May 2025 - Linux-stable-mirror

+ mm-vmscan-avoid-signedness-error-for-gcc-54.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: vmscan: avoid signedness error for GCC 5.4 has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmscan-avoid-signedness-error-for-gcc-54.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: WangYuli <wangyuli(a)uniontech.com> Subject: mm: vmscan: avoid signedness error for GCC 5.4 Date: Wed, 7 May 2025 12:08:27 +0800 To the GCC 5.4 compiler, (MAX_NR_TIERS - 1) (i.e., (4U - 1)) is unsigned, whereas tier is a signed integer. Then, the __types_ok check within the __careful_cmp_once macro failed, triggered BUILD_BUG_ON. Use min_t instead of min to circumvent this compiler error. Fix follow error with gcc 5.4: mm/vmscan.c: In function `read_ctrl_pos': mm/vmscan.c:3166:728: error: call to `__compiletime_assert_887' declared with attribute error: min(tier, 4U - 1) signedness error Link: https://lkml.kernel.org/r/62726950F697595A+20250507040827.1147510-1-wangyul… Fixes: 37a260870f2c ("mm/mglru: rework type selection") Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/vmscan.c~mm-vmscan-avoid-signedness-error-for-gcc-54 +++ a/mm/vmscan.c @@ -3163,7 +3163,7 @@ static void read_ctrl_pos(struct lruvec pos->gain = gain; pos->refaulted = pos->total = 0; - for (i = tier % MAX_NR_TIERS; i <= min(tier, MAX_NR_TIERS - 1); i++) { + for (i = tier % MAX_NR_TIERS; i <= min_t(int, tier, MAX_NR_TIERS - 1); i++) { pos->refaulted += lrugen->avg_refaulted[type][i] + atomic_long_read(&lrugen->refaulted[hist][type][i]); pos->total += lrugen->avg_total[type][i] + _ Patches currently in -mm which might be from wangyuli(a)uniontech.com are mm-vmscan-avoid-signedness-error-for-gcc-54.patch ocfs2-o2net_idle_timer-rename-del_timer_sync-in-comment.patch treewide-fix-typo-previlege.patch

7 months, 2 weeks

2
1
0 0

[REGRESSION][BISECTED] Commit 60e3318e3e900 in stable/linux-6.1.y breaks cifs client failover to another server in DFS namespace

by Andrew Paniakin

Commit 60e3318e3e900 ("cifs: use fs_context for automounts") was released in v6.1.54 and broke the failover when one of the servers inside DFS becomes unavailable. We reproduced the problem on the EC2 instances of different types. Reverting aforementioned commint on top of the latest stable verison v6.1.94 helps to resolve the problem. Earliest working version is v6.2-rc1. There were two big merges of CIFS fixes: [1] and [2]. We would like to ask for the help to investigate this problem and if some of those patches need to be backported. Also, is it safe to just revert problematic commit until proper fixes/backports will be available? We will help to do testing and confirm if fix works, but let me also list the steps we used to reproduce the problem if it will help to identify the problem: 1. Create Active Directory domain eg. 'corp.fsxtest.local' in AWS Directory Service with: - three AWS FSX file systems filesystem1..filesystem3 - three Windows servers; They have DFS installed as per https://learn.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs…: - dfs-srv1: EC2AMAZ-2EGTM59 - dfs-srv2: EC2AMAZ-1N36PRD - dfs-srv3: EC2AMAZ-0PAUH2U 2. Create DFS namespace eg. 'dfs-namespace' in Windows server 2008 mode and three folders targets in it: - referral-a mapped to filesystem1.corp.local - referral-b mapped to filesystem2.corp.local - referral-c mapped to filesystem3.corp.local - local folders dfs-srv1..dfs-srv3 in C:\DFSRoots\dfs-namespace of every Windows server. This helps to quickly define underlying server when DFS is mounted. 3. Enabled cifs debug logs: ``` echo 'module cifs +p' > /sys/kernel/debug/dynamic_debug/control echo 'file fs/cifs/* +p' > /sys/kernel/debug/dynamic_debug/control echo 7 > /proc/fs/cifs/cifsFYI ``` 4. Mount DFS namespace on Amazon Linux 2023 instance running any vanilla kernel v6.1.54+: ``` dmesg -c &>/dev/null cd /mnt mount -t cifs -o cred=/mnt/creds,echo_interval=5 \ //corp.fsxtest.local/dfs-namespace \ ./dfs-namespace ``` 5. List DFS root, it's also required to avoid recursive mounts that happen during regular 'ls' run: ``` sh -c 'ls dfs-namespace' dfs-srv2 referral-a referral-b ``` The DFS server is EC2AMAZ-1N36PRD, it's also listed in mount: ``` [root@ip-172-31-2-82 mnt]# mount | grep dfs //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` List files in first folder: ``` sh -c 'ls dfs-namespace/referral-a' filea.txt.txt ``` 6. Shutdown DFS server-2. List DFS root again, server changed from dfs-srv2 to dfs-srv1 EC2AMAZ-2EGTM59: ``` sh -c 'ls dfs-namespace' dfs-srv1 referral-a referral-b ``` 7. Try to list files in another folder, this causes ls to fail with error: ``` sh -c 'ls dfs-namespace/referral-b' ls: cannot access 'dfs-namespace/referral-b': No route to host``` Sometimes it's also 'Operation now in progress' error. mount shows the same output: ``` //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` I also attached kernel debug logs from this test. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Reported-by: Andrei Paniakin <apanyaki(a)amazon.com> Bisected-by: Simba Bonga <simbarb(a)amazon.com> --- #regzbot introduced: v6.1.54..v6.2-rc1

7 months, 2 weeks

3
12
0 0

[PATCH] ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction

by Peter Ujfalusi

The firmware does not provide any information for capture streams via the shared pipeline registers. To avoid reporting invalid delay value for capture streams to user space we need to disable it. Fixes: af74dbd0dbcf ("ASoC: SOF: ipc4-pcm: allocate time info for pcm delay feature") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> --- sound/soc/sof/ipc4-pcm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/sof/ipc4-pcm.c b/sound/soc/sof/ipc4-pcm.c index 52903503cf3b..8eee3e1aadf9 100644 --- a/sound/soc/sof/ipc4-pcm.c +++ b/sound/soc/sof/ipc4-pcm.c @@ -799,7 +799,8 @@ static int sof_ipc4_pcm_setup(struct snd_sof_dev *sdev, struct snd_sof_pcm *spcm spcm->stream[stream].private = stream_priv; - if (!support_info) + /* Delay reporting is only supported on playback */ + if (!support_info || stream == SNDRV_PCM_STREAM_CAPTURE) continue; time_info = kzalloc(sizeof(*time_info), GFP_KERNEL); -- 2.49.0

7 months, 2 weeks

2
1
0 0

[PATCH] ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext

by Peter Ujfalusi

The header.numid is set to scontrol->comp_id in bytes_ext_get and it is ignored during bytes_ext_put. The use of comp_id is not quite great as it is kernel internal identification number. Set the header.numid to SOF_CTRL_CMD_BINARY during get and validate the numid during put to provide consistent and compatible identification number as IPC3. For IPC4 existing tooling also ignored the numid but with the use of SOF_CTRL_CMD_BINARY the different handling of the blobs can be dropped, providing better user experience. Reported-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com> Closes: https://github.com/thesofproject/linux/issues/5282 Fixes: a062c8899fed ("ASoC: SOF: ipc4-control: Add support for bytes control get and put") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> --- sound/soc/sof/ipc4-control.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sound/soc/sof/ipc4-control.c b/sound/soc/sof/ipc4-control.c index 576f407cd456..976a4794d610 100644 --- a/sound/soc/sof/ipc4-control.c +++ b/sound/soc/sof/ipc4-control.c @@ -531,6 +531,14 @@ static int sof_ipc4_bytes_ext_put(struct snd_sof_control *scontrol, return -EINVAL; } + /* Check header id */ + if (header.numid != SOF_CTRL_CMD_BINARY) { + dev_err_ratelimited(scomp->dev, + "Incorrect numid for bytes put %d\n", + header.numid); + return -EINVAL; + } + /* Verify the ABI header first */ if (copy_from_user(&abi_hdr, tlvd->tlv, sizeof(abi_hdr))) return -EFAULT; @@ -613,7 +621,8 @@ static int _sof_ipc4_bytes_ext_get(struct snd_sof_control *scontrol, if (data_size > size) return -ENOSPC; - header.numid = scontrol->comp_id; + /* Set header id and length */ + header.numid = SOF_CTRL_CMD_BINARY; header.length = data_size; if (copy_to_user(tlvd, &header, sizeof(struct snd_ctl_tlv))) -- 2.49.0

7 months, 2 weeks

2
1
0 0

[PATCH] ASoc: SOF: topology: connect DAI to a single DAI link

by Peter Ujfalusi

From: Kai Vehmanen <kai.vehmanen(a)linux.intel.com> The partial matching of DAI widget to link names, can cause problems if one of the widget names is a substring of another. E.g. with names "Foo1" and Foo10", it's not possible to correctly link up "Foo1". Modify the logic so that if multiple DAI links match the widget stream name, prioritize a full match if one is found. Fixes: fe88788779fc ("ASoC: SOF: topology: Use partial match for connecting DAI link and DAI widget") Link: https://github.com/thesofproject/linux/issues/5308 Signed-off-by: Kai Vehmanen <kai.vehmanen(a)linux.intel.com> Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> --- sound/soc/sof/topology.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/sound/soc/sof/topology.c b/sound/soc/sof/topology.c index 2d4e660b19d5..d612d693efc3 100644 --- a/sound/soc/sof/topology.c +++ b/sound/soc/sof/topology.c @@ -1071,7 +1071,7 @@ static int sof_connect_dai_widget(struct snd_soc_component *scomp, struct snd_sof_dai *dai) { struct snd_soc_card *card = scomp->card; - struct snd_soc_pcm_runtime *rtd; + struct snd_soc_pcm_runtime *rtd, *full, *partial; struct snd_soc_dai *cpu_dai; int stream; int i; @@ -1088,12 +1088,22 @@ static int sof_connect_dai_widget(struct snd_soc_component *scomp, else goto end; + full = NULL; + partial = NULL; list_for_each_entry(rtd, &card->rtd_list, list) { /* does stream match DAI link ? */ - if (!rtd->dai_link->stream_name || - !strstr(rtd->dai_link->stream_name, w->sname)) - continue; + if (rtd->dai_link->stream_name) { + if (!strcmp(rtd->dai_link->stream_name, w->sname)) { + full = rtd; + break; + } else if (strstr(rtd->dai_link->stream_name, w->sname)) { + partial = rtd; + } + } + } + rtd = full ? full : partial; + if (rtd) { for_each_rtd_cpu_dais(rtd, i, cpu_dai) { /* * Please create DAI widget in the right order -- 2.49.0

7 months, 2 weeks

2
1
0 0

[PATCH] ASoC: SOF: Intel: hda-bus: Use PIO mode on ACE2+ platforms

by Peter Ujfalusi

Keep using the PIO mode for commands on ACE2+ platforms, similarly how the legacy stack is configured. Fixes: 05cf17f1bf6d ("ASoC: SOF: Intel: hda-bus: Use PIO mode for Lunar Lake") Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- sound/soc/sof/intel/hda-bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/sof/intel/hda-bus.c b/sound/soc/sof/intel/hda-bus.c index b1be03011d7e..6492e1cefbfb 100644 --- a/sound/soc/sof/intel/hda-bus.c +++ b/sound/soc/sof/intel/hda-bus.c @@ -76,7 +76,7 @@ void sof_hda_bus_init(struct snd_sof_dev *sdev, struct device *dev) snd_hdac_ext_bus_init(bus, dev, &bus_core_ops, sof_hda_ext_ops); - if (chip && chip->hw_ip_version == SOF_INTEL_ACE_2_0) + if (chip && chip->hw_ip_version >= SOF_INTEL_ACE_2_0) bus->use_pio_for_commands = true; #else snd_hdac_ext_bus_init(bus, dev, NULL, NULL); -- 2.49.0

7 months, 2 weeks

2
1
0 0

[PATCH 5.15 00/55] 5.15.182-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.182 release. There are 55 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 10 May 2025 11:25:42 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.182-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.182-rc2 Tudor Ambarus <tudor.ambarus(a)linaro.org> dm: fix copying after src array boundaries Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Xiang wangx <wangxiang(a)cdjrlc.com> irqchip/gic-v2m: Add const to of_device_id Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix deadlock issue when externel_lb and reset are executed together Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: add support for external loopback test Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Brett Creeley <brett.creeley(a)intel.com> ice: Refactor promiscuous functions Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Biao Huang <biao.huang(a)mediatek.com> net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_scmi/bus.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 ++--- drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 ++- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 119 ++++++-- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 3 + drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 61 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 26 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_fltr.c | 58 ++++ drivers/net/ethernet/intel/ice/ice_fltr.h | 12 + drivers/net/ethernet/intel/ice/ice_main.c | 49 +-- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 139 ++++----- drivers/net/ethernet/mediatek/mtk_star_emac.c | 339 ++++++++++++--------- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/phy/microchip.c | 46 +-- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/nvme/host/tcp.c | 31 +- drivers/of/device.c | 7 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- kernel/trace/trace.c | 5 +- net/ipv4/udp_offload.c | 61 +++- net/sched/act_mirred.c | 22 +- net/sched/sch_drr.c | 9 +- net/sched/sch_ets.c | 9 +- net/sched/sch_hfsc.c | 2 +- net/sched/sch_qfq.c | 11 +- sound/usb/format.c | 3 +- 65 files changed, 926 insertions(+), 505 deletions(-)

7 months, 2 weeks

6
5
0 0

[PATCH 6.6 000/129] 6.6.90-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.90 release. There are 129 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 10 May 2025 11:25:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.90-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.90-rc2 Tudor Ambarus <tudor.ambarus(a)linaro.org> dm: fix copying after src array boundaries Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix possible null pointer dereference at secondary interrupter removal Marc Zyngier <maz(a)kernel.org> usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/amd/display: Fix slab-use-after-free in hdcp Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Use the new rb tree helpers Shyam Saini <shyamsaini(a)linux.microsoft.com> drivers: base: handle module_kobject creation Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: globalize lookup_or_create_module_kobject() Shyam Saini <shyamsaini(a)linux.microsoft.com> kernel: param: rename locate_module_kobject Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Limit time spent with xHC interrupts disabled during bus resume Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: support setting interrupt moderation IMOD for secondary interrupters Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: check if 'requested segments' exceeds ERST capacity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add helper to set an interrupters interrupt moderation interval Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: add support to allocate several interrupters Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: split free interrupter into separate remove and free parts Lukas Wunner <lukas(a)wunner.de> xhci: Clean up stale comment on ERST_SIZE macro Jonathan Bell <jonathan(a)raspberrypi.com> xhci: Use more than one Event Ring segment Lukas Wunner <lukas(a)wunner.de> xhci: Set DESI bits in ERDP register correctly Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs Christian Bruel <christian.bruel(a)foss.st.com> arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ARM: dts: opos6ul: add ksz8081 phy properties Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Balance device refcount when destroying devices Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Samuel Holland <samuel.holland(a)sifive.com> riscv: Pass patch_text() the length in bytes Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Rob Herring (Arm) <robh(a)kernel.org> ASoC: Use of_property_read_bool() Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix RX error handling Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Add range check for CMD_RTS Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix LEN_MASK Stefan Wahren <wahrenst(a)gmx.net> net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Jian Shen <shenjian15(a)huawei.com> net: hns3: defer calling ptp_clock_register() Hao Lan <lanhao(a)huawei.com> net: hns3: fixed debugfs tm_qset size Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix an interrupt residual problem Jian Shen <shenjian15(a)huawei.com> net: hns3: store rx VLAN tag offload state for VF Sathesh B Edara <sedara(a)marvell.com> octeon_ep: Fix host hang issue during device reboot Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix ethtool -d byte order for 32-bit values Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix out-of-bound memcpy() during ethtool -w Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Fix coredump logic to free allocated buffer Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix UDPv6 GSO segmentation with NAT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix broken taprio gate states after clock jump Chad Monroe <chad(a)monroe.io> net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM Jacob Keller <jacob.e.keller(a)intel.com> igc: fix lock order in igc_ptp_reset Da Xue <da(a)libre.computer> net: mdio: mux-meson-gxl: set reversed bit when using internal phy Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Keith Busch <kbusch(a)kernel.org> nvme-pci: fix queue unquiesce check on slot_reset Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix buffer overflow at UMP SysEx message conversion Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: ets: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Shannon Nelson <shannon.nelson(a)amd.com> pds_core: remove write-after-free of client_id Shannon Nelson <shannon.nelson(a)amd.com> pds_core: specify auxiliary_device to be created Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make pdsc_auxbus_dev_del() void Shannon Nelson <shannon.nelson(a)amd.com> pds_core: delete VF dev on reset Shannon Nelson <shannon.nelson(a)amd.com> pds_core: check health in devcmd wait Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: copy RX timestamp to new fragments Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: Rename mono_delivery_time to tstamp_type for scalabilty En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() Chris Mi <cmi(a)nvidia.com> net/mlx5: E-switch, Fix error handling for enabling roce Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Ido Schimmel <idosch(a)nvidia.com> vxlan: vnifilter: Fix unlocked deletion of default FDB entry Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Fix dash warning Murad Masimov <m.masimov(a)mt-integration.ru> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Chen Linxuan <chenlinxuan(a)uniontech.com> drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/boot: Check for ld-option support Donet Tom <donettom(a)linux.ibm.com> book3s64/radix : Align section vmemmap start address to PAGE_SIZE Sheetal <sheetal(a)nvidia.com> ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Robin Murphy <robin.murphy(a)arm.com> iommu: Handle race with default domain setup Sean Christopherson <seanjc(a)google.com> KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Ryan Matthews <ryanmatthews(a)fastmail.com> Revert "PCI: imx6: Skip controller_id generation logic for i.MX7D" Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: extend changes_pkt_data with cases w/o subprograms Eduard Zingerman <eddyz87(a)gmail.com> bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: validate that tail call invalidates packet pointers Eduard Zingerman <eddyz87(a)gmail.com> bpf: consider that tail calls invalidate packet pointers Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: freplace tests for tracking of changes_packet_data Eduard Zingerman <eddyz87(a)gmail.com> bpf: check changes_pkt_data property for extension programs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: test for changing packet data from global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: track changes_pkt_data property for global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: refactor bpf_helper_changes_pkt_data to use helper number Eduard Zingerman <eddyz87(a)gmail.com> bpf: add find_containing_subprog() utility function Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix setting policy limits when frequency tables are used Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Jethro Donaldson <devel(a)jro.nz> smb: client: fix zero length for mkdir POSIX create context Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in kerberos authentication Shouye Liu <shouyeliu(a)tencent.com> platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles Mingcong Bai <jeffbai(a)aosc.io> iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line LongPing Wei <weilongping(a)oppo.com> dm-bufio: don't schedule in atomic context Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not take trace_event_sem in print_event_fields() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Don't fail set_cs_timing when delays are zero Ruslan Piasetskyi <ruslan.piasetskyi(a)gmail.com> mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: repeat setting reserved region nid if array is doubled Wei Yang <richard.weiyang(a)gmail.com> mm/memblock: pass size instead of end to memblock_set_node() Stephan Gerhold <stephan.gerhold(a)linaro.org> irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Sean Christopherson <seanjc(a)google.com> perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset Philipp Stanner <phasta(a)kernel.org> drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/fdinfo: Protect against driver unbind Dave Chen <davechen(a)synology.com> btrfs: fix COW handling in run_delalloc_nocow() Joachim Priesner <joachim.priesner(a)web.de> ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Geoffrey D. Bennett <g(a)b4.vu> ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() Christian Heusel <christian(a)heusel.eu> Revert "rndis_host: Flag RNDIS modems as WWAN devices" ------------- Diffstat: Makefile | 4 +- .../boot/dts/nxp/imx/imx6ul-imx6ull-opos6ul.dtsi | 3 + arch/arm64/boot/dts/st/stm32mp251.dtsi | 9 +- arch/arm64/kernel/proton-pack.c | 2 + arch/parisc/math-emu/driver.c | 16 +- arch/powerpc/boot/wrapper | 6 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 17 +- arch/riscv/include/asm/patch.h | 2 +- arch/riscv/kernel/patch.c | 14 +- arch/riscv/kernel/probes/kprobes.c | 18 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 7 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 3 + drivers/base/module.c | 13 +- drivers/bluetooth/btusb.c | 101 ++++++++--- drivers/cpufreq/cpufreq.c | 42 ++++- drivers/cpufreq/cpufreq_ondemand.c | 3 +- drivers/cpufreq/freq_table.c | 6 +- drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/firmware/arm_ffa/driver.c | 3 +- drivers/firmware/arm_scmi/bus.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 56 +++--- drivers/gpu/drm/drm_file.c | 6 + drivers/gpu/drm/i915/pxp/intel_pxp_gsccs.h | 8 +- drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/iommu/amd/init.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 79 +++++---- drivers/iommu/intel/iommu.c | 4 +- drivers/iommu/iommu.c | 18 ++ drivers/irqchip/irq-qcom-mpm.c | 3 + drivers/md/dm-bufio.c | 9 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 5 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 5 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 49 +++--- drivers/net/ethernet/amd/pds_core/core.h | 7 +- drivers/net/ethernet/amd/pds_core/dev.c | 11 +- drivers/net/ethernet/amd/pds_core/devlink.c | 7 +- drivers/net/ethernet/amd/pds_core/main.c | 23 ++- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 ++- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 30 ++-- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 36 +++- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 82 +++++---- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 13 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 ++- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 5 + drivers/net/ethernet/intel/igc/igc_ptp.c | 6 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 14 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 13 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/rdma.h | 4 +- drivers/net/ethernet/microchip/lan743x_main.c | 8 +- drivers/net/ethernet/microchip/lan743x_main.h | 1 + drivers/net/ethernet/mscc/ocelot.c | 194 +++++++++++++++++++-- drivers/net/ethernet/mscc/ocelot_vcap.c | 1 + drivers/net/ethernet/vertexcom/mse102x.c | 36 +++- drivers/net/mdio/mdio-mux-meson-gxl.c | 3 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/vxlan/vxlan_vnifilter.c | 8 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/purelifi/plfxlc/mac.c | 1 - drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/tcp.c | 31 +++- drivers/pci/controller/dwc/pci-imx6.c | 3 +- drivers/platform/x86/amd/pmc/pmc.c | 7 +- .../x86/intel/uncore-frequency/uncore-frequency.c | 13 +- drivers/spi/spi-tegra114.c | 6 +- drivers/usb/host/xhci-debugfs.c | 2 +- drivers/usb/host/xhci-hub.c | 30 ++-- drivers/usb/host/xhci-mem.c | 175 +++++++++++++++---- drivers/usb/host/xhci-ring.c | 4 +- drivers/usb/host/xhci.c | 80 ++++++--- drivers/usb/host/xhci.h | 20 ++- fs/btrfs/inode.c | 9 +- fs/smb/client/smb2pdu.c | 1 + fs/smb/server/auth.c | 14 +- fs/smb/server/smb2pdu.c | 5 - include/linux/bpf.h | 1 + include/linux/bpf_verifier.h | 1 + include/linux/cpufreq.h | 83 ++++++--- include/linux/filter.h | 2 +- include/linux/module.h | 2 + include/linux/pds/pds_core_if.h | 1 + include/linux/skbuff.h | 52 ++++-- include/net/inet_frag.h | 4 +- include/soc/mscc/ocelot_vcap.h | 2 + include/sound/ump_convert.h | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/verifier.c | 81 +++++++-- kernel/params.c | 6 +- kernel/trace/trace.c | 5 +- kernel/trace/trace_output.c | 4 +- mm/memblock.c | 12 +- net/bluetooth/l2cap_core.c | 3 + net/bridge/netfilter/nf_conntrack_bridge.c | 6 +- net/core/dev.c | 2 +- net/core/filter.c | 73 ++++---- net/ieee802154/6lowpan/reassembly.c | 2 +- net/ipv4/inet_fragment.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_output.c | 9 +- net/ipv4/tcp_output.c | 14 +- net/ipv4/udp_offload.c | 61 ++++++- net/ipv6/ip6_output.c | 6 +- net/ipv6/netfilter.c | 6 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/reassembly.c | 2 +- net/ipv6/tcp_ipv6.c | 2 +- net/sched/act_bpf.c | 4 +- net/sched/cls_bpf.c | 4 +- net/sched/sch_drr.c | 16 +- net/sched/sch_ets.c | 17 +- net/sched/sch_hfsc.c | 10 +- net/sched/sch_htb.c | 2 + net/sched/sch_qfq.c | 18 +- sound/soc/codecs/ak4613.c | 4 +- sound/soc/soc-core.c | 36 ++-- sound/soc/soc-pcm.c | 5 +- sound/usb/endpoint.c | 7 + sound/usb/format.c | 3 +- .../selftests/bpf/prog_tests/changes_pkt_data.c | 107 ++++++++++++ .../testing/selftests/bpf/progs/changes_pkt_data.c | 39 +++++ .../bpf/progs/changes_pkt_data_freplace.c | 18 ++ tools/testing/selftests/bpf/progs/verifier_sock.c | 56 ++++++ 143 files changed, 1763 insertions(+), 662 deletions(-)

7 months, 2 weeks

8
8
0 0

Re: [PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy

by Don.Brace＠microchip.com

---------- Forwarded message --------- From: Zhu Wei <zhuwei(a)sangfor.com.cn> Date: Thu, May 8, 2025 at 7:57 AM Subject: [PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy To: <don.brace(a)microchip.com>, <kevin.barnett(a)microchip.com> Cc: <dinghui(a)sangfor.com.cn>, <zengzhicong(a)sangfor.com.cn>, <James.Bottomley(a)hansenpartnership.com>, <martin.petersen(a)oracle.com>, <storagedev(a)microchip.com>, <linux-scsi(a)vger.kernel.org>, <linux-kernel(a)vger.kernel.org>, <stable(a)vger.kernel.org>, Zhu Wei <zhuwei(a)sangfor.com.cn> There is a race condition between pqi_sdev_destroy and pqi_tmf_worker. After pqi_free_device is released, pqi_tmf_worker will still use device. Don: Thank-you for your patch, however we recently applied a similar patch to our internal repo. Don: But more checking is done for removed devices. Don: When this patch has been tested internally, we will post it up for review. Don: I will add a Reported-By tag with your name. Don: So Nak. kasan report: [ 1933.765810] ================================================================== [ 1933.771862] scsi 15:0:20:0: Direct-Access ATA WDC WUH722222AL WTS2 PQ: 0 ANSI: 6 [ 1933.779190] BUG: KASAN: use-after-free in pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779194] Read of size 4 at addr ffff88954c490480 by task kworker/2:2/518186 [ 1933.779201] CPU: 2 PID: 518186 Comm: kworker/2:2 Kdump: loaded Tainted: G U OE 4.19.90-89.16.v2401.osc.sfc.6.11.1.0108.ky10.x86_64+debug #1 [ 1933.779203] Source Version: v6.11.1.0108+0~65323201.20250328 [ 1933.779205] Hardware name: SANGFOR S2122-S12L/ASERVER-P-2000, BIOS TYR.2.00.0100 05/18/2019 [ 1933.779213] Workqueue: events pqi_tmf_worker [smartpqi] [ 1933.779216] Call Trace: [ 1933.779225] dump_stack+0x8b/0xb9 [ 1933.779239] print_address_description+0x65/0x2b0 [ 1933.779249] kasan_report+0x14b/0x290 [ 1933.779255] pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] [ 1933.779264] pqi_device_reset_handler+0x174f/0x1f30 [smartpqi] [ 1933.779284] process_one_work+0x65f/0x12d0 [ 1933.806306] worker_thread+0x87/0xb50 [ 1933.806315] kthread+0x2e9/0x3a0 [ 1933.806323] ret_from_fork+0x1f/0x40 [ 1933.843994] Allocated by task 579094: [ 1933.875361] save_stack+0x19/0x80 [ 1933.892366] kasan_kmalloc+0xa0/0xd0 [ 1933.892373] kmem_cache_alloc+0xbb/0x1c0 [ 1933.892378] getname_flags+0xba/0x500 [ 1933.892384] user_path_at_empty+0x1d/0x40 [ 1933.892389] vfs_statx+0xb9/0x140 [ 1933.892397] __do_sys_newstat+0x77/0xd0 [ 1933.913179] do_syscall_64+0xa4/0x430 [ 1933.913187] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.933381] Freed by task 579094: [ 1933.933389] save_stack+0x19/0x80 [ 1933.933392] __kasan_slab_free+0x130/0x180 [ 1933.933396] kmem_cache_free+0x78/0x1e0 [ 1933.933401] filename_lookup+0x216/0x400 [ 1933.933405] vfs_statx+0xb9/0x140 [ 1933.933407] __do_sys_newstat+0x77/0xd0 [ 1933.933417] do_syscall_64+0xa4/0x430 [ 1933.933432] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 1933.956837] [ 1933.956842] The buggy address belongs to the object at ffff88954c490000 which belongs to the cache names_cache of size 4096 [ 1933.956845] The buggy address is located 1152 bytes inside of 4096-byte region [ffff88954c490000, ffff88954c491000) [ 1933.956851] The buggy address belongs to the page: [ 1934.297352] page:ffffea0055312400 count:1 mapcount:0 mapping:ffff888100580f00 index:0x0 compound_mapcount: 0 [ 1934.309566] flags: 0x57ffffc0008100(slab|head) [ 1934.316370] raw: 0057ffffc0008100 0000000000000000 dead000000000200 ffff888100580f00 [ 1934.326518] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 1934.338191] page dumped because: kasan: bad access detected [ 1934.346177] [ 1934.350031] Memory state around the buggy address: [ 1934.357220] ffff88954c490380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.366854] ffff88954c490400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.376474] >ffff88954c490480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.386094] ^ [ 1934.391684] ffff88954c490500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.402601] ffff88954c490580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1934.412228] ================================================================== Before pqi_sdev_destroy executes pqi_free_device, cancel the pqi_tmf_worker of the corresponding device. Fixes: 2d80f4054f7f ("scsi: smartpqi: Update deleting a LUN via sysfs") Signed-off-by: Zhu Wei <zhuwei(a)sangfor.com.cn> --- drivers/scsi/smartpqi/smartpqi_init.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c index 8a26eca4fdc9..102ed7501f08 100644 --- a/drivers/scsi/smartpqi/smartpqi_init.c +++ b/drivers/scsi/smartpqi/smartpqi_init.c @@ -6581,6 +6581,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) struct pqi_scsi_dev *device; int mutex_acquired; unsigned long flags; + unsigned int lun; + struct pqi_tmf_work *tmf_work; ctrl_info = shost_to_hba(sdev->host); @@ -6607,6 +6609,8 @@ static void pqi_sdev_destroy(struct scsi_device *sdev) mutex_unlock(&ctrl_info->scan_mutex); pqi_dev_info(ctrl_info, "removed", device); + for (lun = 0, tmf_work = device->tmf_work; lun < PQI_MAX_LUNS_PER_DEVICE; lun++, tmf_work++) + cancel_work_sync(&tmf_work->work_struct); pqi_free_device(device); } -- 2.43.0

7 months, 2 weeks

2
1
0 0

[PATCH] soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events

by Johan Hovold

The PMIC GLINK driver is currently generating DisplayPort hotplug notifications whenever something is connected to (or disconnected from) a port regardless of the type of notification sent by the firmware. These notifications are forwarded to user space by the DRM subsystem as connector "change" uevents: KERNEL[1556.223776] change /devices/platform/soc(a)0/ae00000.display-subsystem/ae01000.display-controller/drm/card0 (drm) ACTION=change DEVPATH=/devices/platform/soc(a)0/ae00000.display-subsystem/ae01000.display-controller/drm/card0 SUBSYSTEM=drm HOTPLUG=1 CONNECTOR=36 DEVNAME=/dev/dri/card0 DEVTYPE=drm_minor SEQNUM=4176 MAJOR=226 MINOR=0 On the Lenovo ThinkPad X13s and T14s, the PMIC GLINK firmware sends two identical notifications with orientation information when connecting a charger, each generating a bogus DRM hotplug event. On the X13s, two such notification are also sent every 90 seconds while a charger remains connected, which again are forwarded to user space: port = 1, svid = ff00, mode = 255, hpd_state = 0 payload = 01 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 00 Note that the firmware only sends on of these when connecting an ethernet adapter. Fix the spurious hotplug events by only forwarding hotplug notifications for the Type-C DisplayPort service id. This also reduces the number of uevents from four to two when an actual DisplayPort altmode device is connected: port = 0, svid = ff01, mode = 2, hpd_state = 0 payload = 00 01 02 00 f2 0c 01 ff 03 00 00 00 00 00 00 00 port = 0, svid = ff01, mode = 2, hpd_state = 1 payload = 00 01 02 00 f2 0c 01 ff 43 00 00 00 00 00 00 00 Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Reported-by: Clayton Craft <clayton(a)craftyguy.net> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- Clayton reported seeing display flickering with recent RC kernels, which may possibly be related to these spurious events being generated with even greater frequency. That still remains to be fully understood, but the spurious events, that on the X13s are generated every 90 seconds, should be fixed either way. Johan drivers/soc/qcom/pmic_glink_altmode.c | 30 +++++++++++++++++---------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index bd06ce161804..7f11acd33323 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -218,21 +218,29 @@ static void pmic_glink_altmode_worker(struct work_struct *work) { struct pmic_glink_altmode_port *alt_port = work_to_altmode_port(work); struct pmic_glink_altmode *altmode = alt_port->altmode; + enum drm_connector_status conn_status; typec_switch_set(alt_port->typec_switch, alt_port->orientation); - if (alt_port->svid == USB_TYPEC_DP_SID && alt_port->mode == 0xff) - pmic_glink_altmode_safe(altmode, alt_port); - else if (alt_port->svid == USB_TYPEC_DP_SID) - pmic_glink_altmode_enable_dp(altmode, alt_port, alt_port->mode, - alt_port->hpd_state, alt_port->hpd_irq); - else - pmic_glink_altmode_enable_usb(altmode, alt_port); + if (alt_port->svid == USB_TYPEC_DP_SID) { + if (alt_port->mode == 0xff) { + pmic_glink_altmode_safe(altmode, alt_port); + } else { + pmic_glink_altmode_enable_dp(altmode, alt_port, + alt_port->mode, + alt_port->hpd_state, + alt_port->hpd_irq); + } - drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, - alt_port->hpd_state ? - connector_status_connected : - connector_status_disconnected); + if (alt_port->hpd_state) + conn_status = connector_status_connected; + else + conn_status = connector_status_disconnected; + + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, conn_status); + } else { + pmic_glink_altmode_enable_usb(altmode, alt_port); + } pmic_glink_altmode_request(altmode, ALTMODE_PAN_ACK, alt_port->index); } -- 2.48.1

7 months, 2 weeks

5
9
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2025