May 2025 - Linux-stable-mirror

[PATCH v2 0/7] accel/ivpu: Add context violation handling for 6.12

by Jacek Lawrynowicz

These patchset adds support for VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW message added in recent VPU firmware. Without it the driver will not be able to process any jobs after this message is received and would need to be reloaded. Most patches are as-is from upstream besides these two: - Fix locking order in ivpu_job_submit - Abort all jobs after command queue unregister Both these patches need to be rebased because of missing new CMDQ UAPI changes that should not be backported to stable. Changes since v1: - Documented deviations from the original upstream patches in commit messages Andrew Kreimer (1): accel/ivpu: Fix a typo Andrzej Kacprowski (1): accel/ivpu: Update VPU FW API headers Karol Wachowski (4): accel/ivpu: Use xa_alloc_cyclic() instead of custom function accel/ivpu: Abort all jobs after command queue unregister accel/ivpu: Fix locking order in ivpu_job_submit accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW Tomasz Rusinowicz (1): accel/ivpu: Make DB_ID and JOB_ID allocations incremental drivers/accel/ivpu/ivpu_drv.c | 38 ++-- drivers/accel/ivpu/ivpu_drv.h | 9 + drivers/accel/ivpu/ivpu_job.c | 125 +++++++++--- drivers/accel/ivpu/ivpu_job.h | 1 + drivers/accel/ivpu/ivpu_jsm_msg.c | 3 +- drivers/accel/ivpu/ivpu_mmu.c | 3 +- drivers/accel/ivpu/ivpu_sysfs.c | 5 +- drivers/accel/ivpu/vpu_boot_api.h | 45 +++-- drivers/accel/ivpu/vpu_jsm_api.h | 303 +++++++++++++++++++++++++----- 9 files changed, 412 insertions(+), 120 deletions(-) -- 2.45.1

6 months

2
14
0 0

[PATCH 6.14.y v2 0/7] ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

by Jared Holzman

This patchset backports a series of ublk fixes from upstream to 6.14-stable. Patch 7 fixes the race that can cause kernel panic when ublk server daemon is exiting. It depends on patches 1-6 which simplifies & improves IO canceling when ublk server daemon is exiting as described here: https://lore.kernel.org/linux-block/20250416035444.99569-1-ming.lei@redhat.… Ming Lei (5): ublk: add helper of ublk_need_map_io() ublk: move device reset into ublk_ch_release() ublk: remove __ublk_quiesce_dev() ublk: simplify aborting ublk request ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd Uday Shankar (2): ublk: properly serialize all FETCH_REQs ublk: improve detection and handling of ublk server exit drivers/block/ublk_drv.c | 550 +++++++++++++++++++++------------------ 1 file changed, 291 insertions(+), 259 deletions(-) -- 2.43.0

6 months

3
15
0 0

[PATCH v6.1] md: move initialization and destruction of 'io_acct_set' to md.c

by Yu Kuai

From: Yu Kuai <yukuai3(a)huawei.com> commit c567c86b90d4715081adfe5eb812141a5b6b4883 upstream. 'io_acct_set' is only used for raid0 and raid456, prepare to use it for raid1 and raid10, so that io accounting from different levels can be consistent. By the way, follow up patches will also use this io clone mechanism to make sure 'active_io' represents in flight io, not io that is dispatching, so that mddev_suspend will wait for io to be done as designed. Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Xiao Ni <xni(a)redhat.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20230621165110.1498313-2-yukuai1@huaweicloud.com [Yu Kuai: This is the relied patch for commit 4a05f7ae3371 ("md/raid10: fix missing discard IO accounting"), kernel will panic while issuing discard to raid10 without this patch] Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> --- drivers/md/md.c | 27 ++++++++++----------------- drivers/md/md.h | 2 -- drivers/md/raid0.c | 16 ++-------------- drivers/md/raid5.c | 41 +++++++++++------------------------------ 4 files changed, 23 insertions(+), 63 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index d5fbccc72810..a9fcfcbc2d11 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -5965,6 +5965,13 @@ int md_run(struct mddev *mddev) goto exit_bio_set; } + if (!bioset_initialized(&mddev->io_acct_set)) { + err = bioset_init(&mddev->io_acct_set, BIO_POOL_SIZE, + offsetof(struct md_io_acct, bio_clone), 0); + if (err) + goto exit_sync_set; + } + spin_lock(&pers_lock); pers = find_pers(mddev->level, mddev->clevel); if (!pers || !try_module_get(pers->owner)) { @@ -6142,6 +6149,8 @@ int md_run(struct mddev *mddev) module_put(pers->owner); md_bitmap_destroy(mddev); abort: + bioset_exit(&mddev->io_acct_set); +exit_sync_set: bioset_exit(&mddev->sync_set); exit_bio_set: bioset_exit(&mddev->bio_set); @@ -6374,6 +6383,7 @@ static void __md_stop(struct mddev *mddev) percpu_ref_exit(&mddev->active_io); bioset_exit(&mddev->bio_set); bioset_exit(&mddev->sync_set); + bioset_exit(&mddev->io_acct_set); } void md_stop(struct mddev *mddev) @@ -8744,23 +8754,6 @@ void md_submit_discard_bio(struct mddev *mddev, struct md_rdev *rdev, } EXPORT_SYMBOL_GPL(md_submit_discard_bio); -int acct_bioset_init(struct mddev *mddev) -{ - int err = 0; - - if (!bioset_initialized(&mddev->io_acct_set)) - err = bioset_init(&mddev->io_acct_set, BIO_POOL_SIZE, - offsetof(struct md_io_acct, bio_clone), 0); - return err; -} -EXPORT_SYMBOL_GPL(acct_bioset_init); - -void acct_bioset_exit(struct mddev *mddev) -{ - bioset_exit(&mddev->io_acct_set); -} -EXPORT_SYMBOL_GPL(acct_bioset_exit); - static void md_end_io_acct(struct bio *bio) { struct md_io_acct *md_io_acct = bio->bi_private; diff --git a/drivers/md/md.h b/drivers/md/md.h index 4f0b48097455..1fda5e139beb 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -746,8 +746,6 @@ extern void md_error(struct mddev *mddev, struct md_rdev *rdev); extern void md_finish_reshape(struct mddev *mddev); void md_submit_discard_bio(struct mddev *mddev, struct md_rdev *rdev, struct bio *bio, sector_t start, sector_t size); -int acct_bioset_init(struct mddev *mddev); -void acct_bioset_exit(struct mddev *mddev); void md_account_bio(struct mddev *mddev, struct bio **bio); extern bool __must_check md_flush_request(struct mddev *mddev, struct bio *bio); diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c index 7c6a0b4437d8..c50a7abda744 100644 --- a/drivers/md/raid0.c +++ b/drivers/md/raid0.c @@ -377,7 +377,6 @@ static void raid0_free(struct mddev *mddev, void *priv) struct r0conf *conf = priv; free_conf(mddev, conf); - acct_bioset_exit(mddev); } static int raid0_run(struct mddev *mddev) @@ -392,16 +391,11 @@ static int raid0_run(struct mddev *mddev) if (md_check_no_bitmap(mddev)) return -EINVAL; - if (acct_bioset_init(mddev)) { - pr_err("md/raid0:%s: alloc acct bioset failed.\n", mdname(mddev)); - return -ENOMEM; - } - /* if private is not null, we are here after takeover */ if (mddev->private == NULL) { ret = create_strip_zones(mddev, &conf); if (ret < 0) - goto exit_acct_set; + return ret; mddev->private = conf; } conf = mddev->private; @@ -432,15 +426,9 @@ static int raid0_run(struct mddev *mddev) ret = md_integrity_register(mddev); if (ret) - goto free; + free_conf(mddev, conf); return ret; - -free: - free_conf(mddev, conf); -exit_acct_set: - acct_bioset_exit(mddev); - return ret; } /* diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index 4315dabd3202..6e80a439ec45 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -7770,19 +7770,12 @@ static int raid5_run(struct mddev *mddev) struct md_rdev *rdev; struct md_rdev *journal_dev = NULL; sector_t reshape_offset = 0; - int i, ret = 0; + int i; long long min_offset_diff = 0; int first = 1; - if (acct_bioset_init(mddev)) { - pr_err("md/raid456:%s: alloc acct bioset failed.\n", mdname(mddev)); + if (mddev_init_writes_pending(mddev) < 0) return -ENOMEM; - } - - if (mddev_init_writes_pending(mddev) < 0) { - ret = -ENOMEM; - goto exit_acct_set; - } if (mddev->recovery_cp != MaxSector) pr_notice("md/raid:%s: not clean -- starting background reconstruction\n", @@ -7813,8 +7806,7 @@ static int raid5_run(struct mddev *mddev) (mddev->bitmap_info.offset || mddev->bitmap_info.file)) { pr_notice("md/raid:%s: array cannot have both journal and bitmap\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } if (mddev->reshape_position != MaxSector) { @@ -7839,15 +7831,13 @@ static int raid5_run(struct mddev *mddev) if (journal_dev) { pr_warn("md/raid:%s: don't support reshape with journal - aborting.\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } if (mddev->new_level != mddev->level) { pr_warn("md/raid:%s: unsupported reshape required - aborting.\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } old_disks = mddev->raid_disks - mddev->delta_disks; /* reshape_position must be on a new-stripe boundary, and one @@ -7863,8 +7853,7 @@ static int raid5_run(struct mddev *mddev) if (sector_div(here_new, chunk_sectors * new_data_disks)) { pr_warn("md/raid:%s: reshape_position not on a stripe boundary\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } reshape_offset = here_new * chunk_sectors; /* here_new is the stripe we will write to */ @@ -7886,8 +7875,7 @@ static int raid5_run(struct mddev *mddev) else if (mddev->ro == 0) { pr_warn("md/raid:%s: in-place reshape must be started in read-only mode - aborting\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } } else if (mddev->reshape_backwards ? (here_new * chunk_sectors + min_offset_diff <= @@ -7897,8 +7885,7 @@ static int raid5_run(struct mddev *mddev) /* Reading from the same stripe as writing to - bad */ pr_warn("md/raid:%s: reshape_position too early for auto-recovery - aborting.\n", mdname(mddev)); - ret = -EINVAL; - goto exit_acct_set; + return -EINVAL; } pr_debug("md/raid:%s: reshape will continue\n", mdname(mddev)); /* OK, we should be able to continue; */ @@ -7922,10 +7909,8 @@ static int raid5_run(struct mddev *mddev) else conf = mddev->private; - if (IS_ERR(conf)) { - ret = PTR_ERR(conf); - goto exit_acct_set; - } + if (IS_ERR(conf)) + return PTR_ERR(conf); if (test_bit(MD_HAS_JOURNAL, &mddev->flags)) { if (!journal_dev) { @@ -8125,10 +8110,7 @@ static int raid5_run(struct mddev *mddev) free_conf(conf); mddev->private = NULL; pr_warn("md/raid:%s: failed to run raid set.\n", mdname(mddev)); - ret = -EIO; -exit_acct_set: - acct_bioset_exit(mddev); - return ret; + return -EIO; } static void raid5_free(struct mddev *mddev, void *priv) @@ -8136,7 +8118,6 @@ static void raid5_free(struct mddev *mddev, void *priv) struct r5conf *conf = priv; free_conf(conf); - acct_bioset_exit(mddev); mddev->to_remove = &raid5_attrs_group; } -- 2.39.2

6 months

4
3
0 0

FAILED: patch "[PATCH] drm/xe: Invalidate L3 read-only cachelines for geometry" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x e775278cd75f24a2758c28558c4e41b36c935740 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042247-mounting-playlist-f479@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e775278cd75f24a2758c28558c4e41b36c935740 Mon Sep 17 00:00:00 2001 From: Kenneth Graunke <kenneth(a)whitecape.org> Date: Sun, 30 Mar 2025 12:59:23 -0400 Subject: [PATCH] drm/xe: Invalidate L3 read-only cachelines for geometry streams too Historically, the Vertex Fetcher unit has not been an L3 client. That meant that, when a buffer containing vertex data was written to, it was necessary to issue a PIPE_CONTROL::VF Cache Invalidate to invalidate any VF L2 cachelines associated with that buffer, so the new value would be properly read from memory. Since Tigerlake and later, VERTEX_BUFFER_STATE and 3DSTATE_INDEX_BUFFER have included an "L3 Bypass Enable" bit which userspace drivers can set to request that the vertex fetcher unit snoop L3. However, unlike most true L3 clients, the "VF Cache Invalidate" bit continues to only invalidate the VF L2 cache - and not any associated L3 lines. To handle that, PIPE_CONTROL has a new "L3 Read Only Cache Invalidation Bit", which according to the docs, "controls the invalidation of the Geometry streams cached in L3 cache at the top of the pipe." In other words, the vertex and index buffer data that gets cached in L3 when "L3 Bypass Disable" is set. Mesa always sets L3 Bypass Disable so that the VF unit snoops L3, and whenever it issues a VF Cache Invalidate, it also issues a L3 Read Only Cache Invalidate so that both L2 and L3 vertex data is invalidated. xe is issuing VF cache invalidates too (which handles cases like CPU writes to a buffer between GPU batches). Because userspace may enable L3 snooping, it needs to issue an L3 Read Only Cache Invalidate as well. Fixes significant flickering in Firefox on Meteorlake, which was writing to vertex buffers via the CPU between batches; the missing L3 Read Only invalidates were causing the vertex fetcher to read stale data from L3. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/4460 Fixes: 6ef3bb60557d ("drm/xe: enable lite restore") Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Kenneth Graunke <kenneth(a)whitecape.org> Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://lore.kernel.org/r/20250330165923.56410-1-rodrigo.vivi@intel.com Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> (cherry picked from commit 61672806b579dd5a150a042ec9383be2bbc2ae7e) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h b/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h index a255946b6f77..8cfcd3360896 100644 --- a/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h +++ b/drivers/gpu/drm/xe/instructions/xe_gpu_commands.h @@ -41,6 +41,7 @@ #define GFX_OP_PIPE_CONTROL(len) ((0x3<<29)|(0x3<<27)|(0x2<<24)|((len)-2)) +#define PIPE_CONTROL0_L3_READ_ONLY_CACHE_INVALIDATE BIT(10) /* gen12 */ #define PIPE_CONTROL0_HDC_PIPELINE_FLUSH BIT(9) /* gen12 */ #define PIPE_CONTROL_COMMAND_CACHE_INVALIDATE (1<<29) diff --git a/drivers/gpu/drm/xe/xe_ring_ops.c b/drivers/gpu/drm/xe/xe_ring_ops.c index 917fc16de866..a7582b097ae6 100644 --- a/drivers/gpu/drm/xe/xe_ring_ops.c +++ b/drivers/gpu/drm/xe/xe_ring_ops.c @@ -137,7 +137,8 @@ emit_pipe_control(u32 *dw, int i, u32 bit_group_0, u32 bit_group_1, u32 offset, static int emit_pipe_invalidate(u32 mask_flags, bool invalidate_tlb, u32 *dw, int i) { - u32 flags = PIPE_CONTROL_CS_STALL | + u32 flags0 = 0; + u32 flags1 = PIPE_CONTROL_CS_STALL | PIPE_CONTROL_COMMAND_CACHE_INVALIDATE | PIPE_CONTROL_INSTRUCTION_CACHE_INVALIDATE | PIPE_CONTROL_TEXTURE_CACHE_INVALIDATE | @@ -148,11 +149,15 @@ static int emit_pipe_invalidate(u32 mask_flags, bool invalidate_tlb, u32 *dw, PIPE_CONTROL_STORE_DATA_INDEX; if (invalidate_tlb) - flags |= PIPE_CONTROL_TLB_INVALIDATE; + flags1 |= PIPE_CONTROL_TLB_INVALIDATE; - flags &= ~mask_flags; + flags1 &= ~mask_flags; - return emit_pipe_control(dw, i, 0, flags, LRC_PPHWSP_FLUSH_INVAL_SCRATCH_ADDR, 0); + if (flags1 & PIPE_CONTROL_VF_CACHE_INVALIDATE) + flags0 |= PIPE_CONTROL0_L3_READ_ONLY_CACHE_INVALIDATE; + + return emit_pipe_control(dw, i, flags0, flags1, + LRC_PPHWSP_FLUSH_INVAL_SCRATCH_ADDR, 0); } static int emit_store_imm_ppgtt_posted(u64 addr, u64 value,

6 months

3
2
0 0

[PATCH] dm: fix copying after src array boundaries

by Tudor Ambarus

The blammed commit copied to argv the size of the reallocated argv, instead of the size of the old_argv, thus reading and copying from past the old_argv allocated memory. Following BUG_ON was hit: [ 3.038929][ T1] kernel BUG at lib/string_helpers.c:1040! [ 3.039147][ T1] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... [ 3.056489][ T1] Call trace: [ 3.056591][ T1] __fortify_panic+0x10/0x18 (P) [ 3.056773][ T1] dm_split_args+0x20c/0x210 [ 3.056942][ T1] dm_table_add_target+0x13c/0x360 [ 3.057132][ T1] table_load+0x110/0x3ac [ 3.057292][ T1] dm_ctl_ioctl+0x424/0x56c [ 3.057457][ T1] __arm64_sys_ioctl+0xa8/0xec [ 3.057634][ T1] invoke_syscall+0x58/0x10c [ 3.057804][ T1] el0_svc_common+0xa8/0xdc [ 3.057970][ T1] do_el0_svc+0x1c/0x28 [ 3.058123][ T1] el0_svc+0x50/0xac [ 3.058266][ T1] el0t_64_sync_handler+0x60/0xc4 [ 3.058452][ T1] el0t_64_sync+0x1b0/0x1b4 [ 3.058620][ T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000) [ 3.058897][ T1] ---[ end trace 0000000000000000 ]--- [ 3.059083][ T1] Kernel panic - not syncing: Oops - BUG: Fatal exception Fix it by copying the size of src, and not the size of dst, as it was. Fixes: 5a2a6c428190 ("dm: always update the array size in realloc_argv on success") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> --- drivers/md/dm-table.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 9e175c5e0634b49b990436898f63c2b1e696febb..6dae73ee49dbb36d89341ff09556876d0973c4ff 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -524,9 +524,9 @@ static char **realloc_argv(unsigned int *size, char **old_argv) } argv = kmalloc_array(new_size, sizeof(*argv), gfp); if (argv) { - *size = new_size; if (old_argv) memcpy(argv, old_argv, *size * sizeof(*argv)); + *size = new_size; } kfree(old_argv); --- base-commit: 92a09c47464d040866cf2b4cd052bc60555185fb change-id: 20250506-dm-past-array-boundaries-1fe2f5a1030f Best regards, -- Tudor Ambarus <tudor.ambarus(a)linaro.org>

6 months

3
2
0 0

[PATCH 6.6 0/2] PCI: imx6: Fix i.MX7D controller_id backport regression

by Ryan Matthews

Hello, This fixes an i.Mx 7D SoC PCIe regression caused by a backport mistake. The regression is broken PCIe initialization and for me a boot hang. I don't know how to organize this. I think a revert and redo best captures what's happening. To complicate things, it looks like the redo patch could also be applied to 5.4, 5.10, 5.15, and 6.1. But those versions don't have the original backport commit. Version 6.12 matches master and needs no change. One conflict resolution is needed to apply the redo patch back to versions 6.1 -> 5.15 -> 5.10. One more resolution to apply back to -> 5.4. Patches against those other versions aren't included here. -- Ryan Richard Zhu (1): PCI: imx6: Skip controller_id generation logic for i.MX7D Ryan Matthews (1): Revert "PCI: imx6: Skip controller_id generation logic for i.MX7D" drivers/pci/controller/dwc/pci-imx6.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) base-commit: 814637ca257f4faf57a73fd4e38888cce88b5911 -- 2.47.2

6 months

3
10
0 0

FAILED: patch "[PATCH] btrfs: fix the inode leak in btrfs_iget()" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 48c1d1bb525b1c44b8bdc8e7ec5629cb6c2b9fc4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050558-charger-crumpled-6ca4@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 48c1d1bb525b1c44b8bdc8e7ec5629cb6c2b9fc4 Mon Sep 17 00:00:00 2001 From: Penglei Jiang <superman.xpt(a)gmail.com> Date: Mon, 21 Apr 2025 08:40:29 -0700 Subject: [PATCH] btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50 VFS: Busy inodes after unmount of loop1 (btrfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:650! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 48168 Comm: syz-executor Not tainted 6.15.0-rc2-00471-g119009db2674 #2 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:generic_shutdown_super+0x2e9/0x390 fs/super.c:650 Call Trace: <TASK> kill_anon_super+0x3a/0x60 fs/super.c:1237 btrfs_kill_super+0x3b/0x50 fs/btrfs/super.c:2099 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473 deactivate_super fs/super.c:506 [inline] deactivate_super+0xe2/0x100 fs/super.c:502 cleanup_mnt+0x21f/0x440 fs/namespace.c:1435 task_work_run+0x14d/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x269/0x290 kernel/entry/common.c:218 do_syscall_64+0xd4/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> [CAUSE] When btrfs_alloc_path() failed, btrfs_iget() directly returned without releasing the inode already allocated by btrfs_iget_locked(). This results the above busy inode and trigger the kernel BUG. [FIX] Fix it by calling iget_failed() if btrfs_alloc_path() failed. If we hit error inside btrfs_read_locked_inode(), it will properly call iget_failed(), so nothing to worry about. Although the iget_failed() cleanup inside btrfs_read_locked_inode() is a break of the normal error handling scheme, let's fix the obvious bug and backport first, then rework the error handling later. Reported-by: Penglei Jiang <superman.xpt(a)gmail.com> Link: https://lore.kernel.org/linux-btrfs/20250421102425.44431-1-superman.xpt@gma… Fixes: 7c855e16ab72 ("btrfs: remove conditional path allocation in btrfs_read_locked_inode()") CC: stable(a)vger.kernel.org # 6.13+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Penglei Jiang <superman.xpt(a)gmail.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 312fa996a987..d295a37fa049 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5682,8 +5682,10 @@ struct btrfs_inode *btrfs_iget(u64 ino, struct btrfs_root *root) return inode; path = btrfs_alloc_path(); - if (!path) + if (!path) { + iget_failed(&inode->vfs_inode); return ERR_PTR(-ENOMEM); + } ret = btrfs_read_locked_inode(inode, path); btrfs_free_path(path);

6 months

4
3
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050557-trousers-boogeyman-3f93@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

6 months

3
2
0 0

[PATCH stable v6.6] riscv: Pass patch_text() the length in bytes

by Nam Cao

From: Samuel Holland <samuel.holland(a)sifive.com> [ Upstream commit 51781ce8f4486c3738a6c85175b599ad1be71f89 ] patch_text_nosync() already handles an arbitrary length of code, so this removes a superfluous loop and reduces the number of icache flushes. Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> Reviewed-by: Conor Dooley <conor.dooley(a)microchip.com> Link: https://lore.kernel.org/r/20240327160520.791322-6-samuel.holland@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> [apply to v6.6] Signed-off-by: Nam Cao <namcao(a)linutronix.de> --- this patch fixes a bug introduced by commit b1756750a397 ("riscv: kprobes: Use patch_text_nosync() for insn slots"), which replaced patch_text() with patch_text_nosync(). That is broken, because patch_text() and patch_text_nosync() takes different parameters (number of instruction vs patched length in bytes). This bug was reported in: https://lore.kernel.org/stable/c7e463c0-8cad-4f4e-addd-195c06b7b6de@iscas.a… --- arch/riscv/include/asm/patch.h | 2 +- arch/riscv/kernel/patch.c | 14 +++++--------- arch/riscv/kernel/probes/kprobes.c | 18 ++++++++++-------- arch/riscv/net/bpf_jit_comp64.c | 7 ++++--- 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/arch/riscv/include/asm/patch.h b/arch/riscv/include/asm/patch.h index 9f5d6e14c405..7228e266b9a1 100644 --- a/arch/riscv/include/asm/patch.h +++ b/arch/riscv/include/asm/patch.h @@ -9,7 +9,7 @@ int patch_insn_write(void *addr, const void *insn, size_t len); int patch_text_nosync(void *addr, const void *insns, size_t len); int patch_text_set_nosync(void *addr, u8 c, size_t len); -int patch_text(void *addr, u32 *insns, int ninsns); +int patch_text(void *addr, u32 *insns, size_t len); extern int riscv_patch_in_stop_machine; diff --git a/arch/riscv/kernel/patch.c b/arch/riscv/kernel/patch.c index 78387d843aa5..aeda87240dbc 100644 --- a/arch/riscv/kernel/patch.c +++ b/arch/riscv/kernel/patch.c @@ -19,7 +19,7 @@ struct patch_insn { void *addr; u32 *insns; - int ninsns; + size_t len; atomic_t cpu_count; }; @@ -234,14 +234,10 @@ NOKPROBE_SYMBOL(patch_text_nosync); static int patch_text_cb(void *data) { struct patch_insn *patch = data; - unsigned long len; - int i, ret = 0; + int ret = 0; if (atomic_inc_return(&patch->cpu_count) == num_online_cpus()) { - for (i = 0; ret == 0 && i < patch->ninsns; i++) { - len = GET_INSN_LENGTH(patch->insns[i]); - ret = patch_insn_write(patch->addr + i * len, &patch->insns[i], len); - } + ret = patch_insn_write(patch->addr, patch->insns, patch->len); /* * Make sure the patching store is effective *before* we * increment the counter which releases all waiting CPUs @@ -262,13 +258,13 @@ static int patch_text_cb(void *data) } NOKPROBE_SYMBOL(patch_text_cb); -int patch_text(void *addr, u32 *insns, int ninsns) +int patch_text(void *addr, u32 *insns, size_t len) { int ret; struct patch_insn patch = { .addr = addr, .insns = insns, - .ninsns = ninsns, + .len = len, .cpu_count = ATOMIC_INIT(0), }; diff --git a/arch/riscv/kernel/probes/kprobes.c b/arch/riscv/kernel/probes/kprobes.c index 4fbc70e823f0..297427ffc4e0 100644 --- a/arch/riscv/kernel/probes/kprobes.c +++ b/arch/riscv/kernel/probes/kprobes.c @@ -23,13 +23,13 @@ post_kprobe_handler(struct kprobe *, struct kprobe_ctlblk *, struct pt_regs *); static void __kprobes arch_prepare_ss_slot(struct kprobe *p) { + size_t len = GET_INSN_LENGTH(p->opcode); u32 insn = __BUG_INSN_32; - unsigned long offset = GET_INSN_LENGTH(p->opcode); - p->ainsn.api.restore = (unsigned long)p->addr + offset; + p->ainsn.api.restore = (unsigned long)p->addr + len; - patch_text_nosync(p->ainsn.api.insn, &p->opcode, 1); - patch_text_nosync((void *)p->ainsn.api.insn + offset, &insn, 1); + patch_text_nosync(p->ainsn.api.insn, &p->opcode, len); + patch_text_nosync((void *)p->ainsn.api.insn + len, &insn, GET_INSN_LENGTH(insn)); } static void __kprobes arch_prepare_simulate(struct kprobe *p) @@ -116,16 +116,18 @@ void *alloc_insn_page(void) /* install breakpoint in text */ void __kprobes arch_arm_kprobe(struct kprobe *p) { - u32 insn = (p->opcode & __INSN_LENGTH_MASK) == __INSN_LENGTH_32 ? - __BUG_INSN_32 : __BUG_INSN_16; + size_t len = GET_INSN_LENGTH(p->opcode); + u32 insn = len == 4 ? __BUG_INSN_32 : __BUG_INSN_16; - patch_text(p->addr, &insn, 1); + patch_text(p->addr, &insn, len); } /* remove breakpoint from text */ void __kprobes arch_disarm_kprobe(struct kprobe *p) { - patch_text(p->addr, &p->opcode, 1); + size_t len = GET_INSN_LENGTH(p->opcode); + + patch_text(p->addr, &p->opcode, len); } void __kprobes arch_remove_kprobe(struct kprobe *p) diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c index 26eeb3973631..16eb4cd11cbd 100644 --- a/arch/riscv/net/bpf_jit_comp64.c +++ b/arch/riscv/net/bpf_jit_comp64.c @@ -14,6 +14,7 @@ #include "bpf_jit.h" #define RV_FENTRY_NINSNS 2 +#define RV_FENTRY_NBYTES (RV_FENTRY_NINSNS * 4) #define RV_REG_TCC RV_REG_A6 #define RV_REG_TCC_SAVED RV_REG_S6 /* Store A6 in S6 if program do calls */ @@ -681,7 +682,7 @@ int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type poke_type, if (ret) return ret; - if (memcmp(ip, old_insns, RV_FENTRY_NINSNS * 4)) + if (memcmp(ip, old_insns, RV_FENTRY_NBYTES)) return -EFAULT; ret = gen_jump_or_nops(new_addr, ip, new_insns, is_call); @@ -690,8 +691,8 @@ int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type poke_type, cpus_read_lock(); mutex_lock(&text_mutex); - if (memcmp(ip, new_insns, RV_FENTRY_NINSNS * 4)) - ret = patch_text(ip, new_insns, RV_FENTRY_NINSNS); + if (memcmp(ip, new_insns, RV_FENTRY_NBYTES)) + ret = patch_text(ip, new_insns, RV_FENTRY_NBYTES); mutex_unlock(&text_mutex); cpus_read_unlock(); -- 2.39.5

6 months

2
1
0 0

FAILED: patch "[PATCH] mm: page_alloc: speed up fallbacks in rmqueue_bulk()" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 90abee6d7895d5eef18c91d870d8168be4e76e9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042149-busily-amaretto-e684@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 90abee6d7895d5eef18c91d870d8168be4e76e9d Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Mon, 7 Apr 2025 14:01:53 -0400 Subject: [PATCH] mm: page_alloc: speed up fallbacks in rmqueue_bulk() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The test robot identified c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") as the root cause of a 56.4% regression in vm-scalability::lru-file-mmap-read. Carlos reports an earlier patch, c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion"), as the root cause for a regression in worst-case zone->lock+irqoff hold times. Both of these patches modify the page allocator's fallback path to be less greedy in an effort to stave off fragmentation. The flip side of this is that fallbacks are also less productive each time around, which means the fallback search can run much more frequently. Carlos' traces point to rmqueue_bulk() specifically, which tries to refill the percpu cache by allocating a large batch of pages in a loop. It highlights how once the native freelists are exhausted, the fallback code first scans orders top-down for whole blocks to claim, then falls back to a bottom-up search for the smallest buddy to steal. For the next batch page, it goes through the same thing again. This can be made more efficient. Since rmqueue_bulk() holds the zone->lock over the entire batch, the freelists are not subject to outside changes; when the search for a block to claim has already failed, there is no point in trying again for the next page. Modify __rmqueue() to remember the last successful fallback mode, and restart directly from there on the next rmqueue_bulk() iteration. Oliver confirms that this improves beyond the regression that the test robot reported against c2f6ea38fc1b: commit: f3b92176f4 ("tools/selftests: add guard region test for /proc/$pid/pagemap") c2f6ea38fc ("mm: page_alloc: don't steal single pages from biggest buddy") acc4d5ff0b ("Merge tag 'net-6.15-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") 2c847f27c3 ("mm: page_alloc: speed up fallbacks in rmqueue_bulk()") <--- your patch f3b92176f4f7100f c2f6ea38fc1b640aa7a2e155cc1 acc4d5ff0b61eb1715c498b6536 2c847f27c37da65a93d23c237c5 ---------------- --------------------------- --------------------------- --------------------------- %stddev %change %stddev %change %stddev %change %stddev \ | \ | \ | \ 25525364 ± 3% -56.4% 11135467 -57.8% 10779336 +31.6% 33581409 vm-scalability.throughput Carlos confirms that worst-case times are almost fully recovered compared to before the earlier culprit patch: 2dd482ba627d (before freelist hygiene): 1ms c0cd6f557b90 (after freelist hygiene): 90ms next-20250319 (steal smallest buddy): 280ms this patch : 8ms [jackmanb(a)google.com: comment updates] Link: https://lkml.kernel.org/r/D92AC0P9594X.3BML64MUKTF8Z@google.com [hannes(a)cmpxchg.org: reset rmqueue_mode in rmqueue_buddy() error loop, per Yunsheng Lin] Link: https://lkml.kernel.org/r/20250409140023.GA2313@cmpxchg.org Link: https://lkml.kernel.org/r/20250407180154.63348-1-hannes@cmpxchg.org Fixes: c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion") Fixes: c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Brendan Jackman <jackmanb(a)google.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Reported-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202503271547.fc08b188-lkp@intel.com Reviewed-by: Brendan Jackman <jackmanb(a)google.com> Tested-by: Shivank Garg <shivankg(a)amd.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 9a219fe8e130..1715e34b91af 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2183,23 +2183,15 @@ try_to_claim_block(struct zone *zone, struct page *page, } /* - * Try finding a free buddy page on the fallback list. - * - * This will attempt to claim a whole pageblock for the requested type - * to ensure grouping of such requests in the future. - * - * If a whole block cannot be claimed, steal an individual page, regressing to - * __rmqueue_smallest() logic to at least break up as little contiguity as - * possible. + * Try to allocate from some fallback migratetype by claiming the entire block, + * i.e. converting it to the allocation's start migratetype. * * The use of signed ints for order and current_order is a deliberate * deviation from the rest of this file, to make the for loop * condition simpler. - * - * Return the stolen page, or NULL if none can be found. */ static __always_inline struct page * -__rmqueue_fallback(struct zone *zone, int order, int start_migratetype, +__rmqueue_claim(struct zone *zone, int order, int start_migratetype, unsigned int alloc_flags) { struct free_area *area; @@ -2237,14 +2229,29 @@ __rmqueue_fallback(struct zone *zone, int order, int start_migratetype, page = try_to_claim_block(zone, page, current_order, order, start_migratetype, fallback_mt, alloc_flags); - if (page) - goto got_one; + if (page) { + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; + } } - if (alloc_flags & ALLOC_NOFRAGMENT) - return NULL; + return NULL; +} + +/* + * Try to steal a single page from some fallback migratetype. Leave the rest of + * the block as its current migratetype, potentially causing fragmentation. + */ +static __always_inline struct page * +__rmqueue_steal(struct zone *zone, int order, int start_migratetype) +{ + struct free_area *area; + int current_order; + struct page *page; + int fallback_mt; + bool claim_block; - /* No luck claiming pageblock. Find the smallest fallback page */ for (current_order = order; current_order < NR_PAGE_ORDERS; current_order++) { area = &(zone->free_area[current_order]); fallback_mt = find_suitable_fallback(area, current_order, @@ -2254,25 +2261,28 @@ __rmqueue_fallback(struct zone *zone, int order, int start_migratetype, page = get_page_from_free_area(area, fallback_mt); page_del_and_expand(zone, page, order, current_order, fallback_mt); - goto got_one; + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; } return NULL; - -got_one: - trace_mm_page_alloc_extfrag(page, order, current_order, - start_migratetype, fallback_mt); - - return page; } +enum rmqueue_mode { + RMQUEUE_NORMAL, + RMQUEUE_CMA, + RMQUEUE_CLAIM, + RMQUEUE_STEAL, +}; + /* * Do the hard work of removing an element from the buddy allocator. * Call me with the zone->lock already held. */ static __always_inline struct page * __rmqueue(struct zone *zone, unsigned int order, int migratetype, - unsigned int alloc_flags) + unsigned int alloc_flags, enum rmqueue_mode *mode) { struct page *page; @@ -2291,16 +2301,48 @@ __rmqueue(struct zone *zone, unsigned int order, int migratetype, } } - page = __rmqueue_smallest(zone, order, migratetype); - if (unlikely(!page)) { - if (alloc_flags & ALLOC_CMA) + /* + * First try the freelists of the requested migratetype, then try + * fallbacks modes with increasing levels of fragmentation risk. + * + * The fallback logic is expensive and rmqueue_bulk() calls in + * a loop with the zone->lock held, meaning the freelists are + * not subject to any outside changes. Remember in *mode where + * we found pay dirt, to save us the search on the next call. + */ + switch (*mode) { + case RMQUEUE_NORMAL: + page = __rmqueue_smallest(zone, order, migratetype); + if (page) + return page; + fallthrough; + case RMQUEUE_CMA: + if (alloc_flags & ALLOC_CMA) { page = __rmqueue_cma_fallback(zone, order); - - if (!page) - page = __rmqueue_fallback(zone, order, migratetype, - alloc_flags); + if (page) { + *mode = RMQUEUE_CMA; + return page; + } + } + fallthrough; + case RMQUEUE_CLAIM: + page = __rmqueue_claim(zone, order, migratetype, alloc_flags); + if (page) { + /* Replenished preferred freelist, back to normal mode. */ + *mode = RMQUEUE_NORMAL; + return page; + } + fallthrough; + case RMQUEUE_STEAL: + if (!(alloc_flags & ALLOC_NOFRAGMENT)) { + page = __rmqueue_steal(zone, order, migratetype); + if (page) { + *mode = RMQUEUE_STEAL; + return page; + } + } } - return page; + return NULL; } /* @@ -2312,6 +2354,7 @@ static int rmqueue_bulk(struct zone *zone, unsigned int order, unsigned long count, struct list_head *list, int migratetype, unsigned int alloc_flags) { + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; unsigned long flags; int i; @@ -2323,7 +2366,7 @@ static int rmqueue_bulk(struct zone *zone, unsigned int order, } for (i = 0; i < count; ++i) { struct page *page = __rmqueue(zone, order, migratetype, - alloc_flags); + alloc_flags, &rmqm); if (unlikely(page == NULL)) break; @@ -2948,7 +2991,9 @@ struct page *rmqueue_buddy(struct zone *preferred_zone, struct zone *zone, if (alloc_flags & ALLOC_HIGHATOMIC) page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC); if (!page) { - page = __rmqueue(zone, order, migratetype, alloc_flags); + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; + + page = __rmqueue(zone, order, migratetype, alloc_flags, &rmqm); /* * If the allocation fails, allow OOM handling and

6 months

2
2
0 0

RE: Enhance Your Campaigns

by brielle.hayes＠softwareuserzone.info

Hi there, I wanted to follow up on my earlier message. Whenever you have a moment, I'd love to hear your feedback. Best regards, Brielle _____ From: Brielle Hayes Sent: Friday, May 2, 2025 9:04 AM To: linux-stable-mirror(a)lists.linaro.org <mailto:linux-stable-mirror@lists.linaro.org> Subject: Enhance Your Campaigns Hi there, I hope you're doing well. Would you be interested in acquiring our opt-in data list for mobile analytics platform users and customers worldwide? We also provide current Users and Clients data lists for: * Branch * Adjust * Mixpanel * AppsFlyer * CleverTap * Amplitude Analytics * Braze * Singular * Tenjin & many more...! If this sounds relevant, I'd be happy to share more details along with a sample for your review. Best regards, Brielle Hayes | Marketing Executive Reply with "Remove" if you no longer wish to receive emails.

6 months

1
0
0 0

[PATCH 5.15 00/55] 5.15.182-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.182 release. There are 55 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 May 2025 18:37:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.182-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.182-rc1 Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Xiang wangx <wangxiang(a)cdjrlc.com> irqchip/gic-v2m: Add const to of_device_id Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix deadlock issue when externel_lb and reset are executed together Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: add support for external loopback test Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Brett Creeley <brett.creeley(a)intel.com> ice: Refactor promiscuous functions Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Biao Huang <biao.huang(a)mediatek.com> net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_scmi/bus.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++--- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 ++- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 119 ++++++-- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 3 + drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 61 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 26 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_fltr.c | 58 ++++ drivers/net/ethernet/intel/ice/ice_fltr.h | 12 + drivers/net/ethernet/intel/ice/ice_main.c | 49 +-- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 139 ++++----- drivers/net/ethernet/mediatek/mtk_star_emac.c | 339 ++++++++++++--------- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/phy/microchip.c | 46 +-- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/nvme/host/tcp.c | 31 +- drivers/of/device.c | 7 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- drivers/tty/serial/msm_serial.c | 6 + kernel/trace/trace.c | 5 +- net/ipv4/udp_offload.c | 61 +++- net/sched/act_mirred.c | 22 +- net/sched/sch_drr.c | 9 +- net/sched/sch_ets.c | 9 +- net/sched/sch_hfsc.c | 2 +- net/sched/sch_qfq.c | 11 +- sound/usb/format.c | 3 +- 66 files changed, 932 insertions(+), 505 deletions(-)

6 months

5
61
0 0

[PATCH 6.1 00/97] 6.1.138-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.138 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 May 2025 18:37:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.138-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.138-rc1 Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Rob Herring (Arm) <robh(a)kernel.org> ASoC: Use of_property_read_bool() Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Bhawanpreet Lakha <bhawanpreet.lakha(a)amd.com> drm/amd/display: Change HDCP update sequence for DM Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c hersen wu <hersenxs.wu(a)amd.com> drm/amd/display: phase2 enable mst hdcp multiple displays Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Shakeel Butt <shakeel.butt(a)linux.dev> memcg: drain obj stock on cpu hotplug teardown Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/kexec: Allocate PGD for x86_64 transition page tables separately" Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Yu Kuai <yukuai3(a)huawei.com> md: move initialization and destruction of 'io_acct_set' to md.c Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Darrick J. Wong <djwong(a)kernel.org> xfs: restrict when we try to align cow fork delalloc to cowextsz hints Darrick J. Wong <djwong(a)kernel.org> xfs: allow unlinked symlinks and dirs with zero size Christoph Hellwig <hch(a)lst.de> xfs: fix freeing speculative preallocations for preallocated files Wengang Wang <wen.gang.wang(a)oracle.com> xfs: make sure sb_fdblocks is non-negative Darrick J. Wong <djwong(a)kernel.org> xfs: allow symlinks with short remote targets Zhang Yi <yi.zhang(a)huawei.com> xfs: convert delayed extents to unwritten when zeroing post eof blocks Zhang Yi <yi.zhang(a)huawei.com> xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset Zhang Yi <yi.zhang(a)huawei.com> xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional Zhang Yi <yi.zhang(a)huawei.com> xfs: match lock mode in xfs_buffered_write_iomap_begin() Darrick J. Wong <djwong(a)kernel.org> xfs: revert commit 44af6c7e59b12 Darrick J. Wong <djwong(a)kernel.org> xfs: validate recovered name buffers when recovering xattr items Darrick J. Wong <djwong(a)kernel.org> xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 Darrick J. Wong <djwong(a)kernel.org> xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery Christoph Hellwig <hch(a)lst.de> xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent Christoph Hellwig <hch(a)lst.de> xfs: fix xfs_bmap_add_extent_delay_real for partial conversions Christoph Hellwig <hch(a)lst.de> xfs: fix error returns from xfs_bmapi_write Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/machine_kexec_64.c | 45 ++- arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/cpufreq/cpufreq.c | 42 ++- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 6 +- drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 417 ++++++++++++--------- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.h | 5 +- drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++-- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 3 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/md/md.c | 27 +- drivers/md/md.h | 2 - drivers/md/raid0.c | 16 +- drivers/md/raid5.c | 41 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 ++-- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 194 +++++++++- drivers/net/ethernet/mscc/ocelot_vcap.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 36 +- drivers/net/phy/microchip.c | 46 +-- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/tcp.c | 31 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- fs/smb/server/auth.c | 14 +- fs/smb/server/smb2pdu.c | 5 - fs/xfs/libxfs/xfs_attr_remote.c | 1 - fs/xfs/libxfs/xfs_bmap.c | 130 +++++-- fs/xfs/libxfs/xfs_da_btree.c | 20 +- fs/xfs/libxfs/xfs_inode_buf.c | 49 ++- fs/xfs/libxfs/xfs_sb.c | 7 +- fs/xfs/scrub/attr.c | 5 + fs/xfs/xfs_aops.c | 54 +-- fs/xfs/xfs_attr_item.c | 88 ++++- fs/xfs/xfs_bmap_util.c | 65 ++-- fs/xfs/xfs_bmap_util.h | 2 +- fs/xfs/xfs_dquot.c | 1 - fs/xfs/xfs_icache.c | 2 +- fs/xfs/xfs_inode.c | 14 +- fs/xfs/xfs_iomap.c | 81 ++-- fs/xfs/xfs_reflink.c | 20 - fs/xfs/xfs_rtalloc.c | 2 - include/linux/cpufreq.h | 83 ++-- include/soc/mscc/ocelot_vcap.h | 2 + kernel/trace/trace.c | 5 +- mm/memcontrol.c | 9 + net/ipv4/udp_offload.c | 61 ++- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- sound/soc/codecs/ak4613.c | 4 +- sound/soc/soc-core.c | 36 +- sound/soc/soc-pcm.c | 5 +- sound/usb/format.c | 3 +- 103 files changed, 1480 insertions(+), 847 deletions(-)

6 months

6
106
0 0

[PATCH v3 1/3] media: videobuf2: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgt->nents. Fixes: d4db5eb57cab ("media: videobuf2: add begin/end cpu_access callbacks to dma-sg") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c index c6ddf2357c58..b3bf2173c14e 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c @@ -469,7 +469,7 @@ vb2_dma_sg_dmabuf_ops_begin_cpu_access(struct dma_buf *dbuf, struct vb2_dma_sg_buf *buf = dbuf->priv; struct sg_table *sgt = buf->dma_sgt; - dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir); + dma_sync_sgtable_for_cpu(buf->dev, sgt, buf->dma_dir); return 0; } @@ -480,7 +480,7 @@ vb2_dma_sg_dmabuf_ops_end_cpu_access(struct dma_buf *dbuf, struct vb2_dma_sg_buf *buf = dbuf->priv; struct sg_table *sgt = buf->dma_sgt; - dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir); + dma_sync_sgtable_for_device(buf->dev, sgt, buf->dma_dir); return 0; } -- 2.34.1

6 months

3
2
0 0

[PATCH] spi: tegra114: Use value to check for invalid delays

by Aaron Kling via B4 Relay

From: Aaron Kling <webgeek1234(a)gmail.com> A delay unit of 0 is a valid entry, thus it is not valid to check for unused delays. Instead, check the value field; if that is zero, the given delay is unset. Fixes: 4426e6b4ecf6 ("spi: tegra114: Don't fail set_cs_timing when delays are zero") Cc: stable(a)vger.kernel.org Signed-off-by: Aaron Kling <webgeek1234(a)gmail.com> --- drivers/spi/spi-tegra114.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/spi/spi-tegra114.c b/drivers/spi/spi-tegra114.c index 2a8bb798e95b954fe573f1c50445ed2e7fcbfd78..795a8482c2c700c3768bd50bf59971256893a486 100644 --- a/drivers/spi/spi-tegra114.c +++ b/drivers/spi/spi-tegra114.c @@ -728,9 +728,9 @@ static int tegra_spi_set_hw_cs_timing(struct spi_device *spi) u32 inactive_cycles; u8 cs_state; - if ((setup->unit && setup->unit != SPI_DELAY_UNIT_SCK) || - (hold->unit && hold->unit != SPI_DELAY_UNIT_SCK) || - (inactive->unit && inactive->unit != SPI_DELAY_UNIT_SCK)) { + if ((setup->value && setup->unit != SPI_DELAY_UNIT_SCK) || + (hold->value && hold->unit != SPI_DELAY_UNIT_SCK) || + (inactive->value && inactive->unit != SPI_DELAY_UNIT_SCK)) { dev_err(&spi->dev, "Invalid delay unit %d, should be SPI_DELAY_UNIT_SCK\n", SPI_DELAY_UNIT_SCK); --- base-commit: 0d8d44db295ccad20052d6301ef49ff01fb8ae2d change-id: 20250506-spi-tegra114-fixup-dbf6730db087 Best regards, -- Aaron Kling <webgeek1234(a)gmail.com>

6 months

4
3
0 0

[PATCH v5 0/1] kasan: Avoid sleepable page allocation from atomic context

by Alexander Gordeev

Hi All, Chages since v4: - unused pages leak is avoided Chages since v3: - pfn_to_virt() changed to page_to_virt() due to compile error Chages since v2: - page allocation moved out of the atomic context Chages since v1: - Fixes: and -stable tags added to the patch description Thanks! Alexander Gordeev (1): kasan: Avoid sleepable page allocation from atomic context mm/kasan/shadow.c | 77 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 63 insertions(+), 14 deletions(-) -- 2.45.2

6 months

2
3
0 0

[PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy

by Zhu Wei

There is a race condition between pqi_sdev_destroy and pqi_tmf_worker. After pqi_free_device is released, pqi_tmf_worker will still use device. kasan report: [ 1933.765810] ================================================================== [ 1933.771862] scsi 15:0:20:0: Direct-Access ATA WDC WUH722222AL WTS2 PQ: 0 ANSI: 6 [ 1933.779190] BUG: KASAN: use-after-free in pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779194] Read of size 4 at addr ffff88954c490480 by task kworker/2:2/518186 [ 1933.779201] CPU: 2 PID: 518186 Comm: kworker/2:2 Kdump: loaded Tainted: G U OE 4.19.90-89.16.v2401.osc.sfc.6.11.1.0108.ky10.x86_64+debug #1 [ 1933.779203] Source Version: v6.11.1.0108+0~65323201.20250328 [ 1933.779205] Hardware name: SANGFOR S2122-S12L/ASERVER-P-2000, BIOS TYR.2.00.0100 05/18/2019 [ 1933.779213] Workqueue: events pqi_tmf_worker [smartpqi] [ 1933.779216] Call Trace: [ 1933.779225] dump_stack+0x8b/0xb9 [ 1933.779239] print_address_description+0x65/0x2b0 [ 1933.779249] kasan_report+0x14b/0x290 [ 1933.779255] pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779264] pqi_device_reset_handler+0x174f/0x1f30 [smartpqi] [ 1933.779284] process_one_work+0x65f/0x12d0 [ 1933.806306] worker_thread+0x87/0xb50 [ 1933.806315] kthread+0x2e9/0x3a0 [ 1933.806323] ret_from_fork+0x1f/0x40 [ 1933.843994] Allocated by task 579094: [ 1933.875361] save_stack+0x19/0x80 [ 1933.892366] kasan_kmalloc+0xa0/0xd0 [ 1933.892373] kmem_cache_alloc+0xbb/0x1c0 [ 1933.892378] getname_flags+0xba/0x500 [ 1933.892384] user_path_at_empty+0x1d/0x40 [ 1933.892389] vfs_statx+0xb9/0x140 [ 1933.892397] __do_sys_newstat+0x77/0xd0 [ 1933.913179] do_syscall_64+0xa4/0x430 [ 1933.913187] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.933381] Freed by task 579094: [ 1933.933389] save_stack+0x19/0x80 [ 1933.933392] __kasan_slab_free+0x130/0x180 [ 1933.933396] kmem_cache_free+0x78/0x1e0 [ 1933.933401] filename_lookup+0x216/0x400 [ 1933.933405] vfs_statx+0xb9/0x140 [ 1933.933407] __do_sys_newstat+0x77/0xd0 [ 1933.933417] do_syscall_64+0xa4/0x430 [ 1933.933432] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.956837] [ 1933.956842] The buggy address belongs to the object at ffff88954c490000 which belongs to the cache names_cache of size 4096 [ 1933.956845] The buggy address is located 1152 bytes inside of 4096-byte region [ffff88954c490000, ffff88954c491000) [ 1933.956851] The buggy address belongs to the page: [ 1934.297352] page:ffffea0055312400 count:1 mapcount:0 mapping:ffff888100580f00 index:0x0 compound_mapcount: 0 [ 1934.309566] flags: 0x57ffffc0008100(slab|head) [ 1934.316370] raw: 0057ffffc0008100 0000000000000000 dead000000000200 ffff888100580f00 [ 1934.326518] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 1934.338191] page dumped because: kasan: bad access detected [ 1934.346177] [ 1934.350031] Memory state around the buggy address: [ 1934.357220] ffff88954c490380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.366854] ffff88954c490400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.376474] >ffff88954c490480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.386094] ^ [ 1934.391684] ffff88954c490500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.402601] ffff88954c490580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.412228] ================================================================== Before pqi_sdev_destroy executes pqi_free_device, cancel the pqi_tmf_worker of the corresponding device. Fixes: 2d80f4054f7f ("scsi: smartpqi: Update deleting a LUN via sysfs") Signed-off-by: Zhu Wei <zhuwei(a)sangfor.com.cn> --- drivers/scsi/smartpqi/smartpqi_init.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c index 8a26eca4fdc9..102ed7501f08 100644 --- a/drivers/scsi/smartpqi/smartpqi_init.c +++ b/drivers/scsi/smartpqi/smartpqi_init.c @@ -6581,6 +6581,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) struct pqi_scsi_dev *device; int mutex_acquired; unsigned long flags; + unsigned int lun; + struct pqi_tmf_work *tmf_work; ctrl_info = shost_to_hba(sdev->host); @@ -6607,6 +6609,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) mutex_unlock(&ctrl_info->scan_mutex); pqi_dev_info(ctrl_info, "removed", device); + for (lun = 0, tmf_work = device->tmf_work; lun < PQI_MAX_LUNS_PER_DEVICE; lun++, tmf_work++) + cancel_work_sync(&tmf_work->work_struct); pqi_free_device(device); } -- 2.43.0

6 months

2
1
0 0

[PATCH] drm/dp: Fix Write_Status_Update_Request AUX request format

by Wayne Lin

[Why] Notice AUX request format of I2C-over-AUX with Write_Status_Update_Request flag set is incorrect. It should be address only request without length and data like: "SYNC->COM3:0 (= 0110)|0000-> 0000|0000-> 0|7-bit I2C address (the same as the last)-> STOP->". [How] Refer to DP v2.1 Table 2-178, correct the Write_Status_Update_Request to be address only request. Note that we might receive 0 returned by aux->transfer() when receive reply I2C_ACK|AUX_ACK of Write_Status_Update_Request transaction. Which indicating all data bytes get written. We should avoid to return 0 bytes get transferred under this case. Fixes: 68ec2a2a2481 ("drm/dp: Use I2C_WRITE_STATUS_UPDATE to drain partial I2C_WRITE requests") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/display/drm_dp_helper.c | 45 +++++++++++++++++++++---- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c index 57828f2b7b5a..0c8cba7ed875 100644 --- a/drivers/gpu/drm/display/drm_dp_helper.c +++ b/drivers/gpu/drm/display/drm_dp_helper.c @@ -1857,6 +1857,12 @@ static u32 drm_dp_i2c_functionality(struct i2c_adapter *adapter) I2C_FUNC_10BIT_ADDR; } +static inline bool +drm_dp_i2c_msg_is_write_status_update(struct drm_dp_aux_msg *msg) +{ + return ((msg->request & ~DP_AUX_I2C_MOT) == DP_AUX_I2C_WRITE_STATUS_UPDATE); +} + static void drm_dp_i2c_msg_write_status_update(struct drm_dp_aux_msg *msg) { /* @@ -1965,6 +1971,7 @@ MODULE_PARM_DESC(dp_aux_i2c_speed_khz, static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) { unsigned int retry, defer_i2c; + struct drm_dp_aux_msg orig_msg = *msg; int ret; /* * DP1.2 sections 2.7.7.1.5.6.1 and 2.7.7.1.6.6.1: A DP Source device @@ -1976,6 +1983,12 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) int max_retries = max(7, drm_dp_i2c_retry_count(msg, dp_aux_i2c_speed_khz)); for (retry = 0, defer_i2c = 0; retry < (max_retries + defer_i2c); retry++) { + if (drm_dp_i2c_msg_is_write_status_update(msg)) { + /* Address only transaction */ + msg->buffer = NULL; + msg->size = 0; + } + ret = aux->transfer(aux, msg); if (ret < 0) { if (ret == -EBUSY) @@ -1993,7 +2006,7 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) else drm_dbg_kms(aux->drm_dev, "%s: transaction failed: %d\n", aux->name, ret); - return ret; + goto out; } @@ -2008,7 +2021,8 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) case DP_AUX_NATIVE_REPLY_NACK: drm_dbg_kms(aux->drm_dev, "%s: native nack (result=%d, size=%zu)\n", aux->name, ret, msg->size); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; case DP_AUX_NATIVE_REPLY_DEFER: drm_dbg_kms(aux->drm_dev, "%s: native defer\n", aux->name); @@ -2027,24 +2041,35 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) default: drm_err(aux->drm_dev, "%s: invalid native reply %#04x\n", aux->name, msg->reply); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; } switch (msg->reply & DP_AUX_I2C_REPLY_MASK) { case DP_AUX_I2C_REPLY_ACK: + /* + * When I2C write firstly get defer and get ack after + * retries by wirte_status_update, we have to return + * all data bytes get transferred instead of 0. + */ + if (drm_dp_i2c_msg_is_write_status_update(msg) && ret == 0) + ret = orig_msg.size; + /* * Both native ACK and I2C ACK replies received. We * can assume the transfer was successful. */ if (ret != msg->size) drm_dp_i2c_msg_write_status_update(msg); - return ret; + + goto out; case DP_AUX_I2C_REPLY_NACK: drm_dbg_kms(aux->drm_dev, "%s: I2C nack (result=%d, size=%zu)\n", aux->name, ret, msg->size); aux->i2c_nack_count++; - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; case DP_AUX_I2C_REPLY_DEFER: drm_dbg_kms(aux->drm_dev, "%s: I2C defer\n", aux->name); @@ -2063,12 +2088,18 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) default: drm_err(aux->drm_dev, "%s: invalid I2C reply %#04x\n", aux->name, msg->reply); - return -EREMOTEIO; + ret = -EREMOTEIO; + goto out; } } drm_dbg_kms(aux->drm_dev, "%s: Too many retries, giving up\n", aux->name); - return -EREMOTEIO; + ret = -EREMOTEIO; +out: + /* In case we change original msg by Write_Status_Update*/ + msg->buffer = orig_msg.buffer; + msg->size = orig_msg.size; + return ret; } static void drm_dp_i2c_msg_set_request(struct drm_dp_aux_msg *msg, -- 2.43.0

6 months

4
6
0 0

[PATCH v4 00/25] Add support for HEVC and VP9 codecs in decoder

by Dikshita Agarwal

Hi All, This patch series adds initial support for the HEVC(H.265) and VP9 codecs in iris decoder. The objective of this work is to extend the decoder's capabilities to handle HEVC and VP9 codec streams, including necessary format handling and buffer management. In addition, the series also includes a set of fixes to address issues identified during testing of these additional codecs. These patches also address the comments and feedback received from the RFC patches previously sent. I have made the necessary improvements based on the community's suggestions. Changes in v4: - Splitted patch patch 06/23 in two patches (Bryan) - Simplified the conditional logic in patch 13/23 (Bryan) - Improved commit description for patch patch 13/23 (Nicolas) - Fix the value of H265_NUM_TILE_ROW macro (Neil) - Link to v3: https://lore.kernel.org/r/20250502-qcom-iris-hevc-vp9-v3-0-552158a10a7d@qui… Changes in v3: - Introduced two wrappers with explicit names to handle destroy internal buffers (Nicolas) - Used sub state check instead of introducing new boolean (Vikash) - Addressed other comments (Vikash) - Reorderd patches to have all fixes patches first (Dmitry) - Link to v2: https://lore.kernel.org/r/20250428-qcom-iris-hevc-vp9-v2-0-3a6013ecb8a5@qui… Changes in v2: - Added Changes to make sure all buffers are released in session close (bryna) - Added tracking for flush responses to fix a timing issue. - Added a handling to fix timing issue in reconfig - Splitted patch 06/20 in two patches (Bryan) - Added missing fixes tag (bryan) - Updated fluster report (Nicolas) - Link to v1: https://lore.kernel.org/r/20250408-iris-dec-hevc-vp9-v1-0-acd258778bd6@quic… Changes sinces RFC: - Added additional fixes to address issues identified during further testing. - Moved typo fix to a seperate patch [Neil] - Reordered the patches for better logical flow and clarity [Neil, Dmitry] - Added fixes tag wherever applicable [Neil, Dmitry] - Removed the default case in the switch statement for codecs [Bryan] - Replaced if-else statements with switch-case [Bryan] - Added comments for mbpf [Bryan] - RFC: https://lore.kernel.org/linux-media/20250305104335.3629945-1-quic_dikshita@… This patch series depends on [1] & [2] [1] https://lore.kernel.org/linux-media/20250417-topic-sm8x50-iris-v10-v7-0-f02… [2] https://lore.kernel.org/linux-media/20250424-qcs8300_iris-v5-0-f118f505c300… These patches are tested on SM8250 and SM8550 with v4l2-ctl and Gstreamer for HEVC and VP9 decoders, at the same time ensured that the existing H264 decoder functionality remains uneffected. Note: 1 of the fluster compliance test is fixed with firmware [3] [3]: https://lore.kernel.org/linux-firmware/1a511921-446d-cdc4-0203-084c88a5dc1e… The result of fluster test on SM8550: 131/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 - 2 testcase failed due to CRC mismatch - RAP_A_docomo_6 - RAP_B_Bossen_2 - BUG reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4392 Analysis - First few frames in this discarded by firmware and are sent to driver with 0 filled length. Driver send such buffers to client with timestamp 0 and payload set to 0 and make buf state to VB2_BUF_STATE_ERROR. Such buffers should be dropped by GST. But instead, the first frame displayed as green frame and when a valid buffer is sent to client later with same 0 timestamp, its dropped, leading to CRC mismatch for first frame. 235/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 2 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - 1 testcase failed due to unsupported stream - vp90-2-16-intra-only.webm The result of fluster test on SM8250: 133/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 232/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug raised: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 5 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - vp90-2-21-resize_inter_320x240_5_1-2.webm - vp90-2-21-resize_inter_320x240_7_1-2.webm - vp90-2-18-resize.ivf - 1 testcase failed with CRC mismatch - vp90-2-16-intra-only.webm Analysis: First few frames are marked by firmware as NO_SHOW frame. Driver make buf state to VB2_BUF_STATE_ERROR for such frames. Such buffers should be dropped by GST. But instead, the first frame is being displayed and when a valid buffer is sent to client later with same timestamp, its dropped, leading to CRC mismatch for first frame. To: Vikash Garodia <quic_vgarodia(a)quicinc.com> To: Abhinav Kumar <quic_abhinavk(a)quicinc.com> To: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> To: Mauro Carvalho Chehab <mchehab(a)kernel.org> To: Hans Verkuil <hverkuil(a)xs4all.nl> To: Stefan Schmidt <stefan.schmidt(a)linaro.org> Cc: linux-media(a)vger.kernel.org Cc: linux-arm-msm(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Cc: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Dikshita Agarwal (25): media: iris: Skip destroying internal buffer if not dequeued media: iris: Update CAPTURE format info based on OUTPUT format media: iris: Avoid updating frame size to firmware during reconfig media: iris: Drop port check for session property response media: iris: Prevent HFI queue writes when core is in deinit state media: iris: Remove error check for non-zero v4l2 controls media: iris: Remove deprecated property setting to firmware media: iris: Fix missing function pointer initialization media: iris: Fix NULL pointer dereference media: iris: Fix typo in depth variable media: iris: Track flush responses to prevent premature completion media: iris: Fix buffer preparation failure during resolution change media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length media: iris: Skip flush on first sequence change media: iris: Remove unnecessary re-initialization of flush completion media: iris: Add handling for corrupt and drop frames media: iris: Add handling for no show frames media: iris: Improve last flag handling media: iris: Remove redundant buffer count check in stream off media: iris: Add a comment to explain usage of MBPS media: iris: Add HEVC and VP9 formats for decoder media: iris: Add platform capabilities for HEVC and VP9 decoders media: iris: Set mandatory properties for HEVC and VP9 decoders. media: iris: Add internal buffer calculation for HEVC and VP9 decoders media: iris: Add codec specific check for VP9 decoder drain handling drivers/media/platform/qcom/iris/iris_buffer.c | 35 +- drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- drivers/media/platform/qcom/iris/iris_ctrls.c | 35 +- drivers/media/platform/qcom/iris/iris_hfi_common.h | 1 + .../platform/qcom/iris/iris_hfi_gen1_command.c | 48 ++- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 5 +- .../platform/qcom/iris/iris_hfi_gen1_response.c | 37 +- .../platform/qcom/iris/iris_hfi_gen2_command.c | 143 +++++++- .../platform/qcom/iris/iris_hfi_gen2_defines.h | 5 + .../platform/qcom/iris/iris_hfi_gen2_response.c | 56 ++- drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- drivers/media/platform/qcom/iris/iris_instance.h | 6 + .../platform/qcom/iris/iris_platform_common.h | 28 +- .../media/platform/qcom/iris/iris_platform_gen2.c | 198 ++++++++-- .../platform/qcom/iris/iris_platform_qcs8300.h | 126 +++++-- .../platform/qcom/iris/iris_platform_sm8250.c | 15 +- drivers/media/platform/qcom/iris/iris_state.c | 2 +- drivers/media/platform/qcom/iris/iris_state.h | 1 + drivers/media/platform/qcom/iris/iris_vb2.c | 18 +- drivers/media/platform/qcom/iris/iris_vdec.c | 116 +++--- drivers/media/platform/qcom/iris/iris_vdec.h | 11 + drivers/media/platform/qcom/iris/iris_vidc.c | 36 +- drivers/media/platform/qcom/iris/iris_vpu_buffer.c | 397 ++++++++++++++++++++- drivers/media/platform/qcom/iris/iris_vpu_buffer.h | 46 ++- 24 files changed, 1159 insertions(+), 211 deletions(-) --- base-commit: 398a1b33f1479af35ca915c5efc9b00d6204f8fa change-id: 20250507-video-iris-hevc-vp9-59096b189050 prerequisite-message-id: <20250417-topic-sm8x50-iris-v10-v7-0-f020cb1d0e98(a)linaro.org> prerequisite-patch-id: afffe7096c8e110a8da08c987983bc4441d39578 prerequisite-patch-id: b93c37dc7e09d1631b75387dc1ca90e3066dce17 prerequisite-patch-id: b7b50aa1657be59fd51c3e53d73382a1ee75a08e prerequisite-patch-id: 30960743105a36f20b3ec4a9ff19e7bca04d6add prerequisite-patch-id: 2bba98151ca103aa62a513a0fbd0df7ae64d9868 prerequisite-patch-id: 0e43a6d758b5fa5ab921c6aa3c19859e312b47d0 prerequisite-patch-id: 35f8dae1416977e88c2db7c767800c01822e266e prerequisite-message-id: <20250501-qcs8300_iris-v7-0-b229d5347990(a)quicinc.com> prerequisite-patch-id: e35b05c527217206ae871aef0d7b0261af0319ea prerequisite-patch-id: 07ba0745c7d72796567e0a57f5c8e5355a8d2046 prerequisite-patch-id: 3398937a7fabb45934bb98a530eef73252231132 prerequisite-patch-id: 500bc3b8391940d3ebca222d2098b737414b2af4 prerequisite-patch-id: 2e72fe4d11d264db3d42fa450427d30171303c6f Best regards, -- Dikshita Agarwal <quic_dikshita(a)quicinc.com>

6 months

3
19
0 0

[PATCH v1] ufs: core: fix hwq_id type and value

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> Because the member id of struct ufs_hw_queue is u32 (hwq->id) and the trace entry hwq_id is also u32, the type should be changed to u32. If mcq is not supported, SDB mode only supports one hardware queue, for which setting the hwq_id to 0 is more suitable. Fixes: 4a52338bf288 ("scsi: ufs: core: Add trace event for MCQ") Cc: <stable(a)vger.kernel.org> Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 7735421e3991..14e4cfbcb9eb 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -432,7 +432,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, u8 opcode = 0, group_id = 0; u32 doorbell = 0; u32 intr; - int hwq_id = -1; + u32 hwq_id = 0; struct ufshcd_lrb *lrbp = &hba->lrb[tag]; struct scsi_cmnd *cmd = lrbp->cmd; struct request *rq = scsi_cmd_to_rq(cmd); -- 2.45.2

6 months

3
4
0 0

[PATCH 6.14 000/449] 6.14.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.3 release. There are 449 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 19 Apr 2025 17:49:48 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.3-rc1 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Yi Liu <yi.l.liu(a)intel.com> iommufd: Fail replace if device has not been attached Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Make attach_handle generic than fault specific Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Wen Gong <quic_wgong(a)quicinc.com> wifi: ath11k: update channel list in worker when wait flag is set Nícolas F. R. A. Prado <nfraprado(a)collabora.com> thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold Nícolas F. R. A. Prado <nfraprado(a)collabora.com> thermal/drivers/mediatek/lvts: Disable monitor mode during suspend Kevin Hao <haokexin(a)gmail.com> spi: fsl-qspi: Fix double cleanup in probe error path Han Xu <han.xu(a)nxp.com> spi: fsl-qspi: use devm function instead of driver remove Cong Liu <liucong2(a)kylinos.cn> selftests: mptcp: fix incorrect fd checks in main_loop Geliang Tang <geliang(a)kernel.org> selftests: mptcp: close fd_in before returning in main_loop Jake Hillion <jake(a)hillion.co.uk> sched_ext: create_dsq: Return -EEXIST on duplicate request Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390: Fix linker error when -no-pie option is unavailable David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio() Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: add support for eint_fltcon_offset Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Philipp Stanner <phasta(a)kernel.org> PCI: Fix wrong length of devres array Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Avoid unnecessary device replacement check Ioana Ciornei <ioana.ciornei(a)nxp.com> PCI: layerscape: Fix arg_count to syscon_regmap_lookup_by_phandle_args() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4 Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_raw() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_one() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Switch to page pool for jumbo frames Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add a new test for setuid() Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Split signal_scoping_threads tests Mickaël Salaün <mic(a)digikod.net> landlock: Prepare to add second errata Mickaël Salaün <mic(a)digikod.net> landlock: Always allow signals between threads of the same process Mickaël Salaün <mic(a)digikod.net> landlock: Add erratum for TCP fix Mickaël Salaün <mic(a)digikod.net> landlock: Add the errata interface Mickaël Salaün <mic(a)digikod.net> landlock: Move code to ease future backports Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly zero-initialize on-stack CPUID unions Amit Machhiwal <amachhiw(a)linux.ibm.com> KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests Sean Christopherson <seanjc(a)google.com> KVM: Allow building irqbypass.ko as as module when kvm.ko is a module Joshua Washington <joshwash(a)google.com> gve: handle overflow when reporting TX consumed descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind Guixin Liu <kanie(a)linux.alibaba.com> gpio: tegra186: fix resource handling in ACPI probe path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: mpc8xxx: Fix wakeup source leaks on device unbind Bernd Schubert <bschubert(a)ddn.com> fuse: {io-uring} Fix a possible req cancellation race Andy Chiu <andybnac(a)gmail.com> ftrace: Properly merge notrace hashes zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> firmware: cs_dsp: test_control_parse: null-terminate test strings Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix prefetch-vs-suspend race Jo Van Bulck <jo.vanbulck(a)kuleuven.be> dm-integrity: fix non-constant-time tag verification Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-ebs: fix prefetch-vs-suspend race Alexander Aring <aahringo(a)redhat.com> dlm: fix error if active rsb is not hashed Alexander Aring <aahringo(a)redhat.com> dlm: fix error if inactive rsb is not hashed Dionna Glaze <dionnaglaze(a)google.com> crypto: ccp - Fix uAPI definitions of PSP errors Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Release pm subdomains in reverse add order Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Pali Rohár <pali(a)kernel.org> cifs: Ensure that all non-client-specific reparse points are processed by the server Roman Smirnov <r.smirnov(a)omp.ru> cifs: fix integer overflow in match_server() Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Aman <aman1(a)microsoft.com> CIFS: Propagate min offload along with other parameters from primary to secondary channels. Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not add length to print format in synthetic events Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe events: Fix possible UAF on modules Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Fix to lock module while registering fprobe Andrii Nakryiko <andrii(a)kernel.org> uprobes: Avoid false-positive lockdep splat on CONFIG_PREEMPT_RT=y in the ri_timer() uprobe timer callback, use raw_write_seqcount_*() Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: fix balloon target initialization for PVH dom0 Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Jinjiang Tu <tujinjiang(a)huawei.com> mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper Marc Herbert <Marc.Herbert(a)linux.intel.com> mm/hugetlb: move hugetlb_sysctl_init() to the __init section Shuai Xue <xueshuai(a)linux.alibaba.com> mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Peter Xu <peterx(a)redhat.com> mm/userfaultfd: fix release hang over concurrent GUP Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/mremap: correctly handle partial mremap() of VMA starting at 0 Ryan Roberts <ryan.roberts(a)arm.com> mm: fix lazy mmu docs and usage Jane Chu <jane.chu(a)oracle.com> mm: make page_mapped_in_vma() hugetlb walk aware David Hildenbrand <david(a)redhat.com> mm/rmap: reject hugetlb folios in folio_make_device_exclusive() SeongJae Park <sj(a)kernel.org> mm/damon: avoid applying DAMOS action to same entity multiple times Usama Arif <usamaarif642(a)gmail.com> mm/damon/ops: have damon_get_folio return folio even for tail pages Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix possible circular locking dependency Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes Sean Christopherson <seanjc(a)google.com> iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix uninitialized rc in iommufd_access_rw() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone finishing with missing devices Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone activation with missing devices Filipe Manana <fdmanana(a)suse.com> btrfs: tests: fix chunk map leak after failure to add it to the tree Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: disable pinctrl_gsacore node Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8188: Assign apll1 clock as parent to avoid hang Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks Keerthy <j-keerthy(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Correct the update of max_pfn Ninad Malwade <nmalwade(a)nvidia.com> arm64: tegra: Remove the Orin NX/Nano suspend key Keir Fraser <keirf(a)google.com> arm64: mops: Do not dereference src reg for a set operation Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: Fix build with gcc < 7.5 Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Kartik Rajput <kkartik(a)nvidia.com> mailbox: tegra-hsp: Define dimensioning masks in SoC data Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Kris Van Hees <kris.van.hees(a)oracle.com> kbuild: exclude .rodata.(cst|str)* when building ranges Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use readsb helper for reading MDB Joe Damato <jdamato(a)fastly.com> igc: Fix XSK queue NAPI ID mapping Mimi Zohar <zohar(a)linux.ibm.com> ima: limit the number of ToMToU integrity violations Mimi Zohar <zohar(a)linux.ibm.com> ima: limit the number of open-writers integrity violations Steve French <stfrench(a)microsoft.com> smb311 client: fix missing tcon check when mounting with linux/posix extensions Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Olga Kornievskaia <okorniev(a)redhat.com> svcrdma: do not unregister device for listeners Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> tpm: do not start chip while suspended Jan Kara <jack(a)suse.cz> udf: Fix inode_getblk() return value Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: fix to avoid atomicity corruption of atomic file Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix the missing write pointer correction Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix race between unprepare and queue_buf Eric Biggers <ebiggers(a)google.com> arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() Eric Biggers <ebiggers(a)google.com> arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix deadlock in ivpu_ms_cleanup() Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() Sharan Kumar M <sharweshraajan(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: make use of q6apm_get_hw_pointer Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm: add q6apm_get_hw_pointer helper Haoxiang Li <haoxiang_li2024(a)163.com> ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: reject zero sized provided buffers Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix io_req_post_cqe abuse by send bundle Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix accept multishot handling Qingfang Deng <dqfext(a)gmail.com> net: stmmac: Fix accessing freed irq affinity_hint Ewan D. Milne <emilne(a)redhat.com> scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: update the power-saving flow Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: integrate *mlo_sta_cmd and *sta_cmd Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix country count limitation for CLC Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: ensure wow pattern command align fw format Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt792x: re-register CHANCTX_STA_CSA only for the mt7921 series Haoxiang Li <haoxiang_li2024(a)163.com> wifi: mt76: Add check for devm_kstrdup() Sean Wang <sean.wang(a)mediatek.com> Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix internal PHYs for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Add check for devm_kcalloc() Ming Lei <ming.lei(a)redhat.com> block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting freebind & transparent Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Harshitha Ramamurthy <hramamurthy(a)google.com> gve: unlink old napi only if page pool exists Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Fix wrong variable usage in rzv2h_tint_set_type() Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix a hang after seeking Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Avoid race condition in the interrupt handler Jackson.lee <jackson.lee(a)chipsnmedia.com> media: chips-media: wave5: Fix gray color on screen Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx214: Rectify probe error handling related to runtime PM Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx219: Rectify runtime PM handling in probe and remove Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx319: Rectify runtime PM handling probe and remove Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Ricardo Ribalda <ribalda(a)chromium.org> media: nuvoton: Fix reference handling of ece_pdev Ricardo Ribalda <ribalda(a)chromium.org> media: nuvoton: Fix reference handling of ece_node Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in remove Sakari Ailus <sakari.ailus(a)linux.intel.com> Revert "media: imx214: Fix the error handling in imx214_probe()" Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: imx219: Adjust PLL settings based on the number of MIPI lanes Dan Carpenter <dan.carpenter(a)linaro.org> media: xilinx-tpg: fix double put in xtpg_parse_of() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: platform: stm32: Add check for clk_enable() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: visl: Fix ERANGE error when setting enum controls Hans de Goede <hdegoede(a)redhat.com> media: hi556: Fix memory leak (on error) in hi556_check_hwcfg() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Properly turn sensor on/off when runtime-suspended Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix PM related deadlocks in MS IOCTLs Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Fix timeout handling when waiting for TPM status Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Set HCR_EL2.TID1 unconditionally Will Deacon <will(a)kernel.org> KVM: arm64: Tear down vGIC on failed vCPU creation Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Akihiko Odaki <akihiko.odaki(a)daynix.com> KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR} Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication John Keeping <jkeeping(a)inmusicbrands.com> media: rockchip: rga: fix rga offset lookup Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Bingbu Cao <bingbu.cao(a)intel.com> media: intel/ipu6: set the dev_parent of video device to pdev Martin Tůma <martin.tuma(a)digiteqautomotive.com> media: mgb4: Fix switched CMT frequency range "magic values" sets Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Martin Tůma <martin.tuma(a)digiteqautomotive.com> media: mgb4: Fix CMT registers update logic Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: uapi: rkisp1-config: Fix typo in extensible params example Arnd Bergmann <arnd(a)arndb.de> media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization Alain Volmat <alain.volmat(a)foss.st.com> dt-bindings: media: st,stmipid02: correct lane-polarities maxItems Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Fix set_device_control() Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Fix 90 degrees direction name North -> East Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Clamp effect playback LOOP_COUNT value Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Rename two functions to align them with naming convention Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Remove redundant call to pidff_find_special_keys Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Support device error response from PID_BLOCK_LOAD Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Comment and code style update Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: hid-universal-pidff: Add Asetek wheelbases support Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Factor out pool report fetch and remove excess declaration Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Use macros instead of hardcoded min/max values for shorts Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Simplify pidff_rescale_signed Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Move all hid-pidff definitions to a dedicated header Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Factor out code for setting gain Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Rescale time values to match field units Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Define values used in pidff_find_special_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Simplify pidff_upload_effect function Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Completely rework and fix pidff_reset function Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Stop all effects before enabling actuators Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Clamp PERIODIC effect period to device's logical range Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix s390_mmio_read/write syscall page fault handling Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Sheng Yong <shengyong1(a)xiaomi.com> erofs: set error to bio if file-backed IO fails Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Search an appropriate duty_cycle if period cannot be modified Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Jonathan McDowell <noodles(a)meta.com> tpm: End any active auth session before shutdown Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Workaround failed command reception on Infineon devices Ayush Jain <Ayush.jain3(a)amd.com> ktest: Fix Test Failures Due to Missing LOG_FILE Directories Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Add comments about entry data storing code Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Log error for exceeding the number of arguments Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Support mmap() of PCI resources except for ISM devices Christian König <christian.koenig(a)amd.com> drm/amdgpu: grab an additional reference on the gang fence v2 Ryo Takakura <ryotkkr98(a)gmail.com> PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Philipp Stanner <phasta(a)kernel.org> PCI: Check BAR index for validity Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Fix the race condition for draining retry fault Bjorn Helgaas <bhelgaas(a)google.com> PCI: Enable Configuration RRS SV early Ryan Seto <ryanseto(a)amd.com> drm/amd/display: Prevent VStartup Overflow Wentao Liang <vulab(a)iscas.ac.cn> drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Shawn Lin <shawn.lin(a)rock-chips.com> PCI: Add Rockchip Vendor ID Jani Nikula <jani.nikula(a)intel.com> drm/rockchip: stop passing non struct drm_device to drm_err() and friends AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: debugfs hang_hws skip GPU with MES Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix mode1 reset crash issue David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Lucas De Marchi <lucas.demarchi(a)intel.com> drivers: base: devres: Allow to release group on device release Mike Katsnelson <mike.katsnelson(a)amd.com> drm/amd/display: stop DML2 from removing pipes based on planes Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Update FIXED_VS Link Rate Toggle Workaround Usage Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/debugfs: fix printk format for bridge index Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for AYA NEO Slide Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Unlocked unmap only clear page table leaves Brendan Tam <Brendan.Tam(a)amd.com> drm/amd/display: add workaround flag to link to force FFE preset Sung Lee <Sung.Lee(a)amd.com> drm/amd/display: Guard Possible Null Pointer Dereference Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Update Cursor request mode to the beginning prefetch always Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/vf: Don't try to trigger a full GT reset if VF Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Don't send BEGIN_ID if VF has no context/doorbells Matt Atwood <matthew.s.atwood(a)intel.com> drm/xe/ptl: Update the PTL pci id table Shekhar Chauhan <shekhar.chauhan(a)intel.com> drm/xe/bmg: Add new PCI IDs Derek Foreman <derek.foreman(a)collabora.com> drm/rockchip: Don't change hdmi reference clock rate Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Set missing bo->attached flag Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: add WCN3950 support Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: simplify WCN399x NVM loading Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: use the power sequencer for wcn6750 Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btusb: Add 2 HWIDs for MT7922 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Add device id of Whale Peak Dorian Cruveiller <doriancruveiller(a)gmail.com> Bluetooth: btusb: Add new VID/PID for WCN785x Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Boris Burkov <boris(a)bur.io> btrfs: harden block_group::bg_list against list_del() races Huacai Chen <chenhuacai(a)kernel.org> ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Philipp Hahn <phahn-oss(a)avm.de> cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix userspace_selectors corruption Chao Yu <chao(a)kernel.org> Revert "f2fs: rebuild nat_bits during umount" Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Martin Schiller <ms(a)dev.tdt.de> net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Manish Dharanenthiran <quic_mdharane(a)quicinc.com> wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi Birger Koblitz <mail(a)birger-koblitz.de> net: sfp: add quirk for 2.5G OEM BX SFP Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add support for Mercusys MA30N and D-Link DWA-T185 rev. A1 Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Zhongqiu Han <quic_zhonhan(a)quicinc.com> jfs: Fix uninit-value access of imap allocated in the diMount() function Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> can: flexcan: add NXP S32G2/S32G3 SoC support Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> can: flexcan: Add quirk to handle separate interrupt lines for mailboxes Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Max Schulze <max.schulze(a)online.de> net: usb: asix_devices: add FiberGecko DeviceID Chaohai Chen <wdhh66(a)163.com> scsi: target: spc: Fix RSOC parameter data header size Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: ensure sdata->work is canceled before initialized. Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add strict mode disabling workarounds Chao Yu <chao(a)kernel.org> f2fs: don't retry IO for corrupted data scenario Pavel Begunkov <asml.silence(a)gmail.com> net: page_pool: don't cast mp param to devmem Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Avoid reply queue full condition Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Add 'external' to the libata.force kernel parameter P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Avoid memory leak while enabling statistics P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Miaoqing Pan <quic_miaoqing(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_pci_remove() Miaoqing Pan <quic_miaoqing(a)quicinc.com> wifi: ath11k: fix memory leak in ath11k_xxx_remove() P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: use unsigned long for activity check timestamp Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig Syed Saba kareem <syed.sabakareem(a)amd.com> ASoC: amd: yc: update quirk data for new Lenovo model Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247 Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 keenplify <keenplify(a)gmail.com> ASoC: amd: Add DMI quirk for ACP6X mic support Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Aakarsh Jain <aakarsh.jain(a)samsung.com> media: s5p-mfc: Corrected NV12M/NV21M plane-sizes Vishnu Sankar <vishnuocv(a)gmail.com> HID: lenovo: Fix to ensure the data as __le32 instead of u32 Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Actions UVC05 Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_audmix: register card device depends on 'dais' property Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: amd_sdw: Add quirks for Dell SKU's Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: ps: use macro for ACP6.3 pci revision id Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERIODIC_SINE_ONLY quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: Add hid-universal-pidff driver and supported device ids Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add FIX_WHEEL_DIRECTION quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERMISSIVE_CONTROL quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_PBO quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_DELAY quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Zhang Heng <zhangheng(a)kylinos.cn> ASoC: SOF: topology: Use krealloc_array() to replace krealloc() Daniel Schaefer <dhs(a)frame.work> platform/chrome: cros_ec_lpc: Match on Framework ACPI device Josh Poimboeuf <jpoimboe(a)kernel.org> tracing: Disable branch profiling in noinstr code Ingo Molnar <mingo(a)kernel.org> zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend Paul E. McKenney <paulmck(a)kernel.org> Flush console log from kernel_power_off() Lizhi Xu <lizhi.xu(a)windriver.com> PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() Yunhui Cui <cuiyunhui(a)bytedance.com> perf/dwc_pcie: fix duplicate pci_dev devices Yunhui Cui <cuiyunhui(a)bytedance.com> perf/dwc_pcie: fix some unreleased resources Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Xin Li (Intel) <xin(a)zytor.com> x86/ia32: Leave NULL selector values 0~3 unchanged Uros Bizjak <ubizjak(a)gmail.com> x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 Matthew Wilcox (Oracle) <willy(a)infradead.org> x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW Dmitry Osipenko <dmitry.osipenko(a)collabora.com> irqchip/gic-v3: Add Rockchip 3568002 erratum workaround Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Paul E. McKenney <paulmck(a)kernel.org> srcu: Force synchronization for srcu_get_delay() Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Mateusz Guzik <mjguzik(a)gmail.com> fs: consistently deref the files table with rcu_dereference_raw() Frederic Weisbecker <frederic(a)kernel.org> perf: Fix hang while freeing sigtrap event Peter Zijlstra <peterz(a)infradead.org> perf/core: Simplify the perf_event_alloc() error path Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: Fix the wrong Rx descriptor field Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Marek Szyprowski <m.szyprowski(a)samsung.com> iommu/exynos: Fix suspend/resume with IDENTITY domain Ido Schimmel <idosch(a)nvidia.com> ethtool: cmis_cdb: Fix incorrect read / write length extension Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Ido Schimmel <idosch(a)nvidia.com> ipv6: Align behavior across nexthops during path selection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in decryption with multichannel Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpu: Avoid running off the end of an AMD erratum table Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Thomas Richter <tmricht(a)linux.ibm.com> s390/cpumf: Fix double free on error in cpumf_pmu_event_init() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/huc: Fix fence not released on early probe errors Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Pali Rohár <pali(a)kernel.org> cifs: Fix support for WSL-style symlinks Chenyuan Yang <chenyuan0y(a)gmail.com> net: libwx: handle page_pool_dev_alloc_pages error Maxime Ripard <mripard(a)kernel.org> drm/tests: probe-helper: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: modes: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: cmdline: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: helpers: Create kunit helper to destroy a drm_display_mode Maxime Ripard <mripard(a)kernel.org> drm/tests: modeset: Fix drm_display_mode memory leak Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: Don't call .cleanup_data when prepare_data fails Toke Høiland-Jørgensen <toke(a)redhat.com> tc: Ensure we have enough buffer space when sending filter netlink notifications Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: qos: fix VF root node parent queue index Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Restore EIO errno return when GuC PC start fails Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/hw_engine: define sysfs_ops on all directories Taehee Yoo <ap420073(a)gmail.com> net: ethtool: fix ethtool_ringparam_get_cfg() returns a hds_thresh value always as 0. Petr Vaněk <arkamar(a)atlas.cz> x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI Badal Nilawar <badal.nilawar(a)intel.com> drm/i915: Disable RPG during live selftest Vivek Kasireddy <vivek.kasireddy(a)intel.com> drm/virtio: Fix flickering issue seen with imported dmabufs Ming Lei <ming.lei(a)redhat.com> ublk: fix handling recovery & reissue in ublk_abort_queue() Edward Liaw <edliaw(a)google.com> selftests/futex: futex_waitv wouldblock test should fail Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: of: Fix the choice for Ingenic NAND quirk Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Cleanup fprobe hash when module unloading Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix race between newly created partition and dying one Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix error handling in remote_partition_disable() Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: adl: add 2xrt1316 audio configuration ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Documentation/arch/arm64/silicon-errata.rst | 2 + .../bindings/arm/qcom,coresight-tpda.yaml | 3 +- .../bindings/arm/qcom,coresight-tpdm.yaml | 3 +- .../bindings/media/i2c/st,st-mipid02.yaml | 2 +- Makefile | 7 +- arch/arm/lib/crc-t10dif-glue.c | 4 +- arch/arm64/Kconfig | 9 + arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +- .../boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi | 7 - .../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/kvm_arm.h | 4 +- arch/arm64/include/asm/spectre.h | 1 - arch/arm64/include/asm/traps.h | 4 +- arch/arm64/kernel/proton-pack.c | 208 ++++---- arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/sys_regs.c | 204 ++++---- arch/arm64/lib/crc-t10dif-glue.c | 4 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/kvm/powerpc.c | 5 +- arch/s390/Kconfig | 4 +- arch/s390/Makefile | 2 +- arch/s390/include/asm/pci.h | 3 + arch/s390/kernel/perf_cpum_cf.c | 9 +- arch/s390/kernel/perf_cpum_sf.c | 3 - arch/s390/pci/Makefile | 2 +- arch/s390/pci/pci_bus.c | 3 + arch/s390/pci/pci_fixup.c | 23 + arch/s390/pci/pci_mmio.c | 18 +- arch/sparc/include/asm/pgtable_64.h | 2 - arch/sparc/mm/tlb.c | 5 +- arch/x86/Kbuild | 4 + arch/x86/Kconfig | 20 +- arch/x86/coco/sev/core.c | 2 - arch/x86/kernel/acpi/boot.c | 11 + arch/x86/kernel/cpu/amd.c | 3 +- arch/x86/kernel/e820.c | 17 +- arch/x86/kernel/head64.c | 2 - arch/x86/kernel/signal_32.c | 62 ++- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/x86.c | 4 + arch/x86/mm/kasan_init_64.c | 1 - arch/x86/mm/mem_encrypt_amd.c | 2 - arch/x86/mm/mem_encrypt_identity.c | 2 - arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/xen/enlighten.c | 10 + arch/x86/xen/setup.c | 3 - block/blk-mq.c | 1 + drivers/accel/ivpu/ivpu_debugfs.c | 4 +- drivers/accel/ivpu/ivpu_ipc.c | 3 +- drivers/accel/ivpu/ivpu_ms.c | 24 + drivers/acpi/Makefile | 4 + drivers/ata/ahci.c | 11 + drivers/ata/ahci.h | 1 + drivers/ata/libahci.c | 4 + drivers/ata/libata-core.c | 38 ++ drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 13 +- drivers/auxdisplay/hd44780.c | 4 +- drivers/base/devres.c | 7 + drivers/block/ublk_drv.c | 30 +- drivers/bluetooth/btintel_pcie.c | 1 + drivers/bluetooth/btqca.c | 27 +- drivers/bluetooth/btqca.h | 4 + drivers/bluetooth/btusb.c | 32 ++ drivers/bluetooth/hci_ldisc.c | 19 +- drivers/bluetooth/hci_qca.c | 27 +- drivers/bluetooth/hci_uart.h | 1 + drivers/bus/mhi/host/main.c | 16 +- drivers/char/tpm/tpm-chip.c | 6 + drivers/char/tpm/tpm-interface.c | 7 - drivers/char/tpm/tpm_tis_core.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/clk/qcom/clk-branch.c | 4 +- drivers/clk/qcom/gdsc.c | 61 ++- drivers/clk/renesas/r9a07g043-cpg.c | 7 + drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpufreq/amd-pstate.c | 5 +- drivers/cpuidle/Makefile | 3 + drivers/crypto/ccp/sp-pci.c | 15 +- .../cirrus/test/cs_dsp_test_control_parse.c | 51 +- drivers/gpio/gpio-mpc8xxx.c | 4 +- drivers/gpio/gpio-tegra186.c | 25 +- drivers/gpio/gpio-zynq.c | 1 + drivers/gpio/gpiolib-of.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 43 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 + .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 31 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 8 +- drivers/gpu/drm/amd/display/dc/dc.h | 2 + drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 8 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 2 + .../amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 26 - .../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 2 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 22 +- .../display/dc/link/protocols/link_dp_capability.c | 12 +- .../display/dc/link/protocols/link_dp_training.c | 2 + .../link_dp_training_fixed_vs_pe_retimer.c | 3 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 + drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_debugfs.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 19 +- drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 +- drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 + drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 + drivers/gpu/drm/i915/selftests/i915_selftest.c | 18 + drivers/gpu/drm/mediatek/mtk_dpi.c | 23 +- drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 16 +- drivers/gpu/drm/rockchip/dw_hdmi_qp-rockchip.c | 29 +- drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 + drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 +- drivers/gpu/drm/tests/drm_kunit_helpers.c | 22 + drivers/gpu/drm/tests/drm_modes_test.c | 22 + drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 +- drivers/gpu/drm/virtio/virtgpu_prime.c | 2 +- drivers/gpu/drm/virtio/virtgpu_vq.c | 3 + drivers/gpu/drm/xe/xe_gt.c | 4 + drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 4 +- drivers/gpu/drm/xe/xe_gt_sriov_vf.c | 16 + drivers/gpu/drm/xe/xe_gt_sriov_vf.h | 1 + drivers/gpu/drm/xe/xe_guc_pc.c | 1 + drivers/gpu/drm/xe/xe_hw_engine_class_sysfs.c | 108 ++-- drivers/gpu/drm/xe/xe_tuning.c | 8 - drivers/gpu/drm/xe/xe_wa.c | 7 + drivers/hid/Kconfig | 14 + drivers/hid/Makefile | 1 + drivers/hid/hid-ids.h | 37 ++ drivers/hid/hid-lenovo.c | 2 +- drivers/hid/hid-universal-pidff.c | 202 ++++++++ drivers/hid/usbhid/hid-core.c | 1 + drivers/hid/usbhid/hid-pidff.c | 571 ++++++++++++++------- drivers/hid/usbhid/hid-pidff.h | 33 ++ drivers/i3c/master.c | 3 + drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/idle/Makefile | 5 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 32 +- drivers/iommu/exynos-iommu.c | 4 +- drivers/iommu/intel/iommu.c | 2 + drivers/iommu/intel/irq_remapping.c | 71 +-- drivers/iommu/iommufd/device.c | 123 ++++- drivers/iommu/iommufd/fault.c | 8 +- drivers/iommu/iommufd/iommufd_private.h | 33 +- drivers/iommu/mtk_iommu.c | 26 +- drivers/irqchip/irq-gic-v3-its.c | 23 +- drivers/irqchip/irq-renesas-rzv2h.c | 2 +- drivers/leds/rgb/leds-qcom-lpg.c | 8 +- drivers/mailbox/tegra-hsp.c | 72 ++- drivers/md/dm-ebs-target.c | 7 + drivers/md/dm-integrity.c | 48 +- drivers/md/dm-verity-target.c | 8 + drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/hi556.c | 5 +- drivers/media/i2c/imx214.c | 25 +- drivers/media/i2c/imx219.c | 106 ++-- drivers/media/i2c/imx319.c | 9 +- drivers/media/i2c/ov08x40.c | 8 +- drivers/media/i2c/ov7251.c | 4 +- drivers/media/pci/intel/ipu6/ipu6-isys-video.c | 1 + drivers/media/pci/mgb4/mgb4_cmt.c | 8 +- .../media/platform/chips-media/wave5/wave5-hw.c | 2 +- .../platform/chips-media/wave5/wave5-vpu-dec.c | 31 +- .../media/platform/chips-media/wave5/wave5-vpu.c | 4 +- .../platform/chips-media/wave5/wave5-vpuapi.c | 10 + .../mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +- .../mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 +- drivers/media/platform/nuvoton/npcm-video.c | 6 +- drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++- drivers/media/platform/qcom/venus/hfi_venus.c | 18 +- drivers/media/platform/rockchip/rga/rga-hw.c | 2 +- .../platform/samsung/s5p-mfc/s5p_mfc_opr_v6.c | 5 +- drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +- drivers/media/platform/xilinx/xilinx-tpg.c | 2 - drivers/media/rc/streamzap.c | 68 +-- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/test-drivers/visl/visl-core.c | 12 + drivers/media/usb/uvc/uvc_driver.c | 9 + drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/pci_endpoint_test.c | 7 +- drivers/mmc/host/dw_mmc.c | 94 +++- drivers/mmc/host/dw_mmc.h | 27 + drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 12 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/can/flexcan/flexcan-core.c | 35 +- drivers/net/can/flexcan/flexcan.h | 5 + drivers/net/dsa/mv88e6xxx/chip.c | 23 +- drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 3 +- drivers/net/ethernet/intel/igc/igc.h | 2 - drivers/net/ethernet/intel/igc/igc_main.c | 4 +- drivers/net/ethernet/intel/igc/igc_xdp.c | 2 - drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 + drivers/net/ethernet/microsoft/mana/mana_en.c | 46 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 11 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 6 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 3 +- drivers/net/phy/phy_device.c | 57 +- drivers/net/phy/sfp.c | 13 +- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/usb/asix_devices.c | 17 + drivers/net/usb/cdc_ether.c | 7 + drivers/net/usb/r8152.c | 6 + drivers/net/usb/r8153_ecm.c | 6 + drivers/net/wireless/ath/ath11k/ahb.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 4 +- drivers/net/wireless/ath/ath11k/core.h | 5 +- drivers/net/wireless/ath/ath11k/dp.c | 35 +- drivers/net/wireless/ath/ath11k/fw.c | 3 +- drivers/net/wireless/ath/ath11k/mac.c | 14 + drivers/net/wireless/ath/ath11k/pci.c | 3 +- drivers/net/wireless/ath/ath11k/reg.c | 85 ++- drivers/net/wireless/ath/ath11k/reg.h | 3 +- drivers/net/wireless/ath/ath11k/wmi.h | 1 + drivers/net/wireless/ath/ath12k/dp_mon.c | 66 +-- drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +- drivers/net/wireless/ath/ath12k/hal_rx.h | 3 + drivers/net/wireless/ath/ath12k/pci.c | 2 +- drivers/net/wireless/ath/ath9k/ath9k.h | 2 +- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 + drivers/net/wireless/mediatek/mt76/mt76.h | 1 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 160 ++++-- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 170 +++--- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 3 +- drivers/net/wireless/mediatek/mt76/mt792x.h | 9 + drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +- drivers/net/wireless/realtek/rtw88/rtw8822bu.c | 4 + drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 78 +-- drivers/pci/controller/cadence/pci-j721e.c | 5 +- drivers/pci/controller/dwc/pci-layerscape.c | 2 +- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/controller/pcie-rockchip-host.c | 2 +- drivers/pci/controller/pcie-rockchip.h | 1 - drivers/pci/controller/vmd.c | 12 +- drivers/pci/devres.c | 18 +- drivers/pci/hotplug/pciehp_core.c | 5 +- drivers/pci/iomap.c | 29 +- drivers/pci/pci.c | 6 + drivers/pci/pci.h | 16 + drivers/pci/probe.c | 22 +- drivers/perf/arm_pmu.c | 8 +- drivers/perf/dwc_pcie_pmu.c | 51 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 98 ++-- drivers/pinctrl/samsung/pinctrl-exynos.h | 22 + drivers/pinctrl/samsung/pinctrl-samsung.c | 1 + drivers/pinctrl/samsung/pinctrl-samsung.h | 4 + drivers/platform/chrome/cros_ec_lpc.c | 22 +- drivers/platform/x86/x86-android-tablets/Kconfig | 1 + drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 8 +- drivers/pwm/pwm-rcar.c | 24 +- drivers/pwm/pwm-stm32.c | 12 +- drivers/s390/net/ism_drv.c | 1 - drivers/s390/virtio/virtio_ccw.c | 16 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpi3mr/mpi3mr.h | 14 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 24 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 99 +++- drivers/scsi/st.c | 2 +- drivers/soc/samsung/exynos-chipid.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/spi/spi-fsl-qspi.c | 36 +- drivers/target/target_core_spc.c | 2 +- drivers/thermal/mediatek/lvts_thermal.c | 52 +- drivers/thermal/rockchip_thermal.c | 1 + drivers/ufs/host/ufs-qcom.c | 2 +- drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/video/backlight/led_bl.c | 5 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/balloon.c | 34 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/btrfs/disk-io.c | 12 + fs/btrfs/extent-tree.c | 8 + fs/btrfs/tests/extent-map-tests.c | 1 + fs/btrfs/transaction.c | 12 + fs/btrfs/zoned.c | 6 + fs/dlm/lock.c | 2 + fs/erofs/fileio.c | 2 + fs/ext4/inode.c | 68 ++- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 17 + fs/ext4/xattr.c | 11 +- fs/f2fs/checkpoint.c | 21 +- fs/f2fs/f2fs.h | 32 +- fs/f2fs/inode.c | 8 +- fs/f2fs/node.c | 110 ++-- fs/f2fs/super.c | 8 +- fs/file.c | 26 +- fs/fuse/dev.c | 34 +- fs/fuse/dev_uring.c | 15 +- fs/fuse/dev_uring_i.h | 6 + fs/fuse/fuse_dev_i.h | 1 + fs/fuse/fuse_i.h | 3 + fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 10 +- fs/jfs/jfs_imap.c | 4 +- fs/namespace.c | 3 +- fs/smb/client/cifsencrypt.c | 16 +- fs/smb/client/connect.c | 3 + fs/smb/client/fs_context.c | 5 + fs/smb/client/inode.c | 10 + fs/smb/client/reparse.c | 29 +- fs/smb/client/sess.c | 7 + fs/smb/client/smb2misc.c | 9 +- fs/smb/client/smb2ops.c | 6 +- fs/smb/client/smb2pdu.c | 11 +- fs/smb/common/smb2pdu.h | 6 +- fs/udf/inode.c | 1 + fs/userfaultfd.c | 51 +- include/drm/drm_kunit_helpers.h | 3 + include/drm/intel/pciids.h | 11 +- include/linux/cgroup-defs.h | 1 + include/linux/cgroup.h | 2 +- include/linux/damon.h | 11 + include/linux/hid.h | 6 - include/linux/io_uring_types.h | 3 + include/linux/kvm_host.h | 2 +- include/linux/mtd/spinand.h | 2 +- include/linux/page-flags.h | 6 + include/linux/pci_ids.h | 3 + include/linux/perf_event.h | 17 +- include/linux/pgtable.h | 14 +- include/linux/printk.h | 6 + include/linux/tpm.h | 1 + include/net/mac80211.h | 6 + include/net/sctp/structs.h | 3 +- include/net/sock.h | 40 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/landlock.h | 2 + include/uapi/linux/psp-sev.h | 21 +- include/uapi/linux/rkisp1-config.h | 2 +- include/xen/interface/xen-mca.h | 2 +- io_uring/io_uring.c | 4 +- io_uring/kbuf.c | 2 + io_uring/net.c | 3 + kernel/Makefile | 5 + kernel/cgroup/cgroup.c | 6 + kernel/cgroup/cpuset.c | 55 +- kernel/entry/Makefile | 3 + kernel/events/core.c | 184 +++---- kernel/events/uprobes.c | 15 +- kernel/locking/lockdep.c | 3 + kernel/power/hibernate.c | 6 +- kernel/printk/printk.c | 4 +- kernel/rcu/srcutree.c | 11 +- kernel/reboot.c | 1 + kernel/sched/Makefile | 5 + kernel/sched/ext.c | 4 +- kernel/time/Makefile | 6 + kernel/trace/fprobe.c | 170 +++++- kernel/trace/ftrace.c | 9 +- kernel/trace/ring_buffer.c | 5 +- kernel/trace/trace_eprobe.c | 2 + kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_synth.c | 1 - kernel/trace/trace_fprobe.c | 31 +- kernel/trace/trace_kprobe.c | 5 +- kernel/trace/trace_probe.c | 28 + kernel/trace/trace_probe.h | 1 + kernel/trace/trace_uprobe.c | 9 +- lib/Makefile | 5 + lib/sg_split.c | 2 - lib/zstd/common/portability_macros.h | 2 +- mm/damon/core.c | 1 + mm/damon/ops-common.c | 2 +- mm/damon/paddr.c | 57 +- mm/hugetlb.c | 2 +- mm/memory-failure.c | 11 +- mm/memory_hotplug.c | 3 +- mm/mremap.c | 10 +- mm/page_vma_mapped.c | 13 +- mm/rmap.c | 2 +- mm/shmem.c | 3 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +- net/core/filter.c | 80 +-- net/core/page_pool.c | 8 +- net/core/page_pool_user.c | 2 +- net/core/sock.c | 5 + net/ethtool/cmis.h | 1 - net/ethtool/cmis_cdb.c | 18 +- net/ethtool/common.c | 1 + net/ethtool/netlink.c | 8 +- net/ipv6/route.c | 8 +- net/mac80211/debugfs.c | 44 +- net/mac80211/iface.c | 5 +- net/mac80211/mesh_hwmp.c | 14 +- net/mac80211/mlme.c | 59 ++- net/mptcp/sockopt.c | 28 + net/mptcp/subflow.c | 19 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/sched/cls_api.c | 66 ++- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_sfq.c | 66 ++- net/sctp/socket.c | 22 +- net/sctp/transport.c | 2 + net/sunrpc/xprtrdma/svc_rdma_transport.c | 3 +- net/tipc/link.c | 1 + net/tls/tls_main.c | 6 + scripts/generate_builtin_ranges.awk | 5 + security/integrity/ima/ima.h | 3 +- security/integrity/ima/ima_main.c | 18 +- security/landlock/errata.h | 99 ++++ security/landlock/errata/abi-4.h | 15 + security/landlock/errata/abi-6.h | 19 + security/landlock/fs.c | 39 +- security/landlock/setup.c | 38 +- security/landlock/setup.h | 3 + security/landlock/syscalls.c | 22 +- security/landlock/task.c | 12 + sound/pci/hda/hda_intel.c | 44 +- sound/pci/hda/patch_realtek.c | 41 ++ sound/soc/amd/acp/acp-sdw-legacy-mach.c | 34 ++ sound/soc/amd/acp/soc_amd_sdw_common.h | 1 + sound/soc/amd/ps/acp63.h | 1 + sound/soc/amd/ps/pci-ps.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/wcd937x.c | 2 + sound/soc/fsl/fsl_audmix.c | 16 +- sound/soc/intel/common/soc-acpi-intel-adl-match.c | 29 ++ sound/soc/qcom/qdsp6/q6apm-dai.c | 60 ++- sound/soc/qcom/qdsp6/q6apm.c | 18 +- sound/soc/qcom/qdsp6/q6apm.h | 3 + sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +- sound/soc/sof/topology.c | 4 +- sound/usb/midi.c | 80 ++- tools/objtool/check.c | 5 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/ktest/ktest.pl | 8 + .../futex/functional/futex_wait_wouldblock.c | 2 +- tools/testing/selftests/landlock/base_test.c | 46 +- tools/testing/selftests/landlock/common.h | 1 + .../selftests/landlock/scoped_signal_test.c | 108 +++- tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 +- virt/kvm/Kconfig | 2 +- virt/kvm/eventfd.c | 10 +- 460 files changed, 5785 insertions(+), 2515 deletions(-)

6 months

11
468
0 0

[merged mm-hotfixes-stable] mm-fix-folio_pte_batch-on-xen-pv.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix folio_pte_batch() on XEN PV has been removed from the -mm tree. Its filename was mm-fix-folio_pte_batch-on-xen-pv.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Petr Van��k <arkamar(a)atlas.cz> Subject: mm: fix folio_pte_batch() on XEN PV Date: Fri, 2 May 2025 23:50:19 +0200 On XEN PV, folio_pte_batch() can incorrectly batch beyond the end of a folio due to a corner case in pte_advance_pfn(). Specifically, when the PFN following the folio maps to an invalidated MFN, expected_pte = pte_advance_pfn(expected_pte, nr); produces a pte_none(). If the actual next PTE in memory is also pte_none(), the pte_same() succeeds, if (!pte_same(pte, expected_pte)) break; the loop is not broken, and batching continues into unrelated memory. For example, with a 4-page folio, the PTE layout might look like this: [ 53.465673] [ T2552] folio_pte_batch: printing PTE values at addr=0x7f1ac9dc5000 [ 53.465674] [ T2552] PTE[453] = 000000010085c125 [ 53.465679] [ T2552] PTE[454] = 000000010085d125 [ 53.465682] [ T2552] PTE[455] = 000000010085e125 [ 53.465684] [ T2552] PTE[456] = 000000010085f125 [ 53.465686] [ T2552] PTE[457] = 0000000000000000 <-- not present [ 53.465689] [ T2552] PTE[458] = 0000000101da7125 pte_advance_pfn(PTE[456]) returns a pte_none() due to invalid PFN->MFN mapping. The next actual PTE (PTE[457]) is also pte_none(), so the loop continues and includes PTE[457] in the batch, resulting in 5 batched entries for a 4-page folio. This triggers the following warning: [ 53.465751] [ T2552] page: refcount:85 mapcount:20 mapping:ffff88813ff4f6a8 index:0x110 pfn:0x10085c [ 53.465754] [ T2552] head: order:2 mapcount:80 entire_mapcount:0 nr_pages_mapped:4 pincount:0 [ 53.465756] [ T2552] memcg:ffff888003573000 [ 53.465758] [ T2552] aops:0xffffffff8226fd20 ino:82467c dentry name(?):"libc.so.6" [ 53.465761] [ T2552] flags: 0x2000000000416c(referenced|uptodate|lru|active|private|head|node=0|zone=2) [ 53.465764] [ T2552] raw: 002000000000416c ffffea0004021f08 ffffea0004021908 ffff88813ff4f6a8 [ 53.465767] [ T2552] raw: 0000000000000110 ffff888133d8bd40 0000005500000013 ffff888003573000 [ 53.465768] [ T2552] head: 002000000000416c ffffea0004021f08 ffffea0004021908 ffff88813ff4f6a8 [ 53.465770] [ T2552] head: 0000000000000110 ffff888133d8bd40 0000005500000013 ffff888003573000 [ 53.465772] [ T2552] head: 0020000000000202 ffffea0004021701 000000040000004f 00000000ffffffff [ 53.465774] [ T2552] head: 0000000300000003 8000000300000002 0000000000000013 0000000000000004 [ 53.465775] [ T2552] page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) Original code works as expected everywhere, except on XEN PV, where pte_advance_pfn() can yield a pte_none() after balloon inflation due to MFNs invalidation. In XEN, pte_advance_pfn() ends up calling __pte()->xen_make_pte()->pte_pfn_to_mfn(), which returns pte_none() when mfn == INVALID_P2M_ENTRY. The pte_pfn_to_mfn() documents that nastiness: If there's no mfn for the pfn, then just create an empty non-present pte. Unfortunately this loses information about the original pfn, so pte_mfn_to_pfn is asymmetric. While such hacks should certainly be removed, we can do better in folio_pte_batch() and simply check ahead of time how many PTEs we can possibly batch in our folio. This way, we can not only fix the issue but cleanup the code: removing the pte_pfn() check inside the loop body and avoiding end_ptr comparison + arithmetic. Link: https://lkml.kernel.org/r/20250502215019.822-2-arkamar@atlas.cz Fixes: f8d937761d65 ("mm/memory: optimize fork() with PTE-mapped THP") Co-developed-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Petr Van��k <arkamar(a)atlas.cz> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) --- a/mm/internal.h~mm-fix-folio_pte_batch-on-xen-pv +++ a/mm/internal.h @@ -248,11 +248,9 @@ static inline int folio_pte_batch(struct pte_t *start_ptep, pte_t pte, int max_nr, fpb_t flags, bool *any_writable, bool *any_young, bool *any_dirty) { - unsigned long folio_end_pfn = folio_pfn(folio) + folio_nr_pages(folio); - const pte_t *end_ptep = start_ptep + max_nr; pte_t expected_pte, *ptep; bool writable, young, dirty; - int nr; + int nr, cur_nr; if (any_writable) *any_writable = false; @@ -265,11 +263,15 @@ static inline int folio_pte_batch(struct VM_WARN_ON_FOLIO(!folio_test_large(folio) || max_nr < 1, folio); VM_WARN_ON_FOLIO(page_folio(pfn_to_page(pte_pfn(pte))) != folio, folio); + /* Limit max_nr to the actual remaining PFNs in the folio we could batch. */ + max_nr = min_t(unsigned long, max_nr, + folio_pfn(folio) + folio_nr_pages(folio) - pte_pfn(pte)); + nr = pte_batch_hint(start_ptep, pte); expected_pte = __pte_batch_clear_ignored(pte_advance_pfn(pte, nr), flags); ptep = start_ptep + nr; - while (ptep < end_ptep) { + while (nr < max_nr) { pte = ptep_get(ptep); if (any_writable) writable = !!pte_write(pte); @@ -282,14 +284,6 @@ static inline int folio_pte_batch(struct if (!pte_same(pte, expected_pte)) break; - /* - * Stop immediately once we reached the end of the folio. In - * corner cases the next PFN might fall into a different - * folio. - */ - if (pte_pfn(pte) >= folio_end_pfn) - break; - if (any_writable) *any_writable |= writable; if (any_young) @@ -297,12 +291,13 @@ static inline int folio_pte_batch(struct if (any_dirty) *any_dirty |= dirty; - nr = pte_batch_hint(ptep, pte); - expected_pte = pte_advance_pfn(expected_pte, nr); - ptep += nr; + cur_nr = pte_batch_hint(ptep, pte); + expected_pte = pte_advance_pfn(expected_pte, cur_nr); + ptep += cur_nr; + nr += cur_nr; } - return min(ptep - start_ptep, max_nr); + return min(nr, max_nr); } /** _ Patches currently in -mm which might be from arkamar(a)atlas.cz are

6 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-a-build-failure-on-powerpc.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix a build failure on powerpc has been removed from the -mm tree. Its filename was selftests-mm-fix-a-build-failure-on-powerpc.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Nysal Jan K.A." <nysal(a)linux.ibm.com> Subject: selftests/mm: fix a build failure on powerpc Date: Mon, 28 Apr 2025 18:49:35 +0530 The compiler is unaware of the size of code generated by the ".rept" assembler directive. This results in the compiler emitting branch instructions where the offset to branch to exceeds the maximum allowed value, resulting in build failures like the following: CC protection_keys /tmp/ccypKWAE.s: Assembler messages: /tmp/ccypKWAE.s:2073: Error: operand out of range (0x0000000000020158 is not between 0xffffffffffff8000 and 0x0000000000007ffc) /tmp/ccypKWAE.s:2509: Error: operand out of range (0x0000000000020130 is not between 0xffffffffffff8000 and 0x0000000000007ffc) Fix the issue by manually adding nop instructions using the preprocessor. Link: https://lkml.kernel.org/r/20250428131937.641989-2-nysal@linux.ibm.com Fixes: 46036188ea1f ("selftests/mm: build with -O2") Reported-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> Tested-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Reviewed-by: Donet Tom <donettom(a)linux.ibm.com> Tested-by: Donet Tom <donettom(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/pkey-powerpc.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/pkey-powerpc.h~selftests-mm-fix-a-build-failure-on-powerpc +++ a/tools/testing/selftests/mm/pkey-powerpc.h @@ -104,8 +104,18 @@ static inline void expect_fault_on_read_ return; } +#define REPEAT_8(s) s s s s s s s s +#define REPEAT_64(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) \ + REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) +#define REPEAT_512(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) \ + REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) +#define REPEAT_4096(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) \ + REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) +#define REPEAT_16384(s) REPEAT_4096(s) REPEAT_4096(s) \ + REPEAT_4096(s) REPEAT_4096(s) + /* 4-byte instructions * 16384 = 64K page */ -#define __page_o_noops() asm(".rept 16384 ; nop; .endr") +#define __page_o_noops() asm(REPEAT_16384("nop\n")) static inline void *malloc_pkey_with_mprotect_subpage(long size, int prot, u16 pkey) { _ Patches currently in -mm which might be from nysal(a)linux.ibm.com are watchdog-fix-watchdog-may-detect-false-positive-of-softlockup-fix.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-build-break-when-compiling-pkey_utilc.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix build break when compiling pkey_util.c has been removed from the -mm tree. Its filename was selftests-mm-fix-build-break-when-compiling-pkey_utilc.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Madhavan Srinivasan <maddy(a)linux.ibm.com> Subject: selftests/mm: fix build break when compiling pkey_util.c Date: Mon, 28 Apr 2025 18:49:34 +0530 Commit 50910acd6f615 ("selftests/mm: use sys_pkey helpers consistently") added a pkey_util.c to refactor some of the protection_keys functions accessible by other tests. But this broken the build in powerpc in two ways, pkey-powerpc.h: In function `arch_is_powervm': pkey-powerpc.h:73:21: error: storage size of `buf' isn't known 73 | struct stat buf; | ^~~ pkey-powerpc.h:75:14: error: implicit declaration of function `stat'; did you mean `strcat'? [-Wimplicit-function-declaration] 75 | if ((stat("/sys/firmware/devicetree/base/ibm,partition-name", &buf) == 0) && | ^~~~ | strcat Since pkey_util.c includes pkeys-helper.h, which in turn includes pkeys-powerpc.h, stat.h including is missing for "struct stat". This is fixed by adding "sys/stat.h" in pkeys-powerpc.h Secondly, pkey-powerpc.h:55:18: warning: format `%llx' expects argument of type `long long unsigned int', but argument 3 has type `u64' {aka `long unsigned int'} [-Wformat=] 55 | dprintf4("%s() changing %016llx to %016llx\n", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __func__, __read_pkey_reg(), pkey_reg); | ~~~~~~~~~~~~~~~~~ | | | u64 {aka long unsigned int} pkey-helpers.h:63:32: note: in definition of macro `dprintf_level' 63 | sigsafe_printf(args); \ | ^~~~ These format specifier related warning are removed by adding "__SANE_USERSPACE_TYPES__" to pkeys_utils.c. Link: https://lkml.kernel.org/r/20250428131937.641989-1-nysal@linux.ibm.com Fixes: 50910acd6f61 ("selftests/mm: use sys_pkey helpers consistently") Signed-off-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> Tested-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/pkey-powerpc.h | 2 ++ tools/testing/selftests/mm/pkey_util.c | 1 + 2 files changed, 3 insertions(+) --- a/tools/testing/selftests/mm/pkey-powerpc.h~selftests-mm-fix-build-break-when-compiling-pkey_utilc +++ a/tools/testing/selftests/mm/pkey-powerpc.h @@ -3,6 +3,8 @@ #ifndef _PKEYS_POWERPC_H #define _PKEYS_POWERPC_H +#include <sys/stat.h> + #ifndef SYS_pkey_alloc # define SYS_pkey_alloc 384 # define SYS_pkey_free 385 --- a/tools/testing/selftests/mm/pkey_util.c~selftests-mm-fix-build-break-when-compiling-pkey_utilc +++ a/tools/testing/selftests/mm/pkey_util.c @@ -1,4 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only +#define __SANE_USERSPACE_TYPES__ #include <sys/syscall.h> #include <unistd.h> _ Patches currently in -mm which might be from maddy(a)linux.ibm.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-vmalloc-support-more-granular-vrealloc-sizing.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: vmalloc: support more granular vrealloc() sizing has been removed from the -mm tree. Its filename was mm-vmalloc-support-more-granular-vrealloc-sizing.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kees Cook <kees(a)kernel.org> Subject: mm: vmalloc: support more granular vrealloc() sizing Date: Fri, 25 Apr 2025 17:11:07 -0700 Introduce struct vm_struct::requested_size so that the requested (re)allocation size is retained separately from the allocated area size. This means that KASAN will correctly poison the correct spans of requested bytes. This also means we can support growing the usable portion of an allocation that can already be supported by the existing area's existing allocation. Link: https://lkml.kernel.org/r/20250426001105.it.679-kees@kernel.org Fixes: 3ddc2fefe6f3 ("mm: vmalloc: implement vrealloc()") Signed-off-by: Kees Cook <kees(a)kernel.org> Reported-by: Erhard Furtner <erhard_f(a)mailbox.org> Closes: https://lore.kernel.org/all/20250408192503.6149a816@outsider.home/ Reviewed-by: Danilo Krummrich <dakr(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/vmalloc.h | 1 + mm/vmalloc.c | 31 ++++++++++++++++++++++++------- 2 files changed, 25 insertions(+), 7 deletions(-) --- a/include/linux/vmalloc.h~mm-vmalloc-support-more-granular-vrealloc-sizing +++ a/include/linux/vmalloc.h @@ -61,6 +61,7 @@ struct vm_struct { unsigned int nr_pages; phys_addr_t phys_addr; const void *caller; + unsigned long requested_size; }; struct vmap_area { --- a/mm/vmalloc.c~mm-vmalloc-support-more-granular-vrealloc-sizing +++ a/mm/vmalloc.c @@ -1940,7 +1940,7 @@ static inline void setup_vmalloc_vm(stru { vm->flags = flags; vm->addr = (void *)va->va_start; - vm->size = va_size(va); + vm->size = vm->requested_size = va_size(va); vm->caller = caller; va->vm = vm; } @@ -3133,6 +3133,7 @@ struct vm_struct *__get_vm_area_node(uns area->flags = flags; area->caller = caller; + area->requested_size = requested_size; va = alloc_vmap_area(size, align, start, end, node, gfp_mask, 0, area); if (IS_ERR(va)) { @@ -4063,6 +4064,8 @@ EXPORT_SYMBOL(vzalloc_node_noprof); */ void *vrealloc_noprof(const void *p, size_t size, gfp_t flags) { + struct vm_struct *vm = NULL; + size_t alloced_size = 0; size_t old_size = 0; void *n; @@ -4072,15 +4075,17 @@ void *vrealloc_noprof(const void *p, siz } if (p) { - struct vm_struct *vm; - vm = find_vm_area(p); if (unlikely(!vm)) { WARN(1, "Trying to vrealloc() nonexistent vm area (%p)\n", p); return NULL; } - old_size = get_vm_area_size(vm); + alloced_size = get_vm_area_size(vm); + old_size = vm->requested_size; + if (WARN(alloced_size < old_size, + "vrealloc() has mismatched area vs requested sizes (%p)\n", p)) + return NULL; } /* @@ -4088,14 +4093,26 @@ void *vrealloc_noprof(const void *p, siz * would be a good heuristic for when to shrink the vm_area? */ if (size <= old_size) { - /* Zero out spare memory. */ - if (want_init_on_alloc(flags)) + /* Zero out "freed" memory. */ + if (want_init_on_free()) memset((void *)p + size, 0, old_size - size); + vm->requested_size = size; kasan_poison_vmalloc(p + size, old_size - size); - kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL); return (void *)p; } + /* + * We already have the bytes available in the allocation; use them. + */ + if (size <= alloced_size) { + kasan_unpoison_vmalloc(p + old_size, size - old_size, + KASAN_VMALLOC_PROT_NORMAL); + /* Zero out "alloced" memory. */ + if (want_init_on_alloc(flags)) + memset((void *)p + old_size, 0, size - old_size); + vm->requested_size = size; + } + /* TODO: Grow the vm_area, i.e. allocate and map additional pages. */ n = __vmalloc_noprof(size, flags); if (!n) _ Patches currently in -mm which might be from kees(a)kernel.org are

6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2025