April 2025 - Linux-stable-mirror

[PATCH 5.10/5.15] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

by Xiangyu Chen

From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> commit b25e11f978b63cb7857890edb3a698599cddb10e upstream. This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 Cc: stable(a)vger.kernel.org Fixes: ba15a58b179e ("Bluetooth: Fix SSP acceptor just-works confirmation without MITM") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Tested-by: Kiran K <kiran.k(a)intel.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- net/bluetooth/hci_event.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 50e21f67a73d..83af50c3838a 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4859,19 +4859,16 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev, goto unlock; } - /* If no side requires MITM protection; auto-accept */ + /* If no side requires MITM protection; use JUST_CFM method */ if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { - /* If we're not the initiators request authorization to - * proceed from user space (mgmt_user_confirm with - * confirm_hint set to 1). The exception is if neither - * side had MITM or if the local IO capability is - * NoInputNoOutput, in which case we do auto-accept + /* If we're not the initiator of request authorization and the + * local IO capability is not NoInputNoOutput, use JUST_WORKS + * method (mgmt_user_confirm with confirm_hint set to 1). */ if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && - conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && - (loc_mitm || rem_mitm)) { + conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) { BT_DBG("Confirming auto-accept as acceptor"); confirm_hint = 1; goto confirm; -- 2.34.1

4 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x e7607f7d6d81af71dcc5171278aadccc94d277cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040805-boaster-hazing-36c3@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e7607f7d6d81af71dcc5171278aadccc94d277cd Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Thu, 20 Mar 2025 22:33:49 +0100 Subject: [PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE ld.lld prior to 21.0.0 does not support using the KEEP keyword within an overlay description, which may be needed to avoid discarding necessary sections within an overlay with '--gc-sections', which can be enabled for the kernel via CONFIG_LD_DEAD_CODE_DATA_ELIMINATION. Disallow CONFIG_LD_DEAD_CODE_DATA_ELIMINATION without support for KEEP within OVERLAY and introduce a macro, OVERLAY_KEEP, that can be used to conditionally add KEEP when it is properly supported to avoid breaking old versions of ld.lld. Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/commit/381599f1fe973afad3094e55ec99b16… Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 202dbd17ad2f..25ed6f1a7c7a 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -121,7 +121,7 @@ config ARM select HAVE_KERNEL_XZ select HAVE_KPROBES if !XIP_KERNEL && !CPU_ENDIAN_BE32 && !CPU_V7M select HAVE_KRETPROBES if HAVE_KPROBES - select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_IS_LLD) + select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_CAN_USE_KEEP_IN_OVERLAY) select HAVE_MOD_ARCH_SPECIFIC select HAVE_NMI select HAVE_OPTPROBES if !THUMB2_KERNEL diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h index 89697f204715..a54db342653a 100644 --- a/arch/arm/include/asm/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -34,6 +34,12 @@ #define NOCROSSREFS #endif +#ifdef CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY +#define OVERLAY_KEEP(x) KEEP(x) +#else +#define OVERLAY_KEEP(x) x +#endif + /* Set start/end symbol names to the LMA for the section */ #define ARM_LMA(sym, section) \ sym##_start = LOADADDR(section); \ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..fc994f5cd5db 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -129,6 +129,11 @@ config CC_HAS_COUNTED_BY # https://github.com/llvm/llvm-project/pull/112636 depends on !(CC_IS_CLANG && CLANG_VERSION < 190103) +config LD_CAN_USE_KEEP_IN_OVERLAY + # ld.lld prior to 21.0.0 did not support KEEP within an overlay description + # https://github.com/llvm/llvm-project/pull/130661 + def_bool LD_IS_BFD || LLD_VERSION >= 210000 + config RUSTC_HAS_COERCE_POINTEE def_bool RUSTC_VERSION >= 108400

4 months, 2 weeks

4
3
0 0

[PATCH 5.10.y] nvme: avoid double free special payload

by Cliff Liu

From: Chunguang Xu <chunguang.xu(a)shopee.com> [ Upstream commit e5d574ab37f5f2e7937405613d9b1a724811e5ad ] If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the request is cleaned. Signed-off-by: Chunguang Xu <chunguang.xu(a)shopee.com> Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me> Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com> Signed-off-by: Keith Busch <kbusch(a)kernel.org> [Minor context change fixed] Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- drivers/nvme/host/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 019a6dbdcbc2..7d6aab68446e 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -852,6 +852,7 @@ void nvme_cleanup_cmd(struct request *req) clear_bit_unlock(0, &ns->ctrl->discard_page_busy); else kfree(page_address(page) + req->special_vec.bv_offset); + req->rq_flags &= ~RQF_SPECIAL_PAYLOAD; } } EXPORT_SYMBOL_GPL(nvme_cleanup_cmd); -- 2.34.1

4 months, 2 weeks

2
1
0 0

[PATCH 0/3] spi: fsl-qspi: Fix double cleanup in probe error path

by Kevin Hao

This patch series fixes double cleanup issues in the fsl-qspi probe error path and also simplifies the probe error handling using managed APIs. Signed-off-by: Kevin Hao <haokexin(a)gmail.com> --- Kevin Hao (3): spi: fsl-qspi: Fix double cleanup in probe error path spi: fsl-spi: Remove redundant probe error message spi: fsl-qspi: Simplify probe error handling using managed API drivers/spi/spi-fsl-qspi.c | 77 +++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 46 deletions(-) --- base-commit: 29e7bf01ed8033c9a14ed0dc990dfe2736dbcd18 change-id: 20250410-spi-10adc098d566 Best regards, -- Kevin Hao <haokexin(a)gmail.com>

4 months, 2 weeks

3
4
0 0

[PATCH 5.15 000/281] 5.15.180-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.180 release. There are 281 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 11 Apr 2025 11:58:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.180-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.180-rc2 Nathan Chancellor <nathan(a)kernel.org> mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not use PERF enums when perf is not defined Vlastimil Babka <vbabka(a)suse.cz> mm, slab: remove duplicate kernel-doc comment for ksize() Kamal Dasu <kdasu.kdev(a)gmail.com> mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops Kamal Dasu <kdasu.kdev(a)gmail.com> mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: disable transceiver during system PM Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: only change CAN state when link up in system PM Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix incorrect validation for num_aces field of smb_acl Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Jiri Kosina <jkosina(a)suse.com> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: i2c: et8ek8: Don't strip remove function when driver is builtin John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250_dma: terminate correct DMA in tx_dma_flush() Luo Qiu <luoqiu(a)kylinsec.com.cn> memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Dominique Martinet <dominique.martinet(a)atmark-techno.com> net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990B composition Cameron Williams <cang1(a)live.co.uk> tty: serial: 8250: Add Brainboxes XC devices Cameron Williams <cang1(a)live.co.uk> tty: serial: 8250: Add some more device IDs William Breathitt Gray <wbg(a)kernel.org> counter: microchip-tcb-capture: Fix undefined counter channel state on probe Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> counter: stm32-lptimer-cnt: fix error handling when enabling Dhruv Deshpande <dhrv.d(a)proton.me> ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Maxim Mikityanskiy <maxtram95(a)gmail.com> netfilter: socket: Lookup orig tuple for IPv6 SNAT Yanjun Yang <yangyj.ee(a)gmail.com> ARM: Remove address checking for MMUless devices Kees Cook <keescook(a)chromium.org> ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Kees Cook <keescook(a)chromium.org> ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() Minjoong Kim <pwn9uin(a)gmail.com> atm: Fix NULL pointer dereference Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: hid-plantronics: Add mic mute mapping and generalize quirks Terry Junge <linuxhid(a)cosmicgizmosystems.com> ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix race between element replace and close() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Justin Klaassen <justin(a)tidylabs.net> arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S Arthur Mongodin <amongodin(a)randorisec.fr> mptcp: Fix data stream corruption in the address announcement David Rosca <david.rosca(a)amd.com> drm/amdgpu: Fix JPEG video caps max size for navi1x and raven Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() Saranya R <quic_sarar(a)quicinc.com> soc: qcom: pdr: Fix the potential deadlock Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore own maximum aggregation size during RX Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: shmobile: smp: Enforce shmobile_smp_* alignment Ye Bin <yebin10(a)huawei.com> proc: fix UAF in proc_get_inode() Gu Bowen <gubowen5(a)huawei.com> mmc: atmel-mci: Add missing clk_disable_unprepare() Christian Eggers <ceggers(a)arri.de> regulator: check that dummy regulator has been probed before using it Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't run jobs that have errors flagged in its fence Andreas Kemnade <andreas(a)kemnade.info> i2c: omap: fix IRQ storms Guillaume Nault <gnault(a)redhat.com> Revert "gre: Fix IPv6 link-local address generation." Lin Ma <linma(a)zju.edu.cn> net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES Dan Carpenter <dan.carpenter(a)linaro.org> net: atm: fix use after free in lec_send() Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: Fix error code in chan_alloc_skb_cb() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong value of max_sge_rd Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup during bt pages loop Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: Don't mark timer regs unconfigured Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: PL011 UARTs are actually r1p5 Cosmin Ratiu <cratiu(a)nvidia.com> xfrm_output: Force software GSO only in tunnel mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> firmware: imx-scu: fix OF node leak in .probe() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: Fix match_session bug preventing session reuse Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Check for invalid input params when building scaling params Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: sis630: Fix an error handling path in sis630_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali15x3: Fix an error handling path in ali15x3_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali1535: Fix an error handling path in ali1535_probe() Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing closetimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing actimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acdirmax mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acregmax mount option Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() Ivan Abramov <i.abramov(a)mt-integration.ru> drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: ops: Consistently treat platform_max as control value Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_abort() Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: Handle memfd_secret() files in build_id_parse() Haoxiang Li <haoxiang_li2024(a)163.com> qlcnic: fix memory leak issues in qlcnic_sriov_common.c Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix slab-use-after-free on hdcp_work Alex Hung <alex.hung(a)amd.com> drm/amd/display: Assign normalized_pix_clk when color depth = 14 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restore correct backlight brightness after a GPU reset Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Filter out redundant DPMS calls Florent Revest <revest(a)chromium.org> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Johan Hovold <johan(a)kernel.org> USB: serial: option: match on interface class for Telit FN990B Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FE990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE990B compositions Boon Khai Ng <boon.khai.ng(a)intel.com> USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Ming Lei <ming.lei(a)redhat.com> block: fix 'kmem_cache of name 'bio-108' already exists' Thomas Zimmermann <tzimmermann(a)suse.de> drm/nouveau: Do not override forced connector status Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: safety check before fallback Arnd Bergmann <arnd(a)arndb.de> x86/irq: Define trace events conditionally Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't truncate cached, mutated symlink Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Set the SDOUT polarity correctly Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Fix power control mask Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Fix volume scale Daniel Wagner <wagi(a)kernel.org> nvme: only allow entering LIVE from CONNECTING state Yu-Chun Lin <eleanor15x(a)gmail.com> sctp: Fix undefined behavior in left shift operation Ruozhu Li <david.li(a)jaguarmicro.com> nvmet-rdma: recheck queue state is LIVE in state lock in recv done Stephan Gerhold <stephan.gerhold(a)linaro.org> net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors Terry Cheong <htcheong(a)chromium.org> ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/cpufreq_cooling: Remove structure member documentation Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: Fix CHPID "configure" attribute caching Jann Horn <jannh(a)google.com> sched: Clarify wake_up_q()'s write to task->wake_q.next Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: ignore non-functional sensor in HP 5MP Camera Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Brahmajit Das <brahmajit.xyz(a)gmail.com> vboxsf: fix building with GCC 15 Eric W. Biederman <ebiederm(a)xmission.com> alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Gannon Kolding <gannon.kolding(a)gmail.com> ACPI: resource: IRQ override for Eluktronics MECH-17 Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix kernel oops when debug level > 2 Rik van Riel <riel(a)surriel.com> scsi: core: Use GFP_NOIO to avoid circular locking dependency Chengen Du <chengen.du(a)canonical.com> iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> powercap: call put_device() on an error path in powercap_register_control_type() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> hrtimers: Mark is_migration_base() with __always_inline Daniel Wagner <wagi(a)kernel.org> nvme-fc: go straight to connecting state when initializing Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: Bridge, fix the crash caused by LAG state check Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove misbehaving actions length check Kees Cook <keescook(a)chromium.org> openvswitch: Use kmalloc_size_roundup() to match ksize() usage Kees Cook <keescook(a)chromium.org> slab: Introduce kmalloc_size_roundup() Kees Cook <keescook(a)chromium.org> slab: clean up function prototypes Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 link-local address generation. Alexey Kashavkin <akashavkin(a)gmail.com> netfilter: nft_exthdr: fix offset with ipv4_find_option() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Prevent creation of classes with TC_H_ROOT Dan Carpenter <dan.carpenter(a)linaro.org> ipvs: prevent integer overflow in do_ip_vs_get_ctl() Kohei Enju <enjuk(a)amazon.com> netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: handle errors in mlx5_chains_create_table() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() Breno Leitao <leitao(a)debian.org> netpoll: hold rcu read lock in __netpoll_send_skb() Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Verify after ATU Load ops Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix memory leak in aRFS after reset Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Fix incorrect regmap max_registers value Michael Kelley <mhklinux(a)outlook.com> fbdev: hyperv_fb: iounmap() the correct memory when removing a device Wang Yufen <wangyufen(a)huawei.com> ipv6: Fix signed integer overflow in __ip6_append_data Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Prevent boot crash when the boot CPU is nohz_full David Woodhouse <dwmw(a)amazon.co.uk> clockevents/drivers/i8253: Fix stop sequence for timer 0 Eric Dumazet <edumazet(a)google.com> vlan: fix memory leak in vlan_newlink() ------------- Diffstat: Documentation/timers/no_hz.rst | 7 +- Makefile | 4 +- arch/alpha/include/asm/elf.h | 6 +- arch/alpha/include/asm/pgtable.h | 2 +- arch/alpha/include/asm/processor.h | 8 +- arch/alpha/kernel/osf_sys.c | 11 +- arch/arm/boot/dts/bcm2711.dtsi | 11 +- arch/arm/mach-shmobile/headsmp.S | 1 + arch/arm/mm/fault.c | 8 + arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2 +- arch/powerpc/platforms/cell/spufs/inode.c | 9 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/x86/Kconfig | 2 +- arch/x86/entry/calling.h | 2 + arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/mshyperv.c | 11 -- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/irq.c | 2 + arch/x86/kernel/process.c | 7 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- block/bio.c | 2 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 13 ++ drivers/base/power/main.c | 21 +-- drivers/base/power/runtime.c | 2 +- drivers/clk/meson/g12a.c | 38 ++-- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/clocksource/i8253.c | 36 ++-- drivers/counter/microchip-tcb-capture.c | 19 ++ drivers/counter/stm32-lptimer-cnt.c | 24 ++- drivers/cpufreq/cpufreq_governor.c | 45 ++--- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 ++- drivers/crypto/nx/nx-common-pseries.c | 37 ++-- drivers/edac/ie31200_edac.c | 19 +- drivers/firmware/imx/imx-scu.c | 1 + drivers/firmware/iscsi_ibft.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/nv.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 ++ .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 17 +- .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 24 +++ drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/drm_atomic_uapi.c | 4 + drivers/gpu/drm/drm_connector.c | 4 + drivers/gpu/drm/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/gma500/mid_bios.c | 5 + drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++- drivers/gpu/drm/nouveau/nouveau_connector.c | 1 - drivers/gpu/drm/radeon/radeon_vce.c | 2 +- drivers/gpu/drm/v3d/v3d_sched.c | 9 +- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/hid/Makefile | 1 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-plantronics.c | 144 +++++++-------- drivers/hid/hid-quirks.c | 1 + drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +- drivers/hv/vmbus_drv.c | 13 ++ drivers/hwmon/nct6775.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/i2c/busses/i2c-ali1535.c | 12 +- drivers/i2c/busses/i2c-ali15x3.c | 12 +- drivers/i2c/busses/i2c-omap.c | 26 +-- drivers/i2c/busses/i2c-sis630.c | 12 +- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/adc/ad7124.c | 35 +++- drivers/infiniband/core/device.c | 9 + drivers/infiniband/core/mad.c | 38 ++-- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 23 ++- drivers/infiniband/hw/hns/hns_roce_hem.h | 2 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 4 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 10 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mfd/sm501.c | 6 +- drivers/mmc/host/atmel-mci.c | 4 +- drivers/mmc/host/sdhci-brcmstb.c | 86 ++++++++- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/can/flexcan.c | 18 +- drivers/net/dsa/mv88e6xxx/chip.c | 59 ++++-- drivers/net/ethernet/intel/ice/ice_arfs.c | 2 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++------- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 + .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/usb/usbnet.c | 27 ++- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++--- drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/core.c | 2 - drivers/nvme/host/fc.c | 3 +- drivers/nvme/host/pci.c | 21 ++- drivers/nvme/host/tcp.c | 5 +- drivers/nvme/target/rdma.c | 33 +++- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 4 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv_core.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/power/supply/max77693_charger.c | 2 +- drivers/powercap/powercap_sys.c | 3 +- drivers/regulator/core.c | 12 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 ++- drivers/remoteproc/qcom_q6v5_pas.c | 10 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/s390/cio/chp.c | 3 +- drivers/scsi/qla1280.c | 2 +- drivers/scsi/scsi_scan.c | 2 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soundwire/slave.c | 1 + drivers/thermal/cpufreq_cooling.c | 2 - .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/serial/8250/8250_dma.c | 2 +- drivers/tty/serial/8250/8250_pci.c | 46 +++++ drivers/tty/serial/fsl_lpuart.c | 25 ++- drivers/usb/serial/ftdi_sio.c | 14 ++ drivers/usb/serial/ftdi_sio_ids.h | 13 ++ drivers/usb/serial/option.c | 48 +++-- drivers/video/console/Kconfig | 2 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/hyperv_fb.c | 2 +- drivers/video/fbdev/sm501fb.c | 7 + fs/affs/file.c | 9 +- fs/btrfs/extent-tree.c | 5 +- fs/cifs/cifs_debug.c | 2 + fs/cifs/cifsglob.h | 8 + fs/cifs/connect.c | 15 +- fs/cifs/fs_context.c | 14 +- fs/exfat/fatent.c | 2 +- fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 ++- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 4 +- fs/fuse/file.c | 4 +- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/ksmbd/auth.c | 2 +- fs/ksmbd/mgmt/user_session.c | 16 ++ fs/ksmbd/mgmt/user_session.h | 2 + fs/ksmbd/smb2pdu.c | 12 +- fs/ksmbd/smbacl.c | 5 +- fs/namei.c | 24 ++- fs/nfs/delegation.c | 33 ++-- fs/nfsd/nfs4state.c | 31 +++- fs/ntfs3/index.c | 4 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/proc/generic.c | 10 +- fs/proc/inode.c | 6 +- fs/proc/internal.h | 14 ++ fs/vboxsf/super.c | 3 +- include/drm/drm_dp_mst_helper.h | 7 + include/linux/fs.h | 2 + include/linux/fwnode.h | 2 +- include/linux/i8253.h | 1 - include/linux/interrupt.h | 8 +- include/linux/pm_runtime.h | 2 + include/linux/proc_fs.h | 7 +- include/linux/sched/smt.h | 2 +- include/linux/slab.h | 99 ++++++---- include/net/ipv6.h | 4 +- include/rdma/ib_verbs.h | 1 + include/sound/soc.h | 5 +- kernel/events/ring_buffer.c | 2 +- kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/core.c | 5 +- kernel/sched/deadline.c | 2 +- kernel/time/hrtimer.c | 22 ++- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events_synth.c | 37 +++- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + lib/842/842_compress.c | 2 + lib/buildid.c | 5 + mm/slab.c | 9 +- mm/slab_common.c | 34 ++-- mm/slob.c | 14 ++ net/8021q/vlan_netlink.c | 10 +- net/atm/lec.c | 3 +- net/atm/mpc.c | 2 + net/batman-adv/bat_iv_ogm.c | 3 +- net/batman-adv/bat_v_ogm.c | 3 +- net/bluetooth/6lowpan.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +++-- net/core/neighbour.c | 1 + net/core/netpoll.c | 9 +- net/core/rtnetlink.c | 3 + net/core/sock_map.c | 5 +- net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/tcp.c | 6 +- net/ipv6/addrconf.c | 37 ++-- net/ipv6/calipso.c | 21 ++- net/ipv6/ip6_output.c | 6 +- net/ipv6/netfilter/nf_socket_ipv6.c | 23 +++ net/ipv6/route.c | 5 +- net/mptcp/options.c | 6 +- net/mptcp/protocol.h | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 8 +- net/netfilter/nf_conncount.c | 2 + net/netfilter/nft_ct.c | 6 +- net/netfilter/nft_exthdr.c | 10 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/openvswitch/flow_netlink.c | 17 +- net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_api.c | 6 + net/sched/sch_skbprio.c | 3 - net/sctp/stream.c | 2 +- net/vmw_vsock/af_vsock.c | 6 +- net/xfrm/xfrm_output.c | 2 +- scripts/selinux/install_policy.sh | 15 +- sound/pci/hda/patch_realtek.c | 28 ++- sound/soc/codecs/arizona.c | 14 +- sound/soc/codecs/madera.c | 10 +- sound/soc/codecs/tas2764.c | 10 +- sound/soc/codecs/tas2764.h | 8 +- sound/soc/codecs/tas2770.c | 2 +- sound/soc/codecs/wm0010.c | 13 +- sound/soc/codecs/wm5110.c | 8 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/sh/rcar/core.c | 14 -- sound/soc/sh/rcar/rsnd.h | 1 - sound/soc/sh/rcar/src.c | 18 +- sound/soc/soc-ops.c | 15 +- sound/soc/sof/intel/hda-codec.c | 1 + sound/soc/ti/j721e-evm.c | 2 + sound/usb/mixer_quirks.c | 51 ++++++ tools/lib/bpf/linker.c | 2 +- tools/perf/util/python.c | 17 +- tools/perf/util/units.c | 2 +- 281 files changed, 2105 insertions(+), 1000 deletions(-)

4 months, 2 weeks

8
7
0 0

[PATCH 5/5] xhci: Limit time spent with xHC interrupts disabled during bus resume

by Mathias Nyman

Current xhci bus resume implementation prevents xHC host from generating interrupts during high-speed USB 2 and super-speed USB 3 bus resume. Only reason to disable interrupts during bus resume would be to prevent the interrupt handler from interfering with the resume process of USB 2 ports. Host initiated resume of USB 2 ports is done in two stages. The xhci driver first transitions the port from 'U3' to 'Resume' state, then wait in Resume for 20ms, and finally moves port to U0 state. xhci driver can't prevent interrupts by keeping the xhci spinlock due to this 20ms sleep. Limit interrupt disabling to the USB 2 port resume case only. resuming USB 2 ports in bus resume is only done in special cases where USB 2 ports had to be forced to suspend during bus suspend. The current way of preventing interrupts by clearing the 'Interrupt Enable' (INTE) bit in USBCMD register won't prevent the Interrupter registers 'Interrupt Pending' (IP), 'Event Handler Busy' (EHB) and USBSTS register Event Interrupt (EINT) bits from being set. New interrupts can't be issued before those bits are properly clered. Disable interrupts by clearing the interrupter register 'Interrupt Enable' (IE) bit instead. This way IP, EHB and INTE won't be set before IE is enabled again and a new interrupt is triggered. Reported-by: Devyn Liu <liudingyuan(a)huawei.com> Closes: https://lore.kernel.org/linux-usb/b1a9e2d51b4d4ff7a304f77c5be8164e@huawei.c… Cc: stable(a)vger.kernel.org Tested-by: Devyn Liu <liudingyuan(a)huawei.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-hub.c | 30 ++++++++++++++++-------------- drivers/usb/host/xhci.c | 4 ++-- drivers/usb/host/xhci.h | 2 ++ 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index c0f226584a40..486347776cb2 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -1878,9 +1878,10 @@ int xhci_bus_resume(struct usb_hcd *hcd) int max_ports, port_index; int sret; u32 next_state; - u32 temp, portsc; + u32 portsc; struct xhci_hub *rhub; struct xhci_port **ports; + bool disabled_irq = false; rhub = xhci_get_rhub(hcd); ports = rhub->ports; @@ -1896,17 +1897,20 @@ int xhci_bus_resume(struct usb_hcd *hcd) return -ESHUTDOWN; } - /* delay the irqs */ - temp = readl(&xhci->op_regs->command); - temp &= ~CMD_EIE; - writel(temp, &xhci->op_regs->command); - /* bus specific resume for ports we suspended at bus_suspend */ - if (hcd->speed >= HCD_USB3) + if (hcd->speed >= HCD_USB3) { next_state = XDEV_U0; - else + } else { next_state = XDEV_RESUME; - + if (bus_state->bus_suspended) { + /* + * prevent port event interrupts from interfering + * with usb2 port resume process + */ + xhci_disable_interrupter(xhci->interrupters[0]); + disabled_irq = true; + } + } port_index = max_ports; while (port_index--) { portsc = readl(ports[port_index]->addr); @@ -1974,11 +1978,9 @@ int xhci_bus_resume(struct usb_hcd *hcd) (void) readl(&xhci->op_regs->command); bus_state->next_statechange = jiffies + msecs_to_jiffies(5); - /* re-enable irqs */ - temp = readl(&xhci->op_regs->command); - temp |= CMD_EIE; - writel(temp, &xhci->op_regs->command); - temp = readl(&xhci->op_regs->command); + /* re-enable interrupter */ + if (disabled_irq) + xhci_enable_interrupter(xhci->interrupters[0]); spin_unlock_irqrestore(&xhci->lock, flags); return 0; diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index ca390beda85b..90eb491267b5 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -322,7 +322,7 @@ static void xhci_zero_64b_regs(struct xhci_hcd *xhci) xhci_info(xhci, "Fault detected\n"); } -static int xhci_enable_interrupter(struct xhci_interrupter *ir) +int xhci_enable_interrupter(struct xhci_interrupter *ir) { u32 iman; @@ -335,7 +335,7 @@ static int xhci_enable_interrupter(struct xhci_interrupter *ir) return 0; } -static int xhci_disable_interrupter(struct xhci_interrupter *ir) +int xhci_disable_interrupter(struct xhci_interrupter *ir) { u32 iman; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 28b6264f8b87..242ab9fbc8ae 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1890,6 +1890,8 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, struct usb_tt *tt, gfp_t mem_flags); int xhci_set_interrupter_moderation(struct xhci_interrupter *ir, u32 imod_interval); +int xhci_enable_interrupter(struct xhci_interrupter *ir); +int xhci_disable_interrupter(struct xhci_interrupter *ir); /* xHCI ring, segment, TRB, and TD functions */ dma_addr_t xhci_trb_virt_to_dma(struct xhci_segment *seg, union xhci_trb *trb); -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH 4/5] usb: xhci: Fix invalid pointer dereference in Etron workaround

by Mathias Nyman

From: Michal Pecio <michal.pecio(a)gmail.com> This check is performed before prepare_transfer() and prepare_ring(), so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of times this code is called. Then enqueue + 1 is an invalid pointer. It will crash the kernel right away or load some junk which may look like a link TRB and cause the real link TRB to be replaced with a NOOP. This wouldn't end well. Use a functionally equivalent test which doesn't dereference the pointer and always gives correct result. Something has crashed my machine twice in recent days while playing with an Etron HC, and a control transfer stress test ran for confirmation has just crashed it again. The same test passes with this patch applied. Fixes: 5e1c67abc930 ("xhci: Fix control transfer error on Etron xHCI host") Cc: stable(a)vger.kernel.org Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 4e975caca235..b906bc2eea5f 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -3777,7 +3777,7 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *xhci, gfp_t mem_flags, * enqueue a No Op TRB, this can prevent the Setup and Data Stage * TRB to be breaked by the Link TRB. */ - if (trb_is_link(ep_ring->enqueue + 1)) { + if (last_trb_on_seg(ep_ring->enq_seg, ep_ring->enqueue + 1)) { field = TRB_TYPE(TRB_TR_NOOP) | ep_ring->cycle_state; queue_trb(xhci, ep_ring, false, 0, 0, TRB_INTR_TARGET(0), field); -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH 6.1.y] x86/split_lock: Fix the delayed detection logic

by Maksim Davydov

commit c929d08df8bee855528b9d15b853c892c54e1eee upstream. If the warning mode with disabled mitigation mode is used, then on each CPU where the split lock occurred detection will be disabled in order to make progress and delayed work will be scheduled, which then will enable detection back. Now it turns out that all CPUs use one global delayed work structure. This leads to the fact that if a split lock occurs on several CPUs at the same time (within 2 jiffies), only one CPU will schedule delayed work, but the rest will not. The return value of schedule_delayed_work_on() would have shown this, but it is not checked in the code. A diagram that can help to understand the bug reproduction: - sld_update_msr() enables/disables SLD on both CPUs on the same core - schedule_delayed_work_on() internally checks WORK_STRUCT_PENDING_BIT. If a work has the 'pending' status, then schedule_delayed_work_on() will return an error code and, most importantly, the work will not be placed in the workqueue. Let's say we have a multicore system on which split_lock_mitigate=0 and a multithreaded application is running that calls splitlock in multiple threads. Due to the fact that sld_update_msr() affects the entire core (both CPUs), we will consider 2 CPUs from different cores. Let the 2 threads of this application schedule to CPU0 (core 0) and to CPU 2 (core 1), then: | || | | CPU 0 (core 0) || CPU 2 (core 1) | |_________________________________||___________________________________| | || | | 1) SPLIT LOCK occured || | | || | | 2) split_lock_warn() || | | || | | 3) sysctl_sld_mitigate == 0 || | | (work = &sl_reenable) || | | || | | 4) schedule_delayed_work_on() || | | (reenable will be called || | | after 2 jiffies on CPU 0) || | | || | | 5) disable SLD for core 0 || | | || | | ------------------------- || | | || | | || 6) SPLIT LOCK occured | | || | | || 7) split_lock_warn() | | || | | || 8) sysctl_sld_mitigate == 0 | | || (work = &sl_reenable, | | || the same address as in 3) ) | | || | | 2 jiffies || 9) schedule_delayed_work_on() | | || fials because the work is in | | || the pending state since 4). | | || The work wasn't placed to the | | || workqueue. reenable won't be | | || called on CPU 2 | | || | | || 10) disable SLD for core 0 | | || | | || From now on SLD will | | || never be reenabled on core 1 | | || | | ------------------------- || | | || | | 11) enable SLD for core 0 by || | | __split_lock_reenable || | | || | If the application threads can be scheduled to all processor cores, then over time there will be only one core left, on which SLD will be enabled and split lock will be able to be detected; and on all other cores SLD will be disabled all the time. Most likely, this bug has not been noticed for so long because sysctl_sld_mitigate default value is 1, and in this case a semaphore is used that does not allow 2 different cores to have SLD disabled at the same time, that is, strictly only one work is placed in the workqueue. In order to fix the warning mode with disabled mitigation mode, delayed work has to be per-CPU. Implement it. Fixes: 727209376f49 ("x86/split_lock: Add sysctl to control the misery mode") Signed-off-by: Maksim Davydov <davydov-max(a)yandex-team.ru> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ravi Bangoria <ravi.bangoria(a)amd.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20250115131704.132609-1-davydov-max@yandex-team.ru --- arch/x86/kernel/cpu/intel.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index b91f3d72bcdd..2c43a1423b09 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -1204,7 +1204,13 @@ static void __split_lock_reenable(struct work_struct *work) { sld_update_msr(true); } -static DECLARE_DELAYED_WORK(sl_reenable, __split_lock_reenable); +/* + * In order for each CPU to schedule its delayed work independently of the + * others, delayed work struct must be per-CPU. This is not required when + * sysctl_sld_mitigate is enabled because of the semaphore that limits + * the number of simultaneously scheduled delayed works to 1. + */ +static DEFINE_PER_CPU(struct delayed_work, sl_reenable); /* * If a CPU goes offline with pending delayed work to re-enable split lock @@ -1225,7 +1231,7 @@ static int splitlock_cpu_offline(unsigned int cpu) static void split_lock_warn(unsigned long ip) { - struct delayed_work *work; + struct delayed_work *work = NULL; int cpu; if (!current->reported_split_lock) @@ -1247,11 +1253,17 @@ static void split_lock_warn(unsigned long ip) if (down_interruptible(&buslock_sem) == -EINTR) return; work = &sl_reenable_unlock; - } else { - work = &sl_reenable; } cpu = get_cpu(); + + if (!work) { + work = this_cpu_ptr(&sl_reenable); + /* Deferred initialization of per-CPU struct */ + if (!work->work.func) + INIT_DELAYED_WORK(work, __split_lock_reenable); + } + schedule_delayed_work_on(cpu, work, 2); /* Disable split lock detection on this CPU to make progress */ -- 2.34.1

4 months, 2 weeks

1
0
0 0

[PATCH 6.6.y] x86/split_lock: Fix the delayed detection logic

by Maksim Davydov

commit c929d08df8bee855528b9d15b853c892c54e1eee upstream. If the warning mode with disabled mitigation mode is used, then on each CPU where the split lock occurred detection will be disabled in order to make progress and delayed work will be scheduled, which then will enable detection back. Now it turns out that all CPUs use one global delayed work structure. This leads to the fact that if a split lock occurs on several CPUs at the same time (within 2 jiffies), only one CPU will schedule delayed work, but the rest will not. The return value of schedule_delayed_work_on() would have shown this, but it is not checked in the code. A diagram that can help to understand the bug reproduction: - sld_update_msr() enables/disables SLD on both CPUs on the same core - schedule_delayed_work_on() internally checks WORK_STRUCT_PENDING_BIT. If a work has the 'pending' status, then schedule_delayed_work_on() will return an error code and, most importantly, the work will not be placed in the workqueue. Let's say we have a multicore system on which split_lock_mitigate=0 and a multithreaded application is running that calls splitlock in multiple threads. Due to the fact that sld_update_msr() affects the entire core (both CPUs), we will consider 2 CPUs from different cores. Let the 2 threads of this application schedule to CPU0 (core 0) and to CPU 2 (core 1), then: | || | | CPU 0 (core 0) || CPU 2 (core 1) | |_________________________________||___________________________________| | || | | 1) SPLIT LOCK occured || | | || | | 2) split_lock_warn() || | | || | | 3) sysctl_sld_mitigate == 0 || | | (work = &sl_reenable) || | | || | | 4) schedule_delayed_work_on() || | | (reenable will be called || | | after 2 jiffies on CPU 0) || | | || | | 5) disable SLD for core 0 || | | || | | ------------------------- || | | || | | || 6) SPLIT LOCK occured | | || | | || 7) split_lock_warn() | | || | | || 8) sysctl_sld_mitigate == 0 | | || (work = &sl_reenable, | | || the same address as in 3) ) | | || | | 2 jiffies || 9) schedule_delayed_work_on() | | || fials because the work is in | | || the pending state since 4). | | || The work wasn't placed to the | | || workqueue. reenable won't be | | || called on CPU 2 | | || | | || 10) disable SLD for core 0 | | || | | || From now on SLD will | | || never be reenabled on core 1 | | || | | ------------------------- || | | || | | 11) enable SLD for core 0 by || | | __split_lock_reenable || | | || | If the application threads can be scheduled to all processor cores, then over time there will be only one core left, on which SLD will be enabled and split lock will be able to be detected; and on all other cores SLD will be disabled all the time. Most likely, this bug has not been noticed for so long because sysctl_sld_mitigate default value is 1, and in this case a semaphore is used that does not allow 2 different cores to have SLD disabled at the same time, that is, strictly only one work is placed in the workqueue. In order to fix the warning mode with disabled mitigation mode, delayed work has to be per-CPU. Implement it. Fixes: 727209376f49 ("x86/split_lock: Add sysctl to control the misery mode") Signed-off-by: Maksim Davydov <davydov-max(a)yandex-team.ru> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ravi Bangoria <ravi.bangoria(a)amd.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20250115131704.132609-1-davydov-max@yandex-team.ru --- arch/x86/kernel/cpu/intel.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 38eeff91109f..6c0e0619e6d3 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -1168,7 +1168,13 @@ static void __split_lock_reenable(struct work_struct *work) { sld_update_msr(true); } -static DECLARE_DELAYED_WORK(sl_reenable, __split_lock_reenable); +/* + * In order for each CPU to schedule its delayed work independently of the + * others, delayed work struct must be per-CPU. This is not required when + * sysctl_sld_mitigate is enabled because of the semaphore that limits + * the number of simultaneously scheduled delayed works to 1. + */ +static DEFINE_PER_CPU(struct delayed_work, sl_reenable); /* * If a CPU goes offline with pending delayed work to re-enable split lock @@ -1189,7 +1195,7 @@ static int splitlock_cpu_offline(unsigned int cpu) static void split_lock_warn(unsigned long ip) { - struct delayed_work *work; + struct delayed_work *work = NULL; int cpu; if (!current->reported_split_lock) @@ -1211,11 +1217,17 @@ static void split_lock_warn(unsigned long ip) if (down_interruptible(&buslock_sem) == -EINTR) return; work = &sl_reenable_unlock; - } else { - work = &sl_reenable; } cpu = get_cpu(); + + if (!work) { + work = this_cpu_ptr(&sl_reenable); + /* Deferred initialization of per-CPU struct */ + if (!work->work.func) + INIT_DELAYED_WORK(work, __split_lock_reenable); + } + schedule_delayed_work_on(cpu, work, 2); /* Disable split lock detection on this CPU to make progress */ -- 2.34.1

4 months, 2 weeks

1
0
0 0

[PATCH v2] serial: sifive: lock port in startup()/shutdown() callbacks

by Ryo Takakura

startup()/shutdown() callbacks access SIFIVE_SERIAL_IE_OFFS. The register is also accessed from write() callback. If console were printing and startup()/shutdown() callback gets called, its access to the register could be overwritten. Add port->lock to startup()/shutdown() callbacks to make sure their access to SIFIVE_SERIAL_IE_OFFS is synchronized against write() callback. Fixes: 45c054d0815b ("tty: serial: add driver for the SiFive UART") Signed-off-by: Ryo Takakura <ryotkkr98(a)gmail.com> Cc: stable(a)vger.kernel.org --- This patch used be part of a series for converting sifive driver to nbcon[0]. It's now sent seperatly as the rest of the series does not need be applied to the stable branch. Sincerely, Ryo Takakura [0] https://lore.kernel.org/all/20250405043833.397020-1-ryotkkr98@gmail.com/ --- drivers/tty/serial/sifive.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c index 5904a2d4c..054a8e630 100644 --- a/drivers/tty/serial/sifive.c +++ b/drivers/tty/serial/sifive.c @@ -563,8 +563,11 @@ static void sifive_serial_break_ctl(struct uart_port *port, int break_state) static int sifive_serial_startup(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_enable_rxwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); return 0; } @@ -572,9 +575,12 @@ static int sifive_serial_startup(struct uart_port *port) static void sifive_serial_shutdown(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_disable_rxwm(ssp); __ssp_disable_txwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); } /** -- 2.34.1

4 months, 2 weeks

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2025