May 2025 - Linux-stable-mirror

[PATCH] xenbus: Use kref to track req lifetime

by Jason Andryuk

Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: <TASK> __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x2f0 xenbus_thread+0x165/0x1c0 process_msg+0x18e is req->cb(req). req->cb is set to xs_wake_up(), a thin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems like it was xs_wake_up() in this case. It seems like req may have woken up the xs_wait_for_reply(), which kfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed data. Linux Device Drivers 2nd edition states: "Normally, a wake_up call can cause an immediate reschedule to happen, meaning that other processes might run before wake_up returns." ... which would match the behaviour observed. Change to keeping two krefs on each request. One for the caller, and one for xenbus_thread. Each will kref_put() when finished, and the last will free it. This use of kref matches the description in Documentation/core-api/kref.rst Link: https://lore.kernel.org/xen-devel/ZO0WrR5J0xuwDIxW@mail-itl/ Reported-by: "Marek Marczykowski-Górecki" <marmarek(a)invisiblethingslab.com> Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- Kinda RFC-ish as I don't know if it fixes Marek's issue. This does seem like the correct approach if we are seeing req free()ed out from under xenbus_thread. drivers/xen/xenbus/xenbus.h | 2 ++ drivers/xen/xenbus/xenbus_comms.c | 9 ++++----- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- drivers/xen/xenbus/xenbus_xs.c | 18 ++++++++++++++++-- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h index 13821e7e825e..9ac0427724a3 100644 --- a/drivers/xen/xenbus/xenbus.h +++ b/drivers/xen/xenbus/xenbus.h @@ -77,6 +77,7 @@ enum xb_req_state { struct xb_req_data { struct list_head list; wait_queue_head_t wq; + struct kref kref; struct xsd_sockmsg msg; uint32_t caller_req_id; enum xsd_sockmsg_type type; @@ -103,6 +104,7 @@ int xb_init_comms(void); void xb_deinit_comms(void); int xs_watch_msg(struct xs_watch_event *event); void xs_request_exit(struct xb_req_data *req); +void xs_free_req(struct kref *kref); int xenbus_match(struct device *_dev, const struct device_driver *_drv); int xenbus_dev_probe(struct device *_dev); diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c index e5fda0256feb..82df2da1b880 100644 --- a/drivers/xen/xenbus/xenbus_comms.c +++ b/drivers/xen/xenbus/xenbus_comms.c @@ -309,8 +309,8 @@ static int process_msg(void) virt_wmb(); req->state = xb_req_state_got_reply; req->cb(req); - } else - kfree(req); + } + kref_put(&req->kref, xs_free_req); } mutex_unlock(&xs_response_mutex); @@ -386,14 +386,13 @@ static int process_writes(void) state.req->msg.type = XS_ERROR; state.req->err = err; list_del(&state.req->list); - if (state.req->state == xb_req_state_aborted) - kfree(state.req); - else { + if (state.req->state != xb_req_state_aborted) { /* write err, then update state */ virt_wmb(); state.req->state = xb_req_state_got_reply; wake_up(&state.req->wq); } + kref_put(&state.req->kref, xs_free_req); mutex_unlock(&xb_write_mutex); diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c index 46f8916597e5..f5c21ba64df5 100644 --- a/drivers/xen/xenbus/xenbus_dev_frontend.c +++ b/drivers/xen/xenbus/xenbus_dev_frontend.c @@ -406,7 +406,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req) mutex_unlock(&u->reply_mutex); kfree(req->body); - kfree(req); + kref_put(&req->kref, xs_free_req); kref_put(&u->kref, xenbus_file_free); diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c index d32c726f7a12..dcf9182c8451 100644 --- a/drivers/xen/xenbus/xenbus_xs.c +++ b/drivers/xen/xenbus/xenbus_xs.c @@ -112,6 +112,12 @@ static void xs_suspend_exit(void) wake_up_all(&xs_state_enter_wq); } +void xs_free_req(struct kref *kref) +{ + struct xb_req_data *req = container_of(kref, struct xb_req_data, kref); + kfree(req); +} + static uint32_t xs_request_enter(struct xb_req_data *req) { uint32_t rq_id; @@ -237,6 +243,12 @@ static void xs_send(struct xb_req_data *req, struct xsd_sockmsg *msg) req->caller_req_id = req->msg.req_id; req->msg.req_id = xs_request_enter(req); + /* + * Take 2nd ref. One for this thread, and the second for the + * xenbus_thread. + */ + kref_get(&req->kref); + mutex_lock(&xb_write_mutex); list_add_tail(&req->list, &xb_write_list); notify = list_is_singular(&xb_write_list); @@ -261,8 +273,8 @@ static void *xs_wait_for_reply(struct xb_req_data *req, struct xsd_sockmsg *msg) if (req->state == xb_req_state_queued || req->state == xb_req_state_wait_reply) req->state = xb_req_state_aborted; - else - kfree(req); + + kref_put(&req->kref, xs_free_req); mutex_unlock(&xb_write_mutex); return ret; @@ -291,6 +303,7 @@ int xenbus_dev_request_and_reply(struct xsd_sockmsg *msg, void *par) req->cb = xenbus_dev_queue_reply; req->par = par; req->user_req = true; + kref_init(&req->kref); xs_send(req, msg); @@ -319,6 +332,7 @@ static void *xs_talkv(struct xenbus_transaction t, req->num_vecs = num_vecs; req->cb = xs_wake_up; req->user_req = false; + kref_init(&req->kref); msg.req_id = 0; msg.tx_id = t.id; -- 2.34.1

3 hours, 5 minutes

2
2
0 0

[PATCH v5] mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled

by Ignacio Moreno Gonzalez via B4 Relay

From: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") maps the mmap option MAP_STACK to VM_NOHUGEPAGE. This is also done if CONFIG_TRANSPARENT_HUGEPAGE is not defined. But in that case, the VM_NOHUGEPAGE does not make sense. I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGEPAGE. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. Fixes: c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") Cc: stable(a)vger.kernel.org Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> --- I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGEPAGE. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. The mapping MAP_STACK -> VM_NOHUGEPAGE was introduced by commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") in order to fix a regression introduced by commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries"). The change introducing the regression (efa7df3e3bb5) was limited to THP kernels, but its fix (c4608d1bf7c6) is applied without checking if THP is set. The mapping MAP_STACK -> VM_NOHUGEPAGE should only be applied if THP is enabled. --- Changes in v5: - Correct typo CONFIG_TRANSPARENT_HUGETABLES -> CONFIG_TRANSPARENT_HUGEPAGE in patch description - Link to v4: https://lore.kernel.org/r/20250507-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v4: - Correct typo CONFIG_TRANSPARENT_HUGETABLES -> CONFIG_TRANSPARENT_HUGEPAGE - Copy description from cover letter to commit description - Link to v3: https://lore.kernel.org/r/20250507-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v3: - Exclude non-stable patch (for huge_mm.h) from this series to avoid mixing stable and non-stable patches, as suggested by Andrew. - Extend description in cover letter. - Link to v2: https://lore.kernel.org/r/20250506-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v2: - [Patch 1/2] Use '#ifdef' instead of '#if defined(...)' - [Patch 1/2] Add 'Fixes: c4608d1bf7c6...' - Create [Patch 2/2] - Link to v1: https://lore.kernel.org/r/20250502-map-map_stack-to-vm_nohugepage-only-if-t… --- include/linux/mman.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/mman.h b/include/linux/mman.h index bce214fece16b9af3791a2baaecd6063d0481938..f4c6346a8fcd29b08d43f7cd9158c3eddc3383e1 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -155,7 +155,9 @@ calc_vm_flag_bits(struct file *file, unsigned long flags) return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | +#ifdef CONFIG_TRANSPARENT_HUGEPAGE _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | +#endif arch_calc_vm_flag_bits(file, flags); } --- base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 change-id: 20250428-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled-ce40a1de095d Best regards, -- Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com>

3 hours, 6 minutes

2
1
0 0

[PATCH v1] drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS()

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> The deprecated UNIVERSAL_DEV_PM_OPS() macro uses the provided callbacks for both runtime PM and system sleep. This causes the DSI clocks to be disabled twice: once during runtime suspend and again during system suspend, resulting in a WARN message from the clock framework when attempting to disable already-disabled clocks. [ 84.384540] clk:231:5 already disabled [ 84.388314] WARNING: CPU: 2 PID: 531 at /drivers/clk/clk.c:1181 clk_core_disable+0xa4/0xac ... [ 84.579183] Call trace: [ 84.581624] clk_core_disable+0xa4/0xac [ 84.585457] clk_disable+0x30/0x4c [ 84.588857] cdns_dsi_suspend+0x20/0x58 [cdns_dsi] [ 84.593651] pm_generic_suspend+0x2c/0x44 [ 84.597661] ti_sci_pd_suspend+0xbc/0x15c [ 84.601670] dpm_run_callback+0x8c/0x14c [ 84.605588] __device_suspend+0x1a0/0x56c [ 84.609594] dpm_suspend+0x17c/0x21c [ 84.613165] dpm_suspend_start+0xa0/0xa8 [ 84.617083] suspend_devices_and_enter+0x12c/0x634 [ 84.621872] pm_suspend+0x1fc/0x368 To address this issue, replace UNIVERSAL_DEV_PM_OPS() with DEFINE_RUNTIME_DEV_PM_OPS(), which avoids redundant suspend/resume calls by checking if the device is already runtime suspended. Cc: <stable(a)vger.kernel.org> # 6.1.x Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index b022dd6e6b6e..62179e55e032 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -1258,7 +1258,7 @@ static const struct mipi_dsi_host_ops cdns_dsi_ops = { .transfer = cdns_dsi_transfer, }; -static int __maybe_unused cdns_dsi_resume(struct device *dev) +static int cdns_dsi_resume(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1269,7 +1269,7 @@ static int __maybe_unused cdns_dsi_resume(struct device *dev) return 0; } -static int __maybe_unused cdns_dsi_suspend(struct device *dev) +static int cdns_dsi_suspend(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1279,8 +1279,8 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) return 0; } -static UNIVERSAL_DEV_PM_OPS(cdns_dsi_pm_ops, cdns_dsi_suspend, cdns_dsi_resume, - NULL); +static DEFINE_RUNTIME_DEV_PM_OPS(cdns_dsi_pm_ops, cdns_dsi_suspend, + cdns_dsi_resume, NULL); static int cdns_dsi_drm_probe(struct platform_device *pdev) { @@ -1427,7 +1427,7 @@ static struct platform_driver cdns_dsi_platform_driver = { .driver = { .name = "cdns-dsi", .of_match_table = cdns_dsi_of_match, - .pm = &cdns_dsi_pm_ops, + .pm = pm_ptr(&cdns_dsi_pm_ops), }, }; module_platform_driver(cdns_dsi_platform_driver); -- 2.34.1

3 hours, 6 minutes

2
6
0 0

net/sched: codel: Inclusion of patchset

by Tai, Gerrard

Upstream commits: 01: 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make htb_qlen_notify() idempotent") 02: df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make drr_qlen_notify() idempotent") 03: 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make hfsc_qlen_notify() idempotent") 04: 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make qfq_qlen_notify() idempotent") 05: a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make est_qlen_notify() idempotent") 06: 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()") These patches are patch 01-06 of the original patchset ([1]) authored by Cong Wang. I have omitted patches 07-11 which are selftests. This patchset addresses a UAF vulnerability. Originally, only the last commit (06) was picked to merge into the latest round of stable queues 5.15,5.10,5.4. For 6.x stable branches, that sole commit has already been merged in a previous cycle. From my understanding, this patch depends on the previous patches to work. Without patches 01-05 which make various classful qdiscs' qlen_notify() idempotent, if an fq_codel's dequeue() routine empties the fq_codel qdisc, it will be doubly deactivated - first in the parent qlen_notify and then again in the parent dequeue. For instance, in the case of parent drr, the double deactivation will either cause a fault on an invalid address, or trigger a splat if list checks are compiled into the kernel. This is also why the original unpatched code included the qlen check in the first place. After discussion with Greg, he has helped to temporarily drop the patch from the 5.x queues ([2]). My suggestion is to include patches 01-06 of the patchset, as listed above, for the 5.x queues. For the 6.x queues that have already merged patch 06, the earlier patches 01-05 should be merged too. I'm not too familiar with the stable patch process, so I may be completely mistaken here. Cheers, Gerrard [1]: https://lore.kernel.org/netdev/174410343500.1831514.15019771038334698036.gi… [2]: https://lore.kernel.org/stable/2025050131-fragrant-famine-eb32@gregkh/

3 hours, 16 minutes

3
4
0 0

[PATCH v3 rc] iommu: Skip PASID validation for devices without PASID capability

by Tushar Dave

Generally PASID support requires ACS settings that usually create single device groups, but there are some niche cases where we can get multi-device groups and still have working PASID support. The primary issue is that PCI switches are not required to treat PASID tagged TLPs specially so appropriate ACS settings are required to route all TLPs to the host bridge if PASID is going to work properly. pci_enable_pasid() does check that each device that will use PASID has the proper ACS settings to achieve this routing. However, no-PASID devices can be combined with PASID capable devices within the same topology using non-uniform ACS settings. In this case the no-PASID devices may not have strict route to host ACS flags and end up being grouped with the PASID devices. This configuration fails to allow use of the PASID within the iommu core code which wrongly checks if the no-PASID device supports PASID. Fix this by ignoring no-PASID devices during the PASID validation. They will never issue a PASID TLP anyhow so they can be ignored. Fixes: c404f55c26fc ("iommu: Validate the PASID in iommu_attach_device_pasid()") Cc: stable(a)vger.kernel.org Signed-off-by: Tushar Dave <tdave(a)nvidia.com> --- changes in v3: - addressed review comment from Vasant. drivers/iommu/iommu.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 60aed01e54f2..636fc68a8ec0 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -3329,10 +3329,12 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, int ret; for_each_group_device(group, device) { - ret = domain->ops->set_dev_pasid(domain, device->dev, - pasid, NULL); - if (ret) - goto err_revert; + if (device->dev->iommu->max_pasids > 0) { + ret = domain->ops->set_dev_pasid(domain, device->dev, + pasid, NULL); + if (ret) + goto err_revert; + } } return 0; @@ -3342,7 +3344,8 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, for_each_group_device(group, device) { if (device == last_gdev) break; - iommu_remove_dev_pasid(device->dev, pasid, domain); + if (device->dev->iommu->max_pasids > 0) + iommu_remove_dev_pasid(device->dev, pasid, domain); } return ret; } @@ -3353,8 +3356,10 @@ static void __iommu_remove_group_pasid(struct iommu_group *group, { struct group_device *device; - for_each_group_device(group, device) - iommu_remove_dev_pasid(device->dev, pasid, domain); + for_each_group_device(group, device) { + if (device->dev->iommu->max_pasids > 0) + iommu_remove_dev_pasid(device->dev, pasid, domain); + } } /* @@ -3391,7 +3396,13 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, mutex_lock(&group->mutex); for_each_group_device(group, device) { - if (pasid >= device->dev->iommu->max_pasids) { + /* + * Skip PASID validation for devices without PASID support + * (max_pasids = 0). These devices cannot issue transactions + * with PASID, so they don't affect group's PASID usage. + */ + if ((device->dev->iommu->max_pasids > 0) && + (pasid >= device->dev->iommu->max_pasids)) { ret = -EINVAL; goto out_unlock; } -- 2.34.1

3 hours, 22 minutes

5
4
0 0

[PATCH v5] x86/sev: Fix making shared pages private during kdump

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> When the shared pages are being made private during kdump preparation there are additional checks to handle shared GHCB pages. These additional checks include handling the case of GHCB page being contained within a huge page. The check for handling the case of GHCB contained within a huge page incorrectly skips a page just below the GHCB page from being transitioned back to private during kdump preparation. This skipped page causes a 0x404 #VC exception when it is accessed later while dumping guest memory during vmcore generation via kdump. Correct the range to be checked for GHCB contained in a huge page. Also ensure that the skipped huge page containing the GHCB page is transitioned back to private by applying the correct address mask later when changing GHCBs to private at end of kdump preparation. Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec") Cc: stable(a)vger.kernel.org Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- arch/x86/coco/sev/core.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index d35fec7b164a..30b74e4e4e88 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1019,7 +1019,8 @@ static void unshare_all_memory(void) data = per_cpu(runtime_data, cpu); ghcb = (unsigned long)&data->ghcb_page; - if (addr <= ghcb && ghcb <= addr + size) { + /* Handle the case of a huge page containing the GHCB page */ + if (addr <= ghcb && ghcb < addr + size) { skipped_addr = true; break; } @@ -1131,8 +1132,8 @@ static void shutdown_all_aps(void) void snp_kexec_finish(void) { struct sev_es_runtime_data *data; + unsigned long size, addr; unsigned int level, cpu; - unsigned long size; struct ghcb *ghcb; pte_t *pte; @@ -1160,8 +1161,10 @@ void snp_kexec_finish(void) ghcb = &data->ghcb_page; pte = lookup_address((unsigned long)ghcb, &level); size = page_level_size(level); - set_pte_enc(pte, level, (void *)ghcb); - snp_set_memory_private((unsigned long)ghcb, (size / PAGE_SIZE)); + /* Handle the case of a huge page containing the GHCB page */ + addr = (unsigned long)ghcb & page_level_mask(level); + set_pte_enc(pte, level, (void *)addr); + snp_set_memory_private(addr, (size / PAGE_SIZE)); } } -- 2.34.1

3 hours, 23 minutes

3
2
0 0

[PATCH 6.1 000/167] 6.1.136-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.136 release. There are 167 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.136-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.136-rc1 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings, part 2 Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qcom: q6afe-dai: fix Display Port Playback stream name Rob Herring <robh(a)kernel.org> PCI: Fix use-after-free in pci_bus_release_domain_nr() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Remove pointer (asterisk) and brackets from cpumask_t field Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Add one missing error return Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: define xtree root and page independently Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Tamura Dai <kirinode0(a)gmail.com> spi: spi-imx: Add check for spi_imx_setupxfer() Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: add rate limiting and simplify timeout error message Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts Yunlong Xing <yunlong.xing(a)unisoc.com> loop: aio inherit the ioprio of original request Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Mario Limonciello <mario.limonciello(a)amd.com> ACPI: EC: Set ec_no_wakeup for Lenovo Go S Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Lukas Stockmann <lukas.stockmann(a)siemens.com> rtc: pcf85063: do a SW reset if POR failed Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix improper handling of bogus negative read/write replies Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> ntb_hw_amd: Add NTB PCI ID for new gen CPU Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, lkdtm: Obfuscate the do_nothing() pointer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Scan retimers after device router has been enumerated Théo Lebrun <theo.lebrun(a)bootlin.com> usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Refactor loop to avoid NULL endpoints Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Chenyuan Yang <chenyuan0y(a)gmail.com> pinctrl: renesas: rza2: Fix potential NULL pointer dereference Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Mike Looijmans <mike.looijmans(a)topic.nl> usb: dwc3: xilinx: Prevent spike in reset signal Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly treat routing entry type changes as changes Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Petr Tesarik <ptesarik(a)suse.com> LoongArch: Remove a bogus reference to ZONE_DMA Ming Wang <wangming01(a)loongson.cn> LoongArch: Return NULL from huge_pte_offset() for invalid PMD Roman Li <Roman.Li(a)amd.com> drm/amd/display: Force full update in gpu reset Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Oleksij Rempel <linux(a)rempel-privat.de> net: selftests: initialize TCP header and skb payload with zero Alexey Nepomnyashih <sdl(a)nppct.ru> xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: export ieee80211_purge_tx_queue() for drivers Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make regs_irqs_disabled() more clear Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Select ARCH_USE_MEMTEST Luo Gengkun <luogengkun(a)huaweicloud.com> perf/x86: Fix non-sampling (counting) events on certain x86 platforms Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Daniel Golle <daniel(a)makrotopia.org> net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: disable BHs when required Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: core: Clear flags for scsi_cmnd that did not complete Qu Wenruo <wqu(a)suse.com> btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Evgeny Pimenov <pimenoveu12(a)gmail.com> ASoC: qcom: Fix sc7280 lpass potential buffer overflow Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qcom: q6dsp: add support to more display ports Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Support mmap() of PCI resources except for ISM devices Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Report PCI error recovery results via SCLP Niklas Schnelle <schnelle(a)linux.ibm.com> s390/sclp: Allow user-space to provide PCI reports for optical modules Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Add i.MX8MP PCIe PHY support David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Halil Pasic <pasic(a)linux.ibm.com> s390/virtio_ccw: fix virtual vs physical address confusion Alexander Gordeev <agordeev(a)linux.ibm.com> s390/virtio: sort out physical vs virtual pointers usage Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Pali Rohár <pali(a)kernel.org> PCI: Assign PCI domain IDs by ida_alloc() Zijun Hu <quic_zijuhu(a)quicinc.com> of: resolver: Fix device node refcount leakage in of_resolve_phandles() Rob Herring (Arm) <robh(a)kernel.org> of: resolver: Simplify of_resolve_phandles() using __free() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Fix typo for sel_shdi variable Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Refactor SD mux driver Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Remove CPG_SDHI_DSEL from generic header Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Add struct clk_hw_data Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Use u32 for flag and mux_flags Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> backlight: led_bl: Convert to platform remove callback returning void Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix internal PHYs for 6320 family Alexis Lothoré <alexis.lothore(a)bootlin.com> net: dsa: mv88e6xxx: add field to specify internal phys layout Alexis Lothoré <alexis.lothore(a)bootlin.com> net: dsa: mv88e6xxx: pass directly chip structure to mv88e6xxx_phy_is_internal Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: mv88e6xxx: move link forcing to mac_prepare/mac_finish Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: add support for mac_prepare() and mac_finish() calls Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings from mdiobus code Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> auxdisplay: hd44780: Convert to platform remove callback returning void Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Steven Rostedt <rostedt(a)goodmis.org> tracing: Add __print_dynamic_array() helper Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add __string_len() example Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix cpumask() example typo Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add __cpumask to denote a trace event field that is a cpumask_t Shakeel Butt <shakeel.butt(a)linux.dev> memcg: drain obj stock on cpu hotplug teardown Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default ------------- Diffstat: Makefile | 4 +- arch/loongarch/Kconfig | 1 + arch/loongarch/include/asm/ptrace.h | 4 +- arch/loongarch/mm/hugetlbpage.c | 2 +- arch/loongarch/mm/init.c | 3 - arch/mips/include/asm/mips-cm.h | 22 +++ arch/mips/kernel/mips-cm.c | 14 ++ arch/parisc/kernel/pdt.c | 2 + arch/riscv/kernel/probes/uprobes.c | 10 +- arch/s390/Kconfig | 4 +- arch/s390/include/asm/pci.h | 3 + arch/s390/include/asm/sclp.h | 33 ++++ arch/s390/kvm/trace-s390.h | 4 +- arch/s390/pci/Makefile | 2 +- arch/s390/pci/pci_event.c | 21 ++- arch/s390/pci/pci_fixup.c | 23 +++ arch/s390/pci/pci_report.c | 111 +++++++++++++ arch/s390/pci/pci_report.h | 16 ++ arch/x86/entry/entry.S | 2 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 36 ++--- arch/x86/kernel/i8253.c | 3 +- arch/x86/kvm/svm/avic.c | 60 +++---- arch/x86/kvm/vmx/posted_intr.c | 28 ++-- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/tlb.c | 6 +- crypto/crypto_null.c | 37 +++-- drivers/acpi/ec.c | 28 ++++ drivers/acpi/pptt.c | 4 +- drivers/auxdisplay/hd44780.c | 9 +- drivers/block/loop.c | 2 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clk/renesas/r9a07g043-cpg.c | 28 +++- drivers/clk/renesas/r9a07g044-cpg.c | 21 ++- drivers/clk/renesas/rzg2l-cpg.c | 178 +++++++++++++++------ drivers/clk/renesas/rzg2l-cpg.h | 24 +-- drivers/comedi/drivers/jr3_pci.c | 17 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/crypto/atmel-sha204a.c | 7 +- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 2 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/raid1.c | 26 +-- drivers/misc/lkdtm/perms.c | 14 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/net/dsa/mt7530.c | 6 +- drivers/net/dsa/mv88e6xxx/chip.c | 106 ++++++++---- drivers/net/dsa/mv88e6xxx/chip.h | 5 + drivers/net/dsa/mv88e6xxx/global2.c | 25 +-- drivers/net/phy/microchip.c | 46 +----- drivers/net/phy/phy_led_triggers.c | 23 +-- drivers/net/wireless/realtek/rtw88/main.c | 2 +- drivers/net/wireless/realtek/rtw88/tx.c | 2 +- drivers/net/xen-netfront.c | 19 ++- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +-- drivers/nvme/host/core.c | 9 ++ drivers/nvme/target/fc.c | 25 ++- drivers/of/device.c | 7 +- drivers/of/resolver.c | 37 ++--- drivers/pci/pci.c | 107 +++++++------ drivers/pci/probe.c | 16 +- drivers/pci/remove.c | 7 + drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 46 +++++- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 + drivers/rtc/rtc-pcf85063.c | 19 ++- drivers/s390/char/sclp.h | 14 -- drivers/s390/char/sclp_con.c | 17 ++ drivers/s390/char/sclp_pci.c | 19 +-- drivers/s390/char/sclp_tty.c | 12 ++ drivers/s390/net/ism_drv.c | 1 - drivers/s390/virtio/virtio_ccw.c | 100 ++++++------ drivers/scsi/hisi_sas/hisi_sas_main.c | 20 +++ drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi_lib.c | 6 +- drivers/spi/spi-imx.c | 5 +- drivers/spi/spi-tegra210-quad.c | 6 +- drivers/thunderbolt/tb.c | 16 +- drivers/tty/serial/msm_serial.c | 6 + drivers/tty/serial/sifive.c | 6 + drivers/ufs/host/ufs-exynos.c | 10 +- drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 +++-- drivers/usb/class/cdc-wdm.c | 21 ++- drivers/usb/core/quirks.c | 9 ++ drivers/usb/dwc3/dwc3-pci.c | 10 ++ drivers/usb/dwc3/dwc3-xilinx.c | 4 +- drivers/usb/dwc3/gadget.c | 28 +++- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 +++ drivers/usb/host/xhci-mvebu.c | 10 -- drivers/usb/host/xhci-mvebu.h | 6 - drivers/usb/host/xhci-plat.c | 2 +- drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/video/backlight/led_bl.c | 11 +- drivers/xen/Kconfig | 2 +- fs/btrfs/file.c | 9 +- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 7 +- fs/jfs/jfs_dinode.h | 2 +- fs/jfs/jfs_imap.c | 6 +- fs/jfs/jfs_incore.h | 2 +- fs/jfs/jfs_txnmgr.c | 4 +- fs/jfs/jfs_xtree.c | 4 +- fs/jfs/jfs_xtree.h | 37 +++-- fs/ntfs3/file.c | 1 + include/dt-bindings/sound/qcom,q6dsp-lpass-ports.h | 8 + include/linux/filter.h | 9 +- include/linux/pci.h | 1 + include/linux/pci_ids.h | 1 + include/net/dsa.h | 6 + include/net/mac80211.h | 13 ++ include/trace/bpf_probe.h | 6 + include/trace/perf.h | 6 + include/trace/stages/stage1_struct_define.h | 6 + include/trace/stages/stage2_data_offsets.h | 6 + include/trace/stages/stage3_trace_output.h | 14 ++ include/trace/stages/stage4_event_fields.h | 12 ++ include/trace/stages/stage5_get_offsets.h | 6 + include/trace/stages/stage6_event_callback.h | 20 +++ include/trace/stages/stage7_class_define.h | 3 + init/Kconfig | 2 +- kernel/dma/contiguous.c | 3 +- kernel/module/Kconfig | 1 + kernel/trace/bpf_trace.c | 7 +- kernel/trace/trace_events.c | 7 + lib/test_ubsan.c | 18 ++- mm/memcontrol.c | 9 ++ net/9p/client.c | 30 ++-- net/core/lwtunnel.c | 26 ++- net/core/selftests.c | 18 ++- net/dsa/port.c | 32 ++++ net/mac80211/ieee80211_i.h | 2 - net/mac80211/status.c | 1 + net/sched/act_mirred.c | 22 +-- net/sched/sch_hfsc.c | 23 ++- net/tipc/monitor.c | 3 +- samples/trace_events/trace-events-sample.c | 2 +- samples/trace_events/trace-events-sample.h | 46 +++++- scripts/Makefile.lib | 2 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/qcom/lpass.h | 3 +- sound/soc/qcom/qdsp6/q6afe-dai.c | 2 +- sound/soc/qcom/qdsp6/q6dsp-lpass-ports.c | 43 +++-- sound/virtio/virtio_pcm.c | 21 ++- tools/objtool/check.c | 9 ++ tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 +++ .../selftests/vm/charge_reserved_hugetlb.sh | 4 +- .../selftests/vm/hugetlb_reparenting_test.sh | 2 +- 165 files changed, 1713 insertions(+), 720 deletions(-)

3 hours, 49 minutes

16
194
0 0

[PATCH v4] mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled

by Ignacio Moreno Gonzalez via B4 Relay

From: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") maps the mmap option MAP_STACK to VM_NOHUGEPAGE. This is also done if CONFIG_TRANSPARENT_HUGETABLES is not defined. But in that case, the VM_NOHUGEPAGE does not make sense. I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGETABLES. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. Fixes: c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") Cc: stable(a)vger.kernel.org Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> --- I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGEPAGE. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. The mapping MAP_STACK -> VM_NOHUGEPAGE was introduced by commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") in order to fix a regression introduced by commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries"). The change introducing the regression (efa7df3e3bb5) was limited to THP kernels, but its fix (c4608d1bf7c6) is applied without checking if THP is set. The mapping MAP_STACK -> VM_NOHUGEPAGE should only be applied if THP is enabled. --- Changes in v4: - Correct typo CONFIG_TRANSPARENT_HUGETABLES -> CONFIG_TRANSPARENT_HUGEPAGE - Copy description from cover letter to commit description - Link to v3: https://lore.kernel.org/r/20250507-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v3: - Exclude non-stable patch (for huge_mm.h) from this series to avoid mixing stable and non-stable patches, as suggested by Andrew. - Extend description in cover letter. - Link to v2: https://lore.kernel.org/r/20250506-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v2: - [Patch 1/2] Use '#ifdef' instead of '#if defined(...)' - [Patch 1/2] Add 'Fixes: c4608d1bf7c6...' - Create [Patch 2/2] - Link to v1: https://lore.kernel.org/r/20250502-map-map_stack-to-vm_nohugepage-only-if-t… --- include/linux/mman.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/mman.h b/include/linux/mman.h index bce214fece16b9af3791a2baaecd6063d0481938..f4c6346a8fcd29b08d43f7cd9158c3eddc3383e1 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -155,7 +155,9 @@ calc_vm_flag_bits(struct file *file, unsigned long flags) return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | +#ifdef CONFIG_TRANSPARENT_HUGEPAGE _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | +#endif arch_calc_vm_flag_bits(file, flags); } --- base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 change-id: 20250428-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled-ce40a1de095d Best regards, -- Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com>

3 hours, 49 minutes

3
2
0 0

[PATCH 5.4.y] of: module: add buffer overflow check in of_modalias()

by Uwe Kleine-König

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> commit cf7385cb26ac4f0ee6c7385960525ad534323252 upstream. In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings") Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org> --- drivers/of/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/of/device.c b/drivers/of/device.c index 7fb870097a84..ee3467730dac 100644 --- a/drivers/of/device.c +++ b/drivers/of/device.c @@ -213,14 +213,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T', of_node_get_device_type(dev->of_node)); tsize = csize; + if (csize >= len) + csize = len > 0 ? len - 1 : 0; len -= csize; - if (str) - str += csize; + str += csize; of_property_for_each_string(dev->of_node, "compatible", p, compat) { csize = strlen(compat) + 1; tsize += csize; - if (csize > len) + if (csize >= len) continue; csize = snprintf(str, len, "C%s", compat); base-commit: 2c8115e4757809ffd537ed9108da115026d3581f -- 2.47.2

4 hours, 10 minutes

1
0
0 0

[PATCH 5.15.y] of: module: add buffer overflow check in of_modalias()

by Uwe Kleine-König

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> commit cf7385cb26ac4f0ee6c7385960525ad534323252 upstream. In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings") Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org> --- drivers/of/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/of/device.c b/drivers/of/device.c index 19c42a9dcba9..f503bb10b10b 100644 --- a/drivers/of/device.c +++ b/drivers/of/device.c @@ -257,14 +257,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T', of_node_get_device_type(dev->of_node)); tsize = csize; + if (csize >= len) + csize = len > 0 ? len - 1 : 0; len -= csize; - if (str) - str += csize; + str += csize; of_property_for_each_string(dev->of_node, "compatible", p, compat) { csize = strlen(compat) + 1; tsize += csize; - if (csize > len) + if (csize >= len) continue; csize = snprintf(str, len, "C%s", compat); base-commit: 16fdf2c7111bd6927f16c3e811f5086fecebbf00 -- 2.47.2

4 hours, 10 minutes

1
0
0 0

[PATCH 5.10.y] of: module: add buffer overflow check in of_modalias()

by Uwe Kleine-König

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> commit cf7385cb26ac4f0ee6c7385960525ad534323252 upstream. In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings") Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org> --- drivers/of/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/of/device.c b/drivers/of/device.c index 3a547793135c..93f08f18f6b3 100644 --- a/drivers/of/device.c +++ b/drivers/of/device.c @@ -231,14 +231,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T', of_node_get_device_type(dev->of_node)); tsize = csize; + if (csize >= len) + csize = len > 0 ? len - 1 : 0; len -= csize; - if (str) - str += csize; + str += csize; of_property_for_each_string(dev->of_node, "compatible", p, compat) { csize = strlen(compat) + 1; tsize += csize; - if (csize > len) + if (csize >= len) continue; csize = snprintf(str, len, "C%s", compat); base-commit: 024a4a45fdf87218e3c0925475b05a27bcea103f -- 2.47.2

4 hours, 10 minutes

1
0
0 0

Unplayable framerates in game but specific kernel versions work, maybe amdgpu problem

by machion＠disroot.org

Hello kernel/driver developers, I hope, with my information it's possible to find a bug/problem in the kernel. Otherwise I am sorry, that I disturbed you. I only use LTS kernels, but I can narrow it down to a hand full of them, where it works. The PC: Manjaro Stable/Cinnamon/X11/AMD Ryzen 5 2600/Radeon HD 7790/8GB RAM I already asked the Manjaro community, but with no luck. The game: Hellpoint (GOG Linux latest version, Unity3D-Engine v2021), uses vulkan --- I came a long road of kernels. I had many versions of 5.4, 5.10, 5.15, 6.1 and 6.6 and and the game was always unplayable, because the frames where around 1fps (performance of PC is not the problem). I asked the mesa and cinnamon team for help in the past, but also with no luck. It never worked, till on 2025-03-29 when I installed 6.12.19 for the first time and it worked! But it only worked with 6.12.19, 6.12.20 and 6.12.21 When I updated to 6.12.25, it was back to unplayable. For testing I installed 6.14.4 with the same result. It doesn't work. I also compared file /proc/config.gz of both kernels (6.12.21 <> 6.14.4), but can't seem to see drastic changes to the graphical part. I presume it has something to do with amdgpu. If you need more information, I would be happy to help. Kind regards, Marion

4 hours, 10 minutes

1
0
0 0

[PATCH v2 1/4] mm: fix VM_UFFD_MINOR == VM_SHADOW_STACK on USERFAULTFD=y && ARM64_GCS=y

by Florent Revest

On configs with CONFIG_ARM64_GCS=y, VM_SHADOW_STACK is bit 38. On configs with CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y (selected by CONFIG_ARM64 when CONFIG_USERFAULTFD=y), VM_UFFD_MINOR is _also_ bit 38. This bit being shared by two different VMA flags could lead to all sorts of unintended behaviors. Presumably, a process could maybe call into userfaultfd in a way that disables the shadow stack vma flag. I can't think of any attack where this would help (presumably, if an attacker tries to disable shadow stacks, they are trying to hijack control flow so can't arbitrarily call into userfaultfd yet anyway) but this still feels somewhat scary. Reviewed-by: Mark Brown <broonie(a)kernel.org> Fixes: ae80e1629aea ("mm: Define VM_SHADOW_STACK for arm64 when we support GCS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Florent Revest <revest(a)chromium.org> --- include/linux/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index bf55206935c46..fdda6b16263b3 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -385,7 +385,7 @@ extern unsigned int kobjsize(const void *objp); #endif #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR -# define VM_UFFD_MINOR_BIT 38 +# define VM_UFFD_MINOR_BIT 41 # define VM_UFFD_MINOR BIT(VM_UFFD_MINOR_BIT) /* UFFD minor faults */ #else /* !CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ # define VM_UFFD_MINOR VM_NONE -- 2.49.0.987.g0cc8ee98dc-goog

4 hours, 11 minutes

1
0
0 0

[PATCH RESEND v3 5/5] phy: renesas: rcar-gen3-usb2: Set timing registers only once

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy-rcar-gen3-usb2 driver exports 4 PHYs. The timing registers are common to all PHYs. There is no need to set them every time a PHY is initialized. Set timing register only when the 1st PHY is initialized. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 118899efda70..9fdf17e0848a 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -467,8 +467,11 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; writel(val, usb2_base + USB2_INT_ENABLE); - writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); - writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + + if (!rcar_gen3_is_any_rphy_initialized(channel)) { + writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); + writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + } /* Initialize otg part (only if we initialize a PHY with IRQs). */ if (rphy->int_enable_bits) -- 2.43.0

4 hours, 31 minutes

1
0
0 0

[PATCH RESEND v3 4/5] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Assert PLL reset on PHY power off. This saves power. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags - add an empty line after definition of val to get rid of the checkpatch.pl warning drivers/phy/renesas/phy-rcar-gen3-usb2.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 00ce564463de..118899efda70 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -537,9 +537,17 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - scoped_guard(spinlock_irqsave, &channel->lock) + scoped_guard(spinlock_irqsave, &channel->lock) { rphy->powered = false; + if (rcar_gen3_are_all_rphys_power_off(channel)) { + u32 val = readl(channel->base + USB2_USBCTR); + + val |= USB2_USBCTR_PLL_RST; + writel(val, channel->base + USB2_USBCTR); + } + } + if (channel->vbus) ret = regulator_disable(channel->vbus); -- 2.43.0

4 hours, 31 minutes

1
0
0 0

[PATCH RESEND v3 3/5] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The phy-rcar-gen3-usb2 driver exposes four individual PHYs that are requested and configured by PHY users. The struct phy_ops APIs access the same set of registers to configure all PHYs. Additionally, PHY settings can be modified through sysfs or an IRQ handler. While some struct phy_ops APIs are protected by a driver-wide mutex, others rely on individual PHY-specific mutexes. This approach can lead to various issues, including: 1/ the IRQ handler may interrupt PHY settings in progress, racing with hardware configuration protected by a mutex lock 2/ due to msleep(20) in rcar_gen3_init_otg(), while a configuration thread suspends to wait for the delay, another thread may try to configure another PHY (with phy_init() + phy_power_on()); re-running the phy_init() goes to the exact same configuration code, re-running the same hardware configuration on the same set of registers (and bits) which might impact the result of the msleep for the 1st configuring thread 3/ sysfs can configure the hardware (though role_store()) and it can still race with the phy_init()/phy_power_on() APIs calling into the drivers struct phy_ops To address these issues, add a spinlock to protect hardware register access and driver private data structures (e.g., calls to rcar_gen3_is_any_rphy_initialized()). Checking driver-specific data remains necessary as all PHY instances share common settings. With this change, the existing mutex protection is removed and the cleanup.h helpers are used. While at it, to keep the code simpler, do not skip regulator_enable()/regulator_disable() APIs in rcar_gen3_phy_usb2_power_on()/rcar_gen3_phy_usb2_power_off() as the regulators enable/disable operations are reference counted anyway. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 49 +++++++++++++----------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index bb05fd26eb7f..00ce564463de 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -9,6 +9,7 @@ * Copyright (C) 2014 Cogent Embedded, Inc. */ +#include <linux/cleanup.h> #include <linux/extcon-provider.h> #include <linux/interrupt.h> #include <linux/io.h> @@ -118,7 +119,7 @@ struct rcar_gen3_chan { struct regulator *vbus; struct reset_control *rstc; struct work_struct work; - struct mutex lock; /* protects rphys[...].powered */ + spinlock_t lock; /* protects access to hardware and driver data structure. */ enum usb_dr_mode dr_mode; u32 obint_enable_bits; bool extcon_host; @@ -348,6 +349,8 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; + guard(spinlock_irqsave)(&ch->lock); + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; @@ -415,7 +418,7 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) val = readl(usb2_base + USB2_ADPCTRL); writel(val | USB2_ADPCTRL_IDPULLUP, usb2_base + USB2_ADPCTRL); } - msleep(20); + mdelay(20); writel(0xffffffff, usb2_base + USB2_OBINTSTA); writel(ch->obint_enable_bits, usb2_base + USB2_OBINTEN); @@ -436,12 +439,14 @@ static irqreturn_t rcar_gen3_phy_usb2_irq(int irq, void *_ch) if (pm_runtime_suspended(dev)) goto rpm_put; - status = readl(usb2_base + USB2_OBINTSTA); - if (status & ch->obint_enable_bits) { - dev_vdbg(dev, "%s: %08x\n", __func__, status); - writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); - rcar_gen3_device_recognition(ch); - ret = IRQ_HANDLED; + scoped_guard(spinlock, &ch->lock) { + status = readl(usb2_base + USB2_OBINTSTA); + if (status & ch->obint_enable_bits) { + dev_vdbg(dev, "%s: %08x\n", __func__, status); + writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); + rcar_gen3_device_recognition(ch); + ret = IRQ_HANDLED; + } } rpm_put: @@ -456,6 +461,8 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + /* Initialize USB2 part */ val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; @@ -479,6 +486,8 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + rphy->initialized = false; val = readl(usb2_base + USB2_INT_ENABLE); @@ -498,16 +507,17 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) u32 val; int ret = 0; - mutex_lock(&channel->lock); - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; - if (channel->vbus) { ret = regulator_enable(channel->vbus); if (ret) - goto out; + return ret; } + guard(spinlock_irqsave)(&channel->lock); + + if (!rcar_gen3_are_all_rphys_power_off(channel)) + goto out; + val = readl(usb2_base + USB2_USBCTR); val |= USB2_USBCTR_PLL_RST; writel(val, usb2_base + USB2_USBCTR); @@ -517,7 +527,6 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) out: /* The powered flag should be set for any other phys anyway */ rphy->powered = true; - mutex_unlock(&channel->lock); return 0; } @@ -528,18 +537,12 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - mutex_lock(&channel->lock); - rphy->powered = false; - - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; + scoped_guard(spinlock_irqsave, &channel->lock) + rphy->powered = false; if (channel->vbus) ret = regulator_disable(channel->vbus); -out: - mutex_unlock(&channel->lock); - return ret; } @@ -750,7 +753,7 @@ static int rcar_gen3_phy_usb2_probe(struct platform_device *pdev) if (phy_data->no_adp_ctrl) channel->obint_enable_bits = USB2_OBINT_IDCHG_EN; - mutex_init(&channel->lock); + spin_lock_init(&channel->lock); for (i = 0; i < NUM_OF_PHYS; i++) { channel->rphys[i].phy = devm_phy_create(dev, NULL, phy_data->phy_usb2_ops); -- 2.43.0

4 hours, 31 minutes

1
0
0 0

[PATCH RESEND v3 1/5] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 33 ++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel)) -- 2.43.0

4 hours, 31 minutes

1
0
0 0

[PATCH v5 0/1] kasan: Avoid sleepable page allocation from atomic context

by Alexander Gordeev

Hi All, Chages since v4: - unused pages leak is avoided Chages since v3: - pfn_to_virt() changed to page_to_virt() due to compile error Chages since v2: - page allocation moved out of the atomic context Chages since v1: - Fixes: and -stable tags added to the patch description Thanks! Alexander Gordeev (1): kasan: Avoid sleepable page allocation from atomic context mm/kasan/shadow.c | 77 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 63 insertions(+), 14 deletions(-) -- 2.45.2

4 hours, 33 minutes

1
1
0 0

[PATCH v3 0/3] configfs: fix bugs

by Zijun Hu

Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v3: - To both Andreas Hindborg and Breno Leitao. - Link to v2: https://lore.kernel.org/r/20250415-fix_configfs-v2-0-fcd527dd1824@quicinc.c… Changes in v2: - Drop the last patch which seems wrong. - Link to v1: https://lore.kernel.org/r/20250408-fix_configfs-v1-0-5a4c88805df7@quicinc.c… --- Zijun Hu (3): configfs: Delete semicolon from macro type_print() definition configfs: Do not override creating attribute file failure in populate_attrs() configfs: Correct error value returned by API config_item_set_name() fs/configfs/dir.c | 4 ++-- fs/configfs/item.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) --- base-commit: eae324ca644554d5ce363186bee820a088bb74ab change-id: 20250408-fix_configfs-699743163c64 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

5 hours, 31 minutes

1
1
0 0

[PATCH 6.14.y v2 0/7] ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

by Jared Holzman

This patchset backports a series of ublk fixes from upstream to 6.14-stable. Patch 7 fixes the race that can cause kernel panic when ublk server daemon is exiting. It depends on patches 1-6 which simplifies & improves IO canceling when ublk server daemon is exiting as described here: https://lore.kernel.org/linux-block/20250416035444.99569-1-ming.lei@redhat.… Ming Lei (5): ublk: add helper of ublk_need_map_io() ublk: move device reset into ublk_ch_release() ublk: remove __ublk_quiesce_dev() ublk: simplify aborting ublk request ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd Uday Shankar (2): ublk: properly serialize all FETCH_REQs ublk: improve detection and handling of ublk server exit drivers/block/ublk_drv.c | 550 +++++++++++++++++++++------------------ 1 file changed, 291 insertions(+), 259 deletions(-) -- 2.43.0

6 hours, 3 minutes

2
8
0 0

[PATCH v2 1/2] tty: serial: 8250_omap: fix tx with dma

by Mans Rullgard

Commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") introduced an error in the TX DMA handling for 8250_omap. When the OMAP_DMA_TX_KICK flag is set, one byte is pulled from the kfifo and emitted directly in order to start the DMA. This is done without updating DMA tx_size which leads to uart_xmit_advance() called in the DMA complete callback advancing the kfifo by one too much. In practice, transmitting N bytes has been seen to result in the last N-1 bytes being sent repeatedly. This change fixes the problem by moving all of the dma setup after the OMAP_DMA_TX_KICK handling and using kfifo_len() instead of the dma size for the 4-byte cutoff check. This slightly changes the behaviour at buffer wraparound, but it still transmits the correct bytes somehow. At the point kfifo_dma_out_prepare_mapped is called, at least one byte is guaranteed to be in the fifo, so checking the return value is not necessary. Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Cc: stable(a)vger.kernel.org Signed-off-by: Mans Rullgard <mans(a)mansr.com> --- v2: split patch in two --- drivers/tty/serial/8250/8250_omap.c | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index f1aee915bc02..180466e09605 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1173,16 +1173,6 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) return 0; } - sg_init_table(&sg, 1); - ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); - if (ret != 1) { - serial8250_clear_THRI(p); - return 0; - } - - dma->tx_size = sg_dma_len(&sg); - if (priv->habit & OMAP_DMA_TX_KICK) { unsigned char c; u8 tx_lvl; @@ -1207,7 +1197,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) ret = -EBUSY; goto err; } - if (dma->tx_size < 4) { + if (kfifo_len(&tport->xmit_fifo) < 4) { ret = -EINVAL; goto err; } @@ -1216,11 +1206,12 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } skip_byte = c; - /* now we need to recompute due to kfifo_get */ - kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); } + sg_init_table(&sg, 1); + kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, + UART_XMIT_SIZE, dma->tx_addr); + desc = dmaengine_prep_slave_sg(dma->txchan, &sg, 1, DMA_MEM_TO_DEV, DMA_PREP_INTERRUPT | DMA_CTRL_ACK); if (!desc) { @@ -1228,6 +1219,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } + dma->tx_size = sg_dma_len(&sg); dma->tx_running = 1; desc->callback = omap_8250_dma_tx_complete; @@ -1248,8 +1240,10 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) err: dma->tx_err = 1; out_skip: - if (skip_byte >= 0) + if (skip_byte >= 0) { serial_out(p, UART_TX, skip_byte); + p->port.icount.tx++; + } return ret; } -- 2.49.0

6 hours, 24 minutes

3
4
0 0

[PATCH] udf: Make sure i_lenExtents is uptodate on inode eviction

by Jan Kara

UDF maintains total length of all extents in i_lenExtents. Generally we keep extent lengths (and thus i_lenExtents) block aligned because it makes the file appending logic simpler. However the standard mandates that the inode size must match the length of all extents and thus we trim the last extent when closing the file. To catch possible bugs we also verify that i_lenExtents matches i_size when evicting inode from memory. Commit b405c1e58b73 ("udf: refactor udf_next_aext() to handle error") however broke the code updating i_lenExtents and thus udf_evict_inode() ended up spewing lots of errors about incorrectly sized extents although the extents were actually sized properly. Fix the updating of i_lenExtents to silence the errors. Fixes: b405c1e58b73 ("udf: refactor udf_next_aext() to handle error") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/udf/truncate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) I plan to merge this fix to my tree. diff --git a/fs/udf/truncate.c b/fs/udf/truncate.c index 4f33a4a48886..b4071c9cf8c9 100644 --- a/fs/udf/truncate.c +++ b/fs/udf/truncate.c @@ -115,7 +115,7 @@ void udf_truncate_tail_extent(struct inode *inode) } /* This inode entry is in-memory only and thus we don't have to mark * the inode dirty */ - if (ret == 0) + if (ret >= 0) iinfo->i_lenExtents = inode->i_size; brelse(epos.bh); } -- 2.43.0

7 hours, 21 minutes

1
0
0 0

[PATCH v3] mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled

by Ignacio Moreno Gonzalez via B4 Relay

From: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") maps the mmap option MAP_STACK to VM_NOHUGEPAGE. This is also done if CONFIG_TRANSPARENT_HUGETABLES is not defined. But in that case, the VM_NOHUGEPAGE does not make sense. Fixes: c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") Cc: stable(a)vger.kernel.org Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> --- I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGETABLES. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGETABLES is not defined. The mapping MAP_STACK -> VM_NOHUGEPAGE was introduced by commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") in order to fix a regression introduced by commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries"). The change introducing the regression (efa7df3e3bb5) was limited to THP kernels, but its fix (c4608d1bf7c6) is applied without checking if THP is set. The mapping MAP_STACK -> VM_NOHUGEPAGE should only be applied if THP is enabled. --- Changes in v3: - Exclude non-stable patch (for huge_mm.h) from this series to avoid mixing stable and non-stable patches, as suggested by Andrew. - Extend description in cover letter. - Link to v2: https://lore.kernel.org/r/20250506-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v2: - [Patch 1/2] Use '#ifdef' instead of '#if defined(...)' - [Patch 1/2] Add 'Fixes: c4608d1bf7c6...' - Create [Patch 2/2] - Link to v1: https://lore.kernel.org/r/20250502-map-map_stack-to-vm_nohugepage-only-if-t… --- include/linux/mman.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/mman.h b/include/linux/mman.h index bce214fece16b9af3791a2baaecd6063d0481938..f4c6346a8fcd29b08d43f7cd9158c3eddc3383e1 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -155,7 +155,9 @@ calc_vm_flag_bits(struct file *file, unsigned long flags) return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | +#ifdef CONFIG_TRANSPARENT_HUGEPAGE _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | +#endif arch_calc_vm_flag_bits(file, flags); } --- base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 change-id: 20250428-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled-ce40a1de095d Best regards, -- Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com>

7 hours, 31 minutes

2
1
0 0

[PATCH] bus: firewall: Fix missing static inline annotations for stubs

by Krzysztof Kozlowski

Stubs in the header file for !CONFIG_STM32_FIREWALL case should be both static and inline, because they do not come with earlier declaration and should be inlined in every unit including the header. Cc: Patrice Chotard <patrice.chotard(a)foss.st.com> Cc: <stable(a)vger.kernel.org> Fixes: 5c9668cfc6d7 ("firewall: introduce stm32_firewall framework") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- include/linux/bus/stm32_firewall_device.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/include/linux/bus/stm32_firewall_device.h b/include/linux/bus/stm32_firewall_device.h index 5178b72bc920..eaa7a3f54450 100644 --- a/include/linux/bus/stm32_firewall_device.h +++ b/include/linux/bus/stm32_firewall_device.h @@ -114,27 +114,30 @@ void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 su #else /* CONFIG_STM32_FIREWALL */ -int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall, - unsigned int nb_firewall) +static inline int stm32_firewall_get_firewall(struct device_node *np, + struct stm32_firewall *firewall, + unsigned int nb_firewall) { return -ENODEV; } -int stm32_firewall_grant_access(struct stm32_firewall *firewall) +static inline int stm32_firewall_grant_access(struct stm32_firewall *firewall) { return -ENODEV; } -void stm32_firewall_release_access(struct stm32_firewall *firewall) +static inline void stm32_firewall_release_access(struct stm32_firewall *firewall) { } -int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id) +static inline int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, + u32 subsystem_id) { return -ENODEV; } -void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id) +static inline void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, + u32 subsystem_id) { } -- 2.45.2

7 hours, 40 minutes

2
2
0 0

[PATCH 1/2] phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode

by Wayne Chang

The logic that drives the pad calibration values resides in the controller reset domain and so the calibration values are only being captured when the controller is out of reset. However, by clearing the CYA_TRK_CODE_UPDATE_ON_IDLE bit, the calibration values can be set while the controller is in reset. The CYA_TRK_CODE_UPDATE_ON_IDLE bit was previously cleared based on the trk_hw_mode flag, but this dependency is not necessary. Instead, introduce a new flag, trk_update_on_idle, to independently control this bit. Fixes: d8163a32ca95 ("phy: tegra: xusb: Add Tegra234 support") Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- drivers/phy/tegra/xusb-tegra186.c | 14 ++++++++------ drivers/phy/tegra/xusb.h | 1 + 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index fae6242aa730..dd0aaf305e90 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -650,14 +650,15 @@ static void tegra186_utmi_bias_pad_power_on(struct tegra_xusb_padctl *padctl) udelay(100); } - if (padctl->soc->trk_hw_mode) { - value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); - value |= USB2_TRK_HW_MODE; + value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); + if (padctl->soc->trk_update_on_idle) value &= ~CYA_TRK_CODE_UPDATE_ON_IDLE; - padctl_writel(padctl, value, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); - } else { + if (padctl->soc->trk_hw_mode) + value |= USB2_TRK_HW_MODE; + padctl_writel(padctl, value, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); + + if (!padctl->soc->trk_hw_mode) clk_disable_unprepare(priv->usb2_trk_clk); - } mutex_unlock(&padctl->lock); } @@ -1703,6 +1704,7 @@ const struct tegra_xusb_padctl_soc tegra234_xusb_padctl_soc = { .supports_gen2 = true, .poll_trk_completed = true, .trk_hw_mode = true, + .trk_update_on_idle = true, .supports_lp_cfg_en = true, }; EXPORT_SYMBOL_GPL(tegra234_xusb_padctl_soc); diff --git a/drivers/phy/tegra/xusb.h b/drivers/phy/tegra/xusb.h index 6e45d194c689..d2b5f9565132 100644 --- a/drivers/phy/tegra/xusb.h +++ b/drivers/phy/tegra/xusb.h @@ -434,6 +434,7 @@ struct tegra_xusb_padctl_soc { bool need_fake_usb3_port; bool poll_trk_completed; bool trk_hw_mode; + bool trk_update_on_idle; bool supports_lp_cfg_en; }; -- 2.25.1

7 hours, 42 minutes

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2025