- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] crypto: af_alg - zero initialize memory allocated via" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6f6e309328d53a10c0fe1f77dec2db73373179b6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025122928-monotone-prodigy-ba4d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6f6e309328d53a10c0fe1f77dec2db73373179b6 Mon Sep 17 00:00:00 2001 From: Shivani Agarwal <shivani.agarwal(a)broadcom.com> Date: Tue, 23 Sep 2025 23:01:48 -0700 Subject: [PATCH] crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitly. This resulted in the use of uninitialized data in certain error paths or when new fields are added in the future. The ACVP patches also contain two user-space interface files: algif_kpp.c and algif_akcipher.c. These too rely on proper initialization of their context structures. A particular issue has been observed with the newly added 'inflight' variable introduced in af_alg_ctx by commit: 67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests") Because the context is not memset to zero after allocation, the inflight variable has contained garbage values. As a result, af_alg_alloc_areq() has incorrectly returned -EBUSY randomly when the garbage value was interpreted as true: https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209 The check directly tests ctx->inflight without explicitly comparing against true/false. Since inflight is only ever set to true or false later, an uninitialized value has triggered -EBUSY failures. Zero-initializing memory allocated with sock_kmalloc() ensures inflight and other fields start in a known state, removing random issues caused by uninitialized data. Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations") Fixes: 5afdfd22e6ba ("crypto: algif_rng - add random number generator support") Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of duplicate code") Fixes: 67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests") Cc: stable(a)vger.kernel.org Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/crypto/af_alg.c b/crypto/af_alg.c index ca6fdcc6c54a..6c271e55f44d 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -1212,15 +1212,14 @@ struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, if (unlikely(!areq)) return ERR_PTR(-ENOMEM); + memset(areq, 0, areqlen); + ctx->inflight = true; areq->areqlen = areqlen; areq->sk = sk; areq->first_rsgl.sgl.sgt.sgl = areq->first_rsgl.sgl.sgl; - areq->last_rsgl = NULL; INIT_LIST_HEAD(&areq->rsgl_list); - areq->tsgl = NULL; - areq->tsgl_entries = 0; return areq; } diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index e3f1a4852737..4d3dfc60a16a 100644 --- a/crypto/algif_hash.c +++ b/crypto/algif_hash.c @@ -416,9 +416,8 @@ static int hash_accept_parent_nokey(void *private, struct sock *sk) if (!ctx) return -ENOMEM; - ctx->result = NULL; + memset(ctx, 0, len); ctx->len = len; - ctx->more = false; crypto_init_wait(&ctx->wait); ask->private = ctx; diff --git a/crypto/algif_rng.c b/crypto/algif_rng.c index 10c41adac3b1..1a86e40c8372 100644 --- a/crypto/algif_rng.c +++ b/crypto/algif_rng.c @@ -248,9 +248,8 @@ static int rng_accept_parent(void *private, struct sock *sk) if (!ctx) return -ENOMEM; + memset(ctx, 0, len); ctx->len = len; - ctx->addtl = NULL; - ctx->addtl_len = 0; /* * No seeding done at that point -- if multiple accepts are

7 minutes

2
1
0 0

[PATCH] USB: OHCI/UHCI: Add soft dependencies on ehci_hcd

by Huacai Chen

Commit 9beeee6584b9aa4f ("USB: EHCI: log a warning if ehci-hcd is not loaded first") said that ehci-hcd should be loaded before ohci-hcd and uhci-hcd. However, commit 05c92da0c52494ca ("usb: ohci/uhci - add soft dependencies on ehci_pci") only makes ohci-pci/uhci-pci depend on ehci- pci, which is not enough and we may still see the warnings in boot log. So fix it by also making ohci-hcd/uhci-hcd depend on ehci-hcd. Cc: stable(a)vger.kernel.org Reported-by: Shengwen Xiao <atzlinux(a)sina.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/usb/host/ohci-hcd.c | 1 + drivers/usb/host/uhci-hcd.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/usb/host/ohci-hcd.c b/drivers/usb/host/ohci-hcd.c index 9c7f3008646e..549c965b7fbe 100644 --- a/drivers/usb/host/ohci-hcd.c +++ b/drivers/usb/host/ohci-hcd.c @@ -1355,4 +1355,5 @@ static void __exit ohci_hcd_mod_exit(void) clear_bit(USB_OHCI_LOADED, &usb_hcds_loaded); } module_exit(ohci_hcd_mod_exit); +MODULE_SOFTDEP("pre: ehci_hcd"); diff --git a/drivers/usb/host/uhci-hcd.c b/drivers/usb/host/uhci-hcd.c index 14e6dfef16c6..e1a27d01bdbc 100644 --- a/drivers/usb/host/uhci-hcd.c +++ b/drivers/usb/host/uhci-hcd.c @@ -939,3 +939,4 @@ module_exit(uhci_hcd_cleanup); MODULE_AUTHOR(DRIVER_AUTHOR); MODULE_DESCRIPTION(DRIVER_DESC); MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: ehci_hcd"); -- 2.47.3

33 minutes

6
9
0 0

Sd card race on resume with filesystem errors (possible data loss?)

by Sergio Callegari

Hi and happy new year! I would like to report a problem that I am encountering with the sdcard storage. I have a laptop/convertible where /home is on an sd-card (because the internal disk is too small). The card is luks encrypted and has a btrfs filesystem on it. When the laptop sleeps and then resumes, there is a race. The sdcard gets accessed for read/write but is not yet ready, so there are I/O errors. BTRFS is not happy with them and tends to remount RO. This issue is well known to purism developers (e.g. see https://source.puri.sm/Librem5/linux/-/issues/484 and https://forums.puri.sm/t/sdcard-becomes-read-only-after-waking-up-from-susp…). My kernel logs are identical to those in https://source.puri.sm/Librem5/linux/-/issues/484 (first comment), apart from the fact that I get the errors from BTRFS, while the reporter there gets the errors from EXT4. This indicates that the race is not specific to BTRFS. The errors in the kernel logs come right after the PM: suspend exit message. From what I understand: 1. The error is more frequent with the SD-LUKS-FILESYSTEM stratification, but not specific to it 2. A phone/tablet set up such as those that purism developers address will generally use sdcard for storage and require suspend, being a good trigger for the problem. However, the problem is in no means specific to phones, ARM devices, etc. I am getting it on an X86-64 laptop. 3. It is unclear to me if there is a real risk of data loss. Possibly with BTRFS that has a more complex data management this can be the case. 4.Even without data loss, the issue requires a reboot to get the filesystem back to RW, so it is annoying. 5. Purism developers have a kernel patch for it at https://source.puri.sm/Librem5/linux/-/merge_requests/788, but I believe it is not in linux mainline or stable. Would it make sense to consider that patch? 6. For stable kernels, there is a mitigation consisting in a systemd sleep-resume hook as in #!/bin/sh /usr/bin/systemd-cat -p5 /usr/bin/echo ${1} ${2} case "${1}" in post) sleep 1.5 systemd-cat -p4 /usr/bin/echo "hack, wait for sdcard" ;; esac see https://source.puri.sm/Librem5/linux/-/issues/484#note_277648 This appears to reduce the occurrence of the problem, but not to eliminate it completely. Thanks for the attention Sergio

1 hour, 21 minutes

1
0
0 0

[PATCH] PCI: Avoid work_on_cpu() in async probe workers

by Jinhui Guo

Commit ef0ff68351be ("driver core: Probe devices asynchronously instead of the driver") speeds up the loading of large numbers of device drivers by submitting asynchronous probe workers to an unbounded workqueue and binding each worker to the CPU near the device’s NUMA node. These workers are not scheduled on isolated CPUs because their cpumask is restricted to housekeeping_cpumask(HK_TYPE_WQ) and housekeeping_cpumask(HK_TYPE_DOMAIN). However, when PCI devices reside on the same NUMA node, all their drivers’ probe workers are bound to the same CPU within that node, yet the probes still run in parallel because pci_call_probe() invokes work_on_cpu(). Introduced by commit 873392ca514f ("PCI: work_on_cpu: use in drivers/pci/pci-driver.c"), work_on_cpu() queues a worker on system_percpu_wq to bind the probe thread to the first CPU in the device’s NUMA node (chosen via cpumask_any_and() in pci_call_probe()). 1. The function __driver_attach() submits an asynchronous worker with callback __driver_attach_async_helper(). __driver_attach() async_schedule_dev(__driver_attach_async_helper, dev) async_schedule_node(func, dev, dev_to_node(dev)) async_schedule_node_domain(func, data, node, &async_dfl_domain) __async_schedule_node_domain(func, data, node, domain, entry) queue_work_node(node, async_wq, &entry->work) 2. The asynchronous probe worker ultimately calls work_on_cpu() in pci_call_probe(), binding the worker to the same CPU within the device’s NUMA node. __driver_attach_async_helper() driver_probe_device(drv, dev) __driver_probe_device(drv, dev) really_probe(dev, drv) call_driver_probe(dev, drv) dev->bus->probe(dev) pci_device_probe(dev) __pci_device_probe(drv, pci_dev) pci_call_probe(drv, pci_dev, id) cpu = cpumask_any_and(cpumask_of_node(node), wq_domain_mask) error = work_on_cpu(cpu, local_pci_probe, &ddi) schedule_work_on(cpu, &wfc.work); queue_work_on(cpu, system_percpu_wq, work) To fix the issue, pci_call_probe() must not call work_on_cpu() when it is already running inside an unbounded asynchronous worker. Because a driver can be probed asynchronously either by probe_type or by the kernel command line, we cannot rely on PROBE_PREFER_ASYNCHRONOUS alone. Instead, we test the PF_WQ_WORKER flag in current->flags; if it is set, pci_call_probe() is executing within an unbounded workqueue worker and should skip the extra work_on_cpu() call. Testing three NVMe devices on the same NUMA node of an AMD EPYC 9A64 2.4 GHz processor shows a 35 % probe-time improvement with the patch: Before (all on CPU 0): nvme 0000:01:00.0: CPU: 0, COMM: kworker/0:1, probe cost: 53372612 ns nvme 0000:02:00.0: CPU: 0, COMM: kworker/0:2, probe cost: 49532941 ns nvme 0000:03:00.0: CPU: 0, COMM: kworker/0:3, probe cost: 47315175 ns After (spread across CPUs 1, 2, 5): nvme 0000:01:00.0: CPU: 5, COMM: kworker/u1025:5, probe cost: 34765890 ns nvme 0000:02:00.0: CPU: 1, COMM: kworker/u1025:2, probe cost: 34696433 ns nvme 0000:03:00.0: CPU: 2, COMM: kworker/u1025:3, probe cost: 33233323 ns The improvement grows with more PCI devices because fewer probes contend for the same CPU. Fixes: ef0ff68351be ("driver core: Probe devices asynchronously instead of the driver") Cc: stable(a)vger.kernel.org Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> --- drivers/pci/pci-driver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 7c2d9d596258..4bc47a84d330 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -366,9 +366,11 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, /* * Prevent nesting work_on_cpu() for the case where a Virtual Function * device is probed from work_on_cpu() of the Physical device. + * Check PF_WQ_WORKER to prevent invoking work_on_cpu() in an asynchronous + * probe worker when the driver allows asynchronous probing. */ if (node < 0 || node >= MAX_NUMNODES || !node_online(node) || - pci_physfn_is_probed(dev)) { + pci_physfn_is_probed(dev) || (current->flags & PF_WQ_WORKER)) { cpu = nr_cpu_ids; } else { cpumask_var_t wq_domain_mask; -- 2.20.1

1 hour, 48 minutes

3
7
0 0

[PATCH 6.18 000/430] 6.18.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.3 release. There are 430 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 31 Dec 2025 16:06:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.3-rc1 Cheng Ding <cding(a)ddn.com> fuse: missing copy_finish in fuse-over-io-uring argument copies Joanne Koong <joannelkoong(a)gmail.com> fuse: fix readahead reclaim deadlock Joanne Koong <joannelkoong(a)gmail.com> fuse: fix io-uring list corruption for terminated non-committed requests Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix use-after-free on probe deferral Damien Le Moal <dlemoal(a)kernel.org> block: freeze queue when updating zone resources Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama7d65: fix uart fifo size to 32 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83791d) Convert macros to functions to avoid TOCTOU Johan Hovold <johan(a)kernel.org> hwmon: (max6697) fix regmap leak on probe failure Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (max16065) Use local variable to avoid TOCTOU Joanne Koong <joannelkoong(a)gmail.com> io_uring/rsrc: fix lost entries after cloned range Raviteja Laggyshetty <quic_rlaggysh(a)quicinc.com> interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes Ma Ke <make24(a)iscas.ac.cn> i2c: amd-mp2: fix reference leak in MP2 PCI device Eric Biggers <ebiggers(a)kernel.org> lib/crypto: riscv: Depend on RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> platform/x86: intel: chtwc_int33fe: don't dereference swnode args Biju Das <biju.das.jz(a)bp.renesas.com> pwm: rzg2l-gpt: Allow checking period_tick cache value only if sibling channel is enabled Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> rpmsg: glink: fix rpmsg device leak Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_bpf: Stop tracing on user latency Johan Hovold <johan(a)kernel.org> soc: amlogic: canvas: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: apple: mailbox: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: qcom: ocmem: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: qcom: pbs: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: samsung: exynos-pmu: fix device leak on regmap lookup Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix fixed array of synthetic event Raghavendra Rao Ananta <rananta(a)google.com> vfio: Fix ksize arg while copying user struct in vfio_df_ioctl_bind_iommufd() Miaoqian Lin <linmq006(a)gmail.com> virtio: vdpa: Fix reference count leak in octep_sriov_enable() Damien Le Moal <dlemoal(a)kernel.org> zloop: make the write pointer of full zones invalid Damien Le Moal <dlemoal(a)kernel.org> zloop: fail zone append operations that are targeting full zones Johan Hovold <johan(a)kernel.org> amba: tegra-ahb: Fix device leak on SMMU enable Eric Biggers <ebiggers(a)kernel.org> crypto: arm64/ghash - Fix incorrect output from ghash-neon Guangshuo Li <lgs201920130244(a)gmail.com> crypto: caam - Add check for kcalloc() in test_len() Shivani Agarwal <shivani.agarwal(a)broadcom.com> crypto: af_alg - zero initialize memory allocated via sock_kmalloc Krzysztof Kozlowski <krzk(a)kernel.org> dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets Krzysztof Kozlowski <krzk(a)kernel.org> dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets Krzysztof Kozlowski <krzk(a)kernel.org> dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets Krzysztof Kozlowski <krzk(a)kernel.org> dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets Krzysztof Kozlowski <krzk(a)kernel.org> dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets Krzysztof Kozlowski <krzk(a)kernel.org> dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets Krzysztof Kozlowski <krzk(a)kernel.org> dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets Jani Nikula <jani.nikula(a)intel.com> drm/displayid: pass iter to drm_find_displayid_extension() Ray Wu <ray.wu(a)amd.com> drm/amd/display: Fix scratch registers offsets for DCN351 Ray Wu <ray.wu(a)amd.com> drm/amd/display: Fix scratch registers offsets for DCN35 Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd/display: Fix pbn to kbps Conversion" Xi Ruoyao <xry111(a)xry111.site> gpio: loongson: Switch 2K2000/3000 GPIO to BYTE_CTRL_MODE Askar Safin <safinaskar(a)gmail.com> gpiolib: acpi: Add quirk for Dell Precision 7780 Wentao Guan <guanwentao(a)uniontech.com> gpio: regmap: Fix memleak in error path in gpio_regmap_register() Sven Schnelle <svens(a)linux.ibm.com> s390/ipl: Clear SBP flag when bootprog is set Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated Filipe Manana <fdmanana(a)suse.com> btrfs: don't log conflicting inode if it's a dir moved in the current transaction Nysal Jan K.A. <nysal(a)linux.ibm.com> powerpc/kexec: Enable SMT before waking offline CPUs Joshua Rogers <linux(a)joshua.hu> SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf Joshua Rogers <linux(a)joshua.hu> svcrdma: use rc_pageoff for memcpy byte offset Joshua Rogers <linux(a)joshua.hu> svcrdma: return 0 on success from svc_rdma_copy_inline_range Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> nfsd: Mark variable __maybe_unused to avoid W=1 build break Joshua Rogers <linux(a)joshua.hu> svcrdma: bound check rq_pages index in inline path Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Convert FLOAT to S32 during blob selection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clear TIME_DELEG in the suppattr_exclcreat bitmap Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Add Asus quirk for TAS amplifiers Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Prefer 32-bit DMIC blobs for 8-bit formats as well Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 file creation neglects setting ACL Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap caoping <caoping(a)cmss.chinamobile.com> net/handshake: restore destructor on submit failure Amir Goldstein <amir73il(a)gmail.com> fsnotify: do not generate ACCESS/MODIFY events on child for special files Thorsten Blum <thorsten.blum(a)linux.dev> net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write René Rebe <rene(a)exactco.de> r8169: fix RTL8117 Wake-on-Lan in DASH mode Charles Mirabile <cmirabil(a)redhat.com> lib/crypto: riscv: Add poly1305-core.S to .gitignore Mark Brown <broonie(a)kernel.org> arm64/gcs: Flush the GCS locking state on exec Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Do not clear needs_force_resume with enabled runtime PM Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not register unsupported perf events Christoph Hellwig <hch(a)lst.de> xfs: validate that zoned RT devices are zone aligned Darrick J. Wong <djwong(a)kernel.org> xfs: fix a UAF problem in xattr repair Christoph Hellwig <hch(a)lst.de> xfs: fix the zoned RT growfs check for zone alignment Darrick J. Wong <djwong(a)kernel.org> xfs: fix stupid compiler warning Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> xfs: fix a memory leak in xfs_buf_item_init() Gavin Shan <gshan(a)redhat.com> KVM: selftests: Add missing "break" in rseq_test's param parsing Sean Christopherson <seanjc(a)google.com> KVM: x86: Apply runtime updates to current CPUID during KVM_SET_CPUID{,2} Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) Dongli Zhang <dongli.zhang(a)oracle.com> KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit Sean Christopherson <seanjc(a)google.com> KVM: TDX: Explicitly set user-return MSRs that *may* be clobbered by the TDX-Module Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Wanpeng Li <wanpengli(a)tencent.com> KVM: Fix last_boosted_vcpu index assignment bug Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation Sean Christopherson <seanjc(a)google.com> KVM: selftests: Forcefully override ARCH from x86_64 to x86 Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() Sean Christopherson <seanjc(a)google.com> KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 Finn Thain <fthain(a)linux-m68k.org> powerpc: Add reloc_offset() to font bitmap pointer used for bootx_printf() Ilya Dryomov <idryomov(a)gmail.com> libceph: make decode_pool() more resilient against corrupted osdmaps Vivian Wang <wangruikang(a)iscas.ac.cn> lib/crypto: riscv/chacha: Avoid s0/fp register Dongsheng Yang <dongsheng.yang(a)linux.dev> dm-pcache: advance slot index before writing slot Helge Deller <deller(a)gmx.de> parisc: Do not reprogram affinitiy on ASP chip Zhichi Lin <zhichi.lin(a)vivo.com> scs: fix a wrong parameter in __scs_magic Wangao Wang <wangao.wang(a)oss.qualcomm.com> media: iris: Add sanity check for stop streaming Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Prithvi Tambewagh <activprithvi(a)gmail.com> ocfs2: fix kernel BUG in ocfs2_find_victim_chain Jeongjun Park <aha310510(a)gmail.com> media: vidtv: initialize local pointers upon transfer of memory ownership Deepanshu Kartikey <kartikey406(a)gmail.com> mm/slub: reset KASAN tag in defer_free() before accessing freed memory Sean Christopherson <seanjc(a)google.com> KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix ISEL restore on resume Alison Schofield <alison.schofield(a)intel.com> tools/testing/nvdimm: Use per-DIMM device handle Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_recover_fsync_data() Chao Yu <chao(a)kernel.org> f2fs: fix to not account invalid blocks in get_left_section_blocks() Chao Yu <chao(a)kernel.org> f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Xiaole He <hexiaole1994(a)126.com> f2fs: fix uninitialized one_time_gc in victim_sel_policy Xiaole He <hexiaole1994(a)126.com> f2fs: fix age extent cache insertion skip on counter overflow Chao Yu <chao(a)kernel.org> f2fs: use global inline_xattr_slab instead of per-sb slab cache Deepanshu Kartikey <kartikey406(a)gmail.com> f2fs: invalidate dentry cache on failed whiteout creation Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating zero-sized extent in extent cache Chao Yu <chao(a)kernel.org> f2fs: fix to propagate error from f2fs_enable_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid potential deadlock Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating compression context during writeback Jan Prusakowski <jprusakowski(a)google.com> f2fs: ensure node page reads complete before f2fs_put_super() finishes Seunghwan Baek <sh8267.baek(a)samsung.com> scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow Andrey Vatoropin <a.vatoropin(a)crpt.ru> scsi: target: Reset t_task_cdb pointer in error case Dai Ngo <dai.ngo(a)oracle.com> NFSD: use correct reservation type in nfsd4_scsi_fence_client Junrui Luo <moonafterrain(a)outlook.com> scsi: aic94xx: fix use-after-free in device removal path Tony Battersby <tonyb(a)cybernetics.com> scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Miaoqian Lin <linmq006(a)gmail.com> cpufreq: nforce2: fix reference count leak in nforce2 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: teo: Drop misguided target residency check Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check that the DMA cookie is valid j.turek <jakub.turek(a)elsta.tech> serial: xilinx_uartps: fix rs485 delay_rts_after_send Alexander Stein <alexander.stein(a)ew.tq-group.com> serial: core: Fix serial device initialization Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Restore sysfs fwnode information Junxiao Chang <junxiao.chang(a)intel.com> mei: gsc: add dependency on Xe driver Ma Ke <make24(a)iscas.ac.cn> mei: Fix error handling in mei_register Ma Ke <make24(a)iscas.ac.cn> intel_th: Fix error handling in intel_th_output_open Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> dt-bindings: slimbus: fix warning from example Tianchu Chen <flynnnchen(a)tencent.com> char: applicom: fix NULL pointer dereference in ac_ioctl Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister: fixup Haoxiang Li <haoxiang_li2024(a)163.com> usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() Udipto Goswami <udipto.goswami(a)oss.qualcomm.com> usb: dwc3: keep susphy enabled during exit to avoid controller faults Miaoqian Lin <linmq006(a)gmail.com> usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe Johan Hovold <johan(a)kernel.org> usb: gadget: lpc32xx_udc: fix clock imbalance in error path Johan Hovold <johan(a)kernel.org> usb: phy: isp1301: fix non-OF device reference imbalance Duoming Zhou <duoming(a)zju.edu.cn> usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal Ma Ke <make24(a)iscas.ac.cn> USB: lpc32xx_udc: Fix error handling in probe Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() Arnd Bergmann <arnd(a)arndb.de> usb: typec: ucsi: huawei-gaokin: add DRM dependency Johan Hovold <johan(a)kernel.org> usb: ohci-nxp: fix device leak on probe failure Johan Hovold <johan(a)kernel.org> phy: broadcom: bcm63xx-usbh: fix section mismatches Colin Ian King <colin.i.king(a)gmail.com> media: pvrusb2: Fix incorrect variable used in trace message Jeongjun Park <aha310510(a)gmail.com> media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid deadlock on fallback while reinjecting Paolo Abeni <pabeni(a)redhat.com> mptcp: schedule rtx timer only after pushing data Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: ensure unknown flags are ignored Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ignore unknown endpoint flags Harry Yoo <harry.yoo(a)oracle.com> mm/slab: introduce kvfree_rcu_barrier_on_cache() for cache destruction Hans de Goede <johannes.goede(a)oss.qualcomm.com> dma-mapping: Fix DMA_BIT_MASK() macro being broken Sourabh Jain <sourabhjain(a)linux.ibm.com> crash: let architecture decide crash memory export to iomem_resource Jarkko Sakkinen <jarkko(a)kernel.org> tpm2-sessions: Fix tpm2_read_public range checks Jarkko Sakkinen <jarkko(a)kernel.org> tpm2-sessions: Fix out of range indexing in name_size Wei Yang <richard.weiyang(a)gmail.com> mm/huge_memory: add pmd folio to ds_queue in do_huge_zero_wp_pmd() Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-mem2mem: Fix outdated documentation xu xin <xu.xin16(a)zte.com.cn> mm/ksm: fix exec/fork inheritance support for prctl Bart Van Assche <bvanassche(a)acm.org> block: Remove queue freezing from several sysfs store callbacks Byungchul Park <byungchul(a)sk.com> jbd2: use a weaker annotation in journal handling Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key Baokun Li <libaokun1(a)huawei.com> ext4: align max orphan file size with e2fsprogs limit Yongjian Sun <sunyongjian1(a)huawei.com> ext4: fix incorrect group number assertion in mb_check_buddy Haibo Chen <haibo.chen(a)nxp.com> ext4: clear i_state_flags when alloc inode Karina Yankevich <k.yankevich(a)omp.ru> ext4: xattr: fix null pointer deref in ext4_raw_inode() Fedor Pchelkin <pchelkin(a)ispras.ru> ext4: check if mount_opts is NUL-terminated in ext4_ioctl_set_tune_sb() Fedor Pchelkin <pchelkin(a)ispras.ru> ext4: fix string copying in parse_apply_sb_mount_options() John Ogness <john.ogness(a)linutronix.de> printk: Avoid irq_work for printk_deferred() on suspend John Ogness <john.ogness(a)linutronix.de> printk: Allow printk_trigger_flush() to flush all types Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> fs: PM: Fix reverse check in filesystems_freeze_callback() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Cap the number of PCR banks Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Fix uninitialized var in config-bisect.pl Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: fix mount failure for sparse runs in run_unpack() Zheng Yejian <zhengyejian(a)huaweicloud.com> kallsyms: Fix wrong "big" kernel symbol type read from procfs Eric Biggers <ebiggers(a)kernel.org> crypto: scatterwalk - Fix memcpy_sglist() to always succeed Rene Rebe <rene(a)exactco.de> floppy: fix for PAGE_SIZE != 4KB Ye Bin <yebin10(a)huawei.com> jbd2: fix the inconsistency between checksum and data in memory for journal sb Li Chen <chenl311(a)chinatelecom.cn> block: rate-limit capacity change info log Alexey Velichayshiy <a.velichayshiy(a)ispras.ru> gfs2: fix freeze error handling Josef Bacik <josef(a)toxicpanda.com> btrfs: don't rewrite ret from inode_permission Sven Eckelmann (Plasma Cloud) <se(a)simonwunderlich.de> wifi: mt76: Fix DTS power-limits on little endian systems Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: Fix gendisk parent after copy pair swap Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Ma Ke <make24(a)iscas.ac.cn> perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() Ard Biesheuvel <ardb(a)kernel.org> efi: Add missing static initializer for efi_mm::cpus_allowed_lock André Draszik <andre.draszik(a)linaro.org> phy: exynos5-usbdrd: fix clock prepare imbalance Alexey Minnekhanov <alexeymin(a)postmarketos.org> dt-bindings: clock: mmcc-sdm660: Add missing MDSS reset Sarthak Garg <sarthak.garg(a)oss.qualcomm.com> mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Avadhut Naik <avadhut.naik(a)amd.com> x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems Tejun Heo <tj(a)kernel.org> sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() Tejun Heo <tj(a)kernel.org> sched_ext: Fix bypass depth leak on scx_enable() failure Zqiang <qiang.zhang(a)linux.dev> sched_ext: Fix the memleak for sch->helper objects Tejun Heo <tj(a)kernel.org> sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() John Ogness <john.ogness(a)linutronix.de> printk: Avoid scheduling irq_work on suspend Prithvi Tambewagh <activprithvi(a)gmail.com> io_uring: fix filename leak in __io_openat_prep() Jens Axboe <axboe(a)kernel.dk> io_uring: fix min_wait wakeups for SQPOLL Jens Axboe <axboe(a)kernel.dk> io_uring/poll: correctly handle io_poll_add() return value on update Johan Hovold <johan(a)kernel.org> clk: keystone: syscon-clk: fix regmap leak on probe failure Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix a memory leak in tpm2_load_cmd Alice Ryhl <aliceryhl(a)google.com> rust: io: add typedef for phys_addr_t Alice Ryhl <aliceryhl(a)google.com> rust: io: move ResourceSize to top-level io module Alice Ryhl <aliceryhl(a)google.com> rust: io: define ResourceSize as resource_size_t Marko Turk <mt(a)markoturk.info> samples: rust: fix endianness issue in rust_driver_pci FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: dma: add helpers for architectures without CONFIG_HAS_DMA Alice Ryhl <aliceryhl(a)google.com> rust_binder: avoid mem::take on delivered_deaths Lyude Paul <lyude(a)redhat.com> rust/drm/gem: Fix missing header in `Object` rustdoc Zilin Guan <zilin(a)seu.edu.cn> cifs: Fix memory and information leak in smb3_reconfigure() Stefano Garzarella <sgarzare(a)redhat.com> vhost/vsock: improve RCU read sections around vhost_vsock_get() Dan Carpenter <dan.carpenter(a)linaro.org> block: rnbd-clt: Fix signedness bug in init_dev() Caleb Sander Mateos <csander(a)purestorage.com> ublk: clean up user copy references on ublk server exit Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/msm/a6xx: move preempt_prepare_postamble after error check Neil Armstrong <neil.armstrong(a)linaro.org> drm/msm: adreno: fix deferencing ifpc_reglist when not declared John Garry <john.g.garry(a)oracle.com> scsi: scsi_debug: Fix atomic write enable module param description Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Pei Xiao <xiaopei01(a)kylinos.cn> hwmon: (emc2305) fix double put in emc2305_probe_childs_from_dt Justin Tee <justintee8345(a)gmail.com> nvme-fabrics: add ENOKEY to no retry criteria for authentication failures Pei Xiao <xiaopei01(a)kylinos.cn> hwmon: (emc2305) fix device node refcount leak in error path Daniel Wagner <wagi(a)kernel.org> nvme-fc: don't hold rport lock when putting ctrl Derek J. Clark <derekjohn.clark(a)gmail.com> platform/x86: wmi-gamezone: Add Legion Go 2 Quirks Jinhui Guo <guojinhui.liam(a)bytedance.com> i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware Jens Reidel <adrian(a)mainlining.org> clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src Ian Rogers <irogers(a)google.com> libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map Wenhua Lin <Wenhua.Lin(a)unisoc.com> serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Don't unchain link TRBs on quirky HCs Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: xhci: limit run_graceperiod for only usb 3.0 devices Pei Xiao <xiaopei01(a)kylinos.cn> iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Mark Pearson <mpearson-lenovo(a)squebb.ca> usb: typec: ucsi: Handle incorrect num_connectors capability Lizhi Xu <lizhi.xu(a)windriver.com> usbip: Fix locking bug in RT-enabled kernels Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: zero out post-EOF page cache on file extension Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix remount failure in different process environments Encrow Thorne <jyc0019(a)gmail.com> reset: fix BIT macro reference Al Viro <viro(a)zeniv.linux.org.uk> functionfs: fix the open/removal races Li Qiang <liqiang01(a)kylinos.cn> via_wdt: fix critical boot hang due to unnamed resource allocation Bernd Schubert <bschubert(a)ddn.com> fuse: Invalidate the page cache after FOPEN_DIRECT_IO write Bernd Schubert <bschubert(a)ddn.com> fuse: Always flush the page cache before FOPEN_DIRECT_IO write Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Use reinit_completion on mbx_intr_comp Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled Ben Collins <bcollins(a)kernel.org> powerpc/addnote: Fix overflow on 32-bit builds Josua Mayer <josua(a)solid-run.com> clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI David Strahan <David.Strahan(a)microchip.com> scsi: smartpqi: Add support for Hurray Data new controller PCI device Matthias Schiffer <matthias.schiffer(a)tq-group.com> ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Johannes Berg <johannes.berg(a)intel.com> um: init cpu_tasks[] earlier Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: Init workqueue before request mbox channel Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Fix shutdown/suspend race condition Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix __scan_channels() failing to rescan channels Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix the race between __scan_channels() and deliver_response() Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: ops: fix snd_soc_get_volsw for sx controls Shuming Fan <shumingf(a)realtek.com> ASoC: SDCA: support Q7.8 volume format Shardul Bankar <shardul.b(a)mpiricsoftware.com> nfsd: fix memory leak in nfsd_create_serv error paths Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak4458: remove the reset operation in probe and remove Shipei Qu <qu(a)darknavy.com> ALSA: usb-mixer: us16x08: validate meter packet indices Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: vxpocket: Fix resource leak in vxpocket_probe error path Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode Tal Zussman <tz2294(a)columbia.edu> x86/mm/tlb/trace: Export the TLB_REMOTE_WRONG_CPU enum in <trace/events/tlb.h> Yongxin Liu <yongxin.liu(a)windriver.com> x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures Thomas Gleixner <tglx(a)linutronix.de> x86/msi: Make irq_retrigger() functional for posted MSI Peter Zijlstra <peterz(a)infradead.org> x86/bug: Fix old GCC compile fails Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Andrew Jeffery <andrew(a)codeconstruct.com.au> dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml Sai Krishna Potthuri <sai.krishna.potthuri(a)amd.com> mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds Jared Kangas <jkangas(a)redhat.com> mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Christophe Leroy <christophe.leroy(a)csgroup.eu> spi: fsl-cpm: Check length parity before switching to 16 bit mode Pengjie Zhang <zhangpengjie2(a)huawei.com> ACPI: CPPC: Fix missing PCC check for guaranteed_perf Pengjie Zhang <zhangpengjie2(a)huawei.com> ACPI: PCC: Fix race condition by removing static qualifier Yongxin Liu <yongxin.liu(a)windriver.com> platform/x86: intel_pmc_ipc: fix ACPI buffer memory leak Kartik Rajput <kkartik(a)nvidia.com> soc/tegra: fuse: Do not register SoC device on ACPI boot Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_can_open(): fix error handling Christoph Hellwig <hch(a)lst.de> xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails Christoffer Sandberg <cs(a)tuxedo.de> Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Duoming Zhou <duoming(a)zju.edu.cn> Input: alps - fix use-after-free bugs caused by dev3_register_work Minseong Kim <ii4gsp(a)gmail.com> Input: lkkbd - disable pending work before freeing device Junjie Cao <junjie.cao(a)intel.com> Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Sanjay Govind <sanjay.govind9(a)gmail.com> Input: xpad - add support for CRKD Guitars Sasha Finkelstein <fnkl.kernel(a)gmail.com> Input: apple_z2 - fix reading incorrect reports after exiting sleep Ping Cheng <pinglinux(a)gmail.com> HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix buffer validation by including null terminator size in EA length Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Fix refcount leak when invalid session is found on session lookup Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: skip lock-range check on equal size to avoid size==0 underflow Nuno Sá <nuno.sa(a)analog.com> hwmon: (ltc4282): Fix reset_history file permissions Rob Herring (Arm) <robh(a)kernel.org> arm64: dts: mediatek: Apply mt8395-radxa DT overlay at build time Sairaj Kodilkar <sarunkod(a)amd.com> amd/iommu: Preserve domain ids inside the kdump kernel Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Always set OAG_OAGLBCTXCTRL_COUNTER_RESUME Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/oa: Limit num_syncs to prevent oversized allocations Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Limit num_syncs to prevent oversized allocations Thomas Fourier <fourier.thomas(a)gmail.com> block: rnbd-clt: Fix leaked ID in init_dev() Ming Lei <ming.lei(a)redhat.com> ublk: fix deadlock when reading partition table Ming Lei <ming.lei(a)redhat.com> ublk: refactor auto buffer register in ublk_dispatch_req() Ming Lei <ming.lei(a)redhat.com> ublk: add `union ublk_io_buf` with improved naming Ming Lei <ming.lei(a)redhat.com> ublk: add parameter `struct io_uring_cmd *` to ublk_prep_auto_buf_reg() huang-jl <huang-jl(a)deepseek.com> io_uring: fix nr_segs calculation in io_import_kbuf Anurag Dutta <a-dutta(a)ti.com> spi: cadence-quadspi: Fix clock disable on probe failure path Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix a job->pasid access race in gpu recovery Jianpeng Chang <jianpeng.chang.cn(a)windriver.com> arm64: kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder Juergen Gross <jgross(a)suse.com> x86/xen: Fix sparse warning in enlighten_pv.c Marijn Suijten <marijn.suijten(a)somainline.org> drm/panel: sony-td4353-jdi: Enable prepare_prev_first Haoxiang Li <haoxiang_li2024(a)163.com> MIPS: Fix a reference leak bug in ip22_check_gio() Jan Maslak <jan.maslak(a)intel.com> drm/xe: Restore engine registers before restarting schedulers after GT reset Jagmeet Randhawa <jagmeet.randhawa(a)intel.com> drm/xe: Increase TDF timeout Junxiao Chang <junxiao.chang(a)intel.com> drm/me/gsc: mei interrupt top half should be in irq disabled context Arnd Bergmann <arnd(a)arndb.de> drm/xe: fix drm_gpusvm_init() arguments Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe: Apply Wa_14020316580 in xe_gt_idle_enable_pg() Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Fix freq kobject leak on sysfs_create_files failure Alexey Simakov <bigalex934(a)gmail.com> hwmon: (tmp401) fix overflow caused by default conversion rate value Junrui Luo <moonafterrain(a)outlook.com> hwmon: (ibmpex) fix use-after-free in high/low store Denis Sergeev <denserg.edu(a)gmail.com> hwmon: (dell-smm) Limit fan multiplier to avoid overflow Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: mpfs: Fix an error handling path in mpfs_spi_probe() Prajna Rajendra Kumar <prajna.rajendrakumar(a)microchip.com> spi: microchip: rename driver file and internal identifiers Ming Lei <ming.lei(a)redhat.com> block: fix race between wbt_enable_default and IO submission Nilay Shroff <nilay(a)linux.ibm.com> block: use {alloc|free}_sched data methods Nilay Shroff <nilay(a)linux.ibm.com> block: introduce alloc_sched_data and free_sched_data elevator methods Nilay Shroff <nilay(a)linux.ibm.com> block: move elevator tags into struct elevator_resources Nilay Shroff <nilay(a)linux.ibm.com> block: unify elevator tags and type xarrays into struct elv_change_ctx Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix overflow in ublk_queue_auto_zc_fallback() José Expósito <jose.exposito89(a)gmail.com> drm/tests: Handle EDEADLK in set_up_atomic_state() José Expósito <jose.exposito89(a)gmail.com> drm/tests: Handle EDEADLK in drm_test_check_valid_clones() José Expósito <jose.exposito89(a)gmail.com> drm/tests: hdmi: Handle drm_kunit_helper_enable_crtc_connector() returning EDEADLK Jian Shen <shenjian15(a)huawei.com> net: hns3: add VLAN id validation before using Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps in the vf driver to apply for resources Wei Fang <wei.fang(a)nxp.com> net: enetc: do not transmit redirected XDP frames when the link is down Scott Mayhew <smayhew(a)redhat.com> net/handshake: duplicate handshake cancellations leak socket Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Don't include PSP in the hard MTU calculations Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Trigger neighbor resolution for unresolved destinations Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Use ip6_dst_lookup instead of ipv6_dst_lookup_flow for MAC init Shay Drory <shayd(a)nvidia.com> net/mlx5: Serialize firmware reset with devlink Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Handle escaped percent properly Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Validate format string parameters Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Drain firmware reset in shutdown callback Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: fw reset, clear reset requested on drain_fw_reset Gal Pressman <gal(a)nvidia.com> ethtool: Avoid overflowing userspace buffer on stats query Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: make j1939_sk_bind() fail if device is no longer registered Jason Gunthorpe <jgg(a)ziepe.ca> iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED Jason Gunthorpe <jgg(a)ziepe.ca> iommufd/selftest: Make it clearer to gcc that the access is not out of bounds Florian Westphal <fw(a)strlen.de> selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove redundant chain validation on register store Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: remove bogus direction check Dan Carpenter <dan.carpenter(a)linaro.org> nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() Victor Nogueira <victor(a)mojatatu.com> net/sched: ets: Remove drr class from the active list if it changes to strict Junrui Luo <moonafterrain(a)outlook.com> caif: fix integer underflow in cffrml_receive() Florian Westphal <fw(a)strlen.de> selftests: netfilter: prefer xfail in case race wasn't triggered Slavin Liu <slavin452(a)gmail.com> ipvs: fix ipv4 null-ptr-deref in route error path Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: fix leaked ct in error paths Jakub Kicinski <kuba(a)kernel.org> inet: frags: flush pending skbs in fqdir_pre_exit() Jakub Kicinski <kuba(a)kernel.org> inet: frags: add inet_frag_queue_flush() Jakub Kicinski <kuba(a)kernel.org> inet: frags: avoid theoretical race in ip_frag_reinit() Guenter Roeck <linux(a)roeck-us.net> selftests: net: tfo: Fix build warning Guenter Roeck <linux(a)roeck-us.net> selftests: net: Fix build warnings Guenter Roeck <linux(a)roeck-us.net> selftest: af_unix: Support compilers without flex-array-member-not-at-end support Alexey Simakov <bigalex934(a)gmail.com> broadcom: b44: prevent uninitialized value usage Arnd Bergmann <arnd(a)arndb.de> net: ti: icssg-prueth: add PTP_1588_CLOCK_OPTIONAL dependency Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix middle attribute validation in push_nsh() action Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix XDP_TX path Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix neighbour use-after-free Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix possible neighbour reference count leak Gerd Bayer <gbayer(a)linux.ibm.com> net/mlx5: Fix double unregister of HCA_PORTS component Dmitry Skorodumov <skorodumov.dmitry(a)huawei.com> ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Ivan Galkin <ivan.galkin(a)axis.com> net: phy: RTL8211FVD: Restore disabling of PHY-mode EEE Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: realtek: create rtl8211f_config_phy_eee() helper Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: realtek: eliminate priv->phycr1 variable Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: realtek: allow CLKOUT to be disabled on RTL8211F(D)(I)-VD-CG Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: realtek: eliminate has_phycr2 variable Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: realtek: eliminate priv->phycr2 variable Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Avoid unregistering PSP twice Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: make enable_mpesw idempotent Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Wang Liang <wangliang74(a)huawei.com> netrom: Fix memory leak in nr_sendmsg() Wei Fang <wei.fang(a)nxp.com> net: fec: ERR007885 Workaround for XDP TX path Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix use of bio_chain Max Chou <max.chou(a)realtek.com> Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT Gongwei Li <ligongwei(a)kylinos.cn> Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Shuai Zhang <quic_shuaz(a)quicinc.com> Bluetooth: btusb: add new custom firmwares Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 Chingbin Li <liqb365(a)163.com> Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: vfs: fix race on m_flags in vfs_cache Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix return value of smb2_ioctl() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: fix remote evict for read-only filesystems Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/101 Qu Wenruo <wqu(a)suse.com> btrfs: scrub: always update btrfs_scrub_progress::last_physical Hans de Goede <hansg(a)kernel.org> wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet Quan Zhou <quan.zhou(a)mediatek.com> wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: use cfg80211_leave() in iftype change Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: stop radar detection in cfg80211_leave() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: check for shutdown in fsync Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/073 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: Verify inode mode when loading from disk Yang Chenzhi <yang.chenzhi(a)vivo.com> hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/070 Pedro Demarchi Gomes <pedrodemargomes(a)gmail.com> ntfs: set dummy blocksize to read boot_block when mounting Mikhail Malyshev <mike.malyshev(a)gmail.com> kbuild: Use objtree for module signing key path Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Support timestamps prior to epoch Mario Limonciello (AMD) <superm1(a)kernel.org> crypto: ccp - Add support for PCI device 0x115A Song Liu <song(a)kernel.org> livepatch: Match old_sympos 0 and 1 in klp_find_func() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> scripts: kdoc_parser.py: warn about Python version only once Yu Peng <pengyu(a)kylinos.cn> x86/microcode: Mark early_parse_cmdline() as __init Aboorva Devarajan <aboorvad(a)linux.ibm.com> cpuidle: menu: Use residency threshold in polling state override decisions Shuhao Fu <sfual(a)cse.ust.hk> cpufreq: s5pv210: fix refcount leak Armin Wolf <W_Armin(a)gmx.de> ACPI: fan: Workaround for 64-bit firmware bug Hal Feng <hal.feng(a)starfivetech.com> cpufreq: dt-platdev: Add JH7110S SOC to the allowlist Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Cryolitia PukNgae <cryolitia.pukngae(a)linux.dev> ACPICA: Avoid walking the Namespace if start_node is NULL Peter Zijlstra <peterz(a)infradead.org> x86/ptrace: Always inline trivial accessors Peter Zijlstra <peterz(a)infradead.org> sched/fair: Revert max_newidle_lb_cost bump Doug Berger <opendmb(a)gmail.com> sched/deadline: only set free_cpus for online runqueues George Kennedy <george.kennedy(a)oracle.com> perf/x86/amd: Check event before enable to avoid GPF Pankaj Raghav <p.raghav(a)samsung.com> scripts/faddr2line: Fix "Argument list too long" error Joanne Koong <joannelkoong(a)gmail.com> iomap: account for unaligned end offsets when truncating read range Joanne Koong <joannelkoong(a)gmail.com> iomap: adjust read range correctly for non-block-aligned positions Al Viro <viro(a)zeniv.linux.org.uk> shmem: fix recovery on rename failures Filipe Manana <fdmanana(a)suse.com> btrfs: fix changeset leak on mmap write after failure to reserve metadata Deepanshu Kartikey <kartikey406(a)gmail.com> btrfs: fix memory leak of fs_devices in degraded seed device path Shuran Liu <electronlsr(a)gmail.com> bpf: Fix verifier assumptions of bpf_d_path's output buffer T.J. Mercier <tjmercier(a)google.com> bpf: Fix truncated dmabuf iterator reads Ondrej Mosnacek <omosnace(a)redhat.com> bpf, arm64: Do not audit capability check in do_jit() Qu Wenruo <wqu(a)suse.com> btrfs: fix a potential path leak in print_data_reloc_error() Filipe Manana <fdmanana(a)suse.com> btrfs: do not skip logging new dentries when logging a new name ------------- Diffstat: .../devicetree/bindings/mmc/aspeed,sdhci.yaml | 2 +- .../devicetree/bindings/pci/qcom,pcie-sc7280.yaml | 5 + .../bindings/pci/qcom,pcie-sc8280xp.yaml | 3 + .../devicetree/bindings/pci/qcom,pcie-sm8150.yaml | 5 + .../devicetree/bindings/pci/qcom,pcie-sm8250.yaml | 5 + .../devicetree/bindings/pci/qcom,pcie-sm8350.yaml | 5 + .../devicetree/bindings/pci/qcom,pcie-sm8450.yaml | 5 + .../devicetree/bindings/pci/qcom,pcie-sm8550.yaml | 5 + .../devicetree/bindings/slimbus/slimbus.yaml | 16 +- Makefile | 4 +- arch/arm/boot/dts/microchip/sama5d2.dtsi | 10 +- arch/arm/boot/dts/microchip/sama7d65.dtsi | 6 +- arch/arm/boot/dts/microchip/sama7g5.dtsi | 4 +- arch/arm64/boot/dts/mediatek/Makefile | 2 + arch/arm64/crypto/ghash-ce-glue.c | 2 +- arch/arm64/kernel/process.c | 1 + arch/arm64/net/bpf_jit_comp.c | 2 +- arch/mips/kernel/ftrace.c | 25 ++- arch/mips/sgi-ip22/ip22-gio.c | 3 +- arch/powerpc/boot/addnote.c | 7 +- arch/powerpc/include/asm/crash_reserve.h | 8 + arch/powerpc/kernel/btext.c | 3 +- arch/powerpc/kexec/core_64.c | 19 ++ arch/riscv/crypto/Kconfig | 12 +- arch/s390/include/uapi/asm/ipl.h | 1 + arch/s390/kernel/ipl.c | 48 +++-- arch/um/kernel/process.c | 4 +- arch/um/kernel/um_arch.c | 2 - arch/x86/events/amd/core.c | 7 +- arch/x86/include/asm/bug.h | 2 +- arch/x86/include/asm/irq_remapping.h | 7 + arch/x86/include/asm/kvm_host.h | 1 - arch/x86/include/asm/ptrace.h | 20 +- arch/x86/kernel/cpu/mce/threshold.c | 3 +- arch/x86/kernel/cpu/microcode/core.c | 2 +- arch/x86/kernel/fpu/xstate.c | 4 +- arch/x86/kernel/irq.c | 23 +++ arch/x86/kvm/cpuid.c | 11 +- arch/x86/kvm/lapic.c | 32 +++- arch/x86/kvm/svm/nested.c | 6 +- arch/x86/kvm/svm/svm.c | 54 ++++-- arch/x86/kvm/svm/svm.h | 7 +- arch/x86/kvm/vmx/nested.c | 3 +- arch/x86/kvm/vmx/tdx.c | 56 +++--- arch/x86/kvm/vmx/tdx.h | 1 - arch/x86/kvm/x86.c | 34 ++-- arch/x86/xen/enlighten_pv.c | 2 +- block/bfq-iosched.c | 2 +- block/blk-mq-sched.c | 117 +++++++++--- block/blk-mq-sched.h | 40 +++- block/blk-mq.c | 50 ++--- block/blk-sysfs.c | 28 +-- block/blk-wbt.c | 20 +- block/blk-wbt.h | 5 + block/blk-zoned.c | 42 +++-- block/blk.h | 7 +- block/elevator.c | 84 ++++----- block/elevator.h | 27 ++- block/genhd.c | 2 +- crypto/af_alg.c | 5 +- crypto/algif_hash.c | 3 +- crypto/algif_rng.c | 3 +- crypto/scatterwalk.c | 95 ++++++++-- drivers/acpi/acpi_pcc.c | 2 +- drivers/acpi/acpica/nswalk.c | 9 +- drivers/acpi/cppc_acpi.c | 3 +- drivers/acpi/fan.h | 33 ++++ drivers/acpi/fan_hwmon.c | 10 +- drivers/acpi/property.c | 8 +- drivers/amba/tegra-ahb.c | 1 + drivers/android/binder/process.rs | 8 +- drivers/base/power/runtime.c | 22 ++- drivers/block/floppy.c | 2 +- drivers/block/rnbd/rnbd-clt.c | 13 +- drivers/block/rnbd/rnbd-clt.h | 2 +- drivers/block/ublk_drv.c | 139 +++++++++----- drivers/block/zloop.c | 12 +- drivers/bluetooth/btusb.c | 11 ++ drivers/bus/ti-sysc.c | 11 +- drivers/char/applicom.c | 5 +- drivers/char/ipmi/ipmi_msghandler.c | 20 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/char/tpm/tpm1-cmd.c | 5 - drivers/char/tpm/tpm2-cmd.c | 34 +++- drivers/char/tpm/tpm2-sessions.c | 194 ++++++++++++------- drivers/clk/keystone/syscon-clk.c | 2 +- drivers/clk/mvebu/cp110-system-controller.c | 20 ++ drivers/clk/qcom/dispcc-sm7150.c | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 1 + drivers/cpufreq/cpufreq-nforce2.c | 3 + drivers/cpufreq/s5pv210-cpufreq.c | 6 +- drivers/cpuidle/governors/menu.c | 9 +- drivers/cpuidle/governors/teo.c | 7 +- drivers/crypto/caam/caamrng.c | 4 +- drivers/crypto/ccp/sp-pci.c | 19 ++ drivers/firmware/efi/efi.c | 3 + drivers/firmware/imx/imx-scu-irq.c | 4 +- drivers/gpio/gpio-loongson-64bit.c | 10 +- drivers/gpio/gpio-regmap.c | 2 +- drivers/gpio/gpiolib-acpi-quirks.c | 22 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 +++--- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 8 +- .../display/dc/resource/dcn351/dcn351_resource.c | 8 +- drivers/gpu/drm/drm_displayid.c | 19 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 18 +- drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 4 +- drivers/gpu/drm/panel/panel-sony-td4353-jdi.c | 2 + drivers/gpu/drm/tests/drm_atomic_state_test.c | 40 +++- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 143 ++++++++++++++ drivers/gpu/drm/xe/xe_device.c | 2 +- drivers/gpu/drm/xe/xe_exec.c | 3 +- drivers/gpu/drm/xe/xe_gt.c | 7 +- drivers/gpu/drm/xe/xe_gt_freq.c | 4 +- drivers/gpu/drm/xe/xe_gt_idle.c | 8 + drivers/gpu/drm/xe/xe_heci_gsc.c | 4 +- drivers/gpu/drm/xe/xe_oa.c | 10 +- drivers/gpu/drm/xe/xe_svm.h | 2 +- drivers/gpu/drm/xe/xe_vm.c | 3 + drivers/gpu/drm/xe/xe_wa.c | 8 - drivers/gpu/drm/xe/xe_wa_oob.rules | 1 + drivers/hid/hid-input.c | 18 +- drivers/hwmon/dell-smm-hwmon.c | 9 + drivers/hwmon/emc2305.c | 8 +- drivers/hwmon/ibmpex.c | 9 +- drivers/hwmon/ltc4282.c | 9 +- drivers/hwmon/max16065.c | 7 +- drivers/hwmon/max6697.c | 2 +- drivers/hwmon/tmp401.c | 2 +- drivers/hwmon/w83791d.c | 19 +- drivers/hwmon/w83l786ng.c | 26 ++- drivers/hwtracing/intel_th/core.c | 20 +- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 +- drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 7 + drivers/iio/adc/ti_am335x_adc.c | 2 +- drivers/input/joystick/xpad.c | 5 + drivers/input/keyboard/lkkbd.c | 5 +- drivers/input/mouse/alps.c | 1 + drivers/input/serio/i8042-acpipnpio.h | 7 + drivers/input/touchscreen/apple_z2.c | 4 + drivers/input/touchscreen/ti_am335x_tsc.c | 2 +- drivers/interconnect/qcom/sdx75.c | 26 --- drivers/interconnect/qcom/sdx75.h | 2 - drivers/iommu/amd/init.c | 23 ++- drivers/iommu/intel/irq_remapping.c | 8 +- drivers/iommu/iommufd/selftest.c | 8 +- drivers/iommu/mtk_iommu.c | 25 ++- drivers/md/dm-pcache/cache.c | 8 +- drivers/md/dm-pcache/cache_segment.c | 8 +- drivers/media/platform/qcom/iris/iris_vb2.c | 8 +- drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 + drivers/media/usb/dvb-usb/dtv5100.c | 5 + drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 +- drivers/misc/mei/Kconfig | 2 +- drivers/misc/mei/main.c | 1 + drivers/mmc/host/Kconfig | 4 +- drivers/mmc/host/sdhci-msm.c | 27 +-- drivers/mmc/host/sdhci-of-arasan.c | 2 +- drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/ethernet/broadcom/b44.c | 3 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 5 + .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 97 ++++++++-- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 1 - .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 48 ++++- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 1 + .../net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 27 +-- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/ti/Kconfig | 3 +- drivers/net/ipvlan/ipvlan_core.c | 3 + drivers/net/phy/marvell-88q2xxx.c | 2 +- drivers/net/phy/realtek/realtek_main.c | 114 ++++++----- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 ++ drivers/net/wireless/mediatek/mt76/eeprom.c | 37 ++-- drivers/net/wireless/mediatek/mt76/mt7921/mcu.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 2 +- drivers/net/wireless/realtek/rtl8xxxu/core.c | 7 +- drivers/nfc/pn533/usb.c | 2 +- drivers/nvme/host/fabrics.c | 2 +- drivers/nvme/host/fc.c | 6 +- drivers/of/fdt.c | 2 +- drivers/parisc/gsc.c | 4 +- drivers/perf/arm_cspmu/arm_cspmu.c | 4 +- drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 2 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 71 ++++--- drivers/platform/chrome/cros_ec_ishtp.c | 1 + drivers/platform/x86/intel/chtwc_int33fe.c | 29 ++- drivers/platform/x86/intel/hid.c | 12 ++ drivers/platform/x86/lenovo/wmi-gamezone.c | 17 +- drivers/pwm/pwm-rzg2l-gpt.c | 15 +- drivers/rpmsg/qcom_glink_native.c | 8 + drivers/s390/block/dasd_eckd.c | 8 + drivers/scsi/aic94xx/aic94xx_init.c | 3 + drivers/scsi/lpfc/lpfc_els.c | 36 +++- drivers/scsi/lpfc/lpfc_hbadisc.c | 4 +- drivers/scsi/mpi3mr/mpi/mpi30_ioc.h | 1 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 + drivers/scsi/qla2xxx/qla_def.h | 1 - drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 32 +--- drivers/scsi/qla2xxx/qla_mbx.c | 2 + drivers/scsi/qla2xxx/qla_mid.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 14 +- drivers/scsi/scsi_debug.c | 2 +- drivers/scsi/smartpqi/smartpqi_init.c | 4 + drivers/soc/amlogic/meson-canvas.c | 5 +- drivers/soc/apple/mailbox.c | 15 +- drivers/soc/qcom/ocmem.c | 2 +- drivers/soc/qcom/qcom-pbs.c | 2 + drivers/soc/samsung/exynos-pmu.c | 2 + drivers/soc/tegra/fuse/fuse-tegra.c | 2 - drivers/spi/Kconfig | 19 +- drivers/spi/Makefile | 2 +- drivers/spi/spi-cadence-quadspi.c | 4 +- drivers/spi/spi-fsl-spi.c | 2 +- drivers/spi/{spi-microchip-core.c => spi-mpfs.c} | 208 +++++++++++---------- drivers/target/target_core_transport.c | 1 + drivers/tty/serial/serial_base_bus.c | 11 +- drivers/tty/serial/sh-sci.c | 2 +- drivers/tty/serial/sprd_serial.c | 6 + drivers/tty/serial/xilinx_uartps.c | 14 +- drivers/ufs/core/ufshcd.c | 5 +- drivers/ufs/host/ufs-mediatek.c | 5 + drivers/usb/dwc3/dwc3-of-simple.c | 7 +- drivers/usb/dwc3/gadget.c | 2 +- drivers/usb/dwc3/host.c | 2 +- drivers/usb/gadget/function/f_fs.c | 53 +++++- drivers/usb/gadget/udc/lpc32xx_udc.c | 21 ++- drivers/usb/host/ohci-nxp.c | 2 + drivers/usb/host/xhci-dbgtty.c | 2 +- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/host/xhci-ring.c | 27 +-- drivers/usb/phy/phy-fsl-usb.c | 1 + drivers/usb/phy/phy-isp1301.c | 7 +- drivers/usb/renesas_usbhs/pipe.c | 2 + drivers/usb/storage/unusual_uas.h | 2 +- drivers/usb/typec/altmodes/displayport.c | 8 +- drivers/usb/typec/ucsi/Kconfig | 1 + drivers/usb/typec/ucsi/ucsi.c | 6 + drivers/usb/usbip/vhci_hcd.c | 6 +- drivers/vdpa/octeon_ep/octep_vdpa_main.c | 1 + drivers/vfio/device_cdev.c | 2 +- drivers/vhost/vsock.c | 15 +- drivers/watchdog/via_wdt.c | 1 + fs/btrfs/file.c | 3 +- fs/btrfs/inode.c | 1 + fs/btrfs/ioctl.c | 4 +- fs/btrfs/scrub.c | 5 + fs/btrfs/tree-log.c | 46 ++++- fs/btrfs/volumes.c | 1 + fs/exfat/file.c | 5 + fs/exfat/super.c | 19 +- fs/ext4/ialloc.c | 1 - fs/ext4/inode.c | 1 - fs/ext4/ioctl.c | 4 + fs/ext4/mballoc.c | 2 + fs/ext4/orphan.c | 4 +- fs/ext4/super.c | 6 +- fs/ext4/xattr.c | 6 +- fs/f2fs/compress.c | 5 +- fs/f2fs/data.c | 17 ++ fs/f2fs/extent_cache.c | 5 +- fs/f2fs/f2fs.h | 13 +- fs/f2fs/file.c | 12 +- fs/f2fs/gc.c | 2 +- fs/f2fs/namei.c | 6 +- fs/f2fs/recovery.c | 20 +- fs/f2fs/segment.c | 9 +- fs/f2fs/segment.h | 8 +- fs/f2fs/super.c | 116 +++++------- fs/f2fs/xattr.c | 32 ++-- fs/f2fs/xattr.h | 10 +- fs/fuse/dev.c | 2 +- fs/fuse/dev_uring.c | 6 +- fs/fuse/file.c | 37 +++- fs/fuse/fuse_dev_i.h | 1 + fs/gfs2/glops.c | 3 +- fs/gfs2/lops.c | 2 +- fs/gfs2/quota.c | 2 +- fs/gfs2/super.c | 4 +- fs/hfsplus/bnode.c | 4 +- fs/hfsplus/dir.c | 7 +- fs/hfsplus/hfsplus_fs.h | 2 + fs/hfsplus/inode.c | 41 +++- fs/hfsplus/super.c | 87 +++++---- fs/iomap/buffered-io.c | 41 +++- fs/jbd2/journal.c | 20 +- fs/jbd2/transaction.c | 2 +- fs/libfs.c | 50 +++-- fs/nfsd/blocklayout.c | 3 +- fs/nfsd/export.c | 2 +- fs/nfsd/nfs4xdr.c | 5 + fs/nfsd/nfsd.h | 8 +- fs/nfsd/nfssvc.c | 5 +- fs/nfsd/vfs.h | 3 +- fs/notify/fsnotify.c | 9 +- fs/ntfs3/file.c | 14 +- fs/ntfs3/ntfs_fs.h | 9 +- fs/ntfs3/run.c | 6 +- fs/ntfs3/super.c | 5 + fs/ocfs2/suballoc.c | 10 + fs/smb/client/fs_context.c | 2 + fs/smb/server/mgmt/tree_connect.c | 18 +- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/mgmt/user_session.c | 4 +- fs/smb/server/smb2pdu.c | 16 +- fs/smb/server/vfs.c | 5 +- fs/smb/server/vfs_cache.c | 88 ++++++--- fs/super.c | 2 +- fs/xfs/libxfs/xfs_sb.c | 15 ++ fs/xfs/scrub/attr_repair.c | 2 +- fs/xfs/xfs_attr_item.c | 2 +- fs/xfs/xfs_buf_item.c | 1 + fs/xfs/xfs_qm.c | 5 +- fs/xfs/xfs_rtalloc.c | 14 +- include/crypto/scatterwalk.h | 52 +++--- include/dt-bindings/clock/qcom,mmcc-sdm660.h | 1 + include/linux/blkdev.h | 2 +- include/linux/crash_reserve.h | 6 + include/linux/dma-mapping.h | 2 +- include/linux/fs.h | 2 +- include/linux/jbd2.h | 6 + include/linux/ksm.h | 4 +- include/linux/platform_data/x86/intel_pmc_ipc.h | 4 +- include/linux/reset.h | 1 + include/linux/slab.h | 7 + include/linux/tpm.h | 21 ++- include/media/v4l2-mem2mem.h | 3 +- include/net/inet_frag.h | 18 +- include/net/ipv6_frag.h | 9 +- include/sound/soc.h | 1 + include/trace/events/tlb.h | 5 +- include/uapi/drm/xe_drm.h | 1 + include/uapi/linux/mptcp.h | 1 + io_uring/io_uring.c | 3 + io_uring/openclose.c | 2 +- io_uring/poll.c | 9 +- io_uring/rsrc.c | 13 +- kernel/bpf/dmabuf_iter.c | 56 +++++- kernel/cgroup/rstat.c | 13 +- kernel/crash_reserve.c | 3 + kernel/kallsyms.c | 5 +- kernel/livepatch/core.c | 8 +- kernel/printk/internal.h | 8 +- kernel/printk/nbcon.c | 9 +- kernel/printk/printk.c | 83 ++++++-- kernel/sched/cpudeadline.c | 34 +--- kernel/sched/cpudeadline.h | 4 +- kernel/sched/deadline.c | 8 +- kernel/sched/ext.c | 62 ++++-- kernel/sched/fair.c | 19 +- kernel/scs.c | 2 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace_events.c | 2 + kernel/trace/trace_events_synth.c | 1 - lib/crypto/Kconfig | 9 +- lib/crypto/riscv/.gitignore | 2 + lib/crypto/riscv/chacha-riscv64-zvkb.S | 5 +- lib/crypto/x86/blake2s-core.S | 4 +- mm/huge_memory.c | 2 +- mm/ksm.c | 20 +- mm/shmem.c | 24 ++- mm/slab.h | 1 + mm/slab_common.c | 52 ++++-- mm/slub.c | 59 +++--- net/caif/cffrml.c | 9 +- net/can/j1939/socket.c | 6 + net/ceph/osdmap.c | 116 ++++++------ net/ethtool/ioctl.c | 30 ++- net/handshake/request.c | 8 +- net/hsr/hsr_forward.c | 2 + net/ipv4/inet_fragment.c | 55 +++++- net/ipv4/ip_fragment.c | 22 +-- net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 22 ++- net/netfilter/ipvs/ip_vs_xmit.c | 3 + net/netfilter/nf_conncount.c | 25 +-- net/netfilter/nf_nat_core.c | 14 +- net/netfilter/nf_tables_api.c | 11 -- net/netrom/nr_out.c | 4 +- net/openvswitch/flow_netlink.c | 13 +- net/sched/sch_ets.c | 6 +- net/sunrpc/auth_gss/svcauth_gss.c | 3 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 7 +- net/wireless/core.c | 1 + net/wireless/core.h | 1 + net/wireless/mlme.c | 19 ++ net/wireless/util.c | 23 +-- rust/helpers/dma.c | 21 +++ rust/kernel/devres.rs | 18 +- rust/kernel/drm/gem/mod.rs | 2 +- rust/kernel/io.rs | 26 ++- rust/kernel/io/resource.rs | 13 +- samples/rust/rust_driver_pci.rs | 2 +- scripts/Makefile.modinst | 2 +- scripts/faddr2line | 13 +- scripts/lib/kdoc/kdoc_parser.py | 7 +- security/keys/trusted-keys/trusted_tpm2.c | 35 +++- sound/hda/codecs/realtek/alc269.c | 11 +- sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 +- sound/pcmcia/vx/vxpocket.c | 8 +- sound/soc/codecs/ak4458.c | 4 - sound/soc/fsl/fsl_sai.c | 10 +- sound/soc/sdca/sdca_asoc.c | 34 +--- sound/soc/soc-ops.c | 84 +++++++-- sound/soc/sof/ipc4-topology.c | 24 ++- sound/usb/mixer_us16x08.c | 20 +- tools/lib/perf/cpumap.c | 10 +- tools/testing/ktest/config-bisect.pl | 4 +- tools/testing/nvdimm/test/nfit.c | 7 +- tools/testing/selftests/iommu/iommufd.c | 8 +- tools/testing/selftests/kvm/Makefile | 2 +- tools/testing/selftests/kvm/rseq_test.c | 1 + tools/testing/selftests/net/af_unix/Makefile | 7 +- tools/testing/selftests/net/lib/ksft.h | 6 +- tools/testing/selftests/net/mptcp/pm_netlink.sh | 4 + tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 11 ++ .../selftests/net/netfilter/conntrack_clash.sh | 9 +- .../net/netfilter/conntrack_reverse_clash.c | 13 +- .../net/netfilter/conntrack_reverse_clash.sh | 2 + .../packetdrill/conntrack_syn_challenge_ack.pkt | 2 +- tools/testing/selftests/net/tfo.c | 3 +- tools/testing/selftests/ublk/kublk.h | 12 +- tools/tracing/rtla/src/timerlat.bpf.c | 3 + virt/kvm/kvm_main.c | 4 +- 441 files changed, 4077 insertions(+), 1949 deletions(-)

2 hours

14
444
0 0

FAILED: patch "[PATCH] drm/displayid: add quirk to ignore DisplayID checksum errors" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 83cbb4d33dc22b0ca1a4e85c6e892c9b729e28d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025122954-stony-herring-2347@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 83cbb4d33dc22b0ca1a4e85c6e892c9b729e28d4 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Tue, 28 Oct 2025 22:07:27 +0200 Subject: [PATCH] drm/displayid: add quirk to ignore DisplayID checksum errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a mechanism for DisplayID specific quirks, and add the first quirk to ignore DisplayID section checksum errors. It would be quite inconvenient to pass existing EDID quirks from drm_edid.c for DisplayID parsing. Not all places doing DisplayID iteration have the quirks readily available, and would have to pass it in all places. Simply add a separate array of DisplayID specific EDID quirks. We do end up checking it every time we iterate DisplayID blocks, but hopefully the number of quirks remains small. There are a few laptop models with DisplayID checksum failures, leading to higher refresh rates only present in the DisplayID blocks being ignored. Add a quirk for the panel in the machines. Reported-by: Tiago Martins Araújo <tiago.martins.araujo(a)gmail.com> Closes: https://lore.kernel.org/r/CACRbrPGvLP5LANXuFi6z0S7XMbAG4X5y2YOLBDxfOVtfGGqi… Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14703 Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Tested-by: Tiago Martins Araújo <tiago.martins.araujo(a)gmail.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/c04d81ae648c5f21b3f5b7953f924718051f2798.176168196… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c index 20b453d2b854..58d0bb6d2676 100644 --- a/drivers/gpu/drm/drm_displayid.c +++ b/drivers/gpu/drm/drm_displayid.c @@ -9,6 +9,34 @@ #include "drm_crtc_internal.h" #include "drm_displayid_internal.h" +enum { + QUIRK_IGNORE_CHECKSUM, +}; + +struct displayid_quirk { + const struct drm_edid_ident ident; + u8 quirks; +}; + +static const struct displayid_quirk quirks[] = { + { + .ident = DRM_EDID_IDENT_INIT('C', 'S', 'O', 5142, "MNE007ZA1-5"), + .quirks = BIT(QUIRK_IGNORE_CHECKSUM), + }, +}; + +static u8 get_quirks(const struct drm_edid *drm_edid) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(quirks); i++) { + if (drm_edid_match(drm_edid, &quirks[i].ident)) + return quirks[i].quirks; + } + + return 0; +} + static const struct displayid_header * displayid_get_header(const u8 *displayid, int length, int index) { @@ -23,7 +51,7 @@ displayid_get_header(const u8 *displayid, int length, int index) } static const struct displayid_header * -validate_displayid(const u8 *displayid, int length, int idx) +validate_displayid(const u8 *displayid, int length, int idx, bool ignore_checksum) { int i, dispid_length; u8 csum = 0; @@ -41,8 +69,11 @@ validate_displayid(const u8 *displayid, int length, int idx) for (i = 0; i < dispid_length; i++) csum += displayid[idx + i]; if (csum) { - DRM_NOTE("DisplayID checksum invalid, remainder is %d\n", csum); - return ERR_PTR(-EINVAL); + DRM_NOTE("DisplayID checksum invalid, remainder is %d%s\n", csum, + ignore_checksum ? " (ignoring)" : ""); + + if (!ignore_checksum) + return ERR_PTR(-EINVAL); } return base; @@ -52,6 +83,7 @@ static const u8 *find_next_displayid_extension(struct displayid_iter *iter) { const struct displayid_header *base; const u8 *displayid; + bool ignore_checksum = iter->quirks & BIT(QUIRK_IGNORE_CHECKSUM); displayid = drm_edid_find_extension(iter->drm_edid, DISPLAYID_EXT, &iter->ext_index); if (!displayid) @@ -61,7 +93,7 @@ static const u8 *find_next_displayid_extension(struct displayid_iter *iter) iter->length = EDID_LENGTH - 1; iter->idx = 1; - base = validate_displayid(displayid, iter->length, iter->idx); + base = validate_displayid(displayid, iter->length, iter->idx, ignore_checksum); if (IS_ERR(base)) return NULL; @@ -76,6 +108,7 @@ void displayid_iter_edid_begin(const struct drm_edid *drm_edid, memset(iter, 0, sizeof(*iter)); iter->drm_edid = drm_edid; + iter->quirks = get_quirks(drm_edid); } static const struct displayid_block * diff --git a/drivers/gpu/drm/drm_displayid_internal.h b/drivers/gpu/drm/drm_displayid_internal.h index 957dd0619f5c..5b1b32f73516 100644 --- a/drivers/gpu/drm/drm_displayid_internal.h +++ b/drivers/gpu/drm/drm_displayid_internal.h @@ -167,6 +167,8 @@ struct displayid_iter { u8 version; u8 primary_use; + + u8 quirks; }; void displayid_iter_edid_begin(const struct drm_edid *drm_edid,

2 hours, 13 minutes

2
3
0 0

FAILED: patch "[PATCH] drm/displayid: add quirk to ignore DisplayID checksum errors" failed to apply to 6.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.18.y git checkout FETCH_HEAD git cherry-pick -x 83cbb4d33dc22b0ca1a4e85c6e892c9b729e28d4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025122944-trimester-congrats-2c82@gregkh' --subject-prefix 'PATCH 6.18.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 83cbb4d33dc22b0ca1a4e85c6e892c9b729e28d4 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Tue, 28 Oct 2025 22:07:27 +0200 Subject: [PATCH] drm/displayid: add quirk to ignore DisplayID checksum errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a mechanism for DisplayID specific quirks, and add the first quirk to ignore DisplayID section checksum errors. It would be quite inconvenient to pass existing EDID quirks from drm_edid.c for DisplayID parsing. Not all places doing DisplayID iteration have the quirks readily available, and would have to pass it in all places. Simply add a separate array of DisplayID specific EDID quirks. We do end up checking it every time we iterate DisplayID blocks, but hopefully the number of quirks remains small. There are a few laptop models with DisplayID checksum failures, leading to higher refresh rates only present in the DisplayID blocks being ignored. Add a quirk for the panel in the machines. Reported-by: Tiago Martins Araújo <tiago.martins.araujo(a)gmail.com> Closes: https://lore.kernel.org/r/CACRbrPGvLP5LANXuFi6z0S7XMbAG4X5y2YOLBDxfOVtfGGqi… Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14703 Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Tested-by: Tiago Martins Araújo <tiago.martins.araujo(a)gmail.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/c04d81ae648c5f21b3f5b7953f924718051f2798.176168196… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c index 20b453d2b854..58d0bb6d2676 100644 --- a/drivers/gpu/drm/drm_displayid.c +++ b/drivers/gpu/drm/drm_displayid.c @@ -9,6 +9,34 @@ #include "drm_crtc_internal.h" #include "drm_displayid_internal.h" +enum { + QUIRK_IGNORE_CHECKSUM, +}; + +struct displayid_quirk { + const struct drm_edid_ident ident; + u8 quirks; +}; + +static const struct displayid_quirk quirks[] = { + { + .ident = DRM_EDID_IDENT_INIT('C', 'S', 'O', 5142, "MNE007ZA1-5"), + .quirks = BIT(QUIRK_IGNORE_CHECKSUM), + }, +}; + +static u8 get_quirks(const struct drm_edid *drm_edid) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(quirks); i++) { + if (drm_edid_match(drm_edid, &quirks[i].ident)) + return quirks[i].quirks; + } + + return 0; +} + static const struct displayid_header * displayid_get_header(const u8 *displayid, int length, int index) { @@ -23,7 +51,7 @@ displayid_get_header(const u8 *displayid, int length, int index) } static const struct displayid_header * -validate_displayid(const u8 *displayid, int length, int idx) +validate_displayid(const u8 *displayid, int length, int idx, bool ignore_checksum) { int i, dispid_length; u8 csum = 0; @@ -41,8 +69,11 @@ validate_displayid(const u8 *displayid, int length, int idx) for (i = 0; i < dispid_length; i++) csum += displayid[idx + i]; if (csum) { - DRM_NOTE("DisplayID checksum invalid, remainder is %d\n", csum); - return ERR_PTR(-EINVAL); + DRM_NOTE("DisplayID checksum invalid, remainder is %d%s\n", csum, + ignore_checksum ? " (ignoring)" : ""); + + if (!ignore_checksum) + return ERR_PTR(-EINVAL); } return base; @@ -52,6 +83,7 @@ static const u8 *find_next_displayid_extension(struct displayid_iter *iter) { const struct displayid_header *base; const u8 *displayid; + bool ignore_checksum = iter->quirks & BIT(QUIRK_IGNORE_CHECKSUM); displayid = drm_edid_find_extension(iter->drm_edid, DISPLAYID_EXT, &iter->ext_index); if (!displayid) @@ -61,7 +93,7 @@ static const u8 *find_next_displayid_extension(struct displayid_iter *iter) iter->length = EDID_LENGTH - 1; iter->idx = 1; - base = validate_displayid(displayid, iter->length, iter->idx); + base = validate_displayid(displayid, iter->length, iter->idx, ignore_checksum); if (IS_ERR(base)) return NULL; @@ -76,6 +108,7 @@ void displayid_iter_edid_begin(const struct drm_edid *drm_edid, memset(iter, 0, sizeof(*iter)); iter->drm_edid = drm_edid; + iter->quirks = get_quirks(drm_edid); } static const struct displayid_block * diff --git a/drivers/gpu/drm/drm_displayid_internal.h b/drivers/gpu/drm/drm_displayid_internal.h index 957dd0619f5c..5b1b32f73516 100644 --- a/drivers/gpu/drm/drm_displayid_internal.h +++ b/drivers/gpu/drm/drm_displayid_internal.h @@ -167,6 +167,8 @@ struct displayid_iter { u8 version; u8 primary_use; + + u8 quirks; }; void displayid_iter_edid_begin(const struct drm_edid *drm_edid,

2 hours, 24 minutes

2
3
0 0

FAILED: patch "[PATCH] btrfs: don't log conflicting inode if it's a dir moved in the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 266273eaf4d99475f1ae57f687b3e42bc71ec6f0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025122955-unguided-tinsmith-5d03@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 266273eaf4d99475f1ae57f687b3e42bc71ec6f0 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Thu, 27 Nov 2025 16:35:59 +0000 Subject: [PATCH] btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current transaction, as this can result an attempt to have a directory with two hard links during log replay, one for the old parent directory and another for the new parent directory. The following scenario triggers that issue: 1) We have directories "dir1" and "dir2" created in a past transaction. Directory "dir1" has inode A as its parent directory; 2) We move "dir1" to some other directory; 3) We create a file with the name "dir1" in directory inode A; 4) We fsync the new file. This results in logging the inode of the new file and the inode for the directory "dir1" that was previously moved in the current transaction. So the log tree has the INODE_REF item for the new location of "dir1"; 5) We move the new file to some other directory. This results in updating the log tree to included the new INODE_REF for the new location of the file and removes the INODE_REF for the old location. This happens during the rename when we call btrfs_log_new_name(); 6) We fsync the file, and that persists the log tree changes done in the previous step (btrfs_log_new_name() only updates the log tree in memory); 7) We have a power failure; 8) Next time the fs is mounted, log replay happens and when processing the inode for directory "dir1" we find a new INODE_REF and add that link, but we don't remove the old link of the inode since we have not logged the old parent directory of the directory inode "dir1". As a result after log replay finishes when we trigger writeback of the subvolume tree's extent buffers, the tree check will detect that we have a directory a hard link count of 2 and we get a mount failure. The errors and stack traces reported in dmesg/syslog are like this: [ 3845.729764] BTRFS info (device dm-0): start tree-log replay [ 3845.730304] page: refcount:3 mapcount:0 mapping:000000005c8a3027 index:0x1d00 pfn:0x11510c [ 3845.731236] memcg:ffff9264c02f4e00 [ 3845.731751] aops:btree_aops [btrfs] ino:1 [ 3845.732300] flags: 0x17fffc00000400a(uptodate|private|writeback|node=0|zone=2|lastcpupid=0x1ffff) [ 3845.733346] raw: 017fffc00000400a 0000000000000000 dead000000000122 ffff9264d978aea8 [ 3845.734265] raw: 0000000000001d00 ffff92650e6d4738 00000003ffffffff ffff9264c02f4e00 [ 3845.735305] page dumped because: eb page dump [ 3845.735981] BTRFS critical (device dm-0): corrupt leaf: root=5 block=30408704 slot=6 ino=257, invalid nlink: has 2 expect no more than 1 for dir [ 3845.737786] BTRFS info (device dm-0): leaf 30408704 gen 10 total ptrs 17 free space 14881 owner 5 [ 3845.737789] BTRFS info (device dm-0): refs 4 lock_owner 0 current 30701 [ 3845.737792] item 0 key (256 INODE_ITEM 0) itemoff 16123 itemsize 160 [ 3845.737794] inode generation 3 transid 9 size 16 nbytes 16384 [ 3845.737795] block group 0 mode 40755 links 1 uid 0 gid 0 [ 3845.737797] rdev 0 sequence 2 flags 0x0 [ 3845.737798] atime 1764259517.0 [ 3845.737800] ctime 1764259517.572889464 [ 3845.737801] mtime 1764259517.572889464 [ 3845.737802] otime 1764259517.0 [ 3845.737803] item 1 key (256 INODE_REF 256) itemoff 16111 itemsize 12 [ 3845.737805] index 0 name_len 2 [ 3845.737807] item 2 key (256 DIR_ITEM 2363071922) itemoff 16077 itemsize 34 [ 3845.737808] location key (257 1 0) type 2 [ 3845.737810] transid 9 data_len 0 name_len 4 [ 3845.737811] item 3 key (256 DIR_ITEM 2676584006) itemoff 16043 itemsize 34 [ 3845.737813] location key (258 1 0) type 2 [ 3845.737814] transid 9 data_len 0 name_len 4 [ 3845.737815] item 4 key (256 DIR_INDEX 2) itemoff 16009 itemsize 34 [ 3845.737816] location key (257 1 0) type 2 [ 3845.737818] transid 9 data_len 0 name_len 4 [ 3845.737819] item 5 key (256 DIR_INDEX 3) itemoff 15975 itemsize 34 [ 3845.737820] location key (258 1 0) type 2 [ 3845.737821] transid 9 data_len 0 name_len 4 [ 3845.737822] item 6 key (257 INODE_ITEM 0) itemoff 15815 itemsize 160 [ 3845.737824] inode generation 9 transid 10 size 6 nbytes 0 [ 3845.737825] block group 0 mode 40755 links 2 uid 0 gid 0 [ 3845.737826] rdev 0 sequence 1 flags 0x0 [ 3845.737827] atime 1764259517.572889464 [ 3845.737828] ctime 1764259517.572889464 [ 3845.737830] mtime 1764259517.572889464 [ 3845.737831] otime 1764259517.572889464 [ 3845.737832] item 7 key (257 INODE_REF 256) itemoff 15801 itemsize 14 [ 3845.737833] index 2 name_len 4 [ 3845.737834] item 8 key (257 INODE_REF 258) itemoff 15787 itemsize 14 [ 3845.737836] index 2 name_len 4 [ 3845.737837] item 9 key (257 DIR_ITEM 2507850652) itemoff 15754 itemsize 33 [ 3845.737838] location key (259 1 0) type 1 [ 3845.737839] transid 10 data_len 0 name_len 3 [ 3845.737840] item 10 key (257 DIR_INDEX 2) itemoff 15721 itemsize 33 [ 3845.737842] location key (259 1 0) type 1 [ 3845.737843] transid 10 data_len 0 name_len 3 [ 3845.737844] item 11 key (258 INODE_ITEM 0) itemoff 15561 itemsize 160 [ 3845.737846] inode generation 9 transid 10 size 8 nbytes 0 [ 3845.737847] block group 0 mode 40755 links 1 uid 0 gid 0 [ 3845.737848] rdev 0 sequence 1 flags 0x0 [ 3845.737849] atime 1764259517.572889464 [ 3845.737850] ctime 1764259517.572889464 [ 3845.737851] mtime 1764259517.572889464 [ 3845.737852] otime 1764259517.572889464 [ 3845.737853] item 12 key (258 INODE_REF 256) itemoff 15547 itemsize 14 [ 3845.737855] index 3 name_len 4 [ 3845.737856] item 13 key (258 DIR_ITEM 1843588421) itemoff 15513 itemsize 34 [ 3845.737857] location key (257 1 0) type 2 [ 3845.737858] transid 10 data_len 0 name_len 4 [ 3845.737860] item 14 key (258 DIR_INDEX 2) itemoff 15479 itemsize 34 [ 3845.737861] location key (257 1 0) type 2 [ 3845.737862] transid 10 data_len 0 name_len 4 [ 3845.737863] item 15 key (259 INODE_ITEM 0) itemoff 15319 itemsize 160 [ 3845.737865] inode generation 10 transid 10 size 0 nbytes 0 [ 3845.737866] block group 0 mode 100600 links 1 uid 0 gid 0 [ 3845.737867] rdev 0 sequence 2 flags 0x0 [ 3845.737868] atime 1764259517.580874966 [ 3845.737869] ctime 1764259517.586121869 [ 3845.737870] mtime 1764259517.580874966 [ 3845.737872] otime 1764259517.580874966 [ 3845.737873] item 16 key (259 INODE_REF 257) itemoff 15306 itemsize 13 [ 3845.737874] index 2 name_len 3 [ 3845.737875] BTRFS error (device dm-0): block=30408704 write time tree block corruption detected [ 3845.739448] ------------[ cut here ]------------ [ 3845.740092] WARNING: CPU: 5 PID: 30701 at fs/btrfs/disk-io.c:335 btree_csum_one_bio+0x25a/0x270 [btrfs] [ 3845.741439] Modules linked in: btrfs dm_flakey crc32c_cryptoapi (...) [ 3845.750626] CPU: 5 UID: 0 PID: 30701 Comm: mount Tainted: G W 6.18.0-rc6-btrfs-next-218+ #1 PREEMPT(full) [ 3845.752414] Tainted: [W]=WARN [ 3845.752828] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [ 3845.754499] RIP: 0010:btree_csum_one_bio+0x25a/0x270 [btrfs] [ 3845.755460] Code: 31 f6 48 89 (...) [ 3845.758685] RSP: 0018:ffffa8d9c5677678 EFLAGS: 00010246 [ 3845.759450] RAX: 0000000000000000 RBX: ffff92650e6d4738 RCX: 0000000000000000 [ 3845.760309] RDX: 0000000000000000 RSI: ffffffff9aab45b9 RDI: ffff9264c4748000 [ 3845.761239] RBP: ffff9264d4324000 R08: 0000000000000000 R09: ffffa8d9c5677468 [ 3845.762607] R10: ffff926bdc1fffa8 R11: 0000000000000003 R12: ffffa8d9c5677680 [ 3845.764099] R13: 0000000000004000 R14: ffff9264dd624000 R15: ffff9264d978aba8 [ 3845.765094] FS: 00007f751fa5a840(0000) GS:ffff926c42a82000(0000) knlGS:0000000000000000 [ 3845.766226] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3845.766970] CR2: 0000558df1815380 CR3: 000000010ed88003 CR4: 0000000000370ef0 [ 3845.768009] Call Trace: [ 3845.768392] <TASK> [ 3845.768714] btrfs_submit_bbio+0x6ee/0x7f0 [btrfs] [ 3845.769640] ? write_one_eb+0x28e/0x340 [btrfs] [ 3845.770588] btree_write_cache_pages+0x2f0/0x550 [btrfs] [ 3845.771286] ? alloc_extent_state+0x19/0x100 [btrfs] [ 3845.771967] ? merge_next_state+0x1a/0x90 [btrfs] [ 3845.772586] ? set_extent_bit+0x233/0x8b0 [btrfs] [ 3845.773198] ? xas_load+0x9/0xc0 [ 3845.773589] ? xas_find+0x14d/0x1a0 [ 3845.773969] do_writepages+0xc6/0x160 [ 3845.774367] filemap_fdatawrite_wbc+0x48/0x60 [ 3845.775003] __filemap_fdatawrite_range+0x5b/0x80 [ 3845.775902] btrfs_write_marked_extents+0x61/0x170 [btrfs] [ 3845.776707] btrfs_write_and_wait_transaction+0x4e/0xc0 [btrfs] [ 3845.777379] ? _raw_spin_unlock_irqrestore+0x23/0x40 [ 3845.777923] btrfs_commit_transaction+0x5ea/0xd20 [btrfs] [ 3845.778551] ? _raw_spin_unlock+0x15/0x30 [ 3845.778986] ? release_extent_buffer+0x34/0x160 [btrfs] [ 3845.779659] btrfs_recover_log_trees+0x7a3/0x7c0 [btrfs] [ 3845.780416] ? __pfx_replay_one_buffer+0x10/0x10 [btrfs] [ 3845.781499] open_ctree+0x10bb/0x15f0 [btrfs] [ 3845.782194] btrfs_get_tree.cold+0xb/0x16c [btrfs] [ 3845.782764] ? fscontext_read+0x15c/0x180 [ 3845.783202] ? rw_verify_area+0x50/0x180 [ 3845.783667] vfs_get_tree+0x25/0xd0 [ 3845.784047] vfs_cmd_create+0x59/0xe0 [ 3845.784458] __do_sys_fsconfig+0x4f6/0x6b0 [ 3845.784914] do_syscall_64+0x50/0x1220 [ 3845.785340] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 3845.785980] RIP: 0033:0x7f751fc7f4aa [ 3845.786759] Code: 73 01 c3 48 (...) [ 3845.789951] RSP: 002b:00007ffcdba45dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 3845.791402] RAX: ffffffffffffffda RBX: 000055ccc8291c20 RCX: 00007f751fc7f4aa [ 3845.792688] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 3845.794308] RBP: 000055ccc8292120 R08: 0000000000000000 R09: 0000000000000000 [ 3845.795829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3845.797183] R13: 00007f751fe11580 R14: 00007f751fe1326c R15: 00007f751fdf8a23 [ 3845.798633] </TASK> [ 3845.799067] ---[ end trace 0000000000000000 ]--- [ 3845.800215] BTRFS: error (device dm-0) in btrfs_commit_transaction:2553: errno=-5 IO failure (Error while writing out transaction) [ 3845.801860] BTRFS warning (device dm-0 state E): Skipping commit of aborted transaction. [ 3845.802815] BTRFS error (device dm-0 state EA): Transaction aborted (error -5) [ 3845.803728] BTRFS: error (device dm-0 state EA) in cleanup_transaction:2036: errno=-5 IO failure [ 3845.805374] BTRFS: error (device dm-0 state EA) in btrfs_replay_log:2083: errno=-5 IO failure (Failed to recover log tree) [ 3845.807919] BTRFS error (device dm-0 state EA): open_ctree failed: -5 Fix this by never logging a conflicting inode that is a directory and was moved in the current transaction (its last_unlink_trans equals the current transaction) and instead fallback to a transaction commit. A test case for fstests will follow soon. Reported-by: Vyacheslav Kovalevsky <slva.kovalevskiy.2014(a)gmail.com> Link: https://lore.kernel.org/linux-btrfs/7bbc9419-5c56-450a-b5a0-efeae7457113@gm… CC: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index fff37c8d96a4..64c1155160a2 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -6051,6 +6051,33 @@ static int conflicting_inode_is_dir(struct btrfs_root *root, u64 ino, return ret; } +static bool can_log_conflicting_inode(const struct btrfs_trans_handle *trans, + const struct btrfs_inode *inode) +{ + if (!S_ISDIR(inode->vfs_inode.i_mode)) + return true; + + if (inode->last_unlink_trans < trans->transid) + return true; + + /* + * If this is a directory and its unlink_trans is not from a past + * transaction then we must fallback to a transaction commit in order + * to avoid getting a directory with 2 hard links after log replay. + * + * This happens if a directory A is renamed, moved from one parent + * directory to another one, a new file is created in the old parent + * directory with the old name of our directory A, the new file is + * fsynced, then we moved the new file to some other parent directory + * and fsync again the new file. This results in a log tree where we + * logged that directory A existed, with the INODE_REF item for the + * new location but without having logged its old parent inode, so + * that on log replay we add a new link for the new location but the + * old link remains, resulting in a link count of 2. + */ + return false; +} + static int add_conflicting_inode(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, @@ -6154,6 +6181,11 @@ static int add_conflicting_inode(struct btrfs_trans_handle *trans, return 0; } + if (!can_log_conflicting_inode(trans, inode)) { + btrfs_add_delayed_iput(inode); + return BTRFS_LOG_FORCE_COMMIT; + } + btrfs_add_delayed_iput(inode); ino_elem = kmalloc(sizeof(*ino_elem), GFP_NOFS); @@ -6218,6 +6250,12 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans, break; } + if (!can_log_conflicting_inode(trans, inode)) { + btrfs_add_delayed_iput(inode); + ret = BTRFS_LOG_FORCE_COMMIT; + break; + } + /* * Always log the directory, we cannot make this * conditional on need_log_inode() because the directory

2 hours, 31 minutes

2
1
0 0

[PATCH net] bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup

by Breno Leitao

When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources() which destroys the DMA pool and sets bp->hwrm_dma_pool to NULL. Subsequently, bnxt_ptp_clear() is called, which invokes ptp_clock_unregister(). Since commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events"), ptp_clock_unregister() now calls ptp_disable_all_events(), which in turn invokes the driver's .enable() callback (bnxt_ptp_enable()) to disable PTP events before completing the unregistration. bnxt_ptp_enable() attempts to send HWRM commands via bnxt_ptp_cfg_pin() and bnxt_ptp_cfg_event(), both of which call hwrm_req_init(). This function tries to allocate from bp->hwrm_dma_pool, causing a NULL pointer dereference: bnxt_en 0000:01:00.0 (unnamed net_device) (uninitialized): bnxt_init_int_mode err: ffffffed KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] Call Trace: __hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72) bnxt_ptp_enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:517) ptp_disable_all_events (drivers/ptp/ptp_chardev.c:66) ptp_clock_unregister (drivers/ptp/ptp_clock.c:518) bnxt_ptp_clear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134) bnxt_init_one (drivers/net/ethernet/broadcom/bnxt/bnxt.c:16889) Lines are against commit f8f9c1f4d0c7 ("Linux 6.19-rc3") Fix this by checking if bp->hwrm_dma_pool is NULL at the start of bnxt_ptp_enable(). During error/cleanup paths when HWRM resources have been freed, return success without attempting to send commands since the hardware is being torn down anyway. During normal operation, the DMA pool is always valid so PTP functionality is unaffected. Signed-off-by: Breno Leitao <leitao(a)debian.org> Fixes: a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events") Cc: stable(a)vger.kernel.org --- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c index a8a74f07bb54..a749bbfa398e 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c @@ -482,6 +482,13 @@ static int bnxt_ptp_enable(struct ptp_clock_info *ptp_info, int pin_id; int rc; + /* Return success if HWRM resources are not available. + * This can happen during error/cleanup paths when DMA pool has been + * freed. + */ + if (!bp->hwrm_dma_pool) + return 0; + switch (rq->type) { case PTP_CLK_REQ_EXTTS: /* Configure an External PPS IN */ --- base-commit: 80380f6ce46f38a0d1200caade2f03de4b6c1d27 change-id: 20251231-bnxt-c54d317d8bfe Best regards, -- Breno Leitao <leitao(a)debian.org>

2 hours, 42 minutes

2
1
0 0

[PATCH] mm/damon/core: remove call_control in inactive contexts

by SeongJae Park

If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping the damon_call_control object linked to the context's call_controls list. Let's suppose the object is deallocated after the damon_call(), and yet another damon_call() is executed against the same context. The function tries to add the new damon_call_control object to the call_controls list, which still has the pointer to the previous damon_call_control object, which is deallocated. As a result, use-after-free happens. This can actually be triggered using the DAMON sysfs interface. It is not easily exploitable since it requires the sysfs write permission and making a definitely weird file writes, though. Please refer to the report for more details about the issue reproduction steps. Fix the issue by making damon_call() to cleanup the damon_call_control object before returning the error. Reported-by: JaeJoon Jung <rgbi3307(a)gmail.com> Closes: https://lore.kernel.org/20251224094401.20384-1-rgbi3307@gmail.com Fixes: 42b7491af14c ("mm/damon/core: introduce damon_call()") Cc: <stable(a)vger.kernel.org> # 6.14.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/core.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index 2d3e8006db50..65482a0ce20b 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1442,6 +1442,35 @@ bool damon_is_running(struct damon_ctx *ctx) return running; } +/* + * damon_call_handle_inactive_ctx() - handle DAMON call request that added to + * an inactive context. + * @ctx: The inactive DAMON context. + * @control: Control variable of the call request. + * + * This function is called in a case that @control is added to @ctx but @ctx is + * not running (inactive). See if @ctx handled @control or not, and cleanup + * @control if it was not handled. + * + * Returns 0 if @control was handled by @ctx, negative error code otherwise. + */ +static int damon_call_handle_inactive_ctx( + struct damon_ctx *ctx, struct damon_call_control *control) +{ + struct damon_call_control *c; + + mutex_lock(&ctx->call_controls_lock); + list_for_each_entry(c, &ctx->call_controls, list) { + if (c == control) { + list_del(&control->list); + mutex_unlock(&ctx->call_controls_lock); + return -EINVAL; + } + } + mutex_unlock(&ctx->call_controls_lock); + return 0; +} + /** * damon_call() - Invoke a given function on DAMON worker thread (kdamond). * @ctx: DAMON context to call the function for. @@ -1472,7 +1501,7 @@ int damon_call(struct damon_ctx *ctx, struct damon_call_control *control) list_add_tail(&control->list, &ctx->call_controls); mutex_unlock(&ctx->call_controls_lock); if (!damon_is_running(ctx)) - return -EINVAL; + return damon_call_handle_inactive_ctx(ctx, control); if (control->repeat) return 0; wait_for_completion(&control->completion); base-commit: a100272b3541cb00a5e29fdc16e428234ebfddd1 -- 2.47.3

3 hours, 17 minutes

2
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror