August 2025 - Linux-stable-mirror

[CI 2/5] drm/i915/icl+/tc: Cache the max lane count value

by Imre Deak

The PHY's pin assignment value in the TCSS_DDI_STATUS register - as set by the HW/FW based on the connected DP-alt sink's TypeC/PD pin assignment negotiation - gets cleared by the HW/FW on LNL+ as soon as the sink gets disconnected, even if the PHY ownership got acquired already by the driver (and hence the PHY itself is still connected and used by the display). This is similar to how the PHY Ready flag gets cleared on LNL+ in the same register. To be able to query the max lane count value on LNL+ - which is based on the above pin assignment - at all times even after the sink gets disconnected, the max lane count must be determined and cached during the PHY's HW readout and connect sequences. Do that here, leaving the actual use of the cached value to a follow-up change. v2: Don't read out the pin configuration if the PHY is disconnected. Cc: stable(a)vger.kernel.org # v6.8+ Reported-by: Charlton Lin <charlton.lin(a)intel.com> Tested-by: Khaled Almahallawy <khaled.almahallawy(a)intel.com> Reviewed-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/intel_tc.c | 57 +++++++++++++++++++++---- 1 file changed, 48 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_tc.c b/drivers/gpu/drm/i915/display/intel_tc.c index d8247d1a8319b..752900f1c115c 100644 --- a/drivers/gpu/drm/i915/display/intel_tc.c +++ b/drivers/gpu/drm/i915/display/intel_tc.c @@ -66,6 +66,7 @@ struct intel_tc_port { enum tc_port_mode init_mode; enum phy_fia phy_fia; u8 phy_fia_idx; + u8 max_lane_count; }; static enum intel_display_power_domain @@ -365,12 +366,12 @@ static int intel_tc_port_get_max_lane_count(struct intel_digital_port *dig_port) } } -int intel_tc_port_max_lane_count(struct intel_digital_port *dig_port) +static int get_max_lane_count(struct intel_tc_port *tc) { - struct intel_display *display = to_intel_display(dig_port); - struct intel_tc_port *tc = to_tc_port(dig_port); + struct intel_display *display = to_intel_display(tc->dig_port); + struct intel_digital_port *dig_port = tc->dig_port; - if (!intel_encoder_is_tc(&dig_port->base) || tc->mode != TC_PORT_DP_ALT) + if (tc->mode != TC_PORT_DP_ALT) return 4; assert_tc_cold_blocked(tc); @@ -384,6 +385,21 @@ int intel_tc_port_max_lane_count(struct intel_digital_port *dig_port) return intel_tc_port_get_max_lane_count(dig_port); } +static void read_pin_configuration(struct intel_tc_port *tc) +{ + tc->max_lane_count = get_max_lane_count(tc); +} + +int intel_tc_port_max_lane_count(struct intel_digital_port *dig_port) +{ + struct intel_tc_port *tc = to_tc_port(dig_port); + + if (!intel_encoder_is_tc(&dig_port->base)) + return 4; + + return get_max_lane_count(tc); +} + void intel_tc_port_set_fia_lane_count(struct intel_digital_port *dig_port, int required_lanes) { @@ -596,9 +612,12 @@ static void icl_tc_phy_get_hw_state(struct intel_tc_port *tc) tc_cold_wref = __tc_cold_block(tc, &domain); tc->mode = tc_phy_get_current_mode(tc); - if (tc->mode != TC_PORT_DISCONNECTED) + if (tc->mode != TC_PORT_DISCONNECTED) { tc->lock_wakeref = tc_cold_block(tc); + read_pin_configuration(tc); + } + __tc_cold_unblock(tc, domain, tc_cold_wref); } @@ -656,8 +675,11 @@ static bool icl_tc_phy_connect(struct intel_tc_port *tc, tc->lock_wakeref = tc_cold_block(tc); - if (tc->mode == TC_PORT_TBT_ALT) + if (tc->mode == TC_PORT_TBT_ALT) { + read_pin_configuration(tc); + return true; + } if ((!tc_phy_is_ready(tc) || !icl_tc_phy_take_ownership(tc, true)) && @@ -668,6 +690,7 @@ static bool icl_tc_phy_connect(struct intel_tc_port *tc, goto out_unblock_tc_cold; } + read_pin_configuration(tc); if (!tc_phy_verify_legacy_or_dp_alt_mode(tc, required_lanes)) goto out_release_phy; @@ -858,9 +881,12 @@ static void adlp_tc_phy_get_hw_state(struct intel_tc_port *tc) port_wakeref = intel_display_power_get(display, port_power_domain); tc->mode = tc_phy_get_current_mode(tc); - if (tc->mode != TC_PORT_DISCONNECTED) + if (tc->mode != TC_PORT_DISCONNECTED) { tc->lock_wakeref = tc_cold_block(tc); + read_pin_configuration(tc); + } + intel_display_power_put(display, port_power_domain, port_wakeref); } @@ -873,6 +899,9 @@ static bool adlp_tc_phy_connect(struct intel_tc_port *tc, int required_lanes) if (tc->mode == TC_PORT_TBT_ALT) { tc->lock_wakeref = tc_cold_block(tc); + + read_pin_configuration(tc); + return true; } @@ -894,6 +923,8 @@ static bool adlp_tc_phy_connect(struct intel_tc_port *tc, int required_lanes) tc->lock_wakeref = tc_cold_block(tc); + read_pin_configuration(tc); + if (!tc_phy_verify_legacy_or_dp_alt_mode(tc, required_lanes)) goto out_unblock_tc_cold; @@ -1124,9 +1155,12 @@ static void xelpdp_tc_phy_get_hw_state(struct intel_tc_port *tc) tc_cold_wref = __tc_cold_block(tc, &domain); tc->mode = tc_phy_get_current_mode(tc); - if (tc->mode != TC_PORT_DISCONNECTED) + if (tc->mode != TC_PORT_DISCONNECTED) { tc->lock_wakeref = tc_cold_block(tc); + read_pin_configuration(tc); + } + drm_WARN_ON(display->drm, (tc->mode == TC_PORT_DP_ALT || tc->mode == TC_PORT_LEGACY) && !xelpdp_tc_phy_tcss_power_is_enabled(tc)); @@ -1138,14 +1172,19 @@ static bool xelpdp_tc_phy_connect(struct intel_tc_port *tc, int required_lanes) { tc->lock_wakeref = tc_cold_block(tc); - if (tc->mode == TC_PORT_TBT_ALT) + if (tc->mode == TC_PORT_TBT_ALT) { + read_pin_configuration(tc); + return true; + } if (!xelpdp_tc_phy_enable_tcss_power(tc, true)) goto out_unblock_tccold; xelpdp_tc_phy_take_ownership(tc, true); + read_pin_configuration(tc); + if (!tc_phy_verify_legacy_or_dp_alt_mode(tc, required_lanes)) goto out_release_phy; -- 2.49.1

4 days, 18 hours

1
0
0 0

[CI 1/5] drm/i915/lnl+/tc: Fix handling of an enabled/disconnected dp-alt sink

by Imre Deak

The TypeC PHY HW readout during driver loading and system resume determines which TypeC mode the PHY is in (legacy/DP-alt/TBT-alt) and whether the PHY is connected, based on the PHY's Owned and Ready flags. For the PHY to be in DP-alt or legacy mode and for the PHY to be in the connected state in these modes, both the Owned (set by the BIOS/driver) and the Ready (set by the HW) flags should be set. On ICL-MTL the HW kept the PHY's Ready flag set after the driver connected the PHY by acquiring the PHY ownership (by setting the Owned flag), until the driver disconnected the PHY by releasing the PHY ownership (by clearing the Owned flag). On LNL+ this has changed, in that the HW clears the Ready flag as soon as the sink gets disconnected, even if the PHY ownership was acquired already and hence the PHY is being used by the display. When inheriting the HW state from BIOS for a PHY connected in DP-alt mode on which the sink got disconnected - i.e. in a case where the sink was connected while BIOS/GOP was running and so the sink got enabled connecting the PHY, but the user disconnected the sink by the time the driver loaded - the PHY Owned but not Ready state must be accounted for on LNL+ according to the above. Do that by assuming on LNL+ that the PHY is connected in DP-alt mode whenever the PHY Owned flag is set, regardless of the PHY Ready flag. This fixes a problem on LNL+, where the PHY TypeC mode / connected state was detected incorrectly for a DP-alt sink, which got connected and then disconnected by the user in the above way. v2: Rename tc_phy_in_legacy_or_dp_alt_mode() to tc_phy_owned_by_display(). (Luca, Jani) Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: stable(a)vger.kernel.org # v6.8+ Reported-by: Charlton Lin <charlton.lin(a)intel.com> Tested-by: Khaled Almahallawy <khaled.almahallawy(a)intel.com> Reviewed-by: Mika Kahola <mika.kahola(a)intel.com> Reviewed-by: Luca Coelho <luciano.coelho(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/intel_tc.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_tc.c b/drivers/gpu/drm/i915/display/intel_tc.c index 3bc57579fe53e..d8247d1a8319b 100644 --- a/drivers/gpu/drm/i915/display/intel_tc.c +++ b/drivers/gpu/drm/i915/display/intel_tc.c @@ -1226,14 +1226,18 @@ static void tc_phy_get_hw_state(struct intel_tc_port *tc) tc->phy_ops->get_hw_state(tc); } -static bool tc_phy_is_ready_and_owned(struct intel_tc_port *tc, - bool phy_is_ready, bool phy_is_owned) +static bool tc_phy_owned_by_display(struct intel_tc_port *tc, + bool phy_is_ready, bool phy_is_owned) { struct intel_display *display = to_intel_display(tc->dig_port); - drm_WARN_ON(display->drm, phy_is_owned && !phy_is_ready); + if (DISPLAY_VER(display) < 20) { + drm_WARN_ON(display->drm, phy_is_owned && !phy_is_ready); - return phy_is_ready && phy_is_owned; + return phy_is_ready && phy_is_owned; + } else { + return phy_is_owned; + } } static bool tc_phy_is_connected(struct intel_tc_port *tc, @@ -1244,7 +1248,7 @@ static bool tc_phy_is_connected(struct intel_tc_port *tc, bool phy_is_owned = tc_phy_is_owned(tc); bool is_connected; - if (tc_phy_is_ready_and_owned(tc, phy_is_ready, phy_is_owned)) + if (tc_phy_owned_by_display(tc, phy_is_ready, phy_is_owned)) is_connected = port_pll_type == ICL_PORT_DPLL_MG_PHY; else is_connected = port_pll_type == ICL_PORT_DPLL_DEFAULT; @@ -1352,7 +1356,7 @@ tc_phy_get_current_mode(struct intel_tc_port *tc) phy_is_ready = tc_phy_is_ready(tc); phy_is_owned = tc_phy_is_owned(tc); - if (!tc_phy_is_ready_and_owned(tc, phy_is_ready, phy_is_owned)) { + if (!tc_phy_owned_by_display(tc, phy_is_ready, phy_is_owned)) { mode = get_tc_mode_in_phy_not_owned_state(tc, live_mode); } else { drm_WARN_ON(display->drm, live_mode == TC_PORT_TBT_ALT); -- 2.49.1

4 days, 18 hours

1
0
0 0

[PATCH] uio_hv_generic: Fix another memory leak in error handling paths

by Shivani Agarwal

From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> commit 0b0226be3a52dadd965644bc52a807961c2c26df upstream. Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Note that it is already freed in the .remove function. Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Link: https://lore.kernel.org/r/0d86027b8eeed8e6360bc3d52bcdb328ff9bdca1.16205440… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Shivani: Modified to apply on 5.10.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/uio/uio_hv_generic.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 6625d340f..865a5b289 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -306,7 +306,7 @@ hv_uio_probe(struct hv_device *dev, pdata->recv_buf = vzalloc(RECV_BUFFER_SIZE); if (pdata->recv_buf == NULL) { ret = -ENOMEM; - goto fail_close; + goto fail_free_ring; } ret = vmbus_establish_gpadl(channel, pdata->recv_buf, @@ -366,6 +366,8 @@ hv_uio_probe(struct hv_device *dev, fail_close: hv_uio_cleanup(dev, pdata); +fail_free_ring: + vmbus_free_ring(dev->channel); return ret; }

4 days, 21 hours

1
0
0 0

from pipe fitting factory source

by selene

4 days, 23 hours

1
0
0 0

[PATCH v5 0/5] i2c: rtl9300: Fix multi-byte I2C operations

by Sven Eckelmann

During the integration of the RTL8239 POE chip + its frontend MCU, it was noticed that multi-byte operations were basically broken in the current driver. Tests using SMBus Block Writes showed that the data (after the Wr maker + Ack) was mixed up on the wire. At first glance, it looked like an endianness problem. But for transfers where the number of count + data bytes was not divisible by 4, the last bytes were not looking like an endianness problem because they were in the wrong order but not for example 0 - which would be the case for an endianness problem with 32 bit registers. At the end, it turned out to be the way how i2c_write tried to add the bytes to the send registers. Each 32 bit register was used similar to a shift register - shifting the various bytes up the register while the next one is added to the least significant byte. But the I2C controller expects the first byte of the transmission in the least significant byte of the first register. And the last byte (assuming it is a 16 byte transfer) is expected in the most significant byte of the fourth register. While doing these tests, it was also observed that the count byte was missing from the SMBus Block Writes. The driver just removed them from the data->block (from the I2C subsystem). But the I2C controller DOES NOT automatically add this byte - for example by using the configured transmission length. The RTL8239 MCU is not actually an SMBus compliant device. Instead, it expects I2C Block Reads + I2C Block Writes. But according to the already identified bugs in the driver, it was clear that the I2C controller can simply be modified to not send the count byte for I2C_SMBUS_I2C_BLOCK_DATA. The receive part just needs to write the content of the receive buffer to the correct position in data->block. While the on-wire format was now correct, reads were still not possible against the MCU (for the RTL8239 POE chip). It was always timing out because the 2ms were not enough for sending the read request and then receiving the 12 byte answer. These changes were originally submitted to OpenWrt. But there are plans to migrate OpenWrt to the upstream Linux driver. As a result, the pull request was stopped and the changes were redone against this driver. For reasons of transparency: The work on I2C_SMBUS_I2C_BLOCK_DATA support for the RTL8239-MCU was done on RTL931xx. All problems were therefore detected with the patches from Jonas Jelonek [1] and not the vanilla Linux driver. But looking through the code, it seems like these are NOT regressions introduced by the RTL931x patchset. I've picked up Alex Guo's patch [2] to reduce conflicts between pending fixes. [1] https://patchwork.ozlabs.org/project/linux-i2c/cover/20250727114800.3046-1-… [2] https://lore.kernel.org/r/20250615235248.529019-1-alexguo1023@gmail.com Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- Changes in v5: - Simplify function/capability registration by using I2C_FUNC_SMBUS_I2C_BLOCK, thanks Jonas Jelonek - Link to v4: https://lore.kernel.org/r/20250809-i2c-rtl9300-multi-byte-v4-0-d71dd5eb6121… Changes in v4: - Provide only "write" examples for "i2c: rtl9300: Fix multi-byte I2C write" - drop the second initialization of vals in rtl9300_i2c_write() directly in the "Fix multi-byte I2C write" fix - indicate in target branch for each patch in PATCH prefix - minor commit message cleanups - Link to v3: https://lore.kernel.org/r/20250804-i2c-rtl9300-multi-byte-v3-0-e20607e1b28c… Changes in v3: - integrated patch https://lore.kernel.org/r/20250615235248.529019-1-alexguo1023@gmail.com to avoid conflicts in the I2C_SMBUS_BLOCK_DATA code - added Fixes and stable(a)vger.kernel.org to Alex Guo's patch - added Chris Packham's Reviewed-by/Acked-by - Link to v2: https://lore.kernel.org/r/20250803-i2c-rtl9300-multi-byte-v2-0-9b7b759fe2b6… Changes in v2: - add the missing transfer width and read length increase for the SMBus Write/Read - Link to v1: https://lore.kernel.org/r/20250802-i2c-rtl9300-multi-byte-v1-0-5f687e0098e2… --- Alex Guo (1): i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer Harshal Gohel (2): [i2c-host-fixes] i2c: rtl9300: Fix multi-byte I2C write [i2c-host] i2c: rtl9300: Implement I2C block read and write Sven Eckelmann (2): [i2c-host-fixes] i2c: rtl9300: Increase timeout for transfer polling [i2c-host-fixes] i2c: rtl9300: Add missing count byte for SMBus Block Ops drivers/i2c/busses/i2c-rtl9300.c | 51 +++++++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 9 deletions(-) --- base-commit: 7e161a991ea71e6ec526abc8f40c6852ebe3d946 change-id: 20250802-i2c-rtl9300-multi-byte-edaa1fb0872c Best regards, -- Sven Eckelmann <sven(a)narfation.org>

5 days, 8 hours

1
4
0 0

[PATCH] HID: multitouch: fix integer overflow in set_abs()

by Qasim Ijaz

It is possible for a malicious HID device to trigger a signed integer overflow (undefined behaviour) in set_abs() in the following expression by supplying bogus logical maximum and minimum values: int fuzz = snratio ? (fmax - fmin) / snratio : 0; For example, if the logical_maximum is INT_MAX and logical_minimum is -1 then (fmax - fmin) resolves to INT_MAX + 1, which does not fit in a 32-bit signed int, so the subtraction overflows. Fix this by computing the difference in a 64 bit context. Fixes: 5519cab477b6 ("HID: hid-multitouch: support for PixCir-based panels") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/hid/hid-multitouch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 22c6314a8843..687638ed6d0f 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -540,7 +540,8 @@ static void set_abs(struct input_dev *input, unsigned int code, { int fmin = field->logical_minimum; int fmax = field->logical_maximum; - int fuzz = snratio ? (fmax - fmin) / snratio : 0; + s64 diff = (s64)fmax - (s64)fmin; + int fuzz = snratio ? (int)div_s64(diff, snratio) : 0; input_set_abs_params(input, code, fmin, fmax, fuzz, 0); input_abs_set_res(input, code, hidinput_calc_abs_res(field, code)); } -- 2.39.5

5 days, 9 hours

2
4
0 0

[PATCH AUTOSEL 6.16-5.10] block: avoid possible overflow for chunk_sectors check in blk_stack_limits()

by Sasha Levin

From: John Garry <john.g.garry(a)oracle.com> [ Upstream commit 448dfecc7ff807822ecd47a5c052acedca7d09e8 ] In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors. Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: John Garry <john.g.garry(a)oracle.com> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Link: https://lore.kernel.org/r/20250729091448.1691334-2-john.g.garry@oracle.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: **Backport Status: YES** ## Extensive Analysis This commit should be backported to stable kernel trees for the following reasons: ### 1. **It fixes a real integer overflow bug** The original code performs `(t->chunk_sectors << 9)` which can cause an integer overflow. Since both `chunk_sectors` and `physical_block_size` are `unsigned int` (32-bit), when `chunk_sectors` is larger than 8,388,607 (2^23 - 1), shifting it left by 9 bits (multiplying by 512) will overflow the 32-bit unsigned integer. This overflow can lead to incorrect alignment checks. ### 2. **The fix is minimal and contained** The change is a single-line modification that replaces: ```c if ((t->chunk_sectors << 9) & (t->physical_block_size - 1)) ``` with: ```c if (t->chunk_sectors % (t->physical_block_size >> SECTOR_SHIFT)) ``` This mathematically equivalent check avoids the overflow by dividing `physical_block_size` by the sector size (512 bytes) instead of multiplying `chunk_sectors` by 512. ### 3. **It's a correctness issue in critical block layer code** The `blk_stack_limits()` function is fundamental to the block layer's device stacking functionality, used by MD, DM, and other stacked block devices. An overflow here could lead to: - Incorrect alignment detection - Improper chunk_sectors being cleared when it shouldn't be - Potential data corruption or I/O errors in stacked block devices ### 4. **The fix has low regression risk** - The new calculation is mathematically equivalent to the intended check - It only changes how the comparison is performed, not the logic - The fix has been reviewed by multiple maintainers (Hannes Reinecke, Martin K. Petersen, Damien Le Moal) - No new features or architectural changes are introduced ### 5. **Real-world impact potential** Modern storage devices can have large chunk sizes. For example: - NVMe devices with large zones could have chunk_sectors approaching or exceeding the overflow threshold - RAID configurations with large stripe sizes - This becomes more likely as storage devices grow in capacity and complexity ### 6. **Follows stable kernel criteria** According to stable kernel rules, this qualifies because it: - Fixes a bug that users can potentially hit - Is obviously correct and tested - Is small (single line change) - Fixes only one thing - Has no dependencies on other patches The commit message clearly describes the problem (overflow in unsigned int) and the solution (changing the check to avoid overflow). The fix maintains the same semantic meaning while being overflow-safe, making it an ideal candidate for stable backporting. block/blk-settings.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-settings.c b/block/blk-settings.c index a000daafbfb4..88890e904320 100644 --- a/block/blk-settings.c +++ b/block/blk-settings.c @@ -779,7 +779,7 @@ int blk_stack_limits(struct queue_limits *t, struct queue_limits *b, } /* chunk_sectors a multiple of the physical block size? */ - if ((t->chunk_sectors << 9) & (t->physical_block_size - 1)) { + if (t->chunk_sectors % (t->physical_block_size >> SECTOR_SHIFT)) { t->chunk_sectors = 0; t->flags |= BLK_FLAG_MISALIGNED; ret = -1; -- 2.39.5

5 days, 9 hours

1
15
0 0

[PATCH v3] mm/damon/core: fix commit_ops_filters by using correct nth function

by Sang-Heon Jeon

damos_commit_ops_filters() incorrectly uses damos_nth_filter() which iterates core_filters. As a result, performing a commit unintentionally corrupts ops_filters. Add damos_nth_ops_filter() which iterates ops_filters. Use this function to fix issues caused by wrong iteration. Fixes: 3607cc590f18 ("mm/damon/core: support committing ops_filters") # 6.15.x Cc: stable(a)vger.kernel.org Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com> --- mm/damon/core.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index 883d791a10e5..19c8f01fc81a 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -862,6 +862,18 @@ static struct damos_filter *damos_nth_filter(int n, struct damos *s) return NULL; } +static struct damos_filter *damos_nth_ops_filter(int n, struct damos *s) +{ + struct damos_filter *filter; + int i = 0; + + damos_for_each_ops_filter(filter, s) { + if (i++ == n) + return filter; + } + return NULL; +} + static void damos_commit_filter_arg( struct damos_filter *dst, struct damos_filter *src) { @@ -925,7 +937,7 @@ static int damos_commit_ops_filters(struct damos *dst, struct damos *src) int i = 0, j = 0; damos_for_each_ops_filter_safe(dst_filter, next, dst) { - src_filter = damos_nth_filter(i++, src); + src_filter = damos_nth_ops_filter(i++, src); if (src_filter) damos_commit_filter(dst_filter, src_filter); else -- 2.43.0

5 days, 10 hours

2
2
0 0

[PATCH v2] mm/damon/core: fix commit_ops_filters by using correct nth function

by Sang-Heon Jeon

damos_commit_ops_filters() incorrectly uses damos_nth_filter() which iterates core_filters. As a result, performing a commit unintentionally corrupts ops_filters. Add damos_nth_ops_filter() which iterates ops_filters. Use this function to fix issues caused by wrong iteration. Also, add test to verify that modification is right way. Fixes: 3607cc590f18 ("mm/damon/core: support committing ops_filters") # 6.15.x Cc: stable(a)vger.kernel.org Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com> --- Changes from v1 [1]: 1. Fix code and commit message style. 2. Merge patch set into one patch. 3. Add fixes and cc section for backporting. [1] https://lore.kernel.org/damon/20250808195518.563053-1-ekffu200098@gmail.com/ --- I tried to fix your all comments, but maybe i miss something. Then please let me know; I'll fix it as soon as possible. --- mm/damon/core.c | 14 +++- tools/testing/selftests/damon/Makefile | 1 + .../damon/sysfs_no_op_commit_break.py | 72 +++++++++++++++++++ 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100755 tools/testing/selftests/damon/sysfs_no_op_commit_break.py diff --git a/mm/damon/core.c b/mm/damon/core.c index 883d791a10e5..19c8f01fc81a 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -862,6 +862,18 @@ static struct damos_filter *damos_nth_filter(int n, struct damos *s) return NULL; } +static struct damos_filter *damos_nth_ops_filter(int n, struct damos *s) +{ + struct damos_filter *filter; + int i = 0; + + damos_for_each_ops_filter(filter, s) { + if (i++ == n) + return filter; + } + return NULL; +} + static void damos_commit_filter_arg( struct damos_filter *dst, struct damos_filter *src) { @@ -925,7 +937,7 @@ static int damos_commit_ops_filters(struct damos *dst, struct damos *src) int i = 0, j = 0; damos_for_each_ops_filter_safe(dst_filter, next, dst) { - src_filter = damos_nth_filter(i++, src); + src_filter = damos_nth_ops_filter(i++, src); if (src_filter) damos_commit_filter(dst_filter, src_filter); else diff --git a/tools/testing/selftests/damon/Makefile b/tools/testing/selftests/damon/Makefile index 5b230deb19e8..44a4a819df55 100644 --- a/tools/testing/selftests/damon/Makefile +++ b/tools/testing/selftests/damon/Makefile @@ -17,6 +17,7 @@ TEST_PROGS += reclaim.sh lru_sort.sh TEST_PROGS += sysfs_update_removed_scheme_dir.sh TEST_PROGS += sysfs_update_schemes_tried_regions_hang.py TEST_PROGS += sysfs_memcg_path_leak.sh +TEST_PROGS += sysfs_no_op_commit_break.py EXTRA_CLEAN = __pycache__ diff --git a/tools/testing/selftests/damon/sysfs_no_op_commit_break.py b/tools/testing/selftests/damon/sysfs_no_op_commit_break.py new file mode 100755 index 000000000000..fbefb1c83045 --- /dev/null +++ b/tools/testing/selftests/damon/sysfs_no_op_commit_break.py @@ -0,0 +1,72 @@ +#!/usr/bin/env python3 +# SPDX-License-Identifier: GPL-2.0 + +import json +import os +import subprocess +import sys + +import _damon_sysfs + +def dump_damon_status_dict(pid): + try: + subprocess.check_output(['which', 'drgn'], stderr=subprocess.DEVNULL) + except: + return None, 'drgn not found' + file_dir = os.path.dirname(os.path.abspath(__file__)) + dump_script = os.path.join(file_dir, 'drgn_dump_damon_status.py') + rc = subprocess.call(['drgn', dump_script, pid, 'damon_dump_output'], + stderr=subprocess.DEVNULL) + + if rc != 0: + return None, f'drgn fail: return code({rc})' + try: + with open('damon_dump_output', 'r') as f: + return json.load(f), None + except Exception as e: + return None, 'json.load fail (%s)' % e + +def main(): + kdamonds = _damon_sysfs.Kdamonds( + [_damon_sysfs.Kdamond( + contexts=[_damon_sysfs.DamonCtx( + schemes=[_damon_sysfs.Damos( + ops_filters=[ + _damon_sysfs.DamosFilter( + type_='anon', + matching=True, + allow=True, + ) + ] + )], + )])] + ) + + err = kdamonds.start() + if err is not None: + print('kdamond start failed: %s' % err) + exit(1) + + before_commit_status, err = \ + dump_damon_status_dict(kdamonds.kdamonds[0].pid) + if err is not None: + print(err) + exit(1) + + kdamonds.kdamonds[0].commit() + + after_commit_status, err = \ + dump_damon_status_dict(kdamonds.kdamonds[0].pid) + if err is not None: + print(err) + exit(1) + + if before_commit_status != after_commit_status: + print(f'before: {json.dump(before_commit_status, indent=2)}') + print(f'after: {json.dump(after_commit_status, indent=2)}') + exit(1) + + kdamonds.stop() + +if __name__ == '__main__': + main() -- 2.43.0

5 days, 20 hours

2
2
0 0

[PATCH 5.4 000/204] 5.4.294-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.294 release. There are 204 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 04 Jun 2025 13:42:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.294-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.294-rc1 Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Ignore battery threshold change event notification Valtteri Koskivuori <vkoskiv(a)gmail.com> platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys Alessandro Grassi <alessandro.grassi(a)mailbox.org> spi: spi-sun4i: fix early activation Masahiro Yamada <masahiroy(a)kernel.org> um: let 'make clean' properly clean underlying SUBARCH as well John Chau <johnchau(a)0atlas.com> platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS Jeff Layton <jlayton(a)kernel.org> nfs: don't share pNFS DS connections between net namespaces Milton Barrera <miltonjosue2001(a)gmail.com> HID: quirks: Add ADATA XPG alpha wireless mouse support Christian Brauner <brauner(a)kernel.org> coredump: hand a pidfd to the usermode coredump helper Christian Brauner <brauner(a)kernel.org> fork: use pidfd_prepare() Christian Brauner <brauner(a)kernel.org> pid: add pidfd_prepare() Christian Brauner <christian.brauner(a)ubuntu.com> pidfd: check pid has attached task in fdinfo Christian Brauner <brauner(a)kernel.org> coredump: fix error handling for replace_fd() Pedro Tammela <pctammela(a)mojatatu.com> net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Reset all search buffer pointers when releasing buffer Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix use-after-free in cifs_fill_dirent Jani Nikula <jani.nikula(a)intel.com> drm/i915/gvt: fix unterminated-string-initialization warning Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: do not defer rule destruction via call_rcu Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: wait for rcu grace period on net_device removal Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: restrict register range for regmap access Tianyang Zhang <zhangtianyang(a)loongson.cn> mm/page_alloc.c: avoid infinite retries caused by cpuset race Breno Leitao <leitao(a)debian.org> memcg: always call cond_resched() after fn() feijuan.li <feijuan.li(a)samsung.com> drm/edid: fixed the bug that hdr metadata was not reset Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> llc: fix data loss when reading from a socket in llc_ui_recvmsg() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix race of buffer access at PCM OSS layer Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add missing rcu read protection for procfs content Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add locking for bcm_op runtime updates Ivan Pravdin <ipravdin.official(a)gmail.com> crypto: algif_hash - fix double free in hash_accept Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() Paul Kocialkowski <paulk(a)sys-base.io> net: dwmac-sun8i: Use parsed internal PHY address instead of 1 Ido Schimmel <idosch(a)nvidia.com> bridge: netfilter: Fix forwarding of fragmented packets Paul Chaignon <paul.chaignon(a)gmail.com> xfrm: Sanitize marks before insert Al Viro <viro(a)zeniv.linux.org.uk> __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Allow PVH dom0 a non-local xenstore Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref Alistair Francis <alistair.francis(a)wdc.com> nvmet-tcp: don't restore null sk_state_change Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> pinctrl: meson: define the pull up/down resistor value as 60 kOhm Jessica Zhang <quic_jesszhan(a)quicinc.com> drm: Add valid clones check Simona Vetter <simona.vetter(a)ffwll.ch> drm/atomic: clarify the rules around drm_atomic_state->allow_modeset Isaac Scott <isaac.scott(a)ideasonboard.com> regulator: ad5398: Add device tree support Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate Viktor Malik <vmalik(a)redhat.com> bpftool: Fix readlink usage in get_fd_type junan <junan76(a)163.com> HID: usbkbd: Fix the bit shift number for LED_KANA Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Restore some drive settings after reset Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine Ankur Arora <ankur.a.arora(a)oracle.com> rcu: fix header guard for rcu_all_qs() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y Ido Schimmel <idosch(a)nvidia.com> vxlan: Annotate FDB data races Andrey Vatoropin <a.vatoropin(a)crpt.ru> hwmon: (xgene-hwmon) use appropriate type for the latency value Kuniyuki Iwashima <kuniyu(a)amazon.com> ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). William Tu <witu(a)nvidia.com> net/mlx5e: reduce rep rxq depth to 256 for ECPF William Tu <witu(a)nvidia.com> net/mlx5e: set the tx_queue_len for pfifo_fast Alexei Lazar <alazar(a)nvidia.com> net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: core: don't require set_mode() callback for phy_get_mode() to work Kees Cook <kees(a)kernel.org> net/mlx4_core: Avoid impossible mlx4_db_alloc() order value Konstantin Andreev <andreev(a)swemel.ru> smack: recognize ipv4 CIPSO w/o categories Valentin Caron <valentin.caron(a)foss.st.com> pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map Martin Povišer <povik+lin(a)cutebit.org> ASoC: ops: Enforce platform maximum on initial value Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Apply rate-limiting to high temperature warning Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Modify LSB bitmask in temperature event to include only the first bit Xiaofei Tan <tanxiaofei(a)huawei.com> ACPI: HED: Always initialize before evged Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix old_size lower bound in calculate_iosize() too Arnd Bergmann <arnd(a)arndb.de> EDAC/ie31200: work around false positive build warning Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: mpt3sas: Send a diag reset if target reset fails Paul Burton <paulburton(a)kernel.org> MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core Bibo Mao <maobibo(a)loongson.cn> MIPS: Use arch specific syscall name match function Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: menu: Avoid discarding useful information Waiman Long <longman(a)redhat.com> x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() Hangbin Liu <liuhangbin(a)gmail.com> bonding: report duplicate MAC address in all situations Arnd Bergmann <arnd(a)arndb.de> net: xgene-v2: remove incorrect ACPI_PTR annotation Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: KFD release_work possible circular locking Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid report two health errors on same syndrome Kuhanh Murugasen Krishnan <kuhanh.murugasen.krishnan(a)intel.com> fpga: altera-cvp: Increase credit timeout AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence Alexander Stein <alexander.stein(a)ew.tq-group.com> hwmon: (gpio-fan) Add missing mutex locks Breno Leitao <leitao(a)debian.org> x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix mpls maximum labels list parsing Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" Hans Verkuil <hverkuil(a)xs4all.nl> media: cx231xx: set device_caps for 417 Matthew Wilcox (Oracle) <willy(a)infradead.org> orangefs: Do not truncate file size Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: prevent BUG_ON by blocking retries on failed device resumes Markus Elfring <elfring(a)users.sourceforge.net> media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() Svyatoslav Ryhel <clamor95(a)gmail.com> ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ieee802154: ca8210: Use proper setters and getters for bitwise types Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ds1307: stop disabling alarms on probe Andreas Schwab <schwab(a)linux-m68k.org> powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 Erick Shepherd <erick.shepherd(a)ni.com> mmc: sdhci: Disable SD card clock before changing parameters Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> netfilter: conntrack: Bound nf_conntrack sysctl writes Eric Dumazet <edumazet(a)google.com> posix-timers: Add cond_resched() to posix_timer_add() search loop Frediano Ziglio <frediano.ziglio(a)cloud.com> xen: Add support for XenServer 6.1 platform device Mikulas Patocka <mpatocka(a)redhat.com> dm: restrict dm device size to 2^63-512 bytes Seyediman Seyedarab <imandevel(a)gmail.com> kbuild: fix argument parsing in scripts/config Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: ERASE does not change tape location Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Tighten the page format heuristics with MODE SELECT Christian Göttsche <cgzones(a)googlemail.com> ext4: reorder capability check last Tiwei Bie <tiwei.btw(a)antgroup.com> um: Update min_low_pfn to match changes in uml_reserved Benjamin Berg <benjamin(a)sipsolutions.net> um: Store full CSGSFS and SS register from mcontext Filipe Manana <fdmanana(a)suse.com> btrfs: send: return -ENAMETOOLONG when attempting a path that is too long Mark Harmstone <maharmstone(a)fb.com> btrfs: avoid linker error in btrfs_find_create_tree_block() Vitalii Mordan <mordan(a)ispras.ru> i2c: pxa: fix call balance of i2c->clk handling routines Erick Shepherd <erick.shepherd(a)ni.com> mmc: host: Wait for Vdd to settle on card power off Robert Richter <rrichter(a)amd.com> libnvdimm/labels: Fix divide error in nd_label_data_init() Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS/flexfiles: Report ENETDOWN as a connection error Ian Rogers <irogers(a)google.com> tools/build: Don't pass test log files to linker Jing Su <jingsusu(a)didiglobal.com> dql: Fix dql->limit value when reset. Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpc_clnt_set_transport() must not change the autobind setting Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Treat ENETUNREACH errors as fatal for state recovery Zsolt Kajtar <soci(a)c64.rulez.org> fbdev: core: tileblit: Implement missing margin clearing for tileblit Shixiong Ou <oushixiong(a)kylinos.cn> fbdev: fsl-diu-fb: add missing device_remove_file() Tudor Ambarus <tudor.ambarus(a)linaro.org> mailbox: use error ret code of of_parse_phandle_with_args() Daniel Gomez <da.gomez(a)samsung.com> kconfig: merge_config: use an empty file as initfile gaoxu <gaoxu2(a)honor.com> cgroup: Fix compilation issue due to cgroup_mutex not being exported Marek Szyprowski <m.szyprowski(a)samsung.com> dma-mapping: avoid potential unused data compilation warning Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: iscsi: Fix timeout on deleted connection Eelco Chaudron <echaudro(a)redhat.com> openvswitch: Fix unsafe attribute parsing in output_userspace() Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - enable SMBus for HP Elitebook 850 G1 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: axis-fifo: Correct handling of tx_fifo_depth for size validation Quentin Deslandes <quentin.deslandes(a)itdev.co.uk> staging: axis-fifo: avoid parsing ignored device tree properties Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: axis-fifo: Remove hardware resets for user errors Quentin Deslandes <quentin.deslandes(a)itdev.co.uk> staging: axis-fifo: replace spinlock with mutex Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Al Viro <viro(a)zeniv.linux.org.uk> do_umount(): add missing barrier before refcount checks in sync case Daniel Wagner <wagi(a)kernel.org> nvme: unblock ctrl state transition for firmware update Thorsten Blum <thorsten.blum(a)linux.dev> MIPS: Fix MAX_REG_OFFSET Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: dln2: Use aligned_s64 for timestamp Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> types: Complement the aligned types with signed 64-bit one Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous generic_read ioctl return Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous wait_srq ioctl return Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous get_stb ioctl error returns Oliver Neukum <oneukum(a)suse.com> USB: usbtmc: use interruptible sleep in usbtmc_read Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix NULL pointer access RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Jan Kara <jack(a)suse.cz> ocfs2: stop quota recovery before disabling quotas Jan Kara <jack(a)suse.cz> ocfs2: implement handshaking with ocfs2 recovery thread Jan Kara <jack(a)suse.cz> ocfs2: switch osb->disable_recovery to enum Dmitry Antipov <dmantipov(a)yandex.ru> module: ensure that kobject_put() is safe for module type kobjects Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Use kref to track req lifetime Alexey Charkov <alchark(a)gmail.com> usb: uhci-platform: Make the clock really optional Silvano Seva <s.seva(a)4sigma.it> iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Silvano Seva <s.seva(a)4sigma.it> iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Gabriel Shahrouzi <gshahrouzi(a)gmail.com> iio: adis16201: Correct inclinometer channel resolution Angelo Dureghello <adureghello(a)baylibre.com> iio: adc: ad7606: fix serial register access Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: iio: adc: ad7816: Correct conditional logic for store mode Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on Dell Precision M3800 Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Manuel Fombuena <fombuena(a)outlook.com> Input: synaptics - enable InterTouch on Dynabook Portege X30-D Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix learning on VLAN unaware bridges Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix region locking in hash types Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_deactivate() idempotent Mike Christie <michael.christie(a)oracle.com> scsi: target: Fix WRITE_SAME No Data Buffer crash Tudor Ambarus <tudor.ambarus(a)linaro.org> dm: fix copying after src array boundaries Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix iface clock-name on px30 iommus Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Alexander Stein <alexander.stein(a)ew.tq-group.com> usb: chipidea: ci_hdrc_imx: use dev_err_probe() Peter Chen <peter.chen(a)nxp.com> usb: chipidea: imx: refine the error handling for hsic Peter Chen <peter.chen(a)nxp.com> usb: chipidea: imx: change hsic power regulator as optional Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Thomas Gleixner <tglx(a)linutronix.de> irqchip/gic-v2m: Mark a few functions __init Xiang wangx <wangxiang(a)cdjrlc.com> irqchip/gic-v2m: Add const to of_device_id Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Mattias Barthel <mattias.barthel(a)atlascopco.com> net: fec: ERR007885 Workaround for conventional TX Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix memleak issue when GSO enabled Alexey Denisov <rtgbnm(a)gmail.com> lan743x: fix endianness when accessing descriptors Colin Ian King <colin.king(a)canonical.com> lan743x: remove redundant initialization of variable current_head_index Michael Liang <mliang(a)purestorage.com> nvme-tcp: fix premature queue removal and I/O failover Simon Horman <horms(a)kernel.org> net: dlink: Correct endianness handling of led_mode Victor Nogueira <victor(a)mojatatu.com> net_sched: qfq: Fix double list add in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc Victor Nogueira <victor(a)mojatatu.com> net_sched: drr: Fix double list add in class with netem as child qdisc Maor Gottlieb <maorg(a)nvidia.com> net/mlx5: E-Switch, Initialize MAC Address for Default GID Jeongjun Park <aha310510(a)gmail.com> tracing: Fix oob write in trace_seq_to_buffer() Benjamin Marzinski <bmarzins(a)redhat.com> dm: always update the array size in realloc_argv on success Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a warning on invalid table line Wentao Liang <vulab(a)iscas.ac.cn> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Vishal Badole <Vishal.Badole(a)amd.com> amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Helge Deller <deller(a)gmx.de> parisc: Fix double SIGFPE crash Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: Fix clock count when probe defers Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Set DDR and SDMMC interrupt mask before registration Niravkumar L Rabara <niravkumar.l.rabara(a)altera.com> EDAC/altera: Test the correct error reg offset ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Makefile | 16 +- arch/arm/boot/dts/tegra114.dtsi | 2 +- arch/arm64/boot/dts/rockchip/px30.dtsi | 4 +- arch/mips/include/asm/ftrace.h | 16 + arch/mips/include/asm/ptrace.h | 3 +- arch/mips/kernel/pm-cps.c | 30 +- arch/parisc/math-emu/driver.c | 16 +- arch/powerpc/kernel/prom_init.c | 4 +- arch/um/Makefile | 1 + arch/um/kernel/mem.c | 1 + arch/x86/include/asm/nmi.h | 2 + arch/x86/kernel/cpu/bugs.c | 10 +- arch/x86/kernel/nmi.c | 42 +++ arch/x86/kernel/reboot.c | 10 +- arch/x86/um/os-Linux/mcontext.c | 3 +- crypto/algif_hash.c | 4 - drivers/acpi/Kconfig | 2 +- drivers/acpi/hed.c | 7 +- drivers/acpi/pptt.c | 11 +- drivers/clocksource/i8253.c | 6 +- drivers/cpuidle/governors/menu.c | 13 +- drivers/dma/dmatest.c | 6 +- drivers/edac/altera_edac.c | 9 +- drivers/edac/altera_edac.h | 2 + drivers/edac/ie31200_edac.c | 28 +- drivers/fpga/altera-cvp.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 16 +- drivers/gpu/drm/drm_atomic_helper.c | 28 ++ drivers/gpu/drm/drm_edid.c | 1 + drivers/gpu/drm/i915/gvt/opregion.c | 8 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 5 +- drivers/hid/hid-ids.h | 4 + drivers/hid/hid-quirks.c | 2 + drivers/hid/usbhid/usbkbd.c | 2 +- drivers/hwmon/gpio-fan.c | 16 +- drivers/hwmon/xgene-hwmon.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/i2c/busses/i2c-pxa.c | 5 +- drivers/iio/accel/adis16201.c | 4 +- drivers/iio/adc/ad7606_spi.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/adc/dln2-adc.c | 2 +- drivers/iio/chemical/sps30.c | 2 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 + drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/input/mouse/synaptics.c | 5 + drivers/iommu/amd_iommu_init.c | 8 + drivers/irqchip/irq-gic-v2m.c | 8 +- drivers/mailbox/mailbox.c | 7 +- drivers/md/dm-cache-target.c | 24 ++ drivers/md/dm-integrity.c | 2 +- drivers/md/dm-table.c | 9 +- .../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 3 +- drivers/media/usb/cx231xx/cx231xx-417.c | 2 + drivers/mmc/host/sdhci-pci-core.c | 6 +- drivers/mmc/host/sdhci.c | 9 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/dsa/b53/b53_common.c | 2 +- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 + drivers/net/ethernet/apm/xgene-v2/main.c | 4 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- drivers/net/ethernet/mellanox/mlx4/alloc.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 5 + .../net/ethernet/mellanox/mlx5/core/en_selftest.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/events.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/health.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/rdma.c | 2 +- drivers/net/ethernet/microchip/lan743x_main.c | 75 ++-- drivers/net/ethernet/microchip/lan743x_main.h | 21 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 +- drivers/net/ieee802154/ca8210.c | 9 +- drivers/net/vxlan.c | 18 +- .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +- drivers/net/wireless/realtek/rtw88/main.c | 17 +- drivers/net/wireless/realtek/rtw88/rtw8822b.c | 14 +- drivers/nvdimm/label.c | 3 +- drivers/nvme/host/core.c | 3 +- drivers/nvme/host/tcp.c | 31 +- drivers/nvme/target/tcp.c | 3 + drivers/of/device.c | 7 +- drivers/pci/controller/dwc/pci-imx6.c | 5 +- drivers/pci/setup-bus.c | 6 +- drivers/phy/phy-core.c | 7 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 +- drivers/phy/tegra/xusb.c | 8 +- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 44 +-- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/platform/x86/fujitsu-laptop.c | 33 +- drivers/platform/x86/thinkpad_acpi.c | 7 + drivers/regulator/ad5398.c | 12 +- drivers/rtc/rtc-ds1307.c | 4 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 17 +- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 12 +- drivers/scsi/st.c | 29 +- drivers/scsi/st.h | 2 + drivers/spi/spi-fsl-dspi.c | 20 +- drivers/spi/spi-loopback-test.c | 2 +- drivers/spi/spi-sun4i.c | 5 +- drivers/staging/axis-fifo/axis-fifo.c | 417 ++++++++------------- drivers/staging/axis-fifo/axis-fifo.txt | 18 +- drivers/staging/iio/adc/ad7816.c | 2 +- drivers/target/iscsi/iscsi_target.c | 2 +- drivers/target/target_core_file.c | 3 + drivers/target/target_core_iblock.c | 4 + drivers/target/target_core_sbc.c | 6 + drivers/usb/chipidea/ci_hdrc_imx.c | 42 ++- drivers/usb/class/usbtmc.c | 59 +-- drivers/usb/host/uhci-platform.c | 2 +- drivers/usb/typec/tcpm/tcpm.c | 2 +- drivers/usb/typec/ucsi/displayport.c | 2 + drivers/video/fbdev/core/tileblit.c | 37 +- drivers/video/fbdev/fsl-diu-fb.c | 1 + drivers/xen/platform-pci.c | 4 + drivers/xen/swiotlb-xen.c | 18 +- drivers/xen/xenbus/xenbus.h | 2 + drivers/xen/xenbus/xenbus_comms.c | 9 +- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- drivers/xen/xenbus/xenbus_probe.c | 14 +- drivers/xen/xenbus/xenbus_xs.c | 18 +- fs/btrfs/extent_io.c | 7 +- fs/btrfs/send.c | 6 +- fs/cifs/readdir.c | 7 +- fs/coredump.c | 80 +++- fs/ext4/balloc.c | 4 +- fs/namespace.c | 9 +- fs/nfs/callback_proc.c | 2 +- fs/nfs/filelayout/filelayoutdev.c | 6 +- fs/nfs/flexfilelayout/flexfilelayout.c | 1 + fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/nfs4state.c | 10 +- fs/nfs/pnfs.c | 29 +- fs/nfs/pnfs.h | 5 +- fs/nfs/pnfs_nfs.c | 9 +- fs/ocfs2/journal.c | 80 ++-- fs/ocfs2/journal.h | 1 + fs/ocfs2/ocfs2.h | 17 +- fs/ocfs2/quota_local.c | 9 +- fs/ocfs2/super.c | 3 + fs/orangefs/inode.c | 7 +- include/drm/drm_atomic.h | 23 +- include/linux/binfmts.h | 1 + include/linux/dma-mapping.h | 12 +- include/linux/mlx4/device.h | 2 +- include/linux/pid.h | 5 + include/linux/rcutree.h | 2 +- include/linux/types.h | 3 +- include/sound/pcm.h | 2 + include/trace/events/btrfs.h | 2 +- include/uapi/linux/types.h | 1 + kernel/cgroup/cgroup.c | 2 +- kernel/fork.c | 108 +++++- kernel/params.c | 4 +- kernel/rcu/tree_plugin.h | 11 +- kernel/time/posix-timers.c | 1 + kernel/trace/trace.c | 5 +- lib/dynamic_queue_limits.c | 2 +- mm/memcontrol.c | 6 +- mm/page_alloc.c | 8 + net/bridge/br_nf_core.c | 7 +- net/bridge/br_private.h | 1 + net/can/bcm.c | 79 ++-- net/core/pktgen.c | 13 +- net/ipv4/fib_rules.c | 4 +- net/ipv6/fib6_rules.c | 4 +- net/llc/af_llc.c | 8 +- net/netfilter/ipset/ip_set_hash_gen.h | 2 +- net/netfilter/nf_conntrack_standalone.c | 12 +- net/netfilter/nf_tables_api.c | 51 ++- net/openvswitch/actions.c | 3 +- net/sched/sch_drr.c | 9 +- net/sched/sch_hfsc.c | 15 +- net/sched/sch_htb.c | 13 +- net/sched/sch_qfq.c | 11 +- net/sunrpc/clnt.c | 3 - net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_state.c | 3 + scripts/config | 26 +- scripts/kconfig/merge_config.sh | 4 +- security/smack/smackfs.c | 4 + sound/core/oss/pcm_oss.c | 3 +- sound/core/pcm_native.c | 11 + sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 13 + sound/soc/soc-ops.c | 29 +- tools/bpf/bpftool/common.c | 3 +- tools/build/Makefile.build | 6 +- 198 files changed, 1682 insertions(+), 840 deletions(-)

6 days, 2 hours

9
236
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2025