Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

314 participants
124196 discussions

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.160 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pci/amlogic,axg-pcie.yaml | 134 +++++ Documentation/devicetree/bindings/pci/amlogic,meson-pcie.txt | 70 -- Documentation/driver-api/tty/tty_port.rst | 5 Documentation/filesystems/mount_api.rst | 1 Documentation/process/2.Process.rst | 6 Makefile | 2 arch/arm/boot/dts/sama5d2.dtsi | 10 arch/arm/boot/dts/sama7g5.dtsi | 4 arch/arm/include/asm/word-at-a-time.h | 10 arch/arm64/boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 arch/arm64/kvm/Makefile | 3 arch/arm64/net/bpf_jit_comp.c | 2 arch/loongarch/include/asm/pgtable.h | 4 arch/loongarch/kernel/machine_kexec.c | 24 arch/loongarch/kernel/setup.c | 8 arch/loongarch/net/bpf_jit.c | 2 arch/loongarch/pci/pci.c | 2 arch/mips/sgi-ip22/ip22-gio.c | 3 arch/parisc/kernel/asm-offsets.c | 2 arch/parisc/kernel/entry.S | 16 arch/powerpc/boot/addnote.c | 7 arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 arch/powerpc/include/asm/kfence.h | 11 arch/powerpc/kernel/entry_32.S | 10 arch/powerpc/kernel/process.c | 5 arch/powerpc/kexec/core_64.c | 19 arch/powerpc/mm/book3s32/tlb.c | 9 arch/powerpc/mm/book3s64/internal.h | 2 arch/powerpc/mm/book3s64/mmu_context.c | 2 arch/powerpc/mm/book3s64/radix_pgtable.c | 84 +++ arch/powerpc/mm/book3s64/slb.c | 88 --- arch/powerpc/mm/init-common.c | 3 arch/powerpc/mm/ptdump/hashpagetable.c | 6 arch/powerpc/platforms/pseries/cmm.c | 5 arch/riscv/kvm/vcpu_insn.c | 22 arch/s390/kernel/smp.c | 1 arch/x86/boot/compressed/pgtable_64.c | 11 arch/x86/crypto/blake2s-core.S | 4 arch/x86/entry/common.c | 72 -- arch/x86/events/amd/core.c | 7 arch/x86/events/intel/core.c | 4 arch/x86/include/asm/kvm_host.h | 46 + arch/x86/include/asm/ptrace.h | 20 arch/x86/kernel/dumpstack.c | 23 arch/x86/kvm/lapic.c | 32 - arch/x86/kvm/mmu/mmu.c | 5 arch/x86/kvm/mmu/mmu_internal.h | 12 arch/x86/kvm/mmu/paging_tmpl.h | 4 arch/x86/kvm/svm/nested.c | 6 arch/x86/kvm/svm/svm.c | 68 +- arch/x86/kvm/svm/svm.h | 7 arch/x86/kvm/vmx/nested.c | 2 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 61 +- arch/x86/mm/pat/memtype.c | 50 + arch/x86/xen/enlighten_pv.c | 69 ++ block/blk-mq.c | 103 +++ block/genhd.c | 2 crypto/af_alg.c | 5 crypto/algif_hash.c | 3 crypto/algif_rng.c | 3 crypto/asymmetric_keys/asymmetric_type.c | 14 crypto/seqiv.c | 8 drivers/acpi/acpica/nswalk.c | 9 drivers/acpi/apei/ghes.c | 16 drivers/acpi/cppc_acpi.c | 3 drivers/acpi/processor_core.c | 2 drivers/acpi/property.c | 9 drivers/amba/tegra-ahb.c | 1 drivers/base/power/runtime.c | 22 drivers/block/floppy.c | 2 drivers/block/nbd.c | 5 drivers/block/ps3disk.c | 4 drivers/block/rnbd/rnbd-clt.c | 13 drivers/block/rnbd/rnbd-clt.h | 2 drivers/bluetooth/btusb.c | 14 drivers/bus/ti-sysc.c | 11 drivers/char/applicom.c | 5 drivers/char/ipmi/ipmi_msghandler.c | 20 drivers/char/tpm/tpm-chip.c | 1 drivers/char/tpm/tpm1-cmd.c | 5 drivers/char/tpm/tpm2-cmd.c | 8 drivers/char/virtio_console.c | 2 drivers/clk/mvebu/cp110-system-controller.c | 20 drivers/clk/renesas/r9a06g032-clocks.c | 34 + drivers/clk/renesas/renesas-cpg-mssr.c | 11 drivers/comedi/comedi_fops.c | 42 + drivers/comedi/drivers/c6xdigio.c | 46 + drivers/comedi/drivers/multiq3.c | 9 drivers/comedi/drivers/pcl818.c | 5 drivers/cpufreq/cpufreq-nforce2.c | 3 drivers/cpufreq/s5pv210-cpufreq.c | 6 drivers/crypto/ccree/cc_buffer_mgr.c | 6 drivers/crypto/hisilicon/qm.c | 14 drivers/dma/idxd/init.c | 1 drivers/firewire/nosy.c | 10 drivers/firmware/arm_scmi/notify.c | 1 drivers/firmware/efi/cper-arm.c | 52 - drivers/firmware/efi/cper.c | 60 ++ drivers/firmware/efi/libstub/x86-5lvl.c | 4 drivers/firmware/imx/imx-scu-irq.c | 8 drivers/firmware/stratix10-svc.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 44 - drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 58 -- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 61 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 12 drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 8 drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 12 drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 17 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 drivers/gpu/drm/gma500/framebuffer.c | 42 - drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 - drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 drivers/gpu/drm/mediatek/mtk_dp.c | 1 drivers/gpu/drm/mgag200/mgag200_mode.c | 25 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 drivers/gpu/drm/vgem/vgem_fence.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 drivers/gpu/host1x/syncpt.c | 4 drivers/hid/hid-apple.c | 1 drivers/hid/hid-elecom.c | 6 drivers/hid/hid-ids.h | 3 drivers/hid/hid-input.c | 18 drivers/hid/hid-logitech-dj.c | 56 -- drivers/hid/hid-quirks.c | 3 drivers/hwmon/ibmpex.c | 9 drivers/hwmon/max16065.c | 7 drivers/hwmon/sy7636a-hwmon.c | 7 drivers/hwmon/tmp401.c | 2 drivers/hwmon/w83791d.c | 17 drivers/hwmon/w83l786ng.c | 26 drivers/hwtracing/coresight/coresight-etm4x-core.c | 130 +++- drivers/hwtracing/intel_th/core.c | 20 drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 drivers/i3c/master.c | 40 + drivers/i3c/master/svc-i3c-master.c | 22 drivers/iio/adc/ti_am335x_adc.c | 2 drivers/infiniband/core/addr.c | 33 - drivers/infiniband/core/cma.c | 3 drivers/infiniband/core/device.c | 5 drivers/infiniband/core/verbs.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 drivers/infiniband/hw/efa/efa_verbs.c | 4 drivers/infiniband/hw/irdma/ctrl.c | 3 drivers/infiniband/hw/irdma/pble.c | 6 drivers/infiniband/hw/irdma/utils.c | 3 drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 drivers/input/serio/i8042-acpipnpio.h | 7 drivers/input/touchscreen/ti_am335x_tsc.c | 2 drivers/interconnect/qcom/msm8996.c | 1 drivers/iommu/amd/init.c | 43 - drivers/iommu/apple-dart.c | 2 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 - drivers/iommu/arm/arm-smmu/arm-smmu.c | 12 drivers/iommu/arm/arm-smmu/qcom_iommu.c | 56 +- drivers/iommu/exynos-iommu.c | 9 drivers/iommu/ipmmu-vmsa.c | 2 drivers/iommu/mtk_iommu.c | 78 ++ drivers/iommu/mtk_iommu_v1.c | 30 - drivers/iommu/omap-iommu.c | 2 drivers/iommu/omap-iommu.h | 2 drivers/iommu/sun50i-iommu.c | 2 drivers/iommu/tegra-smmu.c | 5 drivers/irqchip/irq-bcm7038-l1.c | 8 drivers/irqchip/irq-bcm7120-l2.c | 17 drivers/irqchip/irq-brcmstb-l2.c | 12 drivers/irqchip/irq-imx-mu-msi.c | 14 drivers/irqchip/irq-mchp-eic.c | 2 drivers/irqchip/qcom-irq-combiner.c | 2 drivers/isdn/capi/capi.c | 8 drivers/leds/flash/leds-aat1290.c | 2 drivers/leds/led-class.c | 2 drivers/leds/leds-lp50xx.c | 67 +- drivers/leds/leds-netxbig.c | 36 - drivers/leds/leds-spi-byte.c | 11 drivers/macintosh/mac_hid.c | 3 drivers/md/dm-bufio.c | 10 drivers/md/dm-ebs-target.c | 2 drivers/md/dm-log-writes.c | 1 drivers/md/dm-raid.c | 2 drivers/md/md.c | 16 drivers/md/md.h | 17 drivers/md/raid5.c | 6 drivers/media/cec/core/cec-core.c | 1 drivers/media/common/videobuf2/videobuf2-dma-contig.c | 1 drivers/media/i2c/adv7604.c | 4 drivers/media/i2c/adv7842.c | 11 drivers/media/i2c/msp3400-kthreads.c | 2 drivers/media/i2c/tda1997x.c | 1 drivers/media/platform/amphion/vpu_malone.c | 35 - drivers/media/platform/amphion/vpu_v4l2.c | 28 - drivers/media/platform/amphion/vpu_v4l2.h | 18 drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_vpu.c | 4 drivers/media/platform/renesas/rcar_drif.c | 1 drivers/media/platform/samsung/exynos4-is/media-dev.c | 10 drivers/media/platform/ti/davinci/vpif_capture.c | 4 drivers/media/platform/ti/davinci/vpif_display.c | 4 drivers/media/platform/verisilicon/hantro_g2.c | 88 ++- drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 17 drivers/media/platform/verisilicon/hantro_g2_regs.h | 13 drivers/media/platform/verisilicon/hantro_g2_vp9_dec.c | 2 drivers/media/platform/verisilicon/hantro_hw.h | 1 drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 drivers/media/rc/st_rc.c | 2 drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 drivers/media/usb/dvb-usb/dtv5100.c | 5 drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 drivers/mfd/altera-sysmgr.c | 2 drivers/mfd/da9055-core.c | 1 drivers/mfd/max77620.c | 15 drivers/mfd/mt6358-irq.c | 1 drivers/mfd/mt6397-irq.c | 1 drivers/misc/vmw_balloon.c | 3 drivers/mmc/host/Kconfig | 4 drivers/mmc/host/sdhci-msm.c | 27 - drivers/mtd/lpddr/lpddr_cmds.c | 8 drivers/mtd/nand/raw/renesas-nand-controller.c | 5 drivers/net/can/usb/gs_usb.c | 2 drivers/net/dsa/b53/b53_common.c | 3 drivers/net/dsa/sja1105/sja1105_static_config.c | 6 drivers/net/ethernet/broadcom/b44.c | 3 drivers/net/ethernet/cadence/macb_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 drivers/net/ethernet/intel/e1000/e1000_main.c | 10 drivers/net/ethernet/intel/i40e/i40e.h | 15 drivers/net/ethernet/intel/i40e/i40e_client.c | 20 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 drivers/net/ethernet/intel/i40e/i40e_main.c | 15 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 10 drivers/net/ethernet/intel/i40e/i40e_txrx.h | 2 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 drivers/net/ethernet/intel/iavf/iavf_main.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 122 ++++ drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 2 drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 3 drivers/net/ethernet/mellanox/mlx5/core/main.c | 10 drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 17 drivers/net/ethernet/microchip/lan743x_main.c | 3 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/smsc/smc91x.c | 10 drivers/net/ethernet/stmicro/stmmac/chain_mode.c | 10 drivers/net/ethernet/stmicro/stmmac/common.h | 40 - drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 48 + drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 3 drivers/net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 19 drivers/net/ethernet/stmicro/stmmac/dwmac100_dma.c | 17 drivers/net/ethernet/stmicro/stmmac/dwmac4.h | 101 +++ drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 50 + drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 16 drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 201 ++++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 92 ++- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 120 ++-- drivers/net/ethernet/stmicro/stmmac/dwmac_dma.h | 22 drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 30 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 9 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_descs.c | 4 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 83 ++- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 19 drivers/net/ethernet/stmicro/stmmac/hwif.h | 172 +++--- drivers/net/ethernet/stmicro/stmmac/norm_desc.c | 15 drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 10 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 118 +++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 253 +++++++-- drivers/net/fjes/fjes_hw.c | 12 drivers/net/ipvlan/ipvlan_core.c | 3 drivers/net/mdio/mdio-aspeed.c | 7 drivers/net/phy/adin1100.c | 2 drivers/net/phy/mscc/mscc_main.c | 6 drivers/net/team/team.c | 2 drivers/net/usb/asix_common.c | 5 drivers/net/usb/rtl8150.c | 2 drivers/net/usb/sr9700.c | 4 drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/wmi.c | 7 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 drivers/net/wireless/mediatek/mt76/eeprom.c | 37 - drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 - drivers/net/wireless/st/cw1200/bh.c | 6 drivers/nfc/pn533/usb.c | 2 drivers/nvme/host/fc.c | 6 drivers/parisc/gsc.c | 4 drivers/pci/controller/dwc/pci-keystone.c | 2 drivers/pci/controller/dwc/pcie-designware.h | 2 drivers/pci/controller/pcie-brcmstb.c | 10 drivers/pci/pci-driver.c | 4 drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 drivers/pinctrl/pinctrl-single.c | 25 drivers/pinctrl/qcom/pinctrl-msm.c | 2 drivers/pinctrl/stm32/pinctrl-stm32.c | 2 drivers/platform/chrome/cros_ec_ishtp.c | 1 drivers/platform/x86/acer-wmi.c | 4 drivers/platform/x86/asus-wmi.c | 8 drivers/platform/x86/huawei-wmi.c | 4 drivers/platform/x86/ibm_rtl.c | 2 drivers/platform/x86/intel/chtwc_int33fe.c | 29 - drivers/platform/x86/intel/hid.c | 12 drivers/platform/x86/msi-laptop.c | 3 drivers/power/supply/apm_power.c | 3 drivers/power/supply/cw2015_battery.c | 8 drivers/power/supply/wm831x_power.c | 10 drivers/pwm/pwm-bcm2835.c | 28 - drivers/pwm/pwm-stm32.c | 3 drivers/regulator/core.c | 37 - drivers/remoteproc/qcom_q6v5_wcss.c | 8 drivers/rpmsg/qcom_glink_native.c | 8 drivers/rtc/rtc-gamecube.c | 4 drivers/s390/block/dasd_eckd.c | 8 drivers/s390/crypto/ap_bus.c | 8 drivers/scsi/aic94xx/aic94xx_init.c | 3 drivers/scsi/qla2xxx/qla_def.h | 1 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_isr.c | 32 - drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_mid.c | 4 drivers/scsi/qla2xxx/qla_os.c | 14 drivers/scsi/sim710.c | 2 drivers/scsi/smartpqi/smartpqi.h | 19 drivers/scsi/smartpqi/smartpqi_init.c | 264 +++++++--- drivers/scsi/stex.c | 1 drivers/soc/actions/owl-sps.c | 16 drivers/soc/amlogic/meson-canvas.c | 5 drivers/soc/imx/gpc.c | 12 drivers/soc/qcom/ocmem.c | 2 drivers/soc/qcom/smem.c | 3 drivers/soc/rockchip/pm_domains.c | 13 drivers/spi/Kconfig | 2 drivers/spi/spi-cadence-quadspi.c | 113 ++++ drivers/spi/spi-fsl-spi.c | 2 drivers/spi/spi-imx.c | 15 drivers/spi/spi-tegra210-quad.c | 22 drivers/spi/spi-xilinx.c | 2 drivers/staging/fbtft/fbtft-core.c | 4 drivers/staging/greybus/uart.c | 7 drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 drivers/target/target_core_configfs.c | 1 drivers/target/target_core_transport.c | 1 drivers/tty/serial/8250/8250_pci.c | 37 + drivers/tty/serial/atmel_serial.c | 5 drivers/tty/serial/clps711x.c | 4 drivers/tty/serial/cpm_uart/cpm_uart_core.c | 5 drivers/tty/serial/imx.c | 4 drivers/tty/serial/lantiq.c | 4 drivers/tty/serial/serial_core.c | 13 drivers/tty/serial/sprd_serial.c | 6 drivers/tty/serial/st-asc.c | 4 drivers/tty/serial/uartlite.c | 12 drivers/tty/serial/xilinx_uartps.c | 5 drivers/tty/tty_port.c | 17 drivers/ufs/core/ufshcd.c | 7 drivers/uio/uio_fsl_elbc_gpcm.c | 7 drivers/usb/class/cdc-acm.c | 7 drivers/usb/core/message.c | 2 drivers/usb/dwc2/platform.c | 16 drivers/usb/dwc3/dwc3-of-simple.c | 7 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 3 drivers/usb/gadget/udc/lpc32xx_udc.c | 20 drivers/usb/gadget/udc/tegra-xudc.c | 6 drivers/usb/host/ohci-nxp.c | 20 drivers/usb/host/xhci-dbgtty.c | 2 drivers/usb/host/xhci-hub.c | 2 drivers/usb/host/xhci-mem.c | 10 drivers/usb/host/xhci-ring.c | 8 drivers/usb/host/xhci.h | 16 drivers/usb/misc/chaoskey.c | 16 drivers/usb/phy/phy-fsl-usb.c | 1 drivers/usb/phy/phy-isp1301.c | 7 drivers/usb/phy/phy.c | 4 drivers/usb/renesas_usbhs/pipe.c | 2 drivers/usb/serial/belkin_sa.c | 28 - drivers/usb/serial/ftdi_sio.c | 72 -- drivers/usb/serial/kobil_sct.c | 18 drivers/usb/serial/option.c | 22 drivers/usb/serial/usb-serial.c | 7 drivers/usb/storage/unusual_uas.h | 2 drivers/usb/typec/ucsi/ucsi.c | 6 drivers/usb/usbip/vhci_hcd.c | 6 drivers/vhost/vsock.c | 15 drivers/video/backlight/led_bl.c | 18 drivers/video/fbdev/gbefb.c | 5 drivers/video/fbdev/pxafb.c | 12 drivers/video/fbdev/ssd1307fb.c | 4 drivers/video/fbdev/tcx.c | 2 drivers/virtio/virtio_balloon.c | 4 drivers/virtio/virtio_vdpa.c | 2 drivers/watchdog/via_wdt.c | 1 drivers/watchdog/wdat_wdt.c | 64 +- fs/bfs/inode.c | 19 fs/btrfs/ioctl.c | 4 fs/btrfs/scrub.c | 5 fs/btrfs/tree-log.c | 46 + fs/btrfs/volumes.c | 1 fs/exfat/super.c | 19 fs/ext4/ext4.h | 1 fs/ext4/ialloc.c | 1 fs/ext4/inline.c | 14 fs/ext4/inode.c | 1 fs/ext4/mballoc.c | 58 +- fs/ext4/move_extent.c | 2 fs/ext4/orphan.c | 4 fs/ext4/super.c | 70 +- fs/ext4/xattr.c | 6 fs/f2fs/data.c | 17 fs/f2fs/debug.c | 3 fs/f2fs/f2fs.h | 34 - fs/f2fs/file.c | 89 ++- fs/f2fs/inode.c | 20 fs/f2fs/namei.c | 6 fs/f2fs/recovery.c | 12 fs/f2fs/super.c | 56 +- fs/f2fs/xattr.c | 30 - fs/f2fs/xattr.h | 10 fs/fscache/main.c | 1 fs/fuse/file.c | 26 fs/gfs2/lops.c | 2 fs/gfs2/super.c | 4 fs/hfsplus/bnode.c | 4 fs/hfsplus/dir.c | 7 fs/hfsplus/inode.c | 32 + fs/jbd2/journal.c | 14 fs/jbd2/transaction.c | 21 fs/lockd/svc4proc.c | 4 fs/lockd/svclock.c | 21 fs/lockd/svcproc.c | 5 fs/locks.c | 13 fs/nfs/client.c | 21 fs/nfs/dir.c | 27 - fs/nfs/inode.c | 2 fs/nfs/internal.h | 3 fs/nfs/namespace.c | 11 fs/nfs/nfs4client.c | 18 fs/nfs/pnfs.c | 1 fs/nfs/super.c | 36 - fs/nfsd/blocklayout.c | 7 fs/nfsd/export.c | 2 fs/nfsd/nfs4state.c | 4 fs/nfsd/nfs4xdr.c | 5 fs/nfsd/vfs.c | 2 fs/nls/nls_base.c | 27 - fs/notify/fsnotify.c | 9 fs/ntfs3/frecord.c | 43 + fs/ntfs3/fsntfs.c | 9 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs_fs.h | 9 fs/ntfs3/run.c | 6 fs/ocfs2/alloc.c | 1 fs/ocfs2/move_extents.c | 8 fs/ocfs2/suballoc.c | 10 fs/smb/client/fs_context.c | 2 fs/smb/server/mgmt/tree_connect.c | 18 fs/smb/server/mgmt/tree_connect.h | 1 fs/smb/server/mgmt/user_session.c | 4 fs/smb/server/smb2pdu.c | 16 fs/smb/server/smbacl.c | 16 fs/smb/server/transport_ipc.c | 7 fs/smb/server/vfs.c | 5 fs/xfs/xfs_buf_item.c | 1 include/linux/balloon_compaction.h | 43 - include/linux/blk_types.h | 5 include/linux/compiler_types.h | 13 include/linux/cper.h | 12 include/linux/filter.h | 16 include/linux/fs_context.h | 1 include/linux/genalloc.h | 1 include/linux/hugetlb.h | 4 include/linux/ieee80211.h | 4 include/linux/if_bridge.h | 6 include/linux/kasan.h | 15 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 12 include/linux/nfs_fs_sb.h | 7 include/linux/nfs_xdr.h | 54 +- include/linux/pgtable.h | 34 + include/linux/platform_data/lp855x.h | 4 include/linux/rculist_nulls.h | 59 ++ include/linux/reset.h | 1 include/linux/sched/isolation.h | 12 include/linux/sched/topology.h | 3 include/linux/security.h | 2 include/linux/serial_core.h | 2 include/linux/stmmac.h | 20 include/linux/tpm.h | 8 include/linux/tty_port.h | 21 include/linux/virtio_config.h | 4 include/media/v4l2-mem2mem.h | 3 include/net/cfg80211.h | 70 ++ include/net/mac80211.h | 73 ++ include/net/netfilter/nf_conntrack_count.h | 17 include/net/sock.h | 13 include/net/xfrm.h | 13 include/sound/snd_wavefront.h | 4 include/uapi/linux/mptcp.h | 1 include/uapi/linux/nl80211.h | 49 + include/uapi/sound/asound.h | 2 io_uring/openclose.c | 2 io_uring/poll.c | 9 kernel/bpf/syscall.c | 3 kernel/bpf/trampoline.c | 3 kernel/cgroup/cpuset.c | 35 + kernel/dma/pool.c | 2 kernel/fork.c | 5 kernel/kallsyms.c | 5 kernel/livepatch/core.c | 8 kernel/locking/spinlock_debug.c | 4 kernel/resource.c | 95 +-- kernel/sched/core.c | 3 kernel/sched/cpudeadline.c | 34 - kernel/sched/cpudeadline.h | 4 kernel/sched/deadline.c | 8 kernel/sched/fair.c | 75 +- kernel/sched/features.h | 5 kernel/sched/sched.h | 7 kernel/sched/topology.c | 6 kernel/scs.c | 2 kernel/trace/ftrace.c | 40 + kernel/trace/trace_events.c | 2 lib/idr.c | 2 lib/vsprintf.c | 6 mm/balloon_compaction.c | 9 mm/damon/core-test.h | 88 +++ mm/damon/vaddr-test.h | 26 mm/hugetlb.c | 4 mm/kasan/common.c | 17 mm/memory.c | 10 mm/mempolicy.c | 2 mm/mprotect.c | 125 ++-- mm/mremap.c | 2 mm/vmalloc.c | 4 net/bluetooth/rfcomm/tty.c | 7 net/bridge/br_ioctl.c | 36 + net/bridge/br_private.h | 4 net/caif/cffrml.c | 9 net/ceph/osdmap.c | 116 +--- net/core/dev_ioctl.c | 16 net/core/filter.c | 9 net/core/page_pool.c | 27 - net/ethtool/ioctl.c | 134 +++-- net/hsr/hsr_forward.c | 2 net/ipv4/fib_trie.c | 7 net/ipv4/inet_hashtables.c | 8 net/ipv4/ipcomp.c | 2 net/ipv6/calipso.c | 3 net/ipv6/ip6_gre.c | 9 net/ipv6/ipcomp6.c | 2 net/ipv6/xfrm6_tunnel.c | 2 net/key/af_key.c | 2 net/mac80211/cfg.c | 70 ++ net/mac80211/chan.c | 2 net/mac80211/ieee80211_i.h | 27 - net/mac80211/mlme.c | 163 ++++++ net/mac80211/rx.c | 5 net/mac80211/tx.c | 144 +++++ net/mptcp/options.c | 10 net/mptcp/pm_netlink.c | 3 net/mptcp/protocol.c | 16 net/mptcp/protocol.h | 5 net/mptcp/subflow.c | 9 net/netfilter/ipvs/ip_vs_xmit.c | 3 net/netfilter/nf_conncount.c | 200 +++++-- net/netfilter/nft_connlimit.c | 34 - net/netfilter/nft_flow_offload.c | 9 net/netfilter/xt_connlimit.c | 14 net/netrom/nr_out.c | 4 net/nfc/core.c | 9 net/openvswitch/conntrack.c | 16 net/openvswitch/flow_netlink.c | 13 net/openvswitch/vport-netdev.c | 17 net/rose/af_rose.c | 2 net/sched/sch_cake.c | 58 +- net/sched/sch_ets.c | 6 net/sctp/socket.c | 5 net/socket.c | 19 net/sunrpc/auth_gss/svcauth_gss.c | 3 net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 net/wireless/chan.c | 69 ++ net/wireless/core.h | 5 net/wireless/nl80211.c | 162 +++++- net/wireless/nl80211.h | 3 net/wireless/rdev-ops.h | 17 net/wireless/sme.c | 14 net/wireless/trace.h | 25 net/wireless/util.c | 4 net/xfrm/xfrm_ipcomp.c | 1 net/xfrm/xfrm_state.c | 41 - net/xfrm/xfrm_user.c | 2 samples/vfs/test-statx.c | 6 samples/watch_queue/watch_test.c | 6 scripts/Makefile.modinst | 4 security/integrity/ima/ima_policy.c | 2 security/keys/trusted-keys/trusted_tpm2.c | 6 security/smack/smack_lsm.c | 41 + sound/firewire/dice/dice-extension.c | 4 sound/firewire/motu/motu-hwdep.c | 7 sound/isa/wavefront/wavefront.c | 61 +- sound/isa/wavefront/wavefront_fx.c | 36 - sound/isa/wavefront/wavefront_midi.c | 148 ++--- sound/isa/wavefront/wavefront_synth.c | 216 ++++---- sound/pci/hda/cs35l41_hda.c | 2 sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 sound/pcmcia/vx/vxpocket.c | 8 sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 sound/soc/codecs/ak4458.c | 10 sound/soc/codecs/ak5558.c | 10 sound/soc/fsl/fsl_xcvr.c | 199 +++++-- sound/soc/fsl/fsl_xcvr.h | 28 + sound/soc/intel/catpt/pcm.c | 4 sound/soc/qcom/qdsp6/q6adm.c | 146 ++--- sound/soc/qcom/qdsp6/q6apm-dai.c | 2 sound/soc/qcom/qdsp6/q6asm-dai.c | 7 sound/soc/stm/stm32_sai.c | 14 sound/soc/stm/stm32_sai_sub.c | 58 +- sound/usb/mixer_us16x08.c | 20 sound/usb/quirks.c | 6 tools/include/linux/interval_tree_generic.h | 187 +++++++ tools/include/nolibc/stdio.h | 4 tools/objtool/elf.c | 99 +-- tools/objtool/include/objtool/elf.h | 3 tools/perf/builtin-record.c | 2 tools/perf/util/symbol.c | 4 tools/testing/ktest/config-bisect.pl | 4 tools/testing/nvdimm/test/nfit.c | 7 tools/testing/radix-tree/idr-test.c | 21 tools/testing/selftests/bpf/prog_tests/perf_branches.c | 22 tools/testing/selftests/bpf/prog_tests/send_signal.c | 5 tools/testing/selftests/bpf/progs/test_perf_branches.c | 3 tools/testing/selftests/ftrace/test.d/ftrace/func_traceonoff_triggers.tc | 5 tools/testing/selftests/net/tap.c | 16 660 files changed, 8143 insertions(+), 4074 deletions(-) Abdun Nihaal (3): wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Aditya Kumar Singh (1): wifi: mac80211: fix switch count in EMA beacons Ahelenia Ziemiańska (1): power: supply: apm_power: only unset own apm_get_power_status Akhil P Oommen (1): drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Alex Deucher (1): drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Alexander Dahl (1): net: phy: adin1100: Fix software power-down ready condition Alexander Sverdlin (1): locking/spinlock/debug: Fix data-race in do_raw_write_lock Alexandru Gagniuc (1): remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Alexei Starovoitov (1): selftests/bpf: Fix failure paths in send_signal test Alexey Kodanev (1): net: stmmac: fix rx limit check in stmmac_rx_zc() Alexey Nepomnyashih (1): ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexey Simakov (3): dm-raid: fix possible NULL dereference with undefined raid type broadcom: b44: prevent uninitialized value usage hwmon: (tmp401) fix overflow caused by default conversion rate value Alexey Velichayshiy (1): gfs2: fix freeze error handling Alice C. Munduruca (1): selftests: net: fix "buffer overflow detected" for tap.c Alison Schofield (1): tools/testing/nvdimm: Use per-DIMM device handle Alok Tiwari (3): virtio_vdpa: fix misleading return in void function RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Aloka Dixit (6): wifi: cfg80211: move puncturing bitmap validation from mac80211 wifi: nl80211: validate and configure puncturing bitmap wifi: mac80211: generate EMA beacons in AP mode cfg80211: support RNR for EMA AP mac80211: support RNR for EMA AP wifi: mac80211: do not use old MBSSID elements Alvaro Gamez Machado (1): spi: xilinx: increase number of retries before declaring stall Amir Goldstein (1): fsnotify: do not generate ACCESS/MODIFY events on child for special files Amitai Gottlieb (1): firmware: arm_scmi: Fix unused notifier-block in unregister Andreas Gruenbacher (1): gfs2: Fix use of bio_chain Andres J Rosa (1): ALSA: uapi: Fix typo in asound.h comment Andrew Halaney (3): net: stmmac: Remove some unnecessary void pointers net: stmmac: Pass stmmac_priv in some callbacks net: stmmac: dwmac4: Allow platforms to specify some DMA/MTL offsets Andrew Morton (1): genalloc.h: fix htmldocs warning Andrey Vatoropin (1): scsi: target: Reset t_task_cdb pointer in error case Andy Shevchenko (6): lib/vsprintf: Check pointer before dereferencing in time_and_date() resource: Replace printk(KERN_WARNING) by pr_warn(), printk() by pr_info() resource: Reuse for_each_resource() macro resource: replace open coded resource_intersection() resource: introduce is_type_match() helper and use it nfsd: Mark variable __maybe_unused to avoid W=1 build break AngeloGioacchino Del Regno (2): iommu/qcom: Use the asid read from device-tree if specified iommu/qcom: Index contexts by asid number to allow asid 0 Anshumali Gaur (1): octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Anton Khirnov (1): platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Anurag Dutta (1): spi: cadence-quadspi: Fix clock disable on probe failure path April Grimoire (1): HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf (3): platform/x86: acer-wmi: Ignore backlight event fs/nls: Fix utf16 to utf8 conversion fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Avraham Stern (1): wifi: nl80211: add a command to enable/disable HW timestamping Azeem Shaikh (1): leds: Replace all non-returning strlcpy with strscpy Bagas Sanjaya (2): Documentation: process: Also mention Sasha Levin as stable tree maintainer net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Baochen Qiang (1): wifi: ath11k: fix peer HE MCS assignment Baokun Li (2): ext4: align max orphan file size with e2fsprogs limit fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Bart Van Assche (1): scsi: target: Do not write NUL characters into ASCII configfs output Bartosz Golaszewski (1): platform/x86: intel: chtwc_int33fe: don't dereference swnode args Bean Huo (1): scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Ben Collins (1): powerpc/addnote: Fix overflow on 32-bit builds Benjamin Berg (1): tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Bijan Tabatabai (1): mm: consider non-anon swap cache folios in folio_expected_ref_count() Brad Larson (1): spi: cadence-quadspi: Add compatible for AMD Pensando Elba SoC Brian Gerst (1): x86/xen: Move Xen upcall handler Byungchul Park (1): jbd2: use a weaker annotation in journal handling Cezary Rojewski (1): ASoC: Intel: catpt: Fix error path in hw_params() Chancel Liu (1): ASoC: fsl_xcvr: Add support for i.MX93 platform Chao Yu (7): f2fs: fix return value of f2fs_recover_fsync_data() f2fs: fix to avoid updating zero-sized extent in extent cache f2fs: remove unused GC_FAILURE_PIN f2fs: fix to avoid updating compression context during writeback f2fs: fix to propagate error from f2fs_enable_checkpoint() f2fs: use global inline_xattr_slab instead of per-sb slab cache f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Chen Changcheng (2): usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Chen Ridong (1): cpuset: Treat cpusets in attaching as populated ChenXiaoSong (1): smb/server: fix return value of smb2_ioctl() Chia-Lin Kao (AceLan) (1): platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Christian Hitz (3): leds: leds-lp50xx: Allow LED 0 to be added to module bank leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs leds: leds-lp50xx: Enable chip before any communication Christian König (1): drm/amdgpu: cleanup scheduler job initialization v2 Christoffer Sandberg (1): Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Christophe JAILLET (2): phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() ASoC: stm32: sai: Use the devm_clk_get_optional() helper Christophe Leroy (2): powerpc/32: Fix unpaired stwcx. on interrupt exit spi: fsl-cpm: Check length parity before switching to 16 bit mode Chuck Lever (2): NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap NFSD: NFSv4 file creation neglects setting ACL Colin Ian King (1): media: pvrusb2: Fix incorrect variable used in trace message Cong Zhang (2): blk-mq: Abort suspend when wakeup events are pending blk-mq: skip CPU offline notify on unmapped hctx Cryolitia PukNgae (1): ACPICA: Avoid walking the Namespace if start_node is NULL Dai Ngo (1): NFSD: use correct reservation type in nfsd4_scsi_fence_client Dan Carpenter (5): drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() block: rnbd-clt: Fix signedness bug in init_dev() wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Daniel Wagner (1): nvme-fc: don't hold rport lock when putting ctrl Daniil Tatianin (2): net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers Dapeng Mi (1): perf/x86/intel: Correct large PEBS flag check Dave Kleikamp (1): dma/pool: eliminate alloc_pages warning in atomic_pool_expand Dave Vasilevsky (1): powerpc, mm: Fix mprotect on book3s 32-bit David Hildenbrand (8): powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION mm/balloon_compaction: we cannot have isolated pages in the balloon list mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages mm: simplify folio_expected_ref_count() x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() mm: (un)track_pfn_copy() fix + doc improvements Deepakkumar Karn (1): net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Deepanshu Kartikey (5): ext4: refresh inline data size before write operations btrfs: fix memory leak of fs_devices in degraded seed device path f2fs: invalidate dentry cache on failed whiteout creation net: usb: asix: validate PHY address before use net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Denis Arefev (1): ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Dinh Nguyen (1): firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Diogo Ivo (1): usb: phy: Initialize struct usb_phy list_head Dmitry Antipov (2): ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() ocfs2: fix memory leak in ocfs2_merge_rec_left() Dmitry Baryshkov (1): interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS Dmitry Skorodumov (1): ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Don Brace (1): scsi: smartpqi: Convert to host_tagset Donet Tom (1): powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dongli Zhang (1): KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit Doug Berger (1): sched/deadline: only set free_cpus for online runqueues Duoming Zhou (4): usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal media: TDA1997x: Remove redundant cancel_delayed_work in probe media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Edward Adam Davis (3): ntfs3: init run lock for extend inode fs/ntfs3: out1 also needs to put mi fs/ntfs3: Prevent memory leaks in add sub record Encrow Thorne (1): reset: fix BIT macro reference Eric Biggers (1): lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Eric Dumazet (1): ip6_gre: make ip6gre_header() robust Ethan Nelson-Moore (1): net: usb: sr9700: fix incorrect command used to write single register Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FE910C04 new compositions USB: serial: option: move Telit 0x10c7 composition in the right place Fangyu Yu (1): RISC-V: KVM: Fix guest page fault within HLV* instructions Fedor Pchelkin (1): ext4: fix string copying in parse_apply_sb_mount_options() Fernando Fernandez Mancera (3): netfilter: nf_conncount: rework API to use sk_buff directly netfilter: nft_connlimit: update the count if add was skipped netfilter: nf_conncount: fix leaked ct in error paths Filipe Manana (2): btrfs: do not skip logging new dentries when logging a new name btrfs: don't log conflicting inode if it's a dir moved in the current transaction Frank Li (1): i3c: fix refcount inconsistency in i3c_master_register Frederic Weisbecker (1): sched/isolation: add cpu_is_isolated() API Gabor Juhos (1): regulator: core: disable supply if enabling main regulator fails Gabriel Krisman Bertazi (1): ext4: fix error message when rejecting the default hash Gal Pressman (1): ethtool: Avoid overflowing userspace buffer on stats query George Kennedy (1): perf/x86/amd: Check event before enable to avoid GPF Gongwei Li (1): Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Gopi Krishna Menon (1): usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Greg Kroah-Hartman (2): Revert "iommu/amd: Skip enabling command/event buffers for kdump" Linux 6.1.160 Gregory Herrero (1): i40e: validate ring_len parameter against hardware-specific values Guangshuo Li (1): e1000: fix OOB in e1000_tbi_should_accept() Gui-Dong Han (3): hwmon: (max16065) Use local variable to avoid TOCTOU hwmon: (w83791d) Convert macros to functions to avoid TOCTOU hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Guido Günther (1): drm/panel: visionox-rm69299: Don't clear all mode flags H. Peter Anvin (1): compiler_types.h: add "auto" as a macro for "__auto_type" Haibo Chen (1): ext4: clear i_state_flags when alloc inode Hans de Goede (2): wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet HID: logitech-dj: Remove duplicate error logging Haotian Zhang (23): soc: qcom: smem: fix hwspinlock resource leak in probe error paths pinctrl: stm32: fix hwspinlock resource leak in probe function mfd: da9055: Fix missing regmap_del_irq_chip() in error path scsi: stex: Fix reboot_notifier leak in probe error path clk: renesas: r9a06g032: Fix memory leak in error path ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls leds: netxbig: Fix GPIO descriptor leak in error paths watchdog: wdat_wdt: Fix ACPI table leak in probe function mfd: mt6397-irq: Fix missing irq_domain_remove() in error path mfd: mt6358-irq: Fix missing irq_domain_remove() in error path crypto: ccree - Correctly handle return of sg_nents_for_len hwmon: sy7636a: Fix regulator_enable resource leak on error path mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors pinctrl: single: Fix incorrect type for error return variable ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() rtc: gamecube: Check the return value of ioremap() dm log-writes: Add missing set_freezable() for freezable kthread ALSA: vxpocket: Fix resource leak in vxpocket_probe error path ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path media: rc: st_rc: Fix reset control resource leak media: cec: Fix debugfs leak on bus_register() failure media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Haotien Hsu (1): usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Haoxiang Li (6): MIPS: Fix a reference leak bug in ip22_check_gio() usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() xfs: fix a memory leak in xfs_buf_item_init() fjes: Add missing iounmap in fjes_hw_init() nfsd: Drop the client reference in client_states_open() media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Hari Bathini (1): powerpc/64s/radix/kfence: map __kfence_pool at page granularity Heiko Carstens (2): s390/smp: Fix fallback CPU detection s390/ap: Don't leak debug feature files if AP instructions are not available Helge Deller (1): parisc: Do not reprogram affinitiy on ASP chip Hengqi Chen (1): LoongArch: BPF: Zero-extend bpf_tail_call() index Herbert Xu (1): crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Herve Codina (1): soc: renesas: r9a06g032-sysctrl: Handle h2mode setting based on USBF presence Honggang LI (1): RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Hongyu Xie (1): usb: xhci: limit run_graceperiod for only usb 3.0 devices Horatiu Vultur (1): phy: mscc: Fix PTP for VSC8574 and VSC8572 Huacai Chen (3): LoongArch: Mask all interrupts during kexec/kdump LoongArch: Add machine_kexec_mask_interrupts() implementation LoongArch: Add new PCI ID for pci_fixup_vgadev() Hugh Dickins (1): mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() Ian Abbott (1): comedi: c6xdigio: Fix invalid PNP driver unregistration Ian Forbes (1): drm/vmwgfx: Use kref in vmw_bo_dirty Ido Schimmel (3): mlxsw: spectrum_router: Fix neighbour use-after-free mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats ipv4: Fix reference count leak when using error routes with nexthop objects Ilias Stamatis (1): Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Ilya Dryomov (1): libceph: make decode_pool() more resilient against corrupted osdmaps Ilya Maximets (1): net: openvswitch: fix middle attribute validation in push_nsh() action Ivan Abramov (4): power: supply: cw2015: Check devm_delayed_work_autocancel() return code power: supply: wm831x: Check wm831x_set_bits() return value media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Ivan Stepchenko (1): mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Ivan Vecera (2): i40e: Refactor argument of several client notification functions i40e: Refactor argument of i40e_detect_recover_hung() Jacky Chou (1): net: mdio: aspeed: add dummy read to avoid read-after-write issue Jaegeuk Kim (2): f2fs: keep POSIX_FADV_NOREUSE ranges f2fs: drop inode from the donation list when the last file is closed Jamal Hadi Salim (1): net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Jang Ingyu (1): RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Janusz Krzysztofik (1): drm/vgem-fence: Fix potential deadlock on release Jared Kangas (1): mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Jarkko Nikula (1): i3c: master: Inherit DMA masks and parameters from parent device Jarkko Sakkinen (2): KEYS: trusted: Fix a memory leak in tpm2_load_cmd tpm: Cap the number of PCR banks Jason Gunthorpe (2): RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly RDMA/cm: Fix leaking the multicast GID table reference Jason Yan (1): ext4: factor out ext4_hash_info_init() Jay Liu (1): drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Jens Axboe (1): io_uring/poll: correctly handle io_poll_add() return value on update Jeongjun Park (2): media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() media: vidtv: initialize local pointers upon transfer of memory ownership Jeremy Kerr (1): i3c: Allow OF-alias-based persistent bus numbering Jia Ston (1): platform/x86: huawei-wmi: add keys for HONOR models Jian Shen (3): net: hns3: using the num_tqps in the vf driver to apply for resources net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx net: hns3: add VLAN id validation before using Jianglei Nie (1): staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Jim Mattson (2): KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Jim Quinlan (1): PCI: brcmstb: Fix disabling L0s capability Jinhui Guo (3): ipmi: Fix the race between __scan_channels() and deliver_response() ipmi: Fix __scan_channels() failing to rescan channels iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Jiri Pirko (1): team: fix check for port enabled in team_queue_override_port_prio_changed() Jiri Slaby (SUSE) (2): tty: introduce and use tty_port_tty_vhangup() helper tty: fix tty_port_tty_*hangup() kernel-doc Jisheng Zhang (5): usb: dwc2: disable platform lowlevel hw resources during shutdown usb: dwc2: fix hang during shutdown if set as peripheral usb: dwc2: fix hang during suspend if set as peripheral net: stmmac: use per-queue 64 bit statistics where necessary net: stmmac: fix incorrect rxq|txq_stats reference Joanne Koong (1): fuse: fix readahead reclaim deadlock Johan Hovold (32): USB: serial: ftdi_sio: match on interface number for jtag USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC irqchip/irq-bcm7038-l1: Fix section mismatch irqchip/irq-bcm7120-l2: Fix section mismatch irqchip/irq-brcmstb-l2: Fix section mismatch irqchip/imx-mu-msi: Fix section mismatch irqchip/qcom-irq-combiner: Fix section mismatch phy: broadcom: bcm63xx-usbh: fix section mismatches usb: phy: isp1301: fix non-OF device reference imbalance amba: tegra-ahb: Fix device leak on SMMU enable soc: qcom: ocmem: fix device leak on lookup soc: amlogic: canvas: fix device leak on lookup ASoC: stm32: sai: fix device leak on probe iommu/apple-dart: fix device leak on of_xlate() iommu/exynos: fix device leak on of_xlate() iommu/ipmmu-vmsa: fix device leak on of_xlate() iommu/mediatek-v1: fix device leak on probe_device() iommu/mediatek: fix device leak on of_xlate() iommu/omap: fix device leaks on probe_device() iommu/sun50i: fix device leak on of_xlate() iommu/tegra: fix device leak on probe_device() mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup media: vpif_capture: fix section mismatch media: vpif_display: fix section mismatch usb: ohci-nxp: fix device leak on probe failure iommu/mediatek: fix use-after-free on probe deferral iommu/mediatek-v1: fix device leaks on probe() ASoC: stm32: sai: fix clk prepare imbalance on probe failure ASoC: stm32: sai: fix OF node leak on probe iommu/qcom: fix device leak on of_xlate() usb: gadget: lpc32xx_udc: fix clock imbalance in error path Johannes Berg (2): wifi: mac80211: mlme: handle EHT channel puncturing wifi: nl80211: fix puncturing bitmap policy Jonas Gorski (1): net: dsa: b53: skip multicast entries for fdb_dump() Jonathan Curley (1): NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Jose Fernandez (1): bpf: Improve program stats run-time calculation Josef Bacik (1): btrfs: don't rewrite ret from inode_permission Josh Poimboeuf (1): objtool: Fix weak symbol detection Joshua Rogers (2): svcrdma: return 0 on success from svc_rdma_copy_inline_range SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf Josua Mayer (1): clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Jouni Malinen (1): wifi: mac80211: Discard Beacon frames to non-broadcast address Juergen Gross (1): x86/xen: Fix sparse warning in enlighten_pv.c Junjie Cao (1): Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Junrui Luo (9): ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events ALSA: firewire-motu: add bounds check in put_user loop for DSP events ALSA: dice: fix buffer overflow in detect_stream_formats() caif: fix integer underflow in cffrml_receive() hwmon: (ibmpex) fix use-after-free in high/low store scsi: aic94xx: fix use-after-free in device removal path platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic ALSA: wavefront: Clear substream pointers on close ALSA: wavefront: Fix integer overflow in sample size validation Justin Stitt (1): KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning Kalesh AP (1): RDMA/bnxt_re: Fix to use correct page size for PDE table Karina Yankevich (1): ext4: xattr: fix null pointer deref in ext4_raw_inode() Kemeng Shi (1): ext4: remove unused return value of __mb_check_buddy Kevin Barnett (1): scsi: smartpqi: Add abort handler Kohei Enju (1): iavf: fix off-by-one issues in iavf_config_rss_reg() Konstantin Andreev (1): smack: fix bug: unprivileged task can create labels Konstantin Komarov (2): fs/ntfs3: Support timestamps prior to epoch fs/ntfs3: fix mount failure for sparse runs in run_unpack() Krzysztof Czurylo (2): RDMA/irdma: Fix data race in irdma_sc_ccq_arm RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Kozlowski (1): mfd: max77620: Fix potential IRQ chip conflict when probing two devices Krzysztof Niemiec (1): drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Kuniyuki Iwashima (2): sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Laurent Pinchart (2): media: v4l2-mem2mem: Fix outdated documentation media: amphion: Make some vpu_v4l2 functions static Leo Yan (3): coresight: etm4x: Correct polling IDLE bit coresight: etm4x: Extract the trace unit controlling coresight: etm4x: Add context synchronization before enabling trace Li Chen (1): block: rate-limit capacity change info log Li Qiang (2): uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe via_wdt: fix critical boot hang due to unnamed resource allocation Linus Torvalds (1): samples: work around glibc redefining some of our defines wrong Liyuan Pang (1): ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Lizhi Xu (2): usbip: Fix locking bug in RT-enabled kernels ext4: filesystems without casefold feature cannot be mounted with siphash Long Li (1): macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Luca Ceresoli (1): backlight: led-bl: Add devlink to supplier LEDs Lukas Wunner (1): PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Lushih Hsieh (1): ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Lyude Paul (1): drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Ma Ke (4): RDMA/rtrs: server: Fix error handling in get_or_create_srv USB: lpc32xx_udc: Fix error handling in probe intel_th: Fix error handling in intel_th_output_open i2c: amd-mp2: fix reference leak in MP2 PCI device Ma Wupeng (1): x86/mm/pat: clear VM_PAT if copy_p4d_range failed Maciej Wieczor-Retman (1): kasan: refactor pcpu kasan vmalloc unpoison Magne Bruno (1): serial: add support of CPCI cards Mahesh Rao (1): firmware: stratix10-svc: Add mutex in stratix10 memory management Mainak Sen (1): gpu: host1x: Fix race in syncpt alloc/free Manivannan Sadhasivam (1): dt-bindings: PCI: amlogic: Fix the register name of the DBI region Mans Rullgard (1): backlight: led_bl: Take led_access lock when required Marc Kleine-Budde (1): can: gs_usb: gs_can_open(): fix error handling Marek Szyprowski (1): media: samsung: exynos4-is: fix potential ABBA deadlock on init Marek Vasut (1): clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback Mark Pearson (1): usb: typec: ucsi: Handle incorrect num_connectors capability Martin KaFai Lau (1): bpf: Check skb->transport_header is set in bpf_skb_check_mtu Martin Nybo Andersen (1): kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules Matt Bobrowski (2): selftests/bpf: skip test_perf_branches_hw() on unsupported platforms selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matthew Wilcox (Oracle) (2): ntfs: Do not overwrite uptodate pages idr: fix idr_alloc() returning an ID out of range Matthias Schiffer (1): ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Matthieu Baerts (NGI0) (1): mptcp: pm: ignore unknown endpoint flags Matthijs Kooijman (1): pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling Mauro Carvalho Chehab (3): efi/cper: Add a new helper function to print bitmasks efi/cper: Adjust infopfx size to accept an extra space efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Maxim Levitsky (1): KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Maximilian Immanuel Brandtner (1): virtio_console: fix order of fields cols and rows Miaoqian Lin (4): usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe cpufreq: nforce2: fix reference count leak in nforce2 media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Michael Margolin (1): RDMA/efa: Remove possible negative shift Michael S. Tsirkin (2): virtio: fix typo in virtio_device_ready() comment virtio: fix virtqueue_set_affinity() docs Michal Pecio (1): usb: xhci: Apply the link chain quirk on NEC isoc endpoints Michal Schmidt (1): RDMA/irdma: avoid invalid read in irdma_net_event Mike McGowen (2): scsi: smartpqi: Remove contention for raid_bypass_cnt scsi: smartpqi: Fix device resources accessed after device removal Mikhail Malyshev (1): kbuild: Use objtree for module signing key path Mikulas Patocka (1): dm-bufio: align write boundary on physical block size Ming Lei (3): blk-mq: don't schedule block kworker on isolated CPUs blk-mq: add helper for checking if one CPU is mapped to specified hctx blk-mq: setup queue ->tag_set before initializing hctx Ming Qian (3): media: amphion: Cancel message work before releasing the VPU core media: amphion: Add a frame flush mode for decoder media: amphion: Remove vpu_vb_is_codecconfig Moshe Shemesh (2): net/mlx5: fw reset, clear reset requested on drain_fw_reset net/mlx5: Drain firmware reset in shutdown callback Namhyung Kim (1): perf tools: Fix split kallsyms DSO counting Namjae Jeon (4): ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ksmbd: Fix refcount leak when invalid session is found on session lookup ksmbd: fix buffer validation by including null terminator size in EA length ksmbd: fix out-of-bounds in parse_sec_desc() Naoki Ueki (1): HID: elecom: Add support for ELECOM M-XT3URBK (018F) Navaneeth K (3): staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Neil Armstrong (1): dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema NeilBrown (1): lockd: fix vfs_test_lock() calls Nicolas Dufresne (2): media: verisilicon: Protect G2 HEVC decoder against invalid DPB index media: verisilicon: Fix CPU stalls on G2 bus error Nicolas Ferre (2): ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Nikita Zhandarovich (3): comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() comedi: multiq3: sanitize config options in multiq3_attach() comedi: check device's attached status in compat ioctls Niklas Neronin (1): usb: xhci: move link chain bit quirk checks into one helper function. Nysal Jan K.A. (1): powerpc/kexec: Enable SMT before waking offline CPUs Oliver Neukum (1): usb: chaoskey: fix locking for O_NONBLOCK Omar Sandoval (1): KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Ondrej Mosnacek (2): fs_context: drop the unused lsm_flags member bpf, arm64: Do not audit capability check in do_jit() Pablo Neira Ayuso (1): netfilter: flowtable: check for maximum number of encapsulations in bridge vlan Paolo Abeni (2): mptcp: avoid deadlock on fallback while reinjecting mptcp: fallback earlier on simult connection Parav Pandit (1): net/mlx5: Create a new profile for SFs Pei Xiao (1): iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Peng Fan (2): firmware: imx: scu-irq: fix OF node leak in firmware: imx: scu-irq: Init workqueue before request mbox channel Pengjie Zhang (1): ACPI: CPPC: Fix missing PCC check for guaranteed_perf Peter Xu (1): mm/mprotect: use long for page accountings and retval Peter Zijlstra (6): objtool: Fix find_{symbol,func}_containing() sched/fair: Revert max_newidle_lb_cost bump x86/ptrace: Always inline trivial accessors sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance Petr Tesarik (1): net: stmmac: fix ethtool per-queue statistics Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Ping Cheng (1): HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Praveen Talari (1): pinctrl: qcom: msm: Fix deadlock in pinmux configuration Prithvi Tambewagh (2): ocfs2: fix kernel BUG in ocfs2_find_victim_chain io_uring: fix filename leak in __io_openat_prep() Przemyslaw Korba (1): i40e: fix scheduling in set_rx_mode Pu Lehui (1): bpf: Fix invalid prog->stats access when update_effective_progs fails Pwnverse (1): net: rose: fix invalid array index in rose_kill_by_device() Qianchang Zhao (2): ksmbd: ipc: fix use-after-free in ipc_msg_send_request ksmbd: skip lock-range check on equal size to avoid size==0 underflow Qiang Ma (1): LoongArch: Correct the calculation logic of thread_count Qu Wenruo (1): btrfs: scrub: always update btrfs_scrub_progress::last_physical Rafael J. Wysocki (1): PM: runtime: Do not clear needs_force_resume with enabled runtime PM Randy Dunlap (1): backlight: lp855x: Fix lp855x.h kernel-doc warnings Raphael Pinsonneault-Thibeault (2): ntfs3: fix uninit memory after failed mi_read in mi_format_new Bluetooth: btusb: revert use of devm_kzalloc in btusb Rene Rebe (3): ps3disk: use memcpy_{from,to}_bvec index floppy: fix for PAGE_SIZE != 4KB fbdev: gbefb: fix to use physical address instead of dma address René Rebe (4): ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 r8169: fix RTL8117 Wake-on-Lan in DASH mode fbdev: tcx.c fix mem_map to correct smem_start offset drm/mgag200: Fix big-endian support Revanth Kumar Uppala (1): net: stmmac: Power up SERDES after the PHY link Ria Thomas (1): wifi: ieee80211: correct FILS status codes Ritesh Harjani (IBM) (1): powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Rob Herring (1): pmdomain: Use device_get_match_data() Robin Gong (1): spi: imx: keep dma request disabled before dma transfer setup Sabrina Dubroca (4): xfrm: delete x->tunnel as we delete x Revert "xfrm: destroy xfrm_state synchronously on net exit path" xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added xfrm: flush all states in xfrm_state_fini Sakari Ailus (1): ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Sarthak Garg (1): mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Sean Christopherson (4): KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits KVM: x86/mmu: Use EMULTYPE flag to track write #PFs to shadow pages Sean Nyekjaer (1): pwm: stm32: Always program polarity SeongJae Park (11): mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() mm/damon/tests/core-kunit: handle memory failure from damon_test_target() mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() Sergey Bashirov (1): NFSD/blocklayout: Fix minlength check in proc_layoutget Seunghwan Baek (1): scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Seungjin Bae (2): USB: Fix descriptor count when handling invalid MBIM extended descriptor wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Shaurya Rane (1): net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Shawn Lin (1): PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Shay Drory (3): net/mlx5: fw_tracer, Add support for unrecognized string net/mlx5: fw_tracer, Validate format string parameters net/mlx5: fw_tracer, Handle escaped percent properly Shengjiu Wang (5): ASoC: fsl_xcvr: Add Counter registers ASoC: fsl_xcvr: clear the channel status control memory ASoC: ak4458: Disable regulator when error happens ASoC: ak5558: Disable regulator when error happens ASoC: fsl_xcvr: get channel status data when PHY is not exists Shipei Qu (1): ALSA: usb-mixer: us16x08: validate meter packet indices Shivani Agarwal (1): crypto: af_alg - zero initialize memory allocated via sock_kmalloc Shuai Xue (1): perf record: skip synthesize event when open evsel failed Shuhao Fu (1): cpufreq: s5pv210: fix refcount leak Siddharth Vadapalli (2): PCI: keystone: Exit ks_pcie_probe() for invalid mode arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Sidharth Seela (1): ntfs3: Fix uninit buffer allocated by __getname() Simon Richter (1): drm/ttm: Avoid NULL pointer deref for evicted BOs Slark Xiao (1): USB: serial: option: add Foxconn T99W760 Slavin Liu (1): ipvs: fix ipv4 null-ptr-deref in route error path Song Liu (2): ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() livepatch: Match old_sympos 0 and 1 in klp_find_func() Song Yoong Siang (1): net: stmmac: introduce wrapper for struct xdp_buff Srinivas Kandagatla (5): rpmsg: glink: fix rpmsg device leak ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr ASoC: qcom: q6asm-dai: perform correct state check before closing ASoC: qcom: q6adm: the the copp device only during last instance ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Stanley Chu (1): i3c: master: svc: Prevent incomplete IBI transaction Stefan Haberland (1): s390/dasd: Fix gendisk parent after copy pair swap Stefan Kalscheuer (1): leds: spi-byte: Use devm_led_classdev_register_ext() Stefano Garzarella (1): vhost/vsock: improve RCU read sections around vhost_vsock_get() Stephan Gerhold (1): iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Steven Rostedt (2): ktest.pl: Fix uninitialized var in config-bisect.pl tracing: Do not register unsupported perf events Su Hui (1): net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Sven Eckelmann (Plasma Cloud) (1): wifi: mt76: Fix DTS power-limits on little endian systems Sven Schnelle (2): parisc: entry.S: fix space adjustment on interruption for 64-bit userspace parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Takashi Iwai (2): ALSA: wavefront: Use guard() for spin locks ALSA: wavefront: Use standard print API Tengda Wu (1): x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Teoh Ji Sheng (1): net: stmmac: xgmac: add ethtool per-queue irq statistic support Tetsuo Handa (2): bfs: Reconstruct file type when loading from disk hfsplus: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Thangaraj Samynathan (1): net: lan743x: Allocate rings outside ZONE_DMA Thomas Fourier (4): block: rnbd-clt: Fix leaked ID in init_dev() platform/x86: msi-laptop: add missing sysfs_remove_group() firewire: nosy: Fix dma_free_coherent() size RDMA/bnxt_re: fix dma_free_coherent() pointer Thomas Zimmermann (1): drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Thorsten Blum (2): crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Tianchu Chen (1): char: applicom: fix NULL pointer dereference in ac_ioctl Tim Harvey (1): arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl Toke Høiland-Jørgensen (1): net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Tony Battersby (4): scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive scsi: qla2xxx: Use reinit_completion on mbx_intr_comp scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Trond Myklebust (9): NFS: Avoid changing nlink when file removes and attribute updates race NFS: Initialise verifiers for visible dentries in readdir and lookup NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Revert "nfs: ignore SB_RDONLY when remounting nfs" Revert "nfs: clear SB_RDONLY before getting superblock" Revert "nfs: ignore SB_RDONLY when mounting nfs" NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Expand the type of nfs_fattr->valid NFS: Fix inheritance of the block sizes when automounting Tzung-Bi Shih (1): platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Udipto Goswami (1): usb: dwc3: keep susphy enabled during exit to avoid controller faults Uladzislau Rezki (Sony) (1): dm-ebs: Mark full buffer dirty even on partial write Usama Arif (2): x86/boot: Fix page table access in 5-level to 4-level paging transition efi/libstub: Fix page table access in 5-level to 4-level paging transition Uwe Kleine-König (6): pwm: bcm2835: Make sure the channel is enabled after pwm_request() iommu/mtk_iommu_v1: Convert to platform remove callback returning void ASoC: stm: stm32_sai_sub: Convert to platform remove callback returning void serial: Make uart_remove_one_port() return void iommu/arm-smmu: Drop if with an always false condition iommu/arm-smmu: Convert to platform remove callback returning void Viacheslav Dubeyko (2): hfsplus: fix volume corruption issue for generic/070 hfsplus: fix volume corruption issue for generic/073 Victor Nogueira (1): net/sched: ets: Remove drr class from the active list if it changes to strict Vinayak Yadawad (1): cfg80211: Update Transition Disable policy during port authorization Vishwaroop A (1): spi: tegra210-quad: Fix timeout handling Vladimir Oltean (1): net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Wang Liang (1): netrom: Fix memory leak in nr_sendmsg() WangYuli (1): LoongArch: Use __pmd()/__pte() for swap entry conversions Wei Fang (1): net: stmmac: fix the crash issue for zero copy XDP_TX action Wenhua Lin (1): serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Wentao Liang (1): pmdomain: imx: Fix reference count leak in imx_gpc_probe() Will Rosenberg (1): ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() William Qiu (2): spi: cadence-quadspi: Add support for StarFive JH7110 QSPI spi: cadence-quadspi: Add clock configuration for StarFive JH7110 QSPI Xiang Mei (1): net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Xiaolei Wang (1): net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Xuanqiang Luo (2): rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() inet: Avoid ehash lookup race in inet_ehash_insert() Yang Chenzhi (1): hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Yang Yingliang (1): spi: cadence-quadspi: add missing clk_disable_unprepare() in cqspi_probe() Ye Bin (2): jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted jbd2: fix the inconsistency between checksum and data in memory for journal sb Yeoreum Yun (1): smc91x: fix broken irq-context in PREEMPT_RT Yi Sun (1): dmaengine: idxd: Remove improper idxd_free Yipeng Zou (1): selftests/ftrace: traceonoff_triggers: strip off names Yiqi Sun (1): smb: fix invalid username check in smb3_fs_context_parse_param() Yong Wu (1): iommu/mediatek: Improve safety for mediatek,smi property in larb nodes Yongjian Sun (2): ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation ext4: fix incorrect group number assertion in mb_check_buddy Yosry Ahmed (2): KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation Yu Kuai (2): md: export md_is_rdwr() and is_md_suspended() md/raid5: fix IO hang when array is broken with IO inflight Yuezhang Mo (1): exfat: fix remount failure in different process environments Zack Rusin (1): drm/vmwgfx: Fix a null-ptr access in the cursor snooper Zhang Yi (1): ext4: correct the checking of quota files before moving extents Zhang Zekun (1): usb: ohci-nxp: Use helper function devm_clk_get_enabled() Zhao Yipeng (1): ima: Handle error code returned by ima_filter_rule_match() Zheng Qixing (2): nbd: defer config put in recv_work nbd: defer config unlock in nbd_genl_connect Zheng Yejian (1): kallsyms: Fix wrong "big" kernel symbol type read from procfs Zhichi Lin (1): scs: fix a wrong parameter in __scs_magic Zhu Yanjun (1): RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Zilin Guan (1): mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() fuqiang wang (2): KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer nieweiqiang (1): crypto: hisilicon/qm - restore original qos values shechenglong (1): block: fix comment for op_is_zone_mgmt() to include RESET_ALL sparkhuang (1): regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Łukasz Bartosik (1): xhci: dbgtty: fix device unregister: fixup

1 day, 7 hours

[PATCH v2] serial: 8250_pci: Fix broken RS485 for F81504/508/512

by Marnix Rijnart

v1: https://patch.msgid.link/20250923221756.26770-1-marnix.rijnart@iwell.eu Changes: * Added fixes tags * Cc stable Commit 4afeced ("serial: core: fix sanitizing check for RTS settings") introduced a regression making it impossible to unset SER_RS485_RTS_ON_SEND from userspace if SER_RS485_RTS_AFTER_SEND is unsupported. Because these devices need RTS to be low on TX (fecf27a) they are effectively broken. The hardware supports both RTS_ON_SEND and RTS_AFTER_SEND, so fix this by announcing support for SER_RS485_RTS_AFTER_SEND, similar to commit 068d35a. Fixes: 4afeced55baa ("serial: core: fix sanitizing check for RTS settings") Fixes: fecf27a373f5 ("serial: 8250_pci: add RS485 for F81504/508/512") Cc: stable(a)vger.kernel.org Signed-off-by: Marnix Rijnart <marnix.rijnart(a)iwell.eu> --- drivers/tty/serial/8250/8250_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c index 152f914c599d..a9da222bd174 100644 --- a/drivers/tty/serial/8250/8250_pci.c +++ b/drivers/tty/serial/8250/8250_pci.c @@ -1645,7 +1645,7 @@ static int pci_fintek_rs485_config(struct uart_port *port, struct ktermios *term } static const struct serial_rs485 pci_fintek_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND, /* F81504/508/512 does not support RTS delay before or after send */ }; -- 2.52.0

1 day, 8 hours

[PATCH 6.18.y] ublk: reorder tag_set initialization before queue allocation

by Ming Lei

[ Upstream commit 011af85ccd871526df36988c7ff20ca375fb804d ] Upstream commit 529d4d632788 ("ublk: implement NUMA-aware memory allocation") is ported to linux-6.18.y, but it depends on commit 011af85ccd87 ("ublk: reorder tag_set initialization before queue allocation"). kernel panic is reported on 6.18.y: https://github.com/ublk-org/ublksrv/issues/174 Move ublk_add_tag_set() before ublk_init_queues() in the device initialization path. This allows us to use the blk-mq CPU-to-queue mapping established by the tag_set to determine the appropriate NUMA node for each queue allocation. The error handling paths are also reordered accordingly. Reviewed-by: Caleb Sander Mateos <csander(a)purestorage.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 23aba73d24dc..babb58d2dcaf 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -3280,17 +3280,17 @@ static int ublk_ctrl_add_dev(const struct ublksrv_ctrl_cmd *header) ub->dev_info.nr_hw_queues, nr_cpu_ids); ublk_align_max_io_size(ub); - ret = ublk_init_queues(ub); + ret = ublk_add_tag_set(ub); if (ret) goto out_free_dev_number; - ret = ublk_add_tag_set(ub); + ret = ublk_init_queues(ub); if (ret) - goto out_deinit_queues; + goto out_free_tag_set; ret = -EFAULT; if (copy_to_user(argp, &ub->dev_info, sizeof(info))) - goto out_free_tag_set; + goto out_deinit_queues; /* * Add the char dev so that ublksrv daemon can be setup. @@ -3299,10 +3299,10 @@ static int ublk_ctrl_add_dev(const struct ublksrv_ctrl_cmd *header) ret = ublk_add_chdev(ub); goto out_unlock; -out_free_tag_set: - blk_mq_free_tag_set(&ub->tag_set); out_deinit_queues: ublk_deinit_queues(ub); +out_free_tag_set: + blk_mq_free_tag_set(&ub->tag_set); out_free_dev_number: ublk_free_dev_number(ub); out_free_ub: -- 2.47.0

1 day, 8 hours

[PATCH v2] iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source

by Miaoqian Lin

When simple_write_to_buffer() succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null termination instead of the actual bytes copied. If count exceeds the buffer size, this leads to out-of-bounds write. Add a check for the count and use the return value as the index. The bug was validated using a demo module that mirrors the original code and was tested under QEMU. Pattern of the bug: - A fixed 64-byte stack buffer is filled using count. - If count > 64, the code still does buf[count] = '\0', causing an - out-of-bounds write on the stack. Steps for reproduce: - Opens the device node. - Writes 128 bytes of A to it. - This overflows the 64-byte stack buffer and KASAN reports the OOB. Found via static analysis. This is similar to the commit da9374819eb3 ("iio: backend: fix out-of-bound write") Fixes: b1c5d68ea66e ("iio: dac: ad3552r-hs: add support for internal ramp") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- changes in v2: - update commit message - v1 link: https://lore.kernel.org/all/20251027150713.59067-1-linmq006@gmail.com/ --- drivers/iio/dac/ad3552r-hs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/dac/ad3552r-hs.c b/drivers/iio/dac/ad3552r-hs.c index 41b96b48ba98..a9578afa7015 100644 --- a/drivers/iio/dac/ad3552r-hs.c +++ b/drivers/iio/dac/ad3552r-hs.c @@ -549,12 +549,15 @@ static ssize_t ad3552r_hs_write_data_source(struct file *f, guard(mutex)(&st->lock); + if (count >= sizeof(buf)) + return -ENOSPC; + ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); if (ret < 0) return ret; - buf[count] = '\0'; + buf[ret] = '\0'; ret = match_string(dbgfs_attr_source, ARRAY_SIZE(dbgfs_attr_source), buf); -- 2.39.5 (Apple Git-154)

1 day, 9 hours

[PATCH] iio: bmi270_i2c: Add MODULE_DEVICE_TABLE for BMI260/270

by Derek J. Clark

Currently BMI260 & BMI270 devices do not automatically load this driver. To fix this, add missing MODULE_DEVICE_TABLE for the i2c, acpi, and of device tables so the driver will load when the hardware is detected. Tested on my OneXPlayer F1 Pro. Signed-off-by: Derek J. Clark <derekjohn.clark(a)gmail.com> --- drivers/iio/imu/bmi270/bmi270_i2c.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iio/imu/bmi270/bmi270_i2c.c b/drivers/iio/imu/bmi270/bmi270_i2c.c index b909a421ad01..b92da4e0776f 100644 --- a/drivers/iio/imu/bmi270/bmi270_i2c.c +++ b/drivers/iio/imu/bmi270/bmi270_i2c.c @@ -37,6 +37,7 @@ static const struct i2c_device_id bmi270_i2c_id[] = { { "bmi270", (kernel_ulong_t)&bmi270_chip_info }, { } }; +MODULE_DEVICE_TABLE(i2c, bmi270_i2c_id); static const struct acpi_device_id bmi270_acpi_match[] = { /* GPD Win Mini, Aya Neo AIR Pro, OXP Mini Pro, etc. */ @@ -45,12 +46,14 @@ static const struct acpi_device_id bmi270_acpi_match[] = { { "BMI0260", (kernel_ulong_t)&bmi260_chip_info }, { } }; +MODULE_DEVICE_TABLE(acpi, bmi270_acpi_match); static const struct of_device_id bmi270_of_match[] = { { .compatible = "bosch,bmi260", .data = &bmi260_chip_info }, { .compatible = "bosch,bmi270", .data = &bmi270_chip_info }, { } }; +MODULE_DEVICE_TABLE(of, bmi270_of_match); static struct i2c_driver bmi270_i2c_driver = { .driver = { -- 2.51.2

1 day, 9 hours

[PATCH] fuse: Check for large folio with SPLICE_F_MOVE

by Bernd Schubert

xfstest generic/074 and generic/075 complain result in kernel warning messages / page dumps. This is easily reproducible (on 6.19) with CONFIG_TRANSPARENT_HUGEPAGE_SHMEM_HUGE_ALWAYS=y CONFIG_TRANSPARENT_HUGEPAGE_TMPFS_HUGE_ALWAYS=y This just adds a test for large folios fuse_try_move_folio with the same page copy fallback, but to avoid the warnings from fuse_check_folio(). Cc: stable(a)vger.kernel.org Signed-off-by: Bernd Schubert <bschubert(a)ddn.com> Signed-off-by: Horst Birthelmer <hbirthelmer(a)ddn.com> --- fs/fuse/dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 6d59cbc877c6ad06deb6b02eba05a9015228cd05..1f1071d621441b334573ab42b6d820d996bdb00d 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1011,6 +1011,9 @@ static int fuse_try_move_folio(struct fuse_copy_state *cs, struct folio **foliop folio_clear_uptodate(newfolio); folio_clear_mappedtodisk(newfolio); + if (folio_test_large(newfolio)) + goto out_fallback_unlock; + if (fuse_check_folio(newfolio) != 0) goto out_fallback_unlock; --- base-commit: 755bc1335e3b116b702205b72eb57b7b8aef2bb2 change-id: 20260111-fuse_try_move_folio-check-large-folio-823b995dc06c Best regards, -- Bernd Schubert <bschubert(a)ddn.com>

1 day, 10 hours

Re: [PATCH v2] fbdev: bitblit: bound-check glyph index in bit_putcs*

by Vitaly Chikunov

Dear linux-fbdev, stable, On Mon, Oct 20, 2025 at 09:47:01PM +0800, Junjie Cao wrote: > bit_putcs_aligned()/unaligned() derived the glyph pointer from the > character value masked by 0xff/0x1ff, which may exceed the actual font's > glyph count and read past the end of the built-in font array. > Clamp the index to the actual glyph count before computing the address. > > This fixes a global out-of-bounds read reported by syzbot. > > Reported-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 > Tested-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com > Signed-off-by: Junjie Cao <junjie.cao(a)intel.com> This commit is applied to v5.10.247 and causes a regression: when switching VT with ctrl-alt-f2 the screen is blank or completely filled with angle characters, then new text is not appearing (or not visible). This commit is found with git bisect from v5.10.246 to v5.10.247: 0998a6cb232674408a03e8561dc15aa266b2f53b is the first bad commit commit 0998a6cb232674408a03e8561dc15aa266b2f53b Author: Junjie Cao <junjie.cao(a)intel.com> AuthorDate: 2025-10-20 21:47:01 +0800 Commit: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CommitDate: 2025-12-07 06:08:07 +0900 fbdev: bitblit: bound-check glyph index in bit_putcs* commit 18c4ef4e765a798b47980555ed665d78b71aeadf upstream. bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot. Reported-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 Tested-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com Signed-off-by: Junjie Cao <junjie.cao(a)intel.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> drivers/video/fbdev/core/bitblit.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) The minimal reproducer in cli, after kernel is booted: date >/dev/tty2; chvt 2 and the date does not appear. Thanks, #regzbot introduced: 0998a6cb232674408a03e8561dc15aa266b2f53b > --- > v1: https://lore.kernel.org/linux-fbdev/5d237d1a-a528-4205-a4d8-71709134f1e1@su… > v1 -> v2: > - Fix indentation and add blank line after declarations with the .pl helper > - No functional changes > > drivers/video/fbdev/core/bitblit.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/drivers/video/fbdev/core/bitblit.c b/drivers/video/fbdev/core/bitblit.c > index 9d2e59796c3e..085ffb44c51a 100644 > --- a/drivers/video/fbdev/core/bitblit.c > +++ b/drivers/video/fbdev/core/bitblit.c > @@ -79,12 +79,16 @@ static inline void bit_putcs_aligned(struct vc_data *vc, struct fb_info *info, > struct fb_image *image, u8 *buf, u8 *dst) > { > u16 charmask = vc->vc_hi_font_mask ? 0x1ff : 0xff; > + unsigned int charcnt = vc->vc_font.charcount; > u32 idx = vc->vc_font.width >> 3; > u8 *src; > > while (cnt--) { > - src = vc->vc_font.data + (scr_readw(s++)& > - charmask)*cellsize; > + u16 ch = scr_readw(s++) & charmask; > + > + if (ch >= charcnt) > + ch = 0; > + src = vc->vc_font.data + (unsigned int)ch * cellsize; > > if (attr) { > update_attr(buf, src, attr, vc); > @@ -112,14 +116,18 @@ static inline void bit_putcs_unaligned(struct vc_data *vc, > u8 *dst) > { > u16 charmask = vc->vc_hi_font_mask ? 0x1ff : 0xff; > + unsigned int charcnt = vc->vc_font.charcount; > u32 shift_low = 0, mod = vc->vc_font.width % 8; > u32 shift_high = 8; > u32 idx = vc->vc_font.width >> 3; > u8 *src; > > while (cnt--) { > - src = vc->vc_font.data + (scr_readw(s++)& > - charmask)*cellsize; > + u16 ch = scr_readw(s++) & charmask; > + > + if (ch >= charcnt) > + ch = 0; > + src = vc->vc_font.data + (unsigned int)ch * cellsize; > > if (attr) { > update_attr(buf, src, attr, vc); > -- > 2.48.1 >

1 day, 17 hours

+ migrate-correct-lock-ordering-for-hugetlb-file-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: migrate: correct lock ordering for hugetlb file folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is migrate-correct-lock-ordering-for-hugetlb-file-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: migrate: correct lock ordering for hugetlb file folios Date: Fri, 9 Jan 2026 04:13:42 +0000 Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds i_mmap_rwsem(write lock), then tries to acquire folio_lock. migrate_pages() -> migrate_hugetlbs() -> unmap_and_move_huge_page() <- Takes folio_lock! -> remove_migration_ptes() -> __rmap_walk_file() -> i_mmap_lock_read() <- Waits for i_mmap_rwsem(read lock)! hugetlbfs_fallocate() -> hugetlbfs_punch_hole() <- Takes i_mmap_rwsem(write lock)! -> hugetlbfs_zero_partial_page() -> filemap_lock_hugetlb_folio() -> filemap_lock_folio() -> __filemap_get_folio <- Waits for folio_lock! The migration path is the one taking locks in the wrong order according to the documentation at the top of mm/rmap.c. So expand the scope of the existing i_mmap_lock to cover the calls to remove_migration_ptes() too. This is (mostly) how it used to be after commit c0d0381ade79. That was removed by 336bf30eb765 for both file & anon hugetlb pages when it should only have been removed for anon hugetlb pages. Link: https://lkml.kernel.org/r/20260109041345.3863089-2-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 336bf30eb765 ("hugetlbfs: fix anon huge page migration race") Reported-by: syzbot+2d9c96466c978346b55f(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/all/68e9715a.050a0220.1186a4.000d.GAE@google.com Debugged-by: Lance Yang <lance.yang(a)linux.dev> Acked-by: David Hildenbrand (Red Hat) <david(a)kernel.org> Acked-by: Zi Yan <ziy(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Gregory Price <gourry(a)gourry.net> Cc: Jann Horn <jannh(a)google.com> Cc: Joshua Hahn <joshua.hahnjy(a)gmail.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Rakie Kim <rakie.kim(a)sk.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Ying Huang <ying.huang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/mm/migrate.c~migrate-correct-lock-ordering-for-hugetlb-file-folios +++ a/mm/migrate.c @@ -1458,6 +1458,7 @@ static int unmap_and_move_huge_page(new_ int page_was_mapped = 0; struct anon_vma *anon_vma = NULL; struct address_space *mapping = NULL; + enum ttu_flags ttu = 0; if (folio_ref_count(src) == 1) { /* page was freed from under us. So we are done. */ @@ -1498,8 +1499,6 @@ static int unmap_and_move_huge_page(new_ goto put_anon; if (folio_mapped(src)) { - enum ttu_flags ttu = 0; - if (!folio_test_anon(src)) { /* * In shared mappings, try_to_unmap could potentially @@ -1516,16 +1515,17 @@ static int unmap_and_move_huge_page(new_ try_to_migrate(src, ttu); page_was_mapped = 1; - - if (ttu & TTU_RMAP_LOCKED) - i_mmap_unlock_write(mapping); } if (!folio_mapped(src)) rc = move_to_new_folio(dst, src, mode); if (page_was_mapped) - remove_migration_ptes(src, !rc ? dst : src, 0); + remove_migration_ptes(src, !rc ? dst : src, + ttu ? RMP_LOCKED : 0); + + if (ttu & TTU_RMAP_LOCKED) + i_mmap_unlock_write(mapping); unlock_put_anon: folio_unlock(dst); _ Patches currently in -mm which might be from willy(a)infradead.org are migrate-correct-lock-ordering-for-hugetlb-file-folios.patch migrate-replace-rmp_-flags-with-ttu_-flags.patch

1 day, 19 hours

[PATCH] USB: OHCI/UHCI: Add soft dependencies on ehci_hcd

by Huacai Chen

Commit 9beeee6584b9aa4f ("USB: EHCI: log a warning if ehci-hcd is not loaded first") said that ehci-hcd should be loaded before ohci-hcd and uhci-hcd. However, commit 05c92da0c52494ca ("usb: ohci/uhci - add soft dependencies on ehci_pci") only makes ohci-pci/uhci-pci depend on ehci- pci, which is not enough and we may still see the warnings in boot log. So fix it by also making ohci-hcd/uhci-hcd depend on ehci-hcd. Cc: stable(a)vger.kernel.org Reported-by: Shengwen Xiao <atzlinux(a)sina.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/usb/host/ohci-hcd.c | 1 + drivers/usb/host/uhci-hcd.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/usb/host/ohci-hcd.c b/drivers/usb/host/ohci-hcd.c index 9c7f3008646e..549c965b7fbe 100644 --- a/drivers/usb/host/ohci-hcd.c +++ b/drivers/usb/host/ohci-hcd.c @@ -1355,4 +1355,5 @@ static void __exit ohci_hcd_mod_exit(void) clear_bit(USB_OHCI_LOADED, &usb_hcds_loaded); } module_exit(ohci_hcd_mod_exit); +MODULE_SOFTDEP("pre: ehci_hcd"); diff --git a/drivers/usb/host/uhci-hcd.c b/drivers/usb/host/uhci-hcd.c index 14e6dfef16c6..e1a27d01bdbc 100644 --- a/drivers/usb/host/uhci-hcd.c +++ b/drivers/usb/host/uhci-hcd.c @@ -939,3 +939,4 @@ module_exit(uhci_hcd_cleanup); MODULE_AUTHOR(DRIVER_AUTHOR); MODULE_DESCRIPTION(DRIVER_DESC); MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: ehci_hcd"); -- 2.47.3

1 day, 20 hours

[PATCH net 2/3] can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

by Marc Kleine-Budde

In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in gs_can_close(). Fix the memory leak by anchoring the URB in the gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor. Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20260105-gs_usb-fix-memory-leak-v2-1-cc6ed6438034@… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/usb/gs_usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index a0233e550a5a..d093babbc320 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -751,6 +751,8 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) hf, parent->hf_size_rx, gs_usb_receive_bulk_callback, parent); + usb_anchor_urb(urb, &parent->rx_submitted); + rc = usb_submit_urb(urb, GFP_ATOMIC); /* USB failure take down all interfaces */ -- 2.51.0

1 day, 23 hours

← Newer
1
...
7
8
9
10
11
12
13
...
12420
Older →

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror