October 2024 - Linux-stable-mirror

[PATCH v2] virtio: console: Fix atomicity violation in fill_readbuf()

by Qiu-ji Chen

The atomicity violation issue is due to the invalidation of the function port_has_data()'s check caused by concurrency. Imagine a scenario where a port that contains data passes the validity check but is simultaneously assigned a value with no data. This could result in an empty port passing the validity check, potentially leading to a null pointer dereference error later in the program, which is inconsistent. To address this issue, we added a separate validity check for the variable buf after its assignment. This ensures that an invalid buf does not proceed further into the program, thereby preventing a null pointer dereference error. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: 203baab8ba31 ("virtio: console: Introduce function to hand off data from host to readers") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- V2: The logic of the fix has been modified. --- drivers/char/virtio_console.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c index c62b208b42f1..54fee192d93c 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -660,6 +660,10 @@ static ssize_t fill_readbuf(struct port *port, u8 __user *out_buf, return 0; buf = port->inbuf; + + if (!buf) + return 0; + out_count = min(out_count, buf->len - buf->offset); if (to_user) { -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH v2] PM / devfreq: Fix atomicity violation in devfreq_update_interval()

by Qiu-ji Chen

The atomicity violation occurs when the variables cur_delay and new_delay are defined. Imagine a scenario where, while defining cur_delay and new_delay, the values stored in devfreq->profile->polling_ms and the delay variable change. After acquiring the mutex_lock and entering the critical section, due to possible concurrent modifications, cur_delay and new_delay may no longer represent the correct values. Subsequent usage, such as if (cur_delay > new_delay), could cause the program to run incorrectly, resulting in inconsistencies. If the read of devfreq->profile->polling_ms is not protected by the lock, the cur_delay that enters the critical section would not store the actual old value of devfreq->profile->polling_ms, which would affect the subsequent checks like if (!cur_delay) and if (cur_delay > new_delay), potentially causing the driver to perform incorrect operations. We believe that moving the read of devfreq->profile->polling_ms inside the lock is beneficial as it ensures that cur_delay stores the true old value of devfreq->profile->polling_ms, ensuring the correctness of the later checks. To address this issue, it is recommended to acquire a lock in advance, ensuring that devfreq->profile->polling_ms and delay are protected by the lock when being read. This will help ensure the consistency of the program. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: 7e6fdd4bad03 ("PM / devfreq: Core updates to support devices which can idle") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- V2: Added some descriptions to reduce misunderstandings. Thanks to MyungJoo Ham for suggesting this improvement. --- drivers/devfreq/devfreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 98657d3b9435..9634739fc9cb 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -616,10 +616,10 @@ EXPORT_SYMBOL(devfreq_monitor_resume); */ void devfreq_update_interval(struct devfreq *devfreq, unsigned int *delay) { + mutex_lock(&devfreq->lock); unsigned int cur_delay = devfreq->profile->polling_ms; unsigned int new_delay = *delay; - mutex_lock(&devfreq->lock); devfreq->profile->polling_ms = new_delay; if (IS_SUPPORTED_FLAG(devfreq->governor->flags, IRQ_DRIVEN)) -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH v2] drm/vc4: Fix atomicity violation in vc4_crtc_send_vblank()

by Qiu-ji Chen

An atomicity violation occurs when the vc4_crtc_send_vblank function executes simultaneously with modifications to crtc->state->event. Consider a scenario where crtc->state->event is non-null, allowing it to pass the validity check. However, at the same time, crtc->state->event might be set to null. In this case, the validity check in vc4_crtc_send_vblank might act on the old crtc->state->event (before locking), allowing invalid values to pass the validity check, which could lead to a null pointer dereference. In the drm_device structure, it is mentioned: "@event_lock: Protects @vblank_event_list and event delivery in general." I believe that the validity check and the subsequent null assignment operation are part of the event delivery process, and all of these should be protected by the event_lock. If there is no lock protection before the validity check, it is possible for a null crtc->state->event to be passed into the drm_crtc_send_vblank_event() function, leading to a null pointer dereference error. We have observed its callers and found that they are from the drm_crtc_helper_funcs driver interface. We believe that functions within driver interfaces can be concurrent, potentially causing a data race on crtc->state->event. To address this issue, it is recommended to include the validity check of crtc->state and crtc->state->event within the locking section of the function. This modification ensures that the values of crtc->state->event and crtc->state do not change during the validation process, maintaining their valid conditions. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: 68e4a69aec4d ("drm/vc4: crtc: Create vblank reporting function") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- V2: The description of the patch has been modified to make it clearer. Thanks to Simona Vetter for suggesting this improvement. --- drivers/gpu/drm/vc4/vc4_crtc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_crtc.c b/drivers/gpu/drm/vc4/vc4_crtc.c index 8b5a7e5eb146..98885f519827 100644 --- a/drivers/gpu/drm/vc4/vc4_crtc.c +++ b/drivers/gpu/drm/vc4/vc4_crtc.c @@ -575,10 +575,12 @@ void vc4_crtc_send_vblank(struct drm_crtc *crtc) struct drm_device *dev = crtc->dev; unsigned long flags; - if (!crtc->state || !crtc->state->event) + spin_lock_irqsave(&dev->event_lock, flags); + if (!crtc->state || !crtc->state->event) { + spin_unlock_irqrestore(&dev->event_lock, flags); return; + } - spin_lock_irqsave(&dev->event_lock, flags); drm_crtc_send_vblank_event(crtc, crtc->state->event); crtc->state->event = NULL; spin_unlock_irqrestore(&dev->event_lock, flags); -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH 0/2] cpuidle: riscv-sbi: fix device node release in early exit of for_each_possible_cpu

by Javier Carrasco

This series releases the np device_node when it is no longer required by adding the missing calls to of_node_put() to make the fix compatible with all affected stable kernels. Then, the more robust approach via cleanup attribute is used to simplify the handling and prevent issues if the loop gets new execution paths. These issues were found while analyzing the code, and the patches have been successfully compiled, but not tested on real hardware as I don't have access to it. Any volunteering for testing is always more than welcome. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (2): cpuidle: riscv-sbi: fix device node release in early exit of for_each_possible_cpu cpuidle: riscv-sbi: use cleanup attribute for np in for_each_possible_cpu drivers/cpuidle/cpuidle-riscv-sbi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- base-commit: 6fb2fa9805c501d9ade047fc511961f3273cdcb5 change-id: 20241029-cpuidle-riscv-sbi-cleanup-e9b3cb96e16d Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

4 months, 1 week

1
1
0 0

[PATCH] Revert "cpufreq: brcmstb-avs-cpufreq: Fix initial command check"

by Colin Ian King

Currently the condition ((rc != -ENOTSUPP) || (rc != -EINVAL)) is always true because rc cannot be equal to two different values at the same time, so it must be not equal to at least one of them. Fix the original commit that introduced the issue. This reverts commit 22a26cc6a51ef73dcfeb64c50513903f6b2d53d8. Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com> --- drivers/cpufreq/brcmstb-avs-cpufreq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/cpufreq/brcmstb-avs-cpufreq.c b/drivers/cpufreq/brcmstb-avs-cpufreq.c index 5d03a295a085..2fd0f6be6fa3 100644 --- a/drivers/cpufreq/brcmstb-avs-cpufreq.c +++ b/drivers/cpufreq/brcmstb-avs-cpufreq.c @@ -474,8 +474,8 @@ static bool brcm_avs_is_firmware_loaded(struct private_data *priv) rc = brcm_avs_get_pmap(priv, NULL); magic = readl(priv->base + AVS_MBOX_MAGIC); - return (magic == AVS_FIRMWARE_MAGIC) && ((rc != -ENOTSUPP) || - (rc != -EINVAL)); + return (magic == AVS_FIRMWARE_MAGIC) && (rc != -ENOTSUPP) && + (rc != -EINVAL); } static unsigned int brcm_avs_cpufreq_get(unsigned int cpu) -- 2.39.5

4 months, 1 week

3
2
0 0

Re: [PATCH] mm/gup: restore the ability to pin more than 2GB at a time

by kernel test robot

Hi, Thanks for your patch. FYI: kernel test robot notices the stable kernel rule is not satisfied. The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opt… Rule: add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area to have the patch automatically included in the stable tree. Subject: [PATCH] mm/gup: restore the ability to pin more than 2GB at a time Link: https://lore.kernel.org/stable/20241030030116.670307-1-jhubbard%40nvidia.com -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

4 months, 1 week

2
1
0 0

[PATCH 5.15 00/80] 5.15.170-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.170 release. There are 80 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 30 Oct 2024 06:22:39 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.170-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.170-rc1 Zichen Xie <zichenxie0106(a)gmail.com> ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() Michel Alex <Alex.Michel(a)wiedemann-group.com> net: phy: dp83822: Fix reset pin definitions Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: protect uart_port_dtr_rts() in uart_shutdown() too Paul Moore <paul(a)paul-moore.com> selinux: improve error checking in sel_write_load() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event Petr Vaganov <p.vaganov(a)ideco.ru> xfrm: fix one more kernel-infoleak in algo dumping José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Aleksa Sarai <cyphar(a)cyphar.com> openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of buffer delay flag Shubham Panwar <shubiisp8(a)gmail.com> ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue Christian Heusel <christian(a)heusel.eu> ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Guard against bad data for ATIF ACPI method Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix zone unusable accounting for freed reserved extent Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update default depop procedure Andrey Shumilin <shum.sdl(a)nppct.ru> ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() Jiri Olsa <jolsa(a)kernel.org> bpf,perf: Fix perf_event_detach_bpf_prog error handling Jinjie Ruan <ruanjinjie(a)huawei.com> posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() Heiner Kallweit <hkallweit1(a)gmail.com> r8169: avoid unsolicited interrupts Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: fix use-after-free in taprio_change() Oliver Neukum <oneukum(a)suse.com> net: usb: usbnet: fix name regression Lin Ma <linma(a)zju.edu.cn> net: wwan: fix global oob in wwan_rtnl_policy Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: xtables: fix typo causing some targets not to load on IPv6 Peter Rashleigh <peter(a)rashleigh.ca> net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x Jakub Boehm <boehm.jakub(a)gmail.com> net: plip: fix break; causing plip to never transmit Wang Hai <wanghai38(a)huawei.com> be2net: fix potential memory leak in be_xmit() Wang Hai <wanghai38(a)huawei.com> net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() Eyal Birger <eyal.birger(a)gmail.com> xfrm: respect ip protocols rules criteria when performing dst lookups Eyal Birger <eyal.birger(a)gmail.com> xfrm: extract dst lookup parameters into a struct Leo Yan <leo.yan(a)arm.com> tracing: Consider the NULL character when validating the event length Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: Fix sanity check in dbMount Crag Wang <crag_wang(a)dell.com> platform/x86: dell-sysman: add support for alienware products Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string junhua huang <huang.junhua(a)zte.com.cn> arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-wmi: Ignore suspend notifications Gianfranco Trad <gianf.trad(a)gmail.com> udf: fix uninit-value use in udf_get_fileshortad Mark Rutland <mark.rutland(a)arm.com> arm64: Force position-independent veneers Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values Hans de Goede <hdegoede(a)redhat.com> drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Mateusz Guzik <mjguzik(a)gmail.com> exec: don't WARN for racy path_noexec check Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix procress reference leakage for bfqq in merge chain Roger Quadros <rogerq(a)kernel.org> usb: dwc3: core: Fix system suspend on TI AM62 platforms Frank Li <Frank.Li(a)nxp.com> XHCI: Separate PORT and CAPs macros into dedicated file Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: gadget: Add function wakeup support Nico Boehr <nrb(a)linux.ibm.com> KVM: s390: gaccess: Check if guest address is in memslot Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: gaccess: Cleanup access to guest pages Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: gaccess: Refactor access address range check Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: gaccess: Refactor gpa and length calculation Mark Rutland <mark.rutland(a)arm.com> arm64: probes: Fix uprobes for big-endian kernels junhua huang <huang.junhua(a)zte.com.cn> arm64:uprobe fix the uprobe SWBP_INSN in big-endian Ye Bin <yebin10(a)huawei.com> Bluetooth: bnep: fix wild-memory-access in proto_unregister Heiko Carstens <hca(a)linux.ibm.com> s390: Initialize psw mask in perf_arch_fetch_caller_regs() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> usb: typec: altmode should keep reference to parent Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOBs when building SMB2_IOCTL request Wang Hai <wanghai38(a)huawei.com> scsi: target: core: Fix null-ptr-deref in target_alloc_device() Eric Dumazet <edumazet(a)google.com> genetlink: hold RCU in genlmsg_mcast() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Wang Hai <wanghai38(a)huawei.com> net: systemport: fix potential memory leak in bcm_sysport_xmit() Wang Hai <wanghai38(a)huawei.com> net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() Li RongQing <lirongqing(a)baidu.com> net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid Wang Hai <wanghai38(a)huawei.com> net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() Sabrina Dubroca <sd(a)queasysnail.net> macsec: don't increment counters for an unrelated SA Colin Ian King <colin.i.king(a)gmail.com> octeontx2-af: Fix potential integer overflows on integer shifts Oliver Neukum <oneukum(a)suse.com> net: usb: usbnet: fix race in probe failure Douglas Anderson <dianders(a)chromium.org> drm/msm: Allocate memory for disp snapshot with kvzalloc() Douglas Anderson <dianders(a)chromium.org> drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation Bhargava Chenna Marreddy <bhargava.marreddy(a)broadcom.com> RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return more meaningful error Xin Long <lucien.xin(a)gmail.com> ipv4: give an IPv4 dev to blackhole_netdev Alexander Zubkov <green(a)qrator.net> RDMA/irdma: Fix misspelling of "accept*" Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP Murad Masimov <m.masimov(a)maxima.ru> ALSA: hda/cs8409: Fix possible NULL dereference Florian Klink <flokli(a)flokli.de> ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin Martin Kletzander <nert.pinx(a)gmail.com> x86/resctrl: Avoid overflow in MB settings in bw_validate() Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add a check for memory allocation Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Fix incorrect AVID type in WQE structure Florian Kauer <florian.kauer(a)linutronix.de> bpf: devmap: provide rxq after redirect Toke Høiland-Jørgensen <toke(a)redhat.com> bpf: Make sure internal and UAPI bpf_redirect flags don't overlap ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 2 +- arch/arm64/Makefile | 2 +- arch/arm64/include/asm/uprobes.h | 12 +- arch/arm64/kernel/probes/uprobes.c | 4 +- arch/s390/include/asm/perf_event.h | 1 + arch/s390/kvm/gaccess.c | 162 +++++++------ arch/s390/kvm/gaccess.h | 14 +- arch/x86/kernel/cpu/resctrl/ctrlmondata.c | 23 +- arch/x86/kvm/svm/nested.c | 6 +- block/bfq-iosched.c | 37 ++- drivers/acpi/button.c | 11 + drivers/acpi/resource.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 15 +- drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c | 19 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 2 +- drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 +- drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 21 +- drivers/infiniband/hw/cxgb4/cm.c | 9 +- drivers/infiniband/hw/irdma/cm.c | 2 +- drivers/net/dsa/mv88e6xxx/port.c | 1 + drivers/net/ethernet/aeroflex/greth.c | 3 +- drivers/net/ethernet/broadcom/bcmsysport.c | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 10 +- drivers/net/ethernet/i825xx/sun3_82586.c | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 4 +- drivers/net/ethernet/realtek/r8169_main.c | 4 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 2 + drivers/net/hyperv/netvsc_drv.c | 30 +++ drivers/net/macsec.c | 18 -- drivers/net/phy/dp83822.c | 4 +- drivers/net/plip/plip.c | 2 +- drivers/net/usb/usbnet.c | 4 +- drivers/net/wwan/wwan_core.c | 2 +- drivers/platform/x86/dell/dell-wmi-base.c | 9 + drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 1 + drivers/target/target_core_device.c | 2 +- drivers/target/target_core_user.c | 2 +- drivers/tty/serial/serial_core.c | 16 +- drivers/usb/dwc3/core.c | 19 ++ drivers/usb/dwc3/core.h | 3 + drivers/usb/gadget/composite.c | 40 ++++ drivers/usb/host/xhci-caps.h | 85 +++++++ drivers/usb/host/xhci-port.h | 176 ++++++++++++++ drivers/usb/host/xhci.h | 262 +-------------------- drivers/usb/typec/class.c | 3 + fs/btrfs/block-group.c | 2 + fs/cifs/smb2pdu.c | 9 + fs/exec.c | 21 +- fs/jfs/jfs_dmap.c | 2 +- fs/nilfs2/page.c | 6 +- fs/open.c | 2 + fs/udf/inode.c | 9 +- include/linux/usb/composite.h | 6 + include/linux/usb/gadget.h | 1 + include/net/genetlink.h | 3 +- include/net/xfrm.h | 28 ++- include/uapi/linux/bpf.h | 13 +- kernel/bpf/devmap.c | 11 +- kernel/time/posix-clock.c | 6 +- kernel/trace/bpf_trace.c | 2 - kernel/trace/trace_probe.c | 2 +- net/bluetooth/bnep/core.c | 3 +- net/core/filter.c | 8 +- net/ipv4/devinet.c | 35 ++- net/ipv4/inet_connection_sock.c | 21 +- net/ipv4/xfrm4_policy.c | 38 ++- net/ipv6/xfrm6_policy.c | 31 +-- net/l2tp/l2tp_netlink.c | 4 +- net/netfilter/xt_NFLOG.c | 2 +- net/netfilter/xt_TRACE.c | 1 + net/netfilter/xt_mark.c | 2 +- net/netlink/genetlink.c | 28 +-- net/sched/sch_taprio.c | 3 +- net/smc/smc_pnet.c | 2 +- net/wireless/nl80211.c | 8 +- net/xfrm/xfrm_device.c | 11 +- net/xfrm/xfrm_policy.c | 50 +++- net/xfrm/xfrm_user.c | 4 +- security/selinux/selinuxfs.c | 27 ++- sound/firewire/amdtp-stream.c | 3 + sound/pci/hda/patch_cs8409.c | 5 +- sound/pci/hda/patch_realtek.c | 48 ++-- sound/soc/codecs/lpass-rx-macro.c | 2 +- sound/soc/fsl/fsl_sai.c | 5 +- sound/soc/fsl/fsl_sai.h | 1 + sound/soc/qcom/lpass-cpu.c | 2 + sound/soc/qcom/sm8250.c | 1 + 91 files changed, 900 insertions(+), 643 deletions(-)

4 months, 1 week

9
88
0 0

[PATCH 6.6 000/208] 6.6.59-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.59 release. There are 208 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 30 Oct 2024 06:22:39 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.59-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.59-rc1 Linus Torvalds <torvalds(a)linux-foundation.org> task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix to zero initialize a local variable Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix unconditional fence for newer adapters Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Avoid creating fence MR for newer adapters Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the offset for GenP7 adapters for user applications Dan Carpenter <dan.carpenter(a)linaro.org> ACPI: PRM: Clean up guid type in struct prm_handler_info Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-wmi: Ignore suspend notifications Zichen Xie <zichenxie0106(a)gmail.com> ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() Niklas Cassel <cassel(a)kernel.org> ata: libata: Set DID_TIME_OUT for commands that actually timed out Xinyu Zhang <xizhang(a)purestorage.com> block: fix sanity checks in blk_rq_map_user_bvec Michel Alex <Alex.Michel(a)wiedemann-group.com> net: phy: dp83822: Fix reset pin definitions Paul Moore <paul(a)paul-moore.com> selinux: improve error checking in sel_write_load() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event Petr Vaganov <p.vaganov(a)ideco.ru> xfrm: fix one more kernel-infoleak in algo dumping Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make KASAN usable for variable cpu_vabits Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Get correct cores_per_package for SMT systems José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 Eric Biggers <ebiggers(a)google.com> ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/lam: Disable ADDRESS_MASKING in most cases Marc Zyngier <maz(a)kernel.org> KVM: arm64: Don't eagerly teardown the vgic on init error Ilkka Koskinen <ilkka(a)os.amperecomputing.com> KVM: arm64: Fix shift-out-of-bounds bug Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Aleksa Sarai <cyphar(a)cyphar.com> openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of buffer delay flag Shubham Panwar <shubiisp8(a)gmail.com> ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue Koba Ko <kobak(a)nvidia.com> ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context Christian Heusel <christian(a)heusel.eu> ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Guard against bad data for ATIF ACPI method Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix zone unusable accounting for freed reserved extent Yue Haibing <yuehaibing(a)huawei.com> btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item() liwei <liwei728(a)huawei.com> cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception Vincent Guittot <vincent.guittot(a)linaro.org> cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: Handle kstrdup failures for passwords Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update default depop procedure Yang Erkun <yangerkun(a)huaweicloud.com> nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net Yuan Can <yuancan(a)huawei.com> powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() Andrey Shumilin <shum.sdl(a)nppct.ru> ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_micfil: Add a flag to distinguish with different volume control types Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> ASoC: rsnd: Fix probe failure on HiHope boards due to endpoint parsing Colin Ian King <colin.i.king(a)gmail.com> ASoC: max98388: Fix missing increment of variable slot_found Binbin Zhou <zhoubinbin(a)loongson.cn> ASoC: loongson: Fix component check failed on FDT systems Miquel Raynal <miquel.raynal(a)bootlin.com> ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties Miquel Raynal <miquel.raynal(a)bootlin.com> ASoC: dt-bindings: davinci-mcasp: Fix interrupts property Shenghao Yang <me(a)shenghaoyang.info> net: dsa: mv88e6xxx: support 4000ps cycle counter period Shenghao Yang <me(a)shenghaoyang.info> net: dsa: mv88e6xxx: read cycle counter period from hardware Shenghao Yang <me(a)shenghaoyang.info> net: dsa: mv88e6xxx: group cycle counter coefficients Jiri Olsa <jolsa(a)kernel.org> bpf,perf: Fix perf_event_detach_bpf_prog error handling Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix UAF on iso_sock_timeout Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_sock_timeout Jinjie Ruan <ruanjinjie(a)huawei.com> posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() Heiner Kallweit <hkallweit1(a)gmail.com> r8169: avoid unsolicited interrupts Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: use RCU read-side critical section in taprio_dump() Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: fix use-after-free in taprio_change() Vladimir Oltean <vladimir.oltean(a)nxp.com> net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Remove MEM_UNINIT from skb/xdp MTU helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overloading of MEM_UNINIT's meaning Daniel Borkmann <daniel(a)iogearbox.net> bpf: Add MEM_WRITE attribute Andrei Matei <andreimatei1(a)gmail.com> bpf: Simplify checking size of helper accesses Oliver Neukum <oneukum(a)suse.com> net: usb: usbnet: fix name regression Eric Dumazet <edumazet(a)google.com> net: fix races in netdev_tx_sent_queue()/dev_watchdog() Praveen Kumar Kannoju <praveen.kannoju(a)oracle.com> net/sched: adjust device watchdog timer to detect stopped queue at right time Lin Ma <linma(a)zju.edu.cn> net: wwan: fix global oob in wwan_rtnl_policy Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: xtables: fix typo causing some targets not to load on IPv6 Aleksandr Mishin <amishin(a)t-argos.ru> fsl/fman: Fix refcount handling of fman-related devices Aleksandr Mishin <amishin(a)t-argos.ru> fsl/fman: Save device references taken in mac_probe() Peter Rashleigh <peter(a)rashleigh.ca> net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x Aleksandr Mishin <amishin(a)t-argos.ru> octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() Aleksandr Mishin <amishin(a)t-argos.ru> octeon_ep: Implement helper for iterating packets in Rx queue Jakub Boehm <boehm.jakub(a)gmail.com> net: plip: fix break; causing plip to never transmit Wang Hai <wanghai38(a)huawei.com> be2net: fix potential memory leak in be_xmit() Wang Hai <wanghai38(a)huawei.com> net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() Florian Westphal <fw(a)strlen.de> netfilter: bpf: must hold reference on net namespace Sabrina Dubroca <sd(a)queasysnail.net> xfrm: validate new SA's prefixlen using SA family when sel.family is unset Antony Antony <antony.antony(a)secunet.com> xfrm: Add Direction to the SA in or out Eyal Birger <eyal.birger(a)gmail.com> xfrm: respect ip protocols rules criteria when performing dst lookups Eyal Birger <eyal.birger(a)gmail.com> xfrm: extract dst lookup parameters into a struct Leo Yan <leo.yan(a)arm.com> tracing: Consider the NULL character when validating the event length Mikel Rychliski <mikel(a)mikelr.com> tracing/probes: Fix MAX_TRACE_ARGS limit handling Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: Fix sanity check in dbMount Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't crash in stack_top() for tasks without vDSO Crag Wang <crag_wang(a)dell.com> platform/x86: dell-sysman: add support for alienware products Pali Rohár <pali(a)kernel.org> cifs: Validate content of NFS reparse point buffer Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string Gianfranco Trad <gianf.trad(a)gmail.com> udf: fix uninit-value use in udf_get_fileshortad Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> udf: refactor inode_bmap() to handle error Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> udf: refactor udf_next_aext() to handle error Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> udf: refactor udf_current_aext() to handle error Mark Rutland <mark.rutland(a)arm.com> arm64: Force position-independent veneers Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values David Lawrence Glanzman <davidglanzman(a)yahoo.com> ASoC: amd: yc: Add quirk for HP Dragonfly pro one Hans de Goede <hdegoede(a)redhat.com> drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Mateusz Guzik <mjguzik(a)gmail.com> exec: don't WARN for racy path_noexec check Qiao Ma <mqaio(a)linux.alibaba.com> uprobe: avoid out-of-bounds memory access of fetching args Andrii Nakryiko <andrii(a)kernel.org> uprobes: prevent mutex_lock() under rcu_read_lock() Andrii Nakryiko <andrii(a)kernel.org> uprobes: prepare uprobe args buffer lazily Andrii Nakryiko <andrii(a)kernel.org> uprobes: encapsulate preparation of uprobe args buffer Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Support $argN in return probe (kprobe and fprobe) Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/fprobe-event: cleanup: Fix a wrong comment in fprobe event Roger Quadros <rogerq(a)kernel.org> usb: dwc3: core: Fix system suspend on TI AM62 platforms Frank Li <Frank.Li(a)nxp.com> XHCI: Separate PORT and CAPs macros into dedicated file Kevin Groeneveld <kgroeneveld(a)lenbrook.com> usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_uac2: fix non-newline-terminated function name Lee Jones <lee(a)kernel.org> usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: honor usb transfer size boundaries. Jiri Slaby (SUSE) <jirislaby(a)kernel.org> xhci: dbgtty: use kfifo from tty_port struct Jiri Slaby (SUSE) <jirislaby(a)kernel.org> xhci: dbgtty: remove kfifo_out() wrapper Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Yang Shi <yang(a)os.amperecomputing.com> mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point Matthew Wilcox (Oracle) <willy(a)infradead.org> khugepaged: remove hpage from collapse_file() Matthew Wilcox (Oracle) <willy(a)infradead.org> khugepaged: convert alloc_charge_hpage to alloc_charge_folio Matthew Wilcox (Oracle) <willy(a)infradead.org> khugepaged: inline hpage_collapse_alloc_folio() Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/khugepaged: use a folio more in collapse_file() Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: convert collapse_huge_page() to use a folio Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm/khugepaged: convert alloc_charge_hpage() to use folios Josh Poimboeuf <jpoimboe(a)kernel.org> cdrom: Avoid barrier_nospec() in cdrom_ioctl_media_changed() Jordan Rome <linux(a)jordanrome.com> bpf: Fix iter/task tid filtering Maurizio Lombardi <mlombard(a)redhat.com> nvme-pci: fix race condition between reset and nvme_dev_disable() William Butler <wab(a)google.com> nvme-pci: set doorbell config before unquiescing Andrea Parri <parri.andrea(a)gmail.com> riscv, bpf: Make BPF_CMPXCHG fully ordered Michal Luczaj <mhal(a)rbox.co> bpf, vsock: Drop static vsock_bpf_prot initialization Michal Luczaj <mhal(a)rbox.co> vsock: Update msg_count on read_skb() Michal Luczaj <mhal(a)rbox.co> vsock: Update rx_bytes on read_skb() Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Unregister notifier on eswitch init failure Shay Drory <shayd(a)nvidia.com> net/mlx5: Fix command bitmask initialization Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Check for invalid vector index on EQ creation Daniel Borkmann <daniel(a)iogearbox.net> vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Ye Bin <yebin10(a)huawei.com> Bluetooth: bnep: fix wild-memory-access in proto_unregister Tyrone Wu <wudevelops(a)gmail.com> bpf: Fix link info netfilter flags to populate defrag flag Heiko Carstens <hca(a)linux.ibm.com> s390: Initialize psw mask in perf_arch_fetch_caller_regs() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> usb: typec: altmode should keep reference to parent Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOBs when building SMB2_IOCTL request Su Hui <suhui(a)nfschina.com> smb: client: fix possible double free in smb2_set_ea() Wang Hai <wanghai38(a)huawei.com> scsi: target: core: Fix null-ptr-deref in target_alloc_device() Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: ravb: Only advertise Rx/Tx timestamps if hardware supports it Gal Pressman <gal(a)nvidia.com> ravb: Remove setting of RX software timestamp Eric Dumazet <edumazet(a)google.com> genetlink: hold RCU in genlmsg_mcast() Peter Rashleigh <peter(a)rashleigh.ca> net: dsa: mv88e6xxx: Fix the max_vid definition for the MV88E6361 Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Wang Hai <wanghai38(a)huawei.com> net: bcmasp: fix potential memory leak in bcmasp_xmit() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: don't always program merge_3d block Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> irqchip/renesas-rzg2l: Fix missing put_device Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Add support for suspend to RAM Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Document structure members Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Align struct member names to tabs Wang Hai <wanghai38(a)huawei.com> net: systemport: fix potential memory leak in bcm_sysport_xmit() Dimitar Kanaliev <dimitar.kanaliev(a)siteground.com> bpf: Fix truncation bug in coerce_reg_to_size_sx() Wang Hai <wanghai38(a)huawei.com> net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() Li RongQing <lirongqing(a)baidu.com> net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid Wang Hai <wanghai38(a)huawei.com> net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() Eric Dumazet <edumazet(a)google.com> netdevsim: use cond_resched() in nsim_dev_trap_report_work() Sabrina Dubroca <sd(a)queasysnail.net> macsec: don't increment counters for an unrelated SA Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring Colin Ian King <colin.i.king(a)gmail.com> octeontx2-af: Fix potential integer overflows on integer shifts Paritosh Dixit <paritoshd(a)nvidia.com> net: stmmac: dwmac-tegra: Fix link bring-up sequence Oliver Neukum <oneukum(a)suse.com> net: usb: usbnet: fix race in probe failure Kai Shen <KaiShen(a)linux.alibaba.com> net/smc: Fix memory leak when using percpu refs Justin Chen <justin.chen(a)broadcom.com> firmware: arm_scmi: Queue in scmi layer for mailbox implementation Douglas Anderson <dianders(a)chromium.org> drm/msm: Allocate memory for disp snapshot with kvzalloc() Douglas Anderson <dianders(a)chromium.org> drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: improve/fix dsc pclk calculation Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: make sure phys resources are properly initialized Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Fix the for loop used to walk SG table Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix the GID table length Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Update the BAR offsets Bhargava Chenna Marreddy <bhargava.marreddy(a)broadcom.com> RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return more meaningful error Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix out of bound check Abhishek Mohapatra <abhishek.mohapatra(a)broadcom.com> RDMA/bnxt_re: Fix the max CQ WQEs for older adapters Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Support new 5760X P7 devices Xin Long <lucien.xin(a)gmail.com> ipv4: give an IPv4 dev to blackhole_netdev Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Make slab cache names unique Alexander Zubkov <green(a)qrator.net> RDMA/irdma: Fix misspelling of "accept*" Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP Su Hui <suhui(a)nfschina.com> firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() Murad Masimov <m.masimov(a)maxima.ru> ALSA: hda/cs8409: Fix possible NULL dereference Waiman Long <longman(a)redhat.com> sched/core: Disable page allocation in task_tick_mm_cid() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> task_work: Add TWA_NMI_CURRENT as an additional notify mode. Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix cross-compiling urandom_read Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: frequency: {admv4420,adrf6780}: format Kconfig entries Toke Høiland-Jørgensen <toke(a)redhat.com> bpf: fix kfunc btf caching for modules Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Handle PCI error codes other than 0x3a Tyrone Wu <wudevelops(a)gmail.com> selftests/bpf: fix perf_event link info name_len assertion Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Add cookies check for perf_event fill_link_info test Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Use bpf_link__destroy in fill_link_info tests Tyrone Wu <wudevelops(a)gmail.com> bpf: fix unpopulated name_len field in perf_event link info Jiri Olsa <jolsa(a)kernel.org> bpf: Add cookie to perf_event bpf_link_info records Jiri Olsa <jolsa(a)kernel.org> bpf: Add missed value to kprobe perf link info Florian Klink <flokli(a)flokli.de> ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin Martin Kletzander <nert.pinx(a)gmail.com> x86/resctrl: Avoid overflow in MB settings in bw_validate() Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/core: Fix ENODEV error for iWARP test over vlan Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add a check for memory allocation Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Fix incorrect AVID type in WQE structure Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix a possible memory leak Jiri Olsa <jolsa(a)kernel.org> bpf: Fix memory leak in bpf_core_apply Timo Grautstueck <timo.grautstueck(a)web.de> lib/Kconfig.debug: fix grammar in RUST_BUILD_ASSERT_ALLOW Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems Florian Kauer <florian.kauer(a)linutronix.de> bpf: devmap: provide rxq after redirect Toke Høiland-Jørgensen <toke(a)redhat.com> bpf: Make sure internal and UAPI bpf_redirect flags don't overlap Mikhail Lobanov <m.lobanov(a)rosalinux.ru> iio: accel: bma400: Fix uninitialized variable field_value in tap event handling. ------------- Diffstat: .../bindings/sound/davinci-mcasp-audio.yaml | 18 +- Makefile | 4 +- arch/arm/boot/dts/broadcom/bcm2837-rpi-cm3-io3.dts | 2 +- arch/arm64/Makefile | 2 +- arch/arm64/kvm/arm.c | 3 + arch/arm64/kvm/sys_regs.c | 2 +- arch/arm64/kvm/vgic/vgic-init.c | 6 +- arch/loongarch/include/asm/bootinfo.h | 4 + arch/loongarch/include/asm/kasan.h | 2 +- arch/loongarch/kernel/process.c | 14 +- arch/loongarch/kernel/setup.c | 3 +- arch/loongarch/kernel/traps.c | 5 + arch/riscv/net/bpf_jit_comp64.c | 4 +- arch/s390/include/asm/perf_event.h | 1 + arch/s390/pci/pci_event.c | 17 +- arch/x86/Kconfig | 1 + arch/x86/kernel/cpu/resctrl/ctrlmondata.c | 23 +- arch/x86/kvm/svm/nested.c | 6 +- block/blk-map.c | 4 +- drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 6 +- drivers/acpi/button.c | 11 + drivers/acpi/cppc_acpi.c | 116 +++++++++ drivers/acpi/prmt.c | 29 ++- drivers/acpi/resource.c | 7 + drivers/ata/libata-eh.c | 1 + drivers/cdrom/cdrom.c | 2 +- drivers/cpufreq/amd-pstate.c | 10 + drivers/cpufreq/cppc_cpufreq.c | 139 ++--------- drivers/firmware/arm_scmi/driver.c | 4 +- drivers/firmware/arm_scmi/mailbox.c | 32 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 5 +- .../drm/amd/display/modules/power/power_helpers.c | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 17 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 9 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 2 +- drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c | 19 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 4 +- drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 +- drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 4 + drivers/iio/accel/bma400_core.c | 3 +- drivers/iio/adc/Kconfig | 2 + drivers/iio/frequency/Kconfig | 31 +-- drivers/infiniband/core/addr.c | 2 + drivers/infiniband/hw/bnxt_re/hw_counters.c | 6 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 48 ++-- drivers/infiniband/hw/bnxt_re/main.c | 42 ++-- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 23 +- drivers/infiniband/hw/bnxt_re/qplib_res.h | 20 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 22 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 1 + drivers/infiniband/hw/cxgb4/cm.c | 9 +- drivers/infiniband/hw/irdma/cm.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 80 ++++++- drivers/irqchip/irq-renesas-rzg2l.c | 94 ++++++-- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.h | 6 +- drivers/net/dsa/mv88e6xxx/port.c | 1 + drivers/net/dsa/mv88e6xxx/ptp.c | 108 ++++++--- drivers/net/ethernet/aeroflex/greth.c | 3 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 1 + drivers/net/ethernet/broadcom/bcmsysport.c | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 10 +- drivers/net/ethernet/freescale/fman/mac.c | 68 ++++-- drivers/net/ethernet/freescale/fman/mac.h | 6 +- drivers/net/ethernet/i825xx/sun3_82586.c | 1 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 82 +++++-- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 4 +- drivers/net/ethernet/renesas/ravb_main.c | 25 +- drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c | 18 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 2 + drivers/net/hyperv/netvsc_drv.c | 30 +++ drivers/net/macsec.c | 18 -- drivers/net/netdevsim/dev.c | 15 +- drivers/net/phy/dp83822.c | 4 +- drivers/net/plip/plip.c | 2 +- drivers/net/usb/usbnet.c | 4 +- drivers/net/vmxnet3/vmxnet3_xdp.c | 2 +- drivers/net/wwan/wwan_core.c | 2 +- drivers/nvme/host/pci.c | 21 +- drivers/platform/x86/dell/dell-wmi-base.c | 9 + drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 1 + drivers/powercap/dtpm_devfreq.c | 2 +- drivers/target/target_core_device.c | 2 +- drivers/target/target_core_user.c | 2 +- drivers/usb/dwc3/core.c | 19 ++ drivers/usb/dwc3/core.h | 3 + drivers/usb/gadget/function/f_uac2.c | 13 +- drivers/usb/host/xhci-caps.h | 85 +++++++ drivers/usb/host/xhci-dbgcap.h | 2 +- drivers/usb/host/xhci-dbgtty.c | 71 ++++-- drivers/usb/host/xhci-port.h | 176 ++++++++++++++ drivers/usb/host/xhci.h | 262 +-------------------- drivers/usb/typec/class.c | 3 + fs/btrfs/block-group.c | 2 + fs/btrfs/dir-item.c | 4 +- fs/btrfs/inode.c | 7 +- fs/exec.c | 21 +- fs/jfs/jfs_dmap.c | 2 +- fs/nfsd/nfs4state.c | 2 +- fs/nilfs2/page.c | 6 +- fs/open.c | 2 + fs/smb/client/fs_context.c | 7 + fs/smb/client/reparse.c | 23 ++ fs/smb/client/smb2ops.c | 3 +- fs/smb/client/smb2pdu.c | 9 + fs/udf/balloc.c | 38 ++- fs/udf/directory.c | 23 +- fs/udf/inode.c | 202 ++++++++++------ fs/udf/partition.c | 6 +- fs/udf/super.c | 3 +- fs/udf/truncate.c | 43 +++- fs/udf/udfdecl.h | 15 +- include/acpi/cppc_acpi.h | 2 + include/linux/bpf.h | 14 +- include/linux/memcontrol.h | 14 -- include/linux/netdevice.h | 12 + include/linux/task_work.h | 6 +- include/linux/trace_events.h | 6 +- include/net/bluetooth/bluetooth.h | 1 + include/net/genetlink.h | 3 +- include/net/sock.h | 5 + include/net/xfrm.h | 29 ++- include/trace/events/huge_memory.h | 10 +- include/uapi/linux/bpf.h | 20 +- include/uapi/linux/xfrm.h | 6 + kernel/bpf/btf.c | 1 + kernel/bpf/devmap.c | 11 +- kernel/bpf/helpers.c | 10 +- kernel/bpf/ringbuf.c | 2 +- kernel/bpf/syscall.c | 49 ++-- kernel/bpf/task_iter.c | 2 +- kernel/bpf/verifier.c | 99 ++++---- kernel/sched/core.c | 4 +- kernel/task_work.c | 41 +++- kernel/time/posix-clock.c | 6 +- kernel/trace/bpf_trace.c | 11 +- kernel/trace/trace.c | 1 + kernel/trace/trace_eprobe.c | 15 +- kernel/trace/trace_fprobe.c | 65 +++-- kernel/trace/trace_kprobe.c | 78 ++++-- kernel/trace/trace_probe.c | 189 +++++++++++++-- kernel/trace/trace_probe.h | 30 ++- kernel/trace/trace_probe_tmpl.h | 10 +- kernel/trace/trace_uprobe.c | 114 +++++---- lib/Kconfig.debug | 2 +- mm/khugepaged.c | 127 +++++----- net/bluetooth/af_bluetooth.c | 22 ++ net/bluetooth/bnep/core.c | 3 +- net/bluetooth/iso.c | 18 +- net/bluetooth/sco.c | 18 +- net/core/filter.c | 50 ++-- net/core/sock_map.c | 8 + net/ipv4/devinet.c | 35 ++- net/ipv4/inet_connection_sock.c | 21 +- net/ipv4/xfrm4_policy.c | 38 ++- net/ipv6/xfrm6_policy.c | 31 +-- net/l2tp/l2tp_netlink.c | 4 +- net/netfilter/nf_bpf_link.c | 7 +- net/netfilter/xt_NFLOG.c | 2 +- net/netfilter/xt_TRACE.c | 1 + net/netfilter/xt_mark.c | 2 +- net/netlink/genetlink.c | 28 +-- net/sched/act_api.c | 23 +- net/sched/sch_generic.c | 17 +- net/sched/sch_taprio.c | 21 +- net/smc/smc_pnet.c | 2 +- net/smc/smc_wr.c | 6 +- net/vmw_vsock/virtio_transport_common.c | 14 +- net/vmw_vsock/vsock_bpf.c | 8 - net/wireless/nl80211.c | 8 +- net/xfrm/xfrm_compat.c | 7 +- net/xfrm/xfrm_device.c | 17 +- net/xfrm/xfrm_policy.c | 50 +++- net/xfrm/xfrm_replay.c | 3 +- net/xfrm/xfrm_state.c | 8 + net/xfrm/xfrm_user.c | 148 +++++++++++- security/selinux/selinuxfs.c | 30 +-- sound/firewire/amdtp-stream.c | 3 + sound/pci/hda/Kconfig | 2 +- sound/pci/hda/patch_cs8409.c | 5 +- sound/pci/hda/patch_realtek.c | 48 ++-- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/lpass-rx-macro.c | 2 +- sound/soc/codecs/max98388.c | 1 + sound/soc/fsl/fsl_micfil.c | 43 +++- sound/soc/fsl/fsl_sai.c | 5 +- sound/soc/fsl/fsl_sai.h | 1 + sound/soc/loongson/loongson_card.c | 1 + sound/soc/qcom/lpass-cpu.c | 2 + sound/soc/qcom/sm8250.c | 1 + sound/soc/sh/rcar/core.c | 7 +- tools/include/uapi/linux/bpf.h | 7 + tools/testing/selftests/bpf/Makefile | 2 +- .../selftests/bpf/prog_tests/fill_link_info.c | 69 ++++-- .../bpf/progs/verifier_helper_value_access.c | 8 +- .../selftests/bpf/progs/verifier_raw_stack.c | 2 +- .../ftrace/test.d/dynevent/fprobe_syntax_errors.tc | 4 + .../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 2 + 208 files changed, 2889 insertions(+), 1471 deletions(-)

4 months, 1 week

14
223
0 0

[PATCH 6.11 000/261] 6.11.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.6 release. There are 261 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 30 Oct 2024 06:22:39 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.6-rc1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: qcom: Select missing common Soundwire module code on SDM845 Dan Carpenter <dan.carpenter(a)linaro.org> ACPI: PRM: Clean up guid type in struct prm_handler_info Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-wmi: Ignore suspend notifications Linus Torvalds <torvalds(a)linux-foundation.org> x86: fix user address masking non-canonical speculation issue Linus Torvalds <torvalds(a)linux-foundation.org> x86: fix whitespace in runtime-const assembler output Linus Torvalds <torvalds(a)linux-foundation.org> x86: support user address masking instead of non-speculative conditional Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> soundwire: intel_ace2x: Send PDI stream number during prepare Dominique Martinet <asmadeus(a)codewreck.org> Revert "fs/9p: simplify iget to remove unnecessary paths" Dominique Martinet <asmadeus(a)codewreck.org> Revert "fs/9p: fix uaf in in v9fs_stat2inode_dotl" Dominique Martinet <asmadeus(a)codewreck.org> Revert "fs/9p: remove redundant pointer v9ses" Dominique Martinet <asmadeus(a)codewreck.org> Revert " fs/9p: mitigate inode collisions" Zichen Xie <zichenxie0106(a)gmail.com> ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sdm845: add missing soundwire runtime stream alloc Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Benjamin Bara <benjamin.bara(a)skidata.com> ASoC: dapm: avoid container_of() to get component Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: ipc4-topology: Do not set ALH node_id for aggregated DAIs Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: Intel: hda: Always clean up link DMA during stop Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: Intel: hda: Handle prepare without close for non-HDA DAI's Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: Intel: hda-loader: do not wait for HDaudio IOC Niklas Cassel <cassel(a)kernel.org> ata: libata: Set DID_TIME_OUT for commands that actually timed out Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: temp w/a for DP Link Layer compliance Xinyu Zhang <xizhang(a)purestorage.com> block: fix sanity checks in blk_rq_map_user_bvec Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix race between laundromat and free_stateid Michel Alex <Alex.Michel(a)wiedemann-group.com> net: phy: dp83822: Fix reset pin definitions Steven Rostedt <rostedt(a)goodmis.org> fgraph: Change the name of cpuhp state to "fgraph:online" Li Huafei <lihuafei1(a)huawei.com> fgraph: Fix missing unlock in register_ftrace_graph() Vamsi Krishna Brahmajosyula <vamsikrishna.brahmajosyula(a)gmail.com> platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Abel Vesa <abel.vesa(a)linaro.org> drm/bridge: Fix assignment of the of_node of the parent to aux bridge Yu Kuai <yukuai3(a)huawei.com> md/raid10: fix null ptr dereference in raid10_size() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event Petr Vaganov <p.vaganov(a)ideco.ru> xfrm: fix one more kernel-infoleak in algo dumping Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make KASAN usable for variable cpu_vabits Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Get correct cores_per_package for SMT systems José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 Eric Biggers <ebiggers(a)google.com> ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE Ashish Kalra <ashish.kalra(a)amd.com> x86/sev: Ensure that RMP table fixups are reserved Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/lam: Disable ADDRESS_MASKING in most cases Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: fix invalid port index for parent device Marc Zyngier <maz(a)kernel.org> KVM: arm64: Don't eagerly teardown the vgic on init error Ilkka Koskinen <ilkka(a)os.amperecomputing.com> KVM: arm64: Fix shift-out-of-bounds bug Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Unregister redistributor for failed vCPU creation Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Aleksa Sarai <cyphar(a)cyphar.com> openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) Darrick J. Wong <djwong(a)kernel.org> xfs: don't fail repairs on metadata files with no attr fork Christian Brauner <brauner(a)kernel.org> fs: don't try and remove empty rbtree node Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of buffer delay flag Shubham Panwar <shubiisp8(a)gmail.com> ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue Koba Ko <kobak(a)nvidia.com> ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context Christian Heusel <christian(a)heusel.eu> ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Guard against bad data for ATIF ACPI method Boris Burkov <boris(a)bur.io> btrfs: fix read corruption due to race with extent map merging Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix zone unusable accounting for freed reserved extent Qu Wenruo <wqu(a)suse.com> btrfs: reject ro->rw reconfiguration if there are hard ro requirements Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> perf/x86/rapl: Fix the energy-pkg event for AMD CPUs Richard Gong <richard.gong(a)amd.com> x86/amd_nb: Add new PCI ID for AMD family 1Ah model 20h Richard Gong <richard.gong(a)amd.com> x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h-70h Yue Haibing <yuehaibing(a)huawei.com> btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item() Filipe Manana <fdmanana(a)suse.com> btrfs: clear force-compress on remount when compress mount option is given Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: set a more sane default value for subtree drop threshold liwei <liwei728(a)huawei.com> cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> PCI/pwrctl: Abandon QCom WCN probe on pre-pwrseq device-trees Konrad Dybcio <konradybcio(a)kernel.org> PCI/pwrctl: Add WCN6855 support Ye Bin <yebin10(a)huawei.com> cifs: fix warning when destroy 'cifs_io_request_pool' Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: Handle kstrdup failures for passwords Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update default depop procedure Yang Erkun <yangerkun(a)huaweicloud.com> nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net Yuan Can <yuancan(a)huawei.com> powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() Arnd Bergmann <arnd(a)arndb.de> fbdev: wm8505fb: select CONFIG_FB_IOMEM_FOPS Andrey Shumilin <shum.sdl(a)nppct.ru> ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_micfil: Add a flag to distinguish with different volume control types Amir Goldstein <amir73il(a)gmail.com> fuse: update inode size after extending passthrough write Amir Goldstein <amir73il(a)gmail.com> fs: pass offset and result to backing_file end_write() callback Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> PCI: Hold rescan lock while adding devices during host probe Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> ASoC: rsnd: Fix probe failure on HiHope boards due to endpoint parsing Colin Ian King <colin.i.king(a)gmail.com> ASoC: max98388: Fix missing increment of variable slot_found Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Bump minimal topology ABI version Binbin Zhou <zhoubinbin(a)loongson.cn> ASoC: loongson: Fix component check failed on FDT systems Miquel Raynal <miquel.raynal(a)bootlin.com> ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties Miquel Raynal <miquel.raynal(a)bootlin.com> ASoC: dt-bindings: davinci-mcasp: Fix interrupts property Hou Tao <houtao1(a)huawei.com> bpf: Add the missing BPF_LINK_TYPE invocation for sockmap Shenghao Yang <me(a)shenghaoyang.info> net: dsa: mv88e6xxx: support 4000ps cycle counter period Shenghao Yang <me(a)shenghaoyang.info> net: dsa: mv88e6xxx: read cycle counter period from hardware Shenghao Yang <me(a)shenghaoyang.info> net: dsa: mv88e6xxx: group cycle counter coefficients Tim Harvey <tharvey(a)gateworks.com> net: dsa: microchip: disable EEE for KSZ879x/KSZ877x/KSZ876x Andrii Nakryiko <andrii(a)kernel.org> bpf: fix do_misc_fixups() for bpf_get_branch_snapshot() Jiri Olsa <jolsa(a)kernel.org> bpf,perf: Fix perf_event_detach_bpf_prog error handling Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix UAF on iso_sock_timeout Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_sock_timeout Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Disable works on hci_unregister_dev Jinjie Ruan <ruanjinjie(a)huawei.com> posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() Heiner Kallweit <hkallweit1(a)gmail.com> r8169: avoid unsolicited interrupts Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: use RCU read-side critical section in taprio_dump() Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: fix use-after-free in taprio_change() Vladimir Oltean <vladimir.oltean(a)nxp.com> net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Remove MEM_UNINIT from skb/xdp MTU helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overloading of MEM_UNINIT's meaning Daniel Borkmann <daniel(a)iogearbox.net> bpf: Add MEM_WRITE attribute Hou Tao <houtao1(a)huawei.com> bpf: Preserve param->string when parsing mount options Oliver Neukum <oneukum(a)suse.com> net: usb: usbnet: fix name regression Yuan Can <yuancan(a)huawei.com> mlxsw: spectrum_router: fix xa_store() error checking Michael S. Tsirkin <mst(a)redhat.com> virtio_net: fix integer overflow in stats Eric Dumazet <edumazet(a)google.com> net: fix races in netdev_tx_sent_queue()/dev_watchdog() Lin Ma <linma(a)zju.edu.cn> net: wwan: fix global oob in wwan_rtnl_policy Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: xtables: fix typo causing some targets not to load on IPv6 Aleksandr Mishin <amishin(a)t-argos.ru> fsl/fman: Fix refcount handling of fman-related devices Aleksandr Mishin <amishin(a)t-argos.ru> fsl/fman: Save device references taken in mac_probe() Peter Collingbourne <pcc(a)google.com> bpf, arm64: Fix address emission with tag-based KASAN enabled Peter Rashleigh <peter(a)rashleigh.ca> net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x Aleksandr Mishin <amishin(a)t-argos.ru> octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() Aleksandr Mishin <amishin(a)t-argos.ru> octeon_ep: Implement helper for iterating packets in Rx queue Vadim Fedorenko <vadim.fedorenko(a)linux.dev> bnxt_en: replace ptp_lock with irqsave variant Jakub Boehm <boehm.jakub(a)gmail.com> net: plip: fix break; causing plip to never transmit Wang Hai <wanghai38(a)huawei.com> be2net: fix potential memory leak in be_xmit() Wang Hai <wanghai38(a)huawei.com> net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix out of bound for loop Florian Westphal <fw(a)strlen.de> netfilter: bpf: must hold reference on net namespace Sabrina Dubroca <sd(a)queasysnail.net> xfrm: validate new SA's prefixlen using SA family when sel.family is unset Eyal Birger <eyal.birger(a)gmail.com> xfrm: respect ip protocols rules criteria when performing dst lookups Eyal Birger <eyal.birger(a)gmail.com> xfrm: extract dst lookup parameters into a struct Leo Yan <leo.yan(a)arm.com> tracing: Consider the NULL character when validating the event length Mikel Rychliski <mikel(a)mikelr.com> tracing/probes: Fix MAX_TRACE_ARGS limit handling Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: Fix sanity check in dbMount Viktor Malik <vmalik(a)redhat.com> objpool: fix choosing allocation for percpu slots Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't crash in stack_top() for tasks without vDSO Crag Wang <crag_wang(a)dell.com> platform/x86: dell-sysman: add support for alienware products Pali Rohár <pali(a)kernel.org> cifs: Validate content of NFS reparse point buffer Gustavo Sousa <gustavo.sousa(a)intel.com> drm/xe/mcr: Use Xe2_LPM steering tables for Xe2_HPM Jan Kara <jack(a)suse.cz> fsnotify: Avoid data race between fsnotify_recalc_mask() and fsnotify_object_watched() Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string Gianfranco Trad <gianf.trad(a)gmail.com> udf: fix uninit-value use in udf_get_fileshortad Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> udf: refactor inode_bmap() to handle error Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> udf: refactor udf_next_aext() to handle error Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> udf: refactor udf_current_aext() to handle error Mark Rutland <mark.rutland(a)arm.com> arm64: Force position-independent veneers Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values David Lawrence Glanzman <davidglanzman(a)yahoo.com> ASoC: amd: yc: Add quirk for HP Dragonfly pro one Hans de Goede <hdegoede(a)redhat.com> drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Qiao Ma <mqaio(a)linux.alibaba.com> uprobe: avoid out-of-bounds memory access of fetching args Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: honor usb transfer size boundaries. Jiri Slaby (SUSE) <jirislaby(a)kernel.org> xhci: dbgtty: use kfifo from tty_port struct Jiri Slaby (SUSE) <jirislaby(a)kernel.org> xhci: dbgtty: remove kfifo_out() wrapper Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig David Hildenbrand <david(a)redhat.com> mm: don't install PMD mappings when THPs are disabled by the hw/process/vma Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw() Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: shmem: move shmem_huge_global_enabled() into shmem_allowable_huge_orders() Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: shmem: rename shmem_is_huge() to shmem_huge_global_enabled() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Allocate ret_stack_list with proper size Josh Poimboeuf <jpoimboe(a)kernel.org> cdrom: Avoid barrier_nospec() in cdrom_ioctl_media_changed() Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix print_reg_state's constant scalar dump Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix incorrect delta propagation between linked registers Jordan Rome <linux(a)jordanrome.com> bpf: Fix iter/task tid filtering Maurizio Lombardi <mlombard(a)redhat.com> nvme-pci: fix race condition between reset and nvme_dev_disable() Andrea Parri <parri.andrea(a)gmail.com> riscv, bpf: Make BPF_CMPXCHG fully ordered Michal Luczaj <mhal(a)rbox.co> bpf, vsock: Drop static vsock_bpf_prot initialization Michal Luczaj <mhal(a)rbox.co> vsock: Update msg_count on read_skb() Michal Luczaj <mhal(a)rbox.co> vsock: Update rx_bytes on read_skb() Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Don't call cleanup on profile rollback failure Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Unregister notifier on eswitch init failure Shay Drory <shayd(a)nvidia.com> net/mlx5: Fix command bitmask initialization Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Check for invalid vector index on EQ creation Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init Daniel Borkmann <daniel(a)iogearbox.net> vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Ye Bin <yebin10(a)huawei.com> Bluetooth: bnep: fix wild-memory-access in proto_unregister Tyrone Wu <wudevelops(a)gmail.com> bpf: Fix link info netfilter flags to populate defrag flag Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use bookkeep slots for external BO's in exec IOCTL Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't free job in TDR Matthew Brost <matthew.brost(a)intel.com> drm/xe: Take job list lock in xe_sched_add_pending_job Matthew Auld <matthew.auld(a)intel.com> drm/xe: fix unbalanced rpm put() with declare_wedged() Matthew Auld <matthew.auld(a)intel.com> drm/xe: fix unbalanced rpm put() with fence_fini() Heiko Carstens <hca(a)linux.ibm.com> s390: Initialize psw mask in perf_arch_fetch_caller_regs() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> usb: typec: altmode should keep reference to parent Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOBs when building SMB2_IOCTL request Su Hui <suhui(a)nfschina.com> smb: client: fix possible double free in smb2_set_ea() Wang Hai <wanghai38(a)huawei.com> scsi: target: core: Fix null-ptr-deref in target_alloc_device() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: vsc73xx: fix reception from VLAN-unaware bridges Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: ravb: Only advertise Rx/Tx timestamps if hardware supports it Gal Pressman <gal(a)nvidia.com> ravb: Remove setting of RX software timestamp Eric Dumazet <edumazet(a)google.com> genetlink: hold RCU in genlmsg_mcast() Peter Rashleigh <peter(a)rashleigh.ca> net: dsa: mv88e6xxx: Fix the max_vid definition for the MV88E6361 Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Rob Clark <robdclark(a)chromium.org> drm/msm/a6xx+: Insert a fence wait before SMMU table update Wang Hai <wanghai38(a)huawei.com> net: bcmasp: fix potential memory leak in bcmasp_xmit() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: don't always program merge_3d block Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Don't always set merge_3d pending flush Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> irqchip/renesas-rzg2l: Fix missing put_device Wang Hai <wanghai38(a)huawei.com> net: systemport: fix potential memory leak in bcm_sysport_xmit() Dimitar Kanaliev <dimitar.kanaliev(a)siteground.com> bpf: Fix truncation bug in coerce_reg_to_size_sx() Wang Hai <wanghai38(a)huawei.com> net: ethernet: rtsn: fix potential memory leak in rtsn_start_xmit() Wang Hai <wanghai38(a)huawei.com> net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() Li RongQing <lirongqing(a)baidu.com> net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid Wang Hai <wanghai38(a)huawei.com> net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() Eric Dumazet <edumazet(a)google.com> netdevsim: use cond_resched() in nsim_dev_trap_report_work() Sabrina Dubroca <sd(a)queasysnail.net> macsec: don't increment counters for an unrelated SA Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Fix reader locking when changing the sub buffer order Colin Ian King <colin.i.king(a)gmail.com> octeontx2-af: Fix potential integer overflows on integer shifts Paritosh Dixit <paritoshd(a)nvidia.com> net: stmmac: dwmac-tegra: Fix link bring-up sequence Oliver Neukum <oneukum(a)suse.com> net: usb: usbnet: fix race in probe failure Jean Delvare <jdelvare(a)suse.de> [PATCH} hwmon: (jc42) Properly detect TSE2004-compliant devices again Kai Shen <KaiShen(a)linux.alibaba.com> net/smc: Fix memory leak when using percpu refs Justin Chen <justin.chen(a)broadcom.com> firmware: arm_scmi: Queue in scmi layer for mailbox implementation Douglas Anderson <dianders(a)chromium.org> drm/msm: Allocate memory for disp snapshot with kvzalloc() Douglas Anderson <dianders(a)chromium.org> drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: improve/fix dsc pclk calculation Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: make sure phys resources are properly initialized Cong Yang <yangcong5(a)huaqin.corp-partner.google.com> drm/panel: himax-hx83102: Adjust power and gamma to optimize brightness Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Fix the for loop used to walk SG table Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix the GID table length Bhargava Chenna Marreddy <bhargava.marreddy(a)broadcom.com> RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Chandramohan Akula <chandramohan.akula(a)broadcom.com> RDMA/bnxt_re: Change the sequence of updating the CQ toggle value Hongguang Gao <hongguang.gao(a)broadcom.com> RDMA/bnxt_re: Get the toggle bits from SRQ events Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return more meaningful error Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix incorrect dereference of srq in async event Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix out of bound check Abhishek Mohapatra <abhishek.mohapatra(a)broadcom.com> RDMA/bnxt_re: Fix the max CQ WQEs for older adapters Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix source port register when mirroring Xin Long <lucien.xin(a)gmail.com> ipv4: give an IPv4 dev to blackhole_netdev Breno Leitao <leitao(a)debian.org> elevator: Remove argument from elevator_find_get Breno Leitao <leitao(a)debian.org> elevator: do not request_module if elevator exists Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Make slab cache names unique Alexander Zubkov <green(a)qrator.net> RDMA/irdma: Fix misspelling of "accept*" Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP Su Hui <suhui(a)nfschina.com> firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() Murad Masimov <m.masimov(a)maxima.ru> ALSA: hda/cs8409: Fix possible NULL dereference Waiman Long <longman(a)redhat.com> sched/core: Disable page allocation in task_tick_mm_cid() Tyrone Wu <wudevelops(a)gmail.com> bpf: Fix unpopulated path_size when uprobe_multi fields unset Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix cross-compiling urandom_read Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: frequency: {admv4420,adrf6780}: format Kconfig entries Toke Høiland-Jørgensen <toke(a)redhat.com> bpf: fix kfunc btf caching for modules Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Handle PCI error codes other than 0x3a Pu Lehui <pulehui(a)huawei.com> riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled Tyrone Wu <wudevelops(a)gmail.com> selftests/bpf: fix perf_event link info name_len assertion Tyrone Wu <wudevelops(a)gmail.com> bpf: fix unpopulated name_len field in perf_event link info Hou Tao <houtao1(a)huawei.com> bpf: Check the remaining info_cnt before repeating btf fields Yao Zi <ziyao(a)disroot.org> clk: rockchip: fix finding of maximum clock ID Florian Klink <flokli(a)flokli.de> ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin Martin Kletzander <nert.pinx(a)gmail.com> x86/resctrl: Avoid overflow in MB settings in bw_validate() Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/core: Fix ENODEV error for iWARP test over vlan Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add a check for memory allocation Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Fix incorrect AVID type in WQE structure Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix a possible memory leak Jiri Olsa <jolsa(a)kernel.org> bpf: Fix memory leak in bpf_core_apply Timo Grautstueck <timo.grautstueck(a)web.de> lib/Kconfig.debug: fix grammar in RUST_BUILD_ASSERT_ALLOW Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems Florian Kauer <florian.kauer(a)linutronix.de> bpf: devmap: provide rxq after redirect Andrew Jones <ajones(a)ventanamicro.com> irqchip/riscv-imsic: Fix output text of base address Toke Høiland-Jørgensen <toke(a)redhat.com> bpf: Make sure internal and UAPI bpf_redirect flags don't overlap Eduard Zingerman <eddyz87(a)gmail.com> bpf: sync_linked_regs() must preserve subreg_def Changhuang Liang <changhuang.liang(a)starfivetech.com> reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC Mikhail Lobanov <m.lobanov(a)rosalinux.ru> iio: accel: bma400: Fix uninitialized variable field_value in tap event handling. Wander Lairson Costa <wander.lairson(a)gmail.com> bpf: Use raw_spinlock_t in ringbuf ------------- Diffstat: .../bindings/sound/davinci-mcasp-audio.yaml | 18 +- Makefile | 4 +- arch/arm/boot/dts/broadcom/bcm2837-rpi-cm3-io3.dts | 2 +- arch/arm64/Makefile | 2 +- arch/arm64/kvm/arm.c | 3 + arch/arm64/kvm/sys_regs.c | 2 +- arch/arm64/kvm/vgic/vgic-init.c | 28 ++- arch/arm64/net/bpf_jit_comp.c | 12 +- arch/loongarch/include/asm/bootinfo.h | 4 + arch/loongarch/include/asm/kasan.h | 2 +- arch/loongarch/kernel/process.c | 14 +- arch/loongarch/kernel/setup.c | 3 +- arch/loongarch/kernel/traps.c | 5 + arch/riscv/net/bpf_jit_comp64.c | 8 +- arch/s390/include/asm/perf_event.h | 1 + arch/s390/pci/pci_event.c | 17 +- arch/x86/Kconfig | 1 + arch/x86/events/rapl.c | 47 ++++- arch/x86/include/asm/runtime-const.h | 4 +- arch/x86/include/asm/uaccess_64.h | 45 +++-- arch/x86/kernel/amd_nb.c | 6 + arch/x86/kernel/cpu/common.c | 10 + arch/x86/kernel/cpu/resctrl/ctrlmondata.c | 23 ++- arch/x86/kernel/vmlinux.lds.S | 1 + arch/x86/kvm/svm/nested.c | 6 +- arch/x86/lib/getuser.S | 9 +- arch/x86/virt/svm/sev.c | 2 + block/blk-map.c | 4 +- block/elevator.c | 17 +- drivers/accel/qaic/qaic_control.c | 2 +- drivers/accel/qaic/qaic_data.c | 6 +- drivers/acpi/button.c | 11 ++ drivers/acpi/cppc_acpi.c | 22 ++- drivers/acpi/prmt.c | 29 ++- drivers/acpi/resource.c | 7 + drivers/ata/libata-eh.c | 1 + drivers/cdrom/cdrom.c | 2 +- drivers/clk/rockchip/clk.c | 2 +- drivers/cpufreq/amd-pstate.c | 10 + drivers/firewire/core-topology.c | 2 +- drivers/firmware/arm_scmi/driver.c | 4 +- drivers/firmware/arm_scmi/mailbox.c | 32 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 5 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 ++ .../drm/amd/display/modules/power/power_helpers.c | 2 + drivers/gpu/drm/bridge/aux-bridge.c | 3 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 16 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 20 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 68 ++++--- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 7 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 5 +- drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c | 19 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 4 +- drivers/gpu/drm/panel/panel-himax-hx83102.c | 12 +- drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 +- drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 4 + drivers/gpu/drm/xe/xe_device.c | 4 +- drivers/gpu/drm/xe/xe_exec.c | 12 +- drivers/gpu/drm/xe/xe_gpu_scheduler.h | 2 + drivers/gpu/drm/xe/xe_gt_mcr.c | 2 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 29 ++- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h | 1 - drivers/gpu/drm/xe/xe_guc_submit.c | 7 +- drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hwmon/jc42.c | 2 +- drivers/iio/accel/bma400_core.c | 3 +- drivers/iio/adc/Kconfig | 2 + drivers/iio/frequency/Kconfig | 31 ++-- drivers/infiniband/core/addr.c | 2 + drivers/infiniband/hw/bnxt_re/hw_counters.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.h | 1 + drivers/infiniband/hw/bnxt_re/main.c | 29 ++- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 16 ++ drivers/infiniband/hw/bnxt_re/qplib_fp.h | 3 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 21 +-- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 11 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 1 + drivers/infiniband/hw/cxgb4/cm.c | 9 +- drivers/infiniband/hw/irdma/cm.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 80 ++++++-- drivers/irqchip/irq-renesas-rzg2l.c | 16 +- drivers/irqchip/irq-riscv-imsic-platform.c | 2 +- drivers/md/raid10.c | 7 +- drivers/net/dsa/microchip/ksz_common.c | 21 ++- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.h | 6 +- drivers/net/dsa/mv88e6xxx/port.c | 1 + drivers/net/dsa/mv88e6xxx/ptp.c | 108 +++++++---- drivers/net/dsa/vitesse-vsc73xx-core.c | 1 - drivers/net/ethernet/aeroflex/greth.c | 3 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 1 + drivers/net/ethernet/broadcom/bcmsysport.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 22 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 70 ++++--- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 12 +- drivers/net/ethernet/emulex/benet/be_main.c | 10 +- drivers/net/ethernet/freescale/fman/mac.c | 68 +++++-- drivers/net/ethernet/freescale/fman/mac.h | 6 +- drivers/net/ethernet/i825xx/sun3_82586.c | 1 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 82 ++++++--- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 4 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 5 +- .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 9 +- .../net/ethernet/microchip/sparx5/sparx5_mirror.c | 12 +- drivers/net/ethernet/realtek/r8169_main.c | 4 +- drivers/net/ethernet/renesas/ravb_main.c | 25 ++- drivers/net/ethernet/renesas/rtsn.c | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c | 18 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 2 + drivers/net/hyperv/netvsc_drv.c | 30 +++ drivers/net/macsec.c | 18 -- drivers/net/netdevsim/dev.c | 15 +- drivers/net/phy/dp83822.c | 4 +- drivers/net/plip/plip.c | 2 +- drivers/net/pse-pd/pse_core.c | 4 +- drivers/net/usb/usbnet.c | 4 +- drivers/net/virtio_net.c | 2 +- drivers/net/vmxnet3/vmxnet3_xdp.c | 2 +- drivers/net/wwan/wwan_core.c | 2 +- drivers/nvme/host/pci.c | 19 +- drivers/pci/probe.c | 2 + drivers/pci/pwrctl/pci-pwrctl-pwrseq.c | 58 +++++- drivers/platform/x86/dell/dell-wmi-base.c | 9 + drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 1 + drivers/platform/x86/intel/pmc/core_ssram.c | 4 +- drivers/powercap/dtpm_devfreq.c | 2 +- drivers/reset/starfive/reset-starfive-jh71x0.c | 3 + drivers/soundwire/intel_ace2x.c | 19 +- drivers/target/target_core_device.c | 2 +- drivers/target/target_core_user.c | 2 +- drivers/usb/host/xhci-dbgcap.h | 2 +- drivers/usb/host/xhci-dbgtty.c | 71 ++++++-- drivers/usb/typec/class.c | 3 + drivers/video/fbdev/Kconfig | 1 + fs/9p/v9fs.h | 34 +++- fs/9p/v9fs_vfs.h | 2 +- fs/9p/vfs_inode.c | 129 ++++++++----- fs/9p/vfs_inode_dotl.c | 112 ++++++++---- fs/9p/vfs_super.c | 2 +- fs/backing-file.c | 8 +- fs/btrfs/block-group.c | 2 + fs/btrfs/dir-item.c | 4 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent_map.c | 31 ++-- fs/btrfs/inode.c | 7 +- fs/btrfs/qgroup.c | 2 +- fs/btrfs/qgroup.h | 2 + fs/btrfs/super.c | 12 +- fs/fuse/passthrough.c | 8 +- fs/jfs/jfs_dmap.c | 2 +- fs/namespace.c | 4 +- fs/nfsd/nfs4state.c | 50 ++++- fs/nfsd/state.h | 2 + fs/nilfs2/page.c | 6 +- fs/notify/fsnotify.c | 21 ++- fs/notify/inotify/inotify_user.c | 2 +- fs/notify/mark.c | 8 +- fs/open.c | 2 + fs/overlayfs/file.c | 9 +- fs/select.c | 4 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/fs_context.c | 7 + fs/smb/client/reparse.c | 23 +++ fs/smb/client/smb2ops.c | 3 +- fs/smb/client/smb2pdu.c | 9 + fs/udf/balloc.c | 38 ++-- fs/udf/directory.c | 23 ++- fs/udf/inode.c | 202 ++++++++++++++------- fs/udf/partition.c | 6 +- fs/udf/super.c | 3 +- fs/udf/truncate.c | 43 ++++- fs/udf/udfdecl.h | 15 +- fs/xfs/scrub/repair.c | 8 +- include/linux/backing-file.h | 2 +- include/linux/bpf.h | 14 +- include/linux/bpf_types.h | 1 + include/linux/huge_mm.h | 18 ++ include/linux/netdevice.h | 12 ++ include/linux/shmem_fs.h | 11 +- include/linux/task_work.h | 5 +- include/linux/uaccess.h | 7 + include/net/bluetooth/bluetooth.h | 1 + include/net/genetlink.h | 3 +- include/net/sock.h | 5 + include/net/xfrm.h | 28 +-- include/uapi/linux/bpf.h | 16 +- include/uapi/sound/asoc.h | 2 +- kernel/bpf/btf.c | 15 +- kernel/bpf/devmap.c | 11 +- kernel/bpf/helpers.c | 10 +- kernel/bpf/inode.c | 5 +- kernel/bpf/log.c | 3 +- kernel/bpf/ringbuf.c | 14 +- kernel/bpf/syscall.c | 33 +++- kernel/bpf/task_iter.c | 2 +- kernel/bpf/verifier.c | 107 ++++++----- kernel/sched/core.c | 4 +- kernel/task_work.c | 15 +- kernel/time/posix-clock.c | 6 +- kernel/trace/bpf_trace.c | 42 ++--- kernel/trace/fgraph.c | 15 +- kernel/trace/ring_buffer.c | 44 +++-- kernel/trace/trace_eprobe.c | 7 +- kernel/trace/trace_fprobe.c | 6 +- kernel/trace/trace_kprobe.c | 6 +- kernel/trace/trace_probe.c | 2 +- kernel/trace/trace_uprobe.c | 13 +- lib/Kconfig.debug | 2 +- lib/objpool.c | 2 +- lib/strncpy_from_user.c | 9 + lib/strnlen_user.c | 9 + mm/huge_memory.c | 24 +-- mm/memory.c | 9 + mm/shmem.c | 55 +++--- net/bluetooth/af_bluetooth.c | 22 +++ net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_core.c | 24 ++- net/bluetooth/hci_sync.c | 12 +- net/bluetooth/iso.c | 18 +- net/bluetooth/sco.c | 18 +- net/core/filter.c | 50 ++--- net/core/sock_map.c | 8 + net/ipv4/devinet.c | 35 +++- net/ipv4/inet_connection_sock.c | 21 ++- net/ipv4/xfrm4_policy.c | 38 ++-- net/ipv6/xfrm6_policy.c | 31 ++-- net/l2tp/l2tp_netlink.c | 4 +- net/netfilter/nf_bpf_link.c | 7 +- net/netfilter/xt_NFLOG.c | 2 +- net/netfilter/xt_TRACE.c | 1 + net/netfilter/xt_mark.c | 2 +- net/netlink/genetlink.c | 28 +-- net/sched/act_api.c | 23 ++- net/sched/sch_generic.c | 8 +- net/sched/sch_taprio.c | 21 ++- net/smc/smc_pnet.c | 2 +- net/smc/smc_wr.c | 6 +- net/vmw_vsock/virtio_transport_common.c | 14 +- net/vmw_vsock/vsock_bpf.c | 8 - net/wireless/nl80211.c | 8 +- net/xfrm/xfrm_device.c | 11 +- net/xfrm/xfrm_policy.c | 50 +++-- net/xfrm/xfrm_user.c | 10 +- sound/firewire/amdtp-stream.c | 3 + sound/pci/hda/Kconfig | 2 +- sound/pci/hda/patch_cs8409.c | 5 +- sound/pci/hda/patch_realtek.c | 48 ++--- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/lpass-rx-macro.c | 2 +- sound/soc/codecs/max98388.c | 1 + sound/soc/fsl/fsl_micfil.c | 43 ++++- sound/soc/fsl/fsl_sai.c | 5 +- sound/soc/fsl/fsl_sai.h | 1 + sound/soc/loongson/loongson_card.c | 1 + sound/soc/qcom/Kconfig | 2 + sound/soc/qcom/lpass-cpu.c | 2 + sound/soc/qcom/sc7280.c | 10 +- sound/soc/qcom/sdm845.c | 7 +- sound/soc/qcom/sm8250.c | 1 + sound/soc/sh/rcar/core.c | 7 +- sound/soc/soc-dapm.c | 4 +- sound/soc/sof/intel/hda-dai-ops.c | 23 +-- sound/soc/sof/intel/hda-dai.c | 37 +++- sound/soc/sof/intel/hda-loader.c | 17 -- sound/soc/sof/ipc4-topology.c | 15 +- tools/include/uapi/linux/bpf.h | 3 + tools/testing/selftests/bpf/Makefile | 2 +- .../selftests/bpf/prog_tests/fill_link_info.c | 9 +- 275 files changed, 2655 insertions(+), 1271 deletions(-)

4 months, 1 week

16
277
0 0

[PATCH net] net: vertexcom: mse102x: Fix possible double free of TX skb

by Stefan Wahren

The scope of the TX skb is wider than just mse102x_tx_frame_spi(), so in case the TX skb room needs to be expanded, also its pointer needs to be adjusted. Otherwise the already freed skb pointer would be freed again in mse102x_tx_work(), which leads to crashes: Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23 Hardware name: chargebyte Charge SOM DC-ONE (DT) Workqueue: events mse102x_tx_work [mse102x] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_release_data+0xb8/0x1d8 lr : skb_release_data+0x1ac/0x1d8 sp : ffff8000819a3cc0 x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0 x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50 x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000 x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8 x8 : fffffc00001bc008 x7 : 0000000000000000 x6 : 0000000000000008 x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009 x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000 Call trace: skb_release_data+0xb8/0x1d8 kfree_skb_reason+0x48/0xb0 mse102x_tx_work+0x164/0x35c [mse102x] process_one_work+0x138/0x260 worker_thread+0x32c/0x438 kthread+0x118/0x11c ret_from_fork+0x10/0x20 Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660) Cc: stable(a)vger.kernel.org Fixes: 2f207cbf0dd4 ("net: vertexcom: Add MSE102x SPI support") Signed-off-by: Stefan Wahren <wahrenst(a)gmx.net> --- drivers/net/ethernet/vertexcom/mse102x.c | 34 ++++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/net/ethernet/vertexcom/mse102x.c b/drivers/net/ethernet/vertexcom/mse102x.c index a04d4073def9..8b9e700a1e63 100644 --- a/drivers/net/ethernet/vertexcom/mse102x.c +++ b/drivers/net/ethernet/vertexcom/mse102x.c @@ -216,7 +216,7 @@ static inline void mse102x_put_footer(struct sk_buff *skb) *footer = cpu_to_be16(DET_DFT); } -static int mse102x_tx_frame_spi(struct mse102x_net *mse, struct sk_buff *txp, +static int mse102x_tx_frame_spi(struct mse102x_net *mse, struct sk_buff **txp, unsigned int pad) { struct mse102x_net_spi *mses = to_mse102x_spi(mse); @@ -226,29 +226,29 @@ static int mse102x_tx_frame_spi(struct mse102x_net *mse, struct sk_buff *txp, int ret; netif_dbg(mse, tx_queued, mse->ndev, "%s: skb %p, %d@%p\n", - __func__, txp, txp->len, txp->data); + __func__, *txp, (*txp)->len, (*txp)->data); - if ((skb_headroom(txp) < DET_SOF_LEN) || - (skb_tailroom(txp) < DET_DFT_LEN + pad)) { - tskb = skb_copy_expand(txp, DET_SOF_LEN, DET_DFT_LEN + pad, + if ((skb_headroom(*txp) < DET_SOF_LEN) || + (skb_tailroom(*txp) < DET_DFT_LEN + pad)) { + tskb = skb_copy_expand(*txp, DET_SOF_LEN, DET_DFT_LEN + pad, GFP_KERNEL); if (!tskb) return -ENOMEM; - dev_kfree_skb(txp); - txp = tskb; + dev_kfree_skb(*txp); + *txp = tskb; } - mse102x_push_header(txp); + mse102x_push_header(*txp); if (pad) - skb_put_zero(txp, pad); + skb_put_zero(*txp, pad); - mse102x_put_footer(txp); + mse102x_put_footer(*txp); - xfer->tx_buf = txp->data; + xfer->tx_buf = (*txp)->data; xfer->rx_buf = NULL; - xfer->len = txp->len; + xfer->len = (*txp)->len; ret = spi_sync(mses->spidev, msg); if (ret < 0) { @@ -368,7 +368,7 @@ static void mse102x_rx_pkt_spi(struct mse102x_net *mse) mse->ndev->stats.rx_bytes += rxlen; } -static int mse102x_tx_pkt_spi(struct mse102x_net *mse, struct sk_buff *txb, +static int mse102x_tx_pkt_spi(struct mse102x_net *mse, struct sk_buff **txb, unsigned long work_timeout) { unsigned int pad = 0; @@ -377,11 +377,11 @@ static int mse102x_tx_pkt_spi(struct mse102x_net *mse, struct sk_buff *txb, int ret; bool first = true; - if (txb->len < ETH_ZLEN) - pad = ETH_ZLEN - txb->len; + if ((*txb)->len < ETH_ZLEN) + pad = ETH_ZLEN - (*txb)->len; while (1) { - mse102x_tx_cmd_spi(mse, CMD_RTS | (txb->len + pad)); + mse102x_tx_cmd_spi(mse, CMD_RTS | ((*txb)->len + pad)); ret = mse102x_rx_cmd_spi(mse, (u8 *)&rx); cmd_resp = be16_to_cpu(rx); @@ -437,7 +437,7 @@ static void mse102x_tx_work(struct work_struct *work) while ((txb = skb_dequeue(&mse->txq))) { mutex_lock(&mses->lock); - ret = mse102x_tx_pkt_spi(mse, txb, work_timeout); + ret = mse102x_tx_pkt_spi(mse, &txb, work_timeout); mutex_unlock(&mses->lock); if (ret) { mse->ndev->stats.tx_dropped++; -- 2.34.1

4 months, 1 week

3
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2024