November 2024 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.8 release. There are 184 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 14 Nov 2024 10:18:19 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.8-rc1 Hyunwoo Kim <v4bel(a)theori.io> vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans Hyunwoo Kim <v4bel(a)theori.io> hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer Paul E. McKenney <paulmck(a)kernel.org> xtensa: Emulate one-byte cmpxchg Mingcong Bai <jeffbai(a)aosc.io> ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/guc/tlb: Flush g2h worker in case of tlb timeout Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/ufence: Flush xe ordered_wq in case of ufence timeout Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Move LNL scheduling WA to xe_device.h Badal Nilawar <badal.nilawar(a)intel.com> drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout Christoph Hellwig <hch(a)lst.de> block: fix queue limits checks in blk_rq_map_user_bvec for real Christoph Hellwig <hch(a)lst.de> block: rework bio splitting Johan Hovold <johan+linaro(a)kernel.org> firmware: qcom: scm: suppress download mode error Mukesh Ojha <quic_mojha(a)quicinc.com> firmware: qcom: scm: Refactor code to support multiple dload mode Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: hugetlb_dio: check for initial conditions to skip in the start Andrei Vagin <avagin(a)google.com> ucounts: fix counter leak in inc_rlimit_get_ucounts() Andrew Kanner <andrew.kanner(a)gmail.com> ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Force propagation of the active state with a read-back Umang Jain <umang.jain(a)ideasonboard.com> staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation Umang Jain <umang.jain(a)ideasonboard.com> staging: vchiq_arm: Use devm_kzalloc() for drv_mgmt allocation Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Fix connection issue with Pluggable UD-4VPD dock Qiang Yu <quic_qianyu(a)quicinc.com> clk: qcom: gcc-x1e80100: Fix halt_check for pipediv2 clocks Johan Hovold <johan+linaro(a)kernel.org> clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs Benoît Monin <benoit.monin(a)gmx.fr> USB: serial: option: add Quectel RG650V Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Fibocom FG132 0x0112 composition Jack Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add support for Sierra Wireless EM86xx Dan Carpenter <dan.carpenter(a)linaro.org> USB: serial: io_edgeport: fix use after free in debug printk Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() Rex Nie <rex.nie(a)jaguarmicro.com> usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier Roger Quadros <rogerq(a)kernel.org> usb: dwc3: fix fault at system suspend if device was already runtime suspended Zijun Hu <quic_zijuhu(a)quicinc.com> usb: musb: sunxi: Fix accessing an released usb phy Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add only on-board retimers when !CONFIG_USB4_DEBUGFS_MARGINING Hugh Dickins <hughd(a)google.com> mm/thp: fix deferred split unqueue naming and locking Wei Yang <richard.weiyang(a)gmail.com> mm/mlock: set the correct prev on failure SeongJae Park <sj(a)kernel.org> mm/damon/core: handle zero schemes apply interval SeongJae Park <sj(a)kernel.org> mm/damon/core: handle zero {aggregation,ops_update} intervals SeongJae Park <sj(a)kernel.org> mm/damon/core: avoid overflow in damon_feed_loop_next_input() Roman Gushchin <roman.gushchin(a)linux.dev> signal: restore the override_rlimit logic Masami Hiramatsu (Google) <mhiramat(a)kernel.org> objpool: fix to make percpu slot allocation more robust Qi Xi <xiqi2(a)huawei.com> fs/proc: fix compile warning about variable 'vmcore_mmap_ops' Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: clk-alpha-pll: Fix pll post div mask when width is not set Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Fix USB MP SS1 PHY GDSC pwrsts flags Liu Peibao <loven.liu(a)jaguarmicro.com> i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set Trond Myklebust <trond.myklebust(a)hammerspace.com> filemap: Fix bounds checking in filemap_read() Benoit Sevens <bsevens(a)google.com> media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Add SMU metrics table support for 1Ah family 60h model Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Update SMU metrics table for 1AH family series Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Relocate CPU ID macros to the PMF header Filipe Manana <fdmanana(a)suse.com> btrfs: reinitialize delayed ref list after deleting it from the list Qu Wenruo <wqu(a)suse.com> btrfs: fix per-subvolume RO/RW flags with new mount API Haisu Wang <haisuwang(a)tencent.com> btrfs: fix the length of reserved qgroup to free Pavan Kumar Linga <pavan.kumar.linga(a)intel.com> idpf: fix idpf_vc_core_init error path Pavan Kumar Linga <pavan.kumar.linga(a)intel.com> idpf: avoid vport access in idpf_get_link_ksettings Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Mask off LPCR_MER for a vCPU before running it to avoid spurious interrupts Koichiro Den <koichiro.den(a)gmail.com> mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create Mark Rutland <mark.rutland(a)arm.com> arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint Mark Rutland <mark.rutland(a)arm.com> arm64: Kconfig: Make SME depend on BROKEN for now Mark Brown <broonie(a)kernel.org> arm64/sve: Discard stale CPU state when handling SVE traps Geliang Tang <geliang(a)kernel.org> mptcp: use sock_kfree_s instead of kfree Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible double free of TX skb Jinjie Ruan <ruanjinjie(a)huawei.com> net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() Kalesh Singh <kaleshsingh(a)google.com> tracing: Fix tracefs mount options Roberto Sassu <roberto.sassu(a)huawei.com> nfs: Fix KMSAN warning in decode_getfattr_attrs() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Start the RTC update work later Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add quirk for HP 320 FHD Webcam Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: no admin perm to list endpoints Mikulas Patocka <mpatocka(a)redhat.com> dm: fix a crash if blk_alloc_disk fails Zichen Xie <zichenxie0106(a)gmail.com> dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix potential out-of-bounds access on the first resume Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: optimize dirty bit checking with find_next_bit when resizing Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix out-of-bounds access to the dirty bitset when resizing Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix flushing uninitialized delayed_work on cache_ctr error Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: correct the number of origin blocks to match the target length David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> thermal/drivers/qcom/lmh: Remove false lockdep backtrace Antonio Quartulli <antonio(a)mandelbit.com> drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Adjust debugfs register access permissions Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Adjust debugfs eviction and IB access permissions Jann Horn <jannh(a)google.com> drm/panthor: Be stricter about IO mapping flags Liviu Dudau <liviu.dudau(a)arm.com> drm/panthor: Lock XArray when getting entries for the VM Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: parse umc_info or vram_info based on ASIC Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: correct the workload setting Brendan King <brendan.king(a)imgtec.com> drm/imagination: Break an object reference loop Brendan King <brendan.king(a)imgtec.com> drm/imagination: Add a per-file PVR context list Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix brightness level not retained over reboot Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: always pick the pptable from IFWI Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> rpmsg: glink: Handle rejected intent request better Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Lock TPM chip in tpm_pm_suspend() first Erik Schumacher <erik.schumacher(a)iris-sensing.com> pwm: imx-tpm: Use correct MODULO value for EPWM mode Balasubramani Vivekanandan <balasubramani.vivekanandan(a)intel.com> drm/xe: Set mask bits for CCS_MODE register Matthew Brost <matthew.brost(a)intel.com> drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL Matthew Brost <matthew.brost(a)intel.com> drm/xe: Fix possible exec queue leak in exec IOCTL Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp Jinjie Ruan <ruanjinjie(a)huawei.com> ksmbd: Fix the missing xa_store error check Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: check outstanding simultaneous SMB operations Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: {cc770,sja1000}_isa: allow building on x86_64 Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_close(): don't call free_irq() for IRQ-less devices Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: v4l2-tpg: prevent the risk of a division by zero Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix buffer overwrite when using > 32 buffers Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: pulse8-cec: fix data timestamp at pulse8_setup() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: av7110: fix a spectre vulnerability Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: cx24116: prevent overflows on SNR calculus Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: s5p-jpeg: prevent buffer overflows Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: ar0521: don't overflow when checking PLL values Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: mgb4: protect driver against spectre Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: dvb-core: add missing buffer index check Jyri Sarha <jyri.sarha(a)linux.intel.com> ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits Amelie Delaunay <amelie.delaunay(a)foss.st.com> ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove Icenowy Zheng <uwu(a)icenowy.me> thermal/of: support thermal zones w/o trips subnode Emil Dahl Juhl <emdj(a)bang-olufsen.dk> tools/lib/thermal: Fix sampling handler context ptr Murad Masimov <m.masimov(a)maxima.ru> ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: adv7604: prevent underflow condition when reporting colorspace Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvb_frontend: don't play tricks with underflow values Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: prevent the risk of out of memory access Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: stb0899_algo: initialize cfr before using it Jarosław Janik <jaroslaw.janik(a)gmail.com> Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" Wentao Liang <Wentao_liang_g(a)163.com> drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path Eric Dumazet <edumazet(a)google.com> net/smc: do not leave a dangling sk pointer in __smc_create() David Howells <dhowells(a)redhat.com> rxrpc: Fix missing locking causing hanging calls Johan Jonker <jbx6244(a)gmail.com> net: arc: rockchip: fix emac mdio node support Johan Jonker <jbx6244(a)gmail.com> net: arc: fix the device for dma_map_single/dma_unmap_single Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Update rss when set queue Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Sync rss config to device when virtnet_probe Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Add hash_key_length check Philo Lu <lulie(a)linux.alibaba.com> virtio_net: Support dynamic rss indirection table size Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: wait for rcu grace period on net_device removal Nícolas F. R. A. Prado <nfraprado(a)collabora.com> net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case Diogo Silva <diogompaissilva(a)gmail.com> net: phy: ti: add PHY_RST_AFTER_CLK_EN flag Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: fix kernel crash when uninstalling driver Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Remove Meteor Lake SMBUS workarounds Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix race condition by adding filter's intermediate sync state Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: change q_index variable type to s16 to store -1 value Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: c_can: fix {rx,tx}_errors statistics Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts Wei Fang <wei.fang(a)nxp.com> net: enetc: allocate vf_state during PF probes Xin Long <lucien.xin(a)gmail.com> sctp: properly validate chunk size in sctp_sf_ootb() Suraj Gupta <suraj.gupta2(a)amd.com> dt-bindings: net: xlnx,axi-ethernet: Correct phy-mode property value Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa_eth: print FD status in CPU endianness in dpaa_eth_fd tracepoint Wei Fang <wei.fang(a)nxp.com> net: enetc: set MAC address to the VF net_device ChiYuan Huang <cy_huang(a)richtek.com> regulator: rtq2208: Fix uninitialized use of regulator_config Chen Ridong <chenridong(a)huawei.com> security/keys: fix slab-out-of-bounds in key_task_permission Mike Snitzer <snitzer(a)kernel.org> nfs: avoid i_lock contention in nfs_clear_invalid_mapping Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Further fixes to attribute delegation a/mtime changes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix attribute delegation behaviour on exclusive create NeilBrown <neilb(a)suse.de> NFSv3: only use NFS timeout for MOUNT when protocols are compatible NeilBrown <neilb(a)suse.de> sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() Corey Hickey <bugfood-c(a)fatooh.org> platform/x86/amd/pmc: Detect when STB is not available Jiri Kosina <jikos(a)kernel.org> HID: core: zero-initialize the report buffer Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: Fix the spi controller on rk3036 Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: drop grf reference from rk3036 hdmi Heiko Stuebner <heiko(a)sntech.de> ARM: dts: rockchip: fix rk3036 acodec node Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone pro Qingqing Zhou <quic_qqzhou(a)quicinc.com> firmware: qcom: scm: Return -EOPNOTSUPP for unsupported SHM bridge enabling Xinqi Zhang <quic_xinqzhan(a)quicinc.com> firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() Marek Vasut <marex(a)denx.de> arm64: dts: imx8mp-phyboard-pollux: Set Video PLL1 frequency to 506.8 MHz Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp: correct sdhc ipg clk Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450 fix PIPE clock specification for pcie1 Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: remove num-slots property from rk3328-nanopi-r2s-plus Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Remove undocumented supports-emmc property Sergey Bostandzhyan <jin(a)mediatomb.cc> arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Drop regulator-init-microvolt from two boards Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix i2c2 pinctrl-names property on anbernic-rg353p/v Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node Diederik de Haas <didi.debian(a)cknow.org> arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 Rajendra Nayak <quic_rjendra(a)quicinc.com> EDAC/qcom: Make irq configuration optional Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: fix a NULL-pointer dereference Sam Edwards <cfsworks(a)gmail.com> arm64: dts: rockchip: Designate Turing RK1's system power controller Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Start cooling maps numbering from zero on ROCK 5B Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Move L3 cache outside CPUs in RK3588(S) SoC dtsi Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 ------------- Diffstat: .../devicetree/bindings/net/xlnx,axi-ethernet.yaml | 2 +- Documentation/netlink/specs/mptcp_pm.yaml | 1 - Makefile | 4 +- arch/arm/boot/dts/rockchip/rk3036-kylin.dts | 4 +- arch/arm/boot/dts/rockchip/rk3036.dtsi | 14 +- arch/arm64/Kconfig | 1 + arch/arm64/boot/dts/freescale/imx8-ss-vpu.dtsi | 4 +- .../dts/freescale/imx8mp-phyboard-pollux-rdk.dts | 12 ++ arch/arm64/boot/dts/freescale/imx8mp.dtsi | 6 +- arch/arm64/boot/dts/freescale/imx8qxp-ss-vpu.dtsi | 8 ++ arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/rockchip/Makefile | 1 + arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 1 - arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 4 +- .../boot/dts/rockchip/rk3328-nanopi-r2s-plus.dts | 30 +++++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 +- arch/arm64/boot/dts/rockchip/rk3368-lion.dtsi | 1 - arch/arm64/boot/dts/rockchip/rk3399-eaidk-610.dts | 2 +- .../boot/dts/rockchip/rk3399-pinephone-pro.dts | 2 - arch/arm64/boot/dts/rockchip/rk3399-rock960.dtsi | 2 +- .../dts/rockchip/rk3399-sapphire-excavator.dts | 2 +- .../boot/dts/rockchip/rk3566-anbernic-rg353p.dts | 2 +- .../boot/dts/rockchip/rk3566-anbernic-rg353v.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3566-box-demo.dts | 6 +- arch/arm64/boot/dts/rockchip/rk3566-lubancat-1.dts | 1 - arch/arm64/boot/dts/rockchip/rk3566-pinenote.dtsi | 6 +- arch/arm64/boot/dts/rockchip/rk3566-radxa-cm3.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568-lubancat-2.dts | 1 - arch/arm64/boot/dts/rockchip/rk3568-roc-pc.dts | 3 - arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 20 +-- arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 4 +- .../arm64/boot/dts/rockchip/rk3588-toybrick-x0.dts | 1 - .../arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 1 + arch/arm64/kernel/fpsimd.c | 1 + arch/arm64/kernel/smccc-call.S | 35 +---- arch/powerpc/kvm/book3s_hv.c | 12 ++ arch/xtensa/Kconfig | 1 + arch/xtensa/include/asm/cmpxchg.h | 2 + block/blk-map.c | 56 +++----- block/blk-merge.c | 146 ++++++++------------- block/blk-mq.c | 11 +- block/blk.h | 69 ++++++---- drivers/char/tpm/tpm-chip.c | 4 - drivers/char/tpm/tpm-interface.c | 32 +++-- drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clk/qcom/gcc-x1e80100.c | 12 +- drivers/clk/qcom/videocc-sm8350.c | 4 +- drivers/edac/qcom_edac.c | 8 +- drivers/firmware/arm_scmi/bus.c | 7 +- drivers/firmware/qcom/Kconfig | 11 -- drivers/firmware/qcom/qcom_scm.c | 77 +++++++++-- drivers/firmware/smccc/smccc.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 10 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +++ drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 49 +++++-- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 5 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 5 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 4 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 20 ++- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 5 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 74 +---------- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 8 ++ drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 2 + drivers/gpu/drm/imagination/pvr_context.c | 33 +++++ drivers/gpu/drm/imagination/pvr_context.h | 21 +++ drivers/gpu/drm/imagination/pvr_device.h | 10 ++ drivers/gpu/drm/imagination/pvr_drv.c | 3 + drivers/gpu/drm/imagination/pvr_vm.c | 22 +++- drivers/gpu/drm/imagination/pvr_vm.h | 1 + drivers/gpu/drm/panthor/panthor_device.c | 4 + drivers/gpu/drm/panthor/panthor_mmu.c | 2 + drivers/gpu/drm/xe/regs/xe_gt_regs.h | 2 +- drivers/gpu/drm/xe/xe_device.h | 14 ++ drivers/gpu/drm/xe/xe_exec.c | 13 +- drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 6 + drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 2 + drivers/gpu/drm/xe/xe_guc_ct.c | 9 ++ drivers/gpu/drm/xe/xe_wait_user_fence.c | 7 + drivers/hid/hid-core.c | 2 +- drivers/i2c/busses/i2c-designware-common.c | 6 +- drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/irqchip/irq-gic-v3.c | 7 + drivers/md/dm-cache-target.c | 59 +++++---- drivers/md/dm-unstripe.c | 4 +- drivers/md/dm.c | 4 +- drivers/media/cec/usb/pulse8/pulse8-cec.c | 2 +- drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 3 + drivers/media/dvb-core/dvb_frontend.c | 4 +- drivers/media/dvb-core/dvb_vb2.c | 8 +- drivers/media/dvb-core/dvbdev.c | 17 ++- drivers/media/dvb-frontends/cx24116.c | 7 +- drivers/media/dvb-frontends/stb0899_algo.c | 2 +- drivers/media/i2c/adv7604.c | 26 ++-- drivers/media/i2c/ar0521.c | 4 +- drivers/media/pci/mgb4/mgb4_cmt.c | 2 + .../media/platform/samsung/s5p-jpeg/jpeg-core.c | 17 ++- drivers/media/test-drivers/vivid/vivid-core.c | 2 +- drivers/media/test-drivers/vivid/vivid-core.h | 4 +- drivers/media/test-drivers/vivid/vivid-ctrls.c | 2 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 2 +- drivers/media/v4l2-core/v4l2-ctrls-api.c | 17 ++- drivers/net/can/c_can/c_can_main.c | 7 +- drivers/net/can/cc770/Kconfig | 2 +- drivers/net/can/m_can/m_can.c | 3 +- drivers/net/can/sja1000/Kconfig | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 8 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 10 +- drivers/net/ethernet/arc/emac_main.c | 27 ++-- drivers/net/ethernet/arc/emac_mdio.c | 9 +- .../net/ethernet/freescale/dpaa/dpaa_eth_trace.h | 2 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 18 +-- drivers/net/ethernet/freescale/enetc/enetc_vf.c | 9 +- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 5 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 17 +-- drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 12 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 3 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 4 +- drivers/net/ethernet/intel/idpf/idpf.h | 4 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 11 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 5 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 3 +- .../net/ethernet/pensando/ionic/ionic_bus_pci.c | 1 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 5 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 +- drivers/net/phy/dp83848.c | 2 + drivers/net/virtio_net.c | 119 ++++++++++++++--- drivers/net/wwan/t7xx/t7xx_hif_dpmaif_rx.c | 2 +- drivers/platform/x86/amd/pmc/pmc.c | 5 + drivers/platform/x86/amd/pmf/core.c | 21 ++- drivers/platform/x86/amd/pmf/pmf.h | 55 ++++++++ drivers/platform/x86/amd/pmf/spc.c | 52 +++++--- drivers/pwm/pwm-imx-tpm.c | 4 +- drivers/regulator/rtq2208-regulator.c | 2 +- drivers/rpmsg/qcom_glink_native.c | 10 +- drivers/scsi/sd_zbc.c | 3 +- drivers/soc/qcom/llcc-qcom.c | 3 + drivers/staging/media/av7110/av7110.h | 4 +- drivers/staging/media/av7110/av7110_ca.c | 25 ++-- .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 +- drivers/thermal/qcom/lmh.c | 7 + drivers/thermal/thermal_of.c | 21 ++- drivers/thunderbolt/retimer.c | 2 + drivers/thunderbolt/usb4.c | 2 +- drivers/ufs/core/ufshcd.c | 10 +- drivers/usb/dwc3/core.c | 25 ++-- drivers/usb/musb/sunxi.c | 2 - drivers/usb/serial/io_edgeport.c | 8 +- drivers/usb/serial/option.c | 6 + drivers/usb/serial/qcserial.c | 2 + .../usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 8 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 2 + fs/btrfs/bio.c | 30 +++-- fs/btrfs/delayed-ref.c | 2 +- fs/btrfs/inode.c | 2 +- fs/btrfs/super.c | 25 +--- fs/nfs/inode.c | 70 ++++++---- fs/nfs/nfs4proc.c | 4 + fs/nfs/super.c | 10 +- fs/ocfs2/xattr.c | 3 +- fs/proc/vmcore.c | 9 +- fs/smb/server/connection.c | 1 + fs/smb/server/connection.h | 1 + fs/smb/server/mgmt/user_session.c | 15 ++- fs/smb/server/server.c | 20 +-- fs/smb/server/smb_common.c | 10 +- fs/smb/server/smb_common.h | 2 +- fs/tracefs/inode.c | 12 +- include/linux/arm-smccc.h | 32 +---- include/linux/bio.h | 4 +- include/linux/soc/qcom/llcc-qcom.h | 2 + include/linux/user_namespace.h | 3 +- include/net/netfilter/nf_tables.h | 4 + include/trace/events/rxrpc.h | 1 + kernel/signal.c | 3 +- kernel/ucount.c | 9 +- lib/objpool.c | 18 ++- mm/damon/core.c | 42 ++++-- mm/filemap.c | 2 +- mm/huge_memory.c | 35 +++-- mm/internal.h | 10 +- mm/memcontrol-v1.c | 25 ++++ mm/memcontrol.c | 8 +- mm/migrate.c | 4 +- mm/mlock.c | 9 +- mm/page_alloc.c | 1 - mm/slab_common.c | 31 +++-- mm/swap.c | 4 +- mm/vmscan.c | 4 +- net/mptcp/mptcp_pm_gen.c | 1 - net/mptcp/pm_userspace.c | 3 +- net/netfilter/nf_tables_api.c | 41 +++++- net/rxrpc/conn_client.c | 4 + net/sctp/sm_statefuns.c | 2 +- net/smc/af_smc.c | 4 +- net/sunrpc/xprtsock.c | 1 + net/vmw_vsock/hyperv_transport.c | 1 + net/vmw_vsock/virtio_transport_common.c | 1 + security/keys/keyring.c | 7 +- security/keys/trusted-keys/trusted_dcp.c | 9 +- sound/firewire/tascam/amdtp-tascam.c | 2 +- sound/pci/hda/patch_conexant.c | 2 - sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/sof/sof-client-probes-ipc4.c | 1 + sound/soc/stm/stm32_spdifrx.c | 2 +- sound/usb/mixer.c | 1 + sound/usb/quirks.c | 2 + tools/lib/thermal/sampling.c | 2 + tools/testing/selftests/mm/hugetlb_dio.c | 19 ++- 218 files changed, 1518 insertions(+), 865 deletions(-)

7 months, 1 week

13
197
0 0

[PATCH 5.15.y] mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

by Matthieu Baerts (NGI0)

From: Paolo Abeni <pabeni(a)redhat.com> commit ce7356ae35943cc6494cc692e62d51a734062b7d upstream. Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf(). Fixes: c76c6956566f ("mptcp: call tcp_cleanup_rbuf on subflows") Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/02374660836e1b52afc91966b7535c8c5f7bafb0.173106087… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Conflicts in protocol.c, because commit f410cbea9f3d ("tcp: annotate data-races around tp->window_clamp") has not been backported to this version. The conflict is easy to resolve, because only the context is different, but not the line to modify. ] Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/protocol.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 34c98596350e..bcbb1f92ce24 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1986,7 +1986,8 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied) slow = lock_sock_fast(ssk); WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf); tcp_sk(ssk)->window_clamp = window_clamp; - tcp_cleanup_rbuf(ssk, 1); + if (tcp_can_send_ack(ssk)) + tcp_cleanup_rbuf(ssk, 1); unlock_sock_fast(ssk, slow); } } -- 2.45.2

7 months, 1 week

1
0
0 0

[PATCH 6.1] ipvs: properly dereference pe in ip_vs_add_service

by Bin Lan

From: Chen Hanxiao <chenhx.fnst(a)fujitsu.com> [ Upstream commit cbd070a4ae62f119058973f6d2c984e325bce6e7 ] Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression Fixes: 39b972231536 ("ipvs: handle connections started by real-servers") Signed-off-by: Chen Hanxiao <chenhx.fnst(a)fujitsu.com> Acked-by: Julian Anastasov <ja(a)ssi.bg> Acked-by: Simon Horman <horms(a)kernel.org> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> [ Resolve minor conflicts to fix CVE-2024-42322 ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- net/netfilter/ipvs/ip_vs_ctl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 17a1b731a76b..18e37b32a5d6 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -1382,18 +1382,18 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u, sched = NULL; } - /* Bind the ct retriever */ - RCU_INIT_POINTER(svc->pe, pe); - pe = NULL; - /* Update the virtual service counters */ if (svc->port == FTPPORT) atomic_inc(&ipvs->ftpsvc_counter); else if (svc->port == 0) atomic_inc(&ipvs->nullsvc_counter); - if (svc->pe && svc->pe->conn_out) + if (pe && pe->conn_out) atomic_inc(&ipvs->conn_out_counter); + /* Bind the ct retriever */ + RCU_INIT_POINTER(svc->pe, pe); + pe = NULL; + ip_vs_start_estimator(ipvs, &svc->stats); /* Count only IPv4 services for old get/setsockopt interface */ -- 2.43.0

7 months, 1 week

1
0
0 0

[PATCH v4 1/3] drm: adv7511: Fix use-after-free in adv7533_attach_dsi()

by Biju Das

The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() used the same. Fix this use-after-free issue with the below changes: 1. Drop host_node from struct adv7511 and instead use a local pointer in adv7511_probe(). 2. Update adv7533_parse_dt() to return the host_node. 3. Pass the host_node as a parameter to adv7533_attach_dsi(). 4. Call of_node_put() after use. Fixes: 1e4d58cd7f88 ("drm/bridge: adv7533: Create a MIPI DSI device") Cc: stable(a)vger.kernel.org Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> --- Changes in v4: - Updated commit description. - Dropped host_node from struct adv7511 and instead used a local pointer in probe(). Also freeing of host_node pointer after use is done in probe(). Changes in v3: - Replace __free construct with readable of_node_put(). Changes in v2: - Added the tag "Cc: stable(a)vger.kernel.org" in the sign-off area. - Dropped Archit Taneja invalid Mail address --- drivers/gpu/drm/bridge/adv7511/adv7511.h | 6 +++--- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 ++++++++++++++------ drivers/gpu/drm/bridge/adv7511/adv7533.c | 20 +++++++++--------- 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511.h b/drivers/gpu/drm/bridge/adv7511/adv7511.h index ec0b7f3d889c..9f3fae7cc597 100644 --- a/drivers/gpu/drm/bridge/adv7511/adv7511.h +++ b/drivers/gpu/drm/bridge/adv7511/adv7511.h @@ -383,7 +383,6 @@ struct adv7511 { struct regulator_bulk_data *supplies; /* ADV7533 DSI RX related params */ - struct device_node *host_node; struct mipi_dsi_device *dsi; u8 num_dsi_lanes; bool use_timing_gen; @@ -417,8 +416,9 @@ enum drm_mode_status adv7533_mode_valid(struct adv7511 *adv, const struct drm_display_mode *mode); int adv7533_patch_registers(struct adv7511 *adv); int adv7533_patch_cec_registers(struct adv7511 *adv); -int adv7533_attach_dsi(struct adv7511 *adv); -int adv7533_parse_dt(struct device_node *np, struct adv7511 *adv); +int adv7533_attach_dsi(struct adv7511 *adv, struct device_node *host_node); +struct device_node *adv7533_parse_dt(struct device_node *np, + struct adv7511 *adv); #ifdef CONFIG_DRM_I2C_ADV7511_AUDIO int adv7511_audio_init(struct device *dev, struct adv7511 *adv7511); diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c index eb5919b38263..3f1f309791a5 100644 --- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c +++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c @@ -1209,6 +1209,7 @@ static int adv7511_parse_dt(struct device_node *np, static int adv7511_probe(struct i2c_client *i2c) { struct adv7511_link_config link_config; + struct device_node *host_node = NULL; struct adv7511 *adv7511; struct device *dev = &i2c->dev; unsigned int val; @@ -1233,12 +1234,17 @@ static int adv7511_probe(struct i2c_client *i2c) if (ret && ret != -ENODEV) return ret; - if (adv7511->info->link_config) + if (adv7511->info->link_config) { ret = adv7511_parse_dt(dev->of_node, &link_config); - else - ret = adv7533_parse_dt(dev->of_node, adv7511); - if (ret) - return ret; + if (ret) + return ret; + } + + if (adv7511->info->has_dsi) { + host_node = adv7533_parse_dt(dev->of_node, adv7511); + if (IS_ERR(host_node)) + return PTR_ERR(host_node); + } ret = adv7511_init_regulators(adv7511); if (ret) @@ -1343,9 +1349,11 @@ static int adv7511_probe(struct i2c_client *i2c) } if (adv7511->info->has_dsi) { - ret = adv7533_attach_dsi(adv7511); + ret = adv7533_attach_dsi(adv7511, host_node); if (ret) goto err_unregister_audio; + + of_node_put(host_node); } return 0; @@ -1362,6 +1370,8 @@ static int adv7511_probe(struct i2c_client *i2c) err_i2c_unregister_edid: i2c_unregister_device(adv7511->i2c_edid); uninit_regulators: + if (host_node) + of_node_put(host_node); adv7511_uninit_regulators(adv7511); return ret; diff --git a/drivers/gpu/drm/bridge/adv7511/adv7533.c b/drivers/gpu/drm/bridge/adv7511/adv7533.c index 4481489aaf5e..5d0e55ef4028 100644 --- a/drivers/gpu/drm/bridge/adv7511/adv7533.c +++ b/drivers/gpu/drm/bridge/adv7511/adv7533.c @@ -131,7 +131,7 @@ int adv7533_patch_cec_registers(struct adv7511 *adv) ARRAY_SIZE(adv7533_cec_fixed_registers)); } -int adv7533_attach_dsi(struct adv7511 *adv) +int adv7533_attach_dsi(struct adv7511 *adv, struct device_node *host_node) { struct device *dev = &adv->i2c_main->dev; struct mipi_dsi_host *host; @@ -142,7 +142,7 @@ int adv7533_attach_dsi(struct adv7511 *adv) .node = NULL, }; - host = of_find_mipi_dsi_host_by_node(adv->host_node); + host = of_find_mipi_dsi_host_by_node(host_node); if (!host) return dev_err_probe(dev, -EPROBE_DEFER, "failed to find dsi host\n"); @@ -166,22 +166,22 @@ int adv7533_attach_dsi(struct adv7511 *adv) return 0; } -int adv7533_parse_dt(struct device_node *np, struct adv7511 *adv) +struct device_node *adv7533_parse_dt(struct device_node *np, + struct adv7511 *adv) { + struct device_node *host_node; u32 num_lanes; of_property_read_u32(np, "adi,dsi-lanes", &num_lanes); if (num_lanes < 1 || num_lanes > 4) - return -EINVAL; + return ERR_PTR(-EINVAL); adv->num_dsi_lanes = num_lanes; - adv->host_node = of_graph_get_remote_node(np, 0, 0); - if (!adv->host_node) - return -ENODEV; - - of_node_put(adv->host_node); + host_node = of_graph_get_remote_node(np, 0, 0); + if (!host_node) + return ERR_PTR(-ENODEV); adv->use_timing_gen = !of_property_read_bool(np, "adi,disable-timing-generator"); @@ -190,5 +190,5 @@ int adv7533_parse_dt(struct device_node *np, struct adv7511 *adv) adv->rgb = true; adv->embedded_sync = false; - return 0; + return host_node; } -- 2.43.0

7 months, 1 week

2
2
0 0

[Patch v] drivers/card_reader/rtsx_usb: Restore interrupt based detection

by Sean Rhodes

This commit reintroduces interrupt-based card detection previously used in the rts5139 driver. This functionality was removed in commit 00d8521dcd23 ("staging: remove rts5139 driver code"). Reintroducing this mechanism fixes presence detection for certain card readers, which with the current driver, will taken approximately 20 seconds to enter S3 as `mmc_rescan` has to be frozen. Fixes: 00d8521dcd23 ("staging: remove rts5139 driver code") Cc: stable(a)vger.kernel.org Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sean Rhodes <sean(a)starlabs.systems> --- drivers/misc/cardreader/rtsx_usb.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c index f150d8769f19..285a748748d7 100644 --- a/drivers/misc/cardreader/rtsx_usb.c +++ b/drivers/misc/cardreader/rtsx_usb.c @@ -286,6 +286,7 @@ static int rtsx_usb_get_status_with_bulk(struct rtsx_ucr *ucr, u16 *status) int rtsx_usb_get_card_status(struct rtsx_ucr *ucr, u16 *status) { int ret; + u8 interrupt_val = 0; u16 *buf; if (!status) @@ -308,6 +309,20 @@ int rtsx_usb_get_card_status(struct rtsx_ucr *ucr, u16 *status) ret = rtsx_usb_get_status_with_bulk(ucr, status); } + rtsx_usb_read_register(ucr, CARD_INT_PEND, &interrupt_val); + /* Cross check presence with interrupts */ + if (*status & XD_CD) + if (!(interrupt_val & XD_INT)) + *status &= ~XD_CD; + + if (*status & SD_CD) + if (!(interrupt_val & SD_INT)) + *status &= ~SD_CD; + + if (*status & MS_CD) + if (!(interrupt_val & MS_INT)) + *status &= ~MS_CD; + /* usb_control_msg may return positive when success */ if (ret < 0) return ret; -- 2.45.2

7 months, 1 week

1
0
0 0

[PATCH 6.1.y 0/2] Backport to fix CVE-2024-36478

by Xiangyu Chen

From: Xiangyu Chen <xiangyu.chen(a)windriver.com> Backport to fix CVE-2024-36478 https://lore.kernel.org/linux-cve-announce/2024062136-CVE-2024-36478-d249@g… The CVE fix is "null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'" This required 1 extra commit to make sure the picks are clean: null_blk: Remove usage of the deprecated ida_simple_xx() API Christophe JAILLET (1): null_blk: Remove usage of the deprecated ida_simple_xx() API Yu Kuai (1): null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' drivers/block/null_blk/main.c | 44 ++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 16 deletions(-) -- 2.43.0

7 months, 1 week

2
4
0 0

[PATCH 6.6] leds: mlxreg: Use devm_mutex_init() for mutex initialization

by Bin Lan

From: George Stark <gnstark(a)salutedevices.com> [ Upstream commit efc347b9efee1c2b081f5281d33be4559fa50a16 ] In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead. Signed-off-by: George Stark <gnstark(a)salutedevices.com> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Link: https://lore.kernel.org/r/20240411161032.609544-8-gnstark@salutedevices.com Signed-off-by: Lee Jones <lee(a)kernel.org> [ Resolve minor conflicts to fix CVE-2024-42129 ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- drivers/leds/leds-mlxreg.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/drivers/leds/leds-mlxreg.c b/drivers/leds/leds-mlxreg.c index 39210653acf7..b1510cd32e47 100644 --- a/drivers/leds/leds-mlxreg.c +++ b/drivers/leds/leds-mlxreg.c @@ -257,6 +257,7 @@ static int mlxreg_led_probe(struct platform_device *pdev) { struct mlxreg_core_platform_data *led_pdata; struct mlxreg_led_priv_data *priv; + int err; led_pdata = dev_get_platdata(&pdev->dev); if (!led_pdata) { @@ -268,28 +269,21 @@ static int mlxreg_led_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; - mutex_init(&priv->access_lock); + err = devm_mutex_init(&pdev->dev, &priv->access_lock); + if (err) + return err; + priv->pdev = pdev; priv->pdata = led_pdata; return mlxreg_led_config(priv); } -static int mlxreg_led_remove(struct platform_device *pdev) -{ - struct mlxreg_led_priv_data *priv = dev_get_drvdata(&pdev->dev); - - mutex_destroy(&priv->access_lock); - - return 0; -} - static struct platform_driver mlxreg_led_driver = { .driver = { .name = "leds-mlxreg", }, .probe = mlxreg_led_probe, - .remove = mlxreg_led_remove, }; module_platform_driver(mlxreg_led_driver); -- 2.43.0

7 months, 1 week

1
0
0 0

[PATCH 6.1.y] net/sched: taprio: extend minimum interval restriction to entire cycle too

by Xiangyu Chen

From: Vladimir Oltean <vladimir.oltean(a)nxp.com> [ Upstream commit fb66df20a7201e60f2b13d7f95d031b31a8831d3 ] It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot. Fixes: b5b73b26b3ca ("taprio: Fix allowing too small intervals") Reported-by: syzbot+a7d2b1d5d1af83035567(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/0000000000007d66bc06196e7c66@google.com/ Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> Link: https://lore.kernel.org/r/20240527153955.553333-2-vladimir.oltean@nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- net/sched/sch_taprio.c | 10 ++++----- .../tc-testing/tc-tests/qdiscs/taprio.json | 22 +++++++++++++++++++ 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c index 1d5cdc987abd..62219f23f76a 100644 --- a/net/sched/sch_taprio.c +++ b/net/sched/sch_taprio.c @@ -915,11 +915,6 @@ static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb, list_for_each_entry(entry, &new->entries, list) cycle = ktime_add_ns(cycle, entry->interval); - if (!cycle) { - NL_SET_ERR_MSG(extack, "'cycle_time' can never be 0"); - return -EINVAL; - } - if (cycle < 0 || cycle > INT_MAX) { NL_SET_ERR_MSG(extack, "'cycle_time' is too big"); return -EINVAL; @@ -928,6 +923,11 @@ static int parse_taprio_schedule(struct taprio_sched *q, struct nlattr **tb, new->cycle_time = cycle; } + if (new->cycle_time < new->num_entries * length_to_duration(q, ETH_ZLEN)) { + NL_SET_ERR_MSG(extack, "'cycle_time' is too small"); + return -EINVAL; + } + return 0; } diff --git a/tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json b/tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json index 08d4861c2e78..d04fed83332c 100644 --- a/tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json +++ b/tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json @@ -132,6 +132,28 @@ "echo \"1\" > /sys/bus/netdevsim/del_device" ] }, + { + "id": "831f", + "name": "Add taprio Qdisc with too short cycle-time", + "category": [ + "qdisc", + "taprio" + ], + "plugins": { + "requires": "nsPlugin" + }, + "setup": [ + "echo \"1 1 8\" > /sys/bus/netdevsim/new_device" + ], + "cmdUnderTest": "$TC qdisc add dev $ETH root handle 1: taprio num_tc 2 queues 1@0 1@1 sched-entry S 01 200000 sched-entry S 02 200000 cycle-time 100 clockid CLOCK_TAI", + "expExitCode": "2", + "verifyCmd": "$TC qdisc show dev $ETH", + "matchPattern": "qdisc taprio 1: root refcnt", + "matchCount": "0", + "teardown": [ + "echo \"1\" > /sys/bus/netdevsim/del_device" + ] + }, { "id": "3e1e", "name": "Add taprio Qdisc with an invalid cycle-time", -- 2.43.0

7 months, 1 week

1
0
0 0

[PATCH 6.1.y] net: fec: remove .ndo_poll_controller to avoid deadlocks

by Xiangyu Chen

From: Wei Fang <wei.fang(a)nxp.com> [ Upstream commit c2e0c58b25a0a0c37ec643255558c5af4450c9f5 ] There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid deadlocks"). The root cause of the issue is that netpoll is in atomic context and disable_irq() is called by .ndo_poll_controller interface of sungem driver, however, disable_irq() might sleep. After analyzing the implementation of fec_poll_controller(), the fec driver should have the same issue. Due to the fec driver uses NAPI for TX completions, the .ndo_poll_controller is unnecessary to be implemented in the fec driver, so fec_poll_controller() can be safely removed. Fixes: 7f5c6addcdc0 ("net/fec: add poll controller function for fec nic") Signed-off-by: Wei Fang <wei.fang(a)nxp.com> Link: https://lore.kernel.org/r/20240511062009.652918-1-wei.fang@nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- drivers/net/ethernet/freescale/fec_main.c | 26 ----------------------- 1 file changed, 26 deletions(-) diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c index 0a5c3d27ed3b..aeab6c28892f 100644 --- a/drivers/net/ethernet/freescale/fec_main.c +++ b/drivers/net/ethernet/freescale/fec_main.c @@ -3508,29 +3508,6 @@ fec_set_mac_address(struct net_device *ndev, void *p) return 0; } -#ifdef CONFIG_NET_POLL_CONTROLLER -/** - * fec_poll_controller - FEC Poll controller function - * @dev: The FEC network adapter - * - * Polled functionality used by netconsole and others in non interrupt mode - * - */ -static void fec_poll_controller(struct net_device *dev) -{ - int i; - struct fec_enet_private *fep = netdev_priv(dev); - - for (i = 0; i < FEC_IRQ_NUM; i++) { - if (fep->irq[i] > 0) { - disable_irq(fep->irq[i]); - fec_enet_interrupt(fep->irq[i], dev); - enable_irq(fep->irq[i]); - } - } -} -#endif - static inline void fec_enet_set_netdev_features(struct net_device *netdev, netdev_features_t features) { @@ -3604,9 +3581,6 @@ static const struct net_device_ops fec_netdev_ops = { .ndo_tx_timeout = fec_timeout, .ndo_set_mac_address = fec_set_mac_address, .ndo_eth_ioctl = fec_enet_ioctl, -#ifdef CONFIG_NET_POLL_CONTROLLER - .ndo_poll_controller = fec_poll_controller, -#endif .ndo_set_features = fec_set_features, }; -- 2.43.0

7 months, 1 week

1
0
0 0

[PATCHSET] xfs: bug fixes for 6.13

by Darrick J. Wong

Hi all, Bug fixes for 6.13. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=xf… --- Commits in this patchset: * xfs: fix off-by-one error in fsmap's end_daddr usage * xfs: metapath scrubber should use the already loaded inodes * xfs: keep quota directory inode loaded * xfs: return a 64-bit block count from xfs_btree_count_blocks * xfs: don't drop errno values when we fail to ficlone the entire range * xfs: separate healthy clearing mask during repair * xfs: set XFS_SICK_INO_SYMLINK_ZAPPED explicitly when zapping a symlink * xfs: mark metadir repair tempfiles with IRECOVERY * xfs: fix null bno_hint handling in xfs_rtallocate_rtg * xfs: fix error bailout in xfs_rtginode_create --- fs/xfs/libxfs/xfs_btree.c | 4 +- fs/xfs/libxfs/xfs_btree.h | 2 + fs/xfs/libxfs/xfs_ialloc_btree.c | 4 ++ fs/xfs/libxfs/xfs_rtgroup.c | 2 + fs/xfs/scrub/agheader.c | 6 ++- fs/xfs/scrub/agheader_repair.c | 6 ++- fs/xfs/scrub/fscounters.c | 2 + fs/xfs/scrub/health.c | 57 ++++++++++++++++++-------------- fs/xfs/scrub/ialloc.c | 4 +- fs/xfs/scrub/metapath.c | 68 +++++++++++++++----------------------- fs/xfs/scrub/refcount.c | 2 + fs/xfs/scrub/scrub.h | 6 +++ fs/xfs/scrub/symlink_repair.c | 3 +- fs/xfs/scrub/tempfile.c | 10 ++++-- fs/xfs/xfs_bmap_util.c | 2 + fs/xfs/xfs_file.c | 8 ++++ fs/xfs/xfs_fsmap.c | 38 ++++++++++++--------- fs/xfs/xfs_inode.h | 2 + fs/xfs/xfs_qm.c | 47 ++++++++++++++------------ fs/xfs/xfs_qm.h | 1 + fs/xfs/xfs_rtalloc.c | 2 + 21 files changed, 151 insertions(+), 125 deletions(-)

7 months, 1 week

2
11
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2024