April 2025 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.12 release. There are 414 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 19 Apr 2025 17:49:48 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.12-rc1 Thomas Richter <tmricht(a)linux.ibm.com> s390/cpumf: Fix double free on error in cpumf_pmu_event_init() Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Jeff Layton <jlayton(a)kernel.org> nfsd: don't ignore the return code of svc_proc_register() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix CB_GETATTR status fix Olga Kornievskaia <okorniev(a)redhat.com> NFSD: fix decoding in nfs4_xdr_dec_cb_getattr Nathan Chancellor <nathan(a)kernel.org> ACPI: platform-profile: Fix CFI violation when accessing sysfs files Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT Yi Liu <yi.l.liu(a)intel.com> iommufd: Fail replace if device has not been attached Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Make attach_handle generic than fault specific Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Nícolas F. R. A. Prado <nfraprado(a)collabora.com> thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold Nícolas F. R. A. Prado <nfraprado(a)collabora.com> thermal/drivers/mediatek/lvts: Disable monitor mode during suspend Kevin Hao <haokexin(a)gmail.com> spi: fsl-qspi: Fix double cleanup in probe error path Han Xu <han.xu(a)nxp.com> spi: fsl-qspi: use devm function instead of driver remove Cong Liu <liucong2(a)kylinos.cn> selftests: mptcp: fix incorrect fd checks in main_loop Geliang Tang <geliang(a)kernel.org> selftests: mptcp: close fd_in before returning in main_loop Jake Hillion <jake(a)hillion.co.uk> sched_ext: create_dsq: Return -EEXIST on duplicate request Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390: Fix linker error when -no-pie option is unavailable David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio() Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: add support for eint_fltcon_offset Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Philipp Stanner <phasta(a)kernel.org> PCI: Fix wrong length of devres array Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Avoid unnecessary device replacement check Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4 Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_raw() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_one() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Switch to page pool for jumbo frames Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add a new test for setuid() Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Split signal_scoping_threads tests Mickaël Salaün <mic(a)digikod.net> landlock: Prepare to add second errata Mickaël Salaün <mic(a)digikod.net> landlock: Always allow signals between threads of the same process Mickaël Salaün <mic(a)digikod.net> landlock: Add erratum for TCP fix Mickaël Salaün <mic(a)digikod.net> landlock: Add the errata interface Mickaël Salaün <mic(a)digikod.net> landlock: Move code to ease future backports Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly zero-initialize on-stack CPUID unions Amit Machhiwal <amachhiw(a)linux.ibm.com> KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests Sean Christopherson <seanjc(a)google.com> KVM: Allow building irqbypass.ko as as module when kvm.ko is a module Joshua Washington <joshwash(a)google.com> gve: handle overflow when reporting TX consumed descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind Guixin Liu <kanie(a)linux.alibaba.com> gpio: tegra186: fix resource handling in ACPI probe path Andy Chiu <andybnac(a)gmail.com> ftrace: Properly merge notrace hashes zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix prefetch-vs-suspend race Jo Van Bulck <jo.vanbulck(a)kuleuven.be> dm-integrity: fix non-constant-time tag verification Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-ebs: fix prefetch-vs-suspend race Alexander Aring <aahringo(a)redhat.com> dlm: fix error if active rsb is not hashed Alexander Aring <aahringo(a)redhat.com> dlm: fix error if inactive rsb is not hashed Dionna Glaze <dionnaglaze(a)google.com> crypto: ccp - Fix uAPI definitions of PSP errors Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Release pm subdomains in reverse add order Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Pali Rohár <pali(a)kernel.org> cifs: Ensure that all non-client-specific reparse points are processed by the server Roman Smirnov <r.smirnov(a)omp.ru> cifs: fix integer overflow in match_server() Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Aman <aman1(a)microsoft.com> CIFS: Propagate min offload along with other parameters from primary to secondary channels. Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not add length to print format in synthetic events Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe events: Fix possible UAF on modules Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: fix balloon target initialization for PVH dom0 Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Jinjiang Tu <tujinjiang(a)huawei.com> mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper Marc Herbert <Marc.Herbert(a)linux.intel.com> mm/hugetlb: move hugetlb_sysctl_init() to the __init section Shuai Xue <xueshuai(a)linux.alibaba.com> mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Peter Xu <peterx(a)redhat.com> mm/userfaultfd: fix release hang over concurrent GUP Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/mremap: correctly handle partial mremap() of VMA starting at 0 Ryan Roberts <ryan.roberts(a)arm.com> mm: fix lazy mmu docs and usage Jane Chu <jane.chu(a)oracle.com> mm: make page_mapped_in_vma() hugetlb walk aware David Hildenbrand <david(a)redhat.com> mm/rmap: reject hugetlb folios in folio_make_device_exclusive() Usama Arif <usamaarif642(a)gmail.com> mm/damon/ops: have damon_get_folio return folio even for tail pages Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix possible circular locking dependency Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix uninitialized rc in iommufd_access_rw() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone finishing with missing devices Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone activation with missing devices Filipe Manana <fdmanana(a)suse.com> btrfs: tests: fix chunk map leak after failure to add it to the tree Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: disable pinctrl_gsacore node Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8188: Assign apll1 clock as parent to avoid hang Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks Keerthy <j-keerthy(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Correct the update of max_pfn Ninad Malwade <nmalwade(a)nvidia.com> arm64: tegra: Remove the Orin NX/Nano suspend key Keir Fraser <keirf(a)google.com> arm64: mops: Do not dereference src reg for a set operation Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Kartik Rajput <kkartik(a)nvidia.com> mailbox: tegra-hsp: Define dimensioning masks in SoC data Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Kris Van Hees <kris.van.hees(a)oracle.com> kbuild: exclude .rodata.(cst|str)* when building ranges Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use readsb helper for reading MDB Mimi Zohar <zohar(a)linux.ibm.com> ima: limit the number of ToMToU integrity violations Mimi Zohar <zohar(a)linux.ibm.com> ima: limit the number of open-writers integrity violations Steve French <stfrench(a)microsoft.com> smb311 client: fix missing tcon check when mounting with linux/posix extensions Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Olga Kornievskaia <okorniev(a)redhat.com> svcrdma: do not unregister device for listeners Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> tpm: do not start chip while suspended Jan Kara <jack(a)suse.cz> udf: Fix inode_getblk() return value Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: fix to avoid atomicity corruption of atomic file Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix the missing write pointer correction Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix race between unprepare and queue_buf Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix deadlock in ivpu_ms_cleanup() Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() Sharan Kumar M <sharweshraajan(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: make use of q6apm_get_hw_pointer Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm: add q6apm_get_hw_pointer helper Haoxiang Li <haoxiang_li2024(a)163.com> ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: reject zero sized provided buffers Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix io_req_post_cqe abuse by send bundle Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix accept multishot handling Qingfang Deng <dqfext(a)gmail.com> net: stmmac: Fix accessing freed irq affinity_hint Ewan D. Milne <emilne(a)redhat.com> scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix country count limitation for CLC Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: ensure wow pattern command align fw format Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Haoxiang Li <haoxiang_li2024(a)163.com> wifi: mt76: Add check for devm_kstrdup() Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix internal PHYs for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Add check for devm_kcalloc() Ming Lei <ming.lei(a)redhat.com> block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting freebind & transparent Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Harshitha Ramamurthy <hramamurthy(a)google.com> gve: unlink old napi only if page pool exists Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Fix wrong variable usage in rzv2h_tint_set_type() Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix a hang after seeking Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Avoid race condition in the interrupt handler Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix gray color on screen Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx214: Rectify probe error handling related to runtime PM Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx219: Rectify runtime PM handling in probe and remove Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx319: Rectify runtime PM handling probe and remove Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Ricardo Ribalda <ribalda(a)chromium.org> media: nuvoton: Fix reference handling of ece_pdev Ricardo Ribalda <ribalda(a)chromium.org> media: nuvoton: Fix reference handling of ece_node Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in remove Sakari Ailus <sakari.ailus(a)linux.intel.com> Revert "media: imx214: Fix the error handling in imx214_probe()" Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: imx219: Adjust PLL settings based on the number of MIPI lanes Dan Carpenter <dan.carpenter(a)linaro.org> media: xilinx-tpg: fix double put in xtpg_parse_of() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: platform: stm32: Add check for clk_enable() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: visl: Fix ERANGE error when setting enum controls Hans de Goede <hdegoede(a)redhat.com> media: hi556: Fix memory leak (on error) in hi556_check_hwcfg() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Properly turn sensor on/off when runtime-suspended Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix PM related deadlocks in MS IOCTLs Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Fix timeout handling when waiting for TPM status Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Set HCR_EL2.TID1 unconditionally Will Deacon <will(a)kernel.org> KVM: arm64: Tear down vGIC on failed vCPU creation Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Akihiko Odaki <akihiko.odaki(a)daynix.com> KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR} Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication John Keeping <jkeeping(a)inmusicbrands.com> media: rockchip: rga: fix rga offset lookup Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Bingbu Cao <bingbu.cao(a)intel.com> media: intel/ipu6: set the dev_parent of video device to pdev Martin Tůma <martin.tuma(a)digiteqautomotive.com> media: mgb4: Fix switched CMT frequency range "magic values" sets Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Martin Tůma <martin.tuma(a)digiteqautomotive.com> media: mgb4: Fix CMT registers update logic Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: uapi: rkisp1-config: Fix typo in extensible params example Arnd Bergmann <arnd(a)arndb.de> media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization Alain Volmat <alain.volmat(a)foss.st.com> dt-bindings: media: st,stmipid02: correct lane-polarities maxItems Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Fix set_device_control() Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Fix 90 degrees direction name North -> East Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Clamp effect playback LOOP_COUNT value Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Rename two functions to align them with naming convention Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Remove redundant call to pidff_find_special_keys Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Support device error response from PID_BLOCK_LOAD Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Comment and code style update Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: hid-universal-pidff: Add Asetek wheelbases support Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Factor out pool report fetch and remove excess declaration Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Use macros instead of hardcoded min/max values for shorts Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Simplify pidff_rescale_signed Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Move all hid-pidff definitions to a dedicated header Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Factor out code for setting gain Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Rescale time values to match field units Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Define values used in pidff_find_special_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Simplify pidff_upload_effect function Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Completely rework and fix pidff_reset function Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Stop all effects before enabling actuators Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Clamp PERIODIC effect period to device's logical range Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix s390_mmio_read/write syscall page fault handling Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Sheng Yong <shengyong1(a)xiaomi.com> erofs: set error to bio if file-backed IO fails Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Search an appropriate duty_cycle if period cannot be modified Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Jonathan McDowell <noodles(a)meta.com> tpm: End any active auth session before shutdown Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Workaround failed command reception on Infineon devices Ayush Jain <Ayush.jain3(a)amd.com> ktest: Fix Test Failures Due to Missing LOG_FILE Directories Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Add comments about entry data storing code Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check Christian König <christian.koenig(a)amd.com> drm/amdgpu: grab an additional reference on the gang fence v2 Ryo Takakura <ryotkkr98(a)gmail.com> PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Philipp Stanner <phasta(a)kernel.org> PCI: Check BAR index for validity Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Fix the race condition for draining retry fault Bjorn Helgaas <bhelgaas(a)google.com> PCI: Enable Configuration RRS SV early Ryan Seto <ryanseto(a)amd.com> drm/amd/display: Prevent VStartup Overflow Wentao Liang <vulab(a)iscas.ac.cn> drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Shawn Lin <shawn.lin(a)rock-chips.com> PCI: Add Rockchip Vendor ID AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: debugfs hang_hws skip GPU with MES Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix mode1 reset crash issue David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Lucas De Marchi <lucas.demarchi(a)intel.com> drivers: base: devres: Allow to release group on device release Mike Katsnelson <mike.katsnelson(a)amd.com> drm/amd/display: stop DML2 from removing pipes based on planes Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Update FIXED_VS Link Rate Toggle Workaround Usage Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/debugfs: fix printk format for bridge index Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for AYA NEO Slide Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Unlocked unmap only clear page table leaves Brendan Tam <Brendan.Tam(a)amd.com> drm/amd/display: add workaround flag to link to force FFE preset Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Update Cursor request mode to the beginning prefetch always Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/vf: Don't try to trigger a full GT reset if VF Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Don't send BEGIN_ID if VF has no context/doorbells Shekhar Chauhan <shekhar.chauhan(a)intel.com> drm/xe/bmg: Add new PCI IDs Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: Add quirk for broken READ_VOICE_SETTING Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: simplify WCN399x NVM loading Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: use the power sequencer for wcn6750 Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btusb: Add 2 HWIDs for MT7922 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Add device id of Whale Peak Dorian Cruveiller <doriancruveiller(a)gmail.com> Bluetooth: btusb: Add new VID/PID for WCN785x Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Boris Burkov <boris(a)bur.io> btrfs: harden block_group::bg_list against list_del() races Huacai Chen <chenhuacai(a)kernel.org> ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Philipp Hahn <phahn-oss(a)avm.de> cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Chao Yu <chao(a)kernel.org> Revert "f2fs: rebuild nat_bits during umount" Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Martin Schiller <ms(a)dev.tdt.de> net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Manish Dharanenthiran <quic_mdharane(a)quicinc.com> wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi Birger Koblitz <mail(a)birger-koblitz.de> net: sfp: add quirk for 2.5G OEM BX SFP Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Zhongqiu Han <quic_zhonhan(a)quicinc.com> jfs: Fix uninit-value access of imap allocated in the diMount() function Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> can: flexcan: add NXP S32G2/S32G3 SoC support Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> can: flexcan: Add quirk to handle separate interrupt lines for mailboxes Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Max Schulze <max.schulze(a)online.de> net: usb: asix_devices: add FiberGecko DeviceID Chaohai Chen <wdhh66(a)163.com> scsi: target: spc: Fix RSOC parameter data header size Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: ensure sdata->work is canceled before initialized. Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add strict mode disabling workarounds Chao Yu <chao(a)kernel.org> f2fs: don't retry IO for corrupted data scenario Pavel Begunkov <asml.silence(a)gmail.com> net: page_pool: don't cast mp param to devmem Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Avoid reply queue full condition Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Add 'external' to the libata.force kernel parameter P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Miaoqing Pan <quic_miaoqing(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_pci_remove() Miaoqing Pan <quic_miaoqing(a)quicinc.com> wifi: ath11k: fix memory leak in ath11k_xxx_remove() P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig Syed Saba kareem <syed.sabakareem(a)amd.com> ASoC: amd: yc: update quirk data for new Lenovo model keenplify <keenplify(a)gmail.com> ASoC: amd: Add DMI quirk for ACP6X mic support Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Aakarsh Jain <aakarsh.jain(a)samsung.com> media: s5p-mfc: Corrected NV12M/NV21M plane-sizes Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Actions UVC05 Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_audmix: register card device depends on 'dais' property Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: amd_sdw: Add quirks for Dell SKU's Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: ps: use macro for ACP6.3 pci revision id Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERIODIC_SINE_ONLY quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: Add hid-universal-pidff driver and supported device ids Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add FIX_WHEEL_DIRECTION quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERMISSIVE_CONTROL quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_PBO quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_DELAY quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Zhang Heng <zhangheng(a)kylinos.cn> ASoC: SOF: topology: Use krealloc_array() to replace krealloc() Daniel Schaefer <dhs(a)frame.work> platform/chrome: cros_ec_lpc: Match on Framework ACPI device Josh Poimboeuf <jpoimboe(a)kernel.org> tracing: Disable branch profiling in noinstr code Ingo Molnar <mingo(a)kernel.org> zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Paul E. McKenney <paulmck(a)kernel.org> Flush console log from kernel_power_off() Lizhi Xu <lizhi.xu(a)windriver.com> PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() Yunhui Cui <cuiyunhui(a)bytedance.com> perf/dwc_pcie: fix some unreleased resources Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Xin Li (Intel) <xin(a)zytor.com> x86/ia32: Leave NULL selector values 0~3 unchanged Uros Bizjak <ubizjak(a)gmail.com> x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 Matthew Wilcox (Oracle) <willy(a)infradead.org> x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW Dmitry Osipenko <dmitry.osipenko(a)collabora.com> irqchip/gic-v3: Add Rockchip 3568002 erratum workaround Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Paul E. McKenney <paulmck(a)kernel.org> srcu: Force synchronization for srcu_get_delay() Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Mateusz Guzik <mjguzik(a)gmail.com> fs: consistently deref the files table with rcu_dereference_raw() Frederic Weisbecker <frederic(a)kernel.org> perf: Fix hang while freeing sigtrap event Peter Zijlstra <peterz(a)infradead.org> perf/core: Simplify the perf_event_alloc() error path Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Marek Szyprowski <m.szyprowski(a)samsung.com> iommu/exynos: Fix suspend/resume with IDENTITY domain Ido Schimmel <idosch(a)nvidia.com> ethtool: cmis_cdb: Fix incorrect read / write length extension Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Ido Schimmel <idosch(a)nvidia.com> ipv6: Align behavior across nexthops during path selection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in decryption with multichannel Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/huc: Fix fence not released on early probe errors Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Chenyuan Yang <chenyuan0y(a)gmail.com> net: libwx: handle page_pool_dev_alloc_pages error Maxime Ripard <mripard(a)kernel.org> drm/tests: probe-helper: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: modes: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: cmdline: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: helpers: Create kunit helper to destroy a drm_display_mode Maxime Ripard <mripard(a)kernel.org> drm/tests: modeset: Fix drm_display_mode memory leak Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: Don't call .cleanup_data when prepare_data fails Toke Høiland-Jørgensen <toke(a)redhat.com> tc: Ensure we have enough buffer space when sending filter netlink notifications Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: qos: fix VF root node parent queue index Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Restore EIO errno return when GuC PC start fails Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/hw_engine: define sysfs_ops on all directories Petr Vaněk <arkamar(a)atlas.cz> x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI Badal Nilawar <badal.nilawar(a)intel.com> drm/i915: Disable RPG during live selftest Ming Lei <ming.lei(a)redhat.com> ublk: fix handling recovery & reissue in ublk_abort_queue() Edward Liaw <edliaw(a)google.com> selftests/futex: futex_waitv wouldblock test should fail Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: of: Fix the choice for Ingenic NAND quirk Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix race between newly created partition and dying one Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix error handling in remote_partition_disable() Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: adl: add 2xrt1316 audio configuration ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Documentation/arch/arm64/silicon-errata.rst | 2 + .../bindings/arm/qcom,coresight-tpda.yaml | 3 +- .../bindings/arm/qcom,coresight-tpdm.yaml | 3 +- .../bindings/media/i2c/st,st-mipid02.yaml | 2 +- Makefile | 7 +- arch/arm64/Kconfig | 9 + arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +- .../boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi | 7 - .../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/kvm_arm.h | 4 +- arch/arm64/include/asm/spectre.h | 1 - arch/arm64/include/asm/traps.h | 4 +- arch/arm64/kernel/proton-pack.c | 208 ++++---- arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/sys_regs.c | 204 ++++---- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/kvm/powerpc.c | 5 +- arch/s390/Makefile | 2 +- arch/s390/kernel/perf_cpum_cf.c | 9 +- arch/s390/kernel/perf_cpum_sf.c | 3 - arch/s390/pci/pci_bus.c | 3 + arch/s390/pci/pci_mmio.c | 18 +- arch/sparc/include/asm/pgtable_64.h | 2 - arch/sparc/mm/tlb.c | 5 +- arch/x86/Kbuild | 4 + arch/x86/Kconfig | 20 +- arch/x86/include/asm/irqflags.h | 40 +- arch/x86/include/asm/paravirt.h | 20 +- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/kernel/acpi/boot.c | 11 + arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/e820.c | 17 +- arch/x86/kernel/head64.c | 2 - arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/signal_32.c | 62 ++- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/x86.c | 4 + arch/x86/mm/kasan_init_64.c | 1 - arch/x86/mm/mem_encrypt_amd.c | 2 - arch/x86/mm/mem_encrypt_identity.c | 2 - arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/xen/enlighten.c | 10 + arch/x86/xen/setup.c | 3 - block/blk-mq.c | 1 + drivers/accel/ivpu/ivpu_debugfs.c | 4 +- drivers/accel/ivpu/ivpu_ipc.c | 3 +- drivers/accel/ivpu/ivpu_ms.c | 24 + drivers/acpi/Makefile | 4 + drivers/acpi/platform_profile.c | 20 +- drivers/ata/ahci.c | 11 + drivers/ata/ahci.h | 1 + drivers/ata/libahci.c | 4 + drivers/ata/libata-core.c | 38 ++ drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 13 +- drivers/auxdisplay/hd44780.c | 4 +- drivers/base/devres.c | 7 + drivers/block/ublk_drv.c | 30 +- drivers/bluetooth/btintel_pcie.c | 1 + drivers/bluetooth/btqca.c | 13 +- drivers/bluetooth/btusb.c | 32 ++ drivers/bluetooth/hci_ldisc.c | 19 +- drivers/bluetooth/hci_qca.c | 2 +- drivers/bluetooth/hci_uart.h | 1 + drivers/bus/mhi/host/main.c | 16 +- drivers/char/tpm/tpm-chip.c | 6 + drivers/char/tpm/tpm-interface.c | 7 - drivers/char/tpm/tpm_tis_core.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/clk/qcom/clk-branch.c | 4 +- drivers/clk/qcom/gdsc.c | 61 ++- drivers/clk/renesas/r9a07g043-cpg.c | 7 + drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpuidle/Makefile | 3 + drivers/crypto/ccp/sp-pci.c | 15 +- drivers/gpio/gpio-tegra186.c | 25 +- drivers/gpio/gpio-zynq.c | 1 + drivers/gpio/gpiolib-of.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 43 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 + .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 31 +- drivers/gpu/drm/amd/display/dc/dc.h | 2 + drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 8 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 2 + .../amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 26 - .../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 2 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 22 +- .../display/dc/link/protocols/link_dp_capability.c | 12 +- .../display/dc/link/protocols/link_dp_training.c | 2 + .../link_dp_training_fixed_vs_pe_retimer.c | 3 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 + drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_debugfs.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 19 +- drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 +- drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 + drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 + drivers/gpu/drm/i915/selftests/i915_selftest.c | 18 + drivers/gpu/drm/mediatek/mtk_dpi.c | 23 +- drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 + drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 +- drivers/gpu/drm/tests/drm_kunit_helpers.c | 22 + drivers/gpu/drm/tests/drm_modes_test.c | 22 + drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 +- drivers/gpu/drm/xe/xe_gt.c | 4 + drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 4 +- drivers/gpu/drm/xe/xe_gt_sriov_vf.c | 16 + drivers/gpu/drm/xe/xe_gt_sriov_vf.h | 1 + drivers/gpu/drm/xe/xe_guc_pc.c | 1 + drivers/gpu/drm/xe/xe_hw_engine_class_sysfs.c | 108 ++-- drivers/gpu/drm/xe/xe_tuning.c | 8 - drivers/gpu/drm/xe/xe_wa.c | 7 + drivers/hid/Kconfig | 14 + drivers/hid/Makefile | 1 + drivers/hid/hid-ids.h | 37 ++ drivers/hid/hid-universal-pidff.c | 202 ++++++++ drivers/hid/usbhid/hid-core.c | 1 + drivers/hid/usbhid/hid-pidff.c | 571 ++++++++++++++------- drivers/hid/usbhid/hid-pidff.h | 33 ++ drivers/i3c/master.c | 3 + drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/idle/Makefile | 5 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 32 +- drivers/iommu/exynos-iommu.c | 4 +- drivers/iommu/intel/iommu.c | 2 + drivers/iommu/intel/irq_remapping.c | 71 +-- drivers/iommu/iommufd/device.c | 123 ++++- drivers/iommu/iommufd/fault.c | 8 +- drivers/iommu/iommufd/iommufd_private.h | 33 +- drivers/iommu/mtk_iommu.c | 26 +- drivers/irqchip/irq-gic-v3-its.c | 23 +- drivers/irqchip/irq-renesas-rzv2h.c | 2 +- drivers/leds/rgb/leds-qcom-lpg.c | 8 +- drivers/mailbox/tegra-hsp.c | 72 ++- drivers/md/dm-ebs-target.c | 7 + drivers/md/dm-integrity.c | 48 +- drivers/md/dm-verity-target.c | 8 + drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/hi556.c | 5 +- drivers/media/i2c/imx214.c | 25 +- drivers/media/i2c/imx219.c | 106 ++-- drivers/media/i2c/imx319.c | 9 +- drivers/media/i2c/ov08x40.c | 8 +- drivers/media/i2c/ov7251.c | 4 +- drivers/media/pci/intel/ipu6/ipu6-isys-video.c | 1 + drivers/media/pci/mgb4/mgb4_cmt.c | 8 +- .../media/platform/chips-media/wave5/wave5-hw.c | 2 +- .../platform/chips-media/wave5/wave5-vpu-dec.c | 31 +- .../media/platform/chips-media/wave5/wave5-vpu.c | 4 +- .../platform/chips-media/wave5/wave5-vpuapi.c | 10 + .../mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +- .../mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 +- drivers/media/platform/nuvoton/npcm-video.c | 6 +- drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++- drivers/media/platform/qcom/venus/hfi_venus.c | 18 +- drivers/media/platform/rockchip/rga/rga-hw.c | 2 +- .../platform/samsung/s5p-mfc/s5p_mfc_opr_v6.c | 5 +- drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +- drivers/media/platform/xilinx/xilinx-tpg.c | 2 - drivers/media/rc/streamzap.c | 68 +-- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/test-drivers/visl/visl-core.c | 12 + drivers/media/usb/uvc/uvc_driver.c | 9 + drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/pci_endpoint_test.c | 3 +- drivers/mmc/host/dw_mmc.c | 94 +++- drivers/mmc/host/dw_mmc.h | 27 + drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 12 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/can/flexcan/flexcan-core.c | 35 +- drivers/net/can/flexcan/flexcan.h | 5 + drivers/net/dsa/mv88e6xxx/chip.c | 23 +- drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 3 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 + drivers/net/ethernet/microsoft/mana/mana_en.c | 46 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 11 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 3 +- drivers/net/phy/phy_device.c | 57 +- drivers/net/phy/sfp.c | 13 +- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/usb/asix_devices.c | 17 + drivers/net/usb/cdc_ether.c | 7 + drivers/net/usb/r8152.c | 6 + drivers/net/usb/r8153_ecm.c | 6 + drivers/net/wireless/ath/ath11k/ahb.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 3 +- drivers/net/wireless/ath/ath11k/dp.c | 35 +- drivers/net/wireless/ath/ath11k/fw.c | 3 +- drivers/net/wireless/ath/ath11k/pci.c | 3 +- drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +- drivers/net/wireless/ath/ath12k/pci.c | 1 + drivers/net/wireless/mediatek/mt76/eeprom.c | 4 + drivers/net/wireless/mediatek/mt76/mt76.h | 1 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 16 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 4 +- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 78 +-- drivers/pci/controller/cadence/pci-j721e.c | 5 +- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/controller/pcie-rockchip-host.c | 2 +- drivers/pci/controller/pcie-rockchip.h | 1 - drivers/pci/controller/vmd.c | 12 +- drivers/pci/devres.c | 18 +- drivers/pci/hotplug/pciehp_core.c | 5 +- drivers/pci/iomap.c | 29 +- drivers/pci/pci.c | 6 + drivers/pci/pci.h | 16 + drivers/pci/probe.c | 22 +- drivers/perf/arm_pmu.c | 8 +- drivers/perf/dwc_pcie_pmu.c | 33 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 98 ++-- drivers/pinctrl/samsung/pinctrl-exynos.h | 22 + drivers/pinctrl/samsung/pinctrl-samsung.c | 1 + drivers/pinctrl/samsung/pinctrl-samsung.h | 4 + drivers/platform/chrome/cros_ec_lpc.c | 22 +- drivers/platform/x86/x86-android-tablets/Kconfig | 1 + drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 8 +- drivers/pwm/pwm-rcar.c | 24 +- drivers/pwm/pwm-stm32.c | 12 +- drivers/s390/virtio/virtio_ccw.c | 16 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpi3mr/mpi3mr.h | 14 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 24 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 99 +++- drivers/scsi/st.c | 2 +- drivers/soc/samsung/exynos-chipid.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/spi/spi-fsl-qspi.c | 36 +- drivers/target/target_core_spc.c | 2 +- drivers/thermal/mediatek/lvts_thermal.c | 52 +- drivers/thermal/rockchip_thermal.c | 1 + drivers/ufs/host/ufs-qcom.c | 2 +- drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/video/backlight/led_bl.c | 5 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/balloon.c | 34 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/btrfs/disk-io.c | 12 + fs/btrfs/extent-tree.c | 8 + fs/btrfs/tests/extent-map-tests.c | 1 + fs/btrfs/transaction.c | 12 + fs/btrfs/zoned.c | 6 + fs/dlm/lock.c | 2 + fs/erofs/fileio.c | 2 + fs/ext4/inode.c | 68 ++- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 17 + fs/ext4/xattr.c | 11 +- fs/f2fs/checkpoint.c | 21 +- fs/f2fs/f2fs.h | 32 +- fs/f2fs/inode.c | 8 +- fs/f2fs/node.c | 110 ++-- fs/f2fs/super.c | 8 +- fs/file.c | 26 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 10 +- fs/jfs/jfs_imap.c | 4 +- fs/namespace.c | 3 +- fs/nfsd/nfs4callback.c | 2 +- fs/nfsd/nfsctl.c | 9 +- fs/nfsd/stats.c | 4 +- fs/nfsd/stats.h | 2 +- fs/smb/client/cifsencrypt.c | 16 +- fs/smb/client/connect.c | 3 + fs/smb/client/fs_context.c | 5 + fs/smb/client/inode.c | 10 + fs/smb/client/reparse.c | 4 - fs/smb/client/sess.c | 7 + fs/smb/client/smb2misc.c | 9 +- fs/smb/client/smb2ops.c | 6 +- fs/smb/client/smb2pdu.c | 11 +- fs/udf/inode.c | 1 + fs/userfaultfd.c | 51 +- include/drm/drm_kunit_helpers.h | 3 + include/drm/intel/pciids.h | 5 +- include/linux/cgroup-defs.h | 1 + include/linux/cgroup.h | 2 +- include/linux/hid.h | 6 - include/linux/io_uring_types.h | 3 + include/linux/kvm_host.h | 2 +- include/linux/page-flags.h | 6 + include/linux/pci_ids.h | 2 + include/linux/perf_event.h | 17 +- include/linux/pgtable.h | 14 +- include/linux/printk.h | 6 + include/linux/tpm.h | 1 + include/net/bluetooth/hci.h | 16 + include/net/bluetooth/hci_core.h | 4 + include/net/mac80211.h | 6 + include/net/sctp/structs.h | 3 +- include/net/sock.h | 40 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/landlock.h | 2 + include/uapi/linux/psp-sev.h | 21 +- include/uapi/linux/rkisp1-config.h | 2 +- include/xen/interface/xen-mca.h | 2 +- io_uring/io_uring.c | 4 +- io_uring/kbuf.c | 2 + io_uring/net.c | 3 + kernel/Makefile | 5 + kernel/cgroup/cgroup.c | 6 + kernel/cgroup/cpuset.c | 55 +- kernel/entry/Makefile | 3 + kernel/events/core.c | 184 +++---- kernel/locking/lockdep.c | 3 + kernel/power/hibernate.c | 6 +- kernel/printk/printk.c | 4 +- kernel/rcu/srcutree.c | 11 +- kernel/reboot.c | 1 + kernel/sched/Makefile | 5 + kernel/sched/ext.c | 4 +- kernel/time/Makefile | 6 + kernel/trace/ftrace.c | 9 +- kernel/trace/ring_buffer.c | 5 +- kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_synth.c | 1 - kernel/trace/trace_fprobe.c | 26 +- kernel/trace/trace_probe.c | 28 + lib/Makefile | 5 + lib/sg_split.c | 2 - lib/zstd/common/portability_macros.h | 2 +- mm/damon/ops-common.c | 2 +- mm/damon/paddr.c | 24 +- mm/hugetlb.c | 2 +- mm/memory-failure.c | 11 +- mm/memory_hotplug.c | 3 +- mm/mremap.c | 10 +- mm/page_vma_mapped.c | 13 +- mm/rmap.c | 2 +- mm/shmem.c | 3 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +- net/bluetooth/hci_sync.c | 6 +- net/core/filter.c | 80 +-- net/core/page_pool.c | 8 +- net/core/page_pool_user.c | 2 +- net/core/sock.c | 5 + net/ethtool/cmis.h | 1 - net/ethtool/cmis_cdb.c | 18 +- net/ethtool/netlink.c | 8 +- net/ipv6/route.c | 8 +- net/mac80211/debugfs.c | 44 +- net/mac80211/iface.c | 5 +- net/mac80211/mesh_hwmp.c | 14 +- net/mac80211/mlme.c | 45 +- net/mptcp/sockopt.c | 28 + net/mptcp/subflow.c | 19 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/sched/cls_api.c | 66 ++- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_sfq.c | 66 ++- net/sctp/socket.c | 22 +- net/sctp/transport.c | 2 + net/sunrpc/xprtrdma/svc_rdma_transport.c | 3 +- net/tipc/link.c | 1 + net/tls/tls_main.c | 6 + scripts/generate_builtin_ranges.awk | 5 + security/integrity/ima/ima.h | 3 +- security/integrity/ima/ima_main.c | 18 +- security/landlock/errata.h | 99 ++++ security/landlock/errata/abi-4.h | 15 + security/landlock/errata/abi-6.h | 19 + security/landlock/fs.c | 39 +- security/landlock/setup.c | 38 +- security/landlock/setup.h | 3 + security/landlock/syscalls.c | 22 +- security/landlock/task.c | 12 + sound/pci/hda/hda_intel.c | 44 +- sound/pci/hda/patch_realtek.c | 22 + sound/soc/amd/acp/acp-sdw-legacy-mach.c | 34 ++ sound/soc/amd/acp/soc_amd_sdw_common.h | 1 + sound/soc/amd/ps/acp63.h | 1 + sound/soc/amd/ps/pci-ps.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/wcd937x.c | 2 + sound/soc/fsl/fsl_audmix.c | 16 +- sound/soc/intel/common/soc-acpi-intel-adl-match.c | 29 ++ sound/soc/qcom/qdsp6/q6apm-dai.c | 60 ++- sound/soc/qcom/qdsp6/q6apm.c | 18 +- sound/soc/qcom/qdsp6/q6apm.h | 3 + sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +- sound/soc/sof/topology.c | 4 +- sound/usb/midi.c | 80 ++- tools/objtool/check.c | 5 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/ktest/ktest.pl | 8 + .../futex/functional/futex_wait_wouldblock.c | 2 +- tools/testing/selftests/landlock/base_test.c | 46 +- tools/testing/selftests/landlock/common.h | 1 + .../selftests/landlock/scoped_signal_test.c | 108 +++- tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 +- virt/kvm/Kconfig | 2 +- virt/kvm/eventfd.c | 10 +- 421 files changed, 5137 insertions(+), 2163 deletions(-)

4 months, 2 weeks

5
419
0 0

[PATCH] HID: amd_sfh: Fix SRA sensor when it's the only sensor

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> On systems that only have an SRA sensor connected to SFH the sensor doesn't get enabled due to a bad optimization condition of breaking the sensor walk loop. This optimization is unnecessary in the first place because if there is only one device then the loop only runs once. Drop the condition and explicitly mark sensor as enabled. Reported-by: Yijun Shen <Yijun.Shen(a)dell.com> Fixes: d1c444b47100d ("HID: amd_sfh: Add support to export device operating states") Cc: stable(a)vger.kernel.org Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c index 25f0ebfcbd5f5..c1bdf1e0d44af 100644 --- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c +++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c @@ -134,9 +134,6 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) for (i = 0; i < cl_data->num_hid_devices; i++) { cl_data->sensor_sts[i] = SENSOR_DISABLED; - if (cl_data->num_hid_devices == 1 && cl_data->sensor_idx[0] == SRA_IDX) - break; - if (cl_data->sensor_idx[i] == SRA_IDX) { info.sensor_idx = cl_data->sensor_idx[i]; writel(0, privdata->mmio + amd_get_p2c_val(privdata, 0)); @@ -145,8 +142,10 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) (privdata, cl_data->sensor_idx[i], ENABLE_SENSOR); cl_data->sensor_sts[i] = (status == 0) ? SENSOR_ENABLED : SENSOR_DISABLED; - if (cl_data->sensor_sts[i] == SENSOR_ENABLED) + if (cl_data->sensor_sts[i] == SENSOR_ENABLED) { + cl_data->is_any_sensor_enabled = true; privdata->dev_en.is_sra_present = true; + } continue; } -- 2.43.0

4 months, 2 weeks

4
3
0 0

[PATCH v2 RESEND] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen

by Qasim Ijaz

During wacom_parse_and_register() the code calls wacom_devm_kfifo_alloc to allocate a fifo. During this operation it passes kfifo_alloc a fifo_size of 0. Kfifo attempts to round the size passed to it to the next power of 2 via roundup_pow_of_two (queue-type data structures do this to maintain efficiency of operations). However during this phase a problem arises when the roundup_pow_of_two() function utilises a shift exponent of fls_long(n-1), where n is the fifo_size. Since n is 0 in this case and n is also an unsigned long, doing n-1 causes unsigned integer wrap-around to occur making the fifo_size 4294967295. So the code effectively does fls_long(4294967295) which results in 64. Returning back to roundup_pow_of_two(), the code utilises a shift exponent of 64. When a shift exponent of 64 is used on a 64-bit type such as 1UL it results in a shift-out-of-bounds. The root cause of the issue seems to stem from insufficient validation of wacom_compute_pktlen(), since in this case the fifo_size comes from wacom_wac->features.pktlen. During wacom_parse_and_register() the wacom_compute_pktlen() function sets the pktlen as 0. To fix this, we should handle cases where wacom_compute_pktlen() results in 0. Reported-by: syzbot <syzbot+d5204cbbdd921f1f7cad(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=d5204cbbdd921f1f7cad Fixes: 5e013ad20689 ("HID: wacom: Remove static WACOM_PKGLEN_MAX limit") Tested-by: Qasim Ijaz <qasdev00(a)gmail.com> Reviewed-by: Jason Gerecke <jason.gerecke(a)wacom.com> Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- v2: - Added Fixes tag as suggested by Jason Gerecke drivers/hid/wacom_sys.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c index 97393a3083ca..9b2f3dbca467 100644 --- a/drivers/hid/wacom_sys.c +++ b/drivers/hid/wacom_sys.c @@ -2361,6 +2361,8 @@ static int wacom_parse_and_register(struct wacom *wacom, bool wireless) unsigned int connect_mask = HID_CONNECT_HIDRAW; features->pktlen = wacom_compute_pktlen(hdev); + if (!features->pktlen) + return -ENODEV; if (!devres_open_group(&hdev->dev, wacom, GFP_KERNEL)) return -ENOMEM; -- 2.39.5

4 months, 2 weeks

2
1
0 0

Potential Linux Crash: WARNING in release_bp_slot in linux6.12.24(longterm maintenance)

by ffhgfv

Hello, I found a potential bug titled " WARNING in release_bp_slot " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025). If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <xnxc22xnxc22(a)qq.com>, xingwei lee <xrivendell7(a)gmail.com>,Penglei Jiang <superman.xpt(a)gmail.com> The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 The reproduction program written in C language is at the end. ------------[ cut here ]----------------------------------------- TITLE: WARNING in release_bp_slot ------------[ cut here ]------------ loop2: detected capacity change from 0 to 64 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 38650 at kernel/events/hw_breakpoint.c:614 __release_bp_slot kernel/events/hw_breakpoint.c:614 [inline] WARNING: CPU: 1 PID: 38650 at kernel/events/hw_breakpoint.c:614 __release_bp_slot kernel/events/hw_breakpoint.c:607 [inline] WARNING: CPU: 1 PID: 38650 at kernel/events/hw_breakpoint.c:614 release_bp_slot+0x6b/0x90 kernel/events/hw_breakpoint.c:621 Modules linked in: CPU: 1 UID: 0 PID: 38650 Comm: syz.2.3497 Not tainted 6.12.24 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:__release_bp_slot kernel/events/hw_breakpoint.c:614 [inline] RIP: 0010:__release_bp_slot kernel/events/hw_breakpoint.c:607 [inline] RIP: 0010:release_bp_slot+0x6b/0x90 kernel/events/hw_breakpoint.c:621 Code: e8 8a c1 ff ff 31 ff 89 c5 89 c6 e8 7f 95 ce ff 85 ed 75 10 e8 86 9a ce ff 4c 89 e7 5d 41 5c e9 7b b7 ff ff e8 76 9a ce ff 90 <0f> 0b 90 e8 6d 9a ce ff 4c 89 e7 5d 41 5c e9 62 b7 ff ff e8 3d c3 RSP: 0018:ffffc90006effc58 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff888027788620 RCX: ffffc90010ce2000 RDX: 0000000000080000 RSI: ffffffff81bd948a RDI: 0000000000000005 RBP: 00000000fffffffe R08: 0000000000000001 R09: ffff88804cc82fd8 R10: 00000000fffffffe R11: 0000000000000000 R12: ffff88804cc83928 R13: ffff8880277886b8 R14: ffff888027788b98 R15: 00000000ffffffa1 FS: 00007ff310df6640(0000) GS:ffff88807ee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2000b85150 CR3: 000000007ce38000 CR4: 0000000000752ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 80000000 Call Trace: <task> __free_event+0x1d9/0x870 kernel/events/core.c:5330 perf_event_alloc.part.0+0x1225/0x3620 kernel/events/core.c:12437 perf_event_alloc kernel/events/core.c:12749 [inline] __do_sys_perf_event_open+0x4c9/0x2c40 kernel/events/core.c:12847 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff312fad5ad Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff310df5f98 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007ff3131e5fa0 RCX: 00007ff312fad5ad RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000004c0 RBP: 00007ff313046d56 R08: 000000000000000a R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ff3131e5fa0 R15: 00007ff310dd6000 </task> ================================================================== The following is the poc： -------------------------------------------------------------------------------------- #define _GNU_SOURCE #include <endian.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys syscall.h=""> #include <sys types.h=""> #include <unistd.h> #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \ *(type*)(addr) = \ htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \ (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } *(uint32_t*)0x2000000004c0 = 5; *(uint32_t*)0x2000000004c4 = 0x80; *(uint8_t*)0x2000000004c8 = 8; *(uint8_t*)0x2000000004c9 = 0xaf; *(uint8_t*)0x2000000004ca = 0; *(uint8_t*)0x2000000004cb = 8; *(uint32_t*)0x2000000004cc = 0; *(uint64_t*)0x2000000004d0 = 4; *(uint64_t*)0x2000000004d8 = 0x402; *(uint64_t*)0x2000000004e0 = 0xc; STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 2, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 3, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 5, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 6, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 7, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 8, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 9, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 10, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 11, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 12, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 13, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 14, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 15, 2); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 17, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 18, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 19, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 20, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 21, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 22, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 23, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 24, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 25, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 26, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 27, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 28, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 29, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 30, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 31, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 32, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 33, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 34, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 35, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 36, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 37, 1); STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 38, 26); *(uint32_t*)0x2000000004f0 = 2; *(uint32_t*)0x2000000004f4 = 2; *(uint64_t*)0x2000000004f8 = 0x8000; *(uint64_t*)0x200000000500 = 2; *(uint64_t*)0x200000000508 = 0x100001; *(uint64_t*)0x200000000510 = 0x839; *(uint32_t*)0x200000000518 = 8; *(uint32_t*)0x20000000051c = 7; *(uint64_t*)0x200000000520 = 0x8000000000000000; *(uint32_t*)0x200000000528 = 0x5e4; *(uint16_t*)0x20000000052c = 0xfefd; *(uint16_t*)0x20000000052e = 0; *(uint32_t*)0x200000000530 = 0x10000004; *(uint32_t*)0x200000000534 = 0; *(uint64_t*)0x200000000538 = 0x40000000000002; syscall(__NR_perf_event_open, /*attr=*/0x2000000004c0ul, /*pid=*/0, /*cpu=*/0ul, /*group=*/(intptr_t)-1, /*flags=PERF_FLAG_FD_CLOEXEC|PERF_FLAG_FD_OUTPUT*/ 0xaul); return 0; } I hope it helps. Best regards Jianzhou Zhao</unistd.h></sys></sys></string.h></stdlib.h></stdio.h></stdint.h></endian.h></superman.xpt(a)gmail.com></xrivendell7(a)gmail.com></xnxc22xnxc22(a)qq.com>

4 months, 2 weeks

2
1
0 0

[PATCH v1] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()

by Terry Junge

Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> --- v1: Remove unnecessary for loop searching for the report descriptor size. base-commit: 58c9bf3363e596d744f56616d407278ef5f97f5a P.S. This is an alternative to the solution proposed by Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Link: https://lore.kernel.org/all/20250131151600.410242-1-n.zhandarovich@fintech.… include/linux/hid.h | 3 ++- drivers/usb/gadget/function/f_hid.c | 12 ++++++------ drivers/hid/hid-hyperv.c | 4 ++-- drivers/hid/usbhid/hid-core.c | 25 ++++++++++++++----------- 4 files changed, 24 insertions(+), 20 deletions(-) diff --git a/include/linux/hid.h b/include/linux/hid.h index cdc0dc13c87f..7abc8c74bdd5 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -738,8 +738,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \ diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index a6eb6fe6130d..e668143b559d 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -983,12 +983,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1010,20 +1009,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1051,6 +1049,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%hhu unsupported optional hid class descriptors\n", + hdesc->bNumDescriptors - 1); + hid->quirks |= quirks; return 0; -- 2.43.0

4 months, 2 weeks

4
4
0 0

[PATCH v3] arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2

by Wojciech Dubowik

Define vqmmc regulator-gpio for usdhc2 with vin-supply coming from LDO5. Without this definition LDO5 will be powered down, disabling SD card after bootup. This has been introduced in commit f5aab0438ef1 ("regulator: pca9450: Fix enable register for LDO5"). Fixes: f5aab0438ef1 ("regulator: pca9450: Fix enable register for LDO5") Cc: stable(a)vger.kernel.org Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik(a)mt.com> --- v1 -> v2: https://lore.kernel.org/all/20250417112012.785420-1-Wojciech.Dubowik@mt.com/ - define gpio regulator for LDO5 vin controlled by vselect signal v2 -> v3: https://lore.kernel.org/all/20250422130127.GA238494@francesco-nb/ - specify vselect as gpio --- .../boot/dts/freescale/imx8mm-verdin.dtsi | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi index 7251ad3a0017..b46566f3ce20 100644 --- a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi +++ b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi @@ -144,6 +144,19 @@ reg_usdhc2_vmmc: regulator-usdhc2 { startup-delay-us = <20000>; }; + reg_usdhc2_vqmmc: regulator-usdhc2-vqmmc { + compatible = "regulator-gpio"; + pinctrl-names = "default"; + pinctrl-0 = <&pinctrl_usdhc2_vsel>; + gpios = <&gpio1 4 GPIO_ACTIVE_HIGH>; + regulator-max-microvolt = <3300000>; + regulator-min-microvolt = <1800000>; + states = <1800000 0x1>, + <3300000 0x0>; + regulator-name = "PMIC_USDHC_VSELECT"; + vin-supply = <&reg_nvcc_sd>; + }; + reserved-memory { #address-cells = <2>; #size-cells = <2>; @@ -269,7 +282,7 @@ &gpio1 { "SODIMM_19", "", "", - "", + "PMIC_USDHC_VSELECT", "", "", "", @@ -785,6 +798,7 @@ &usdhc2 { pinctrl-2 = <&pinctrl_usdhc2_200mhz>, <&pinctrl_usdhc2_cd>; pinctrl-3 = <&pinctrl_usdhc2_sleep>, <&pinctrl_usdhc2_cd_sleep>; vmmc-supply = <&reg_usdhc2_vmmc>; + vqmmc-supply = <&reg_usdhc2_vqmmc>; }; &wdog1 { @@ -1206,13 +1220,17 @@ pinctrl_usdhc2_pwr_en: usdhc2pwrengrp { <MX8MM_IOMUXC_NAND_CLE_GPIO3_IO5 0x6>; /* SODIMM 76 */ }; + pinctrl_usdhc2_vsel: usdhc2vselgrp { + fsl,pins = + <MX8MM_IOMUXC_GPIO1_IO04_GPIO1_IO4 0x10>; /* PMIC_USDHC_VSELECT */ + }; + /* * Note: Due to ERR050080 we use discrete external on-module resistors pulling-up to the * on-module +V3.3_1.8_SD (LDO5) rail and explicitly disable the internal pull-ups here. */ pinctrl_usdhc2: usdhc2grp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x90>, /* SODIMM 78 */ <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x90>, /* SODIMM 74 */ <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x90>, /* SODIMM 80 */ @@ -1223,7 +1241,6 @@ pinctrl_usdhc2: usdhc2grp { pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x94>, <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x94>, <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x94>, @@ -1234,7 +1251,6 @@ pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp { pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x96>, <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x96>, <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x96>, @@ -1246,7 +1262,6 @@ pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp { /* Avoid backfeeding with removed card power */ pinctrl_usdhc2_sleep: usdhc2slpgrp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x0>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x0>, <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x0>, <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x0>, -- 2.47.2

4 months, 2 weeks

4
12
0 0

[PATCH 5.10.y] perf: Fix perf_pending_task() UaF

by Xiangyu Chen

From: Peter Zijlstra <peterz(a)infradead.org> [ Upstream commit 517e6a301f34613bff24a8e35b5455884f2d83d8 ] Per syzbot it is possible for perf_pending_task() to run after the event is free()'d. There are two related but distinct cases: - the task_work was already queued before destroying the event; - destroying the event itself queues the task_work. The first cannot be solved using task_work_cancel() since perf_release() itself might be called from a task_work (____fput), which means the current->task_works list is already empty and task_work_cancel() won't be able to find the perf_pending_task() entry. The simplest alternative is extending the perf_event lifetime to cover the task_work. The second is just silly, queueing a task_work while you know the event is going away makes no sense and is easily avoided by re-arranging how the event is marked STATE_DEAD and ensuring it goes through STATE_OFF on the way down. Reported-by: syzbot+9228d6098455bb209ec8(a)syzkaller.appspotmail.com Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Tested-by: Marco Elver <elver(a)google.com> [ Discard the changes in event_sched_out() due to 5.10 don't have the commit: 97ba62b27867 ("perf: Add support for SIGTRAP on perf events") and commit: ca6c21327c6a ("perf: Fix missing SIGTRAPs") ] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- kernel/events/core.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 8f19d6ab039e..798c839a00b3 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -2419,6 +2419,7 @@ group_sched_out(struct perf_event *group_event, } #define DETACH_GROUP 0x01UL +#define DETACH_DEAD 0x04UL /* * Cross CPU call to remove a performance event @@ -2439,10 +2440,18 @@ __perf_remove_from_context(struct perf_event *event, update_cgrp_time_from_cpuctx(cpuctx, false); } + /* + * Ensure event_sched_out() switches to OFF, at the very least + * this avoids raising perf_pending_task() at this time. + */ + if (flags & DETACH_DEAD) + event->pending_disable = 1; event_sched_out(event, cpuctx, ctx); if (flags & DETACH_GROUP) perf_group_detach(event); list_del_event(event, ctx); + if (flags & DETACH_DEAD) + event->state = PERF_EVENT_STATE_DEAD; if (!ctx->nr_events && ctx->is_active) { if (ctx == &cpuctx->ctx) @@ -5111,9 +5120,7 @@ int perf_event_release_kernel(struct perf_event *event) ctx = perf_event_ctx_lock(event); WARN_ON_ONCE(ctx->parent_ctx); - perf_remove_from_context(event, DETACH_GROUP); - raw_spin_lock_irq(&ctx->lock); /* * Mark this event as STATE_DEAD, there is no external reference to it * anymore. @@ -5125,8 +5132,7 @@ int perf_event_release_kernel(struct perf_event *event) * Thus this guarantees that we will in fact observe and kill _ALL_ * child events. */ - event->state = PERF_EVENT_STATE_DEAD; - raw_spin_unlock_irq(&ctx->lock); + perf_remove_from_context(event, DETACH_GROUP|DETACH_DEAD); perf_event_ctx_unlock(event, ctx); @@ -6533,6 +6539,8 @@ static void perf_pending_event(struct irq_work *entry) if (rctx >= 0) perf_swevent_put_recursion_context(rctx); + + put_event(event); } /* -- 2.34.1

4 months, 2 weeks

3
5
0 0

[PATCH v2 RESEND] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()

by Haoxiang Li

Add video_device_release() in label 'err_m2m' to release the memory allocated by video_device_alloc() and prevent potential memory leaks. Remove the reduntant code in label 'err_m2m'. Fixes: a8ef0488cc59 ("media: imx: add csc/scaler mem2mem device") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> --- Changes in v2: - Remove the reduntant code. Thanks, Dan! --- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/media/imx/imx-media-csc-scaler.c b/drivers/staging/media/imx/imx-media-csc-scaler.c index e5e08c6f79f2..19fd31cb9bb0 100644 --- a/drivers/staging/media/imx/imx-media-csc-scaler.c +++ b/drivers/staging/media/imx/imx-media-csc-scaler.c @@ -912,7 +912,7 @@ imx_media_csc_scaler_device_init(struct imx_media_dev *md) return &priv->vdev; err_m2m: - video_set_drvdata(vfd, NULL); + video_device_release(vfd); err_vfd: kfree(priv); return ERR_PTR(ret); -- 2.25.1

4 months, 2 weeks

1
0
0 0

[PATCH 2/2] drm/dp: Add handling for partially read under I2-readC-over-AUX

by Wayne Lin

[Why] There is no handling for I2C-read-over-AUX when receive reply of I2C_ACK|AUX_ACK followed by the total number of data bytes Fewer than LEN + 1 [How] Refer to DP v2.1: 2.11.7.1.6.3 & 2.11.7.1.6.4, repeat the identical I2C-read-over-AUX transaction with the updated LEN value equal to the original LEN value minus the total number of data bytes received so far. Fixes: 68ec2a2a2481 ("drm/dp: Use I2C_WRITE_STATUS_UPDATE to drain partial I2C_WRITE requests") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/display/drm_dp_helper.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c index 28f0708c3b27..938214a980a9 100644 --- a/drivers/gpu/drm/display/drm_dp_helper.c +++ b/drivers/gpu/drm/display/drm_dp_helper.c @@ -1812,10 +1812,11 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) drm_dbg_kms(aux->drm_dev, "%s: I2C partially ack (result=%d, size=%zu)\n", aux->name, ret, msg->size); - if (!(msg->request & DP_AUX_I2C_READ)) { - usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100); + usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100); + if (msg->request & DP_AUX_I2C_READ) + msg->size -= ret; + else drm_dp_i2c_msg_write_status_update(msg); - } continue; } -- 2.43.0

4 months, 2 weeks

1
0
0 0

[PATCH RESEND] scsi: esas2r: Add check for alloc_ordered_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() in esas2r_init_adapter() to catch potential exception. Fixes: 4cb1b41a5ee4 ("scsi: esas2r: Simplify an alloc_ordered_workqueue() invocation") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/scsi/esas2r/esas2r_init.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/scsi/esas2r/esas2r_init.c b/drivers/scsi/esas2r/esas2r_init.c index 04a07fe57be2..9c0225a1f208 100644 --- a/drivers/scsi/esas2r/esas2r_init.c +++ b/drivers/scsi/esas2r/esas2r_init.c @@ -313,6 +313,11 @@ int esas2r_init_adapter(struct Scsi_Host *host, struct pci_dev *pcid, esas2r_fw_event_off(a); a->fw_event_q = alloc_ordered_workqueue("esas2r/%d", WQ_MEM_RECLAIM, a->index); + if (!a->fw_event_q) { + esas2r_log(ESAS2R_LOG_CRIT, "failed to create work queue\n"); + esas2r_kill_adapter(index); + return 0; + } init_waitqueue_head(&a->buffered_ioctl_waiter); init_waitqueue_head(&a->nvram_waiter); -- 2.25.1

4 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2025