org> Input: iforce - fix control-message timeout Todd Kjos <tkjos(a)google.com> binder: use cred instead of task for getsecid Todd Kjos <tkjos(a)google.com> binder: use cred instead of task for selinux checks Todd Kjos <tkjos(a)google.com> binder: use euid from cred instead of using task Nehal Bakulchandra Shah <Nehal-Bakulchandra.shah(a)amd.com> usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 7 + .../bindings/regulator/samsung,s5m8767.txt | 23 +- Documentation/filesystems/fscrypt.rst | 10 +- Makefile | 4 +- arch/arm/Makefile | 22 +- arch/arm/boot/dts/at91-tse850-3.dts | 2 +- arch/arm/boot/dts/bcm4708-netgear-r6250.dts | 2 +- arch/arm/boot/dts/bcm4709-asus-rt-ac87u.dts | 2 +- arch/arm/boot/dts/bcm4709-buffalo-wxr-1900dhp.dts | 2 +- arch/arm/boot/dts/bcm4709-linksys-ea9200.dts | 2 +- arch/arm/boot/dts/bcm4709-netgear-r7000.dts | 2 +- arch/arm/boot/dts/bcm4709-netgear-r8000.dts | 2 +- arch/arm/boot/dts/bcm4709-tplink-archer-c9-v1.dts | 2 +- arch/arm/boot/dts/bcm47094-luxul-xwc-2000.dts | 2 +- arch/arm/boot/dts/bcm53016-meraki-mr32.dts | 2 +- arch/arm/boot/dts/bcm94708.dts | 2 +- arch/arm/boot/dts/bcm94709.dts | 2 +- arch/arm/boot/dts/omap3-gta04.dtsi | 2 +- arch/arm/boot/dts/qcom-msm8974.dtsi | 4 +- arch/arm/boot/dts/stm32mp15-pinctrl.dtsi | 8 +- arch/arm/boot/dts/stm32mp151.dtsi | 16 +- arch/arm/boot/dts/stm32mp15xx-dhcor-som.dtsi | 2 +- arch/arm/boot/dts/sun7i-a20-olinuxino-lime2.dts | 2 +- arch/arm/kernel/stacktrace.c | 3 +- arch/arm/mach-s3c/irq-s3c24xx.c | 22 +- arch/arm/mm/Kconfig | 2 +- arch/arm/mm/mmu.c | 4 +- arch/arm64/boot/dts/amlogic/meson-g12a-sei510.dts | 2 +- arch/arm64/boot/dts/amlogic/meson-g12a-u200.dts | 2 +- arch/arm64/boot/dts/amlogic/meson-g12a-x96-max.dts | 2 +- .../boot/dts/amlogic/meson-g12b-khadas-vim3.dtsi | 4 +- .../boot/dts/amlogic/meson-g12b-odroid-n2.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-g12b-w400.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 8 +- arch/arm64/boot/dts/qcom/pm8916.dtsi | 1 - .../arm64/boot/dts/renesas/beacon-renesom-som.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-j721e-main.dtsi | 16 +- arch/arm64/include/asm/esr.h | 1 + arch/arm64/include/asm/pgtable.h | 12 +- arch/arm64/kvm/hyp/hyp-entry.S | 2 +- arch/arm64/kvm/hyp/nvhe/host.S | 2 +- arch/arm64/mm/mmu.c | 5 + arch/arm64/net/bpf_jit_comp.c | 5 + arch/ia64/Kconfig.debug | 2 +- arch/ia64/kernel/kprobes.c | 9 +- arch/m68k/Kconfig.machine | 1 + arch/mips/Kconfig | 1 + arch/mips/include/asm/cmpxchg.h | 5 +- arch/mips/include/asm/mips-cm.h | 12 +- arch/mips/kernel/mips-cm.c | 21 +- arch/mips/kernel/r2300_fpu.S | 4 +- arch/mips/kernel/syscall.c | 9 - arch/mips/lantiq/xway/dma.c | 23 +- arch/openrisc/kernel/dma.c | 4 +- arch/openrisc/kernel/smp.c | 6 +- arch/parisc/kernel/entry.S | 2 +- arch/parisc/kernel/smp.c | 19 +- arch/parisc/kernel/unwind.c | 21 +- arch/parisc/kernel/vmlinux.lds.S | 3 +- arch/parisc/mm/fixmap.c | 5 +- arch/parisc/mm/init.c | 4 +- arch/powerpc/include/asm/code-patching.h | 1 + arch/powerpc/include/asm/firmware.h | 6 - arch/powerpc/include/asm/kvm_guest.h | 25 ++ arch/powerpc/include/asm/kvm_para.h | 2 +- arch/powerpc/include/asm/security_features.h | 5 + arch/powerpc/kernel/firmware.c | 12 +- arch/powerpc/kernel/kvm.c | 2 +- arch/powerpc/kernel/security.c | 5 + arch/powerpc/lib/code-patching.c | 7 +- arch/powerpc/net/bpf_jit.h | 33 ++- arch/powerpc/net/bpf_jit64.h | 8 +- arch/powerpc/net/bpf_jit_comp64.c | 64 +++++- arch/powerpc/platforms/44x/fsp2.c | 2 + arch/powerpc/platforms/85xx/Makefile | 4 +- arch/powerpc/platforms/85xx/mpc85xx_pm_ops.c | 7 +- arch/powerpc/platforms/85xx/smp.c | 12 +- arch/powerpc/platforms/powernv/opal-prd.c | 12 +- arch/powerpc/platforms/pseries/smp.c | 3 + arch/s390/kvm/priv.c | 2 + arch/s390/kvm/pv.c | 21 +- arch/s390/mm/gmap.c | 5 +- arch/sh/kernel/cpu/fpu.c | 10 +- arch/x86/events/intel/uncore_snbep.c | 6 +- arch/x86/hyperv/hv_init.c | 5 +- arch/x86/include/asm/page_64_types.h | 2 +- arch/x86/kernel/cpu/amd.c | 2 + arch/x86/kernel/cpu/common.c | 44 +++- arch/x86/kernel/cpu/cpu.h | 1 + arch/x86/kernel/cpu/hygon.c | 2 + arch/x86/kernel/cpu/mce/intel.c | 5 +- arch/x86/kernel/irq.c | 4 +- arch/x86/kernel/traps.c | 2 +- arch/x86/kvm/vmx/vmx.c | 15 +- arch/x86/mm/mem_encrypt_identity.c | 9 + block/blk-mq.c | 18 +- block/blk.h | 6 + crypto/Kconfig | 2 +- crypto/pcrypt.c | 12 +- drivers/acpi/ac.c | 19 ++ drivers/acpi/acpica/acglobal.h | 2 + drivers/acpi/acpica/hwesleep.c | 8 +- drivers/acpi/acpica/hwsleep.c | 11 +- drivers/acpi/acpica/hwxfsleep.c | 7 + drivers/acpi/battery.c | 2 +- drivers/acpi/pmic/intel_pmic.c | 51 +++-- drivers/android/binder.c | 22 +- drivers/ata/libata-core.c | 2 +- drivers/ata/libata-eh.c | 8 + drivers/auxdisplay/ht16k33.c | 66 +++--- drivers/auxdisplay/img-ascii-lcd.c | 10 + drivers/base/core.c | 4 +- drivers/base/power/main.c | 9 +- drivers/block/ataflop.c | 237 ++++++++++++------- drivers/block/zram/zram_drv.c | 2 +- drivers/bluetooth/btmtkuart.c | 13 +- drivers/bus/ti-sysc.c | 65 +++++- drivers/char/hw_random/mtk-rng.c | 9 +- drivers/char/ipmi/ipmi_msghandler.c | 10 +- drivers/char/ipmi/ipmi_watchdog.c | 17 +- drivers/char/tpm/tpm2-space.c | 3 + drivers/char/tpm/tpm_tis_core.c | 26 ++- drivers/char/tpm/tpm_tis_core.h | 4 + drivers/char/tpm/tpm_tis_spi_main.c | 1 + drivers/clk/at91/clk-sam9x60-pll.c | 4 +- drivers/clk/at91/pmc.c | 5 + drivers/clk/mvebu/ap-cpu-clk.c | 14 +- drivers/clocksource/Kconfig | 1 + drivers/cpuidle/sysfs.c | 5 +- drivers/crypto/caam/caampkc.c | 19 +- drivers/crypto/caam/regs.h | 3 + drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 13 ++ drivers/crypto/qat/qat_common/adf_vf_isr.c | 6 + drivers/crypto/s5p-sss.c | 2 + drivers/dma-buf/dma-buf.c | 1 + drivers/dma/at_xdmac.c | 2 +- drivers/dma/dmaengine.h | 2 +- drivers/edac/amd64_edac.c | 22 +- drivers/edac/sb_edac.c | 2 +- drivers/firmware/psci/psci_checker.c | 2 +- drivers/firmware/qcom_scm.c | 2 +- drivers/gpio/gpio-mlxbf2.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.h | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 1 + .../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 16 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 47 +++- drivers/gpu/drm/drm_plane_helper.c | 1 - drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c | 8 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 + drivers/gpu/drm/msm/msm_gem.c | 4 +- drivers/gpu/drm/msm/msm_gpu.c | 2 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 4 + drivers/gpu/drm/sun4i/sun8i_csc.h | 4 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 5 - drivers/gpu/drm/v3d/v3d_gem.c | 4 +- drivers/gpu/drm/virtio/virtgpu_vq.c | 8 +- drivers/hid/hid-u2fzero.c | 10 +- drivers/hv/hyperv_vmbus.h | 1 + drivers/hwmon/hwmon.c | 6 +- drivers/hwmon/pmbus/lm25066.c | 25 +- drivers/hwtracing/coresight/coresight-cti-core.c | 2 +- drivers/i2c/busses/i2c-mt65xx.c | 2 +- drivers/i2c/busses/i2c-xlr.c | 6 +- drivers/iio/accel/st_accel_core.c | 21 +- drivers/iio/accel/st_accel_i2c.c | 17 +- drivers/iio/accel/st_accel_spi.c | 17 +- drivers/iio/dac/ad5446.c | 9 +- drivers/iio/dac/ad5770r.c | 2 +- drivers/iio/gyro/st_gyro_core.c | 15 +- drivers/iio/gyro/st_gyro_i2c.c | 17 +- drivers/iio/gyro/st_gyro_spi.c | 17 +- drivers/iio/imu/adis.c | 4 +- drivers/iio/magnetometer/st_magn_core.c | 15 +- drivers/iio/magnetometer/st_magn_i2c.c | 14 +- drivers/iio/magnetometer/st_magn_spi.c | 14 +- drivers/iio/pressure/st_pressure_core.c | 15 +- drivers/iio/pressure/st_pressure_i2c.c | 17 +- drivers/iio/pressure/st_pressure_spi.c | 17 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/mlx4/qp.c | 4 +- drivers/infiniband/hw/qedr/verbs.c | 15 +- drivers/infiniband/sw/rxe/rxe_param.h | 2 +- drivers/input/joystick/iforce/iforce-usb.c | 2 +- drivers/input/mouse/elantech.c | 13 ++ drivers/input/serio/i8042-x86ia64io.h | 14 ++ drivers/irqchip/irq-bcm6345-l1.c | 2 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/isdn/hardware/mISDN/hfcpci.c | 8 +- drivers/md/md.c | 11 +- drivers/media/dvb-frontends/mn88443x.c | 18 +- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/ir-kbd-i2c.c | 1 + drivers/media/i2c/mt9p031.c | 28 ++- drivers/media/i2c/tda1997x.c | 8 +- drivers/media/pci/cx23885/cx23885-alsa.c | 3 +- drivers/media/pci/netup_unidvb/netup_unidvb_core.c | 27 ++- drivers/media/platform/mtk-vpu/mtk_vpu.c | 5 +- drivers/media/platform/rcar-vin/rcar-csi2.c | 2 + drivers/media/platform/s5p-mfc/s5p_mfc.c | 6 +- drivers/media/platform/stm32/stm32-dcmi.c | 19 +- drivers/media/radio/radio-wl1273.c | 2 +- drivers/media/radio/si470x/radio-si470x-i2c.c | 2 +- drivers/media/radio/si470x/radio-si470x-usb.c | 2 +- drivers/media/rc/ir_toy.c | 2 +- drivers/media/rc/ite-cir.c | 2 +- drivers/media/rc/mceusb.c | 1 + drivers/media/spi/cxd2880-spi.c | 2 +- drivers/media/usb/dvb-usb/az6027.c | 1 + drivers/media/usb/dvb-usb/dibusb-common.c | 2 +- drivers/media/usb/em28xx/em28xx-cards.c | 5 +- drivers/media/usb/em28xx/em28xx-core.c | 5 +- drivers/media/usb/tm6000/tm6000-video.c | 3 +- drivers/media/usb/uvc/uvc_driver.c | 7 +- drivers/media/usb/uvc/uvc_v4l2.c | 7 +- drivers/media/usb/uvc/uvc_video.c | 5 + drivers/media/v4l2-core/v4l2-ioctl.c | 67 ++++-- drivers/memory/fsl_ifc.c | 13 +- drivers/memory/renesas-rpc-if.c | 113 +++++++--- drivers/memstick/core/ms_block.c | 2 +- drivers/memstick/host/jmb38x_ms.c | 2 +- drivers/memstick/host/r592.c | 8 +- drivers/mfd/dln2.c | 18 ++ drivers/mfd/mfd-core.c | 2 + drivers/mmc/host/Kconfig | 2 +- drivers/mmc/host/dw_mmc.c | 3 +- drivers/mmc/host/moxart-mmc.c | 16 +- drivers/mmc/host/mtk-sd.c | 5 + drivers/mmc/host/mxs-mmc.c | 10 + drivers/mmc/host/sdhci-omap.c | 18 +- drivers/most/most_usb.c | 5 +- drivers/mtd/mtdcore.c | 4 +- drivers/mtd/nand/raw/ams-delta.c | 12 +- drivers/mtd/nand/raw/au1550nd.c | 12 +- drivers/mtd/nand/raw/gpio.c | 12 +- drivers/mtd/nand/raw/mpc5121_nfc.c | 12 +- drivers/mtd/nand/raw/orion_nand.c | 12 +- drivers/mtd/nand/raw/pasemi_nand.c | 12 +- drivers/mtd/nand/raw/plat_nand.c | 12 +- drivers/mtd/nand/raw/socrates_nand.c | 12 +- drivers/mtd/nand/raw/xway_nand.c | 12 +- drivers/mtd/spi-nor/controllers/hisi-sfc.c | 1 - drivers/net/Kconfig | 2 +- drivers/net/bonding/bond_sysfs_slave.c | 36 +-- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 2 +- drivers/net/dsa/lantiq_gswip.c | 28 ++- drivers/net/dsa/rtl8366rb.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 8 + drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 20 +- drivers/net/ethernet/cavium/thunder/nic_main.c | 2 +- drivers/net/ethernet/cavium/thunder/nicvf_main.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 7 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.h | 2 + .../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.h | 2 +- drivers/net/ethernet/freescale/enetc/enetc_qos.c | 18 +- drivers/net/ethernet/google/gve/gve.h | 4 +- drivers/net/ethernet/google/gve/gve_adminq.h | 1 + drivers/net/ethernet/google/gve/gve_main.c | 48 +++- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 5 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 + drivers/net/ethernet/ibm/ibmvnic.c | 5 +- drivers/net/ethernet/intel/ice/ice_base.c | 2 +- drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 20 +- drivers/net/ethernet/netronome/nfp/bpf/main.c | 16 +- drivers/net/ethernet/netronome/nfp/bpf/main.h | 2 + drivers/net/ethernet/netronome/nfp/bpf/offload.c | 17 +- drivers/net/ethernet/realtek/r8169_main.c | 1 + drivers/net/ethernet/sfc/mcdi_port_common.c | 37 ++- drivers/net/ethernet/sfc/ptp.c | 4 +- drivers/net/ethernet/sfc/siena_sriov.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 2 - drivers/net/ethernet/ti/davinci_emac.c | 16 +- drivers/net/ifb.c | 2 + drivers/net/phy/micrel.c | 9 +- drivers/net/phy/phy.c | 7 +- drivers/net/phy/phylink.c | 2 +- drivers/net/vmxnet3/vmxnet3_drv.c | 1 - drivers/net/vrf.c | 28 ++- drivers/net/wireless/ath/ath10k/mac.c | 37 ++- drivers/net/wireless/ath/ath10k/sdio.c | 5 +- drivers/net/wireless/ath/ath10k/usb.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 4 + drivers/net/wireless/ath/ath10k/wmi.h | 3 + drivers/net/wireless/ath/ath11k/dbring.c | 16 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 13 +- drivers/net/wireless/ath/ath11k/mac.c | 2 +- drivers/net/wireless/ath/ath11k/qmi.c | 4 +- drivers/net/wireless/ath/ath11k/reg.c | 11 +- drivers/net/wireless/ath/ath11k/reg.h | 2 +- drivers/net/wireless/ath/ath11k/wmi.c | 40 ++-- drivers/net/wireless/ath/ath11k/wmi.h | 3 +- drivers/net/wireless/ath/ath6kl/usb.c | 7 +- drivers/net/wireless/ath/ath9k/main.c | 4 +- drivers/net/wireless/ath/dfs_pattern_detector.c | 10 +- drivers/net/wireless/ath/wcn36xx/dxe.c | 49 ++-- drivers/net/wireless/ath/wcn36xx/main.c | 8 +- drivers/net/wireless/ath/wcn36xx/smd.c | 44 +++- drivers/net/wireless/ath/wcn36xx/txrx.c | 64 +++--- drivers/net/wireless/ath/wcn36xx/txrx.h | 3 +- drivers/net/wireless/broadcom/b43/phy_g.c | 2 +- drivers/net/wireless/broadcom/b43legacy/radio.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 10 + drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 3 + drivers/net/wireless/marvell/libertas/if_usb.c | 2 + drivers/net/wireless/marvell/libertas_tf/if_usb.c | 2 + drivers/net/wireless/marvell/mwifiex/11n.c | 5 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +-- drivers/net/wireless/marvell/mwifiex/pcie.c | 36 ++- drivers/net/wireless/marvell/mwifiex/usb.c | 16 ++ drivers/net/wireless/marvell/mwl8k.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 15 +- drivers/net/wireless/mediatek/mt76/mt76x02_mac.c | 13 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 8 +- drivers/net/wireless/microchip/wilc1000/cfg80211.c | 3 +- .../net/wireless/realtek/rtl818x/rtl8187/rtl8225.c | 14 +- drivers/net/wireless/realtek/rtw88/fw.c | 7 +- drivers/net/wireless/realtek/rtw88/reg.h | 1 + drivers/net/wireless/rsi/rsi_91x_core.c | 2 + drivers/net/wireless/rsi/rsi_91x_hal.c | 10 +- drivers/net/wireless/rsi/rsi_91x_mac80211.c | 74 ++---- drivers/net/wireless/rsi/rsi_91x_main.c | 17 +- drivers/net/wireless/rsi/rsi_91x_mgmt.c | 24 +- drivers/net/wireless/rsi/rsi_91x_sdio.c | 5 +- drivers/net/wireless/rsi/rsi_91x_usb.c | 5 +- drivers/net/wireless/rsi/rsi_hal.h | 11 + drivers/net/wireless/rsi/rsi_main.h | 15 +- drivers/net/xen-netfront.c | 8 + drivers/nfc/pn533/pn533.c | 6 +- drivers/nvme/host/multipath.c | 9 +- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/configfs.c | 2 + drivers/nvme/target/rdma.c | 24 ++ drivers/nvme/target/tcp.c | 21 +- drivers/of/unittest.c | 16 +- drivers/opp/of.c | 2 +- drivers/pci/controller/cadence/pcie-cadence-plat.c | 2 + drivers/pci/controller/dwc/pcie-uniphier.c | 26 +-- drivers/pci/controller/pci-aardvark.c | 251 ++++++++++++++++++--- drivers/pci/pci-bridge-emul.c | 13 ++ drivers/pci/quirks.c | 1 + drivers/phy/qualcomm/phy-qcom-qusb2.c | 16 +- drivers/phy/qualcomm/phy-qcom-snps-femto-v2.c | 2 +- drivers/phy/ti/phy-gmii-sel.c | 2 + drivers/pinctrl/core.c | 2 + drivers/pinctrl/pinctrl-equilibrium.c | 7 +- drivers/pinctrl/renesas/core.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 2 +- drivers/platform/x86/wmi.c | 9 +- drivers/power/supply/bq27xxx_battery_i2c.c | 3 +- drivers/power/supply/max17040_battery.c | 2 + drivers/power/supply/max17042_battery.c | 12 +- drivers/power/supply/rt5033_battery.c | 2 +- drivers/regulator/s5m8767.c | 21 +- drivers/remoteproc/remoteproc_core.c | 8 +- drivers/reset/reset-socfpga.c | 26 +++ drivers/reset/tegra/reset-bpmp.c | 9 +- drivers/rtc/rtc-rv3032.c | 4 +- drivers/s390/char/tape_std.c | 3 +- drivers/s390/cio/css.c | 4 +- drivers/s390/cio/device_ops.c | 12 +- drivers/s390/crypto/ap_queue.c | 2 + drivers/scsi/csiostor/csio_lnode.c | 2 +- drivers/scsi/dc395x.c | 1 + drivers/scsi/pm8001/pm8001_hwi.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 24 +- drivers/scsi/qla2xxx/qla_dbg.c | 3 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 - drivers/scsi/qla2xxx/qla_init.c | 54 ++++- drivers/scsi/qla2xxx/qla_mr.c | 23 -- drivers/scsi/qla2xxx/qla_os.c | 47 ++-- drivers/scsi/qla2xxx/qla_target.c | 14 +- drivers/scsi/scsi_lib.c | 2 - drivers/scsi/ufs/ufshcd-pltfrm.c | 6 +- drivers/scsi/ufs/ufshcd.c | 29 +-- drivers/scsi/ufs/ufshcd.h | 3 + drivers/soc/fsl/dpaa2-console.c | 1 + drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/soc/fsl/dpio/qbman-portal.c | 9 +- drivers/soc/qcom/apr.c | 2 + drivers/soc/qcom/rpmhpd.c | 21 +- drivers/soc/tegra/pmc.c | 2 +- drivers/soundwire/debugfs.c | 2 +- drivers/spi/spi-bcm-qspi.c | 5 +- drivers/spi/spi-pl022.c | 5 +- drivers/spi/spi-rpc-if.c | 4 +- drivers/staging/ks7010/Kconfig | 3 + drivers/staging/media/allegro-dvt/allegro-core.c | 9 + drivers/staging/media/atomisp/i2c/atomisp-lm3554.c | 37 +-- drivers/staging/media/imx/imx-media-dev-common.c | 2 + drivers/staging/media/ipu3/ipu3-v4l2.c | 7 +- drivers/staging/media/rkvdec/rkvdec-h264.c | 5 +- drivers/staging/media/rkvdec/rkvdec.c | 40 ++-- drivers/staging/most/dim2/Makefile | 2 +- drivers/staging/most/dim2/dim2.c | 24 +- drivers/staging/most/dim2/sysfs.c | 49 ---- drivers/staging/most/dim2/sysfs.h | 11 - drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/tty/serial/8250/8250_port.c | 21 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/serial_core.c | 16 +- drivers/tty/serial/xilinx_uartps.c | 3 +- drivers/usb/chipidea/core.c | 23 +- drivers/usb/dwc2/drd.c | 24 +- drivers/usb/gadget/legacy/hid.c | 4 +- drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-pci.c | 16 ++ drivers/usb/misc/iowarrior.c | 8 +- drivers/usb/musb/Kconfig | 2 +- drivers/usb/serial/keyspan.c | 15 +- drivers/usb/typec/Kconfig | 4 +- drivers/video/backlight/backlight.c | 6 - drivers/video/fbdev/chipsfb.c | 2 +- drivers/virtio/virtio_ring.c | 14 +- drivers/watchdog/Kconfig | 2 +- drivers/watchdog/f71808e_wdt.c | 4 +- drivers/watchdog/omap_wdt.c | 6 +- drivers/xen/balloon.c | 86 +++++-- drivers/xen/xen-pciback/conf_space_capability.c | 2 +- fs/btrfs/disk-io.c | 3 +- fs/btrfs/reflink.c | 2 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 14 +- fs/crypto/fscrypt_private.h | 5 +- fs/crypto/hkdf.c | 11 +- fs/crypto/keysetup.c | 57 ++++- fs/erofs/decompressor.c | 1 - fs/exfat/inode.c | 2 +- fs/ext4/extents.c | 63 +++--- fs/ext4/super.c | 9 +- fs/f2fs/inode.c | 2 +- fs/f2fs/namei.c | 2 +- fs/fuse/dev.c | 14 +- fs/gfs2/glock.c | 24 +- fs/jfs/jfs_mount.c | 51 ++--- fs/nfs/dir.c | 7 +- fs/nfs/direct.c | 2 +- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 4 +- fs/nfs/nfs4idmap.c | 2 +- fs/nfs/nfs4proc.c | 15 +- fs/nfs/pnfs.h | 2 +- fs/nfs/pnfs_nfs.c | 6 +- fs/nfs/write.c | 26 +-- fs/ocfs2/file.c | 8 +- fs/orangefs/dcache.c | 4 +- fs/overlayfs/file.c | 16 +- fs/proc/stat.c | 4 +- fs/proc/uptime.c | 14 +- fs/quota/quota_tree.c | 15 ++ fs/tracefs/inode.c | 3 +- include/linux/blkdev.h | 2 - include/linux/console.h | 2 + include/linux/ethtool_netlink.h | 3 + include/linux/filter.h | 1 + include/linux/kernel_stat.h | 1 + include/linux/libata.h | 2 +- include/linux/lsm_hook_defs.h | 14 +- include/linux/lsm_hooks.h | 14 +- include/linux/nfs_fs.h | 1 + include/linux/posix-timers.h | 2 + include/linux/rpmsg.h | 2 +- include/linux/sched/task.h | 3 +- include/linux/sched/task_stack.h | 4 + include/linux/security.h | 33 +-- include/linux/seq_file.h | 2 +- include/linux/tpm.h | 1 + include/memory/renesas-rpc-if.h | 1 + include/net/inet_connection_sock.h | 2 +- include/net/llc.h | 4 +- include/net/neighbour.h | 12 +- include/net/sch_generic.h | 4 + include/net/sock.h | 2 +- include/net/strparser.h | 16 +- include/net/tcp.h | 17 +- include/net/udp.h | 5 +- include/uapi/linux/ethtool_netlink.h | 4 +- include/uapi/linux/pci_regs.h | 6 + kernel/bpf/core.c | 4 +- kernel/bpf/verifier.c | 4 +- kernel/cgroup/cgroup.c | 31 ++- kernel/cgroup/rstat.c | 2 - kernel/fork.c | 3 +- kernel/kprobes.c | 3 +- kernel/locking/lockdep.c | 4 +- kernel/power/energy_model.c | 23 +- kernel/power/swap.c | 7 +- kernel/rcu/rcutorture.c | 48 +++- kernel/rcu/tasks.h | 3 +- kernel/rcu/tree_exp.h | 2 +- kernel/rcu/tree_plugin.h | 8 +- kernel/sched/core.c | 43 ++-- kernel/signal.c | 18 +- kernel/time/posix-cpu-timers.c | 19 +- kernel/trace/ring_buffer.c | 5 + kernel/trace/tracing_map.c | 40 ++-- kernel/workqueue.c | 15 +- lib/decompress_unxz.c | 2 +- lib/iov_iter.c | 5 +- lib/xz/xz_dec_lzma2.c | 21 +- lib/xz/xz_dec_stream.c | 6 +- mm/memcontrol.c | 27 +-- mm/oom_kill.c | 23 +- mm/zsmalloc.c | 7 +- net/8021q/vlan.c | 3 - net/8021q/vlan_dev.c | 3 + net/9p/client.c | 2 + net/bluetooth/l2cap_sock.c | 10 +- net/bluetooth/sco.c | 33 +-- net/can/j1939/main.c | 7 + net/can/j1939/transport.c | 6 + net/core/dev.c | 5 +- net/core/filter.c | 21 ++ net/core/neighbour.c | 48 ++-- net/core/net-sysfs.c | 55 +++++ net/core/net_namespace.c | 4 + net/core/stream.c | 3 - net/core/sysctl_net_core.c | 2 +- net/dccp/dccp.h | 2 +- net/dccp/proto.c | 14 +- net/ethtool/pause.c | 3 +- net/ipv4/inet_connection_sock.c | 4 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/proc.c | 2 +- net/ipv4/tcp.c | 40 +++- net/ipv4/tcp_bpf.c | 1 - net/ipv6/addrconf.c | 3 + net/ipv6/udp.c | 2 +- net/netfilter/nf_conntrack_proto_udp.c | 7 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netfilter/nft_dynset.c | 11 +- net/rds/ib.c | 10 - net/rds/ib.h | 6 - net/rds/ib_cm.c | 128 +++++++---- net/rds/ib_recv.c | 18 +- net/rds/ib_send.c | 8 + net/rxrpc/rtt.c | 2 +- net/sched/sch_generic.c | 9 + net/sched/sch_mq.c | 24 ++ net/sched/sch_mqprio.c | 23 ++ net/sched/sch_taprio.c | 27 ++- net/smc/af_smc.c | 20 +- net/smc/smc_llc.c | 2 +- net/strparser/strparser.c | 10 +- net/sunrpc/addr.c | 40 ++-- net/sunrpc/xprt.c | 28 +-- net/vmw_vsock/af_vsock.c | 2 + samples/kprobes/kretprobe_example.c | 2 +- scripts/leaking_addresses.pl | 3 +- security/apparmor/label.c | 4 +- security/integrity/evm/evm_main.c | 2 +- security/security.c | 14 +- security/selinux/hooks.c | 36 ++- security/selinux/ss/services.c | 162 +++++++------ security/smack/smackfs.c | 11 +- sound/core/oss/mixer_oss.c | 43 +++- sound/core/timer.c | 17 +- sound/pci/hda/hda_intel.c | 74 +++--- sound/pci/hda/patch_realtek.c | 82 +++++++ sound/soc/codecs/cs42l42.c | 88 ++++---- sound/soc/soc-core.c | 1 + sound/soc/sof/topology.c | 9 + sound/synth/emux/emux.c | 2 +- sound/usb/6fire/comm.c | 2 +- sound/usb/6fire/firmware.c | 6 +- sound/usb/format.c | 1 + sound/usb/line6/driver.c | 14 +- sound/usb/line6/driver.h | 2 +- sound/usb/line6/podhd.c | 6 +- sound/usb/line6/toneport.c | 2 +- sound/usb/misc/ua101.c | 4 +- sound/usb/quirks.c | 1 + tools/bpf/bpftool/prog.c | 16 +- tools/lib/bpf/bpf_core_read.h | 2 +- tools/lib/bpf/btf.c | 25 +- tools/objtool/check.c | 19 +- tools/perf/util/bpf-event.c | 4 +- .../testing/selftests/bpf/prog_tests/perf_buffer.c | 4 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 85 +++++-- tools/testing/selftests/bpf/progs/strobemeta.h | 11 + tools/testing/selftests/bpf/progs/test_sk_lookup.c | 62 +++-- tools/testing/selftests/bpf/test_progs.c | 4 +- .../testing/selftests/bpf/verifier/array_access.c | 2 +- tools/testing/selftests/core/close_range_test.c | 2 +- tools/testing/selftests/kvm/lib/x86_64/svm.c | 22 +- .../selftests/kvm/x86_64/mmio_warning_test.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 3 + tools/testing/selftests/net/udpgso_bench_rx.c | 11 +- 593 files changed, 4821 insertions(+), 2452 deletions(-)

3 years, 4 months

14
595
0 0

[PATCH MANUALSEL 5.10 1/2] KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it

by Sasha Levin

From: Maxim Levitsky <mlevitsk(a)redhat.com> [ Upstream commit 755c2bf878607dbddb1423df9abf16b82205896f ] kvm_apic_update_apicv is called when AVIC is still active, thus IRR bits can be set by the CPU after it is called, and don't cause the irr_pending to be set to true. Also logic in avic_kick_target_vcpu doesn't expect a race with this function so to make it simple, just keep irr_pending set to true and let the next interrupt injection to the guest clear it. Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> Message-Id: <20220207155447.840194-9-mlevitsk(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/x86/kvm/lapic.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 677d21082454f..d484269a390bc 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2292,7 +2292,12 @@ void kvm_apic_update_apicv(struct kvm_vcpu *vcpu) apic->irr_pending = true; apic->isr_count = 1; } else { - apic->irr_pending = (apic_search_irr(apic) != -1); + /* + * Don't clear irr_pending, searching the IRR can race with + * updates from the CPU as APICv is still active from hardware's + * perspective. The flag will be cleared as appropriate when + * KVM injects the interrupt. + */ apic->isr_count = count_vectors(apic->regs + APIC_ISR); } } -- 2.34.1

3 years, 4 months

4
7
0 0

[PATCH v3] i2c: i801: Safely share SMBus with BIOS/ACPI

by Hector Martin

The i801 controller provides a locking mechanism that the OS is supposed to use to safely share the SMBus with ACPI AML or other firmware. Previously, Linux attempted to get out of the way of ACPI AML entirely, but left the bus locked if it used it before the first AML access. This causes AML implementations that *do* attempt to safely share the bus to time out if Linux uses it first; notably, this regressed ACPI video backlight controls on 2015 iMacs after 01590f361e started instantiating SPD EEPROMs on boot. Commit 065b6211a8 fixed the immediate problem of leaving the bus locked, but we can do better. The controller does have a proper locking mechanism, so let's use it as intended. Since we can't rely on the BIOS doing this properly, we implement the following logic: - If ACPI AML uses the bus at all, we make a note and disable power management. The latter matches already existing behavior. - When we want to use the bus, we attempt to lock it first. If the locking attempt times out, *and* ACPI hasn't tried to use the bus at all yet, we cautiously go ahead and assume the BIOS forgot to unlock the bus after boot. This preserves existing behavior. - We always unlock the bus after a transfer. - If ACPI AML tries to use the bus (except trying to lock it) while we're in the middle of a transfer, or after we've determined locking is broken, we know we cannot safely share the bus and give up. Upon first usage of SMBus by ACPI AML, if nothing has gone horribly wrong so far, users will see: i801_smbus 0000:00:1f.4: SMBus controller is shared with ACPI AML. This seems safe so far. If locking the SMBus times out, users will see: i801_smbus 0000:00:1f.4: BIOS left SMBus locked And if ACPI AML tries to use the bus concurrently with Linux, or it previously used the bus and we failed to subsequently lock it as above, the driver will give up and users will get: i801_smbus 0000:00:1f.4: BIOS uses SMBus unsafely i801_smbus 0000:00:1f.4: Driver SMBus register access inhibited This fixes the regression introduced by 01590f361e, and further allows safely sharing the SMBus on 2015 iMacs. Tested by running `i2cdump` in a loop while changing backlight levels via the ACPI video device. Fixes: 01590f361e ("i2c: i801: Instantiate SPD EEPROMs automatically") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hector Martin <marcan(a)marcan.st> --- drivers/i2c/busses/i2c-i801.c | 96 ++++++++++++++++++++++++++++------- 1 file changed, 79 insertions(+), 17 deletions(-) diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c index 04a1e38f2a6f..03be6310d6d7 100644 --- a/drivers/i2c/busses/i2c-i801.c +++ b/drivers/i2c/busses/i2c-i801.c @@ -287,11 +287,18 @@ struct i801_priv { #endif struct platform_device *tco_pdev; + /* BIOS left the controller marked busy. */ + bool inuse_stuck; /* - * If set to true the host controller registers are reserved for - * ACPI AML use. Protected by acpi_lock. + * If set to true, ACPI AML uses the host controller registers. + * Protected by acpi_lock. */ - bool acpi_reserved; + bool acpi_usage; + /* + * If set to true, ACPI AML uses the host controller registers in an + * unsafe way. Protected by acpi_lock. + */ + bool acpi_unsafe; struct mutex acpi_lock; }; @@ -854,10 +861,37 @@ static s32 i801_access(struct i2c_adapter *adap, u16 addr, int hwpec; int block = 0; int ret = 0, xact = 0; + int timeout = 0; struct i801_priv *priv = i2c_get_adapdata(adap); + /* + * The controller provides a bit that implements a mutex mechanism + * between users of the bus. First, try to lock the hardware mutex. + * If this doesn't work, we give up trying to do this, but then + * bail if ACPI uses SMBus at all. + */ + if (!priv->inuse_stuck) { + while (inb_p(SMBHSTSTS(priv)) & SMBHSTSTS_INUSE_STS) { + if (++timeout >= MAX_RETRIES) { + dev_warn(&priv->pci_dev->dev, + "BIOS left SMBus locked\n"); + priv->inuse_stuck = true; + break; + } + usleep_range(250, 500); + } + } + mutex_lock(&priv->acpi_lock); - if (priv->acpi_reserved) { + if (priv->acpi_usage && priv->inuse_stuck && !priv->acpi_unsafe) { + priv->acpi_unsafe = true; + + dev_warn(&priv->pci_dev->dev, "BIOS uses SMBus unsafely\n"); + dev_warn(&priv->pci_dev->dev, + "Driver SMBus register access inhibited\n"); + } + + if (priv->acpi_unsafe) { mutex_unlock(&priv->acpi_lock); return -EBUSY; } @@ -1639,6 +1673,16 @@ static bool i801_acpi_is_smbus_ioport(const struct i801_priv *priv, address <= pci_resource_end(priv->pci_dev, SMBBAR); } +static acpi_status +i801_acpi_do_access(u32 function, acpi_physical_address address, + u32 bits, u64 *value) +{ + if ((function & ACPI_IO_MASK) == ACPI_READ) + return acpi_os_read_port(address, (u32 *)value, bits); + else + return acpi_os_write_port(address, (u32)*value, bits); +} + static acpi_status i801_acpi_io_handler(u32 function, acpi_physical_address address, u32 bits, u64 *value, void *handler_context, void *region_context) @@ -1648,17 +1692,38 @@ i801_acpi_io_handler(u32 function, acpi_physical_address address, u32 bits, acpi_status status; /* - * Once BIOS AML code touches the OpRegion we warn and inhibit any - * further access from the driver itself. This device is now owned - * by the system firmware. + * Non-i801 accesses pass through. */ - mutex_lock(&priv->acpi_lock); + if (!i801_acpi_is_smbus_ioport(priv, address)) + return i801_acpi_do_access(function, address, bits, value); - if (!priv->acpi_reserved && i801_acpi_is_smbus_ioport(priv, address)) { - priv->acpi_reserved = true; + if (!mutex_trylock(&priv->acpi_lock)) { + mutex_lock(&priv->acpi_lock); + /* + * This better be a read of the status register to acquire + * the lock... + */ + if (!priv->acpi_unsafe && + !(address == SMBHSTSTS(priv) && + (function & ACPI_IO_MASK) == ACPI_READ)) { + /* + * Uh-oh, ACPI AML is trying to do something with the + * controller without locking it properly. + */ + priv->acpi_unsafe = true; + + dev_warn(&pdev->dev, "BIOS uses SMBus unsafely\n"); + dev_warn(&pdev->dev, + "Driver SMBus register access inhibited\n"); + } + } - dev_warn(&pdev->dev, "BIOS is accessing SMBus registers\n"); - dev_warn(&pdev->dev, "Driver SMBus register access inhibited\n"); + if (!priv->acpi_usage) { + priv->acpi_usage = true; + + if (!priv->acpi_unsafe) + dev_info(&pdev->dev, + "SMBus controller is shared with ACPI AML. This seems safe so far.\n"); /* * BIOS is accessing the host controller so prevent it from @@ -1667,10 +1732,7 @@ i801_acpi_io_handler(u32 function, acpi_physical_address address, u32 bits, pm_runtime_get_sync(&pdev->dev); } - if ((function & ACPI_IO_MASK) == ACPI_READ) - status = acpi_os_read_port(address, (u32 *)value, bits); - else - status = acpi_os_write_port(address, (u32)*value, bits); + status = i801_acpi_do_access(function, address, bits, value); mutex_unlock(&priv->acpi_lock); @@ -1706,7 +1768,7 @@ static void i801_acpi_remove(struct i801_priv *priv) ACPI_ADR_SPACE_SYSTEM_IO, i801_acpi_io_handler); mutex_lock(&priv->acpi_lock); - if (priv->acpi_reserved) + if (priv->acpi_usage) pm_runtime_put(&priv->pci_dev->dev); mutex_unlock(&priv->acpi_lock); } -- 2.32.0

3 years, 5 months

5
4
0 0

FAILED: patch "[PATCH] xhci: make xhci_handshake timeout for xhci_reset() adjustable" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 14073ce951b5919da450022c050772902f24f054 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 3 Mar 2022 13:08:55 +0200 Subject: [PATCH] xhci: make xhci_handshake timeout for xhci_reset() adjustable xhci_reset() timeout was increased from 250ms to 10 seconds in order to give Renesas 720201 xHC enough time to get ready in probe. xhci_reset() is called with interrupts disabled in other places, and waiting for 10 seconds there is not acceptable. Add a timeout parameter to xhci_reset(), and adjust it back to 250ms when called from xhci_stop() or xhci_shutdown() where interrupts are disabled, and successful reset isn't that critical. This solves issues when deactivating host mode on platforms like SM8450. For now don't change the timeout if xHC is reset in xhci_resume(). No issues are reported for it, and we need the reset to succeed. Locking around that reset needs to be revisited later. Additionally change the signed integer timeout parameter in xhci_handshake() to a u64 to match the timeout value we pass to readl_poll_timeout_atomic() Fixes: 22ceac191211 ("xhci: Increase reset timeout for Renesas 720201 host.") Cc: stable(a)vger.kernel.org Reported-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Reported-by: Pavan Kondeti <quic_pkondeti(a)quicinc.com> Tested-by: Pavan Kondeti <quic_pkondeti(a)quicinc.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20220303110903.1662404-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index df3522dab31b..bb4f01ce90e3 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -762,7 +762,7 @@ static int xhci_exit_test_mode(struct xhci_hcd *xhci) } pm_runtime_allow(xhci_to_hcd(xhci)->self.controller); xhci->test_mode = 0; - return xhci_reset(xhci); + return xhci_reset(xhci, XHCI_RESET_SHORT_USEC); } void xhci_set_link_state(struct xhci_hcd *xhci, struct xhci_port *port, diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index cb70d0b31e08..48114a462908 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2575,7 +2575,7 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) fail: xhci_halt(xhci); - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); xhci_mem_cleanup(xhci); return -ENOMEM; } diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index a1c781f70d02..6b32f7e65d4c 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -65,7 +65,7 @@ static bool td_on_ring(struct xhci_td *td, struct xhci_ring *ring) * handshake done). There are two failure modes: "usec" have passed (major * hardware flakeout), or the register reads as all-ones (hardware removed). */ -int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec) +int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) { u32 result; int ret; @@ -73,7 +73,7 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec) ret = readl_poll_timeout_atomic(ptr, result, (result & mask) == done || result == U32_MAX, - 1, usec); + 1, timeout_us); if (result == U32_MAX) /* card removed */ return -ENODEV; @@ -162,7 +162,7 @@ int xhci_start(struct xhci_hcd *xhci) * Transactions will be terminated immediately, and operational registers * will be set to their defaults. */ -int xhci_reset(struct xhci_hcd *xhci) +int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us) { u32 command; u32 state; @@ -195,8 +195,7 @@ int xhci_reset(struct xhci_hcd *xhci) if (xhci->quirks & XHCI_INTEL_HOST) udelay(1000); - ret = xhci_handshake(&xhci->op_regs->command, - CMD_RESET, 0, 10 * 1000 * 1000); + ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us); if (ret) return ret; @@ -209,8 +208,7 @@ int xhci_reset(struct xhci_hcd *xhci) * xHCI cannot write to any doorbells or operational registers other * than status until the "Controller Not Ready" flag is cleared. */ - ret = xhci_handshake(&xhci->op_regs->status, - STS_CNR, 0, 10 * 1000 * 1000); + ret = xhci_handshake(&xhci->op_regs->status, STS_CNR, 0, timeout_us); xhci->usb2_rhub.bus_state.port_c_suspend = 0; xhci->usb2_rhub.bus_state.suspended_ports = 0; @@ -731,7 +729,7 @@ static void xhci_stop(struct usb_hcd *hcd) xhci->xhc_state |= XHCI_STATE_HALTED; xhci->cmd_ring_state = CMD_RING_STATE_STOPPED; xhci_halt(xhci); - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); spin_unlock_irq(&xhci->lock); xhci_cleanup_msix(xhci); @@ -784,7 +782,7 @@ void xhci_shutdown(struct usb_hcd *hcd) xhci_halt(xhci); /* Workaround for spurious wakeups at shutdown with HSW */ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); spin_unlock_irq(&xhci->lock); xhci_cleanup_msix(xhci); @@ -1170,7 +1168,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) xhci_dbg(xhci, "Stop HCD\n"); xhci_halt(xhci); xhci_zero_64b_regs(xhci); - retval = xhci_reset(xhci); + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); spin_unlock_irq(&xhci->lock); if (retval) return retval; @@ -5307,7 +5305,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) xhci_dbg(xhci, "Resetting HCD\n"); /* Reset the internal HC memory state and registers. */ - retval = xhci_reset(xhci); + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); if (retval) return retval; xhci_dbg(xhci, "Reset complete\n"); diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8a0026ee9524..fce32f8ea9d0 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -229,6 +229,9 @@ struct xhci_op_regs { #define CMD_ETE (1 << 14) /* bits 15:31 are reserved (and should be preserved on writes). */ +#define XHCI_RESET_LONG_USEC (10 * 1000 * 1000) +#define XHCI_RESET_SHORT_USEC (250 * 1000) + /* IMAN - Interrupt Management Register */ #define IMAN_IE (1 << 1) #define IMAN_IP (1 << 0) @@ -2081,11 +2084,11 @@ void xhci_free_container_ctx(struct xhci_hcd *xhci, /* xHCI host controller glue */ typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *); -int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec); +int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us); void xhci_quiesce(struct xhci_hcd *xhci); int xhci_halt(struct xhci_hcd *xhci); int xhci_start(struct xhci_hcd *xhci); -int xhci_reset(struct xhci_hcd *xhci); +int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us); int xhci_run(struct usb_hcd *hcd); int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks); void xhci_shutdown(struct usb_hcd *hcd);

3 years, 5 months

3
2
0 0

[PATCH AUTOSEL 5.17 01/43] LSM: general protection fault in legacy_parse_param

by Sasha Levin

From: Casey Schaufler <casey(a)schaufler-ca.com> [ Upstream commit ecff30575b5ad0eda149aadad247b7f75411fd47 ] The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectly returns 1 on success. There was a time when this was correct, however the current expectation is that it return 0 on success. This is repaired. Reported-by: syzbot+d1e3b1d92d25abf97943(a)syzkaller.appspotmail.com Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com> Acked-by: James Morris <jamorris(a)linux.microsoft.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/security.c | 17 +++++++++++++++-- security/selinux/hooks.c | 5 ++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/security/security.c b/security/security.c index 22261d79f333..f101a53a63ed 100644 --- a/security/security.c +++ b/security/security.c @@ -884,9 +884,22 @@ int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc) return call_int_hook(fs_context_dup, 0, fc, src_fc); } -int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param) +int security_fs_context_parse_param(struct fs_context *fc, + struct fs_parameter *param) { - return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param); + struct security_hook_list *hp; + int trc; + int rc = -ENOPARAM; + + hlist_for_each_entry(hp, &security_hook_heads.fs_context_parse_param, + list) { + trc = hp->hook.fs_context_parse_param(fc, param); + if (trc == 0) + rc = 0; + else if (trc != -ENOPARAM) + return trc; + } + return rc; } int security_sb_alloc(struct super_block *sb) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5b6895e4fc29..371f67a37f9a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2860,10 +2860,9 @@ static int selinux_fs_context_parse_param(struct fs_context *fc, return opt; rc = selinux_add_opt(opt, param->string, &fc->security); - if (!rc) { + if (!rc) param->string = NULL; - rc = 1; - } + return rc; } -- 2.34.1

3 years, 5 months

11
61
0 0

[PATCH AUTOSEL 5.16 01/28] selftests/bpf: Add test for bpf_timer overwriting crash

by Sasha Levin

From: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> [ Upstream commit a7e75016a0753c24d6c995bc02501ae35368e333 ] Add a test that validates that timer value is not overwritten when doing a copy_map_value call in the kernel. Without the prior fix, this test triggers a crash. Signed-off-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Link: https://lore.kernel.org/bpf/20220209070324.1093182-3-memxor@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/bpf/prog_tests/timer_crash.c | 32 +++++++++++ .../testing/selftests/bpf/progs/timer_crash.c | 54 +++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/timer_crash.c create mode 100644 tools/testing/selftests/bpf/progs/timer_crash.c diff --git a/tools/testing/selftests/bpf/prog_tests/timer_crash.c b/tools/testing/selftests/bpf/prog_tests/timer_crash.c new file mode 100644 index 0000000000000..f74b82305da8c --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/timer_crash.c @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <test_progs.h> +#include "timer_crash.skel.h" + +enum { + MODE_ARRAY, + MODE_HASH, +}; + +static void test_timer_crash_mode(int mode) +{ + struct timer_crash *skel; + + skel = timer_crash__open_and_load(); + if (!ASSERT_OK_PTR(skel, "timer_crash__open_and_load")) + return; + skel->bss->pid = getpid(); + skel->bss->crash_map = mode; + if (!ASSERT_OK(timer_crash__attach(skel), "timer_crash__attach")) + goto end; + usleep(1); +end: + timer_crash__destroy(skel); +} + +void test_timer_crash(void) +{ + if (test__start_subtest("array")) + test_timer_crash_mode(MODE_ARRAY); + if (test__start_subtest("hash")) + test_timer_crash_mode(MODE_HASH); +} diff --git a/tools/testing/selftests/bpf/progs/timer_crash.c b/tools/testing/selftests/bpf/progs/timer_crash.c new file mode 100644 index 0000000000000..f8f7944e70dae --- /dev/null +++ b/tools/testing/selftests/bpf/progs/timer_crash.c @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include <vmlinux.h> +#include <bpf/bpf_tracing.h> +#include <bpf/bpf_helpers.h> + +struct map_elem { + struct bpf_timer timer; + struct bpf_spin_lock lock; +}; + +struct { + __uint(type, BPF_MAP_TYPE_ARRAY); + __uint(max_entries, 1); + __type(key, int); + __type(value, struct map_elem); +} amap SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __uint(max_entries, 1); + __type(key, int); + __type(value, struct map_elem); +} hmap SEC(".maps"); + +int pid = 0; +int crash_map = 0; /* 0 for amap, 1 for hmap */ + +SEC("fentry/do_nanosleep") +int sys_enter(void *ctx) +{ + struct map_elem *e, value = {}; + void *map = crash_map ? (void *)&hmap : (void *)&amap; + + if (bpf_get_current_task_btf()->tgid != pid) + return 0; + + *(void **)&value = (void *)0xdeadcaf3; + + bpf_map_update_elem(map, &(int){0}, &value, 0); + /* For array map, doing bpf_map_update_elem will do a + * check_and_free_timer_in_array, which will trigger the crash if timer + * pointer was overwritten, for hmap we need to use bpf_timer_cancel. + */ + if (crash_map == 1) { + e = bpf_map_lookup_elem(map, &(int){0}); + if (!e) + return 0; + bpf_timer_cancel(&e->timer); + } + return 0; +} + +char _license[] SEC("license") = "GPL"; -- 2.34.1

3 years, 6 months

5
42
0 0

[PATCH 4.9 00/48] 4.9.300-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.300 release. There are 48 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 09 Feb 2022 10:37:42 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.300-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.300-rc1 Ritesh Harjani <riteshh(a)linux.ibm.com> ext4: fix error handling in ext4_restore_inline_data() Sergey Shtylyov <s.shtylyov(a)omp.ru> EDAC/xgene: Fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> EDAC/altera: Fix deferred probing Riwen Lu <luriwen(a)kylinos.cn> rtc: cmos: Evaluate century appropriate Dai Ngo <dai.ngo(a)oracle.com> nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. John Meneghini <jmeneghi(a)redhat.com> scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Miaoqian Lin <linmq006(a)gmail.com> ASoC: fsl: Add missing error handling in pcm030_fabric_probe Lior Nahmanson <liorna(a)nvidia.com> net: macsec: Verify that send_sci is on when setting Tx sci explicitly Miquel Raynal <miquel.raynal(a)bootlin.com> net: ieee802154: Return meaningful error codes from the netlink helpers Benjamin Gaignard <benjamin.gaignard(a)collabora.com> spi: mediatek: Avoid NULL pointer crash in interrupt Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: check for valid cs before applying chip select Joerg Roedel <jroedel(a)suse.de> iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() Nick Lopez <github(a)glowingmonkey.org> drm/nouveau: fix off by one in BIOS boundary checking Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() Eric Dumazet <edumazet(a)google.com> af_packet: fix data-race in packet_setsockopt / packet_setsockopt Eric Dumazet <edumazet(a)google.com> rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> net: amd-xgbe: Fix skb data length underflow Raju Rangoju <Raju.Rangoju(a)amd.com> net: amd-xgbe: ensure to reset the tx_timer_active flag Georgi Valkov <gvalkov(a)abv.bg> ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback Florian Westphal <fw(a)strlen.de> netfilter: nat: limit port clash resolution attempts Florian Westphal <fw(a)strlen.de> netfilter: nat: remove l4 protocol port rovers Eric Dumazet <edumazet(a)google.com> ipv4: tcp: send zero IPID in SYNACK messages Eric Dumazet <edumazet(a)google.com> ipv4: raw: lock the socket in raw_bind() Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Reduce maximum conversion rate for G781 Xianting Tian <xianting.tian(a)linux.alibaba.com> drm/msm: Fix wrong size calculation Jianguo Wu <wujianguo(a)chinatelecom.cn> net-procfs: show net devices bound packet types Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: nfs_atomic_open() can race when looking up a non-regular file Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Handle case where the lookup of a directory fails Eric Dumazet <edumazet(a)google.com> ipv4: avoid using shared IP generator for connected sockets Congyu Liu <liu3101(a)purdue.edu> net: fix information leakage in /proc/net/ptype Ido Schimmel <idosch(a)nvidia.com> ipv6_tunnel: Rate limit warning messages John Meneghini <jmeneghi(a)redhat.com> scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix boot failure with GCC latent entropy plugin Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix hang in usb_kill_urb by adding memory barriers Pavankumar Kondeti <quic_pkondeti(a)quicinc.com> usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS Alan Stern <stern(a)rowland.harvard.edu> usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge Cameron Williams <cang1(a)live.co.uk> tty: Add support for Brainboxes UC cards. daniel.starke(a)siemens.com <daniel.starke(a)siemens.com> tty: n_gsm: fix SW flow control encoding/handling Valentin Caron <valentin.caron(a)foss.st.com> serial: stm32: fix software flow control transfer Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> PM: wakeup: simplify the output logic of pm_show_wakelocks() Jan Kara <jack(a)suse.cz> udf: Fix NULL ptr deref when converting from inline format Jan Kara <jack(a)suse.cz> udf: Restore i_lenAlloc when inode expansion fails Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices Vasily Gorbik <gor(a)linux.ibm.com> s390/hypfs: include z/VM guests with access control group set Brian Gix <brian.gix(a)intel.com> Bluetooth: refactor malicious adv data check Ziyang Xuan <william.xuanziyang(a)huawei.com> can: bcm: fix UAF of bcm op ------------- Diffstat: Makefile | 4 +- arch/powerpc/kernel/Makefile | 1 + arch/powerpc/lib/Makefile | 3 + arch/s390/hypfs/hypfs_vm.c | 6 +- drivers/edac/altera_edac.c | 2 +- drivers/edac/xgene_edac.c | 2 +- drivers/gpu/drm/msm/msm_drv.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +- drivers/hwmon/lm90.c | 2 +- drivers/iommu/amd_iommu_init.c | 2 + drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 14 +++- drivers/net/macsec.c | 9 +++ drivers/net/usb/ipheth.c | 6 +- drivers/rtc/rtc-mc146818-lib.c | 2 +- drivers/s390/scsi/zfcp_fc.c | 13 ++- drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 41 +++++----- drivers/spi/spi-bcm-qspi.c | 2 +- drivers/spi/spi-mt65xx.c | 2 +- drivers/tty/n_gsm.c | 4 +- drivers/tty/serial/8250/8250_pci.c | 100 +++++++++++++++++++++++- drivers/tty/serial/stm32-usart.c | 2 +- drivers/usb/core/hcd.c | 14 ++++ drivers/usb/core/urb.c | 12 +++ drivers/usb/gadget/function/f_sourcesink.c | 1 + drivers/usb/storage/unusual_devs.h | 10 +++ fs/ext4/inline.c | 10 ++- fs/nfs/dir.c | 18 +++++ fs/nfsd/nfs4state.c | 4 +- fs/udf/inode.c | 9 +-- include/linux/netdevice.h | 1 + include/net/ip.h | 21 +++-- include/net/netfilter/nf_nat_l4proto.h | 2 +- kernel/power/wakelock.c | 12 +-- net/bluetooth/hci_event.c | 10 +-- net/can/bcm.c | 20 ++--- net/core/net-procfs.c | 38 ++++++++- net/core/rtnetlink.c | 6 +- net/ieee802154/nl802154.c | 8 +- net/ipv4/ip_output.c | 11 ++- net/ipv4/raw.c | 5 +- net/ipv6/ip6_tunnel.c | 8 +- net/netfilter/nf_nat_proto_common.c | 36 ++++++--- net/netfilter/nf_nat_proto_dccp.c | 5 +- net/netfilter/nf_nat_proto_sctp.c | 5 +- net/netfilter/nf_nat_proto_tcp.c | 5 +- net/netfilter/nf_nat_proto_udp.c | 5 +- net/netfilter/nf_nat_proto_udplite.c | 5 +- net/packet/af_packet.c | 10 ++- sound/soc/fsl/pcm030-audio-fabric.c | 11 ++- sound/soc/soc-ops.c | 29 ++++++- 50 files changed, 410 insertions(+), 142 deletions(-)

3 years, 6 months

9
57
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2022