May 2025 - Linux-stable-mirror

[PATCH 0/5] net: ch9200: fix various bugs and improve qinheng ch9200 driver

by Qasim Ijaz

This patch series aims to fix various issues throughout the QinHeng CH9200 driver. This driver fails to handle various failures, which in one case has lead to a uninit access bug found via syzbot. Upon reviewing the driver I fixed a few more issues which I have included in this patch series. Parts of this series are the product of discussions and suggestions I had from others like Andrew Lunn, Simon Horman and Jakub Kicinski you can view those discussions below: Link: <https://lore.kernel.org/all/20250319112156.48312-1-qasdev00@gmail.com> Link: <https://lore.kernel.org/all/20250218002443.11731-1-qasdev00@gmail.com/> Link: <https://lore.kernel.org/all/20250311161157.49065-1-qasdev00@gmail.com/> Qasim Ijaz (5): fix uninitialised access bug during mii_nway_restart remove extraneous return that prevents error propagation fail fast on control_read() failures during get_mac_address() add missing error handling in ch9200_bind() avoid triggering NWay restart on non-zero PHY ID drivers/net/usb/ch9200.c | 61 ++++++++++++++++++++++++++-------------- 1 file changed, 40 insertions(+), 21 deletions(-) -- 2.39.5

4 months

4
20
0 0

[PATCH] dummycon: Trigger redraw when switching consoles with deferred takeover

by Thomas Zimmermann

Signal vt subsystem to redraw console when switching to dummycon with deferred takeover enabled. Makes the console switch to fbcon and displays the available output. With deferred takeover enabled, dummycon acts as the placeholder until the first output to the console happens. At that point, fbcon takes over. If the output happens while dummycon is not active, it cannot inform fbcon. This is the case if the vt subsystem runs in graphics mode. A typical graphical boot starts plymouth, a display manager and a compositor; all while leaving out dummycon. Switching to a text-mode console leaves the console with dummycon even if a getty terminal has been started. Returning true from dummycon's con_switch helper signals the vt subsystem to redraw the screen. If there's output available dummycon's con_putc{s} helpers trigger deferred takeover of fbcon, which sets a display mode and displays the output. If no output is available, dummycon remains active. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: Andrei Borzenkov <arvidjaar(a)gmail.com> Closes: https://bugzilla.suse.com/show_bug.cgi?id=1242191 Tested-by: Andrei Borzenkov <arvidjaar(a)gmail.com> Fixes: 83d83bebf401 ("console/fbcon: Add support for deferred console takeover") Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: linux-fbdev(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.19+ --- drivers/video/console/dummycon.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/video/console/dummycon.c b/drivers/video/console/dummycon.c index 139049368fdc..afb8e4d2fc34 100644 --- a/drivers/video/console/dummycon.c +++ b/drivers/video/console/dummycon.c @@ -85,6 +85,12 @@ static bool dummycon_blank(struct vc_data *vc, enum vesa_blank_mode blank, /* Redraw, so that we get putc(s) for output done while blanked */ return true; } + +static bool dummycon_switch(struct vc_data *vc) +{ + /* Redraw, so that we get putc(s) for output done while switched away */ + return true; +} #else static void dummycon_putc(struct vc_data *vc, u16 c, unsigned int y, unsigned int x) { } @@ -95,6 +101,10 @@ static bool dummycon_blank(struct vc_data *vc, enum vesa_blank_mode blank, { return false; } +static bool dummycon_switch(struct vc_data *vc) +{ + return false; +} #endif static const char *dummycon_startup(void) @@ -124,11 +134,6 @@ static bool dummycon_scroll(struct vc_data *vc, unsigned int top, return false; } -static bool dummycon_switch(struct vc_data *vc) -{ - return false; -} - /* * The console `switch' structure for the dummy console * -- 2.49.0

4 months

2
2
0 0

[PATCH V2 2/2] phy: tegra: xusb: Disable periodic tracking on Tegra234

by Wayne Chang

From: Haotien Hsu <haotienh(a)nvidia.com> Periodic calibration updates (~10µs) may overlap with transfers when PCIe NVMe SSD, LPDDR, and USB2 devices operate simultaneously, causing crosstalk on Tegra234 devices. Hence disable periodic calibration updates and make this a one-time calibration. Fixes: d8163a32ca95 ("phy: tegra: xusb: Add Tegra234 support") Cc: stable(a)vger.kernel.org Signed-off-by: Haotien Hsu <haotienh(a)nvidia.com> Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- V1->V2: Rebased the commit drivers/phy/tegra/xusb-tegra186.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index 683692f0ec3c..ba668c77457f 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -1711,7 +1711,7 @@ const struct tegra_xusb_padctl_soc tegra234_xusb_padctl_soc = { .num_supplies = ARRAY_SIZE(tegra194_xusb_padctl_supply_names), .supports_gen2 = true, .poll_trk_completed = true, - .trk_hw_mode = true, + .trk_hw_mode = false, .trk_update_on_idle = true, .supports_lp_cfg_en = true, }; -- 2.25.1

4 months

1
0
0 0

[PATCH V2 1/2] phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode

by Wayne Chang

The logic that drives the pad calibration values resides in the controller reset domain and so the calibration values are only being captured when the controller is out of reset. However, by clearing the CYA_TRK_CODE_UPDATE_ON_IDLE bit, the calibration values can be set while the controller is in reset. The CYA_TRK_CODE_UPDATE_ON_IDLE bit was previously cleared based on the trk_hw_mode flag, but this dependency is not necessary. Instead, introduce a new flag, trk_update_on_idle, to independently control this bit. Fixes: d8163a32ca95 ("phy: tegra: xusb: Add Tegra234 support") Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- V1->V2: Rebased the commit drivers/phy/tegra/xusb-tegra186.c | 14 ++++++++------ drivers/phy/tegra/xusb.h | 1 + 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index 23a23f2d64e5..683692f0ec3c 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -648,14 +648,15 @@ static void tegra186_utmi_bias_pad_power_on(struct tegra_xusb_padctl *padctl) udelay(100); } - if (padctl->soc->trk_hw_mode) { - value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); - value |= USB2_TRK_HW_MODE; + value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); + if (padctl->soc->trk_update_on_idle) value &= ~CYA_TRK_CODE_UPDATE_ON_IDLE; - padctl_writel(padctl, value, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); - } else { + if (padctl->soc->trk_hw_mode) + value |= USB2_TRK_HW_MODE; + padctl_writel(padctl, value, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); + + if (!padctl->soc->trk_hw_mode) clk_disable_unprepare(priv->usb2_trk_clk); - } } static void tegra186_utmi_bias_pad_power_off(struct tegra_xusb_padctl *padctl) @@ -1711,6 +1712,7 @@ const struct tegra_xusb_padctl_soc tegra234_xusb_padctl_soc = { .supports_gen2 = true, .poll_trk_completed = true, .trk_hw_mode = true, + .trk_update_on_idle = true, .supports_lp_cfg_en = true, }; EXPORT_SYMBOL_GPL(tegra234_xusb_padctl_soc); diff --git a/drivers/phy/tegra/xusb.h b/drivers/phy/tegra/xusb.h index 6e45d194c689..d2b5f9565132 100644 --- a/drivers/phy/tegra/xusb.h +++ b/drivers/phy/tegra/xusb.h @@ -434,6 +434,7 @@ struct tegra_xusb_padctl_soc { bool need_fake_usb3_port; bool poll_trk_completed; bool trk_hw_mode; + bool trk_update_on_idle; bool supports_lp_cfg_en; }; -- 2.25.1

4 months

1
0
0 0

[PATCH] net: mlx5: vport: Add error handling in mlx5_query_nic_vport_node_guid()

by Wentao Liang

The function mlx5_query_nic_vport_node_guid() calls the functuion mlx5_query_nic_vport_context() but does not check its return value. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 276b162ccf18..db45ad72ff43 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -464,20 +464,23 @@ int mlx5_query_nic_vport_sd_group(struct mlx5_core_dev *mdev, u8 *sd_group) int mlx5_query_nic_vport_node_guid(struct mlx5_core_dev *mdev, u64 *node_guid) { u32 *out; - int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int ret, outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + ret = mlx5_query_nic_vport_context(mdev, 0, out); + if (ret) + goto err; *node_guid = MLX5_GET64(query_nic_vport_context_out, out, nic_vport_context.node_guid); - + ret = 0; +err: kvfree(out); - return 0; + return ret; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_node_guid); -- 2.42.0.windows.2

4 months

2
1
0 0

[PATCH] wifi: wilc1000: Add error handling for wilc_sdio_cmd52()

by Wentao Liang

The wilc_sdio_read_size() calls wilc_sdio_cmd52() but does not check the return value. This could lead to execution with potentially invalid data if wilc_sdio_cmd52() fails. A proper implementation can be found in wilc_sdio_read_reg(). Add error handling for wilc_sdio_cmd52(). If wilc_sdio_cmd52() fails, log an error message via dev_err(). Fixes: 0e1af73ddeb9 ("staging/wilc1000: use proper naming for global symbols") Cc: stable(a)vger.kernel.org # v4.15 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/wireless/microchip/wilc1000/sdio.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c index 5262c8846c13..e7a2bc9f9902 100644 --- a/drivers/net/wireless/microchip/wilc1000/sdio.c +++ b/drivers/net/wireless/microchip/wilc1000/sdio.c @@ -771,6 +771,8 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) { u32 tmp; struct sdio_cmd52 cmd; + struct sdio_func *func = dev_to_sdio_func(wilc->dev); + int ret; /** * Read DMA count in words @@ -780,12 +782,20 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) cmd.raw = 0; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) { + dev_err(&func->devm, "Fail cmd 52, interrupt data register...\n"); + return ret; + } tmp = cmd.data; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG + 1; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) { + dev_err(&func->devm, "Fail cmd 52, interrupt data register...\n"); + return ret; + } tmp |= (cmd.data << 8); *size = tmp; -- 2.42.0.windows.2

4 months

5
4
0 0

[PATCH v2] wifi: wilc1000: Add error handling for wilc_sdio_cmd52()

by Wentao Liang

The wilc_sdio_read_size() calls wilc_sdio_cmd52() but does not check the return value. This could lead to execution with potentially invalid data if wilc_sdio_cmd52() fails. A proper implementation can be found in wilc_sdio_read_reg(). Add error handling for wilc_sdio_cmd52(). If wilc_sdio_cmd52() fails, log an error message via dev_err(). Fixes: 0e1af73ddeb9 ("staging/wilc1000: use proper naming for global symbols") Cc: stable(a)vger.kernel.org # v4.15 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Fix code error. drivers/net/wireless/microchip/wilc1000/sdio.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c index 5262c8846c13..8ff49b08bbd2 100644 --- a/drivers/net/wireless/microchip/wilc1000/sdio.c +++ b/drivers/net/wireless/microchip/wilc1000/sdio.c @@ -771,6 +771,7 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) { u32 tmp; struct sdio_cmd52 cmd; + struct sdio_func *func = dev_to_sdio_func(wilc->dev); /** * Read DMA count in words @@ -780,12 +781,20 @@ static int wilc_sdio_read_size(struct wilc *wilc, u32 *size) cmd.raw = 0; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) { + dev_err(&func->dev, "Fail cmd 52, interrupt data register...\n"); + return ret; + } tmp = cmd.data; cmd.address = WILC_SDIO_INTERRUPT_DATA_SZ_REG + 1; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) { + dev_err(&func->dev, "Fail cmd 52, interrupt data register...\n"); + return ret; + } tmp |= (cmd.data << 8); *size = tmp; -- 2.42.0.windows.2

4 months

2
1
0 0

[PATCH] net: mlx5: vport: Add error handling in mlx5_query_nic_vport_qkey_viol_cntr()

by Wentao Liang

The function mlx5_query_nic_vport_qkey_viol_cntr() calls the functuion mlx5_query_nic_vport_context() but does not check its return value. This could lead to undefined behavior if the query fails. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 0d5f750faa45..276b162ccf18 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -518,20 +518,23 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev, u16 *qkey_viol_cntr) { u32 *out; - int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int ret, outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + ret = mlx5_query_nic_vport_context(mdev, 0, out); + if (ret) + goto out; *qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out, nic_vport_context.qkey_violation_counter); - + ret = 0; +out: kvfree(out); - return 0; + return ret; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr); -- 2.42.0.windows.2

4 months

2
1
0 0

[PATCH v2 0/2] crypto: octeontx2: Changes related to LMTST memory

by Bharat Bhushan

v1->v2: - Removed changes in pci-host-common.c, those were comitted by mistake. The first patch moves the initialization of cptlfs device info to the early probe stage, also eliminate redundant initialization. The second patch updates the driver to use a dynamically allocated memory region for LMTST instead of the statically allocated memory from firmware. It also adds myself as a maintainer. Bharat Bhushan (2): crypto: octeontx2: Initialize cptlfs device info once crypto: octeontx2: Use dynamic allocated memory region for lmtst MAINTAINERS | 1 + drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 89 ++++++++++++++----- drivers/crypto/marvell/octeontx2/cn10k_cpt.h | 1 + .../marvell/octeontx2/otx2_cpt_common.h | 1 + .../marvell/octeontx2/otx2_cpt_mbox_common.c | 25 ++++++ drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 5 +- drivers/crypto/marvell/octeontx2/otx2_cptlf.h | 12 ++- .../marvell/octeontx2/otx2_cptpf_main.c | 18 +++- .../marvell/octeontx2/otx2_cptpf_mbox.c | 6 +- .../marvell/octeontx2/otx2_cptpf_ucode.c | 2 - .../marvell/octeontx2/otx2_cptvf_main.c | 19 ++-- .../marvell/octeontx2/otx2_cptvf_mbox.c | 1 + 12 files changed, 133 insertions(+), 47 deletions(-) -- 2.34.1

4 months

3
4
0 0

FAILED: patch "[PATCH] virtio_net: ensure netdev_tx_reset_queue is called on bind" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 76a771ec4c9adfd75fe53c8505cf656a075d7101 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051251-shawl-unmarked-03e8@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76a771ec4c9adfd75fe53c8505cf656a075d7101 Mon Sep 17 00:00:00 2001 From: Koichiro Den <koichiro.den(a)canonical.com> Date: Fri, 6 Dec 2024 10:10:47 +0900 Subject: [PATCH] virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx virtnet_sq_bind_xsk_pool() flushes tx skbs and then resets tx queue, so DQL counters need to be reset when flushing has actually occurred, Add virtnet_sq_free_unused_buf_done() as a callback for virtqueue_resize() to handle this. Fixes: 21a4e3ce6dc7 ("virtio_net: xsk: bind/unbind xsk for tx") Signed-off-by: Koichiro Den <koichiro.den(a)canonical.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 5cf4b2b20431..7646ddd9bef7 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -5740,7 +5740,8 @@ static int virtnet_sq_bind_xsk_pool(struct virtnet_info *vi, virtnet_tx_pause(vi, sq); - err = virtqueue_reset(sq->vq, virtnet_sq_free_unused_buf, NULL); + err = virtqueue_reset(sq->vq, virtnet_sq_free_unused_buf, + virtnet_sq_free_unused_buf_done); if (err) { netdev_err(vi->dev, "reset tx fail: tx queue index: %d err: %d\n", qindex, err); pool = NULL;

4 months

2
1
0 0

[PATCH] drm: radeon: ci_dpm: Add error handling in ci_enable_vce_dpm()

by Wentao Liang

The ci_enable_vce_dpm() calls ci_send_msg_to_smc_with_parameter() but does not check the return value. A proper implementation can be found in the ci_upload_dpm_level_enable_mask(). Add a check after calling ci_send_msg_to_smc_with_parameter(), return -EINVAL if the sending fails. Fixes: cc8dbbb4f62a ("drm/radeon: add dpm support for CI dGPUs (v2)") Cc: stable(a)vger.kernel.org # v3.12 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/radeon/ci_dpm.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/radeon/ci_dpm.c b/drivers/gpu/drm/radeon/ci_dpm.c index 3877863c6893..c4faaa16a5c4 100644 --- a/drivers/gpu/drm/radeon/ci_dpm.c +++ b/drivers/gpu/drm/radeon/ci_dpm.c @@ -3945,6 +3945,7 @@ static int ci_enable_vce_dpm(struct radeon_device *rdev, bool enable) struct ci_power_info *pi = ci_get_pi(rdev); const struct radeon_clock_and_voltage_limits *max_limits; int i; + PPSMC_Result result; if (rdev->pm.dpm.ac_power) max_limits = &rdev->pm.dpm.dyn_state.max_clock_voltage_on_ac; @@ -3962,9 +3963,11 @@ static int ci_enable_vce_dpm(struct radeon_device *rdev, bool enable) } } - ci_send_msg_to_smc_with_parameter(rdev, - PPSMC_MSG_VCEDPM_SetEnabledMask, - pi->dpm_level_enable_mask.vce_dpm_enable_mask); + result = ci_send_msg_to_smc_with_parameter(rdev, + PPSMC_MSG_VCEDPM_SetEnabledMask, + pi->dpm_level_enable_mask.vce_dpm_enable_mask); + if (result != PPSMC_Result_OK) + return -EINVAL; } return (ci_send_msg_to_smc(rdev, enable ? -- 2.42.0.windows.2

4 months

1
0
0 0

[PATCH] HID: lenovo: Unbreak USB/BT keyboards on non-ACPI platforms

by Janne Grunau via B4 Relay

From: Janne Grunau <j(a)jannau.net> Commit 84c9d2a968c8 ("HID: lenovo: Support for ThinkPad-X12-TAB-1/2 Kbd Fn keys") added a dependency on ACPI_PLATFORM_PROFILE to cycle through power profiles. This breaks USB and Bluetooth keyboards on non-ACPI platforms since platform_profile_init() fails. See the warning below for the visible symptom but cause is the dependency on the platform_profile module. [ 266.225052] kernel: usb 1-1.3.2: new full-speed USB device number 9 using xhci_hcd [ 266.316032] kernel: usb 1-1.3.2: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 3.30 [ 266.327129] kernel: usb 1-1.3.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 266.327623] kernel: usb 1-1.3.2: Product: ThinkPad Compact USB Keyboard with TrackPoint [ 266.328096] kernel: usb 1-1.3.2: Manufacturer: Lenovo [ 266.337488] kernel: ------------[ cut here ]------------ [ 266.337551] kernel: WARNING: CPU: 4 PID: 2619 at fs/sysfs/group.c:131 internal_create_group+0xc0/0x358 [ 266.337584] kernel: Modules linked in: platform_profile(+) nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft> [ 266.337685] kernel: apple_sio spi_apple apple_dart soundcore spmi_apple_controller pinctrl_apple_gpio i2c_pasemi_platform apple_admac i2c_pasemi_core clk_apple_nco xhci_pla> [ 266.337717] kernel: CPU: 4 UID: 0 PID: 2619 Comm: (udev-worker) Tainted: G S W 6.14.4-400.asahi.fc41.aarch64+16k #1 [ 266.337750] kernel: Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN [ 266.337776] kernel: Hardware name: Apple Mac mini (M1, 2020) (DT) [ 266.337808] kernel: pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 266.337834] kernel: pc : internal_create_group+0xc0/0x358 [ 266.337860] kernel: lr : sysfs_create_group+0x20/0x40 [ 266.337886] kernel: sp : ffff800086f877a0 [ 266.337914] kernel: x29: ffff800086f877b0 x28: 0000000000000000 x27: ffffb66d0b338348 [ 266.337939] kernel: x26: ffffb66d0b338358 x25: ffffb66d528c7c50 x24: ffffb66d507e37b0 [ 266.337965] kernel: x23: 0000fffebf6708d8 x22: 0000000000000000 x21: ffffb66d0b370340 [ 266.337991] kernel: x20: ffffb66d0b370308 x19: 0000000000000000 x18: 0000000000000000 [ 266.338029] kernel: x17: 554e514553007373 x16: ffffb66d4f8c2268 x15: 595342555300656c [ 266.338051] kernel: x14: 69666f72702d6d72 x13: 00353236353d4d55 x12: 4e51455300737361 [ 266.338075] kernel: x11: ffff6adf91b80100 x10: 0000000000000139 x9 : ffffb66d4f8c2288 [ 266.338097] kernel: x8 : ffff800086f87620 x7 : 0000000000000000 x6 : 0000000000000000 [ 266.338116] kernel: x5 : ffff6adfc896e100 x4 : 0000000000000000 x3 : ffff6adfc896e100 [ 266.338139] kernel: x2 : ffffb66d0b3703a0 x1 : 0000000000000000 x0 : 0000000000000000 [ 266.338155] kernel: Call trace: [ 266.338173] kernel: internal_create_group+0xc0/0x358 (P) [ 266.338193] kernel: sysfs_create_group+0x20/0x40 [ 266.338206] kernel: platform_profile_init+0x48/0x3ff8 [platform_profile] [ 266.338224] kernel: do_one_initcall+0x60/0x358 [ 266.338239] kernel: do_init_module+0x94/0x260 [ 266.338257] kernel: load_module+0x5e0/0x708 [ 266.338271] kernel: init_module_from_file+0x94/0x100 [ 266.338290] kernel: __arm64_sys_finit_module+0x268/0x360 [ 266.338309] kernel: invoke_syscall+0x6c/0x100 [ 266.338327] kernel: el0_svc_common.constprop.0+0xc8/0xf0 [ 266.338346] kernel: do_el0_svc+0x24/0x38 [ 266.338365] kernel: el0_svc+0x3c/0x170 [ 266.338385] kernel: el0t_64_sync_handler+0x10c/0x138 [ 266.338404] kernel: el0t_64_sync+0x1b0/0x1b8 [ 266.338419] kernel: ---[ end trace 0000000000000000 ]--- Fixes: 84c9d2a968c8 ("HID: lenovo: Support for ThinkPad-X12-TAB-1/2 Kbd Fn keys") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> ------>8--------- I don't see an easy solution to keep the functionality in generic HID code which is used on non-ACPI platforms. Solution for this are not trivial so remove the functionality for now. Cc-ing the ACPI maintainers in the case they can think of a solution for this issue. --- drivers/hid/Kconfig | 1 - drivers/hid/hid-lenovo.c | 5 +---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/hid/Kconfig b/drivers/hid/Kconfig index a503252702b7b43c332a12b14bc8b23b83e9f028..6b4445f54b2f2818d451ff28b3f7bcc2b1c7e99f 100644 --- a/drivers/hid/Kconfig +++ b/drivers/hid/Kconfig @@ -596,7 +596,6 @@ config HID_LED config HID_LENOVO tristate "Lenovo / Thinkpad devices" depends on ACPI - select ACPI_PLATFORM_PROFILE select NEW_LEDS select LEDS_CLASS help diff --git a/drivers/hid/hid-lenovo.c b/drivers/hid/hid-lenovo.c index af29ba840522f99bc2f426d4753f70d442cef3af..cff4b5ddd9aa9bad0516f8c9beb58927c24477fc 100644 --- a/drivers/hid/hid-lenovo.c +++ b/drivers/hid/hid-lenovo.c @@ -32,8 +32,6 @@ #include <linux/leds.h> #include <linux/workqueue.h> -#include <linux/platform_profile.h> - #include "hid-ids.h" /* Userspace expects F20 for mic-mute KEY_MICMUTE does not work */ @@ -729,8 +727,7 @@ static int lenovo_raw_event_TP_X12_tab(struct hid_device *hdev, u32 raw_data) report_key_event(input, KEY_RFKILL); return 1; } - platform_profile_cycle(); - return 1; + return 0; case TP_X12_RAW_HOTKEY_FN_F10: /* TAB1 has PICKUP Phone and TAB2 use Snipping tool*/ (hdev->product == USB_DEVICE_ID_LENOVO_X12_TAB) ? --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250512-hid_lenovo_unbreak_non_acpi-c041f3cc13b6 Best regards, -- Janne Grunau <j(a)jannau.net>

4 months

3
6
0 0

Re: Patch "sched_ext: Fix missing rq lock in scx_bpf_cpuperf_set()" has been added to the 6.12-stable tree

by Andrea Righi

Hi, On Sun, May 18, 2025 at 06:38:01AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > sched_ext: Fix missing rq lock in scx_bpf_cpuperf_set() > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > sched_ext-fix-missing-rq-lock-in-scx_bpf_cpuperf_set.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This requires upstream commit 18853ba782bef ("sched_ext: Track currently locked rq"). Thanks, -Andrea > > > > commit b19ccb5dc4d3d35b83b94fe2514456dc0b3a9ba5 > Author: Andrea Righi <arighi(a)nvidia.com> > Date: Tue Apr 22 10:26:33 2025 +0200 > > sched_ext: Fix missing rq lock in scx_bpf_cpuperf_set() > > [ Upstream commit a11d6784d7316a6c77ca9f14fb1a698ebbb3c1fb ] > > scx_bpf_cpuperf_set() can be used to set a performance target level on > any CPU. However, it doesn't correctly acquire the corresponding rq > lock, which may lead to unsafe behavior and trigger the following > warning, due to the lockdep_assert_rq_held() check: > > [ 51.713737] WARNING: CPU: 3 PID: 3899 at kernel/sched/sched.h:1512 scx_bpf_cpuperf_set+0x1a0/0x1e0 > ... > [ 51.713836] Call trace: > [ 51.713837] scx_bpf_cpuperf_set+0x1a0/0x1e0 (P) > [ 51.713839] bpf_prog_62d35beb9301601f_bpfland_init+0x168/0x440 > [ 51.713841] bpf__sched_ext_ops_init+0x54/0x8c > [ 51.713843] scx_ops_enable.constprop.0+0x2c0/0x10f0 > [ 51.713845] bpf_scx_reg+0x18/0x30 > [ 51.713847] bpf_struct_ops_link_create+0x154/0x1b0 > [ 51.713849] __sys_bpf+0x1934/0x22a0 > > Fix by properly acquiring the rq lock when possible or raising an error > if we try to operate on a CPU that is not the one currently locked. > > Fixes: d86adb4fc0655 ("sched_ext: Add cpuperf support") > Signed-off-by: Andrea Righi <arighi(a)nvidia.com> > Acked-by: Changwoo Min <changwoo(a)igalia.com> > Signed-off-by: Tejun Heo <tj(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c > index 7ed25654820fd..0147c4452f4df 100644 > --- a/kernel/sched/ext.c > +++ b/kernel/sched/ext.c > @@ -7018,13 +7018,32 @@ __bpf_kfunc void scx_bpf_cpuperf_set(s32 cpu, u32 perf) > } > > if (ops_cpu_valid(cpu, NULL)) { > - struct rq *rq = cpu_rq(cpu); > + struct rq *rq = cpu_rq(cpu), *locked_rq = scx_locked_rq(); > + struct rq_flags rf; > + > + /* > + * When called with an rq lock held, restrict the operation > + * to the corresponding CPU to prevent ABBA deadlocks. > + */ > + if (locked_rq && rq != locked_rq) { > + scx_ops_error("Invalid target CPU %d", cpu); > + return; > + } > + > + /* > + * If no rq lock is held, allow to operate on any CPU by > + * acquiring the corresponding rq lock. > + */ > + if (!locked_rq) { > + rq_lock_irqsave(rq, &rf); > + update_rq_clock(rq); > + } > > rq->scx.cpuperf_target = perf; > + cpufreq_update_util(rq, 0); > > - rcu_read_lock_sched_notrace(); > - cpufreq_update_util(cpu_rq(cpu), 0); > - rcu_read_unlock_sched_notrace(); > + if (!locked_rq) > + rq_unlock_irqrestore(rq, &rf); > } > } >

4 months

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) set_ftrace_ops_ro+0x46: relocation to !ENDBR: .text+0x16c578 in vm...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- set_ftrace_ops_ro+0x46: relocation to !ENDBR: .text+0x16c578 in vmlinux (vmlinux.o) [logspec:kbuild,kbuild.compiler.objtool] --- - dashboard: https://d.kernelci.org/i/maestro:c49af145451f7a03012be6a37ed4b2bc44aa3470 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 615b9e10e3377467ced8f50592a1b5ba8ce053d8 Log excerpt: ===================================================== vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x46: relocation to !ENDBR: .text+0x16c578 OBJCOPY modules.builtin.modinfo GEN modules.builtin GEN .vmlinux.objs MODPOST vmlinux.symvers CC .vmlinux.export.o UPD include/generated/utsversion.h CC init/version-timestamp.o LD .tmp_vmlinux.kallsyms1 ld.lld: error: undefined symbol: its_static_thunk >>> referenced by usercopy_64.c >>> vmlinux.o:(emit_indirect_jump) ===================================================== # Builds where the incident occurred: ## x86_64_defconfig+allmodconfig on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:6829871bfef071f536c1102b #kernelci issue maestro:c49af145451f7a03012be6a37ed4b2bc44aa3470 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

4 months

1
0
0 0

Reply Request For All-Energy Exhibition 2025

by jack reacher

Hi, I just wanted to check in and see if you had the chance to review my previous email regarding All-Energy Exhibition and Conference 2025. Looking forward to your reply. Kind regards, Jack Reacher _____________________________________________________________________________________ From: Jack Reacher Subject: All-Energy Exhibition and Conference 2025 Hi, As an exhibiting company at All-Energy Exhibition and Conference 2025 we have access to the fully updated attendee list, including last-minute registrants who attended the show. This exclusive list can help you: ✅ Connect with high-intent leads ✅ Follow up with attendees who visited (or missed) your booth ✅ Maximize your ROI from the event If you're Interested, I’d love to share more details—and I can also provide pricing information. Looking forward to your thoughts. Regards, Jack Reacher Sr. Marketing Manager If you do not wish to receive this newsletter reply as "Not interested"

4 months

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) set_ftrace_ops_ro+0x46: relocation to !ENDBR: .text+0x16c578 in vm...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- set_ftrace_ops_ro+0x46: relocation to !ENDBR: .text+0x16c578 in vmlinux (vmlinux.o) [logspec:kbuild,kbuild.compiler.objtool] --- - dashboard: https://d.kernelci.org/i/maestro:c49af145451f7a03012be6a37ed4b2bc44aa3470 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 615b9e10e3377467ced8f50592a1b5ba8ce053d8 Log excerpt: ===================================================== vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x46: relocation to !ENDBR: .text+0x16c578 OBJCOPY modules.builtin.modinfo GEN modules.builtin GEN .vmlinux.objs MODPOST vmlinux.symvers CC .vmlinux.export.o UPD include/generated/utsversion.h CC init/version-timestamp.o LD .tmp_vmlinux.kallsyms1 ld.lld: error: undefined symbol: its_static_thunk >>> referenced by usercopy_64.c >>> vmlinux.o:(emit_indirect_jump) ===================================================== # Builds where the incident occurred: ## x86_64_defconfig+allmodconfig on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:6829871bfef071f536c1102b #kernelci issue maestro:c49af145451f7a03012be6a37ed4b2bc44aa3470 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

4 months

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) redefinition of 'its_static_thunk' in arch/x86/kernel/alternative....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- redefinition of 'its_static_thunk' in arch/x86/kernel/alternative.o (arch/x86/kernel/alternative.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:4e3244fcbf4c807ca7a60afea944a81fb0547730 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 615b9e10e3377467ced8f50592a1b5ba8ce053d8 Log excerpt: ===================================================== arch/x86/kernel/alternative.c:1452:5: error: redefinition of 'its_static_thunk' 1452 | u8 *its_static_thunk(int reg) | ^ ./arch/x86/include/asm/alternative.h:143:19: note: previous definition is here 143 | static inline u8 *its_static_thunk(int reg) | ^ CC drivers/pinctrl/bcm/pinctrl-bcm6318.o 1 error generated. ===================================================== # Builds where the incident occurred: ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:68298753fef071f536c11059 #kernelci issue maestro:4e3244fcbf4c807ca7a60afea944a81fb0547730 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

4 months

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) redefinition of ‘its_static_thunk’ in arch/x86/kernel/alternative....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- redefinition of ‘its_static_thunk’ in arch/x86/kernel/alternative.o (arch/x86/kernel/alternative.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:9ad63ff53451e24010f8c5d4d7d281c39f8e2f6e - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 615b9e10e3377467ced8f50592a1b5ba8ce053d8 Log excerpt: ===================================================== arch/x86/kernel/alternative.c:1452:5: error: redefinition of ‘its_static_thunk’ 1452 | u8 *its_static_thunk(int reg) | ^~~~~~~~~~~~~~~~ In file included from ./arch/x86/include/asm/barrier.h:5, from ./include/linux/list.h:11, from ./include/linux/module.h:12, from arch/x86/kernel/alternative.c:4: ./arch/x86/include/asm/alternative.h:143:19: note: previous definition of ‘its_static_thunk’ with type ‘u8 *(int)’ {aka ‘unsigned char *(int)’} 143 | static inline u8 *its_static_thunk(int reg) | ^~~~~~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## allnoconfig+kselftest on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:68298772fef071f536c11071 ## cros://chromeos-6.6/x86_64/chromeos-amd-stoneyridge.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:68298702fef071f536c11015 ## defconfig+kcidebug+x86-board on (i386): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:68298775fef071f536c11074 ## i386_defconfig on (i386): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:6829874ffef071f536c11056 ## i386_defconfig+kselftest on (i386): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:6829875efef071f536c11062 ## tinyconfig on (i386): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:6829875afef071f536c1105f ## tinyconfig+kselftest on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:6829877dfef071f536c1107a #kernelci issue maestro:9ad63ff53451e24010f8c5d4d7d281c39f8e2f6e Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

4 months

1
0
0 0

[PATCH] RDMA/irdma: puda: Clear entries after allocation to ensure clean state

by Wentao Liang

The irdma_puda_send() calls the irdma_puda_get_next_send_wqe() to get entries, but does not clear the entries after the function call. This could lead to wqe data inconsistency. A proper implementation can be found in irdma_uk_send(). Add the irdma_clr_wqes() after irdma_puda_get_next_send_wqe(). Add the headfile of the irdma_clr_wqes(). Fixes: a3a06db504d3 ("RDMA/irdma: Add privileged UDA queue implementation") Cc: stable(a)vger.kernel.org # v5.14 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/infiniband/hw/irdma/puda.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/infiniband/hw/irdma/puda.c b/drivers/infiniband/hw/irdma/puda.c index 7e3f9bca2c23..1d113ad05500 100644 --- a/drivers/infiniband/hw/irdma/puda.c +++ b/drivers/infiniband/hw/irdma/puda.c @@ -7,6 +7,7 @@ #include "protos.h" #include "puda.h" #include "ws.h" +#include "user.h" static void irdma_ieq_receive(struct irdma_sc_vsi *vsi, struct irdma_puda_buf *buf); @@ -444,6 +445,8 @@ int irdma_puda_send(struct irdma_sc_qp *qp, struct irdma_puda_send_info *info) if (!wqe) return -ENOMEM; + irdma_clr_wqes(qp, wqe_idx); + qp->qp_uk.sq_wrtrk_array[wqe_idx].wrid = (uintptr_t)info->scratch; /* Third line of WQE descriptor */ /* maclen is in words */ -- 2.42.0.windows.2

4 months

3
2
0 0

Linux 6.12.29

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.29 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .clippy.toml | 2 Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 168 ++++++++ Documentation/admin-guide/kernel-parameters.txt | 18 Makefile | 2 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 25 - arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/spectre.h | 3 arch/arm64/kernel/cpufeature.c | 9 arch/arm64/kernel/proton-pack.c | 13 arch/arm64/lib/insn.c | 60 +- arch/arm64/net/bpf_jit_comp.c | 57 ++ arch/mips/include/asm/ptrace.h | 3 arch/riscv/kernel/traps.c | 64 +-- arch/riscv/kernel/traps_misaligned.c | 17 arch/s390/kernel/entry.S | 3 arch/s390/pci/pci_clp.c | 2 arch/um/include/linux/time-internal.h | 2 arch/um/kernel/skas/syscall.c | 11 arch/x86/Kconfig | 12 arch/x86/entry/entry_64.S | 20 arch/x86/include/asm/alternative.h | 32 + arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/microcode.h | 2 arch/x86/include/asm/msr-index.h | 8 arch/x86/include/asm/nospec-branch.h | 38 + arch/x86/kernel/alternative.c | 208 +++++++++- arch/x86/kernel/cpu/bugs.c | 176 ++++++++ arch/x86/kernel/cpu/common.c | 72 ++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/microcode/core.c | 58 +- arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/cpu/microcode/internal.h | 1 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/head32.c | 4 arch/x86/kernel/module.c | 6 arch/x86/kernel/static_call.c | 4 arch/x86/kernel/vmlinux.lds.S | 10 arch/x86/kvm/smm.c | 1 arch/x86/kvm/svm/svm.c | 4 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/mm/tlb.c | 23 + arch/x86/net/bpf_jit_comp.c | 58 ++ drivers/accel/ivpu/ivpu_hw.c | 2 drivers/base/cpu.c | 3 drivers/block/loop.c | 104 +++-- drivers/bluetooth/btmtk.c | 12 drivers/clocksource/i8253.c | 4 drivers/firmware/arm_scmi/driver.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 12 drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 4 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 + drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 14 drivers/gpu/drm/panel/panel-simple.c | 25 - drivers/gpu/drm/v3d/v3d_sched.c | 28 + drivers/gpu/drm/xe/tests/xe_mocs.c | 21 - drivers/gpu/drm/xe/xe_gt_pagefault.c | 11 drivers/iio/accel/adis16201.c | 4 drivers/iio/accel/adxl355_core.c | 2 drivers/iio/accel/adxl367.c | 10 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/dln2-adc.c | 2 drivers/iio/adc/rockchip_saradc.c | 17 drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 drivers/iio/temperature/maxim_thermocouple.c | 2 drivers/input/joystick/xpad.c | 40 + drivers/input/keyboard/mtk-pmic-keys.c | 4 drivers/input/mouse/synaptics.c | 5 drivers/input/touchscreen/cyttsp5.c | 7 drivers/md/dm-table.c | 3 drivers/net/can/m_can/m_can.c | 3 drivers/net/can/rockchip/rockchip_canfd-core.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +- drivers/net/dsa/b53/b53_common.c | 207 +++++++-- drivers/net/dsa/b53/b53_priv.h | 3 drivers/net/dsa/bcm_sf2.c | 1 drivers/net/ethernet/intel/ice/ice_adapter.c | 39 - drivers/net/ethernet/intel/ice/ice_adapter.h | 6 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 19 drivers/net/ethernet/meta/fbnic/fbnic_csr.h | 2 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 180 ++++---- drivers/net/ethernet/meta/fbnic/fbnic_mac.c | 6 drivers/net/virtio_net.c | 61 ++ drivers/nvme/host/core.c | 3 drivers/pci/hotplug/s390_pci_hpc.c | 1 drivers/staging/axis-fifo/axis-fifo.c | 14 drivers/staging/iio/adc/ad7816.c | 2 drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c | 1 drivers/usb/cdns3/cdnsp-gadget.c | 31 + drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-pci.c | 12 drivers/usb/cdns3/cdnsp-ring.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/class/usbtmc.c | 59 +- drivers/usb/dwc3/core.h | 4 drivers/usb/dwc3/gadget.c | 60 +- drivers/usb/gadget/composite.c | 12 drivers/usb/gadget/function/f_ecm.c | 7 drivers/usb/gadget/udc/tegra-xudc.c | 4 drivers/usb/host/uhci-platform.c | 2 drivers/usb/host/xhci-tegra.c | 3 drivers/usb/misc/onboard_usb_dev.c | 10 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/displayport.c | 2 drivers/vfio/pci/vfio_pci_core.c | 12 drivers/xen/swiotlb-xen.c | 1 drivers/xen/xenbus/xenbus.h | 2 drivers/xen/xenbus/xenbus_comms.c | 9 drivers/xen/xenbus/xenbus_dev_frontend.c | 2 drivers/xen/xenbus/xenbus_xs.c | 18 fs/btrfs/volumes.c | 91 ---- fs/erofs/fileio.c | 4 fs/erofs/zdata.c | 31 - fs/namespace.c | 3 fs/ocfs2/journal.c | 80 ++- fs/ocfs2/journal.h | 1 fs/ocfs2/ocfs2.h | 17 fs/ocfs2/quota_local.c | 9 fs/ocfs2/suballoc.c | 38 + fs/ocfs2/suballoc.h | 1 fs/ocfs2/super.c | 3 fs/smb/client/cached_dir.c | 10 fs/smb/server/oplock.c | 7 fs/smb/server/smb2pdu.c | 5 fs/smb/server/vfs.c | 7 fs/smb/server/vfs_cache.c | 33 + fs/userfaultfd.c | 28 + include/linux/cpu.h | 2 include/linux/execmem.h | 3 include/linux/ieee80211.h | 2 include/linux/module.h | 5 include/linux/types.h | 3 include/linux/vmalloc.h | 1 include/net/netdev_queues.h | 6 include/uapi/linux/types.h | 1 init/Kconfig | 3 io_uring/io_uring.c | 58 +- io_uring/sqpoll.c | 2 kernel/params.c | 4 kernel/sched/fair.c | 4 mm/huge_memory.c | 11 mm/internal.h | 27 - mm/memblock.c | 9 mm/page_alloc.c | 159 ++++--- mm/vmalloc.c | 31 + net/can/gw.c | 149 ++++--- net/core/filter.c | 1 net/core/netdev-genl.c | 69 ++- net/ipv6/addrconf.c | 15 net/mac80211/mlme.c | 12 net/netfilter/ipset/ip_set_hash_gen.h | 2 net/netfilter/ipvs/ip_vs_xmit.c | 27 - net/openvswitch/actions.c | 3 net/sched/sch_htb.c | 15 net/wireless/scan.c | 2 rust/bindings/lib.rs | 1 rust/kernel/alloc/kvec.rs | 3 rust/kernel/list.rs | 3 rust/kernel/str.rs | 46 +- rust/macros/module.rs | 19 rust/macros/pinned_drop.rs | 3 rust/uapi/lib.rs | 1 tools/objtool/check.c | 1 tools/testing/selftests/Makefile | 1 tools/testing/selftests/mm/compaction_test.c | 19 tools/testing/selftests/mm/pkey-powerpc.h | 12 tools/testing/selftests/x86/bugs/Makefile | 3 tools/testing/selftests/x86/bugs/common.py | 164 +++++++ tools/testing/selftests/x86/bugs/its_indirect_alignment.py | 150 +++++++ tools/testing/selftests/x86/bugs/its_permutations.py | 109 +++++ tools/testing/selftests/x86/bugs/its_ret_alignment.py | 139 ++++++ tools/testing/selftests/x86/bugs/its_sysfs.py | 65 +++ 188 files changed, 3220 insertions(+), 1086 deletions(-) Aditya Garg (3): Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Al Viro (1): do_umount(): add missing barrier before refcount checks in sync case Alex Deucher (5): drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush Alex Williamson (1): vfio/pci: Align huge faults to order Alexander Duyck (6): fbnic: Fix initialization of mailbox descriptor rings fbnic: Gate AXI read/write enabling on FW mailbox fbnic: Actually flush_tx instead of stalling out fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context fbnic: Do not allow mailbox to toggle to ready outside fbnic_mbx_poll_tx_ready Alexey Charkov (1): usb: uhci-platform: Make the clock really optional Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix NULL pointer access Andy Shevchenko (1): types: Complement the aligned types with signed 64-bit one Angelo Dureghello (1): iio: adc: ad7606: fix serial register access Antonios Salios (1): can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe Aurabindo Pillai (1): drm/amd/display: more liberal vmin/vmax update for freesync Borislav Petkov (AMD) (1): x86/microcode: Consolidate the loader enablement checking Christian Lamparter (1): Revert "um: work around sched_yield not yielding in time-travel mode" Christoph Hellwig (2): loop: refactor queue limits updates loop: factor out a loop_assign_backing_file helper Clément Léger (2): riscv: misaligned: factorize trap handling riscv: misaligned: enable IRQs while handling misaligned accesses Cong Wang (1): sch_htb: make htb_deactivate() idempotent Cristian Marussi (1): firmware: arm_scmi: Fix timeout checks on polling path Dan Carpenter (1): dm: add missing unlock on in dm_keyslot_evict() Daniel Golle (1): net: ethernet: mtk_eth_soc: reset all TX queues on DMA free Daniel Sneddon (2): x86/bpf: Call branch history clearing sequence on exit x86/bpf: Add IBHF call at end of classic BPF Daniel Wagner (1): nvme: unblock ctrl state transition for firmware update Dave Hansen (1): x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return Dave Stevenson (1): staging: bcm2835-camera: Initialise dev in v4l2_dev David Lechner (1): iio: imu: inv_mpu6050: align buffer for timestamp Dmitry Antipov (1): module: ensure that kobject_put() is safe for module type kobjects Dmitry Torokhov (1): Input: synaptics - enable SMBus for HP Elitebook 850 G1 Eelco Chaudron (1): openvswitch: Fix unsafe attribute parsing in output_userspace() Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Frank Wunderlich (1): net: ethernet: mtk_eth_soc: do not reset PSE when setting FE Gabriel Krisman Bertazi (1): io_uring/sqpoll: Increase task_work submission batch size Gabriel Shahrouzi (4): staging: iio: adc: ad7816: Correct conditional logic for store mode staging: axis-fifo: Remove hardware resets for user errors staging: axis-fifo: Correct handling of tx_fifo_depth for size validation iio: adis16201: Correct inclinometer channel resolution Gao Xiang (1): erofs: ensure the extra temporary copy is valid for shortened bvecs Gary Bisson (1): Input: mtk-pmic-keys - fix possible null pointer dereference Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Greg Kroah-Hartman (1): Linux 6.12.29 Guillaume Nault (1): gre: Fix again IPv6 link-local address generation. Hao Qin (2): Bluetooth: btmtk: Remove resetting mt7921 before downloading the fw Bluetooth: btmtk: Remove the resetting step before downloading the fw Heiko Carstens (1): s390/entry: Fix last breaking event handling in case of stack corruption Heming Zhao (1): ocfs2: fix the issue with discontiguous allocation in the global_bitmap Himal Prasad Ghimiray (1): drm/xe/tests/mocs: Update xe_force_wake_get() return handling Hugo Villeneuve (1): Input: cyttsp5 - ensure minimum reset pulse width Jacek Lawrynowicz (1): accel/ivpu: Increase state dump msg timeout Jakub Kicinski (3): virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() net: export a helper for adding up queue stats virtio-net: fix total qstat values James Morse (6): arm64: insn: Add support for encoding DSB arm64: proton-pack: Expose whether the platform is mitigated by firmware arm64: proton-pack: Expose whether the branchy loop k value arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Jan Kara (3): ocfs2: switch osb->disable_recovery to enum ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: stop quota recovery before disabling quotas Jason Andryuk (1): xenbus: Use kref to track req lifetime Jens Axboe (2): io_uring: ensure deferred completions are flushed for multishot io_uring: always arm linked timeouts prior to issue Jim Lin (1): usb: host: tegra: Prevent host controller crash when OTG port is used Johannes Weiner (2): mm: page_alloc: don't steal single pages from biggest buddy mm: page_alloc: speed up fallbacks in rmqueue_bulk() John Ernberg (1): xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it John Garry (2): loop: Use bdev limit helpers for configuring discard loop: Simplify discard granularity calc Jonas Gorski (11): net: dsa: b53: allow leaky reserved multicast net: dsa: b53: keep CPU port always tagged again net: dsa: b53: fix clearing PVID of a port net: dsa: b53: fix flushing old pvid VLAN on pvid change net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave net: dsa: b53: always rejoin default untagged VLAN on bridge leave net: dsa: b53: do not allow to configure VLAN 0 net: dsa: b53: do not program vlans when vlan filtering is off net: dsa: b53: fix toggling vlan_filtering net: dsa: b53: fix learning on VLAN unaware bridges net: dsa: b53: do not set learning and unicast/multicast on up Jonathan Cameron (3): iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer. iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 iio: adc: dln2: Use aligned_s64 for timestamp Jozsef Kadlecsik (1): netfilter: ipset: fix region locking in hash types Julian Anastasov (1): ipvs: fix uninit-value for saddr in do_output_route4 Kees Cook (1): mm: vmalloc: support more granular vrealloc() sizing Kelsey Maes (1): can: mcp251xfd: fix TDC setting for low data bit rates Kevin Baker (1): drm/panel: simple: Update timings for AUO G101EVN010 Lizhi Xu (1): loop: Add sanity check for read/write_iter Lode Willems (1): Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller Lothar Rubusch (1): iio: accel: adxl367: fix setting odr for activity time update Lukasz Czechowski (1): usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs Manuel Fombuena (1): Input: synaptics - enable InterTouch on Dynabook Portege X30-D Marc Kleine-Budde (3): can: mcan: m_can_class_unregister(): fix order of unregistration calls can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls Matthew Brost (1): drm/xe: Add page queue multiplier Max Kellermann (1): fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() Maíra Canal (1): drm/v3d: Add job to pending list if the reset was skipped Michael-CY Lee (1): wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping Miguel Ojeda (5): rust: clean Rust 1.88.0's `unnecessary_transmutes` lint objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0 rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration rust: allow Rust 1.87.0's `clippy::ptr_eq` lint rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint Mikael Gonella-Bolduc (1): Input: cyttsp5 - fix power control issue on wakeup Mikhail Lobanov (1): KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Namjae Jeon (1): ksmbd: prevent rename with empty string Niklas Schnelle (2): s390/pci: Fix missing check for zpci_create_device() error return s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs Norbert Szetei (1): ksmbd: prevent out-of-bounds stream writes by validating *pos Nylon Chen (1): riscv: misaligned: Add handling for ZCB instructions Nysal Jan K.A. (1): selftests/mm: fix a build failure on powerpc OGAWA Hirofumi (1): loop: Fix ABBA locking race Oliver Hartkopp (1): can: gw: fix RCU/BH usage in cgw_create_job() Oliver Neukum (1): USB: usbtmc: use interruptible sleep in usbtmc_read Omar Sandoval (1): sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash Paul Aurich (1): smb: client: Avoid race in open_cached_dir with lease breaks Paul Chaignon (1): bpf: Scrub packet on bpf_redirect_peer Pawan Gupta (14): x86/bhi: Do not set BHI_DIS_S in 32-bit mode x86/speculation: Simplify and make CALL_NOSPEC consistent x86/speculation: Add a conditional CS prefix to CALL_NOSPEC x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs x86/its: Add support for RSB stuffing mitigation x86/its: Align RETs in BHB clear sequence to avoid thunking x86/ibt: Keep IBT disabled during alternative patching selftest/x86/bugs: Add selftests for ITS Pawel Laszczak (2): usb: cdnsp: Fix issue with resuming from L1 usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Peter Xu (1): mm/userfaultfd: fix uninitialized output field for -EAGAIN race Peter Zijlstra (2): x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Petr Vaněk (1): mm: fix folio_pte_batch() on XEN PV Prashanth K (3): usb: dwc3: gadget: Make gadget_wakeup asynchronous usb: gadget: f_ecm: Add get_status callback usb: gadget: Use get_status callback to set remote wakeup capability Przemek Kitszel (1): ice: use DSN instead of PCI BDF for ice_adapter index Qu Wenruo (1): Revert "btrfs: canonicalize the device path before adding it" RD Babiera (1): usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Roman Li (1): drm/amd/display: Fix invalid context error in dml helper Ruijing Dong (1): drm/amdgpu/vcn: using separate VCN1_AON_SOC offset Sean Heelan (1): ksmbd: Fix UAF in __close_file_table_ids Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Sergey Temerkhanov (1): ice: Initial support for E825C hardware in ice_adapter Silvano Seva (2): iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Simon Xue (1): iio: adc: rockchip: Fix clock initialization sequence Tejas Upadhyay (1): drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs Thorsten Blum (1): MIPS: Fix MAX_REG_OFFSET Tom Lendacky (1): memblock: Accept allocated memory before use in memblock_double_array() Veerendranath Jakkam (1): wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Vicki Pfau (2): Input: xpad - fix Share button on Xbox One controllers Input: xpad - fix two controller table values Wang Zhaolong (1): ksmbd: fix memory leak in parse_lease_state() Wayne Chang (1): usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Wayne Lin (5): drm/amd/display: Shift DMUB AUX reply command if necessary drm/amd/display: Fix the checking condition in dmub aux handling drm/amd/display: Remove incorrect checking in dmub aux handler drm/amd/display: Fix wrong handling for AUX_DEFER case drm/amd/display: Copy AUX read reply data whenever length > 0 Wojciech Dubowik (1): arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 Xuan Zhuo (1): virtio_net: xsk: bind/unbind xsk for tx Yeoreum Yun (1): arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation

4 months

1
1
0 0

Linux 6.6.91

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.91 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 168 +++++++ Documentation/admin-guide/kernel-parameters.txt | 18 Makefile | 2 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 25 - arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/spectre.h | 3 arch/arm64/kernel/proton-pack.c | 13 arch/arm64/lib/insn.c | 60 +- arch/arm64/net/bpf_jit_comp.c | 57 ++ arch/mips/include/asm/ptrace.h | 3 arch/x86/Kconfig | 11 arch/x86/entry/entry_64.S | 20 arch/x86/include/asm/alternative.h | 32 + arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/microcode.h | 2 arch/x86/include/asm/msr-index.h | 8 arch/x86/include/asm/nospec-branch.h | 44 +- arch/x86/kernel/alternative.c | 215 +++++++++- arch/x86/kernel/cpu/bugs.c | 178 ++++++++ arch/x86/kernel/cpu/common.c | 72 ++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/microcode/core.c | 58 +- arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/cpu/microcode/internal.h | 1 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/head32.c | 4 arch/x86/kernel/module.c | 7 arch/x86/kernel/static_call.c | 4 arch/x86/kernel/vmlinux.lds.S | 10 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/mm/tlb.c | 23 - arch/x86/net/bpf_jit_comp.c | 61 ++ drivers/base/cpu.c | 3 drivers/clocksource/i8253.c | 4 drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 12 drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c | 7 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 + drivers/gpu/drm/panel/panel-simple.c | 25 - drivers/gpu/drm/v3d/v3d_sched.c | 28 - drivers/iio/accel/adis16201.c | 4 drivers/iio/accel/adxl355_core.c | 2 drivers/iio/accel/adxl367.c | 10 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/dln2-adc.c | 2 drivers/iio/adc/rockchip_saradc.c | 17 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 drivers/iio/temperature/maxim_thermocouple.c | 2 drivers/input/joystick/xpad.c | 40 + drivers/input/keyboard/mtk-pmic-keys.c | 4 drivers/input/mouse/synaptics.c | 5 drivers/input/touchscreen/cyttsp5.c | 7 drivers/md/dm-table.c | 3 drivers/net/can/m_can/m_can.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 + drivers/net/dsa/b53/b53_common.c | 36 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 16 drivers/nvme/host/core.c | 3 drivers/staging/axis-fifo/axis-fifo.c | 14 drivers/staging/iio/adc/ad7816.c | 2 drivers/usb/cdns3/cdnsp-gadget.c | 31 + drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-pci.c | 12 drivers/usb/cdns3/cdnsp-ring.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/class/usbtmc.c | 59 +- drivers/usb/gadget/composite.c | 12 drivers/usb/gadget/function/f_ecm.c | 7 drivers/usb/gadget/udc/tegra-xudc.c | 4 drivers/usb/host/uhci-platform.c | 2 drivers/usb/host/xhci-tegra.c | 3 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/displayport.c | 2 drivers/xen/swiotlb-xen.c | 1 drivers/xen/xenbus/xenbus.h | 2 drivers/xen/xenbus/xenbus_comms.c | 9 drivers/xen/xenbus/xenbus_dev_frontend.c | 2 drivers/xen/xenbus/xenbus_xs.c | 18 fs/namespace.c | 3 fs/ocfs2/journal.c | 80 ++- fs/ocfs2/journal.h | 1 fs/ocfs2/ocfs2.h | 17 fs/ocfs2/quota_local.c | 9 fs/ocfs2/super.c | 3 fs/smb/client/cached_dir.c | 10 fs/smb/server/oplock.c | 7 fs/smb/server/smb2pdu.c | 5 fs/smb/server/vfs.c | 7 fs/smb/server/vfs_cache.c | 33 + include/linux/cpu.h | 2 include/linux/module.h | 5 include/linux/netdevice.h | 13 include/linux/types.h | 3 include/uapi/linux/types.h | 1 io_uring/io_uring.c | 61 +- kernel/params.c | 4 net/can/gw.c | 149 ++++-- net/core/filter.c | 1 net/ipv6/addrconf.c | 15 net/netfilter/ipset/ip_set_hash_gen.h | 2 net/netfilter/ipvs/ip_vs_xmit.c | 27 - net/openvswitch/actions.c | 3 net/sched/sch_htb.c | 15 net/wireless/scan.c | 2 110 files changed, 1709 insertions(+), 483 deletions(-) Aditya Garg (3): Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Al Viro (1): do_umount(): add missing barrier before refcount checks in sync case Alex Deucher (4): drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush Alexander Lobakin (1): netdevice: add netdev_tx_reset_subqueue() shorthand Alexey Charkov (1): usb: uhci-platform: Make the clock really optional Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix NULL pointer access Andy Shevchenko (1): types: Complement the aligned types with signed 64-bit one Angelo Dureghello (1): iio: adc: ad7606: fix serial register access Aurabindo Pillai (1): drm/amd/display: more liberal vmin/vmax update for freesync Borislav Petkov (AMD) (1): x86/microcode: Consolidate the loader enablement checking Cong Wang (1): sch_htb: make htb_deactivate() idempotent Dan Carpenter (1): dm: add missing unlock on in dm_keyslot_evict() Daniel Golle (1): net: ethernet: mtk_eth_soc: reset all TX queues on DMA free Daniel Sneddon (2): x86/bpf: Call branch history clearing sequence on exit x86/bpf: Add IBHF call at end of classic BPF Daniel Wagner (1): nvme: unblock ctrl state transition for firmware update Dave Hansen (1): x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return Dmitry Antipov (1): module: ensure that kobject_put() is safe for module type kobjects Dmitry Torokhov (1): Input: synaptics - enable SMBus for HP Elitebook 850 G1 Eelco Chaudron (1): openvswitch: Fix unsafe attribute parsing in output_userspace() Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Gabriel Shahrouzi (4): staging: iio: adc: ad7816: Correct conditional logic for store mode staging: axis-fifo: Remove hardware resets for user errors staging: axis-fifo: Correct handling of tx_fifo_depth for size validation iio: adis16201: Correct inclinometer channel resolution Gary Bisson (1): Input: mtk-pmic-keys - fix possible null pointer dereference Greg Kroah-Hartman (1): Linux 6.6.91 Guillaume Nault (1): gre: Fix again IPv6 link-local address generation. Hugo Villeneuve (1): Input: cyttsp5 - ensure minimum reset pulse width James Morse (6): arm64: insn: Add support for encoding DSB arm64: proton-pack: Expose whether the platform is mitigated by firmware arm64: proton-pack: Expose whether the branchy loop k value arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Jan Kara (3): ocfs2: switch osb->disable_recovery to enum ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: stop quota recovery before disabling quotas Jason Andryuk (1): xenbus: Use kref to track req lifetime Jens Axboe (2): io_uring: always arm linked timeouts prior to issue io_uring: ensure deferred completions are posted for multishot Jim Lin (1): usb: host: tegra: Prevent host controller crash when OTG port is used John Ernberg (1): xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it Jonas Gorski (6): net: dsa: b53: allow leaky reserved multicast net: dsa: b53: fix clearing PVID of a port net: dsa: b53: fix flushing old pvid VLAN on pvid change net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave net: dsa: b53: always rejoin default untagged VLAN on bridge leave net: dsa: b53: fix learning on VLAN unaware bridges Jonathan Cameron (3): iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer. iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 iio: adc: dln2: Use aligned_s64 for timestamp Jozsef Kadlecsik (1): netfilter: ipset: fix region locking in hash types Julian Anastasov (1): ipvs: fix uninit-value for saddr in do_output_route4 Kelsey Maes (1): can: mcp251xfd: fix TDC setting for low data bit rates Kevin Baker (1): drm/panel: simple: Update timings for AUO G101EVN010 Lode Willems (1): Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller Lothar Rubusch (1): iio: accel: adxl367: fix setting odr for activity time update Manuel Fombuena (1): Input: synaptics - enable InterTouch on Dynabook Portege X30-D Marc Kleine-Budde (2): can: mcan: m_can_class_unregister(): fix order of unregistration calls can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls Maíra Canal (1): drm/v3d: Add job to pending list if the reset was skipped Mikael Gonella-Bolduc (1): Input: cyttsp5 - fix power control issue on wakeup Namjae Jeon (1): ksmbd: prevent rename with empty string Norbert Szetei (1): ksmbd: prevent out-of-bounds stream writes by validating *pos Oliver Hartkopp (1): can: gw: fix RCU/BH usage in cgw_create_job() Oliver Neukum (1): USB: usbtmc: use interruptible sleep in usbtmc_read Paul Aurich (1): smb: client: Avoid race in open_cached_dir with lease breaks Paul Chaignon (1): bpf: Scrub packet on bpf_redirect_peer Pawan Gupta (13): x86/bhi: Do not set BHI_DIS_S in 32-bit mode x86/speculation: Simplify and make CALL_NOSPEC consistent x86/speculation: Add a conditional CS prefix to CALL_NOSPEC x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs x86/its: Add support for RSB stuffing mitigation x86/its: Align RETs in BHB clear sequence to avoid thunking x86/ibt: Keep IBT disabled during alternative patching Pawel Laszczak (2): usb: cdnsp: Fix issue with resuming from L1 usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Peter Zijlstra (2): x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Prashanth K (2): usb: gadget: f_ecm: Add get_status callback usb: gadget: Use get_status callback to set remote wakeup capability RD Babiera (1): usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Sean Heelan (1): ksmbd: Fix UAF in __close_file_table_ids Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Silvano Seva (2): iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Simon Xue (1): iio: adc: rockchip: Fix clock initialization sequence Thorsten Blum (1): MIPS: Fix MAX_REG_OFFSET Veerendranath Jakkam (1): wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Vicki Pfau (2): Input: xpad - fix Share button on Xbox One controllers Input: xpad - fix two controller table values Wang Zhaolong (1): ksmbd: fix memory leak in parse_lease_state() Wayne Chang (1): usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Wayne Lin (5): drm/amd/display: Shift DMUB AUX reply command if necessary drm/amd/display: Fix the checking condition in dmub aux handling drm/amd/display: Remove incorrect checking in dmub aux handler drm/amd/display: Fix wrong handling for AUX_DEFER case drm/amd/display: Copy AUX read reply data whenever length > 0 Wojciech Dubowik (1): arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2

4 months

1
1
0 0

Linux 6.1.139

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.139 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 156 ++++++ Documentation/admin-guide/kernel-parameters.txt | 15 Makefile | 2 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 25 - arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/spectre.h | 3 arch/arm64/kernel/proton-pack.c | 13 arch/arm64/lib/insn.c | 60 +- arch/arm64/net/bpf_jit_comp.c | 57 ++ arch/mips/include/asm/ptrace.h | 3 arch/x86/Kconfig | 11 arch/x86/entry/entry_64.S | 20 arch/x86/include/asm/alternative.h | 32 + arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/msr-index.h | 8 arch/x86/include/asm/nospec-branch.h | 38 + arch/x86/kernel/alternative.c | 248 +++++++++- arch/x86/kernel/cpu/bugs.c | 144 +++++ arch/x86/kernel/cpu/common.c | 72 ++ arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/module.c | 7 arch/x86/kernel/static_call.c | 2 arch/x86/kernel/vmlinux.lds.S | 10 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/mm/tlb.c | 23 arch/x86/net/bpf_jit_comp.c | 60 ++ drivers/base/cpu.c | 8 drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 - drivers/gpu/drm/panel/panel-simple.c | 25 - drivers/gpu/drm/v3d/v3d_sched.c | 28 - drivers/iio/accel/adis16201.c | 4 drivers/iio/accel/adxl355_core.c | 2 drivers/iio/accel/adxl367.c | 10 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/dln2-adc.c | 2 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 drivers/iio/temperature/maxim_thermocouple.c | 2 drivers/input/keyboard/mtk-pmic-keys.c | 4 drivers/input/mouse/synaptics.c | 5 drivers/md/dm-table.c | 3 drivers/net/can/m_can/m_can.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 + drivers/net/dsa/b53/b53_common.c | 36 - drivers/net/phy/microchip.c | 46 + drivers/nvme/host/core.c | 3 drivers/staging/axis-fifo/axis-fifo.c | 14 drivers/staging/iio/adc/ad7816.c | 2 drivers/usb/cdns3/cdnsp-gadget.c | 31 + drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-pci.c | 12 drivers/usb/cdns3/cdnsp-ring.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/class/usbtmc.c | 59 +- drivers/usb/gadget/udc/tegra-xudc.c | 4 drivers/usb/host/uhci-platform.c | 2 drivers/usb/host/xhci-tegra.c | 3 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/displayport.c | 2 drivers/xen/xenbus/xenbus.h | 2 drivers/xen/xenbus/xenbus_comms.c | 9 drivers/xen/xenbus/xenbus_dev_frontend.c | 2 drivers/xen/xenbus/xenbus_xs.c | 18 fs/namespace.c | 3 fs/ocfs2/journal.c | 80 ++- fs/ocfs2/journal.h | 1 fs/ocfs2/ocfs2.h | 17 fs/ocfs2/quota_local.c | 9 fs/ocfs2/super.c | 3 fs/smb/server/oplock.c | 7 fs/smb/server/vfs.c | 7 include/linux/cpu.h | 2 include/linux/module.h | 5 include/linux/rcupdate.h | 3 include/linux/types.h | 3 include/net/flow.h | 3 include/net/route.h | 6 include/uapi/linux/types.h | 1 io_uring/io_uring.c | 61 -- kernel/params.c | 4 net/can/gw.c | 149 +++--- net/core/filter.c | 1 net/ipv6/addrconf.c | 15 net/netfilter/ipset/ip_set_hash_gen.h | 2 net/netfilter/ipvs/ip_vs_xmit.c | 29 - net/openvswitch/actions.c | 3 net/sched/sch_htb.c | 15 net/sctp/protocol.c | 4 93 files changed, 1571 insertions(+), 388 deletions(-) Aditya Garg (3): Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Al Viro (1): do_umount(): add missing barrier before refcount checks in sync case Alex Deucher (1): drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush Alexey Charkov (1): usb: uhci-platform: Make the clock really optional Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix NULL pointer access Andy Shevchenko (1): types: Complement the aligned types with signed 64-bit one Angelo Dureghello (1): iio: adc: ad7606: fix serial register access Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Cong Wang (1): sch_htb: make htb_deactivate() idempotent Dan Carpenter (1): dm: add missing unlock on in dm_keyslot_evict() Daniel Sneddon (2): x86/bpf: Call branch history clearing sequence on exit x86/bpf: Add IBHF call at end of classic BPF Daniel Wagner (1): nvme: unblock ctrl state transition for firmware update Dave Hansen (1): x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return Dmitry Antipov (1): module: ensure that kobject_put() is safe for module type kobjects Dmitry Torokhov (1): Input: synaptics - enable SMBus for HP Elitebook 850 G1 Eelco Chaudron (1): openvswitch: Fix unsafe attribute parsing in output_userspace() Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Gabriel Shahrouzi (4): staging: iio: adc: ad7816: Correct conditional logic for store mode staging: axis-fifo: Remove hardware resets for user errors staging: axis-fifo: Correct handling of tx_fifo_depth for size validation iio: adis16201: Correct inclinometer channel resolution Gary Bisson (1): Input: mtk-pmic-keys - fix possible null pointer dereference Greg Kroah-Hartman (2): Revert "net: phy: microchip: force IRQ polling mode for lan88xx" Linux 6.1.139 Guillaume Nault (2): gre: Fix again IPv6 link-local address generation. ipv4: Drop tos parameter from flowi4_update_output() James Morse (6): arm64: insn: Add support for encoding DSB arm64: proton-pack: Expose whether the platform is mitigated by firmware arm64: proton-pack: Expose whether the branchy loop k value arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Jan Kara (3): ocfs2: switch osb->disable_recovery to enum ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: stop quota recovery before disabling quotas Jason Andryuk (1): xenbus: Use kref to track req lifetime Jens Axboe (2): io_uring: always arm linked timeouts prior to issue io_uring: ensure deferred completions are posted for multishot Jim Lin (1): usb: host: tegra: Prevent host controller crash when OTG port is used Jonas Gorski (6): net: dsa: b53: allow leaky reserved multicast net: dsa: b53: fix clearing PVID of a port net: dsa: b53: fix flushing old pvid VLAN on pvid change net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave net: dsa: b53: always rejoin default untagged VLAN on bridge leave net: dsa: b53: fix learning on VLAN unaware bridges Jonathan Cameron (3): iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer. iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 iio: adc: dln2: Use aligned_s64 for timestamp Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Jozsef Kadlecsik (1): netfilter: ipset: fix region locking in hash types Julian Anastasov (1): ipvs: fix uninit-value for saddr in do_output_route4 Kelsey Maes (1): can: mcp251xfd: fix TDC setting for low data bit rates Kevin Baker (1): drm/panel: simple: Update timings for AUO G101EVN010 Lothar Rubusch (1): iio: accel: adxl367: fix setting odr for activity time update Manuel Fombuena (1): Input: synaptics - enable InterTouch on Dynabook Portege X30-D Marc Kleine-Budde (2): can: mcan: m_can_class_unregister(): fix order of unregistration calls can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls Maíra Canal (1): drm/v3d: Add job to pending list if the reset was skipped Norbert Szetei (1): ksmbd: prevent out-of-bounds stream writes by validating *pos Oliver Hartkopp (1): can: gw: fix RCU/BH usage in cgw_create_job() Oliver Neukum (1): USB: usbtmc: use interruptible sleep in usbtmc_read Paul Chaignon (1): bpf: Scrub packet on bpf_redirect_peer Pawan Gupta (12): x86/bhi: Do not set BHI_DIS_S in 32-bit mode x86/speculation: Simplify and make CALL_NOSPEC consistent x86/speculation: Add a conditional CS prefix to CALL_NOSPEC x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs x86/its: Align RETs in BHB clear sequence to avoid thunking x86/ibt: Keep IBT disabled during alternative patching Pawel Laszczak (2): usb: cdnsp: Fix issue with resuming from L1 usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Peter Zijlstra (2): x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS RD Babiera (1): usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Silvano Seva (2): iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Thorsten Blum (1): MIPS: Fix MAX_REG_OFFSET Uladzislau Rezki (Sony) (1): rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep() Wang Zhaolong (1): ksmbd: fix memory leak in parse_lease_state() Wayne Chang (1): usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Wayne Lin (5): drm/amd/display: Shift DMUB AUX reply command if necessary drm/amd/display: Fix the checking condition in dmub aux handling drm/amd/display: Remove incorrect checking in dmub aux handler drm/amd/display: Fix wrong handling for AUX_DEFER case drm/amd/display: Copy AUX read reply data whenever length > 0 Wojciech Dubowik (1): arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2

4 months

1
1
0 0

Linux 5.15.183

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.183 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/mips/include/asm/ptrace.h | 3 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/common.c | 9 arch/x86/mm/tlb.c | 23 + arch/x86/net/bpf_jit_comp.c | 52 +++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 +- drivers/gpu/drm/panel/panel-simple.c | 25 - drivers/iio/accel/adis16201.c | 4 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/dln2-adc.c | 2 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 drivers/input/mouse/synaptics.c | 5 drivers/net/can/m_can/m_can.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 2 drivers/net/dsa/b53/b53_common.c | 36 +- drivers/net/phy/microchip.c | 46 +++ drivers/nvme/host/core.c | 3 drivers/staging/axis-fifo/axis-fifo.c | 14 - drivers/staging/iio/adc/ad7816.c | 2 drivers/usb/cdns3/cdnsp-gadget.c | 31 ++ drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-pci.c | 12 drivers/usb/cdns3/cdnsp-ring.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/class/usbtmc.c | 59 ++-- drivers/usb/gadget/udc/tegra-xudc.c | 4 drivers/usb/host/uhci-platform.c | 2 drivers/usb/host/xhci-tegra.c | 3 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/displayport.c | 2 drivers/xen/xenbus/xenbus.h | 2 drivers/xen/xenbus/xenbus_comms.c | 9 drivers/xen/xenbus/xenbus_dev_frontend.c | 2 drivers/xen/xenbus/xenbus_xs.c | 18 + fs/namespace.c | 3 fs/ocfs2/journal.c | 80 ++++- fs/ocfs2/journal.h | 1 fs/ocfs2/ocfs2.h | 17 + fs/ocfs2/quota_local.c | 9 fs/ocfs2/super.c | 3 include/linux/rcupdate.h | 3 include/linux/types.h | 3 include/uapi/linux/types.h | 1 kernel/params.c | 4 net/can/gw.c | 165 +++++++----- net/ipv6/addrconf.c | 15 - net/netfilter/ipset/ip_set_hash_gen.h | 2 net/openvswitch/actions.c | 3 49 files changed, 536 insertions(+), 202 deletions(-) Aditya Garg (3): Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Al Viro (1): do_umount(): add missing barrier before refcount checks in sync case Alexey Charkov (1): usb: uhci-platform: Make the clock really optional Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix NULL pointer access Andy Shevchenko (1): types: Complement the aligned types with signed 64-bit one Angelo Dureghello (1): iio: adc: ad7606: fix serial register access Daniel Sneddon (2): x86/bpf: Call branch history clearing sequence on exit x86/bpf: Add IBHF call at end of classic BPF Daniel Wagner (1): nvme: unblock ctrl state transition for firmware update Dave Hansen (1): x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return Dmitry Antipov (1): module: ensure that kobject_put() is safe for module type kobjects Dmitry Torokhov (1): Input: synaptics - enable SMBus for HP Elitebook 850 G1 Eelco Chaudron (1): openvswitch: Fix unsafe attribute parsing in output_userspace() Eric Dumazet (1): can: gw: use call_rcu() instead of costly synchronize_rcu() Gabriel Shahrouzi (4): staging: iio: adc: ad7816: Correct conditional logic for store mode staging: axis-fifo: Remove hardware resets for user errors staging: axis-fifo: Correct handling of tx_fifo_depth for size validation iio: adis16201: Correct inclinometer channel resolution Greg Kroah-Hartman (2): Revert "net: phy: microchip: force IRQ polling mode for lan88xx" Linux 5.15.183 Guillaume Nault (1): gre: Fix again IPv6 link-local address generation. Jan Kara (3): ocfs2: switch osb->disable_recovery to enum ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: stop quota recovery before disabling quotas Jason Andryuk (1): xenbus: Use kref to track req lifetime Jim Lin (1): usb: host: tegra: Prevent host controller crash when OTG port is used Jonas Gorski (6): net: dsa: b53: allow leaky reserved multicast net: dsa: b53: fix clearing PVID of a port net: dsa: b53: fix flushing old pvid VLAN on pvid change net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave net: dsa: b53: always rejoin default untagged VLAN on bridge leave net: dsa: b53: fix learning on VLAN unaware bridges Jonathan Cameron (1): iio: adc: dln2: Use aligned_s64 for timestamp Jozsef Kadlecsik (1): netfilter: ipset: fix region locking in hash types Kevin Baker (1): drm/panel: simple: Update timings for AUO G101EVN010 Manuel Fombuena (1): Input: synaptics - enable InterTouch on Dynabook Portege X30-D Marc Kleine-Budde (2): can: mcan: m_can_class_unregister(): fix order of unregistration calls can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls Oliver Hartkopp (1): can: gw: fix RCU/BH usage in cgw_create_job() Oliver Neukum (1): USB: usbtmc: use interruptible sleep in usbtmc_read Pawan Gupta (1): x86/bhi: Do not set BHI_DIS_S in 32-bit mode Pawel Laszczak (2): usb: cdnsp: Fix issue with resuming from L1 usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version RD Babiera (1): usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Silvano Seva (2): iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Thorsten Blum (1): MIPS: Fix MAX_REG_OFFSET Uladzislau Rezki (Sony) (1): rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep() Wayne Chang (1): usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Wayne Lin (1): drm/amd/display: Fix wrong handling for AUX_DEFER case

4 months

1
1
0 0

[PATCH net] hv_netvsc: fix potential deadlock in netvsc_vf_setxdp()

by Saurabh Sengar

The MANA driver's probe registers netdevice via the following call chain: mana_probe() register_netdev() register_netdevice() register_netdevice() calls notifier callback for netvsc driver, holding the netdev mutex via netdev_lock_ops(). Further this netvsc notifier callback end up attempting to acquire the same lock again in dev_xdp_propagate() leading to deadlock. netvsc_netdev_event() netvsc_vf_setxdp() dev_xdp_propagate() This deadlock was not observed so far because net_shaper_ops was never set and this lock in noop in this case. Fix this by using netif_xdp_propagate instead of dev_xdp_propagate to avoid recursive locking in this path. This issue has not observed so far because net_shaper_ops was unset, making the lock path effectively a no-op. To prevent recursive locking and avoid this deadlock, replace dev_xdp_propagate() with netif_xdp_propagate(), which does not acquire the lock again. Also, clean up the unregistration path by removing unnecessary call to netvsc_vf_setxdp(), since unregister_netdevice_many_notify() already performs this cleanup via dev_xdp_uninstall. Fixes: 97246d6d21c2 ("net: hold netdev instance lock during ndo_bpf") Cc: stable(a)vger.kernel.org Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> --- drivers/net/hyperv/netvsc_bpf.c | 2 +- drivers/net/hyperv/netvsc_drv.c | 2 -- net/core/dev.c | 1 + 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/hyperv/netvsc_bpf.c b/drivers/net/hyperv/netvsc_bpf.c index e01c5997a551..1dd3755d9e6d 100644 --- a/drivers/net/hyperv/netvsc_bpf.c +++ b/drivers/net/hyperv/netvsc_bpf.c @@ -183,7 +183,7 @@ int netvsc_vf_setxdp(struct net_device *vf_netdev, struct bpf_prog *prog) xdp.command = XDP_SETUP_PROG; xdp.prog = prog; - ret = dev_xdp_propagate(vf_netdev, &xdp); + ret = netif_xdp_propagate(vf_netdev, &xdp); if (ret && prog) bpf_prog_put(prog); diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index d8b169ac0343..ee3aaf9c10e6 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -2462,8 +2462,6 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF unregistering: %s\n", vf_netdev->name); - netvsc_vf_setxdp(vf_netdev, NULL); - reinit_completion(&net_device_ctx->vf_add); netdev_rx_handler_unregister(vf_netdev); netdev_upper_dev_unlink(vf_netdev, ndev); diff --git a/net/core/dev.c b/net/core/dev.c index fccf2167b235..8c6c9d7fba26 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9953,6 +9953,7 @@ int netif_xdp_propagate(struct net_device *dev, struct netdev_bpf *bpf) return dev->netdev_ops->ndo_bpf(dev, bpf); } +EXPORT_SYMBOL_GPL(netif_xdp_propagate); u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode) { -- 2.43.0

4 months

1
0
0 0

[PATCH] wifi: wilc1000: Handle wilc_sdio_cmd52() failure in wilc_sdio_read_init()

by Wentao Liang

The wilc_sdio_read_init() calls wilc_sdio_cmd52() but does not check the return value. This could lead to execution with potentially invalid data if wilc_sdio_cmd52() fails. A proper implementation can be found in wilc_sdio_read_reg(). Add error handling for wilc_sdio_cmd52(). If wilc_sdio_cmd52() fails, log an error message via dev_err(). Fixes: eda308be643f ("staging: wilc1000: refactor interrupt handling for sdio") Cc: stable(a)vger.kernel.org # v5.7 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/wireless/microchip/wilc1000/sdio.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/microchip/wilc1000/sdio.c b/drivers/net/wireless/microchip/wilc1000/sdio.c index e7a2bc9f9902..d0e8b812b622 100644 --- a/drivers/net/wireless/microchip/wilc1000/sdio.c +++ b/drivers/net/wireless/microchip/wilc1000/sdio.c @@ -809,6 +809,7 @@ static int wilc_sdio_read_int(struct wilc *wilc, u32 *int_status) u32 tmp; u8 irq_flags; struct sdio_cmd52 cmd; + int ret; wilc_sdio_read_size(wilc, &tmp); @@ -827,7 +828,12 @@ static int wilc_sdio_read_int(struct wilc *wilc, u32 *int_status) cmd.raw = 0; cmd.read_write = 0; cmd.data = 0; - wilc_sdio_cmd52(wilc, &cmd); + ret = wilc_sdio_cmd52(wilc, &cmd); + if (ret) { + dev_err(&func->devm, "Fail cmd 52, get IRQ register...\n"); + return ret; + } + irq_flags = cmd.data; if (sdio_priv->irq_gpio) -- 2.42.0.windows.2

4 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2025