February 2024 - Linux-stable-mirror

[PATCH] mm, mmap: fix vma_merge() case 7 with vma_ops->close

by Vlastimil Babka

When debugging issues with a workload using SysV shmem, Michal Hocko has come up with a reproducer that shows how a series of mprotect() operations can result in an elevated shm_nattch and thus leak of the resource. The problem is caused by wrong assumptions in vma_merge() commit 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test"). The shmem vmas have a vma_ops->close callback that decrements shm_nattch, and we remove the vma without calling it. vma_merge() has thus historically avoided merging vma's with vma_ops->close and commit 714965ca8252 was supposed to keep it that way. It relaxed the checks for vma_ops->close in can_vma_merge_after() assuming that it is never called on a vma that would be a candidate for removal. However, the vma_merge() code does also use the result of this check in the decision to remove a different vma in the merge case 7. A robust solution would be to refactor vma_merge() code in a way that the vma_ops->close check is only done for vma's that are actually going to be removed, and not as part of the preliminary checks. That would both solve the existing bug, and also allow additional merges that the checks currently prevent unnecessarily in some cases. However to fix the existing bug first with a minimized risk, and for easier stable backports, this patch only adds a vma_ops->close check to the buggy case 7 specifically. All other cases of vma removal are covered by the can_vma_merge_before() check that includes the test for vma_ops->close. The reproducer code, adapted from Michal Hocko's code: int main(int argc, char *argv[]) { int segment_id; size_t segment_size = 20 * PAGE_SIZE; char * sh_mem; struct shmid_ds shmid_ds; key_t key = 0x1234; segment_id = shmget(key, segment_size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); sh_mem = (char *)shmat(segment_id, NULL, 0); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_NONE); mprotect(sh_mem + PAGE_SIZE, PAGE_SIZE, PROT_WRITE); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_WRITE); shmdt(sh_mem); shmctl(segment_id, IPC_STAT, &shmid_ds); printf("nattch after shmdt(): %lu (expected: 0)\n", shmid_ds.shm_nattch); if (shmctl(segment_id, IPC_RMID, 0)) printf("IPCRM failed %d\n", errno); return (shmid_ds.shm_nattch) ? 1 : 0; } Fixes: 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test") Reported-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- mm/mmap.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/mm/mmap.c b/mm/mmap.c index d89770eaab6b..a4238373ee9b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -954,10 +954,19 @@ static struct vm_area_struct } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ + /* + * can_vma_merge_after() assumed we would not be + * removing prev vma, so it skipped the check + * for vm_ops->close, but we are removing curr + */ + if (curr->vm_ops && curr->vm_ops->close) + err = -EINVAL; + else + err = dup_anon_vma(prev, curr, &anon_dup); remove = curr; } else { /* case 5 */ + err = dup_anon_vma(prev, curr, &anon_dup); adjust = curr; adj_start = (end - curr->vm_start); } -- 2.43.1

1 year

3
5
0 0

[PATCH 6.7 000/313] 6.7.6-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.6 release. There are 313 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.6-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.6-rc2 Borislav Petkov (AMD) <bp(a)alien8.de> x86/barrier: Do not serialize MSR accesses on AMD Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Saravana Kannan <saravanak(a)google.com> of: property: Add in-ports/out-ports support to of_graph_get_port_parent() Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Mark Brown <broonie(a)kernel.org> usb: typec: tpcm: Fix issues with power being removed during reset Damien Le Moal <dlemoal(a)kernel.org> block: fix partial zone append completion handling in req_bio_endio() Junxiao Bi <junxiao.bi(a)oracle.com> md: bypass block throttle for superblock update Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Petr Pavlu <petr.pavlu(a)suse.com> tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <o.rempel(a)pengutronix.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Maxime Jayat <maxime.jayat(a)mobile-devices.fr> can: netlink: Fix TDCO calculation using the old data bittiming Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Vegard Nossum <vegard.nossum(a)oracle.com> docs: kernel_feat.py: fix build error for missing files Jan Kara <jack(a)suse.cz> blk-wbt: Fix detection of dirty-throttled tasks Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix earlycon parameter if KASAN enabled Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Dave Airlie <airlied(a)redhat.com> nouveau/gsp: use correct size for registry rpc. Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Shradha Gupta <shradhagupta(a)linux.microsoft.com> hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Petr Tesarik <petr(a)tesarici.cz> net: stmmac: protect updates of 64-bit statistics counters Jan Kiszka <jan.kiszka(a)siemens.com> riscv/efistub: Ensure GP-relative addressing is not used Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: fix wrong DAMOS tried regions update timeout setup Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Christian Brauner <brauner(a)kernel.org> fs: relax mount_setattr() permission checks Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix uninitialized bucket/data->bucket_size warning John Kacur <jkacur(a)redhat.com> tools/rtla: Exit with EXIT_SUCCESS when help is invoked Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix clang warning about mount_point var size limingming3 <limingming890315(a)gmail.com> tools/rtla: Replace setting prio with nice for SCHED_OTHER Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Remove unused sched_getattr() function Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix curr_reactor uninitialized variable Mario Limonciello <mario.limonciello(a)amd.com> ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: add module parameter to tascodec_init() Curtis Malainey <cujomalainey(a)chromium.org> ASoC: SOF: IPC3: fix message bounds on ipc ops Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mark Brown <broonie(a)kernel.org> arm64/signal: Don't assume that TIF_SVE means we saved SVE state Fred Ai <fred.ai(a)bayhubtech.com> mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Fix circular locking dependency Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: vsie: fix race during shadow creation Steve French <stfrench(a)microsoft.com> smb: Fix regression in writes when non-standard maximum write size negotiated Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct id, uid and cruid for multiuser automounts Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> thunderbolt: Fix setting the CNS bit in ROUTER_CS_5 Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: fix a crash when we run out of stations Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix wiphy delayed work queueing Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fix double-free bug Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port James Hershaw <james.hershaw(a)corigine.com> nfp: enable NETDEV_XDP_ACT_REDIRECT feature flag Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Herbert Xu <herbert(a)gondor.apana.org.au> crypto: algif_hash - Remove bogus SGL free on zero-length error path Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes Shuming Fan <shumingf(a)realtek.com> ALSA: hda/realtek: add IDs for Dell dual spk platform bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpiolib: add gpiod_to_gpio_device() stub for !GPIOLIB Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpiolib: add gpio_device_get_base() stub for !GPIOLIB Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix multishot accept overflow handling Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Mingwei Zhang <mizhang(a)google.com> KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Prasad Pandit <pjp(a)fedoraproject.org> KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: mxs-auart: fix tx Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: core: introduce uart_port_tx_flags() Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: fix accuracy of stolen time David Engraf <david.engraf(a)sysgo.com> powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Masami Hiramatsu (Google) <mhiramat(a)kernel.org> ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: prevent infinite while() loop in port startup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Gui-Dong Han <2045gemini(a)gmail.com> serial: core: Fix atomicity violation in uart_tiocmget Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: fix hardware offload for the transfer layer port Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: add hardware offload check for post ct entry Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix failed probe due to unsupported C45 reads Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Avoid fetching VRAM vendor info Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Roman Li <roman.li(a)amd.com> drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase frame-larger-than for all display_mode_vba files Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix MST Null Ptr for RV Thong <thong.thai(a)amd.com> drm/amdgpu/soc21: update VCN 4 max HEVC encoding resolution Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dp: Limit SST link rate to <=8.1Gbps Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Add align done check Rob Clark <robdclark(a)chromium.org> drm/msm: Wire up tlb ops Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Fix alloc_range() error handling code Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: fix several DMA buffer leaks Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Oleg Nesterov <oleg(a)redhat.com> getrusage: use sig->stats_lock rather than lock_task_sighand() Oleg Nesterov <oleg(a)redhat.com> getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Keep all directory links at 1 Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove fsnotify*() functions from lookup() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Restructure eventfs_inode structure to be more condensed Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Warn if an eventfs_inode is freed without is_freed being set Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Get rid of dentry pointers without refcounts Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Clean up dentry ops and add revalidate function Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Remove unused d_parent pointer field Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: dentry lookup crapectomy Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: Avoid using the ei->dentry pointer unnecessarily Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Initialize the tracefs inode properly Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Zero out the tracefs_inode when allocating it Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Save directory inodes in the eventfs_inode structure Erick Archer <erick.archer(a)gmx.com> eventfs: Use kcalloc() instead of kzalloc() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not create dentries nor inodes in iterate_shared Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have the inodes all for files and directories all be the same Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Shortcut eventfs_iterate() by skipping entries already read Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Read ei->entries before ei->children in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do ctx->pos update for all iterations in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Stop using dcache_readdir() for getdents() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove "lookup" parameter from create_dir/file_dentry() Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Sam Protsenko <semen.protsenko(a)linaro.org> iio: pressure: bmp280: Add missing bmp085 to SPI id table Randy Dunlap <rdunlap(a)infradead.org> iio: imu: bno055: serdev requires REGMAP Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis: ensure proper DMA alignment Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad_sigma_delta: ensure proper DMA alignment Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Nuno Sa <nuno.sa(a)analog.com> iio: commom: st_sensors: ensure proper DMA alignment Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Tejun Heo <tj(a)kernel.org> Revert "workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()" Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to search structure fields correctly Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to set arg size and fmt after setting type from BTF Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to show a parse error for bad type for $comm Thorsten Blum <thorsten.blum(a)toblux.com> tracing/synthetic: Fix trace_string() return value Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Daniel Bristot de Oliveira <bristot(a)kernel.org> tracing/timerlat: Move hrtimer_init to timerlat_fd open() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Nathan Chancellor <nathan(a)kernel.org> modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS Nathan Chancellor <nathan(a)kernel.org> um: Fix adding '-no-pie' for clang Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Helge Deller <deller(a)gmx.de> parisc: BTLB: Fix crash when setting up BTLB at CPU bringup Helge Deller <deller(a)gmx.de> parisc: Fix random data corruption from exception handler Esben Haabendal <esben(a)geanix.com> net: stmmac: do not clear TBS enable bit on link up/down Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value of the socket_getpeersec_*() hooks Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: fix incorrect mpc_combine array size David McFarland <corngood(a)gmail.com> drm/amd: Don't init MEC2 firmware when it fails to load Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Sebastian Ott <sebott(a)redhat.com> drm/virtio: Set segment size for virtio_gpu device Vaishnav Achath <vaishnav.a(a)ti.com> spi: omap2-mcspi: Revert FIFO support without DMA Keqi Wang <wangkeqi_chris(a)163.com> connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" Rob Clark <robdclark(a)chromium.org> Revert "drm/msm/gpu: Push gpu lock down past runpm" Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Michael Ellerman <mpe(a)ellerman.id.au> Revert "powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add" Paolo Abeni <pabeni(a)redhat.com> mptcp: really cope with fastopen race Geliang Tang <geliang(a)kernel.org> mptcp: check addrs list in userspace_pm_get_local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix rcv space initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: drop the push_pending field Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_kill_wait Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: allow changing subtests prefix Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: increase timeout to 30 min Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Mangle Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Arnd Bergmann <arnd(a)arndb.de> kallsyms: ignore ARMv4 thunks along with others Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Arnd Bergmann <arnd(a)arndb.de> i2c: pasemi: split driver into two separate modules Shivaprasad G Bhat <sbhat(a)linux.ibm.com> powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Limit KASAN thread size increase to 32KB Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Handle non-coherent GICv4 redistributors Bibo Mao <maobibo(a)loongson.cn> irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Viken Dadhaniya <quic_vdadhani(a)quicinc.com> i2c: qcom-geni: Correct I2C TRE sequence Dan Carpenter <dan.carpenter(a)linaro.org> cifs: fix underflow in parse_server_interfaces() Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: only set GPIO_CTRL if pin is unused Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: zero-initialize clock init data Alex Williamson <alex.williamson(a)redhat.com> PCI: Fix active state requirement in PME polling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "kobject: Remove redundant checks for whether ktype is NULL" Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> powerpc/6xx: set High BAT Enable flag on G2_LE cores Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Improve detection of overlapping cycles Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sm8550: Enable sync_state Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend Udipto Goswami <quic_ugoswami(a)quicinc.com> usb: core: Prevent null pointer dereference in update_port_device_state Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: core: handle power lost in workqueue yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Sean Anderson <sean.anderson(a)seco.com> usb: ulpi: Fix debugfs directory leak Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi: Add missing ppm_lock Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: actually free hdev memory after attaching a HID-BPF program Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: remove double fdget() Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Helge Deller <deller(a)gmx.de> parisc: Prevent hung tasks when printing inventory on serial console Techno Mooney <techno.mooney(a)gmail.com> ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt, dm-verity: disable tasklets Dave Airlie <airlied(a)redhat.com> nouveau: offload fence uevents work to workqueue Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Nico Pache <npache(a)redhat.com> selftests: mm: fix map_hugetlb failure on 64K page size systems Audra Mitchell <audra(a)redhat.com> selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: switch to bash from sh Sidhartha Kumar <sidhartha.kumar(a)oracle.com> fs/hugetlbfs/inode.c: mm/memory-failure.c: fix hugetlbfs hwpoison handling Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ryan Roberts <ryan.roberts(a)arm.com> selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ryan Roberts <ryan.roberts(a)arm.com> mm: thp_get_unmapped_area must honour topdown preference Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Ivan Vecera <ivecera(a)redhat.com> i40e: Do not allow untrusted VF to remove administratively set MAC Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Arnd Bergmann <arnd(a)arndb.de> nouveau/svm: fix kvcalloc() argument order Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Manasi Navare <navaremanasi(a)chromium.org> drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Jakub Kicinski <kuba(a)kernel.org> net: tls: fix returned read length with async decrypt Sabrina Dubroca <sd(a)queasysnail.net> net: tls: fix use-after-free with partial reads and async decrypt Jakub Kicinski <kuba(a)kernel.org> net: tls: handle backlogging of crypto requests Jakub Kicinski <kuba(a)kernel.org> tls: fix race between tx work scheduling and socket close Jakub Kicinski <kuba(a)kernel.org> tls: fix race between async notify and socket close Jakub Kicinski <kuba(a)kernel.org> net: tls: factor out tls_*crypt_async_wait() Horatiu Vultur <horatiu.vultur(a)microchip.com> lan966x: Fix crash when adding interface under a lag Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge locked port test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Suppress grep warnings Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge MDB test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix layer 2 miss test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: net: Fix bridge backup port test flakiness Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_backup_port.sh to run it in unique namespace Hojin Nam <hj96.nam(a)samsung.com> perf: CXL: fix mismatched cpmu event opcode Lukas Bulwahn <lukas.bulwahn(a)gmail.com> ALSA: hda/cs35l56: select intended config FW_CS_DSP Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the supplier of a remote-endpoint property Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the consumer of a remote-endpoint property Parav Pandit <parav(a)nvidia.com> devlink: Fix command annotation documentation Magnus Karlsson <magnus.karlsson(a)intel.com> bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY Chuck Lever <chuck.lever(a)oracle.com> net/handshake: Fix handshake_req_destroy_test1 Jiri Pirko <jiri(a)resnulli.us> net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers Jiri Pirko <jiri(a)resnulli.us> dpll: fix possible deadlock during netlink dump operation Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: ipc3-topology: Fix pipeline tear down logic Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: clear link_id in time_event Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix dynamic port assignment when TDM is set Carlos Song <carlos.song(a)nxp.com> spi: imx: fix the burst length at DMA mode and CPU mode Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix pci_probe() error path Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix capability for net_test Rob Clark <robdclark(a)chromium.org> drm/msm/gem: Fix double resv lock aquire Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case Hu Yadi <hu.yadi(a)h3c.com> selftests/landlock: Fix fs_test build with old libc Hu Yadi <hu.yadi(a)h3c.com> selftests/landlock: Fix net_test build with old libc Nícolas F. R. A. Prado <nfraprado(a)collabora.com> kselftest: dt: Stop relying on dirname to improve performance Saravana Kannan <saravanak(a)google.com> driver core: Fix device_link_flag_is_sync_state_only() Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Filipe Manana <fdmanana(a)suse.com> btrfs: reject encoded write if inode has nodatasum flag set Filipe Manana <fdmanana(a)suse.com> btrfs: don't reserve space for checksums when writing to nocow files David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Filipe Manana <fdmanana(a)suse.com> btrfs: don't refill whole delayed refs block reserve when starting transaction Filipe Manana <fdmanana(a)suse.com> btrfs: add new unused block groups to the list of unused block groups Filipe Manana <fdmanana(a)suse.com> btrfs: do not delete unused block group if it may be used soon Filipe Manana <fdmanana(a)suse.com> btrfs: add and use helper to check if block group is used Yang Shi <yang(a)os.amperecomputing.com> mm: mmap: map MAP_STACK to VM_NOHUGEPAGE Yang Shi <yang(a)os.amperecomputing.com> mm: huge_memory: don't force huge page alignment on 32 bit Linus Torvalds <torvalds(a)linux-foundation.org> update workarounds for gcc "asm goto" issue Linus Torvalds <torvalds(a)linux-foundation.org> work around gcc bugs with 'asm goto' with outputs ------------- Diffstat: .../ABI/testing/sysfs-class-net-statistics | 48 +- Documentation/arch/arm64/silicon-errata.rst | 7 + Documentation/netlink/specs/dpll.yaml | 4 - Documentation/networking/devlink/devlink-port.rst | 2 +- Documentation/sphinx/kernel_feat.py | 2 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arc/include/asm/jump_label.h | 4 +- arch/arm/include/asm/jump_label.h | 4 +- arch/arm64/include/asm/alternative-macros.h | 4 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/fpsimd.c | 2 +- arch/arm64/kernel/signal.c | 4 +- arch/arm64/kvm/pkvm.c | 27 +- arch/csky/include/asm/jump_label.h | 4 +- arch/loongarch/include/asm/jump_label.h | 4 +- arch/loongarch/mm/kasan_init.c | 3 + arch/mips/include/asm/checksum.h | 3 +- arch/mips/include/asm/jump_label.h | 4 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/parisc/Kconfig | 1 - arch/parisc/include/asm/assembly.h | 1 + arch/parisc/include/asm/extable.h | 64 ++ arch/parisc/include/asm/jump_label.h | 4 +- arch/parisc/include/asm/special_insns.h | 6 +- arch/parisc/include/asm/uaccess.h | 48 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/drivers.c | 3 + arch/parisc/kernel/unaligned.c | 44 +- arch/parisc/mm/fault.c | 11 +- arch/powerpc/include/asm/jump_label.h | 4 +- arch/powerpc/include/asm/reg.h | 2 + arch/powerpc/include/asm/thread_info.h | 2 +- arch/powerpc/include/asm/uaccess.h | 12 +- arch/powerpc/kernel/cpu_setup_6xx.S | 20 +- arch/powerpc/kernel/cpu_specs_e500mc.h | 3 +- arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/iommu.c | 4 +- arch/powerpc/kernel/irq_64.c | 2 +- arch/powerpc/mm/kasan/init_32.c | 1 + arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/riscv/include/asm/bitops.h | 8 +- arch/riscv/include/asm/cpufeature.h | 4 +- arch/riscv/include/asm/jump_label.h | 4 +- arch/s390/include/asm/jump_label.h | 4 +- arch/s390/kvm/vsie.c | 1 - arch/s390/mm/gmap.c | 1 + arch/sparc/include/asm/jump_label.h | 4 +- arch/um/Makefile | 4 +- arch/um/include/asm/cpufeature.h | 2 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/include/asm/barrier.h | 18 - arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/jump_label.h | 6 +- arch/x86/include/asm/processor.h | 18 + arch/x86/include/asm/rmwcc.h | 2 +- arch/x86/include/asm/special_insns.h | 2 +- arch/x86/include/asm/uaccess.h | 10 +- arch/x86/kernel/cpu/amd.c | 3 + arch/x86/kernel/cpu/common.c | 7 + arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kernel/fpu/signal.c | 13 +- arch/x86/kvm/svm/svm_ops.h | 6 +- arch/x86/kvm/vmx/pmu_intel.c | 2 +- arch/x86/kvm/vmx/vmx.c | 4 +- arch/x86/kvm/vmx/vmx_ops.h | 6 +- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/ident_map.c | 23 +- arch/xtensa/include/asm/jump_label.h | 4 +- block/blk-mq.c | 9 +- block/blk-wbt.c | 4 +- crypto/algif_hash.c | 5 +- drivers/android/binder.c | 10 + drivers/base/core.c | 15 +- drivers/base/power/domain.c | 2 +- drivers/connector/cn_proc.c | 5 +- drivers/crypto/ccp/sev-dev.c | 10 +- drivers/dpll/dpll_netlink.c | 20 +- drivers/dpll/dpll_nl.c | 4 - drivers/dpll/dpll_nl.h | 2 - drivers/firewire/core-device.c | 7 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 8 - drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 6 + drivers/gpu/drm/amd/amdgpu/ih_v6_1.c | 7 + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/soc21.c | 4 +- drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 15 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 27 +- drivers/gpu/drm/amd/display/dc/inc/core_types.h | 2 + .../display/dc/link/protocols/link_dp_training.c | 5 +- drivers/gpu/drm/drm_buddy.c | 6 + drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 3 + drivers/gpu/drm/i915/display/intel_vdsc_regs.h | 4 +- drivers/gpu/drm/msm/msm_gem_prime.c | 4 +- drivers/gpu/drm/msm/msm_gpu.c | 11 +- drivers/gpu/drm/msm/msm_iommu.c | 32 +- drivers/gpu/drm/msm/msm_ringbuffer.c | 7 +- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 2 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 26 +- drivers/gpu/drm/nouveau/nouveau_fence.h | 1 + drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 61 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + drivers/hid/bpf/hid_bpf_dispatch.c | 83 ++- drivers/hid/bpf/hid_bpf_dispatch.h | 4 +- drivers/hid/bpf/hid_bpf_jmp_table.c | 40 +- drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 +- drivers/hid/wacom_wac.c | 9 +- drivers/i2c/busses/Makefile | 6 +- drivers/i2c/busses/i2c-i801.c | 4 +- drivers/i2c/busses/i2c-pasemi-core.c | 6 + drivers/i2c/busses/i2c-qcom-geni.c | 16 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad4130.c | 12 +- drivers/iio/imu/bno055/Kconfig | 1 + drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/iio/pressure/bmp280-spi.c | 1 + drivers/interconnect/qcom/sc8180x.c | 1 + drivers/interconnect/qcom/sm8550.c | 1 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 62 +- drivers/irqchip/irq-loongson-eiointc.c | 2 +- drivers/md/dm-core.h | 2 + drivers/md/dm-crypt.c | 38 +- drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/md/dm-verity-target.c | 26 +- drivers/md/dm-verity.h | 1 - drivers/md/md.c | 7 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/sdhci-pci-o2micro.c | 30 + drivers/net/bonding/bond_main.c | 5 +- drivers/net/can/dev/netlink.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 +- drivers/net/ethernet/mellanox/mlx5/core/dpll.c | 2 +- .../net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 46 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 1 + .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/stmicro/stmmac/common.h | 56 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 15 +- .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 125 +++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 136 ++-- drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 82 ++- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 15 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 3 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 4 + .../net/wireless/intel/iwlwifi/mvm/time-event.c | 3 +- drivers/net/xen-netback/netback.c | 100 ++- drivers/of/property.c | 65 +- drivers/of/unittest.c | 12 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/pci.c | 37 +- drivers/perf/cxl_pmu.c | 2 +- drivers/pmdomain/mediatek/mtk-pm-domains.c | 15 +- drivers/pmdomain/renesas/r8a77980-sysc.c | 3 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/spi/spi-imx.c | 9 +- drivers/spi/spi-omap2-mcspi.c | 137 +--- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/thunderbolt/tb_regs.h | 2 +- drivers/thunderbolt/usb4.c | 2 +- drivers/tty/serial/max310x.c | 53 +- drivers/tty/serial/mxs-auart.c | 5 +- drivers/tty/serial/serial_core.c | 2 +- drivers/usb/chipidea/ci.h | 2 + drivers/usb/chipidea/core.c | 44 +- drivers/usb/common/ulpi.c | 2 +- drivers/usb/core/hub.c | 46 +- drivers/usb/dwc3/gadget.c | 6 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/typec/tcpm/tcpm.c | 3 +- drivers/usb/typec/ucsi/ucsi.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- drivers/xen/events/events_base.c | 8 +- fs/btrfs/block-group.c | 80 +- fs/btrfs/block-group.h | 7 + fs/btrfs/delalloc-space.c | 29 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/inode.c | 26 +- fs/btrfs/ioctl.c | 5 + fs/btrfs/qgroup.c | 14 + fs/btrfs/send.c | 2 +- fs/btrfs/transaction.c | 38 +- fs/ceph/caps.c | 3 +- fs/ext4/mballoc.c | 39 +- fs/ext4/move_extent.c | 6 +- fs/hugetlbfs/inode.c | 21 +- fs/namespace.c | 11 +- fs/nfsd/nfs4state.c | 11 +- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/proc/array.c | 66 +- fs/smb/client/connect.c | 14 +- fs/smb/client/fs_context.c | 11 + fs/smb/client/namespace.c | 16 + fs/smb/client/smb2ops.c | 2 +- fs/smb/server/smb2pdu.c | 8 +- fs/tracefs/event_inode.c | 814 ++++++--------------- fs/tracefs/inode.c | 102 +-- fs/tracefs/internal.h | 46 +- fs/zonefs/file.c | 42 +- fs/zonefs/super.c | 66 +- include/linux/backing-dev-defs.h | 7 +- include/linux/compiler-gcc.h | 20 + include/linux/compiler_types.h | 11 +- include/linux/gpio/driver.h | 12 + include/linux/iio/adc/ad_sigma_delta.h | 4 +- include/linux/iio/common/st_sensors.h | 4 +- include/linux/iio/imu/adis.h | 3 +- include/linux/lsm_hook_defs.h | 4 +- include/linux/mman.h | 1 + include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/ptrace.h | 4 + include/linux/serial_core.h | 32 +- include/net/tls.h | 5 - include/sound/tas2781.h | 1 + init/Kconfig | 9 + io_uring/net.c | 5 +- kernel/sched/membarrier.c | 6 + kernel/sys.c | 54 +- kernel/trace/ftrace.c | 10 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 +- kernel/trace/trace_btf.c | 4 +- kernel/trace/trace_events_synth.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/trace_osnoise.c | 6 +- kernel/trace/trace_probe.c | 32 +- kernel/trace/trace_probe.h | 3 +- kernel/workqueue.c | 8 +- lib/kobject.c | 24 +- mm/backing-dev.c | 2 +- mm/damon/sysfs-schemes.c | 2 +- mm/huge_memory.c | 14 +- mm/memory-failure.c | 2 +- mm/memory.c | 4 +- mm/mmap.c | 6 +- mm/page-writeback.c | 4 +- mm/userfaultfd.c | 15 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +- net/handshake/handshake-test.c | 5 +- net/hsr/hsr_device.c | 4 +- net/mac80211/tx.c | 5 +- net/mptcp/pm_userspace.c | 13 +- net/mptcp/protocol.c | 25 +- net/mptcp/protocol.h | 7 +- net/mptcp/subflow.c | 4 +- net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nft_set_pipapo_avx2.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +- net/tls/tls_sw.c | 135 ++-- net/wireless/core.c | 3 +- samples/bpf/asm_goto_workaround.h | 8 +- scripts/link-vmlinux.sh | 9 +- scripts/mksysmap | 13 +- scripts/mod/modpost.c | 3 +- scripts/mod/sumversion.c | 7 +- security/security.c | 45 +- sound/pci/hda/Kconfig | 4 +- sound/pci/hda/patch_conexant.c | 18 + sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/tas2781-comlib.c | 3 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/codecs/wcd938x.c | 2 +- sound/soc/intel/avs/core.c | 3 + sound/soc/intel/avs/topology.c | 2 +- sound/soc/sof/ipc3-topology.c | 69 +- sound/soc/sof/ipc3.c | 2 +- tools/arch/x86/include/asm/rmwcc.h | 2 +- tools/include/linux/compiler_types.h | 4 +- .../testing/selftests/dt/test_unprobed_devices.sh | 13 +- tools/testing/selftests/landlock/common.h | 48 +- tools/testing/selftests/landlock/fs_test.c | 11 +- tools/testing/selftests/landlock/net_test.c | 13 +- .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/ksm_tests.c | 2 +- tools/testing/selftests/mm/map_hugetlb.c | 7 + tools/testing/selftests/mm/va_high_addr_switch.sh | 6 + tools/testing/selftests/mm/write_hugetlb_memory.sh | 2 +- .../selftests/net/forwarding/bridge_locked_port.sh | 4 +- .../testing/selftests/net/forwarding/bridge_mdb.sh | 14 +- .../selftests/net/forwarding/tc_flower_l2_miss.sh | 8 +- tools/testing/selftests/net/mptcp/config | 3 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 10 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 11 +- tools/testing/selftests/net/mptcp/settings | 2 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 31 +- .../selftests/net/test_bridge_backup_port.sh | 394 +++++----- tools/tracing/rtla/Makefile | 7 +- tools/tracing/rtla/src/osnoise_hist.c | 9 +- tools/tracing/rtla/src/osnoise_top.c | 6 +- tools/tracing/rtla/src/timerlat_hist.c | 9 +- tools/tracing/rtla/src/timerlat_top.c | 6 +- tools/tracing/rtla/src/utils.c | 14 +- tools/tracing/rtla/src/utils.h | 2 + tools/verification/rv/Makefile | 7 +- tools/verification/rv/src/in_kernel.c | 2 +- 350 files changed, 3352 insertions(+), 2554 deletions(-)

1 year

9
8
0 0

[PATCH 3/6] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free

by Johan Hovold

A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Fixes: 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/soc/qcom/pmic_glink_altmode.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index 5fcd0fdd2faa..b3808fc24c69 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -76,7 +76,7 @@ struct pmic_glink_altmode_port { struct work_struct work; - struct device *bridge; + struct auxiliary_device *bridge; enum typec_orientation orientation; u16 svid; @@ -230,7 +230,7 @@ static void pmic_glink_altmode_worker(struct work_struct *work) else pmic_glink_altmode_enable_usb(altmode, alt_port); - drm_aux_hpd_bridge_notify(alt_port->bridge, + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, alt_port->hpd_state ? connector_status_connected : connector_status_disconnected); @@ -454,7 +454,7 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, alt_port->index = port; INIT_WORK(&alt_port->work, pmic_glink_altmode_worker); - alt_port->bridge = drm_dp_hpd_bridge_register(dev, to_of_node(fwnode)); + alt_port->bridge = devm_drm_dp_hpd_bridge_alloc(dev, to_of_node(fwnode)); if (IS_ERR(alt_port->bridge)) { fwnode_handle_put(fwnode); return PTR_ERR(alt_port->bridge); @@ -510,6 +510,16 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, } } + for (port = 0; port < ARRAY_SIZE(altmode->ports); port++) { + alt_port = &altmode->ports[port]; + if (!alt_port->bridge) + continue; + + ret = devm_drm_dp_hpd_bridge_add(dev, alt_port->bridge); + if (ret) + return ret; + } + altmode->client = devm_pmic_glink_register_client(dev, altmode->owner_id, pmic_glink_altmode_callback, -- 2.43.0

1 year

5
6
0 0

[PATCH v3 1/2] mmc: xenon: fix PHY init clock stability

by Elad Nachman

From: Elad Nachman <enachman(a)marvell.com> Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> --- drivers/mmc/host/sdhci-xenon-phy.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj); -- 2.25.1

1 year

1
0
0 0

[PATCH v3 1/2] mmc: xenon: fix PHY init clock stability

by Elad Nachman

From: Elad Nachman <enachman(a)marvell.com> Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> --- drivers/mmc/host/sdhci-xenon-phy.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj); -- 2.25.1

1 year

1
0
0 0

[PATCH 4.19 000/202] 4.19.307-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.307 release. There are 202 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.307-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.307-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Alfred Piccioni <alpic(a)google.com> lsm: new security_file_ioctl_compat() hook Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier Junxiao Bi <junxiao.bi(a)oracle.com> Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Julian Wiedmann <jwi(a)linux.ibm.com> Documentation: net-sysfs: describe missing statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Julian Wiedmann <jwi(a)linux.ibm.com> net/af_iucv: clean up a try_then_request_module() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: remove print in bond_verify_device_path Benjamin Berg <bberg(a)redhat.com> HID: apple: Add 2021 magic keyboard FN key mapping free5lot <mail(a)free5lot.com> HID: apple: Swap the Fn and Left Control keys on Apple keyboards Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: Add support for the 2021 Magic Keyboard Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path Eric Dumazet <edumazet(a)google.com> af_unix: fix lockdep positive in sk_diag_dump_icons() Zhipeng Lu <alexious(a)zju.edu.cn> net: ipv4: fix a memleak in ip_setup_cork Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger Eric Dumazet <edumazet(a)google.com> llc: call sock_orphan() at release time Helge Deller <deller(a)kernel.org> ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor overtemp event handling Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor returning internal error codes Piotr Skajewski <piotrx.skajewski(a)intel.com> ixgbe: Remove non-inclusive language Tom Rix <trix(a)redhat.com> net: remove unneeded break Su Hui <suhui(a)nfschina.com> scsi: isci: Fix an error code problem in isci_io_request_build() Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' Xiubo Li <xiubli(a)redhat.com> ceph: fix deadlock or deadcode of misusing dget() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix IO hang from sbitmap wakeup race Zhu Yanjun <yanjun.zhu(a)linux.dev> virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Ian Rogers <irogers(a)google.com> libsubcmd: Fix memory leak in uniq() Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Replace hardcoded quirk value with BIT() macro Guilherme G. Piccoli <gpiccoli(a)igalia.com> PCI: Only override AMD USB controller if required Peter Robinson <pbrobinson(a)gmail.com> mfd: ti_am335x_tscadc: Fix TI SoC dependencies Nathan Chancellor <nathan(a)kernel.org> um: net: Fix return type of uml_net_start_xmit() Benjamin Berg <benjamin(a)sipsolutions.net> um: Don't use vfprintf() for os_info() Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix naming clash between UML and scheduler Heiner Kallweit <hkallweit1(a)gmail.com> leds: trigger: panic: Don't register panic notifier if creating the trigger failed Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Let KFD sync with VM fences Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: make flip_timestamp_in_us a 64-bit variable Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Rob Clark <robdclark(a)chromium.org> drm/msm/dpu: Ratelimit framedone timeout msgs Su Hui <suhui(a)nfschina.com> media: ddbridge: fix an error code problem in ddb_probe Daniel Vacek <neelx(a)redhat.com> IB/ipoib: Fix mcast list locking Douglas Anderson <dianders(a)chromium.org> drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: Intel: add HDA_ARL PCI ID support Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> PCI: add INTEL_HDA_ARL to pci_ids.h Michael Tretter <m.tretter(a)pengutronix.de> media: rockchip: rga: fix swizzling for RGB formats Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> media: stk1160: Fixed high volume of stk1160_dbg messages Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/mipi-dsi: Fix detach call without attach Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/framebuffer: Fix use of uninitialized variable Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/drm_file: fix use of uninitialized variable Jack Wang <jinpu.wang(a)ionos.com> RDMA/IPoIB: Fix error code return in ipoib_mcast_join Al Viro <viro(a)zeniv.linux.org.uk> fast_dput(): handle underflows gracefully Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Chao Yu <chao(a)kernel.org> f2fs: fix to check return value of f2fs_reserve_new_block() Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: free beacon_ies when overridden from hidden BSS Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Alex Lyakas <alex.lyakas(a)zadara.com> md: Whenassemble the array, consult the superblock of the freshest device Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23/28: Fix the DMA controller node name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27-apf27dev: Fix LED name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx1: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx: Use flash@0,0 pattern Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27-eukrea: Fix RTC node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3036 hdmi ports node Hannes Reinecke <hare(a)suse.de> scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hannes Reinecke <hare(a)suse.de> scsi: libfc: Don't schedule abort twice Hou Tao <houtao1(a)huawei.com> bpf: Add map and need_defer parameters to .map_fd_put_ptr() Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix nand-controller #size-cells Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix lcdif compatible Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Ido Schimmel <idosch(a)nvidia.com> PCI: Add no PM reset quirk for NVIDIA Spectrum devices Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible file string name overflow when updating firmware Baokun Li <libaokun1(a)huawei.com> ext4: avoid online resizing failures due to oversized flex bg Baokun Li <libaokun1(a)huawei.com> ext4: remove unnecessary check from alloc_flex_gd() Baokun Li <libaokun1(a)huawei.com> ext4: unify the type of flexbg_size to unsigned int Ye Bin <yebin10(a)huawei.com> ext4: fix inconsistent between segment fstrim and full fstrim Anna Schumaker <Anna.Schumaker(a)Netapp.com> SUNRPC: Fix a suspicious RCU usage warning Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix setting of fpc register Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: handle setting of fpc register correctly Edward Adam Davis <eadavis(a)qq.com> jfs: fix array-index-out-of-bounds in diNewExt Oleg Nesterov <oleg(a)redhat.com> rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32/crc32 - fix parsing list of devices Weichen Chen <weichen.chen(a)mediatek.com> pstore/ram: Fix crash when setting number of cpus to an odd number Edward Adam Davis <eadavis(a)qq.com> jfs: fix uaf in jfs_evict_inode Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbAdjTree Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix slab-out-of-bounds Read in dtSearch Osama Muhammad <osmtendev(a)gmail.com> UBSAN: array-index-out-of-bounds in dtSplitRoot Osama Muhammad <osmtendev(a)gmail.com> FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Prarit Bhargava <prarit(a)redhat.com> ACPI: extlog: fix NULL pointer dereference check Dmitry Antipov <dmantipov(a)yandex.ru> PNP: ACPI: fix fortify warning Yuluo Qiu <qyl27(a)outlook.com> ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Chris Riches <chris.riches(a)nutanix.com> audit: Send netlink ACK before setting connection in auditd_set Naveen N Rao <naveen(a)kernel.org> powerpc/lib: Validate size for vector operations Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix build error due to is_valid_bugaddr() Kunwu Chan <chentao(a)kylinos.cn> powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Vinicius Costa Gomes <vinicius.gomes(a)intel.com> net/sched: cbs: Fix not adding cbs instance to list Richard Palethorpe <rpalethorpe(a)suse.com> x86/entry/ia32: Ensure s32 is sign extended to s64 Tim Chen <tim.c.chen(a)linux.intel.com> tick/sched: Preserve number of idle sleeps across CPU hotplug events Xi Ruoyao <xry111(a)xry111.site> mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan Wenhua Lin <Wenhua.Lin(a)unisoc.com> gpio: eic-sprd: Clear interrupt after set the interrupt type Fedor Pchelkin <pchelkin(a)ispras.ru> drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: simplify some error checking Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm: Don't unref the same fb many times by mistake due to deadlock handling Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: reject QUEUE/DROP verdict parameters Qu Wenruo <wqu(a)suse.com> btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args David Sterba <dsterba(a)suse.com> btrfs: don't warn if discard range is not aligned to sector Shenwei Wang <shenwei.wang(a)nxp.com> net: fec: fix the unhandled context fault from smmu Zhipeng Lu <alexious(a)zju.edu.cn> fjes: fix memleaks in fjes_hw_setup Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restrict anonymous set and map names to 16 bytes Zhipeng Lu <alexious(a)zju.edu.cn> net/mlx5e: fix a double-free in arfs_create_groups Denis Efremov <efremov(a)linux.com> net/mlx5: Use kfree(ft->g) in arfs_create_groups() Zhengchao Shao <shaozhengchao(a)huawei.com> netlink: fix potential sleeping issue in mqueue_flush_file Salvatore Dipietro <dipiets(a)amazon.com> tcp: Add memory barrier to tcp_push() Petr Pavlu <petr.pavlu(a)suse.com> tracing: Ensure visibility when inserting an element into tracing_map Sharath Srinivasan <sharath.srinivasan(a)oracle.com> net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Kuniyuki Iwashima <kuniyu(a)amazon.com> llc: Drop support for ETH_P_TR_802_2. Eric Dumazet <edumazet(a)google.com> llc: make llc_ui_sendmsg() more robust against bonding changes Lin Ma <linma(a)zju.edu.cn> vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix illegal rmb_desc access in SMC-D connection dump Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> drivers: core: fix kernel-doc markup for dev_err_probe() Michał Mirosław <mirq-linux(a)rere.qmqm.pl> driver code: print symbolic error code Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "driver core: Annotate dev_err_probe() with __must_check" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> driver core: Annotate dev_err_probe() with __must_check Maciej S. Szmigiero <maciej.szmigiero(a)oracle.com> x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum Nathan Chancellor <nathan(a)kernel.org> powerpc: Use always instead of always-y in for crtsavres.o Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Remove special-casing of compound pages Dave Airlie <airlied(a)redhat.com> nouveau/vmm: don't set addr on the fail path to avoid warning Helge Deller <deller(a)gmx.de> parisc/firmware: Fix F-extend for PDC addresses Xiaolei Wang <xiaolei.wang(a)windriver.com> rpmsg: virtio: Free driver_override when rpmsg_remove() Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: core - Fix page fault dead lock on mmap-ed hwrng Hongchen Zhang <zhanghongchen(a)loongson.cn> PM: hibernate: Enforce ordering during image compression/decompression Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Disallow identical driver names Suraj Jitindar Singh <surajjs(a)amazon.com> ext4: allow for the last group to be marked as trimmed Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: add check for unsupported SPI modes during probe Oleksij Rempel <o.rempel(a)pengutronix.de> spi: introduce SPI_MODE_X_MASK macro Andrzej Hajda <a.hajda(a)samsung.com> driver core: add device probe log helper Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: set safe default SPI clock frequency Daniel Lezcano <daniel.lezcano(a)linaro.org> units: add the HZ macros Daniel Lezcano <daniel.lezcano(a)linaro.org> units: change from 'L' to 'UL' Daniel Lezcano <daniel.lezcano(a)linaro.org> units: Add Watt units Akinobu Mita <akinobu.mita(a)gmail.com> include/linux/units.h: add helpers for kelvin to/from Celsius conversion qizhong cheng <qizhong.cheng(a)mediatek.com> PCI: mediatek: Clear interrupt status before dispatching handler ------------- Diffstat: Documentation/ABI/testing/sysfs-class-net-queues | 22 +-- .../ABI/testing/sysfs-class-net-statistics | 60 ++++--- Documentation/sound/soc/dapm.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/imx1-ads.dts | 2 +- arch/arm/boot/dts/imx1-apf9328.dts | 2 +- arch/arm/boot/dts/imx1.dtsi | 5 +- arch/arm/boot/dts/imx23-sansa.dts | 12 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 +- arch/arm/boot/dts/imx27-apf27dev.dts | 2 +- arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 +- arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 +- arch/arm/boot/dts/imx27.dtsi | 3 + arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx7s.dtsi | 4 +- arch/arm/boot/dts/rk3036.dtsi | 14 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/kernel/elf.c | 6 + arch/parisc/kernel/firmware.c | 4 +- arch/powerpc/include/asm/mmu.h | 4 + arch/powerpc/include/asm/mmzone.h | 3 - arch/powerpc/kernel/traps.c | 2 + arch/powerpc/lib/Makefile | 4 +- arch/powerpc/lib/sstep.c | 10 ++ arch/powerpc/mm/init-common.c | 5 +- arch/s390/kernel/ptrace.c | 6 +- arch/s390/kvm/kvm-s390.c | 5 - arch/um/drivers/net_kern.c | 2 +- arch/um/include/shared/kern_util.h | 2 +- arch/um/kernel/process.c | 2 +- arch/um/os-Linux/helper.c | 6 +- arch/um/os-Linux/util.c | 19 ++- arch/x86/Kconfig.cpu | 2 +- arch/x86/include/asm/syscall_wrapper.h | 25 ++- arch/x86/kernel/cpu/amd.c | 20 +-- arch/x86/mm/ident_map.c | 23 ++- block/bio.c | 5 +- block/blk-mq.c | 16 ++ crypto/algapi.c | 1 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/acpi_video.c | 9 ++ drivers/android/binder.c | 10 ++ drivers/atm/idt77252.c | 2 + drivers/base/core.c | 44 +++++ drivers/base/power/domain.c | 2 +- drivers/char/hw_random/core.c | 36 +++-- drivers/clk/hisilicon/clk-hi3620.c | 4 +- drivers/clk/mmp/clk-of-pxa168.c | 3 + drivers/crypto/stm32/stm32_crc32.c | 2 +- drivers/firewire/core-device.c | 7 +- drivers/gpio/gpio-eic-sprd.c | 32 +++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 +- drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 +- drivers/gpu/drm/bridge/nxp-ptn3460.c | 6 +- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 17 +- drivers/gpu/drm/drm_plane.c | 1 + drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 ++ drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 + drivers/gpu/drm/nouveau/nouveau_vmm.c | 3 + drivers/hid/hid-apple.c | 63 +++++++- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-quirks.c | 1 + drivers/hid/wacom_sys.c | 63 +++++--- drivers/hid/wacom_wac.c | 9 +- drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 ++--- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +- drivers/input/keyboard/atkbd.c | 13 +- drivers/irqchip/irq-brcmstb-l2.c | 3 + drivers/leds/trigger/ledtrig-panic.c | 5 +- drivers/md/md.c | 54 +++++-- drivers/md/raid5.c | 12 -- drivers/media/pci/ddbridge/ddbridge-main.c | 2 +- drivers/media/platform/rockchip/rga/rga.c | 15 +- drivers/media/usb/stk1160/stk1160-video.c | 5 +- drivers/mfd/Kconfig | 1 + drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 + drivers/net/bonding/bond_alb.c | 3 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 1 - drivers/net/ethernet/cisco/enic/enic_ethtool.c | 1 - drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 177 ++++++++++----------- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 44 +++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 - drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 ++++++------ drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 51 +----- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 45 +++--- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 ++++++++--------- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 26 +-- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/fjes/fjes_hw.c | 37 ++++- drivers/net/ppp/ppp_async.c | 4 + drivers/net/virtio_net.c | 9 +- drivers/net/wan/lmc/lmc_proto.c | 4 - drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 ++ .../net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 +- drivers/net/xen-netback/netback.c | 100 ++++++------ drivers/pci/controller/pcie-mediatek.c | 10 +- drivers/pci/quirks.c | 24 ++- drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/pnp/pnpacpi/rsparser.c | 12 +- drivers/rpmsg/virtio_rpmsg_bus.c | 1 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +-- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 18 ++- drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_init.c | 4 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/max310x.c | 21 ++- drivers/tty/serial/sc16is7xx.c | 8 +- drivers/usb/core/hub.c | 34 ++-- drivers/usb/gadget/function/f_mass_storage.c | 20 ++- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/vhost/vhost.c | 5 +- fs/afs/server.c | 7 +- fs/btrfs/extent-tree.c | 3 +- fs/btrfs/ioctl.c | 9 ++ fs/btrfs/send.c | 2 +- fs/ceph/caps.c | 9 +- fs/compat_ioctl.c | 3 +- fs/dcache.c | 7 +- fs/ext4/mballoc.c | 26 ++- fs/ext4/move_extent.c | 6 +- fs/ext4/resize.c | 37 +++-- fs/f2fs/recovery.c | 23 ++- fs/jfs/jfs_dmap.c | 57 ++++--- fs/jfs/jfs_dtree.c | 7 +- fs/jfs/jfs_imap.c | 3 + fs/jfs/jfs_mount.c | 6 +- fs/nilfs2/dat.c | 27 ++-- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/pstore/ram.c | 1 + include/drm/drm_mipi_dsi.h | 2 + include/linux/bpf.h | 6 +- include/linux/device.h | 3 + include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/linux/lsm_hooks.h | 9 ++ include/linux/pci_ids.h | 1 + include/linux/security.h | 9 ++ include/linux/spi/spi.h | 1 + include/linux/syscalls.h | 1 + include/linux/units.h | 92 +++++++++++ include/net/af_unix.h | 20 ++- include/net/llc_pdu.h | 6 +- include/uapi/linux/btrfs.h | 3 + include/uapi/linux/netfilter/nf_tables.h | 2 + kernel/audit.c | 31 +++- kernel/bpf/arraymap.c | 12 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/map_in_map.c | 2 +- kernel/bpf/map_in_map.h | 2 +- kernel/power/swap.c | 38 ++--- kernel/sched/membarrier.c | 6 + kernel/time/hrtimer.c | 3 + kernel/time/tick-sched.c | 5 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 7 +- mm/page-writeback.c | 2 +- net/8021q/vlan_netlink.c | 4 + net/ipv4/af_inet.c | 6 +- net/ipv4/ip_output.c | 12 +- net/ipv4/tcp.c | 1 + net/ipv6/addrconf_core.c | 21 ++- net/iucv/af_iucv.c | 14 +- net/llc/af_llc.c | 26 ++- net/llc/llc_core.c | 7 - net/netfilter/nf_log.c | 7 +- net/netfilter/nf_tables_api.c | 20 +-- net/netfilter/nft_byteorder.c | 5 +- net/netfilter/nft_compat.c | 11 +- net/netlink/af_netlink.c | 2 +- net/nfc/nci/core.c | 4 + net/rds/af_rds.c | 2 +- net/rxrpc/conn_event.c | 8 + net/rxrpc/conn_service.c | 3 +- net/sched/sch_cbs.c | 30 ++-- net/smc/smc_diag.c | 2 +- net/sunrpc/xprtmultipath.c | 17 +- net/tipc/bearer.c | 6 + net/unix/af_unix.c | 14 +- net/unix/diag.c | 2 +- net/wireless/scan.c | 4 + security/security.c | 17 ++ security/selinux/hooks.c | 28 ++++ security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 18 +++ sound/soc/codecs/rt5645.c | 1 + tools/lib/subcmd/help.c | 18 ++- 214 files changed, 1810 insertions(+), 1019 deletions(-)

1 year

7
208
0 0

[PATCH v3 2/2] mmc: xenon: add timeout for PHY init complete

by Elad Nachman

From: Elad Nachman <enachman(a)marvell.com> AC5X spec says PHY init complete bit must be polled until zero. We see cases in which timeout can take longer than the standard calculation on AC5X, which is expected following the spec comment above. According to the spec, we must wait as long as it takes for that bit to toggle on AC5X. Cap that with 100 delay loops so we won't get stuck forever. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> --- drivers/mmc/host/sdhci-xenon-phy.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index c3096230a969..cc9d28b75eb9 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -110,6 +110,8 @@ #define XENON_EMMC_PHY_LOGIC_TIMING_ADJUST (XENON_EMMC_PHY_REG_BASE + 0x18) #define XENON_LOGIC_TIMING_VALUE 0x00AA8977 +#define XENON_MAX_PHY_TIMEOUT_LOOPS 100 + /* * List offset of PHY registers and some special register values * in eMMC PHY 5.0 or eMMC PHY 5.1 @@ -278,18 +280,27 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) /* get the wait time */ wait /= clock; wait++; - /* wait for host eMMC PHY init completes */ - udelay(wait); - reg = sdhci_readl(host, phy_regs->timing_adj); - reg &= XENON_PHY_INITIALIZAION; - if (reg) { + /* + * AC5X spec says bit must be polled until zero. + * We see cases in which timeout can take longer + * than the standard calculation on AC5X, which is + * expected following the spec comment above. + * According to the spec, we must wait as long as + * it takes for that bit to toggle on AC5X. + * Cap that with 100 delay loops so we won't get + * stuck here forever: + */ + + ret = read_poll_timeout(sdhci_readl, reg, + !(reg & XENON_PHY_INITIALIZAION), + wait, XENON_MAX_PHY_TIMEOUT_LOOPS * wait, + false, host, phy_regs->timing_adj); + if (ret) dev_err(mmc_dev(host->mmc), "eMMC PHY init cannot complete after %d us\n", - wait); - return -ETIMEDOUT; - } + wait * XENON_MAX_PHY_TIMEOUT_LOOPS); - return 0; + return ret; } #define ARMADA_3700_SOC_PAD_1_8V 0x1 -- 2.25.1

1 year

1
0
0 0

[PATCH v3 1/2] mmc: xenon: fix PHY init clock stability

by Elad Nachman

From: Elad Nachman <enachman(a)marvell.com> Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> --- drivers/mmc/host/sdhci-xenon-phy.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj); -- 2.25.1

1 year

1
0
0 0

+ mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close Date: Thu, 22 Feb 2024 17:55:50 +0100 When debugging issues with a workload using SysV shmem, Michal Hocko has come up with a reproducer that shows how a series of mprotect() operations can result in an elevated shm_nattch and thus leak of the resource. The problem is caused by wrong assumptions in vma_merge() commit 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test"). The shmem vmas have a vma_ops->close callback that decrements shm_nattch, and we remove the vma without calling it. vma_merge() has thus historically avoided merging vma's with vma_ops->close and commit 714965ca8252 was supposed to keep it that way. It relaxed the checks for vma_ops->close in can_vma_merge_after() assuming that it is never called on a vma that would be a candidate for removal. However, the vma_merge() code does also use the result of this check in the decision to remove a different vma in the merge case 7. A robust solution would be to refactor vma_merge() code in a way that the vma_ops->close check is only done for vma's that are actually going to be removed, and not as part of the preliminary checks. That would both solve the existing bug, and also allow additional merges that the checks currently prevent unnecessarily in some cases. However to fix the existing bug first with a minimized risk, and for easier stable backports, this patch only adds a vma_ops->close check to the buggy case 7 specifically. All other cases of vma removal are covered by the can_vma_merge_before() check that includes the test for vma_ops->close. The reproducer code, adapted from Michal Hocko's code: int main(int argc, char *argv[]) { int segment_id; size_t segment_size = 20 * PAGE_SIZE; char * sh_mem; struct shmid_ds shmid_ds; key_t key = 0x1234; segment_id = shmget(key, segment_size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); sh_mem = (char *)shmat(segment_id, NULL, 0); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_NONE); mprotect(sh_mem + PAGE_SIZE, PAGE_SIZE, PROT_WRITE); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_WRITE); shmdt(sh_mem); shmctl(segment_id, IPC_STAT, &shmid_ds); printf("nattch after shmdt(): %lu (expected: 0)\n", shmid_ds.shm_nattch); if (shmctl(segment_id, IPC_RMID, 0)) printf("IPCRM failed %d\n", errno); return (shmid_ds.shm_nattch) ? 1 : 0; } Link: https://lkml.kernel.org/r/20240222165549.32753-2-vbabka@suse.cz Fixes: 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Michal Hocko <mhocko(a)suse.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/mm/mmap.c~mm-mmap-fix-vma_merge-case-7-with-vma_ops-close +++ a/mm/mmap.c @@ -954,10 +954,19 @@ static struct vm_area_struct } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ + /* + * can_vma_merge_after() assumed we would not be + * removing prev vma, so it skipped the check + * for vm_ops->close, but we are removing curr + */ + if (curr->vm_ops && curr->vm_ops->close) + err = -EINVAL; + else + err = dup_anon_vma(prev, curr, &anon_dup); remove = curr; } else { /* case 5 */ + err = dup_anon_vma(prev, curr, &anon_dup); adjust = curr; adj_start = (end - curr->vm_start); } _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch

1 year

1
0
0 0

[PATCH 0/3] sched/rt fixes for 4.19

by Petr Vorel

Hi, maybe you will not like introducing 'static int int_max = INT_MAX;' for this old kernel which EOL in 10 months. Cyril Hrubis (3): sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Disallow writing invalid values to sched_rt_period_us kernel/sched/rt.c | 10 +++++----- kernel/sysctl.c | 5 +++++ 2 files changed, 10 insertions(+), 5 deletions(-) -- 2.35.3

1 year

2
16
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2024