November 2023 - Linux-stable-mirror

[PATCH 1/7] serial: sc16is7xx: fix snprintf format specifier in sc16is7xx_regmap_name()

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Change snprint format specifier from %d to %u since port_id is unsigned. Fixes: 3837a0379533 ("serial: sc16is7xx: improve regmap debugfs by using one regmap per port") Cc: stable(a)vger.kernel.org # 6.1.x: 3837a03 serial: sc16is7xx: improve regmap debugfs by using one regmap per port Suggested-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- I did not originally add a "Cc: stable" tag for commit 3837a0379533 ("serial: sc16is7xx: improve regmap debugfs by using one regmap per port") as it was intended only to improve debugging using debugfs. But since then, I have been able to confirm that it also fixes a long standing bug in our system where the Tx interrupt are no longer enabled at some point when transmitting large RS-485 paquets (> 64 bytes, which is the size of the FIFO). I have been investigating why, but so far I haven't found the exact cause, altough I suspect it has something to do with regmap caching. Therefore, I have added it as a prerequisite for this patch so that it is automatically added to the stable kernels. --- drivers/tty/serial/sc16is7xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 10e90a7774f0..8e5baf2f6ec6 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -1700,7 +1700,7 @@ static const char *sc16is7xx_regmap_name(unsigned int port_id) { static char buf[6]; - snprintf(buf, sizeof(buf), "port%d", port_id); + snprintf(buf, sizeof(buf), "port%u", port_id); return buf; } -- 2.39.2

1 year, 2 months

5
11
0 0

[PATCH v2] PM: hibernate: use acquire/release ordering when compress/decompress image

by Hongchen Zhang

When we test S4(suspend to disk) on LoongArch 3A6000 platform, the test case sometimes fails. The dmesg log shows the following error: Invalid LZO compressed length After we dig into the code, we find out that: When compress/decompress the image, the synchronization operation between the control thread and the compress/decompress/crc thread uses relaxed ordering interface, which is unreliable, and the following situation may occur: CPU 0 CPU 1 save_image_lzo lzo_compress_threadfn atomic_set(&d->stop, 1); atomic_read(&data[thr].stop) data[thr].cmp = data[thr].cmp_len; WRITE data[thr].cmp_len Then CPU0 get a old cmp_len and write to disk. When cpu resume from S4, wrong cmp_len is loaded. To maintain data consistency between two threads, we should use the acquire/release ordering interface. So we change atomic_read/atomic_set to atomic_read_acquire/atomic_set_release. Fixes: 081a9d043c98 ("PM / Hibernate: Improve performance of LZO/plain hibernation, checksum image") Cc: stable(a)vger.kernel.org Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> Signed-off-by: Weihao Li <liweihao(a)loongson.cn> --- v1 -> v2: 1. add Cc: stable(a)vger.kernel.org in commit log 2. add Fixes: line in commit log --- kernel/power/swap.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/kernel/power/swap.c b/kernel/power/swap.c index a2cb0babb5ec..d44f5937f1e5 100644 --- a/kernel/power/swap.c +++ b/kernel/power/swap.c @@ -606,11 +606,11 @@ static int crc32_threadfn(void *data) unsigned i; while (1) { - wait_event(d->go, atomic_read(&d->ready) || + wait_event(d->go, atomic_read_acquire(&d->ready) || kthread_should_stop()); if (kthread_should_stop()) { d->thr = NULL; - atomic_set(&d->stop, 1); + atomic_set_release(&d->stop, 1); wake_up(&d->done); break; } @@ -619,7 +619,7 @@ static int crc32_threadfn(void *data) for (i = 0; i < d->run_threads; i++) *d->crc32 = crc32_le(*d->crc32, d->unc[i], *d->unc_len[i]); - atomic_set(&d->stop, 1); + atomic_set_release(&d->stop, 1); wake_up(&d->done); } return 0; @@ -649,12 +649,12 @@ static int lzo_compress_threadfn(void *data) struct cmp_data *d = data; while (1) { - wait_event(d->go, atomic_read(&d->ready) || + wait_event(d->go, atomic_read_acquire(&d->ready) || kthread_should_stop()); if (kthread_should_stop()) { d->thr = NULL; d->ret = -1; - atomic_set(&d->stop, 1); + atomic_set_release(&d->stop, 1); wake_up(&d->done); break; } @@ -663,7 +663,7 @@ static int lzo_compress_threadfn(void *data) d->ret = lzo1x_1_compress(d->unc, d->unc_len, d->cmp + LZO_HEADER, &d->cmp_len, d->wrk); - atomic_set(&d->stop, 1); + atomic_set_release(&d->stop, 1); wake_up(&d->done); } return 0; @@ -798,7 +798,7 @@ static int save_image_lzo(struct swap_map_handle *handle, data[thr].unc_len = off; - atomic_set(&data[thr].ready, 1); + atomic_set_release(&data[thr].ready, 1); wake_up(&data[thr].go); } @@ -806,12 +806,12 @@ static int save_image_lzo(struct swap_map_handle *handle, break; crc->run_threads = thr; - atomic_set(&crc->ready, 1); + atomic_set_release(&crc->ready, 1); wake_up(&crc->go); for (run_threads = thr, thr = 0; thr < run_threads; thr++) { wait_event(data[thr].done, - atomic_read(&data[thr].stop)); + atomic_read_acquire(&data[thr].stop)); atomic_set(&data[thr].stop, 0); ret = data[thr].ret; @@ -850,7 +850,7 @@ static int save_image_lzo(struct swap_map_handle *handle, } } - wait_event(crc->done, atomic_read(&crc->stop)); + wait_event(crc->done, atomic_read_acquire(&crc->stop)); atomic_set(&crc->stop, 0); } @@ -1132,12 +1132,12 @@ static int lzo_decompress_threadfn(void *data) struct dec_data *d = data; while (1) { - wait_event(d->go, atomic_read(&d->ready) || + wait_event(d->go, atomic_read_acquire(&d->ready) || kthread_should_stop()); if (kthread_should_stop()) { d->thr = NULL; d->ret = -1; - atomic_set(&d->stop, 1); + atomic_set_release(&d->stop, 1); wake_up(&d->done); break; } @@ -1150,7 +1150,7 @@ static int lzo_decompress_threadfn(void *data) flush_icache_range((unsigned long)d->unc, (unsigned long)d->unc + d->unc_len); - atomic_set(&d->stop, 1); + atomic_set_release(&d->stop, 1); wake_up(&d->done); } return 0; @@ -1335,7 +1335,7 @@ static int load_image_lzo(struct swap_map_handle *handle, } if (crc->run_threads) { - wait_event(crc->done, atomic_read(&crc->stop)); + wait_event(crc->done, atomic_read_acquire(&crc->stop)); atomic_set(&crc->stop, 0); crc->run_threads = 0; } @@ -1371,7 +1371,7 @@ static int load_image_lzo(struct swap_map_handle *handle, pg = 0; } - atomic_set(&data[thr].ready, 1); + atomic_set_release(&data[thr].ready, 1); wake_up(&data[thr].go); } @@ -1390,7 +1390,7 @@ static int load_image_lzo(struct swap_map_handle *handle, for (run_threads = thr, thr = 0; thr < run_threads; thr++) { wait_event(data[thr].done, - atomic_read(&data[thr].stop)); + atomic_read_acquire(&data[thr].stop)); atomic_set(&data[thr].stop, 0); ret = data[thr].ret; @@ -1421,7 +1421,7 @@ static int load_image_lzo(struct swap_map_handle *handle, ret = snapshot_write_next(snapshot); if (ret <= 0) { crc->run_threads = thr + 1; - atomic_set(&crc->ready, 1); + atomic_set_release(&crc->ready, 1); wake_up(&crc->go); goto out_finish; } @@ -1429,13 +1429,13 @@ static int load_image_lzo(struct swap_map_handle *handle, } crc->run_threads = thr; - atomic_set(&crc->ready, 1); + atomic_set_release(&crc->ready, 1); wake_up(&crc->go); } out_finish: if (crc->run_threads) { - wait_event(crc->done, atomic_read(&crc->stop)); + wait_event(crc->done, atomic_read_acquire(&crc->stop)); atomic_set(&crc->stop, 0); } stop = ktime_get(); -- 2.33.0

1 year, 2 months

2
2
0 0

[PATCH AUTOSEL 6.6 01/17] scsi: sd: Fix sshdr use in sd_suspend_common()

by Sasha Levin

From: Mike Christie <michael.christie(a)oracle.com> [ Upstream commit 3b83486399a6a9feb9c681b74c21a227d48d7020 ] If scsi_execute_cmd() returns < 0, it doesn't initialize the sshdr, so we shouldn't access the sshdr. If it returns 0, then the cmd executed successfully, so there is no need to check the sshdr. sd_sync_cache() will only access the sshdr if it's been setup because it calls scsi_status_is_check_condition() before accessing it. However, the sd_sync_cache() caller, sd_suspend_common(), does not check. sd_suspend_common() is only checking for ILLEGAL_REQUEST which it's using to determine if the command is supported. If it's not it just ignores the error. So to fix its sshdr use this patch just moves that check to sd_sync_cache() where it converts ILLEGAL_REQUEST to success/0. sd_suspend_common() was ignoring that error and sd_shutdown() doesn't check for errors so there will be no behavior changes. Signed-off-by: Mike Christie <michael.christie(a)oracle.com> Link: https://lore.kernel.org/r/20231106231304.5694-2-michael.christie@oracle.com Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Martin Wilck <mwilck(a)suse.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/sd.c | 53 ++++++++++++++++++++--------------------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 6effa13039f39..ac5e917f7abd6 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1642,24 +1642,21 @@ static unsigned int sd_check_events(struct gendisk *disk, unsigned int clearing) return disk_changed ? DISK_EVENT_MEDIA_CHANGE : 0; } -static int sd_sync_cache(struct scsi_disk *sdkp, struct scsi_sense_hdr *sshdr) +static int sd_sync_cache(struct scsi_disk *sdkp) { int retries, res; struct scsi_device *sdp = sdkp->device; const int timeout = sdp->request_queue->rq_timeout * SD_FLUSH_TIMEOUT_MULTIPLIER; - struct scsi_sense_hdr my_sshdr; + struct scsi_sense_hdr sshdr; const struct scsi_exec_args exec_args = { .req_flags = BLK_MQ_REQ_PM, - /* caller might not be interested in sense, but we need it */ - .sshdr = sshdr ? : &my_sshdr, + .sshdr = &sshdr, }; if (!scsi_device_online(sdp)) return -ENODEV; - sshdr = exec_args.sshdr; - for (retries = 3; retries > 0; --retries) { unsigned char cmd[16] = { 0 }; @@ -1684,15 +1681,23 @@ static int sd_sync_cache(struct scsi_disk *sdkp, struct scsi_sense_hdr *sshdr) return res; if (scsi_status_is_check_condition(res) && - scsi_sense_valid(sshdr)) { - sd_print_sense_hdr(sdkp, sshdr); + scsi_sense_valid(&sshdr)) { + sd_print_sense_hdr(sdkp, &sshdr); /* we need to evaluate the error return */ - if (sshdr->asc == 0x3a || /* medium not present */ - sshdr->asc == 0x20 || /* invalid command */ - (sshdr->asc == 0x74 && sshdr->ascq == 0x71)) /* drive is password locked */ + if (sshdr.asc == 0x3a || /* medium not present */ + sshdr.asc == 0x20 || /* invalid command */ + (sshdr.asc == 0x74 && sshdr.ascq == 0x71)) /* drive is password locked */ /* this is no error here */ return 0; + /* + * This drive doesn't support sync and there's not much + * we can do because this is called during shutdown + * or suspend so just return success so those operations + * can proceed. + */ + if (sshdr.sense_key == ILLEGAL_REQUEST) + return 0; } switch (host_byte(res)) { @@ -3847,7 +3852,7 @@ static void sd_shutdown(struct device *dev) if (sdkp->WCE && sdkp->media_present) { sd_printk(KERN_NOTICE, sdkp, "Synchronizing SCSI cache\n"); - sd_sync_cache(sdkp, NULL); + sd_sync_cache(sdkp); } if ((system_state != SYSTEM_RESTART && @@ -3868,7 +3873,6 @@ static inline bool sd_do_start_stop(struct scsi_device *sdev, bool runtime) static int sd_suspend_common(struct device *dev, bool runtime) { struct scsi_disk *sdkp = dev_get_drvdata(dev); - struct scsi_sense_hdr sshdr; int ret = 0; if (!sdkp) /* E.g.: runtime suspend following sd_remove() */ @@ -3877,24 +3881,13 @@ static int sd_suspend_common(struct device *dev, bool runtime) if (sdkp->WCE && sdkp->media_present) { if (!sdkp->device->silence_suspend) sd_printk(KERN_NOTICE, sdkp, "Synchronizing SCSI cache\n"); - ret = sd_sync_cache(sdkp, &sshdr); - - if (ret) { - /* ignore OFFLINE device */ - if (ret == -ENODEV) - return 0; - - if (!scsi_sense_valid(&sshdr) || - sshdr.sense_key != ILLEGAL_REQUEST) - return ret; + ret = sd_sync_cache(sdkp); + /* ignore OFFLINE device */ + if (ret == -ENODEV) + return 0; - /* - * sshdr.sense_key == ILLEGAL_REQUEST means this drive - * doesn't support sync. There's not much to do and - * suspend shouldn't fail. - */ - ret = 0; - } + if (ret) + return ret; } if (sd_do_start_stop(sdkp->device, runtime)) { -- 2.42.0

1 year, 2 months

4
20
0 0

[PATCH v5] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach

by Zheng Wang

This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm80211 driver,it starts with the following invoking chain to start init a timeout worker: ->brcmf_usb_probe ->brcmf_usb_probe_cb ->brcmf_attach ->brcmf_bus_started ->brcmf_cfg80211_attach ->wl_init_priv ->brcmf_init_escan ->INIT_WORK(&cfg->escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); If we disconnect the USB by hotplug, it will call brcmf_usb_disconnect to make cleanup. The invoking chain is : brcmf_usb_disconnect ->brcmf_usb_disconnect_cb ->brcmf_detach ->brcmf_cfg80211_detach ->kfree(cfg); While the timeout woker may still be running. This will cause a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker. Fix it by deleting the timer and canceling the worker in brcmf_cfg80211_detach. Fixes: e756af5b30b0 ("brcmfmac: add e-scan support.") Signed-off-by: Zheng Wang <zyytlz.wz(a)163.com> Cc: stable(a)vger.kernel.org --- v5: - replace del_timer_sync with timer_shutdown_sync suggested by Arend and Takashi v4: - rename the subject and add CVE number as Ping-Ke Shih suggested v3: - rename the subject as Johannes suggested v2: - fix the error of kernel test bot reported --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 667462369a32..a8723a61c9e4 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -8431,6 +8431,8 @@ void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg) if (!cfg) return; + timer_shutdown_sync(&cfg->escan_timeout); + cancel_work_sync(&cfg->escan_timeout_work); brcmf_pno_detach(cfg); brcmf_btcoex_detach(cfg); wiphy_unregister(cfg->wiphy); -- 2.25.1

1 year, 2 months

7
13
0 0

[PATCH] usb: dwc3: core: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK

by Prashanth K

Upstream commit bac1ec551434 ("usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK") introduced a new quirk in XHCI which fixes XHC timeout, which was seen on synopsys XHCs while using SG buffers. But the support for this quirk isn't present in the DWC3 layer. We will encounter this XHCI timeout/hung issue if we run iperf loopback tests using RTL8156 ethernet adaptor on DWC3 targets with scatter-gather enabled. This gets resolved after enabling the XHCI_SG_TRB_CACHE_SIZE_QUIRK. This patch enables it using the xhci_priv_data since its needed for DWC3 controller. In Synopsys DWC3 databook, Table 9-3: xHCI Debug Capability Limitations Chained TRBs greater than TRB cache size: The debug capability driver must not create a multi-TRB TD that describes smaller than a 1K packet that spreads across 8 or more TRBs on either the IN TR or the OUT TR More information about this XHCI quirk is mentioned on the following thread. https://lore.kernel.org/all/20201208092912.1773650-3-mathias.nyman@linux.in… Cc: <stable(a)vger.kernel.org> # 5.11 Fixes: bac1ec551434 ("usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- drivers/usb/dwc3/host.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 61f57fe5bb78..ee3b667a88b2 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -11,6 +11,7 @@ #include <linux/of.h> #include <linux/platform_device.h> +#include "../host/xhci-plat.h" #include "core.h" static void dwc3_host_fill_xhci_irq_res(struct dwc3 *dwc, @@ -63,6 +64,7 @@ int dwc3_host_init(struct dwc3 *dwc) { struct property_entry props[4]; struct platform_device *xhci; + struct xhci_plat_priv dwc3_xhci_plat_priv; int ret, irq; int prop_idx = 0; @@ -87,6 +89,14 @@ int dwc3_host_init(struct dwc3 *dwc) goto err; } + memset(&dwc3_xhci_plat_priv, 0, sizeof(struct xhci_plat_priv)); + + dwc3_xhci_plat_priv.quirks |= XHCI_SG_TRB_CACHE_SIZE_QUIRK; + ret = platform_device_add_data(xhci, &dwc3_xhci_plat_priv, + sizeof(dwc3_xhci_plat_priv)); + if (ret) + goto err; + memset(props, 0, sizeof(struct property_entry) * ARRAY_SIZE(props)); if (dwc->usb3_lpm_capable) -- 2.25.1

1 year, 2 months

1
2
0 0

[PATCH 1/1] drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get

by Stuart Lee

Add error handling to check NULL input in mtk_drm_crtc_dma_dev_get function. While display path is not configured correctly, none of crtc is established. So the caller of mtk_drm_crtc_dma_dev_get may pass input parameter *crtc as NULL, Which may cause coredump when we try to get the container of NULL pointer. Fixes: cb1d6bcca542 ("drm/mediatek: Add dma dev get function") Signed-off-by: Stuart Lee <stuart.lee(a)mediatek.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c index c277b9fae950..047c9a31d306 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c @@ -921,7 +921,14 @@ static int mtk_drm_crtc_init_comp_planes(struct drm_device *drm_dev, struct device *mtk_drm_crtc_dma_dev_get(struct drm_crtc *crtc) { - struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc); + struct mtk_drm_crtc *mtk_crtc = NULL; + + if (!crtc) + return NULL; + + mtk_crtc = to_mtk_crtc(crtc); + if (!mtk_crtc) + return NULL; return mtk_crtc->dma_dev; } -- 2.18.0

1 year, 2 months

4
3
0 0

[PATCH 5.15 000/297] 5.15.140-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.140 release. There are 297 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 26 Nov 2023 17:19:17 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.140-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.140-rc1 Saravana Kannan <saravanak(a)google.com> driver core: Release all resources during unbind before updating device links Vicki Pfau <vi(a)endrift.com> Input: xpad - add VID for Turtle Beach controllers Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have trace_event_file have ref counters Michael Ellerman <mpe(a)ellerman.id.au> powerpc/powernv: Fix fortify source warnings in opal-prd.c Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid Lewis Huang <lewis.huang(a)amd.com> drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_bo_list_get() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't use ATRM for external devices Kunwu Chan <chentao(a)kylinos.cn> drm/i915: Fix potential spectre vulnerability Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amd/pm: Handle non-terminated overdrive commands. Jan Kara <jack(a)suse.cz> ext4: properly sync file size update after O_SYNC direct IO Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: add missed brelse in update_backups Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the start block of counting reserved clusters Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: correct return value of ext4_convert_meta_bg Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: correct offset of gdb backup in non meta_bg group to update_backups Max Kellermann <max.kellermann(a)ionos.com> ext4: apply umask if ACL support is disabled Heiner Kallweit <hkallweit1(a)gmail.com> Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix missing vfe_lite clocks check Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix VFE-17x vfe_disable_output() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix vfe_get() error jump Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix pm_domain_on sequence in probe Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER ChunHao Lin <hau(a)realtek.com> r8169: fix network lost after resume on DASH systems Roman Gushchin <roman.gushchin(a)linux.dev> mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 Nam Cao <namcaov(a)gmail.com> riscv: kprobes: allow writing to x0 Mahmoud Adam <mngyadam(a)amazon.com> nfsd: fix file memleak on client_opens_release Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Correctly initialise try compose rectangle Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add checks to handle capabilities from firmware Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: fix the check to handle session buffer requirement Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: Add check to keep the number of codecs within range Sean Young <sean(a)mess.org> media: sharp: fix sharp encoding Sean Young <sean(a)mess.org> media: lirc: drop trailing space from scancode transmit Su Hui <suhui(a)nfschina.com> f2fs: avoid format-overflow warning Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: fix potential race in i801_block_transaction_byte_by_byte Klaus Kudielka <klaus.kudielka(a)gmail.com> net: phylink: initialize carrier state at creation Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: dsa: lan9303: consequently nested-lock physical MDIO Andrew Lunn <andrew(a)lunn.ch> net: ethtool: Fix documentation of ethtool_sprintf() Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: fix AP bus crash on early config change callback invocation Tam Nguyen <tamnguyenchi(a)os.amperecomputing.com> i2c: designware: Disable TX_EMPTY irq while waiting for block length byte Darren Hart <darren(a)os.amperecomputing.com> sbsa_gwdt: Calculate timeout with 64-bit math Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value for inode_getsecctx Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value for vm_enough_memory Robert Marko <robert.marko(a)sartura.hr> Revert "i2c: pxa: move to generic GPIO recovery" Johnathan Mantey <johnathanx.mantey(a)intel.com> Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/pseries/ddw: simplify enable_ddw() Vignesh Viswanathan <quic_viswanat(a)quicinc.com> arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab out of bounds write in smb_inherit_dacl() Guan Wentao <guanwentao(a)uniontech.com> Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Masum Reza <masumrezarock100(a)gmail.com> Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Larry Finger <Larry.Finger(a)lwfinger.net> bluetooth: Add device 13d3:3571 to device tables Larry Finger <Larry.Finger(a)lwfinger.net> bluetooth: Add device 0bda:887b to device tables Artem Lukyanov <dukzcry(a)ya.ru> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 Christian Marangi <ansuelsmth(a)gmail.com> cpufreq: stats: Fix buffer overflow detection in trans_stats() Mark Brown <broonie(a)kernel.org> regmap: Ensure range selector registers are updated after cache sync Pavel Krasavin <pkrasavin(a)imaqliq.com> tty: serial: meson: fix hard LOCKUP on crtscts mode Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> serial: meson: Use platform_get_irq() to get the interrupt Chandradeep Dey <codesigning(a)chandradeepdey.com> ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add Dell ALC295 to pin fall back table Takashi Iwai <tiwai(a)suse.de> ALSA: info: Fix potential deadlock at disconnection Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Enable RPM on controllers that support low-power states Helge Deller <deller(a)gmx.de> parisc/power: Fix power soft-off when running on qemu Helge Deller <deller(a)gmx.de> parisc/pgtable: Do not drop upper 5 address bits of physical address Helge Deller <deller(a)gmx.de> parisc: Prevent booting 64-bit kernels on PA1.x machines Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix check wrong status register in irq handler Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix ibi may not return mandatory data byte Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix wrong data return when IBI happen during start frame Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix race condition in ibi work thread Joshua Yeong <joshua.yeong(a)starfivetech.com> i3c: master: cdns: Fix reading status register Linus Walleij <linus.walleij(a)linaro.org> mtd: cfi_cmdset_0001: Byte swap OTP info Zi Yan <ziy(a)nvidia.com> mm/memory_hotplug: use pfn math in place of direct struct page manipulation Zi Yan <ziy(a)nvidia.com> mm/cma: use nth_page() in place of direct struct page manipulation Heiko Carstens <hca(a)linux.ibm.com> s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir Heiko Carstens <hca(a)linux.ibm.com> s390/cmma: fix detection of DAT pages Heiko Carstens <hca(a)linux.ibm.com> s390/cmma: fix initial kernel address space page table walk Alain Volmat <alain.volmat(a)foss.st.com> dmaengine: stm32-mdma: correct desc prep when channel running Sanjuán García, Jorge <Jorge.SanjuanGarcia(a)duagon.com> mcb: fix error handling for different scenarios when parsing Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have the user copy of synthetic event address use correct context Benjamin Bara <benjamin.bara(a)skidata.com> i2c: core: Run atomic i2c xfer when !preemptible Benjamin Bara <benjamin.bara(a)skidata.com> kernel/reboot: emergency_restart: Set correct system_state Eric Biggers <ebiggers(a)google.com> quota: explicitly forbid quota files from being encrypted Zhihao Cheng <chengzhihao1(a)huawei.com> jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Remove duplicate feature check from CMT test Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: split async and sync catchall in two functions Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove catchall element in GC sync path Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: keystone: Don't discard .probe() callback Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: keystone: Don't discard .remove() callback Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Rollback init_trusted() consistently Herve Codina <herve.codina(a)bootlin.com> genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware Rong Chen <rong.chen(a)amlogic.com> mmc: meson-gx: Remove setting of CMD_CFG_ERROR Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix htt pktlog locking Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dfs radar event locking Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix temperature event locking Mimi Zohar <zohar(a)linux.ibm.com> ima: detect changes to the backing overlay file Amir Goldstein <amir73il(a)gmail.com> ima: annotate iint mutex to avoid lockdep false positive warnings Vasily Khoruzhick <anarsoul(a)gmail.com> ACPI: FPDT: properly handle invalid FPDT subtables Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit Josef Bacik <josef(a)toxicpanda.com> btrfs: don't arbitrarily slow down delalloc if we're committing Catalin Marinas <catalin.marinas(a)arm.com> rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects Brian Geffon <bgeffon(a)google.com> PM: hibernate: Clean up sync_read handling in snapshot_write_next() Brian Geffon <bgeffon(a)google.com> PM: hibernate: Use __get_safe_page() rather than touching the list Vignesh Viswanathan <quic_viswanat(a)quicinc.com> arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM Joel Fernandes (Google) <joel(a)joelfernandes.org> rcu/tree: Defer setting of jiffies during stall reset Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Drop connection after an RDMA Read error Ajay Singh <ajay.kathat(a)microchip.com> wifi: wilc1000: use vmm_table as array in wilc struct Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: exynos: Don't discard .remove() callback Heiner Kallweit <hkallweit1(a)gmail.com> PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() Nitin Yadav <n-yadav(a)ti.com> mmc: sdhci_am654: fix start loop index for TAP value parsing Dan Carpenter <dan.carpenter(a)linaro.org> mmc: vub300: fix an error code Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data Helge Deller <deller(a)gmx.de> parisc/power: Add power soft-off when running on qemu Helge Deller <deller(a)gmx.de> parisc/pdc: Add width field to struct pdc_model Nathan Chancellor <nathan(a)kernel.org> arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Werner Sembach <wse(a)tuxedocomputers.com> ACPI: resource: Do IRQ override on TongFang GMxXGxx Krister Johansen <kjlx(a)templeofstupid.com> watchdog: move softlockup_panic back to early_param Lukas Wunner <lukas(a)wunner.de> PCI/sysfs: Protect driver's D3cold preference from user space David Woodhouse <dwmw(a)amazon.co.uk> hvc/xen: fix event channel handling for secondary consoles David Woodhouse <dwmw(a)amazon.co.uk> hvc/xen: fix error path in xen_hvc_init() to always register frontend driver David Woodhouse <dwmw(a)amazon.co.uk> hvc/xen: fix console unplug Muhammad Usama Anjum <usama.anjum(a)collabora.com> tty/sysrq: replace smp_processor_id() with get_cpu() Paul Moore <paul(a)paul-moore.com> audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() Paul Moore <paul(a)paul-moore.com> audit: don't take task_lock() in audit_exe_compare() code path Maciej S. Szmigiero <maciej.szmigiero(a)oracle.com> KVM: x86: Ignore MSR_AMD64_TW_CFG access Nicolas Saenz Julienne <nsaenz(a)amazon.com> KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space Pu Wen <puwen(a)hygon.cn> x86/cpu/hygon: Fix the CPU topology evaluation for real Roxana Nicolescu <roxana.nicolescu(a)canonical.com> crypto: x86/sha - load modules based on CPU features Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix system crash due to bad pointer access Chandrakanth patil <chandrakanth.patil(a)broadcom.com> scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix loop logic Shung-Hsi Yu <shung-hsi.yu(a)suse.com> bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END Hao Sun <sunhao.th(a)gmail.com> bpf: Fix check_stack_write_fixed_off() to correctly spill imm Kees Cook <keescook(a)chromium.org> randstruct: Fix gcc-plugin performance mode to stay in group Nicholas Piggin <npiggin(a)gmail.com> powerpc/perf: Fix disabling BHRB and instruction sampling Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add checks to perform sanity on queue pointers Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> i915/perf: Fix NULL deref bugs with drm_dbg() calls Li Zetao <lizetao1(a)huawei.com> xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() Zeng Heng <zengheng4(a)huawei.com> xfs: fix memory leak in xfs_errortag_init Guo Xuenan <guoxuenan(a)huawei.com> xfs: fix exception caused by unexpected illegal bestcount in leaf dir Darrick J. Wong <djwong(a)kernel.org> xfs: avoid a UAF when log intent item recovery fails hexiaole <hexiaole(a)kylinos.cn> xfs: fix inode reservation space for removing transaction Chandan Babu R <chandan.babu(a)oracle.com> xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork Gao Xiang <hsiangkao(a)linux.alibaba.com> xfs: add missing cmap->br_state = XFS_EXT_NORM update Darrick J. Wong <djwong(a)kernel.org> xfs: fix intermittent hang during quotacheck Darrick J. Wong <djwong(a)kernel.org> xfs: don't leak memory when attr fork loading fails Darrick J. Wong <djwong(a)kernel.org> xfs: fix use-after-free in xattr node block inactivation Zhang Yi <yi.zhang(a)huawei.com> xfs: flush inode gc workqueue before clearing agi bucket Darrick J. Wong <djwong(a)kernel.org> xfs: prevent a UAF when log IO errors race with unmount Kaixu Xia <kaixuxia(a)tencent.com> xfs: use invalidate_lock to check the state of mmap_lock Darrick J. Wong <djwong(a)kernel.org> xfs: convert buf_cancel_table allocation to kmalloc_array Darrick J. Wong <djwong(a)kernel.org> xfs: don't leak xfs_buf_cancel structures when recovery fails Darrick J. Wong <djwong(a)kernel.org> xfs: refactor buffer cancellation table allocation Ekaterina Esina <eesina(a)astralinux.ru> cifs: fix check of rc in function generate_smb3signingkey Anastasia Belova <abelova(a)astralinux.ru> cifs: spnego: add ';' in HOST_KEY_LEN Chen Yu <yu.c.chen(a)intel.com> tools/power/turbostat: Enable the C-state Pre-wake printing Zhang Rui <rui.zhang(a)intel.com> tools/power/turbostat: Fix a knl bug Vlad Buslov <vladbu(a)nvidia.com> macvlan: Don't propagate promisc change to lower dev in passthru Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5e: Reduce the size of icosq_str Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Fix pedit endianness Paul Blakey <paulb(a)nvidia.com> net/mlx5e: Refactor mod header management API Roi Dayan <roid(a)nvidia.com> net/mlx5e: Move mod hdr allocation to a single place Roi Dayan <roid(a)nvidia.com> net/mlx5e: Remove incorrect addition of action fwd flag Gavin Li <gavinl(a)nvidia.com> net/mlx5e: fix double free of encap_header in update funcs Dust Li <dust.li(a)linux.alibaba.com> net/mlx5e: fix double free of encap_header Baruch Siach <baruch(a)tkos.co.il> net: stmmac: fix rx budget limit check Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: add and use BE register load-store helpers Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: use the correct get/put helpers Linkui Xiao <xiaolinkui(a)kylinos.cn> netfilter: nf_conntrack_bridge: initialize err to 0 Eric Dumazet <edumazet(a)google.com> af_unix: fix use-after-free in unix_stream_read_actor() Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Fix MTU max setting Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Handle large frames Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Fix max RX frame define Eric Dumazet <edumazet(a)google.com> bonding: stop the device in bond_setup_by_slave() Eric Dumazet <edumazet(a)google.com> ptp: annotate data-race around q->head and q->tail Juergen Gross <jgross(a)suse.com> xen/events: fix delayed eoi list handling Willem de Bruijn <willemb(a)google.com> ppp: limit MRU to 64K Shigeru Yoshida <syoshida(a)redhat.com> tipc: Fix kernel-infoleak due to uninitialized TLV value Jijie Shao <shaojijie(a)huawei.com> net: hns3: fix VF wrong speed and duplex issue Jijie Shao <shaojijie(a)huawei.com> net: hns3: fix VF reset fail issue Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() Jian Shen <shenjian15(a)huawei.com> net: hns3: fix incorrect capability bit display for copper port Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: add barrier in vf mailbox reply process Jie Wang <wangjie125(a)huawei.com> net: hns3: add byte order conversion for PF to VF mailbox message Jian Shen <shenjian15(a)huawei.com> net: hns3: refine the definition for struct hclge_pf_to_vf_msg Jian Shen <shenjian15(a)huawei.com> net: hns3: fix add VLAN fail issue Shigeru Yoshida <syoshida(a)redhat.com> tty: Fix uninit-value access in ppp_sync_receive() Eric Dumazet <edumazet(a)google.com> ipvlan: add ipvlan_route_v6_outbound() helper Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Martin KaFai Lau <kafai(a)fb.com> net: inet: Retire port only listening_hash Martin KaFai Lau <kafai(a)fb.com> net: inet: Open code inet_hash2 and inet_unhash2 Martin KaFai Lau <kafai(a)fb.com> net: inet: Remove count from inet_listen_hashbucket Florian Westphal <fw(a)strlen.de> mptcp: listen diag dump support Florian Westphal <fw(a)strlen.de> mptcp: diag: switch to context structure Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Silence "suspicious RCU usage in gfs2_permission" warning felix <fuzhen5(a)huawei.com> SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Add an IS_ERR() check back to where it was Marc Zyngier <maz(a)kernel.org> gpio: Add helpers to ease the transition towards immutable irq_chip Marc Zyngier <maz(a)kernel.org> gpio: Expose the gpiochip_irq_re[ql]res helpers Marc Zyngier <maz(a)kernel.org> gpio: Don't fiddle with irqchips marked as immutable Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: ECONNRESET might require a rebind Marek Szyprowski <m.szyprowski(a)samsung.com> media: cec: meson: always include meson sub-directory in Makefile Pratyush Yadav <p.yadav(a)ti.com> media: cadence: csi2rx: Unregister v4l2 async notifier Finn Thain <fthain(a)linux-m68k.org> sched/core: Optimize in_task() and in_interrupt() a bit Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing/perf: Add interrupt_context_level() helper Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Reuse logic from perf's get_recursion_context() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: Use FW rate for non-data frames Dan Carpenter <dan.carpenter(a)linaro.org> pwm: Fix double shift bug Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix software pci_unplug on some chips Zongmin Zhou <zhouzongmin(a)kylinos.cn> drm/qxl: prevent memory leak Tony Lindgren <tony(a)atomide.com> ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings Philipp Stanner <pstanner(a)redhat.com> i2c: dev: copy userspace array safely Douglas Anderson <dianders(a)chromium.org> kgdb: Flush console before entering kgdb on panic Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Avoid NULL dereference of timing generator Takashi Iwai <tiwai(a)suse.de> media: imon: fix access to invalid resource for the second interface Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix driver quirk struct documentation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> media: cobalt: Use FIELD_GET() to extract Link Width Al Viro <viro(a)zeniv.linux.org.uk> gfs2: fix an oops in gfs2_permission Bob Peterson <rpeterso(a)redhat.com> gfs2: ignore negated quota changes Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: avoid integer overflow Rajeshwar R Shinde <coolrrsh(a)gmail.com> media: gspca: cpia1: shift-out-of-bounds in set_flicker Billy Tsai <billy_tsai(a)aspeedtech.com> i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. zhenwei pi <pizhenwei(a)bytedance.com> virtio-blk: fix implicit overflow on virtio_max_dma_size Axel Lin <axel.lin(a)ingics.com> i2c: sun6i-p2wi: Prevent potential division by zero Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Dominique Martinet <asmadeus(a)codewreck.org> 9p: v9fs_listxattr: fix %s null argument warning Marco Elver <elver(a)google.com> 9p/trans_fd: Annotate data-racy writes to file::f_flags Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: gadget: f_ncm: Always set current gadget in ncm_bind() Yi Yang <yiyang13(a)huawei.com> tty: vcc: Add check for kstrdup() in vcc_probe() Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: support handle zero-size directory Jiri Kosina <jkosina(a)suse.cz> HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W Bjorn Helgaas <bhelgaas(a)google.com> PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Disable ATS for specific Intel IPU E2000 devices Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Extract ATS disabling to a helper function Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Use FIELD_GET() to extract Link Width Wenchao Hao <haowenchao2(a)huawei.com> scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> atm: iphase: Do PCI error checks on own line Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Fix possible null-ptr-deref when assigning a stream Vincent Whitchurch <vincent.whitchurch(a)axis.com> ARM: 9320/1: fix stack depot IRQ stack filter Mikhail Khvainitski <me(a)khvoinitsky.org> HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in diAlloc Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbFindLeaf Juntong Deng <juntong.deng(a)outlook.com> fs/jfs: Add validity check for db_maxag and db_agpref Juntong Deng <juntong.deng(a)outlook.com> fs/jfs: Add check for negative db_l2nbperpage Tyrel Datwyler <tyreld(a)linux.ibm.com> scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> RDMA/hfi1: Use FIELD_GET() to extract Link Width Lu Jialin <lujialin4(a)huawei.com> crypto: pcrypt - Fix hungtask for PADATA_RESET Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-card: Add storage for PCI SSID zhujun2 <zhujun2(a)cmss.chinamobile.com> selftests/efivarfs: create-read: fix a resource leak Laurentiu Tudor <laurentiu.tudor(a)nxp.com> arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size Qu Huang <qu.huang(a)linux.dev> drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL Jesse Zhang <jesse.zhang(a)amd.com> drm/amdkfd: Fix shift out-of-bounds issue Ondrej Jirman <megi(a)xff.cz> drm/panel: st7703: Pick different reset sequence Ma Ke <make_ruc2021(a)163.com> drm/amdgpu/vkms: fix a possible null pointer dereference Ma Ke <make_ruc2021(a)163.com> drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference Ma Ke <make_ruc2021(a)163.com> drm/panel: fix a possible null pointer dereference Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Fix potential null pointer derefernce Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 Jani Nikula <jani.nikula(a)intel.com> drm/msm/dp: skip validity check for DP CTS EDID checksum Philipp Stanner <pstanner(a)redhat.com> drm: vmwgfx_surface.c: copy user-array safely Philipp Stanner <pstanner(a)redhat.com> kernel: watch_queue: copy user-array safely Philipp Stanner <pstanner(a)redhat.com> kernel: kexec: copy user-array safely Philipp Stanner <pstanner(a)redhat.com> string.h: add array-wrappers for (v)memdup_user() Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: use full update for clip size increase of large plane source Xiaogang Chen <xiaogang.chen(a)amd.com> drm/amdkfd: Fix a race condition of vram buffer unref in svm code baozhu.liu <lucas.liu(a)siengine.com> drm/komeda: drop all currently held locks if deadlock happens Olli Asikainen <olli.asikainen(a)gmail.com> platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e ZhengHan Wang <wzhmmmmm(a)gmail.com> Bluetooth: Fix double free in hci_conn_cleanup youwan Wang <wangyouwan(a)126.com> Bluetooth: btusb: Add date->evt_skb is NULL check Douglas Anderson <dianders(a)chromium.org> wifi: ath10k: Don't touch the CE interrupt registers after power up Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_dst_pending_confirm Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_tx_queue_mapping Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath10k: fix clang-specific fortify warning Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix clang-specific fortify warnings Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Detect IP == ksym.end as part of BPF program Sieng-Piaw Liew <liew.s.piaw(a)gmail.com> atl1c: Work around the DMA RX overflow issue Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: don't return unset power in ieee80211_get_tx_power() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211_hwsim: fix clang-specific fortify warning Mike Rapoport (IBM) <rppt(a)kernel.org> x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size Frederic Weisbecker <frederic(a)kernel.org> workqueue: Provide one lock class key per work_on_cpu() callsite Ronald Wahl <ronald.wahl(a)raritan.com> clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/timer-imx-gpt: Fix potential memory leak Shuai Xue <xueshuai(a)linux.alibaba.com> perf/core: Bail out early if the request AUX area is out of bound John Stultz <jstultz(a)google.com> locking/ww_mutex/test: Fix potential workqueue corruption ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/exception.h | 4 - arch/arm64/Kconfig | 2 + arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi | 46 ++-- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 15 +- arch/parisc/include/uapi/asm/pdc.h | 1 + arch/parisc/kernel/entry.S | 7 +- arch/parisc/kernel/head.S | 5 +- arch/powerpc/perf/core-book3s.c | 5 +- arch/powerpc/platforms/powernv/opal-prd.c | 17 +- arch/powerpc/platforms/pseries/iommu.c | 19 +- arch/riscv/kernel/probes/simulate-insn.c | 2 +- arch/s390/mm/page-states.c | 25 ++- arch/x86/crypto/sha1_ssse3_glue.c | 12 ++ arch/x86/crypto/sha256_ssse3_glue.c | 12 ++ arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/numa.h | 7 - arch/x86/kernel/cpu/hygon.c | 8 +- arch/x86/kvm/hyperv.c | 10 +- arch/x86/kvm/x86.c | 2 + arch/x86/mm/numa.c | 7 - crypto/pcrypt.c | 4 + drivers/acpi/acpi_fpdt.c | 45 +++- drivers/acpi/resource.c | 12 ++ drivers/atm/iphase.c | 20 +- drivers/base/dd.c | 4 +- drivers/base/regmap/regcache.c | 30 +++ drivers/block/virtio_blk.c | 4 +- drivers/bluetooth/btusb.c | 15 ++ drivers/clk/qcom/gcc-ipq6018.c | 6 - drivers/clk/qcom/gcc-ipq8074.c | 6 - drivers/clk/socfpga/stratix10-clk.h | 4 +- drivers/clocksource/timer-atmel-tcb.c | 1 + drivers/clocksource/timer-imx-gpt.c | 18 +- drivers/cpufreq/cpufreq_stats.c | 14 +- drivers/dma/stm32-mdma.c | 4 +- drivers/firmware/qcom_scm.c | 7 + drivers/gpio/gpiolib.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 13 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 13 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 4 +- drivers/gpu/drm/amd/display/dc/dc.h | 5 + drivers/gpu/drm/amd/display/dmub/dmub_srv.h | 22 +- drivers/gpu/drm/amd/display/dmub/src/dmub_srv.c | 32 ++- drivers/gpu/drm/amd/include/pptable.h | 4 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 8 +- .../gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 16 +- .../drm/arm/display/komeda/komeda_pipeline_state.c | 9 +- drivers/gpu/drm/i915/gem/i915_gem_context.c | 1 + drivers/gpu/drm/i915/i915_perf.c | 15 +- drivers/gpu/drm/msm/dp/dp_panel.c | 21 +- drivers/gpu/drm/panel/panel-arm-versatile.c | 2 + drivers/gpu/drm/panel/panel-sitronix-st7703.c | 25 +-- drivers/gpu/drm/panel/panel-tpo-tpg110.c | 2 + drivers/gpu/drm/qxl/qxl_display.c | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 4 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-lenovo.c | 68 ++++-- drivers/hid/hid-quirks.c | 1 + drivers/i2c/busses/i2c-designware-master.c | 19 +- drivers/i2c/busses/i2c-i801.c | 19 +- drivers/i2c/busses/i2c-pxa.c | 76 ++++++- drivers/i2c/busses/i2c-sun6i-p2wi.c | 5 + drivers/i2c/i2c-core.h | 2 +- drivers/i2c/i2c-dev.c | 4 +- drivers/i3c/master/i3c-master-cdns.c | 6 +- drivers/i3c/master/mipi-i3c-hci/dat_v1.c | 29 ++- drivers/i3c/master/mipi-i3c-hci/dma.c | 2 +- drivers/i3c/master/svc-i3c-master.c | 45 +++- drivers/infiniband/hw/hfi1/pcie.c | 9 +- drivers/input/joystick/xpad.c | 1 + drivers/mcb/mcb-core.c | 1 + drivers/mcb/mcb-parse.c | 2 +- drivers/media/cec/platform/Makefile | 2 +- drivers/media/i2c/ccs/ccs-core.c | 2 +- drivers/media/i2c/ccs/ccs-quirk.h | 4 +- drivers/media/pci/cobalt/cobalt-driver.c | 11 +- drivers/media/platform/cadence/cdns-csi2rx.c | 7 +- drivers/media/platform/qcom/camss/camss-vfe-170.c | 22 +- drivers/media/platform/qcom/camss/camss-vfe.c | 5 +- drivers/media/platform/qcom/camss/camss.c | 12 +- drivers/media/platform/qcom/venus/hfi_msgs.c | 2 +- drivers/media/platform/qcom/venus/hfi_parser.c | 15 ++ drivers/media/platform/qcom/venus/hfi_venus.c | 10 + drivers/media/rc/imon.c | 6 + drivers/media/rc/ir-sharp-decoder.c | 8 +- drivers/media/rc/lirc_dev.c | 6 +- drivers/media/test-drivers/vivid/vivid-rds-gen.c | 2 +- drivers/media/usb/gspca/cpia1.c | 3 + drivers/misc/pci_endpoint_test.c | 4 + drivers/mmc/host/meson-gx-mmc.c | 1 - drivers/mmc/host/sdhci-pci-gli.c | 22 ++ drivers/mmc/host/sdhci_am654.c | 2 +- drivers/mmc/host/vub300.c | 1 + drivers/mtd/chips/cfi_cmdset_0001.c | 20 +- drivers/net/bonding/bond_main.c | 6 + drivers/net/dsa/lan9303_mdio.c | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c.h | 3 - drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 67 ++---- drivers/net/ethernet/cortina/gemini.c | 45 ++-- drivers/net/ethernet/cortina/gemini.h | 4 +- drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 47 ++++- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 33 ++- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 62 +++--- .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 2 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 29 ++- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 3 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 87 +++++--- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 2 +- .../net/ethernet/mellanox/mlx5/core/en/mod_hdr.c | 47 +++++ .../net/ethernet/mellanox/mlx5/core/en/mod_hdr.h | 13 ++ .../ethernet/mellanox/mlx5/core/en/reporter_rx.c | 4 +- .../net/ethernet/mellanox/mlx5/core/en/tc/sample.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 25 +-- .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 30 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 234 +++++++++------------ drivers/net/ethernet/mellanox/mlx5/core/en_tc.h | 5 - .../ethernet/mellanox/mlx5/core/esw/indir_table.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ipvlan/ipvlan_core.c | 41 ++-- drivers/net/macvlan.c | 2 +- drivers/net/phy/phylink.c | 1 + drivers/net/ppp/ppp_synctty.c | 6 +- drivers/net/wireless/ath/ath10k/debug.c | 2 +- drivers/net/wireless/ath/ath10k/snoc.c | 18 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 8 +- drivers/net/wireless/ath/ath11k/wmi.c | 12 +- drivers/net/wireless/ath/ath9k/debug.c | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 14 +- drivers/net/wireless/mac80211_hwsim.c | 2 +- drivers/net/wireless/microchip/wilc1000/wlan.c | 2 +- drivers/parisc/power.c | 16 +- drivers/pci/controller/dwc/pci-exynos.c | 4 +- drivers/pci/controller/dwc/pci-keystone.c | 8 +- drivers/pci/controller/dwc/pcie-tegra194.c | 9 +- drivers/pci/pci-acpi.c | 2 +- drivers/pci/pci-sysfs.c | 10 +- drivers/pci/pci.c | 13 +- drivers/pci/pcie/aspm.c | 2 + drivers/pci/quirks.c | 35 ++- drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/ptp/ptp_chardev.c | 3 +- drivers/ptp/ptp_clock.c | 5 +- drivers/ptp/ptp_private.h | 8 +- drivers/ptp/ptp_sysfs.c | 3 +- drivers/s390/crypto/ap_bus.c | 4 + drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 13 +- drivers/scsi/ibmvscsi/ibmvfc.c | 124 ++++++++++- drivers/scsi/libfc/fc_lport.c | 6 + drivers/scsi/megaraid/megaraid_sas_base.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 12 +- drivers/tty/hvc/hvc_xen.c | 39 +++- drivers/tty/serial/meson_uart.c | 25 ++- drivers/tty/sysrq.c | 3 +- drivers/tty/vcc.c | 16 +- drivers/usb/gadget/function/f_ncm.c | 27 +-- drivers/usb/host/xhci-pci.c | 4 +- drivers/watchdog/sbsa_gwdt.c | 4 +- drivers/xen/events/events_base.c | 4 +- fs/9p/xattr.c | 5 +- fs/btrfs/delalloc-space.c | 3 - fs/cifs/cifs_spnego.c | 4 +- fs/cifs/smb2transport.c | 5 +- fs/exfat/namei.c | 29 ++- fs/ext4/acl.h | 5 + fs/ext4/extents_status.c | 4 +- fs/ext4/file.c | 153 ++++++-------- fs/ext4/resize.c | 23 +- fs/f2fs/compress.c | 2 +- fs/gfs2/inode.c | 14 +- fs/gfs2/quota.c | 11 + fs/gfs2/super.c | 2 +- fs/jbd2/recovery.c | 8 + fs/jfs/jfs_dmap.c | 23 +- fs/jfs/jfs_imap.c | 5 +- fs/ksmbd/smbacl.c | 29 ++- fs/nfs/nfs4proc.c | 5 +- fs/nfsd/nfs4state.c | 2 +- fs/overlayfs/super.c | 2 +- fs/proc/proc_sysctl.c | 1 - fs/quota/dquot.c | 14 ++ fs/xfs/libxfs/xfs_dir2_leaf.c | 9 +- fs/xfs/libxfs/xfs_inode_fork.c | 1 + fs/xfs/libxfs/xfs_log_recover.h | 14 +- fs/xfs/libxfs/xfs_trans_resv.c | 2 +- fs/xfs/xfs_attr_inactive.c | 8 +- fs/xfs/xfs_buf_item_recover.c | 66 ++++++ fs/xfs/xfs_error.c | 9 +- fs/xfs/xfs_inode.c | 4 +- fs/xfs/xfs_log.c | 9 +- fs/xfs/xfs_log_priv.h | 3 - fs/xfs/xfs_log_recover.c | 44 ++-- fs/xfs/xfs_qm.c | 7 + fs/xfs/xfs_reflink.c | 197 ++++++++++++++--- fs/xfs/xfs_sysfs.h | 7 +- include/linux/ethtool.h | 4 +- include/linux/gpio/driver.h | 16 ++ include/linux/irq.h | 2 + include/linux/lsm_hook_defs.h | 4 +- include/linux/preempt.h | 36 +++- include/linux/pwm.h | 4 +- include/linux/string.h | 40 ++++ include/linux/sunrpc/clnt.h | 1 + include/linux/trace_events.h | 4 + include/linux/trace_recursion.h | 8 +- include/linux/workqueue.h | 46 +++- include/net/inet_connection_sock.h | 2 - include/net/inet_hashtables.h | 42 +--- include/net/netfilter/nf_tables.h | 19 +- include/net/sock.h | 26 ++- include/sound/soc-card.h | 37 ++++ include/sound/soc.h | 11 + io_uring/io_uring.c | 18 +- kernel/audit_watch.c | 9 +- kernel/bpf/core.c | 6 +- kernel/bpf/verifier.c | 9 +- kernel/debug/debug_core.c | 3 + kernel/events/internal.h | 7 +- kernel/events/ring_buffer.c | 6 + kernel/irq/debugfs.c | 1 + kernel/irq/generic-chip.c | 25 ++- kernel/kexec.c | 2 +- kernel/locking/test-ww_mutex.c | 20 +- kernel/padata.c | 2 +- kernel/power/snapshot.c | 16 +- kernel/rcu/tree.c | 21 ++ kernel/rcu/tree.h | 4 + kernel/rcu/tree_stall.h | 20 +- kernel/reboot.c | 1 + kernel/trace/ring_buffer.c | 9 +- kernel/trace/trace.c | 15 ++ kernel/trace/trace.h | 3 + kernel/trace/trace_events.c | 43 ++-- kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_events_synth.c | 2 +- kernel/watch_queue.c | 2 +- kernel/watchdog.c | 7 + kernel/workqueue.c | 20 +- mm/cma.c | 2 +- mm/memcontrol.c | 3 +- mm/memory_hotplug.c | 2 +- net/9p/client.c | 2 +- net/9p/trans_fd.c | 13 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_sysfs.c | 23 +- net/bridge/netfilter/nf_conntrack_bridge.c | 2 +- net/bridge/netfilter/nft_meta_bridge.c | 2 +- net/core/sock.c | 2 +- net/dccp/proto.c | 1 - net/ipv4/inet_diag.c | 5 +- net/ipv4/inet_hashtables.c | 121 +++-------- net/ipv4/tcp.c | 1 - net/ipv4/tcp_ipv4.c | 21 +- net/ipv4/tcp_output.c | 2 +- net/ipv6/inet6_hashtables.c | 5 +- net/mac80211/cfg.c | 4 + net/mptcp/mptcp_diag.c | 105 ++++++++- net/ncsi/ncsi-aen.c | 5 - net/netfilter/nf_tables_api.c | 53 +++-- net/netfilter/nft_byteorder.c | 6 +- net/netfilter/nft_meta.c | 2 +- net/netfilter/nft_osf.c | 2 +- net/netfilter/nft_socket.c | 8 +- net/netfilter/nft_tproxy.c | 6 +- net/netfilter/nft_xfrm.c | 8 +- net/sunrpc/clnt.c | 7 +- net/sunrpc/rpcb_clnt.c | 4 + net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 3 +- net/tipc/netlink_compat.c | 1 + net/unix/af_unix.c | 9 +- scripts/gcc-plugins/randomize_layout_plugin.c | 11 +- security/integrity/iint.c | 48 ++++- security/integrity/ima/ima_api.c | 5 + security/integrity/ima/ima_main.c | 16 +- security/integrity/integrity.h | 2 + security/keys/trusted-keys/trusted_core.c | 20 +- sound/core/info.c | 21 +- sound/hda/hdac_stream.c | 6 +- sound/pci/hda/patch_realtek.c | 20 +- sound/soc/codecs/lpass-wsa-macro.c | 3 + sound/soc/ti/omap-mcbsp.c | 6 +- tools/power/x86/turbostat/turbostat.c | 3 +- tools/testing/selftests/efivarfs/create-read.c | 2 + tools/testing/selftests/resctrl/cmt_test.c | 3 - tools/testing/selftests/resctrl/mba_test.c | 2 +- tools/testing/selftests/resctrl/mbm_test.c | 2 +- 298 files changed, 2886 insertions(+), 1445 deletions(-)

1 year, 2 months

6
308
0 0

[PATCH] soc: qcom: pmic_glink_altmode: fix port sanity check

by Johan Hovold

The PMIC GLINK altmode driver currently supports at most two ports. Fix the incomplete port sanity check on notifications to avoid accessing and corrupting memory beyond the port array if we ever get a notification for an unsupported port. Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/soc/qcom/pmic_glink_altmode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index 974c14d1e0bf..561d6ba005f4 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -285,7 +285,7 @@ static void pmic_glink_altmode_sc8180xp_notify(struct pmic_glink_altmode *altmod svid = mux == 2 ? USB_TYPEC_DP_SID : 0; - if (!altmode->ports[port].altmode) { + if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) { dev_dbg(altmode->dev, "notification on undefined port %d\n", port); return; } @@ -328,7 +328,7 @@ static void pmic_glink_altmode_sc8280xp_notify(struct pmic_glink_altmode *altmod hpd_state = FIELD_GET(SC8280XP_HPD_STATE_MASK, notify->payload[8]); hpd_irq = FIELD_GET(SC8280XP_HPD_IRQ_MASK, notify->payload[8]); - if (!altmode->ports[port].altmode) { + if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) { dev_dbg(altmode->dev, "notification on undefined port %d\n", port); return; } -- 2.41.0

1 year, 2 months

5
4
0 0

[PATCH v1 1/3] x86/tdx: Check for TDX partitioning during early TDX init

by Jeremi Piotrowski

Check for additional CPUID bits to identify TDX guests running with Trust Domain (TD) partitioning enabled. TD partitioning is like nested virtualization inside the Trust Domain so there is a L1 TD VM(M) and there can be L2 TD VM(s). In this arrangement we are not guaranteed that the TDX_CPUID_LEAF_ID is visible to Linux running as an L2 TD VM. This is because a majority of TDX facilities are controlled by the L1 VMM and the L2 TDX guest needs to use TD partitioning aware mechanisms for what's left. So currently such guests do not have X86_FEATURE_TDX_GUEST set. We want the kernel to have X86_FEATURE_TDX_GUEST set for all TDX guests so we need to check these additional CPUID bits, but we skip further initialization in the function as we aren't guaranteed access to TDX module calls. Cc: <stable(a)vger.kernel.org> # v6.5+ Signed-off-by: Jeremi Piotrowski <jpiotrowski(a)linux.microsoft.com> --- arch/x86/coco/tdx/tdx.c | 29 ++++++++++++++++++++++++++--- arch/x86/include/asm/tdx.h | 3 +++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 1d6b863c42b0..c7bbbaaf654d 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -8,6 +8,7 @@ #include <linux/export.h> #include <linux/io.h> #include <asm/coco.h> +#include <asm/hyperv-tlfs.h> #include <asm/tdx.h> #include <asm/vmx.h> #include <asm/insn.h> @@ -37,6 +38,8 @@ #define TDREPORT_SUBTYPE_0 0 +bool tdx_partitioning_active; + /* Called from __tdx_hypercall() for unrecoverable failure */ noinstr void __tdx_hypercall_failed(void) { @@ -757,19 +760,38 @@ static bool tdx_enc_status_change_finish(unsigned long vaddr, int numpages, return true; } + +static bool early_is_hv_tdx_partitioning(void) +{ + u32 eax, ebx, ecx, edx; + cpuid(HYPERV_CPUID_ISOLATION_CONFIG, &eax, &ebx, &ecx, &edx); + return eax & HV_PARAVISOR_PRESENT && + (ebx & HV_ISOLATION_TYPE) == HV_ISOLATION_TYPE_TDX; +} + void __init tdx_early_init(void) { u64 cc_mask; u32 eax, sig[3]; cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &sig[0], &sig[2], &sig[1]); - - if (memcmp(TDX_IDENT, sig, sizeof(sig))) - return; + if (memcmp(TDX_IDENT, sig, sizeof(sig))) { + tdx_partitioning_active = early_is_hv_tdx_partitioning(); + if (!tdx_partitioning_active) + return; + } setup_force_cpu_cap(X86_FEATURE_TDX_GUEST); cc_vendor = CC_VENDOR_INTEL; + + /* + * Need to defer cc_mask and page visibility callback initializations + * to a TD-partitioning aware implementation. + */ + if (tdx_partitioning_active) + goto exit; + tdx_parse_tdinfo(&cc_mask); cc_set_mask(cc_mask); @@ -820,5 +842,6 @@ void __init tdx_early_init(void) */ x86_cpuinit.parallel_bringup = false; +exit: pr_info("Guest detected\n"); } diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 603e6d1e9d4a..fe22f8675859 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -52,6 +52,7 @@ bool tdx_early_handle_ve(struct pt_regs *regs); int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport); +extern bool tdx_partitioning_active; #else static inline void tdx_early_init(void) { }; @@ -71,6 +72,8 @@ static inline long tdx_kvm_hypercall(unsigned int nr, unsigned long p1, { return -ENODEV; } + +#define tdx_partitioning_active false #endif /* CONFIG_INTEL_TDX_GUEST && CONFIG_KVM_GUEST */ #endif /* !__ASSEMBLY__ */ #endif /* _ASM_X86_TDX_H */ -- 2.39.2

1 year, 2 months

5
41
0 0

[PATCH v2 3/3] arm64: dts: armada-3720-turris-mox: set irq type for RTC

by Sjoerd Simons

The rtc on the mox shares its interrupt line with the moxtet bus. Set the interrupt type to be consistent between both devices. This ensures correct setup of the interrupt line regardless of probing order. Signed-off-by: Sjoerd Simons <sjoerd(a)collabora.com> Cc: stable(a)vger.kernel.org # v6.2+ Fixes: 21aad8ba615e ("arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC") --- (no changes since v1) arch/arm64/boot/dts/marvell/armada-3720-turris-mox.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/marvell/armada-3720-turris-mox.dts b/arch/arm64/boot/dts/marvell/armada-3720-turris-mox.dts index 9eab2bb22134..805ef2d79b40 100644 --- a/arch/arm64/boot/dts/marvell/armada-3720-turris-mox.dts +++ b/arch/arm64/boot/dts/marvell/armada-3720-turris-mox.dts @@ -130,7 +130,7 @@ rtc@6f { compatible = "microchip,mcp7940x"; reg = <0x6f>; interrupt-parent = <&gpiosb>; - interrupts = <5 0>; /* GPIO2_5 */ + interrupts = <5 IRQ_TYPE_EDGE_FALLING>; /* GPIO2_5 */ }; }; -- 2.43.0

1 year, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2023