September 2024 - Linux-stable-mirror

[PATCH] tools: hv: Fix a complier warning in the fcopy uio daemon

by Dexuan Cui

hv_fcopy_uio_daemon.c:436:53: warning: '%s' directive output may be truncated writing up to 14 bytes into a region of size 10 [-Wformat-truncation=] 436 | snprintf(uio_dev_path, sizeof(uio_dev_path), "/dev/%s", uio_name); Also added 'static' for the array 'desc[]'. Fixes: 82b0945ce2c2 ("tools: hv: Add new fcopy application based on uio driver") Cc: stable(a)vger.kernel.org # 6.10+ Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- tools/hv/hv_fcopy_uio_daemon.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tools/hv/hv_fcopy_uio_daemon.c b/tools/hv/hv_fcopy_uio_daemon.c index 3ce316cc9f97..f7741af08a79 100644 --- a/tools/hv/hv_fcopy_uio_daemon.c +++ b/tools/hv/hv_fcopy_uio_daemon.c @@ -35,8 +35,6 @@ #define WIN8_SRV_MINOR 1 #define WIN8_SRV_VERSION (WIN8_SRV_MAJOR << 16 | WIN8_SRV_MINOR) -#define MAX_FOLDER_NAME 15 -#define MAX_PATH_LEN 15 #define FCOPY_UIO "/sys/bus/vmbus/devices/eb765408-105f-49b6-b4aa-c123b64d17d4/uio" #define FCOPY_VER_COUNT 1 @@ -51,7 +49,7 @@ static const int fw_versions[] = { #define HV_RING_SIZE 0x4000 /* 16KB ring buffer size */ -unsigned char desc[HV_RING_SIZE]; +static unsigned char desc[HV_RING_SIZE]; static int target_fd; static char target_fname[PATH_MAX]; @@ -402,8 +400,8 @@ int main(int argc, char *argv[]) struct vmbus_br txbr, rxbr; void *ring; uint32_t len = HV_RING_SIZE; - char uio_name[MAX_FOLDER_NAME] = {0}; - char uio_dev_path[MAX_PATH_LEN] = {0}; + char uio_name[NAME_MAX] = {0}; + char uio_dev_path[PATH_MAX] = {0}; static struct option long_options[] = { {"help", no_argument, 0, 'h' }, -- 2.25.1

7 months

3
5
0 0

[PATCH v2 0/2] drm/msm/dpu: two fixes targeting 6.11

by Dmitry Baryshkov

Leonard Lausen reported an issue with suspend/resume of the sc7180 devices. Fix the WB atomic check, which caused the issue. Also make sure that DPU debugging logs are always directed to the drm_debug / DRIVER so that usual drm.debug masks work in an expected way. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes in v2: - Reworked the writeback to just drop the connector->status check. - Expanded commit message for the debugging patch. - Link to v1: https://lore.kernel.org/r/20240709-dpu-fix-wb-v1-0-448348bfd4cb@linaro.org --- Dmitry Baryshkov (2): drm/msm/dpu1: don't choke on disabling the writeback connector drm/msm/dpu: don't play tricks with debug macros drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 ++------------ drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 --- 2 files changed, 2 insertions(+), 15 deletions(-) --- base-commit: 668d33c9ff922c4590c58754ab064aaf53c387dd change-id: 20240709-dpu-fix-wb-6cd57e3eb182 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

7 months

5
19
0 0

drm/amd/display: Pass pwrseq inst for backlight and ABM

by Alex Deucher

Hi Greg, Sasha, Please cherry pick upstream commit b17ef04bf3a4 ("drm/amd/display: Pass pwrseq inst for backlight and ABM") to stable kernel 6.6.x and newer. This fixes broken backlight adjustment on some AMD platforms with eDP panels. Thanks, Alex

7 months

3
7
0 0

[PATCH v2] pps: Remove embedded cdev to fix a use-after-free

by Calvin Owens

On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...followed by more symptoms of corruption, with similar stacks: refcount_t: underflow; use-after-free. kernel BUG at lib/list_debug.c:62! Kernel panic - not syncing: Oops - BUG: Fatal exception This happens because pps_device_destruct() frees the pps_device with the embedded cdev immediately after calling cdev_del(), but, as the comment above cdev_del() notes, fops for previously opened cdevs are still callable even after cdev_del() returns. I think this bug has always been there: I can't explain why it suddenly started happening every time I reboot this particular board. In commit d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source."), George Spelvin suggested removing the embedded cdev. That seems like the simplest way to fix this, so I've implemented his suggestion, with pps_idr becoming the source of truth for which minor corresponds to which device. But now that pps_idr defines userspace visibility instead of cdev_add(), we need to be sure the pps->dev kobject refcount can't reach zero while userspace can still find it again. So, the idr_remove() call moves to pps_unregister_cdev(), and pps_idr now holds a reference to the pps->dev kobject. pps_core: source serial1 got cdev (251:1) <...> pps pps1: removed pps_core: unregistering pps1 pps_core: deallocating pps1 Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.") Cc: stable(a)vger.kernel.org Signed-off-by: Calvin Owens <calvin(a)wbinvd.org> --- Changes in v2: - Don't move pr_debug() from pps_device_destruct() to pps_unregister_cdev() - Actually add stable(a)vger.kernel.org to CC --- drivers/pps/pps.c | 83 ++++++++++++++++++++------------------ include/linux/pps_kernel.h | 1 - 2 files changed, 44 insertions(+), 40 deletions(-) diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index 5d19baae6a38..6980ab17f314 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -25,7 +25,7 @@ * Local variables */ -static dev_t pps_devt; +static int pps_major; static struct class *pps_class; static DEFINE_MUTEX(pps_idr_lock); @@ -296,19 +296,35 @@ static long pps_cdev_compat_ioctl(struct file *file, #define pps_cdev_compat_ioctl NULL #endif +static struct pps_device *pps_idr_get(unsigned long id) +{ + struct pps_device *pps; + + mutex_lock(&pps_idr_lock); + pps = idr_find(&pps_idr, id); + if (pps) + kobject_get(&pps->dev->kobj); + + mutex_unlock(&pps_idr_lock); + return pps; +} + static int pps_cdev_open(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = pps_idr_get(iminor(inode)); + + if (!pps) + return -ENODEV; + file->private_data = pps; - kobject_get(&pps->dev->kobj); return 0; } static int pps_cdev_release(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = file->private_data; + + WARN_ON(pps->id != iminor(inode)); kobject_put(&pps->dev->kobj); return 0; } @@ -332,14 +348,7 @@ static void pps_device_destruct(struct device *dev) { struct pps_device *pps = dev_get_drvdata(dev); - cdev_del(&pps->cdev); - - /* Now we can release the ID for re-use */ pr_debug("deallocating pps%d\n", pps->id); - mutex_lock(&pps_idr_lock); - idr_remove(&pps_idr, pps->id); - mutex_unlock(&pps_idr_lock); - kfree(dev); kfree(pps); } @@ -364,39 +373,26 @@ int pps_register_cdev(struct pps_device *pps) goto out_unlock; } pps->id = err; - mutex_unlock(&pps_idr_lock); - devt = MKDEV(MAJOR(pps_devt), pps->id); - - cdev_init(&pps->cdev, &pps_cdev_fops); - pps->cdev.owner = pps->info.owner; - - err = cdev_add(&pps->cdev, devt, 1); - if (err) { - pr_err("%s: failed to add char device %d:%d\n", - pps->info.name, MAJOR(pps_devt), pps->id); - goto free_idr; - } + devt = MKDEV(pps_major, pps->id); pps->dev = device_create(pps_class, pps->info.dev, devt, pps, "pps%d", pps->id); if (IS_ERR(pps->dev)) { err = PTR_ERR(pps->dev); - goto del_cdev; + goto free_idr; } /* Override the release function with our own */ pps->dev->release = pps_device_destruct; - pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, - MAJOR(pps_devt), pps->id); + pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major, + pps->id); + kobject_get(&pps->dev->kobj); + mutex_unlock(&pps_idr_lock); return 0; -del_cdev: - cdev_del(&pps->cdev); - free_idr: - mutex_lock(&pps_idr_lock); idr_remove(&pps_idr, pps->id); out_unlock: mutex_unlock(&pps_idr_lock); @@ -408,6 +404,12 @@ void pps_unregister_cdev(struct pps_device *pps) pr_debug("unregistering pps%d\n", pps->id); pps->lookup_cookie = NULL; device_destroy(pps_class, pps->dev->devt); + + /* Now we can release the ID for re-use */ + mutex_lock(&pps_idr_lock); + idr_remove(&pps_idr, pps->id); + kobject_put(&pps->dev->kobj); + mutex_unlock(&pps_idr_lock); } /* @@ -427,6 +429,11 @@ void pps_unregister_cdev(struct pps_device *pps) * so that it will not be used again, even if the pps device cannot * be removed from the idr due to pending references holding the minor * number in use. + * + * Since pps_idr holds a reference to the kobject, the returned + * pps_device is guaranteed to be valid until pps_unregister_cdev() is + * called on it. But after calling pps_unregister_cdev(), it may be + * freed at any time. */ struct pps_device *pps_lookup_dev(void const *cookie) { @@ -449,13 +456,11 @@ EXPORT_SYMBOL(pps_lookup_dev); static void __exit pps_exit(void) { class_destroy(pps_class); - unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES); + __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps"); } static int __init pps_init(void) { - int err; - pps_class = class_create("pps"); if (IS_ERR(pps_class)) { pr_err("failed to allocate class\n"); @@ -463,8 +468,9 @@ static int __init pps_init(void) } pps_class->dev_groups = pps_groups; - err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps"); - if (err < 0) { + pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps", + &pps_cdev_fops); + if (pps_major < 0) { pr_err("failed to allocate char device region\n"); goto remove_class; } @@ -477,8 +483,7 @@ static int __init pps_init(void) remove_class: class_destroy(pps_class); - - return err; + return pps_major; } subsys_initcall(pps_init); diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h index 78c8ac4951b5..8ee312788118 100644 --- a/include/linux/pps_kernel.h +++ b/include/linux/pps_kernel.h @@ -56,7 +56,6 @@ struct pps_device { unsigned int id; /* PPS source unique ID */ void const *lookup_cookie; /* For pps_lookup_dev() only */ - struct cdev cdev; struct device *dev; struct fasync_struct *async_queue; /* fasync method */ spinlock_t lock; -- 2.45.2

7 months

5
10
0 0

5.10.225 stable kernel cgroup_mutex not held assertion failure

by Greg Thelen

Linux stable v5.10.226 suffers a lockdep warning when accessing /proc/PID/cpuset. cset_cgroup_from_root() is called without cgroup_mutex is held, which causes assertion failure. Bisect blames 5.10.225 commit 688325078a8b ("cgroup/cpuset: Prevent UAF in proc_cpuset_show()"). I've have not easily reproduced the problem that this change fixes, so I'm not sure if it's best to revert the fix or adapt it to meet the 5.10 locking expectations. The lockdep complaint: $ cat /proc/1/cpuset $ dmesg [ 198.744891] ------------[ cut here ]------------ [ 198.744918] WARNING: CPU: 4 PID: 9301 at kernel/cgroup/cgroup.c:1395 cset_cgroup_from_root+0xb2/0xd0 [ 198.744957] RIP: 0010:cset_cgroup_from_root+0xb2/0xd0 [ 198.744960] Code: 02 00 00 74 11 48 8b 09 48 39 cb 75 eb eb 19 49 83 c6 10 4c 89 f0 48 85 c0 74 0d 5b 41 5e c3 48 8b 43 60 48 85 c0 75 f3 0f 0b <0f> 0b 83 3d 69 01 ee 01 00 0f 85 78 ff ff ff eb 8b 0f 0b eb 87 66 [ 198.744962] RSP: 0018:ffffb492608a7ce8 EFLAGS: 00010046 [ 198.744977] RAX: 0000000000000000 RBX: ffffffff8f4171b8 RCX: cc949de848c33e00 [ 198.744979] RDX: 0000000000001000 RSI: ffffffff8f415450 RDI: ffff92e5417c4dc0 [ 198.744981] RBP: ffff9303467e3f00 R08: 0000000000000008 R09: ffffffff9122d568 [ 198.744983] R10: ffff92e5417c4380 R11: 0000000000000000 R12: ffff92e3d9506000 [ 198.744984] R13: 0000000000000000 R14: ffff92e443a96000 R15: ffff92e3d9506000 [ 198.744987] FS: 00007f15d94ed740(0000) GS:ffff9302bf500000(0000) knlGS:0000000000000000 [ 198.744988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.744990] CR2: 00007f15d94ca000 CR3: 00000002816ca003 CR4: 00000000001706e0 [ 198.744992] Call Trace: [ 198.744996] ? __warn+0xcd/0x1c0 [ 198.745000] ? cset_cgroup_from_root+0xb2/0xd0 [ 198.745008] ? report_bug+0x87/0xf0 [ 198.745015] ? handle_bug+0x42/0x80 [ 198.745017] ? exc_invalid_op+0x16/0x70 [ 198.745021] ? asm_exc_invalid_op+0x12/0x20 [ 198.745030] ? cset_cgroup_from_root+0xb2/0xd0 [ 198.745034] ? cset_cgroup_from_root+0x28/0xd0 [ 198.745038] cgroup_path_ns_locked+0x23/0x50 [ 198.745044] proc_cpuset_show+0x115/0x210 [ 198.745049] proc_single_show+0x4a/0xa0 [ 198.745056] seq_read_iter+0x14d/0x400 [ 198.745063] seq_read+0x103/0x130 [ 198.745074] vfs_read+0xea/0x320 [ 198.745078] ? do_user_addr_fault+0x25b/0x390 [ 198.745085] ? do_user_addr_fault+0x25b/0x390 [ 198.745090] ksys_read+0x70/0xe0 [ 198.745096] do_syscall_64+0x2d/0x40 [ 198.745099] entry_SYSCALL_64_after_hwframe+0x61/0xcb

7 months

8
28
0 0

[PATCH V2 1/3] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

by Huacai Chen

When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]--- Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/mips/kernel/proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/kernel/proc.c b/arch/mips/kernel/proc.c index 4184d641f05e..33a02f3814f5 100644 --- a/arch/mips/kernel/proc.c +++ b/arch/mips/kernel/proc.c @@ -172,7 +172,7 @@ static void *c_start(struct seq_file *m, loff_t *pos) { unsigned long i = *pos; - return i < NR_CPUS ? (void *) (i + 1) : NULL; + return i < nr_cpu_ids ? (void *) (i + 1) : NULL; } static void *c_next(struct seq_file *m, void *v, loff_t *pos) -- 2.31.1

7 months, 1 week

5
15
0 0

[PATCH AUTOSEL 5.15 01/12] watch_queue: fix kcalloc() arguments order

by Sasha Levin

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit 1bfc466b13cf6652ba227c282c27a30ffede69a5 ] When compiling with gcc version 14.0.0 20231220 (experimental) and W=1, I've noticed the following warning: kernel/watch_queue.c: In function 'watch_queue_set_size': kernel/watch_queue.c:273:32: warning: 'kcalloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args] 273 | pages = kcalloc(sizeof(struct page *), nr_pages, GFP_KERNEL); | ^~~~~~ Since 'n' and 'size' arguments of 'kcalloc()' are multiplied to calculate the final size, their actual order doesn't affect the result and so this is not a bug. But it's still worth to fix it. Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://lore.kernel.org/r/20231221090139.12579-1-dmantipov@yandex.ru Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/watch_queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/watch_queue.c b/kernel/watch_queue.c index ae31bf8d2feb..bf86e1d71cd3 100644 --- a/kernel/watch_queue.c +++ b/kernel/watch_queue.c @@ -275,7 +275,7 @@ long watch_queue_set_size(struct pipe_inode_info *pipe, unsigned int nr_notes) goto error; ret = -ENOMEM; - pages = kcalloc(sizeof(struct page *), nr_pages, GFP_KERNEL); + pages = kcalloc(nr_pages, sizeof(struct page *), GFP_KERNEL); if (!pages) goto error; -- 2.43.0

7 months, 1 week

4
26
0 0

[PATCH 00/18] leds: switch to device_for_each_child_node_scoped()

by Javier Carrasco

This series switches from the device_for_each_child_node() macro to its scoped variant, which in general makes the code more robust if new early exits are added to the loops, because there is no need for explicit calls to fwnode_handle_put(). Depending on the complexity of the loop and its error handling, the code gets simplified and it gets easier to follow. The non-scoped variant of the macro is error-prone, and it has been the source of multiple bugs where the child node refcount was not decremented accordingly in error paths within the loops. The first patch of this series is a good example, which fixes that kind of bug that is regularly found in node iterators. The uses of device_for_each_child_node() with no early exits have been left untouched because their simpilicty justifies the non-scoped variant. Note that the child node is now declared in the macro, and therefore the explicit declaration is no longer required. The general functionality should not be affected by this modification. If functional changes are found, please report them back as errors. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (18): leds: flash: mt6360: fix device_for_each_child_node() refcounting in error paths leds: flash: mt6370: switch to device_for_each_child_node_scoped() leds: flash: leds-qcom-flash: switch to device_for_each_child_node_scoped() leds: aw200xx: switch to device_for_each_child_node_scoped() leds: cr0014114: switch to device_for_each_child_node_scoped() leds: el15203000: switch to device_for_each_child_node_scoped() leds: gpio: switch to device_for_each_child_node_scoped() leds: lm3532: switch to device_for_each_child_node_scoped() leds: lm3697: switch to device_for_each_child_node_scoped() leds: lp50xx: switch to device_for_each_child_node_scoped() leds: max77650: switch to device_for_each_child_node_scoped() leds: ns2: switch to device_for_each_child_node_scoped() leds: pca963x: switch to device_for_each_child_node_scoped() leds: pwm: switch to device_for_each_child_node_scoped() leds: sun50i-a100: switch to device_for_each_child_node_scoped() leds: tca6507: switch to device_for_each_child_node_scoped() leds: rgb: ktd202x: switch to device_for_each_child_node_scoped() leds: rgb: mt6370: switch to device_for_each_child_node_scoped() drivers/leds/flash/leds-mt6360.c | 3 +-- drivers/leds/flash/leds-mt6370-flash.c | 11 +++------- drivers/leds/flash/leds-qcom-flash.c | 4 +--- drivers/leds/leds-aw200xx.c | 7 ++----- drivers/leds/leds-cr0014114.c | 4 +--- drivers/leds/leds-el15203000.c | 14 ++++--------- drivers/leds/leds-gpio.c | 9 +++------ drivers/leds/leds-lm3532.c | 18 +++++++---------- drivers/leds/leds-lm3697.c | 18 ++++++----------- drivers/leds/leds-lp50xx.c | 21 +++++++------------ drivers/leds/leds-max77650.c | 18 ++++++----------- drivers/leds/leds-ns2.c | 7 ++----- drivers/leds/leds-pca963x.c | 11 +++------- drivers/leds/leds-pwm.c | 15 ++++---------- drivers/leds/leds-sun50i-a100.c | 27 +++++++++---------------- drivers/leds/leds-tca6507.c | 7 ++----- drivers/leds/rgb/leds-ktd202x.c | 8 +++----- drivers/leds/rgb/leds-mt6370-rgb.c | 37 ++++++++++------------------------ 18 files changed, 75 insertions(+), 164 deletions(-) --- base-commit: 92fc9636d1471b7f68bfee70c776f7f77e747b97 change-id: 20240926-leds_device_for_each_child_node_scoped-5a95255413fa Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

7 months, 2 weeks

3
3
0 0

[PATCH 6.1 000/321] 6.1.107-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.107 release. There are 321 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Aug 2024 14:37:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.107-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.107-rc1 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: MT - limit max slots Paolo Abeni <pabeni(a)redhat.com> selftests: net: more strict check in net_helper Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Dave Kleikamp <dave.kleikamp(a)oracle.com> Revert "jfs: fix shift-out-of-bounds in dbJoin" Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix W=1 headers mismatch Felix Fietkau <nbd(a)nbd.name> udp: fix receiving fraglist GSO packets Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove freeze_go_demote_ok Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove LM_FLAG_PRIORITY flag Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: don't withdraw if init_threads() got interrupted Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix another freeze/thaw hang Felix Fietkau <nbd(a)nbd.name> wifi: cfg80211: fix receiving mesh packets without RFC1042 header Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix potential null pointer dereference Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: drop bogus static keywords in A-MSDU rx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix receiving mesh packets in forwarding=0 networks Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix flow dissection for forwarded packets Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix mesh forwarding Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix mesh path discovery based on unicast packets Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add documentation for amsdu_mesh_control Willem de Bruijn <willemb(a)google.com> net: drop bad gso csum_start and offset in virtio_net_hdr Willem de Bruijn <willemb(a)google.com> net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation Yan Zhai <yan(a)cloudflare.com> gso: fix dodgy bit handling for GSO_UDP_L4 Andrew Melnychenko <andrew(a)daynix.com> udp: allow header check for dodgy GSO_UDP_L4 packets. Jan Höppner <hoeppner(a)linux.ibm.com> Revert "s390/dasd: Establish DMA alignment" Li RongQing <lirongqing(a)baidu.com> KVM: x86: fire timer when it is migrated and expired, and in oneshot mode Boyuan Zhang <boyuan.zhang(a)amd.com> drm/amdgpu/vcn: not pause dpg for unified queue Boyuan Zhang <boyuan.zhang(a)amd.com> drm/amdgpu/vcn: identify unified queue in sw init Lee, Chun-Yi <joeyli.kernel(a)gmail.com> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() NeilBrown <neilb(a)suse.de> NFSD: simplify error paths in nfsd_svc() NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() Zi Yan <ziy(a)nvidia.com> mm/numa: no task_numa_fault() call if PTE is changed Zi Yan <ziy(a)nvidia.com> mm/numa: no task_numa_fault() call if PMD is changed Hailong Liu <hailong.liu(a)oppo.com> mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Relax start tick time check for slave timer elements Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() Eric Dumazet <edumazet(a)google.com> tcp: do not export tcp_twsk_purge() Alex Hung <alex.hung(a)amd.com> Revert "drm/amd/display: Validate hw_points_num before using it" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: gadget: uvc: cleanup request when not in correct state" Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only decrement add_addr_accepted for MPJ req Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused flushed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused removed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused removed ADD_ADDR Peng Fan <peng.fan(a)nxp.com> pmdomain: imx: wait SSAR when i.MX93 power domain on Ben Whitten <ben.whitten(a)gmail.com> mmc: dw_mmc: allow biu and ciu clocks to defer Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 Nikolay Kuratov <kniv(a)yandex-team.ru> cxgb4: add forgotten u64 ivlan cast before shift Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 Siarhei Vishniakou <svv(a)google.com> HID: microsoft: Add rumble support to latest xbox controllers Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Defer calculation of resolution until resolution_code is known Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Set timer mode in cpu-probe Candice Li <candice.li(a)amd.com> drm/amdgpu: Validate TA binary size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: the buffer of smb2 query dir response has at least 1 byte Chaotian Jing <chaotian.jing(a)mediatek.com> scsi: core: Fix the return value of scsi_logical_block_count() Griffin Kroah-Hartman <griffin(a)kroah.com> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter(a)linaro.org> mmc: mmc_test: Fix NULL dereference on allocation failure Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: reset the link phy params before link training Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: fix the max supported bpp logic Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't play tricks with debug macros Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix dangling multicast addresses Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Always disable promiscuous mode Bharat Bhushan <bbhushan2(a)marvell.com> octeontx2-af: Fix CPT AF register offset calculation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate vlan header Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible UAF in ip6_xmit() Eric Dumazet <edumazet(a)google.com> ipv6: fix possible UAF in ip6_finish_output2() Eric Dumazet <edumazet(a)google.com> ipv6: prevent UAF in ip6_send_skb() Stephen Hemminger <stephen(a)networkplumber.org> netem: fix return value if duplicate enqueue fails Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Fix out-of-bound access Dan Carpenter <dan.carpenter(a)linaro.org> dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: fix ICE_LAST_OFFSET formula Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: fix page reuse when PAGE_SIZE is over 8k Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Pull out next_to_clean bump out of ice_put_rx_buf() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Store page count inside ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Add xdp_buff to ice_rx_ring struct Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Prepare legacy-rx for upcoming XDP multi-buffer support Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm state handling when clearing active slave Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm real_dev null pointer dereference Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix null pointer deref in bond_ipsec_offload_ok Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix bond_ipsec_offload_ok return type Thomas Bogendoerfer <tbogendoerfer(a)suse.de> ip6_tunnel: Fix broken GRO Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Serialise kcm_sendmsg() for the same socket. Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: test: Use correct skb for route input check Florian Westphal <fw(a)strlen.de> tcp: prevent concurrent execution of tcp_sk_exit_batch Eric Dumazet <edumazet(a)google.com> tcp/dccp: do not care about families in inet_twsk_purge() Eric Dumazet <edumazet(a)google.com> tcp/dccp: bypass empty buckets in inet_twsk_purge() Hangbin Liu <liuhangbin(a)gmail.com> selftests: udpgro: report error when receive failed Lucas Karpinski <lkarpins(a)redhat.com> selftests/net: synchronize udpgro tests' tx and rx connection Simon Horman <horms(a)kernel.org> tc-testing: don't access non-existent variable on exception Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: serialize access to the injection/extraction groups Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix QoS class for injected packets with "ocelot-8021q" Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_ocelot: call only the relevant portion of __skb_vlan_pop() on TX Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN xmit Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix assumption of Central always being Initiator Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix LE quote calculation Lang Yu <Lang.Yu(a)amd.com> drm/amdkfd: reserve the BO before validating it Maximilian Luz <luzmaximilian(a)gmail.com> platform/surface: aggregator: Fix warning when controller is destroyed in probe Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Adjust cursor position Filipe Manana <fdmanana(a)suse.com> btrfs: send: allow cloning non-aligned extent if it ends at i_size David Sterba <dsterba(a)suse.com> btrfs: replace sb::s_blocksize by fs_info::sectorsize Long Li <longli(a)microsoft.com> net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings Mikulas Patocka <mpatocka(a)redhat.com> dm suspend: return -ERESTARTSYS instead of -EINTR Breno Leitao <leitao(a)debian.org> i2c: tegra: Do not mark ACPI devices as irq safe Michał Mirosław <mirq-linux(a)rere.qmqm.pl> i2c: tegra: allow VI support to be compiled out Michał Mirosław <mirq-linux(a)rere.qmqm.pl> i2c: tegra: allow DVC support to be compiled out Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Eric Dumazet <edumazet(a)google.com> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang(a)mediatek.com> hrtimer: Prevent queuing of hrtimer without a function callback Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1(a)huawei.com> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: core: Skip setting event buffers for host only controllers Gergo Koteles <soyer(a)irl.hu> platform/x86: lg-laptop: fix %s null argument warning Adrian Hunter <adrian.hunter(a)intel.com> clocksource: Make watchdog and suspend-timing multiplication overflow safe Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time Alexander Gordeev <agordeev(a)linux.ibm.com> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb(a)suse.de> NFS: avoid infinite loop in pnfs_update_layout. Hannes Reinecke <hare(a)suse.de> nvmet-tcp: do not continue for invalid icreq Jian Shen <shenjian15(a)huawei.com> net: hns3: add checking for vf id of mailbox Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: nct3018y: fix possible NULL dereference Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: bnep: Fix out-of-bound access Keith Busch <kbusch(a)kernel.org> nvme: clear caller pointer on identify failure Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba(a)suse.com> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion in tree_move_down() David Sterba <dsterba(a)suse.com> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba(a)suse.com> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba(a)suse.com> btrfs: tests: allocate dummy fs_info and root in test_find_delalloc() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion when checking for delayed_node root David Sterba <dsterba(a)suse.com> btrfs: delayed-inode: drop pointless BUG_ON in __btrfs_remove_delayed_item() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming(a)nfschina.com> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller(a)gmx.de> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Christophe Kerello <christophe.kerello(a)foss.st.com> memory: stm32-fmc2-ebi: check regmap_read return value Kees Cook <keescook(a)chromium.org> x86: Increase brk randomness entropy for 64-bit systems Li Nan <linan122(a)huawei.com> md: clean up invalid BUG_ON in md_ioctl Eric Dumazet <edumazet(a)google.com> netlink: hold nlk->cb_mutex longer in __netlink_dump_start() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Guard against division by zero Stefan Hajnoczi <stefanha(a)redhat.com> virtiofs: forbid newlines in tags Costa Shulyupin <costa.shul(a)redhat.com> hrtimer: Select housekeeping CPU during migration Erico Nunes <nunes.erico(a)gmail.com> drm/lima: set gp bus_stop bit before hard reset Kees Cook <keescook(a)chromium.org> net/sun3_82586: Avoid reading past buffer in debug output Philipp Stanner <pstanner(a)redhat.com> media: drivers/media/dvb-core: copy user arrays safely Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc(a)gmail.com> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: check cx23885_vdev_init() return Neel Natu <neelnatu(a)google.com> kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files Jan Kara <jack(a)suse.cz> quota: Remove BUG_ON from dqget() Al Viro <viro(a)zeniv.linux.org.uk> fuse: fix UAF in rcu pathwalks Al Viro <viro(a)zeniv.linux.org.uk> afs: fix __afs_break_callback() / afs_drop_open_mmap() race Baokun Li <libaokun1(a)huawei.com> ext4: do not trim the group with corrupted block bitmap Daniel Wagner <dwagner(a)suse.de> nvmet-trace: avoid dereferencing pointer too early Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Refcounting fix in gfs2_thaw_super Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_conn: Check non NULL function before calling for HFP offload Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode Kees Cook <keescook(a)chromium.org> hwmon: (pc87360) Bounds check data->innr usage Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data Kunwu Chan <chentao(a)kylinos.cn> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Ashish Mhetre <amhetre(a)nvidia.com> memory: tegra: Skip SID programming if SID registers aren't set Rob Clark <robdclark(a)chromium.org> drm/msm: Reduce fallout of fence signaling vs reclaim hangs Li Lingfeng <lilingfeng3(a)huawei.com> block: Fix lockdep warning in blk_mq_mark_tag_wait Samuel Holland <samuel.holland(a)sifive.com> arm64: Fix KASAN random tag seed initialization Masahiro Yamada <masahiroy(a)kernel.org> rust: fix the default format for CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT Masahiro Yamada <masahiroy(a)kernel.org> rust: suppress error messages from CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT Miguel Ojeda <ojeda(a)kernel.org> rust: work around `bindgen` 0.69.0 issue Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN` Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust_is_available: normalize version matching Antoniu Miclaus <antoniu.miclaus(a)analog.com> hwmon: (ltc2992) Avoid division by zero Chengfeng Ye <dg573847474(a)gmail.com> IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: fw: Fix debugfs command sending Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie(a)oracle.com> scsi: spi: Fix sshdr use Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: qcom: venus: fix incorrect return value Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Zero-initialize iosys_map Christian Brauner <brauner(a)kernel.org> binfmt_misc: cleanup on filesystem umount Yu Kuai <yukuai3(a)huawei.com> md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log' Chengfeng Ye <dg573847474(a)gmail.com> media: s5p-mfc: Fix potential deadlock on condlock Chengfeng Ye <dg573847474(a)gmail.com> staging: ks7010: disable bh on tx_dev_lock Alex Hung <alex.hung(a)amd.com> drm/amd/display: Validate hw_points_num before using it Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: cleanup request when not in correct state David Lechner <dlechner(a)baylibre.com> staging: iio: resolver: ad2s1210: fix use before initialization Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: radio-isa: use dev_name to fill in bus_info Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Move dma unmapping after TLB flush Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358768: Attempt to fix DSI horizontal timings Heiko Carstens <hca(a)linux.ibm.com> s390/smp,mcck: fix early IPI handling Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rtrs: Fix the problem of variable not initialized fully Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: riic: avoid potential division by zero Kamalesh Babulal <kamalesh.babulal(a)oracle.com> cgroup: Avoid extra dereference in css_populate_dir() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: cw1200: Avoid processing an invalid TIM IE Paul E. McKenney <paulmck(a)kernel.org> rcu: Eliminate rcu_gp_slow_unregister() false positive Zhen Lei <thunder.leizhen(a)huawei.com> rcu: Dump memory object info if callback function is invalid Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix BA session teardown race Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check wiphy mutex is held for wdev mutex Rand Deeb <rand.sec96(a)gmail.com> ssb: Fix division by zero issue in ssb_calc_clock_rate Lee Jones <lee(a)kernel.org> drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored Parsa Poorshikhian <parsa.poorsh(a)gmail.com> ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Jie Wang <wangjie125(a)huawei.com> net: hns3: fix a deadlock problem when config TC during resetting Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use the user's cfg after reset Jie Wang <wangjie125(a)huawei.com> net: hns3: fix wrong use of semaphore up Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Introduce nf_tables_getobj_single Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: nft_obj_filter fits into cb->ctx Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: A better name for nft_obj_filter Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Unconditionally allocate nft_obj_filter Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Audit log dump reset after the fact Florian Westphal <fw(a)strlen.de> netfilter: nf_queue: drop packets with cloned unconfirmed conntracks Donald Hunter <donald.hunter(a)gmail.com> netfilter: flowtable: initialise extack before use Tom Hughes <tom(a)compton.nu> netfilter: allow ipv6 fragments to arrive on different devices Eugene Syromiatnikov <esyr(a)redhat.com> mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: disable RX filters until RX path initialized Yue Haibing <yuehaibing(a)huawei.com> mlxbf_gige: Remove two unused function declarations Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: check busy flag in MDIO operations Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: use read_poll_timeout instead delay loop Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: pass value in phy_write operation Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> net: axienet: Fix register defines comment description Dan Carpenter <dan.carpenter(a)linaro.org> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Correctly report errors for ethtool rx flows Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: Take state lock during tx timeout reporter Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli(a)intel.com> igc: Correct the launchtime offset Takashi Iwai <tiwai(a)suse.de> ALSA: usb: Fix UBSAN warning in parse_audio_unit() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do copy_to_user out of run_lock Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG Edward Adam Davis <eadavis(a)qq.com> jfs: fix null ptr deref in dtInsertEntry Willem de Bruijn <willemb(a)google.com> fou: remove warn in gue_gro_receive on unsupported protocol yunshui <jiangyunshui(a)kylinos.cn> bpf, net: Use DEV_STAT_INC() Jan Kara <jack(a)suse.cz> udf: Fix bogus checksum computation in udf_rename() Jan Kara <jack(a)suse.cz> ext4: do not create EA inode under buffer lock Jan Kara <jack(a)suse.cz> ext4: fold quota accounting into ext4_xattr_inode_lookup_create() Li Zhong <floridsleeves(a)gmail.com> ext4: check the return value of ext4_xattr_inode_dec_ref() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix not validating setsockopt user input Alexei Starovoitov <ast(a)kernel.org> bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie. Kees Cook <keescook(a)chromium.org> bpf: Replace bpf_lpm_trie_key 0-length array with flexible array Donald Hunter <donald.hunter(a)gmail.com> docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: remove mesh forwarding congestion check Felix Fietkau <nbd(a)nbd.name> wifi: cfg80211: factor out bridge tunnel / RFC1042 header check Felix Fietkau <nbd(a)nbd.name> wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix and simplify unencrypted drop check for mesh Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> pppoe: Fix memory leak in pppoe_sendmsg() Dmitry Antipov <dmantipov(a)yandex.ru> net: sctp: fix skb leak in sctp_inq_free() Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Jan Kara <jack(a)suse.cz> quota: Detect loops in quota tree Gao Xiang <xiang(a)kernel.org> erofs: avoid debugging output for (de)compressed data Edward Adam Davis <eadavis(a)qq.com> reiserfs: fix uninit-value in comp_keys Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix variable overflow triggered by sysbot Lizhi Xu <lizhi.xu(a)windriver.com> squashfs: squashfs_read_data need to check if the length is 0 Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix shift-out-of-bounds in dbJoin Jakub Kicinski <kuba(a)kernel.org> net: don't dump stack on queue timeout Yajun Deng <yajun.deng(a)linux.dev> net: sched: Print msecs when transmit queue time out Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix change_address deadlock during unregister Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: take wiphy lock for MAC addr change Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Fix hci_link_tx_to RCU lock usage Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Stop using gfs2_make_fs_ro for withdraw Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rework freeze / thaw logic Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename gfs2_freeze_lock{ => _shared } Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename the {freeze,thaw}_super callbacks Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename remaining "transaction" glock references Kees Cook <keescook(a)chromium.org> pid: Replace struct pid 1-element array with flex-array Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Ensure timer ID search-loop limit is valid Andrii Nakryiko <andrii(a)kernel.org> bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log Andrii Nakryiko <andrii(a)kernel.org> bpf: Split off basic BPF verifier log into separate file Ivan Orlov <ivan.orlov0322(a)gmail.com> mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field Ivan Orlov <ivan.orlov0322(a)gmail.com> 9P FS: Fix wild-memory-access write in v9fs_get_acl Theodore Ts'o <tytso(a)mit.edu> ext4, jbd2: add an optimized bmap for the journal inode Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent WARNING in nilfs_dat_commit_end() Leon Hwang <leon.hwang(a)linux.dev> bpf: Fix updating attached freplace prog in prog_array map Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/uv: Panic for set and remove shared access UVC errors Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/jpeg2: properly set atomics vmid field Al Viro <viro(a)zeniv.linux.org.uk> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Actually check flags for all context ops. Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add dev extent item checks Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: properly take lock to read/update block group's zoned variables Waiman Long <longman(a)redhat.com> mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu Zhen Lei <thunder.leizhen(a)huawei.com> selinux: fix potential counting error in avc_add_xperms_decision() Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/fscache_cookie: add missing "n_accesses" check Dan Carpenter <dan.carpenter(a)linaro.org> rtla/osnoise: Prevent NULL dereference in error handling Andi Shyti <andi.shyti(a)kernel.org> i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume Al Viro <viro(a)zeniv.linux.org.uk> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin(a)intel.com> bitmap: introduce generic optimized bitmap_size() Alexander Lobakin <aleksander.lobakin(a)intel.com> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin(a)intel.com> s390/cio: rename bitmap_size() -> idset_bitmap_size() Alexander Lobakin <aleksander.lobakin(a)intel.com> fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() Zhihao Cheng <chengzhihao1(a)huawei.com> vfs: Don't evict inode under the inode lru traversing context Mikulas Patocka <mpatocka(a)redhat.com> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy(a)google.com> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu(a)intel.com> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Nam Cao <namcao(a)linutronix.de> riscv: change XIP's kernel_map.size to be size of the entire kernel Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix error recovery leading to data corruption on ESE devices Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Mark XDomain as unplugged when router is removed Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol(a)gmail.com> ALSA: usb-audio: Support Yamaha P-125 quirk entry Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Check USB endpoints when probing device Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Refine workqueue handling Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Don't destroy workqueue from work item running on it Jann Horn <jannh(a)google.com> fuse: Initialize beyond-EOF page contents before setting uptodate Mathieu Othacehe <othacehe(a)gnu.org> tty: atmel_serial: use the correct RTS flag. ------------- Diffstat: Documentation/bpf/map_lpm_trie.rst | 181 ++++++++++ Documentation/filesystems/gfs2-glocks.rst | 3 +- Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/arm64/kernel/setup.c | 3 - arch/arm64/kernel/smp.c | 2 + arch/arm64/kvm/sys_regs.c | 6 + arch/arm64/kvm/vgic/vgic.h | 7 + arch/mips/kernel/cpu-probe.c | 4 + arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + arch/riscv/mm/init.c | 4 +- arch/s390/include/asm/uv.h | 5 +- arch/s390/kernel/early.c | 12 +- arch/s390/kernel/smp.c | 4 +- arch/x86/kernel/process.c | 5 +- arch/x86/kvm/lapic.c | 8 +- block/blk-mq-tag.c | 5 +- drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/char/xillybus/xillyusb.c | 42 ++- drivers/clk/visconti/pll.c | 6 +- drivers/clocksource/arm_global_timer.c | 11 +- drivers/firmware/cirrus/cs_dsp.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 40 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 53 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 6 +- drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 24 +- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 2 +- drivers/gpu/drm/bridge/tc358768.c | 215 ++++++++++-- drivers/gpu/drm/lima/lima_gp.c | 12 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3 + drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 + drivers/gpu/drm/msm/dp/dp_panel.c | 19 +- drivers/gpu/drm/msm/msm_gem_shrinker.c | 2 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 5 + drivers/gpu/drm/tegra/gem.c | 2 +- drivers/hid/hid-ids.h | 10 +- drivers/hid/hid-microsoft.c | 11 +- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/ltc2992.c | 8 +- drivers/hwmon/pc87360.c | 6 +- drivers/i2c/busses/i2c-qcom-geni.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/i2c/busses/i2c-tegra.c | 41 ++- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/infiniband/hw/hfi1/chip.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs.c | 2 +- drivers/input/input-mt.c | 3 + drivers/input/serio/i8042-acpipnpio.h | 20 +- drivers/input/serio/i8042.c | 10 +- drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/irqchip/irq-renesas-rzg2l.c | 5 +- drivers/md/dm-clone-metadata.c | 5 - drivers/md/dm-ioctl.c | 22 +- drivers/md/dm.c | 4 +- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/md/raid5-cache.c | 47 +-- drivers/media/dvb-core/dvb_frontend.c | 12 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/media/platform/qcom/venus/pm_helpers.c | 2 +- .../media/platform/samsung/s5p-mfc/s5p_mfc_enc.c | 2 +- drivers/media/radio/radio-isa.c | 2 +- drivers/memory/stm32-fmc2-ebi.c | 122 +++++-- drivers/memory/tegra/tegra186.c | 3 + drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/bonding/bond_main.c | 21 +- drivers/net/bonding/bond_options.c | 2 +- drivers/net/dsa/mv88e6xxx/global1_atu.c | 3 +- drivers/net/dsa/ocelot/felix.c | 11 + drivers/net/dsa/vitesse-vsc73xx-core.c | 69 +++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- .../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 28 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 3 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- drivers/net/ethernet/intel/ice/ice_base.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 8 +- drivers/net/ethernet/intel/ice/ice_main.c | 10 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 117 +++---- drivers/net/ethernet/intel/ice/ice_txrx.h | 6 +- drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 1 + drivers/net/ethernet/intel/igc/igc_defines.h | 15 + drivers/net/ethernet/intel/igc/igc_main.c | 7 + drivers/net/ethernet/intel/igc/igc_regs.h | 1 + drivers/net/ethernet/intel/igc/igc_tsn.c | 64 ++++ drivers/net/ethernet/intel/igc/igc_tsn.h | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 23 +- .../ethernet/mellanox/mlx5/core/en/reporter_tx.c | 2 + .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- .../net/ethernet/mellanox/mlxbf_gige/mlxbf_gige.h | 9 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 10 + .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_regs.h | 2 + .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 50 ++- drivers/net/ethernet/microsoft/mana/mana.h | 1 + drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +- drivers/net/ethernet/mscc/ocelot.c | 91 ++++- drivers/net/ethernet/mscc/ocelot_fdma.c | 3 +- drivers/net/ethernet/mscc/ocelot_vsc7514.c | 4 + drivers/net/ethernet/xilinx/xilinx_axienet.h | 17 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 25 +- drivers/net/gtp.c | 3 + drivers/net/ppp/pppoe.c | 23 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- .../net/wireless/marvell/mwifiex/11n_rxreorder.c | 2 +- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nvme/host/core.c | 5 +- drivers/nvme/target/rdma.c | 16 +- drivers/nvme/target/tcp.c | 1 + drivers/nvme/target/trace.c | 6 +- drivers/nvme/target/trace.h | 28 +- drivers/platform/surface/aggregator/controller.c | 3 +- drivers/platform/x86/lg-laptop.c | 2 +- drivers/rtc/rtc-nct3018y.c | 6 +- drivers/s390/block/dasd.c | 36 +- drivers/s390/block/dasd_3990_erp.c | 10 +- drivers/s390/block/dasd_diag.c | 1 - drivers/s390/block/dasd_eckd.c | 58 ++- drivers/s390/block/dasd_int.h | 2 +- drivers/s390/cio/idset.c | 12 +- drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soc/imx/imx93-pd.c | 5 +- drivers/ssb/main.c | 2 +- drivers/staging/iio/resolver/ad2s1210.c | 7 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/thunderbolt/switch.c | 1 + drivers/tty/serial/atmel_serial.c | 2 +- drivers/usb/dwc3/core.c | 13 + drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/video/fbdev/offb.c | 3 +- fs/9p/xattr.c | 8 +- fs/afs/file.c | 8 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_misc.c | 216 +++++++++--- fs/btrfs/delayed-inode.c | 4 +- fs/btrfs/disk-io.c | 2 + fs/btrfs/extent_io.c | 4 +- fs/btrfs/free-space-cache.c | 22 +- fs/btrfs/inode.c | 11 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/qgroup.c | 2 - fs/btrfs/reflink.c | 6 +- fs/btrfs/send.c | 63 +++- fs/btrfs/super.c | 2 +- fs/btrfs/tests/extent-io-tests.c | 28 +- fs/btrfs/tree-checker.c | 69 ++++ fs/erofs/decompressor.c | 8 +- fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/ext4/super.c | 23 ++ fs/ext4/xattr.c | 158 ++++----- fs/f2fs/segment.c | 5 +- fs/file.c | 28 +- fs/fscache/cookie.c | 4 + fs/fuse/cuse.c | 3 +- fs/fuse/dev.c | 6 +- fs/fuse/fuse_i.h | 1 + fs/fuse/inode.c | 15 +- fs/fuse/virtio_fs.c | 10 + fs/gfs2/glock.c | 27 +- fs/gfs2/glock.h | 9 - fs/gfs2/glops.c | 66 ++-- fs/gfs2/incore.h | 2 +- fs/gfs2/inode.c | 2 +- fs/gfs2/lock_dlm.c | 5 - fs/gfs2/log.c | 2 - fs/gfs2/ops_fstype.c | 13 +- fs/gfs2/recovery.c | 28 +- fs/gfs2/super.c | 197 ++++++++--- fs/gfs2/super.h | 1 + fs/gfs2/sys.c | 2 +- fs/gfs2/util.c | 53 +-- fs/gfs2/util.h | 5 +- fs/inode.c | 39 ++- fs/jbd2/journal.c | 9 +- fs/jfs/jfs_dmap.c | 2 + fs/jfs/jfs_dtree.c | 2 + fs/kernfs/file.c | 8 +- fs/nfs/pnfs.c | 8 + fs/nfsd/nfs4proc.c | 4 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsctl.c | 32 +- fs/nfsd/nfsd.h | 3 +- fs/nfsd/nfssvc.c | 85 ++--- fs/nfsd/vfs.c | 6 +- fs/nilfs2/btree.c | 1 + fs/nilfs2/dat.c | 11 + fs/nilfs2/direct.c | 1 + fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/frecord.c | 75 +++- fs/ntfs3/fsntfs.c | 2 +- fs/ntfs3/index.c | 11 +- fs/ntfs3/ntfs_fs.h | 4 +- fs/ntfs3/super.c | 2 +- fs/quota/dquot.c | 5 +- fs/quota/quota_tree.c | 128 +++++-- fs/quota/quota_v2.c | 15 +- fs/reiserfs/stree.c | 2 +- fs/smb/server/smb2pdu.c | 3 +- fs/squashfs/block.c | 2 +- fs/squashfs/file.c | 3 +- fs/squashfs/file_direct.c | 6 +- fs/udf/namei.c | 1 - include/linux/bitmap.h | 20 +- include/linux/bpf_verifier.h | 23 +- include/linux/cpumask.h | 2 +- include/linux/dsa/ocelot.h | 47 +++ include/linux/fs.h | 5 + include/linux/if_vlan.h | 21 ++ include/linux/jbd2.h | 8 + include/linux/pid.h | 2 +- include/linux/sched/signal.h | 2 +- include/linux/sunrpc/svc.h | 13 - include/linux/udp.h | 2 +- include/linux/virtio_net.h | 35 +- include/net/cfg80211.h | 40 ++- include/net/inet_timewait_sock.h | 2 +- include/net/kcm.h | 1 + include/net/tcp.h | 2 +- include/scsi/scsi_cmnd.h | 2 +- include/soc/mscc/ocelot.h | 12 +- include/trace/events/huge_memory.h | 3 +- include/uapi/linux/bpf.h | 19 +- init/Kconfig | 7 +- kernel/bpf/Makefile | 3 +- kernel/bpf/log.c | 82 +++++ kernel/bpf/lpm_trie.c | 33 +- kernel/bpf/verifier.c | 69 ---- kernel/cgroup/cgroup.c | 4 +- kernel/pid.c | 7 +- kernel/pid_namespace.c | 2 +- kernel/rcu/rcu.h | 7 + kernel/rcu/srcutiny.c | 1 + kernel/rcu/srcutree.c | 1 + kernel/rcu/tasks.h | 1 + kernel/rcu/tiny.c | 1 + kernel/rcu/tree.c | 3 +- kernel/time/clocksource.c | 42 ++- kernel/time/hrtimer.c | 5 +- kernel/time/posix-timers.c | 31 +- lib/math/prime_numbers.c | 2 - mm/huge_memory.c | 30 +- mm/khugepaged.c | 20 ++ mm/memcontrol.c | 7 +- mm/memory-failure.c | 20 +- mm/memory.c | 29 +- mm/vmalloc.c | 11 +- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_conn.c | 11 +- net/bluetooth/hci_core.c | 24 +- net/bluetooth/mgmt.c | 4 + net/bluetooth/rfcomm/sock.c | 14 +- net/bluetooth/smp.c | 146 ++++---- net/bridge/br_netfilter_hooks.c | 6 +- net/core/filter.c | 8 +- net/core/skbuff.c | 8 +- net/dccp/ipv4.c | 2 +- net/dccp/ipv6.c | 6 - net/dsa/tag_ocelot.c | 37 +- net/ipv4/fou.c | 2 +- net/ipv4/inet_timewait_sock.c | 16 +- net/ipv4/tcp_ipv4.c | 16 +- net/ipv4/tcp_minisocks.c | 7 +- net/ipv4/tcp_offload.c | 3 + net/ipv4/udp_offload.c | 18 +- net/ipv6/ip6_output.c | 10 + net/ipv6/ip6_tunnel.c | 12 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 4 + net/ipv6/tcp_ipv6.c | 6 - net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/mac80211/agg-tx.c | 6 +- net/mac80211/debugfs_netdev.c | 3 - net/mac80211/driver-ops.c | 3 - net/mac80211/ieee80211_i.h | 1 - net/mac80211/iface.c | 27 +- net/mac80211/rx.c | 387 +++++++++++---------- net/mac80211/sta_info.c | 17 + net/mac80211/sta_info.h | 3 + net/mctp/test/route-test.c | 2 +- net/mptcp/diag.c | 2 +- net/mptcp/pm_netlink.c | 31 +- net/netfilter/nf_flow_table_inet.c | 3 + net/netfilter/nf_flow_table_ip.c | 3 + net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nf_tables_api.c | 225 +++++++----- net/netfilter/nfnetlink_queue.c | 35 +- net/netfilter/nft_counter.c | 9 +- net/netlink/af_netlink.c | 13 +- net/rds/recv.c | 13 +- net/sched/sch_generic.c | 11 +- net/sched/sch_netem.c | 47 ++- net/sctp/inqueue.c | 14 +- net/wireless/core.h | 8 +- net/wireless/util.c | 195 +++++++---- samples/bpf/map_perf_test_user.c | 2 +- samples/bpf/xdp_router_ipv4_user.c | 2 +- scripts/rust_is_available.sh | 41 ++- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 1 - sound/soc/sof/ipc4.c | 9 +- sound/usb/mixer.c | 7 + sound/usb/quirks-table.h | 1 + sound/usb/quirks.c | 2 + tools/include/linux/bitmap.h | 7 +- tools/include/uapi/linux/bpf.h | 19 +- tools/testing/selftests/bpf/progs/map_ptr_kern.c | 2 +- tools/testing/selftests/bpf/test_lpm_map.c | 18 +- tools/testing/selftests/core/close_range_test.c | 35 ++ tools/testing/selftests/net/net_helper.sh | 25 ++ tools/testing/selftests/net/udpgro.sh | 57 +-- tools/testing/selftests/net/udpgro_bench.sh | 5 +- tools/testing/selftests/net/udpgro_frglist.sh | 5 +- tools/testing/selftests/net/udpgso.c | 2 +- tools/testing/selftests/tc-testing/tdc.py | 1 - tools/tracing/rtla/src/osnoise_top.c | 11 +- 335 files changed, 4050 insertions(+), 2027 deletions(-)

7 months, 2 weeks

18
350
0 0

[PATCH v4] memfd: `MFD_NOEXEC_SEAL` should not imply `MFD_ALLOW_SEALING`

by Barnabás Pőcze

`MFD_NOEXEC_SEAL` should remove the executable bits and set `F_SEAL_EXEC` to prevent further modifications to the executable bits as per the comment in the uapi header file: not executable and sealed to prevent changing to executable However, commit 105ff5339f498a ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC") that introduced this feature made it so that `MFD_NOEXEC_SEAL` unsets `F_SEAL_SEAL`, essentially acting as a superset of `MFD_ALLOW_SEALING`. Nothing implies that it should be so, and indeed up until the second version of the of the patchset[0] that introduced `MFD_EXEC` and `MFD_NOEXEC_SEAL`, `F_SEAL_SEAL` was not removed, however, it was changed in the third revision of the patchset[1] without a clear explanation. This behaviour is surprising for application developers, there is no documentation that would reveal that `MFD_NOEXEC_SEAL` has the additional effect of `MFD_ALLOW_SEALING`. Additionally, combined with `vm.memfd_noexec=2` it has the effect of making all memfds initially sealable. So do not remove `F_SEAL_SEAL` when `MFD_NOEXEC_SEAL` is requested, thereby returning to the pre-Linux 6.3 behaviour of only allowing sealing when `MFD_ALLOW_SEALING` is specified. Now, this is technically a uapi break. However, the damage is expected to be minimal. To trigger user visible change, a program has to do the following steps: - create memfd: - with `MFD_NOEXEC_SEAL`, - without `MFD_ALLOW_SEALING`; - try to add seals / check the seals. But that seems unlikely to happen intentionally since this change essentially reverts the kernel's behaviour to that of Linux <6.3, so if a program worked correctly on those older kernels, it will likely work correctly after this change. I have used Debian Code Search and GitHub to try to find potential breakages, and I could only find a single one. dbus-broker's memfd_create() wrapper is aware of this implicit `MFD_ALLOW_SEALING` behaviour, and tries to work around it[2]. This workaround will break. Luckily, this only affects the test suite, it does not affect the normal operations of dbus-broker. There is a PR with a fix[3]. I also carried out a smoke test by building a kernel with this change and booting an Arch Linux system into GNOME and Plasma sessions. There was also a previous attempt to address this peculiarity by introducing a new flag[4]. [0]: https://lore.kernel.org/lkml/20220805222126.142525-3-jeffxu@google.com/ [1]: https://lore.kernel.org/lkml/20221202013404.163143-3-jeffxu@google.com/ [2]: https://github.com/bus1/dbus-broker/blob/9eb0b7e5826fc76cad7b025bc46f267d4a… [3]: https://github.com/bus1/dbus-broker/pull/366 [4]: https://lore.kernel.org/lkml/20230714114753.170814-1-david@readahead.eu/ Cc: stable(a)vger.kernel.org Signed-off-by: Barnabás Pőcze <pobrn(a)protonmail.com> --- * v3: https://lore.kernel.org/linux-mm/20240611231409.3899809-1-jeffxu@chromium.o… * v2: https://lore.kernel.org/linux-mm/20240524033933.135049-1-jeffxu@google.com/ * v1: https://lore.kernel.org/linux-mm/20240513191544.94754-1-pobrn@protonmail.co… This fourth version returns to removing the inconsistency as opposed to documenting its existence, with the same code change as v1 but with a somewhat extended commit message. This is sent because I believe it is worth at least a try; it can be easily reverted if bigger application breakages are discovered than initially imagined. --- mm/memfd.c | 9 ++++----- tools/testing/selftests/memfd/memfd_test.c | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index 7d8d3ab3fa37..8b7f6afee21d 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -356,12 +356,11 @@ SYSCALL_DEFINE2(memfd_create, inode->i_mode &= ~0111; file_seals = memfd_file_seals_ptr(file); - if (file_seals) { - *file_seals &= ~F_SEAL_SEAL; + if (file_seals) *file_seals |= F_SEAL_EXEC; - } - } else if (flags & MFD_ALLOW_SEALING) { - /* MFD_EXEC and MFD_ALLOW_SEALING are set */ + } + + if (flags & MFD_ALLOW_SEALING) { file_seals = memfd_file_seals_ptr(file); if (file_seals) *file_seals &= ~F_SEAL_SEAL; diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c index 95af2d78fd31..7b78329f65b6 100644 --- a/tools/testing/selftests/memfd/memfd_test.c +++ b/tools/testing/selftests/memfd/memfd_test.c @@ -1151,7 +1151,7 @@ static void test_noexec_seal(void) mfd_def_size, MFD_CLOEXEC | MFD_NOEXEC_SEAL); mfd_assert_mode(fd, 0666); - mfd_assert_has_seals(fd, F_SEAL_EXEC); + mfd_assert_has_seals(fd, F_SEAL_SEAL | F_SEAL_EXEC); mfd_fail_chmod(fd, 0777); close(fd); } -- 2.45.2

7 months, 2 weeks

3
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2024