February 2024 - Linux-stable-mirror

[PATCH] ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE

by Fabio Estevam

From: Fabio Estevam <festevam(a)denx.de> Since commit bfac19e239a7 ("fbdev: mx3fb: Remove the driver") backlight is no longer functional. The fbdev mx3fb driver used to automatically select CONFIG_BACKLIGHT_CLASS_DEVICE. Now that the mx3fb driver has been removed, enable the CONFIG_BACKLIGHT_CLASS_DEVICE option so that backlight can still work by default. Tested on a imx6dl-sabresd board. Cc: stable(a)vger.kernel.org Fixes: bfac19e239a7 ("fbdev: mx3fb: Remove the driver") Signed-off-by: Fabio Estevam <festevam(a)denx.de> --- arch/arm/configs/imx_v6_v7_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/configs/imx_v6_v7_defconfig b/arch/arm/configs/imx_v6_v7_defconfig index 0a90583f9f01..8f9dbe8d9029 100644 --- a/arch/arm/configs/imx_v6_v7_defconfig +++ b/arch/arm/configs/imx_v6_v7_defconfig @@ -297,6 +297,7 @@ CONFIG_FB_MODE_HELPERS=y CONFIG_LCD_CLASS_DEVICE=y CONFIG_LCD_L4F00242T03=y CONFIG_LCD_PLATFORM=y +CONFIG_BACKLIGHT_CLASS_DEVICE=y CONFIG_BACKLIGHT_PWM=y CONFIG_BACKLIGHT_GPIO=y CONFIG_FRAMEBUFFER_CONSOLE=y -- 2.34.1

1 year, 8 months

3
2
0 0

[merged mm-hotfixes-stable] fat-fix-uninitialized-field-in-nostale-filehandles.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fat: fix uninitialized field in nostale filehandles has been removed from the -mm tree. Its filename was fat-fix-uninitialized-field-in-nostale-filehandles.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jan Kara <jack(a)suse.cz> Subject: fat: fix uninitialized field in nostale filehandles Date: Mon, 5 Feb 2024 13:26:26 +0100 When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length. Link: https://lkml.kernel.org/r/20240205122626.13701-1-jack@suse.cz Reported-by: syzbot+3ce5dea5b1539ff36769(a)syzkaller.appspotmail.com Fixes: ea3983ace6b7 ("fat: restructure export_operations") Signed-off-by: Jan Kara <jack(a)suse.cz> Acked-by: OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> Cc: Amir Goldstein <amir73il(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/fat/nfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/fat/nfs.c~fat-fix-uninitialized-field-in-nostale-filehandles +++ a/fs/fat/nfs.c @@ -130,6 +130,12 @@ fat_encode_fh_nostale(struct inode *inod fid->parent_i_gen = parent->i_generation; type = FILEID_FAT_WITH_PARENT; *lenp = FAT_FID_SIZE_WITH_PARENT; + } else { + /* + * We need to initialize this field because the fh is actually + * 12 bytes long + */ + fid->parent_i_pos_hi = 0; } return type; _ Patches currently in -mm which might be from jack(a)suse.cz are shmem-properly-report-quota-mount-options.patch

1 year, 8 months

1
0
0 0

[merged mm-hotfixes-stable] bounds-support-non-power-of-two-config_nr_cpus.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bounds: support non-power-of-two CONFIG_NR_CPUS has been removed from the -mm tree. Its filename was bounds-support-non-power-of-two-config_nr_cpus.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: bounds: support non-power-of-two CONFIG_NR_CPUS Date: Tue, 10 Oct 2023 15:55:49 +0100 ilog2() rounds down, so for example when PowerPC 85xx sets CONFIG_NR_CPUS to 24, we will only allocate 4 bits to store the number of CPUs instead of 5. Use bits_per() instead, which rounds up. Found by code inspection. The effect of this would probably be a misaccounting when doing NUMA balancing, so to a user, it would only be a performance penalty. The effects may be more wide-spread; it's hard to tell. Link: https://lkml.kernel.org/r/20231010145549.1244748-1-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 90572890d202 ("mm: numa: Change page last {nid,pid} into {cpu,pid}") Reviewed-by: Rik van Riel <riel(a)surriel.com> Acked-by: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/bounds.c~bounds-support-non-power-of-two-config_nr_cpus +++ a/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, ilog2(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN _ Patches currently in -mm which might be from willy(a)infradead.org are writeback-remove-a-duplicate-prototype-for-tag_pages_for_writeback.patch writeback-factor-folio_prepare_writeback-out-of-write_cache_pages.patch writeback-factor-writeback_get_batch-out-of-write_cache_pages.patch writeback-simplify-the-loops-in-write_cache_pages.patch pagevec-add-ability-to-iterate-a-queue.patch writeback-use-the-folio_batch-queue-iterator.patch writeback-move-the-folio_prepare_writeback-loop-out-of-write_cache_pages.patch writeback-remove-a-use-of-write_cache_pages-from-do_writepages.patch

1 year, 8 months

1
0
0 0

[PATCH 0/2] Disable automatic load CCS load balancing

by Andi Shyti

Hi, this series does basically two things: 1. Disables automatic load balancing as adviced by the hardware workaround. 2. Assigns all the CCS slices to one single user engine. The user will then be able to query only one CCS engine Changelog ========= - In Patch 1 use the correct workaround number (thanks Matt). - In Patch 2 do not add the extra CCS engines to the exposed UABI engine list and adapt the engine counting accordingly (thanks Tvrtko). - Reword the commit of Patch 2 (thanks John). Andi Shyti (2): drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Enable only one CCS for compute workload drivers/gpu/drm/i915/gt/intel_engine_user.c | 9 +++++++++ drivers/gpu/drm/i915/gt/intel_gt.c | 11 +++++++++++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 3 +++ drivers/gpu/drm/i915/gt/intel_workarounds.c | 6 ++++++ drivers/gpu/drm/i915/i915_query.c | 1 + 5 files changed, 30 insertions(+) -- 2.43.0

1 year, 8 months

3
15
0 0

+ mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close Date: Thu, 22 Feb 2024 22:59:31 +0100 When debugging issues with a workload using SysV shmem, Michal Hocko has come up with a reproducer that shows how a series of mprotect() operations can result in an elevated shm_nattch and thus leak of the resource. The problem is caused by wrong assumptions in vma_merge() commit 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test"). The shmem vmas have a vma_ops->close callback that decrements shm_nattch, and we remove the vma without calling it. vma_merge() has thus historically avoided merging vma's with vma_ops->close and commit 714965ca8252 was supposed to keep it that way. It relaxed the checks for vma_ops->close in can_vma_merge_after() assuming that it is never called on a vma that would be a candidate for removal. However, the vma_merge() code does also use the result of this check in the decision to remove a different vma in the merge case 7. A robust solution would be to refactor vma_merge() code in a way that the vma_ops->close check is only done for vma's that are actually going to be removed, and not as part of the preliminary checks. That would both solve the existing bug, and also allow additional merges that the checks currently prevent unnecessarily in some cases. However to fix the existing bug first with a minimized risk, and for easier stable backports, this patch only adds a vma_ops->close check to the buggy case 7 specifically. All other cases of vma removal are covered by the can_vma_merge_before() check that includes the test for vma_ops->close. The reproducer code, adapted from Michal Hocko's code: int main(int argc, char *argv[]) { int segment_id; size_t segment_size = 20 * PAGE_SIZE; char * sh_mem; struct shmid_ds shmid_ds; key_t key = 0x1234; segment_id = shmget(key, segment_size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); sh_mem = (char *)shmat(segment_id, NULL, 0); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_NONE); mprotect(sh_mem + PAGE_SIZE, PAGE_SIZE, PROT_WRITE); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_WRITE); shmdt(sh_mem); shmctl(segment_id, IPC_STAT, &shmid_ds); printf("nattch after shmdt(): %lu (expected: 0)\n", shmid_ds.shm_nattch); if (shmctl(segment_id, IPC_RMID, 0)) printf("IPCRM failed %d\n", errno); return (shmid_ds.shm_nattch) ? 1 : 0; } Link: https://lkml.kernel.org/r/20240222215930.14637-2-vbabka@suse.cz Fixes: 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/mm/mmap.c~mm-mmap-fix-vma_merge-case-7-with-vma_ops-close +++ a/mm/mmap.c @@ -954,13 +954,21 @@ static struct vm_area_struct } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ + /* + * can_vma_merge_after() assumed we would not be + * removing prev vma, so it skipped the check + * for vm_ops->close, but we are removing curr + */ + if (curr->vm_ops && curr->vm_ops->close) + err = -EINVAL; remove = curr; } else { /* case 5 */ adjust = curr; adj_start = (end - curr->vm_start); } + if (!err) + err = dup_anon_vma(prev, curr, &anon_dup); } } else { /* merge_next */ vma_start_write(next); _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch

1 year, 8 months

1
0
0 0

[PATCH] mm, mmap: fix vma_merge() case 7 with vma_ops->close

by Vlastimil Babka

When debugging issues with a workload using SysV shmem, Michal Hocko has come up with a reproducer that shows how a series of mprotect() operations can result in an elevated shm_nattch and thus leak of the resource. The problem is caused by wrong assumptions in vma_merge() commit 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test"). The shmem vmas have a vma_ops->close callback that decrements shm_nattch, and we remove the vma without calling it. vma_merge() has thus historically avoided merging vma's with vma_ops->close and commit 714965ca8252 was supposed to keep it that way. It relaxed the checks for vma_ops->close in can_vma_merge_after() assuming that it is never called on a vma that would be a candidate for removal. However, the vma_merge() code does also use the result of this check in the decision to remove a different vma in the merge case 7. A robust solution would be to refactor vma_merge() code in a way that the vma_ops->close check is only done for vma's that are actually going to be removed, and not as part of the preliminary checks. That would both solve the existing bug, and also allow additional merges that the checks currently prevent unnecessarily in some cases. However to fix the existing bug first with a minimized risk, and for easier stable backports, this patch only adds a vma_ops->close check to the buggy case 7 specifically. All other cases of vma removal are covered by the can_vma_merge_before() check that includes the test for vma_ops->close. The reproducer code, adapted from Michal Hocko's code: int main(int argc, char *argv[]) { int segment_id; size_t segment_size = 20 * PAGE_SIZE; char * sh_mem; struct shmid_ds shmid_ds; key_t key = 0x1234; segment_id = shmget(key, segment_size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); sh_mem = (char *)shmat(segment_id, NULL, 0); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_NONE); mprotect(sh_mem + PAGE_SIZE, PAGE_SIZE, PROT_WRITE); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_WRITE); shmdt(sh_mem); shmctl(segment_id, IPC_STAT, &shmid_ds); printf("nattch after shmdt(): %lu (expected: 0)\n", shmid_ds.shm_nattch); if (shmctl(segment_id, IPC_RMID, 0)) printf("IPCRM failed %d\n", errno); return (shmid_ds.shm_nattch) ? 1 : 0; } Fixes: 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test") Reported-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- mm/mmap.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/mm/mmap.c b/mm/mmap.c index d89770eaab6b..a4238373ee9b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -954,10 +954,19 @@ static struct vm_area_struct } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ + /* + * can_vma_merge_after() assumed we would not be + * removing prev vma, so it skipped the check + * for vm_ops->close, but we are removing curr + */ + if (curr->vm_ops && curr->vm_ops->close) + err = -EINVAL; + else + err = dup_anon_vma(prev, curr, &anon_dup); remove = curr; } else { /* case 5 */ + err = dup_anon_vma(prev, curr, &anon_dup); adjust = curr; adj_start = (end - curr->vm_start); } -- 2.43.1

1 year, 8 months

3
5
0 0

[PATCH 6.7 000/313] 6.7.6-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.6 release. There are 313 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.6-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.6-rc2 Borislav Petkov (AMD) <bp(a)alien8.de> x86/barrier: Do not serialize MSR accesses on AMD Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Saravana Kannan <saravanak(a)google.com> of: property: Add in-ports/out-ports support to of_graph_get_port_parent() Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Mark Brown <broonie(a)kernel.org> usb: typec: tpcm: Fix issues with power being removed during reset Damien Le Moal <dlemoal(a)kernel.org> block: fix partial zone append completion handling in req_bio_endio() Junxiao Bi <junxiao.bi(a)oracle.com> md: bypass block throttle for superblock update Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Petr Pavlu <petr.pavlu(a)suse.com> tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <o.rempel(a)pengutronix.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Maxime Jayat <maxime.jayat(a)mobile-devices.fr> can: netlink: Fix TDCO calculation using the old data bittiming Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Vegard Nossum <vegard.nossum(a)oracle.com> docs: kernel_feat.py: fix build error for missing files Jan Kara <jack(a)suse.cz> blk-wbt: Fix detection of dirty-throttled tasks Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix earlycon parameter if KASAN enabled Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Dave Airlie <airlied(a)redhat.com> nouveau/gsp: use correct size for registry rpc. Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Shradha Gupta <shradhagupta(a)linux.microsoft.com> hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Petr Tesarik <petr(a)tesarici.cz> net: stmmac: protect updates of 64-bit statistics counters Jan Kiszka <jan.kiszka(a)siemens.com> riscv/efistub: Ensure GP-relative addressing is not used Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: fix wrong DAMOS tried regions update timeout setup Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Christian Brauner <brauner(a)kernel.org> fs: relax mount_setattr() permission checks Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix uninitialized bucket/data->bucket_size warning John Kacur <jkacur(a)redhat.com> tools/rtla: Exit with EXIT_SUCCESS when help is invoked Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix clang warning about mount_point var size limingming3 <limingming890315(a)gmail.com> tools/rtla: Replace setting prio with nice for SCHED_OTHER Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Remove unused sched_getattr() function Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix curr_reactor uninitialized variable Mario Limonciello <mario.limonciello(a)amd.com> ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: add module parameter to tascodec_init() Curtis Malainey <cujomalainey(a)chromium.org> ASoC: SOF: IPC3: fix message bounds on ipc ops Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mark Brown <broonie(a)kernel.org> arm64/signal: Don't assume that TIF_SVE means we saved SVE state Fred Ai <fred.ai(a)bayhubtech.com> mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Fix circular locking dependency Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: vsie: fix race during shadow creation Steve French <stfrench(a)microsoft.com> smb: Fix regression in writes when non-standard maximum write size negotiated Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct id, uid and cruid for multiuser automounts Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> thunderbolt: Fix setting the CNS bit in ROUTER_CS_5 Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: fix a crash when we run out of stations Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix wiphy delayed work queueing Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fix double-free bug Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port James Hershaw <james.hershaw(a)corigine.com> nfp: enable NETDEV_XDP_ACT_REDIRECT feature flag Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Herbert Xu <herbert(a)gondor.apana.org.au> crypto: algif_hash - Remove bogus SGL free on zero-length error path Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes Shuming Fan <shumingf(a)realtek.com> ALSA: hda/realtek: add IDs for Dell dual spk platform bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpiolib: add gpiod_to_gpio_device() stub for !GPIOLIB Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpiolib: add gpio_device_get_base() stub for !GPIOLIB Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix multishot accept overflow handling Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Mingwei Zhang <mizhang(a)google.com> KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Prasad Pandit <pjp(a)fedoraproject.org> KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: mxs-auart: fix tx Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: core: introduce uart_port_tx_flags() Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: fix accuracy of stolen time David Engraf <david.engraf(a)sysgo.com> powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Masami Hiramatsu (Google) <mhiramat(a)kernel.org> ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: prevent infinite while() loop in port startup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Gui-Dong Han <2045gemini(a)gmail.com> serial: core: Fix atomicity violation in uart_tiocmget Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: fix hardware offload for the transfer layer port Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: add hardware offload check for post ct entry Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix failed probe due to unsupported C45 reads Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Avoid fetching VRAM vendor info Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Roman Li <roman.li(a)amd.com> drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase frame-larger-than for all display_mode_vba files Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix MST Null Ptr for RV Thong <thong.thai(a)amd.com> drm/amdgpu/soc21: update VCN 4 max HEVC encoding resolution Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dp: Limit SST link rate to <=8.1Gbps Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Add align done check Rob Clark <robdclark(a)chromium.org> drm/msm: Wire up tlb ops Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Fix alloc_range() error handling code Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: fix several DMA buffer leaks Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Oleg Nesterov <oleg(a)redhat.com> getrusage: use sig->stats_lock rather than lock_task_sighand() Oleg Nesterov <oleg(a)redhat.com> getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Keep all directory links at 1 Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove fsnotify*() functions from lookup() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Restructure eventfs_inode structure to be more condensed Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Warn if an eventfs_inode is freed without is_freed being set Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Get rid of dentry pointers without refcounts Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Clean up dentry ops and add revalidate function Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Remove unused d_parent pointer field Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: dentry lookup crapectomy Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: Avoid using the ei->dentry pointer unnecessarily Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Initialize the tracefs inode properly Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Zero out the tracefs_inode when allocating it Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Save directory inodes in the eventfs_inode structure Erick Archer <erick.archer(a)gmx.com> eventfs: Use kcalloc() instead of kzalloc() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not create dentries nor inodes in iterate_shared Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have the inodes all for files and directories all be the same Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Shortcut eventfs_iterate() by skipping entries already read Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Read ei->entries before ei->children in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do ctx->pos update for all iterations in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Stop using dcache_readdir() for getdents() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove "lookup" parameter from create_dir/file_dentry() Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Sam Protsenko <semen.protsenko(a)linaro.org> iio: pressure: bmp280: Add missing bmp085 to SPI id table Randy Dunlap <rdunlap(a)infradead.org> iio: imu: bno055: serdev requires REGMAP Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis: ensure proper DMA alignment Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad_sigma_delta: ensure proper DMA alignment Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Nuno Sa <nuno.sa(a)analog.com> iio: commom: st_sensors: ensure proper DMA alignment Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Tejun Heo <tj(a)kernel.org> Revert "workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()" Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to search structure fields correctly Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to set arg size and fmt after setting type from BTF Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to show a parse error for bad type for $comm Thorsten Blum <thorsten.blum(a)toblux.com> tracing/synthetic: Fix trace_string() return value Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Daniel Bristot de Oliveira <bristot(a)kernel.org> tracing/timerlat: Move hrtimer_init to timerlat_fd open() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Nathan Chancellor <nathan(a)kernel.org> modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS Nathan Chancellor <nathan(a)kernel.org> um: Fix adding '-no-pie' for clang Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Helge Deller <deller(a)gmx.de> parisc: BTLB: Fix crash when setting up BTLB at CPU bringup Helge Deller <deller(a)gmx.de> parisc: Fix random data corruption from exception handler Esben Haabendal <esben(a)geanix.com> net: stmmac: do not clear TBS enable bit on link up/down Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value of the socket_getpeersec_*() hooks Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: fix incorrect mpc_combine array size David McFarland <corngood(a)gmail.com> drm/amd: Don't init MEC2 firmware when it fails to load Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Sebastian Ott <sebott(a)redhat.com> drm/virtio: Set segment size for virtio_gpu device Vaishnav Achath <vaishnav.a(a)ti.com> spi: omap2-mcspi: Revert FIFO support without DMA Keqi Wang <wangkeqi_chris(a)163.com> connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" Rob Clark <robdclark(a)chromium.org> Revert "drm/msm/gpu: Push gpu lock down past runpm" Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Michael Ellerman <mpe(a)ellerman.id.au> Revert "powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add" Paolo Abeni <pabeni(a)redhat.com> mptcp: really cope with fastopen race Geliang Tang <geliang(a)kernel.org> mptcp: check addrs list in userspace_pm_get_local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix rcv space initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: drop the push_pending field Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_kill_wait Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: allow changing subtests prefix Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: increase timeout to 30 min Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Mangle Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Arnd Bergmann <arnd(a)arndb.de> kallsyms: ignore ARMv4 thunks along with others Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Arnd Bergmann <arnd(a)arndb.de> i2c: pasemi: split driver into two separate modules Shivaprasad G Bhat <sbhat(a)linux.ibm.com> powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Limit KASAN thread size increase to 32KB Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Handle non-coherent GICv4 redistributors Bibo Mao <maobibo(a)loongson.cn> irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Viken Dadhaniya <quic_vdadhani(a)quicinc.com> i2c: qcom-geni: Correct I2C TRE sequence Dan Carpenter <dan.carpenter(a)linaro.org> cifs: fix underflow in parse_server_interfaces() Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: only set GPIO_CTRL if pin is unused Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: zero-initialize clock init data Alex Williamson <alex.williamson(a)redhat.com> PCI: Fix active state requirement in PME polling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "kobject: Remove redundant checks for whether ktype is NULL" Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> powerpc/6xx: set High BAT Enable flag on G2_LE cores Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Improve detection of overlapping cycles Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sm8550: Enable sync_state Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend Udipto Goswami <quic_ugoswami(a)quicinc.com> usb: core: Prevent null pointer dereference in update_port_device_state Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: core: handle power lost in workqueue yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Sean Anderson <sean.anderson(a)seco.com> usb: ulpi: Fix debugfs directory leak Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi: Add missing ppm_lock Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: actually free hdev memory after attaching a HID-BPF program Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: remove double fdget() Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Helge Deller <deller(a)gmx.de> parisc: Prevent hung tasks when printing inventory on serial console Techno Mooney <techno.mooney(a)gmail.com> ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt, dm-verity: disable tasklets Dave Airlie <airlied(a)redhat.com> nouveau: offload fence uevents work to workqueue Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Nico Pache <npache(a)redhat.com> selftests: mm: fix map_hugetlb failure on 64K page size systems Audra Mitchell <audra(a)redhat.com> selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: switch to bash from sh Sidhartha Kumar <sidhartha.kumar(a)oracle.com> fs/hugetlbfs/inode.c: mm/memory-failure.c: fix hugetlbfs hwpoison handling Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ryan Roberts <ryan.roberts(a)arm.com> selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ryan Roberts <ryan.roberts(a)arm.com> mm: thp_get_unmapped_area must honour topdown preference Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Ivan Vecera <ivecera(a)redhat.com> i40e: Do not allow untrusted VF to remove administratively set MAC Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Arnd Bergmann <arnd(a)arndb.de> nouveau/svm: fix kvcalloc() argument order Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Manasi Navare <navaremanasi(a)chromium.org> drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Jakub Kicinski <kuba(a)kernel.org> net: tls: fix returned read length with async decrypt Sabrina Dubroca <sd(a)queasysnail.net> net: tls: fix use-after-free with partial reads and async decrypt Jakub Kicinski <kuba(a)kernel.org> net: tls: handle backlogging of crypto requests Jakub Kicinski <kuba(a)kernel.org> tls: fix race between tx work scheduling and socket close Jakub Kicinski <kuba(a)kernel.org> tls: fix race between async notify and socket close Jakub Kicinski <kuba(a)kernel.org> net: tls: factor out tls_*crypt_async_wait() Horatiu Vultur <horatiu.vultur(a)microchip.com> lan966x: Fix crash when adding interface under a lag Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge locked port test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Suppress grep warnings Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge MDB test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix layer 2 miss test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: net: Fix bridge backup port test flakiness Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_backup_port.sh to run it in unique namespace Hojin Nam <hj96.nam(a)samsung.com> perf: CXL: fix mismatched cpmu event opcode Lukas Bulwahn <lukas.bulwahn(a)gmail.com> ALSA: hda/cs35l56: select intended config FW_CS_DSP Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the supplier of a remote-endpoint property Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the consumer of a remote-endpoint property Parav Pandit <parav(a)nvidia.com> devlink: Fix command annotation documentation Magnus Karlsson <magnus.karlsson(a)intel.com> bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY Chuck Lever <chuck.lever(a)oracle.com> net/handshake: Fix handshake_req_destroy_test1 Jiri Pirko <jiri(a)resnulli.us> net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers Jiri Pirko <jiri(a)resnulli.us> dpll: fix possible deadlock during netlink dump operation Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: ipc3-topology: Fix pipeline tear down logic Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: clear link_id in time_event Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix dynamic port assignment when TDM is set Carlos Song <carlos.song(a)nxp.com> spi: imx: fix the burst length at DMA mode and CPU mode Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix pci_probe() error path Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix capability for net_test Rob Clark <robdclark(a)chromium.org> drm/msm/gem: Fix double resv lock aquire Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case Hu Yadi <hu.yadi(a)h3c.com> selftests/landlock: Fix fs_test build with old libc Hu Yadi <hu.yadi(a)h3c.com> selftests/landlock: Fix net_test build with old libc Nícolas F. R. A. Prado <nfraprado(a)collabora.com> kselftest: dt: Stop relying on dirname to improve performance Saravana Kannan <saravanak(a)google.com> driver core: Fix device_link_flag_is_sync_state_only() Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Filipe Manana <fdmanana(a)suse.com> btrfs: reject encoded write if inode has nodatasum flag set Filipe Manana <fdmanana(a)suse.com> btrfs: don't reserve space for checksums when writing to nocow files David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Filipe Manana <fdmanana(a)suse.com> btrfs: don't refill whole delayed refs block reserve when starting transaction Filipe Manana <fdmanana(a)suse.com> btrfs: add new unused block groups to the list of unused block groups Filipe Manana <fdmanana(a)suse.com> btrfs: do not delete unused block group if it may be used soon Filipe Manana <fdmanana(a)suse.com> btrfs: add and use helper to check if block group is used Yang Shi <yang(a)os.amperecomputing.com> mm: mmap: map MAP_STACK to VM_NOHUGEPAGE Yang Shi <yang(a)os.amperecomputing.com> mm: huge_memory: don't force huge page alignment on 32 bit Linus Torvalds <torvalds(a)linux-foundation.org> update workarounds for gcc "asm goto" issue Linus Torvalds <torvalds(a)linux-foundation.org> work around gcc bugs with 'asm goto' with outputs ------------- Diffstat: .../ABI/testing/sysfs-class-net-statistics | 48 +- Documentation/arch/arm64/silicon-errata.rst | 7 + Documentation/netlink/specs/dpll.yaml | 4 - Documentation/networking/devlink/devlink-port.rst | 2 +- Documentation/sphinx/kernel_feat.py | 2 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arc/include/asm/jump_label.h | 4 +- arch/arm/include/asm/jump_label.h | 4 +- arch/arm64/include/asm/alternative-macros.h | 4 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/fpsimd.c | 2 +- arch/arm64/kernel/signal.c | 4 +- arch/arm64/kvm/pkvm.c | 27 +- arch/csky/include/asm/jump_label.h | 4 +- arch/loongarch/include/asm/jump_label.h | 4 +- arch/loongarch/mm/kasan_init.c | 3 + arch/mips/include/asm/checksum.h | 3 +- arch/mips/include/asm/jump_label.h | 4 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/parisc/Kconfig | 1 - arch/parisc/include/asm/assembly.h | 1 + arch/parisc/include/asm/extable.h | 64 ++ arch/parisc/include/asm/jump_label.h | 4 +- arch/parisc/include/asm/special_insns.h | 6 +- arch/parisc/include/asm/uaccess.h | 48 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/drivers.c | 3 + arch/parisc/kernel/unaligned.c | 44 +- arch/parisc/mm/fault.c | 11 +- arch/powerpc/include/asm/jump_label.h | 4 +- arch/powerpc/include/asm/reg.h | 2 + arch/powerpc/include/asm/thread_info.h | 2 +- arch/powerpc/include/asm/uaccess.h | 12 +- arch/powerpc/kernel/cpu_setup_6xx.S | 20 +- arch/powerpc/kernel/cpu_specs_e500mc.h | 3 +- arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/iommu.c | 4 +- arch/powerpc/kernel/irq_64.c | 2 +- arch/powerpc/mm/kasan/init_32.c | 1 + arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/riscv/include/asm/bitops.h | 8 +- arch/riscv/include/asm/cpufeature.h | 4 +- arch/riscv/include/asm/jump_label.h | 4 +- arch/s390/include/asm/jump_label.h | 4 +- arch/s390/kvm/vsie.c | 1 - arch/s390/mm/gmap.c | 1 + arch/sparc/include/asm/jump_label.h | 4 +- arch/um/Makefile | 4 +- arch/um/include/asm/cpufeature.h | 2 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/include/asm/barrier.h | 18 - arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/jump_label.h | 6 +- arch/x86/include/asm/processor.h | 18 + arch/x86/include/asm/rmwcc.h | 2 +- arch/x86/include/asm/special_insns.h | 2 +- arch/x86/include/asm/uaccess.h | 10 +- arch/x86/kernel/cpu/amd.c | 3 + arch/x86/kernel/cpu/common.c | 7 + arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kernel/fpu/signal.c | 13 +- arch/x86/kvm/svm/svm_ops.h | 6 +- arch/x86/kvm/vmx/pmu_intel.c | 2 +- arch/x86/kvm/vmx/vmx.c | 4 +- arch/x86/kvm/vmx/vmx_ops.h | 6 +- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/ident_map.c | 23 +- arch/xtensa/include/asm/jump_label.h | 4 +- block/blk-mq.c | 9 +- block/blk-wbt.c | 4 +- crypto/algif_hash.c | 5 +- drivers/android/binder.c | 10 + drivers/base/core.c | 15 +- drivers/base/power/domain.c | 2 +- drivers/connector/cn_proc.c | 5 +- drivers/crypto/ccp/sev-dev.c | 10 +- drivers/dpll/dpll_netlink.c | 20 +- drivers/dpll/dpll_nl.c | 4 - drivers/dpll/dpll_nl.h | 2 - drivers/firewire/core-device.c | 7 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 8 - drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 6 + drivers/gpu/drm/amd/amdgpu/ih_v6_1.c | 7 + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/soc21.c | 4 +- drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 15 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 27 +- drivers/gpu/drm/amd/display/dc/inc/core_types.h | 2 + .../display/dc/link/protocols/link_dp_training.c | 5 +- drivers/gpu/drm/drm_buddy.c | 6 + drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 3 + drivers/gpu/drm/i915/display/intel_vdsc_regs.h | 4 +- drivers/gpu/drm/msm/msm_gem_prime.c | 4 +- drivers/gpu/drm/msm/msm_gpu.c | 11 +- drivers/gpu/drm/msm/msm_iommu.c | 32 +- drivers/gpu/drm/msm/msm_ringbuffer.c | 7 +- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 2 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 26 +- drivers/gpu/drm/nouveau/nouveau_fence.h | 1 + drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 61 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + drivers/hid/bpf/hid_bpf_dispatch.c | 83 ++- drivers/hid/bpf/hid_bpf_dispatch.h | 4 +- drivers/hid/bpf/hid_bpf_jmp_table.c | 40 +- drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 +- drivers/hid/wacom_wac.c | 9 +- drivers/i2c/busses/Makefile | 6 +- drivers/i2c/busses/i2c-i801.c | 4 +- drivers/i2c/busses/i2c-pasemi-core.c | 6 + drivers/i2c/busses/i2c-qcom-geni.c | 16 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad4130.c | 12 +- drivers/iio/imu/bno055/Kconfig | 1 + drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/iio/pressure/bmp280-spi.c | 1 + drivers/interconnect/qcom/sc8180x.c | 1 + drivers/interconnect/qcom/sm8550.c | 1 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 62 +- drivers/irqchip/irq-loongson-eiointc.c | 2 +- drivers/md/dm-core.h | 2 + drivers/md/dm-crypt.c | 38 +- drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/md/dm-verity-target.c | 26 +- drivers/md/dm-verity.h | 1 - drivers/md/md.c | 7 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/sdhci-pci-o2micro.c | 30 + drivers/net/bonding/bond_main.c | 5 +- drivers/net/can/dev/netlink.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 +- drivers/net/ethernet/mellanox/mlx5/core/dpll.c | 2 +- .../net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 46 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 1 + .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/stmicro/stmmac/common.h | 56 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 15 +- .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 125 +++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 136 ++-- drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 82 ++- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 15 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 3 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 4 + .../net/wireless/intel/iwlwifi/mvm/time-event.c | 3 +- drivers/net/xen-netback/netback.c | 100 ++- drivers/of/property.c | 65 +- drivers/of/unittest.c | 12 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/pci.c | 37 +- drivers/perf/cxl_pmu.c | 2 +- drivers/pmdomain/mediatek/mtk-pm-domains.c | 15 +- drivers/pmdomain/renesas/r8a77980-sysc.c | 3 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/spi/spi-imx.c | 9 +- drivers/spi/spi-omap2-mcspi.c | 137 +--- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/thunderbolt/tb_regs.h | 2 +- drivers/thunderbolt/usb4.c | 2 +- drivers/tty/serial/max310x.c | 53 +- drivers/tty/serial/mxs-auart.c | 5 +- drivers/tty/serial/serial_core.c | 2 +- drivers/usb/chipidea/ci.h | 2 + drivers/usb/chipidea/core.c | 44 +- drivers/usb/common/ulpi.c | 2 +- drivers/usb/core/hub.c | 46 +- drivers/usb/dwc3/gadget.c | 6 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/typec/tcpm/tcpm.c | 3 +- drivers/usb/typec/ucsi/ucsi.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- drivers/xen/events/events_base.c | 8 +- fs/btrfs/block-group.c | 80 +- fs/btrfs/block-group.h | 7 + fs/btrfs/delalloc-space.c | 29 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/inode.c | 26 +- fs/btrfs/ioctl.c | 5 + fs/btrfs/qgroup.c | 14 + fs/btrfs/send.c | 2 +- fs/btrfs/transaction.c | 38 +- fs/ceph/caps.c | 3 +- fs/ext4/mballoc.c | 39 +- fs/ext4/move_extent.c | 6 +- fs/hugetlbfs/inode.c | 21 +- fs/namespace.c | 11 +- fs/nfsd/nfs4state.c | 11 +- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/proc/array.c | 66 +- fs/smb/client/connect.c | 14 +- fs/smb/client/fs_context.c | 11 + fs/smb/client/namespace.c | 16 + fs/smb/client/smb2ops.c | 2 +- fs/smb/server/smb2pdu.c | 8 +- fs/tracefs/event_inode.c | 814 ++++++--------------- fs/tracefs/inode.c | 102 +-- fs/tracefs/internal.h | 46 +- fs/zonefs/file.c | 42 +- fs/zonefs/super.c | 66 +- include/linux/backing-dev-defs.h | 7 +- include/linux/compiler-gcc.h | 20 + include/linux/compiler_types.h | 11 +- include/linux/gpio/driver.h | 12 + include/linux/iio/adc/ad_sigma_delta.h | 4 +- include/linux/iio/common/st_sensors.h | 4 +- include/linux/iio/imu/adis.h | 3 +- include/linux/lsm_hook_defs.h | 4 +- include/linux/mman.h | 1 + include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/ptrace.h | 4 + include/linux/serial_core.h | 32 +- include/net/tls.h | 5 - include/sound/tas2781.h | 1 + init/Kconfig | 9 + io_uring/net.c | 5 +- kernel/sched/membarrier.c | 6 + kernel/sys.c | 54 +- kernel/trace/ftrace.c | 10 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 +- kernel/trace/trace_btf.c | 4 +- kernel/trace/trace_events_synth.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/trace_osnoise.c | 6 +- kernel/trace/trace_probe.c | 32 +- kernel/trace/trace_probe.h | 3 +- kernel/workqueue.c | 8 +- lib/kobject.c | 24 +- mm/backing-dev.c | 2 +- mm/damon/sysfs-schemes.c | 2 +- mm/huge_memory.c | 14 +- mm/memory-failure.c | 2 +- mm/memory.c | 4 +- mm/mmap.c | 6 +- mm/page-writeback.c | 4 +- mm/userfaultfd.c | 15 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +- net/handshake/handshake-test.c | 5 +- net/hsr/hsr_device.c | 4 +- net/mac80211/tx.c | 5 +- net/mptcp/pm_userspace.c | 13 +- net/mptcp/protocol.c | 25 +- net/mptcp/protocol.h | 7 +- net/mptcp/subflow.c | 4 +- net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nft_set_pipapo_avx2.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +- net/tls/tls_sw.c | 135 ++-- net/wireless/core.c | 3 +- samples/bpf/asm_goto_workaround.h | 8 +- scripts/link-vmlinux.sh | 9 +- scripts/mksysmap | 13 +- scripts/mod/modpost.c | 3 +- scripts/mod/sumversion.c | 7 +- security/security.c | 45 +- sound/pci/hda/Kconfig | 4 +- sound/pci/hda/patch_conexant.c | 18 + sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/tas2781-comlib.c | 3 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/codecs/wcd938x.c | 2 +- sound/soc/intel/avs/core.c | 3 + sound/soc/intel/avs/topology.c | 2 +- sound/soc/sof/ipc3-topology.c | 69 +- sound/soc/sof/ipc3.c | 2 +- tools/arch/x86/include/asm/rmwcc.h | 2 +- tools/include/linux/compiler_types.h | 4 +- .../testing/selftests/dt/test_unprobed_devices.sh | 13 +- tools/testing/selftests/landlock/common.h | 48 +- tools/testing/selftests/landlock/fs_test.c | 11 +- tools/testing/selftests/landlock/net_test.c | 13 +- .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/ksm_tests.c | 2 +- tools/testing/selftests/mm/map_hugetlb.c | 7 + tools/testing/selftests/mm/va_high_addr_switch.sh | 6 + tools/testing/selftests/mm/write_hugetlb_memory.sh | 2 +- .../selftests/net/forwarding/bridge_locked_port.sh | 4 +- .../testing/selftests/net/forwarding/bridge_mdb.sh | 14 +- .../selftests/net/forwarding/tc_flower_l2_miss.sh | 8 +- tools/testing/selftests/net/mptcp/config | 3 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 10 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 11 +- tools/testing/selftests/net/mptcp/settings | 2 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 31 +- .../selftests/net/test_bridge_backup_port.sh | 394 +++++----- tools/tracing/rtla/Makefile | 7 +- tools/tracing/rtla/src/osnoise_hist.c | 9 +- tools/tracing/rtla/src/osnoise_top.c | 6 +- tools/tracing/rtla/src/timerlat_hist.c | 9 +- tools/tracing/rtla/src/timerlat_top.c | 6 +- tools/tracing/rtla/src/utils.c | 14 +- tools/tracing/rtla/src/utils.h | 2 + tools/verification/rv/Makefile | 7 +- tools/verification/rv/src/in_kernel.c | 2 +- 350 files changed, 3352 insertions(+), 2554 deletions(-)

1 year, 8 months

9
8
0 0

[PATCH 3/6] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free

by Johan Hovold

A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Fixes: 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/soc/qcom/pmic_glink_altmode.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index 5fcd0fdd2faa..b3808fc24c69 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -76,7 +76,7 @@ struct pmic_glink_altmode_port { struct work_struct work; - struct device *bridge; + struct auxiliary_device *bridge; enum typec_orientation orientation; u16 svid; @@ -230,7 +230,7 @@ static void pmic_glink_altmode_worker(struct work_struct *work) else pmic_glink_altmode_enable_usb(altmode, alt_port); - drm_aux_hpd_bridge_notify(alt_port->bridge, + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, alt_port->hpd_state ? connector_status_connected : connector_status_disconnected); @@ -454,7 +454,7 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, alt_port->index = port; INIT_WORK(&alt_port->work, pmic_glink_altmode_worker); - alt_port->bridge = drm_dp_hpd_bridge_register(dev, to_of_node(fwnode)); + alt_port->bridge = devm_drm_dp_hpd_bridge_alloc(dev, to_of_node(fwnode)); if (IS_ERR(alt_port->bridge)) { fwnode_handle_put(fwnode); return PTR_ERR(alt_port->bridge); @@ -510,6 +510,16 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, } } + for (port = 0; port < ARRAY_SIZE(altmode->ports); port++) { + alt_port = &altmode->ports[port]; + if (!alt_port->bridge) + continue; + + ret = devm_drm_dp_hpd_bridge_add(dev, alt_port->bridge); + if (ret) + return ret; + } + altmode->client = devm_pmic_glink_register_client(dev, altmode->owner_id, pmic_glink_altmode_callback, -- 2.43.0

1 year, 8 months

5
6
0 0

[PATCH v3 1/2] mmc: xenon: fix PHY init clock stability

by Elad Nachman

From: Elad Nachman <enachman(a)marvell.com> Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> --- drivers/mmc/host/sdhci-xenon-phy.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj); -- 2.25.1

1 year, 8 months

1
0
0 0

[PATCH v3 1/2] mmc: xenon: fix PHY init clock stability

by Elad Nachman

From: Elad Nachman <enachman(a)marvell.com> Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> --- drivers/mmc/host/sdhci-xenon-phy.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj); -- 2.25.1

1 year, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2024