Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

301 participants
124138 discussions

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.4 release. There are 312 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 08 Jan 2026 17:04:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.4-rc1 Charles Keepax <ckeepax(a)opensource.cirrus.com> Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() Kevin Tian <kevin.tian(a)intel.com> vfio/pci: Disable qword access to the PCI ROM bar Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Enhance the bpf_arch_text_poke() function Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> powercap: intel_rapl: Add support for Nova Lake processors Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> powercap: intel_rapl: Add support for Wildcat Lake platform Damien Le Moal <dlemoal(a)kernel.org> block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() Junbeom Yeom <junbeom.yeom(a)samsung.com> erofs: fix unexpected EIO under memory pressure Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Disallow exporting of PM/FW protected objects Lyude Paul <lyude(a)redhat.com> drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/pagemap, drm/xe: Ensure that the devmem allocation is idle before use Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/svm: Fix a debug printout Krzysztof Niemiec <krzysztof.niemiec(a)intel.com> drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Anna Maniscalco <anna.maniscalco2000(a)gmail.com> drm/msm: add PERFCTR_CNTL to ifpc_reglist Nikolay Kuratov <kniv(a)yandex-team.ru> drm/msm/dpu: Add missing NULL pointer check for pingpong interface Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Drop preempt-fences when destroying imported dma-bufs. Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use usleep_range for accurate long-running workload timeslicing Matthew Brost <matthew.brost(a)intel.com> drm/xe: Adjust long-running workload timeslices to reasonable values Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/eustall: Disallow 0 EU stall property values Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Disallow 0 OA property values Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table Karol Wachowski <karol.wachowski(a)linux.intel.com> drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE René Rebe <rene(a)exactco.de> drm/mgag200: Fix big-endian support Simon Richter <Simon.Richter(a)hogyros.de> drm/ttm: Avoid NULL pointer deref for evicted BOs Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> drm/tilcdc: Fix removal actions in case of failed probe Ard Biesheuvel <ardb(a)kernel.org> drm/i915: Fix format string truncation warning Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Trap handler support for expert scheduling mode Jonathan Kim <jonathan.kim(a)amd.com> drm/amdkfd: bump minimum vgpr size for gfx1151 Mario Limonciello <mario.limonciello(a)amd.com> drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Allocate fwsec-sb at boot Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: ti-sn65dsi83: ignore PLL_UNLOCK errors Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Use OVL_LAYER_SEL configuration instead of use win_mask calculate used layers Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Fix unbind/rebind for VCN 4.0.5 Johan Hovold <johan(a)kernel.org> drm/mediatek: ovl_adaptor: Fix probe device leaks Johan Hovold <johan(a)kernel.org> drm/mediatek: mtk_hdmi: Fix probe device leaks Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe device leaks Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe memory leak Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe resource leaks Miaoqian Lin <linmq006(a)gmail.com> drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/rockchip: Set VOP for the DRM DMA device Sanjay Yadav <sanjay.kumar.yadav(a)intel.com> drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() Thomas Zimmermann <tzimmermann(a)suse.de> drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Separate clear and dirty free block trees Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Optimize free block management with RB tree Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/sdma6: Update SDMA 6.0.3 FW version to include UMQ protected-fence fix Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Natalie Vock <natalie.vock(a)gmx.de> drm/amdgpu: Forward VMID reservation errors Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling Mario Limonciello (AMD) <superm1(a)kernel.org> Revert "drm/amd: Skip power ungate during suspend for VPE" Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for Alienware 16X Aurora Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add AWCC support for Alienware x16 Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for new Area-51 laptops Armin Wolf <W_Armin(a)gmx.de> platform/x86: samsung-galaxybook: Fix problematic pointer cast Xiaolei Wang <xiaolei.wang(a)windriver.com> net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Deepanshu Kartikey <kartikey406(a)gmail.com> net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Miaoqian Lin <linmq006(a)gmail.com> net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Ethan Nelson-Moore <enelsonmoore(a)gmail.com> net: usb: sr9700: fix incorrect command used to write single register Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> nfsd: Drop the client reference in client_states_open() Jeff Layton <jlayton(a)kernel.org> nfsd: use ATTR_DELEG in nfsd4_finalize_deleg_timestamps() Chuck Lever <chuck.lever(a)oracle.com> nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Adjust the jump offset of tail calls Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Enable trampoline-based tracing for module functions Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Save return address register ra to t0 before trampoline Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Sign extend kfunc call arguments Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Zero-extend bpf_tail_call() index Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: Refactor register restoration in ftrace_common_return Ankit Garg <nktgrg(a)google.com> gve: defer interrupt enabling until NAPI registration Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> fjes: Add missing iounmap in fjes_hw_init() Frode Nordahl <fnordahl(a)ubuntu.com> erspan: Initialize options_len before referencing options. Guangshuo Li <lgs201920130244(a)gmail.com> e1000: fix OOB in e1000_tbi_should_accept() Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlwifi: Fix firmware version handling Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/cm: Fix leaking the multicast GID table reference Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly Alice Ryhl <aliceryhl(a)google.com> rust: maple_tree: rcu_read_lock() in destructor to silence lockdep Chenghao Duan <duanchenghao(a)kylinos.cn> samples/ftrace: Adjust LoongArch register restore order in direct calls Wake Liu <wakel(a)google.com> selftests/mm: fix thread state check in uffd-unit-tests Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/mm/page_owner_sort: fix timestamp comparison for stable sorting Rong Zhang <i(a)rong.moe> x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() Ran Xiaokai <ran.xiaokai(a)zte.com.cn> mm/page_owner: fix memory leak in page_owner_stack_fops->release() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/page_alloc: change all pageblocks migrate type on coalescing Matthew Wilcox (Oracle) <willy(a)infradead.org> idr: fix idr_alloc() returning an ID out of range NeilBrown <neil(a)brown.name> lockd: fix vfs_test_lock() calls Pingfan Liu <piliu(a)redhat.com> kernel/kexec: fix IMA when allocation happens in CMA area Pingfan Liu <piliu(a)redhat.com> kernel/kexec: change the prototype of kimage_map_segment() Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: unpoison vms[area] addresses with a common tag Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: refactor pcpu kasan vmalloc unpoison Jiayuan Chen <jiayuan.chen(a)linux.dev> mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection H. Peter Anvin <hpa(a)zytor.com> compiler_types.h: add "auto" as a macro for "__auto_type" Jens Axboe <axboe(a)kernel.dk> af_unix: don't post cmsg for SO_INQ unless explicitly asked for Wentao Liang <vulab(a)iscas.ac.cn> pmdomain: imx: Fix reference count leak in imx_gpc_probe() Macpaul Lin <macpaul.lin(a)mediatek.com> pmdomain: mtk-pm-domains: Fix spinlock recursion fix in probe SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failure on damos_test_commit_filter() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_set_filters_default_reject() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory failure from damon_test_target() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: fix memory leak in damon_test_set_filters_default_reject() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Use unsigned long for _end and _text WangYuli <wangyl5933(a)chinaunicom.cn> LoongArch: Use __pmd()/__pte() for swap entry conversions Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix build errors for CONFIG_RANDSTRUCT Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix arch_dup_task_struct() for CONFIG_RANDSTRUCT Qiang Ma <maqianga(a)uniontech.com> LoongArch: Correct the calculation logic of thread_count Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add new PCI ID for pci_fixup_vgadev() Haoxiang Li <haoxiang_li2024(a)163.com> media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Chen-Yu Tsai <wenst(a)chromium.org> media: mediatek: vcodec: Use spinlock for context list protection lock Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Cancel message work before releasing the VPU core Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Remove vpu_vb_is_codecconfig Johan Hovold <johan(a)kernel.org> media: vpif_display: fix section mismatch Johan Hovold <johan(a)kernel.org> media: vpif_capture: fix section mismatch Haotian Zhang <vulab(a)iscas.ac.cn> media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Protect G2 HEVC decoder against invalid DPB index Duoming Zhou <duoming(a)zju.edu.cn> media: TDA1997x: Remove redundant cancel_delayed_work in probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: samsung: exynos4-is: fix potential ABBA deadlock on init Miaoqian Lin <linmq006(a)gmail.com> media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled Johan Hovold <johan(a)kernel.org> media: platform: mtk-mdp3: fix device leaks at probe Ivan Abramov <i.abramov(a)mt-integration.ru> media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Dikshita Agarwal <dikshita.agarwal(a)oss.qualcomm.com> media: iris: Refine internal buffer reconfiguration logic for resolution change Haotian Zhang <vulab(a)iscas.ac.cn> media: cec: Fix debugfs leak on bus_register() failure René Rebe <rene(a)exactco.de> fbdev: tcx.c fix mem_map to correct smem_start offset Thorsten Blum <thorsten.blum(a)linux.dev> fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Rene Rebe <rene(a)exactco.de> fbdev: gbefb: fix to use physical address instead of dma address Li Chen <chenl311(a)chinatelecom.cn> dm pcache: fix segment info indexing Li Chen <chenl311(a)chinatelecom.cn> dm pcache: fix cache info indexing Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: align write boundary on physical block size Uladzislau Rezki (Sony) <urezki(a)gmail.com> dm-ebs: Mark full buffer dirty even on partial write Mahesh Rao <mahesh.rao(a)altera.com> firmware: stratix10-svc: Add mutex in stratix10 memory management Ivan Abramov <i.abramov(a)mt-integration.ru> media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() David Hildenbrand <david(a)kernel.org> powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION David Hildenbrand <david(a)kernel.org> powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages Krzysztof Kozlowski <krzk(a)kernel.org> power: supply: max77705: Fix potential IRQ chip conflict when probing two devices Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> PCI: meson: Fix parsing the DBI register region Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix disabling L0s capability Sven Schnelle <svens(a)stackframe.org> parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Sven Schnelle <svens(a)stackframe.org> parisc: entry.S: fix space adjustment on interruption for 64-bit userspace Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvmet: pci-epf: move DMA initialization to EPC init callback Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make FILE_SYNC WRITEs comply with spec Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips Christian Marangi <ansuelsmth(a)gmail.com> mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS Patrice Chotard <patrice.chotard(a)foss.st.com> arm64: dts: st: Add memory-region-names property for stm32mp257f-ev1 Paresh Bhagat <p-bhagat(a)ti.com> arm64: dts: ti: k3-am62d2-evm: Fix PMIC padconfig Paresh Bhagat <p-bhagat(a)ti.com> arm64: dts: ti: k3-am62d2-evm: Fix regulator properties Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix CPU stalls on G2 bus error Haotian Zhang <vulab(a)iscas.ac.cn> media: rc: st_rc: Fix reset control resource leak Krzysztof Kozlowski <krzk(a)kernel.org> mfd: max77620: Fix potential IRQ chip conflict when probing two devices Johan Hovold <johan(a)kernel.org> mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix dependencies of QCS_{DISP,GPU,VIDEO}CC_615 Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SM_VIDEOCC_6350 dependencies Alexey Minnekhanov <alexeymin(a)postmarketos.org> clk: qcom: mmcc-sdm660: Add missing MDSS reset Nathan Chancellor <nathan(a)kernel.org> clk: samsung: exynos-clkout: Assign .num before accessing .hws Damien Le Moal <dlemoal(a)kernel.org> block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Enable chip before any communication Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Allow LED 0 to be added to module bank Thomas Weißschuh <linux(a)weissschuh.net> leds: leds-cros_ec: Skip LEDs without color components Kairui Song <kasong(a)tencent.com> mm, swap: do not perform synchronous discard during allocation Donet Tom <donettom(a)linux.ibm.com> powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dave Vasilevsky <dave(a)vasilevsky.ca> powerpc, mm: Fix mprotect on book3s 32-bit Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Lukas Wunner <lukas(a)wunner.de> PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Shengming Hu <hu.shengming(a)zte.com.cn> fgraph: Check ftrace_pids_enabled on registration for early filtering Shengming Hu <hu.shengming(a)zte.com.cn> fgraph: Initialize ftrace_ops->private for function graph ops Raghavendra Rao Ananta <rananta(a)google.com> hisi_acc_vfio_pci: Add .match_token_uuid callback in hisi_acc_vfio_pci_migrn_ops Hans de Goede <johannes.goede(a)oss.qualcomm.com> HID: logitech-dj: Remove duplicate error logging Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Fix off-by-one error in dell_smm_is_visible() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: disable SVA when CONFIG_X86 is set Johan Hovold <johan(a)kernel.org> iommu/tegra: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/sun50i: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/qcom: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/omap: fix device leaks on probe_device() Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leaks on probe() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/ipmmu-vmsa: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/exynos: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/apple-dart: fix device leak on of_xlate() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6adm: the the copp device only during last instance Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6asm-dai: perform correct state check before closing Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr Ma Ke <make24(a)iscas.ac.cn> ASoC: codecs: Fix error handling in pm4125 audio codec driver Eric Naim <dnaim(a)cachyos.org> ASoC: cs35l41: Always return 0 when a subsystem ID is found Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: codecs: lpass-tx-macro: fix SM6115 support Krzysztof Kozlowski <krzk(a)kernel.org> ASoC: codecs: pm4125: Remove irq_chip on component unbind Krzysztof Kozlowski <krzk(a)kernel.org> ASoC: codecs: pm4125: Fix potential conflict when probing two devices Ma Ke <make24(a)iscas.ac.cn> ASoC: codecs: wcd937x: Fix error handling in wcd937x codec driver Biju Das <biju.das.jz(a)bp.renesas.com> ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width Biju Das <biju.das.jz(a)bp.renesas.com> ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix OF node leak on probe Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix clk prepare imbalance on probe failure Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix device leak on probe Johan Hovold <johan(a)kernel.org> ASoC: codecs: wcd939x: fix regmap leak on probe failure Matthew Wilcox (Oracle) <willy(a)infradead.org> ntfs: Do not overwrite uptodate pages Damien Le Moal <dlemoal(a)kernel.org> block: handle zone management operations completions Yipeng Zou <zouyipeng(a)huawei.com> selftests/ftrace: traceonoff_triggers: strip off names Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: skip CPU offline notify on unmapped hctx Thomas Fourier <fourier.thomas(a)gmail.com> RDMA/bnxt_re: fix dma_free_coherent() pointer Honggang LI <honggangli(a)163.com> RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Li Zhijian <lizhijian(a)fujitsu.com> IB/rxe: Fix missing umem_odp->umem_mutex unlock on error path Zilin Guan <zilin(a)seu.edu.cn> ksmbd: Fix memory leak in get_file_all_info() Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/xe/guc: READ/WRITE_ONCE g2h_fence->done Ming Lei <ming.lei(a)redhat.com> ublk: scan partition in async way Ming Lei <ming.lei(a)redhat.com> ublk: implement NUMA-aware memory allocation Tuo Li <islituo(a)gmail.com> md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() Li Nan <linan122(a)huawei.com> md: Fix static checker warning in analyze_sbs Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to use correct page size for PDE table David Gow <davidgow(a)google.com> kunit: Enforce task execution in {soft,hard}irq contexts Ding Hui <dinghui(a)sangfor.com.cn> RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem-shmem: Fix the MODULE_LICENSE() string Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() Jang Ingyu <ingyujang25(a)korea.ac.kr> RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Remove possible negative shift Michal Schmidt <mschmidt(a)redhat.com> RDMA/irdma: avoid invalid read in irdma_net_event Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: check cqe length for kernel CQs Arnd Bergmann <arnd(a)arndb.de> RDMA/irdma: Fix irdma_alloc_ucontext_resp padding Arnd Bergmann <arnd(a)arndb.de> RDMA/ucma: Fix rdma_ucm_query_ib_service_resp struct padding Jiayuan Chen <jiayuan.chen(a)linux.dev> ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT Pwnverse <stanksal(a)purdue.edu> net: rose: fix invalid array index in rose_kill_by_device() Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net: fib: restore ECMP balance from loopback Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix reference count leak when using error routes with nexthop objects Will Rosenberg <whrosenb(a)asu.edu> ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() Wei Fang <wei.fang(a)nxp.com> net: stmmac: fix the crash issue for zero copy XDP_TX action Anshumali Gaur <agaur(a)marvell.com> octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/x86/intel/pmt/discovery: use valid device pointer in dev_err_probe Junrui Luo <moonafterrain(a)outlook.com> platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing Zilin Guan <zilin(a)seu.edu.cn> vfio/pds: Fix memory leak in pds_vfio_dirty_enable() Kohei Enju <enjuk(a)amazon.com> tools/sched_ext: fix scx_show_state.py for scx_root change Bagas Sanjaya <bagasdotme(a)gmail.com> net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Deepanshu Kartikey <kartikey406(a)gmail.com> net: usb: asix: validate PHY address before use Rosen Penev <rosenp(a)gmail.com> net: mdio: rtl9300: use scoped for loops Jose Javier Rodriguez Barbarin <dev-josejavier.rodriguez(a)duagon.com> mcb: Add missing modpost build support Thomas De Schampheleire <thomas.de_schampheleire(a)nokia.com> kbuild: fix compilation of dtb specified on command-line without make rule Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: skip multicast entries for fdb_dump() Rajashekar Hudumula <rajashekar.hudumula(a)broadcom.com> bng_en: update module description Thomas Fourier <fourier.thomas(a)gmail.com> firewire: nosy: Fix dma_free_coherent() size Andrew Morton <akpm(a)linux-foundation.org> genalloc.h: fix htmldocs warning Yeoreum Yun <yeoreum.yun(a)arm.com> smc91x: fix broken irq-context in PREEMPT_RT Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> platform/x86/intel/pmt: Fix kobject memory leak on init failure Arnd Bergmann <arnd(a)arndb.de> net: wangxun: move PHYLINK dependency Alice C. Munduruca <alice.munduruca(a)canonical.com> selftests: net: fix "buffer overflow detected" for tap.c Deepakkumar Karn <dkarn(a)redhat.com> net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Daniel Zahka <daniel.zahka(a)gmail.com> selftests: drv-net: psp: fix test names in ipver_test_builder() Daniel Zahka <daniel.zahka(a)gmail.com> selftests: drv-net: psp: fix templated test names in psp_ip_ver_test_builder() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: reset retries and mode on RX adapt failures Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: properly keep track of conduit reference Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Move net_devs registration in a dedicated routine Jiri Pirko <jiri(a)resnulli.us> team: fix check for port enabled in team_queue_override_port_prio_changed() Junrui Luo <moonafterrain(a)outlook.com> platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic Thomas Fourier <fourier.thomas(a)gmail.com> platform/x86: msi-laptop: add missing sysfs_remove_group() Shravan Kumar Ramani <shravankr(a)nvidia.com> platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names Jan Stancek <jstancek(a)redhat.com> powerpc/tools: drop `-o pipefail` in gcc check scripts Eric Dumazet <edumazet(a)google.com> ip6_gre: make ip6gre_header() robust Toke Høiland-Jørgensen <toke(a)redhat.com> net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Jacky Chou <jacky_chou(a)aspeedtech.com> net: mdio: aspeed: add dummy read to avoid read-after-write issue Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: revert use of devm_kzalloc in btusb Pauli Virtanen <pav(a)iki.fi> Bluetooth: MGMT: report BIS capability flags in supported settings Herbert Xu <herbert(a)gondor.apana.org.au> crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Chen Ridong <chenridong(a)huawei.com> cpuset: fix warning when disabling remote partition Brian Vazquez <brianvv(a)google.com> idpf: reduce mbx_task schedule delay to 300us Larysa Zaremba <larysa.zaremba(a)intel.com> idpf: fix LAN memory regions command on some NVMs Kohei Enju <enjuk(a)amazon.com> iavf: fix off-by-one issues in iavf_config_rss_reg() Gregory Herrero <gregory.herrero(a)oracle.com> i40e: validate ring_len parameter against hardware-specific values Przemyslaw Korba <przemyslaw.korba(a)intel.com> i40e: fix scheduling in set_rx_mode Liang Jie <liangjie(a)lixiang.com> sched_ext: fix uninitialized ret on alloc_percpu() failure Aloka Dixit <aloka.dixit(a)oss.qualcomm.com> wifi: mac80211: do not use old MBSSID elements Dan Carpenter <dan.carpenter(a)linaro.org> wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Morning Star <alexbestoso(a)gmail.com> wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: limit indirect IO under powered off for RTL8822CS Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't attach the tlb fence for SI Jani Nikula <jani.nikula(a)intel.com> drm/displayid: add quirk to ignore DisplayID checksum errors Jani Nikula <jani.nikula(a)intel.com> drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: Fix gmap_helper_zap_one_page() again Wei Yang <richard.weiyang(a)gmail.com> mm/huge_memory: merge uniform_split_supported() and non_uniform_split_supported() Zqiang <qiang.zhang(a)linux.dev> sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks Peter Zijlstra <peterz(a)infradead.org> sched/eevdf: Fix min_vruntime vs avg_vruntime Peter Zijlstra <peterz(a)infradead.org> sched/core: Add comment explaining force-idle vruntime snapshots Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Select which microcode patch to load Danilo Krummrich <dakr(a)kernel.org> drm: nova: depend on CONFIG_64BIT Fernand Sieber <sieberf(a)amazon.com> sched/proxy: Yield the donor task ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 +- arch/arm64/boot/dts/st/stm32mp257f-ev1.dts | 1 + arch/arm64/boot/dts/ti/k3-am62d2-evm.dts | 9 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 +- arch/loongarch/include/asm/pgtable.h | 4 +- arch/loongarch/kernel/mcount_dyn.S | 14 +- arch/loongarch/kernel/process.c | 5 + arch/loongarch/kernel/relocate.c | 4 +- arch/loongarch/kernel/setup.c | 8 +- arch/loongarch/kernel/switch.S | 4 +- arch/loongarch/net/bpf_jit.c | 58 ++- arch/loongarch/net/bpf_jit.h | 26 ++ arch/loongarch/pci/pci.c | 2 + arch/parisc/kernel/asm-offsets.c | 2 + arch/parisc/kernel/entry.S | 16 +- arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 +- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/kernel/process.c | 5 - arch/powerpc/mm/book3s32/tlb.c | 9 + arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/slb.c | 88 ----- arch/powerpc/platforms/pseries/cmm.c | 3 +- .../tools/gcc-check-fpatchable-function-entry.sh | 1 - arch/powerpc/tools/gcc-check-mprofile-kernel.sh | 1 - arch/s390/mm/gmap_helpers.c | 9 +- arch/x86/events/amd/uncore.c | 5 +- arch/x86/kernel/cpu/microcode/amd.c | 115 +++--- block/blk-mq.c | 2 +- block/blk-zoned.c | 152 +++++--- block/blk.h | 14 + crypto/seqiv.c | 8 +- drivers/block/ublk_drv.c | 119 +++++-- drivers/bluetooth/btusb.c | 12 +- drivers/clk/qcom/Kconfig | 4 + drivers/clk/qcom/mmcc-sdm660.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 2 +- drivers/firewire/nosy.c | 10 +- drivers/firmware/stratix10-svc.c | 11 + drivers/gpio/gpiolib-swnode.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 27 ++ drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 27 ++ drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 2 + drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 62 ++-- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 37 ++ drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 4 + drivers/gpu/drm/bridge/ti-sn65dsi83.c | 11 +- drivers/gpu/drm/drm_buddy.c | 390 +++++++++++++-------- drivers/gpu/drm/drm_displayid.c | 41 ++- drivers/gpu/drm/drm_displayid_internal.h | 2 + drivers/gpu/drm/drm_gem.c | 8 +- drivers/gpu/drm/drm_gem_shmem_helper.c | 2 +- drivers/gpu/drm/drm_pagemap.c | 17 +- drivers/gpu/drm/gma500/fbdev.c | 43 --- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 +- drivers/gpu/drm/i915/intel_memory_region.h | 2 +- drivers/gpu/drm/imagination/pvr_gem.c | 11 + drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 33 +- drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 2 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 12 + drivers/gpu/drm/mediatek/mtk_dp.c | 1 + drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 15 + drivers/gpu/drm/mgag200/mgag200_mode.c | 25 ++ drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 1 + drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 10 +- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 + drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 61 +++- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/priv.h | 3 + .../gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c | 10 +- drivers/gpu/drm/nova/Kconfig | 1 + drivers/gpu/drm/rockchip/rockchip_drm_drv.c | 3 + drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 49 ++- drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 +- drivers/gpu/drm/tilcdc/tilcdc_drv.c | 53 ++- drivers/gpu/drm/tilcdc/tilcdc_drv.h | 2 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 + drivers/gpu/drm/xe/xe_bo.c | 15 +- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- drivers/gpu/drm/xe/xe_eu_stall.c | 2 +- drivers/gpu/drm/xe/xe_guc_ct.c | 14 +- drivers/gpu/drm/xe/xe_guc_submit.c | 20 +- drivers/gpu/drm/xe/xe_migrate.c | 25 +- drivers/gpu/drm/xe/xe_migrate.h | 6 +- drivers/gpu/drm/xe/xe_oa.c | 10 +- drivers/gpu/drm/xe/xe_svm.c | 51 ++- drivers/gpu/drm/xe/xe_vm.c | 5 +- drivers/gpu/drm/xe/xe_vm_types.h | 2 +- drivers/hid/hid-logitech-dj.c | 56 ++- drivers/hwmon/dell-smm-hwmon.c | 4 +- drivers/infiniband/core/addr.c | 33 +- drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/device.c | 4 +- drivers/infiniband/core/verbs.c | 2 +- drivers/infiniband/hw/bnxt_re/hw_counters.h | 6 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 +- drivers/infiniband/hw/efa/efa_verbs.c | 4 - drivers/infiniband/hw/irdma/utils.c | 3 +- drivers/infiniband/hw/mana/cq.c | 4 + drivers/infiniband/sw/rxe/rxe_odp.c | 4 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 + drivers/iommu/amd/init.c | 15 +- drivers/iommu/amd/iommu.c | 2 +- drivers/iommu/apple-dart.c | 2 + drivers/iommu/arm/arm-smmu/qcom_iommu.c | 10 +- drivers/iommu/exynos-iommu.c | 9 +- drivers/iommu/iommu-sva.c | 3 + drivers/iommu/ipmmu-vmsa.c | 2 + drivers/iommu/mtk_iommu.c | 2 + drivers/iommu/mtk_iommu_v1.c | 25 +- drivers/iommu/omap-iommu.c | 2 +- drivers/iommu/omap-iommu.h | 2 - drivers/iommu/sun50i-iommu.c | 2 + drivers/iommu/tegra-smmu.c | 5 +- drivers/leds/leds-cros_ec.c | 5 +- drivers/leds/leds-lp50xx.c | 67 ++-- drivers/md/dm-bufio.c | 10 +- drivers/md/dm-ebs-target.c | 2 +- drivers/md/dm-pcache/cache.c | 5 +- drivers/md/dm-pcache/cache_segment.c | 5 +- drivers/md/md.c | 5 +- drivers/md/raid5.c | 10 +- drivers/media/cec/core/cec-core.c | 1 + .../media/common/videobuf2/videobuf2-dma-contig.c | 1 + drivers/media/i2c/adv7604.c | 4 +- drivers/media/i2c/adv7842.c | 11 +- drivers/media/i2c/imx219.c | 9 +- drivers/media/i2c/msp3400-kthreads.c | 2 + drivers/media/i2c/tda1997x.c | 1 - drivers/media/platform/amphion/vpu_malone.c | 23 +- drivers/media/platform/amphion/vpu_v4l2.c | 16 +- drivers/media/platform/amphion/vpu_v4l2.h | 10 - .../media/platform/mediatek/mdp3/mtk-mdp3-core.c | 14 + .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 14 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 12 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 5 +- .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 12 +- .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 +- .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 5 +- drivers/media/platform/qcom/iris/iris_common.c | 7 +- drivers/media/platform/renesas/rcar_drif.c | 1 + .../media/platform/samsung/exynos4-is/media-dev.c | 10 +- drivers/media/platform/ti/davinci/vpif_capture.c | 4 +- drivers/media/platform/ti/davinci/vpif_display.c | 4 +- drivers/media/platform/verisilicon/hantro_g2.c | 84 ++++- .../platform/verisilicon/hantro_g2_hevc_dec.c | 17 +- .../media/platform/verisilicon/hantro_g2_regs.h | 13 + .../media/platform/verisilicon/hantro_g2_vp9_dec.c | 2 - drivers/media/platform/verisilicon/hantro_hw.h | 1 + drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 + drivers/media/rc/st_rc.c | 2 +- drivers/mfd/altera-sysmgr.c | 2 + drivers/mfd/max77620.c | 15 +- drivers/mtd/mtdpart.c | 7 +- drivers/mtd/spi-nor/winbond.c | 24 ++ drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/ethernet/airoha/airoha_eth.c | 39 ++- drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 2 + drivers/net/ethernet/broadcom/Kconfig | 8 +- drivers/net/ethernet/broadcom/bnge/bnge.h | 2 +- drivers/net/ethernet/broadcom/bnge/bnge_core.c | 2 +- drivers/net/ethernet/cadence/macb_main.c | 3 +- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_utils.c | 2 + drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 11 + drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 - drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 4 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 2 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 + drivers/net/ethernet/smsc/smc91x.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 17 +- drivers/net/ethernet/wangxun/Kconfig | 4 +- drivers/net/fjes/fjes_hw.c | 12 +- drivers/net/mdio/mdio-aspeed.c | 7 + drivers/net/mdio/mdio-realtek-rtl9300.c | 6 +- drivers/net/phy/mediatek/mtk-ge-soc.c | 2 +- drivers/net/team/team_core.c | 2 +- drivers/net/usb/asix_common.c | 5 + drivers/net/usb/ax88172a.c | 6 +- drivers/net/usb/rtl8150.c | 2 + drivers/net/usb/sr9700.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/trx.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 4 +- drivers/nvme/target/pci-epf.c | 4 +- drivers/pci/controller/dwc/pci-meson.c | 18 +- drivers/pci/controller/dwc/pcie-designware.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 10 +- drivers/pci/pci-driver.c | 4 + drivers/platform/mellanox/mlxbf-pmc.c | 14 +- drivers/platform/x86/dell/alienware-wmi-wmax.c | 32 ++ .../platform/x86/hp/hp-bioscfg/enum-attributes.c | 4 +- .../platform/x86/hp/hp-bioscfg/int-attributes.c | 2 +- .../x86/hp/hp-bioscfg/order-list-attributes.c | 5 + .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 5 + .../platform/x86/hp/hp-bioscfg/string-attributes.c | 2 +- drivers/platform/x86/ibm_rtl.c | 2 +- drivers/platform/x86/intel/pmt/discovery.c | 8 +- drivers/platform/x86/msi-laptop.c | 3 + drivers/platform/x86/samsung-galaxybook.c | 9 +- drivers/pmdomain/imx/gpc.c | 5 +- drivers/pmdomain/mediatek/mtk-pm-domains.c | 21 +- drivers/power/supply/max77705_charger.c | 14 +- drivers/powercap/intel_rapl_common.c | 3 + drivers/powercap/intel_rapl_msr.c | 3 + drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 1 + drivers/vfio/pci/nvgrace-gpu/main.c | 4 +- drivers/vfio/pci/pds/dirty.c | 7 +- drivers/vfio/pci/vfio_pci_rdwr.c | 25 +- drivers/video/fbdev/gbefb.c | 5 +- drivers/video/fbdev/pxafb.c | 12 +- drivers/video/fbdev/tcx.c | 2 +- fs/erofs/zdata.c | 10 +- fs/lockd/svc4proc.c | 4 +- fs/lockd/svclock.c | 21 +- fs/lockd/svcproc.c | 5 +- fs/locks.c | 12 +- fs/nfsd/nfs4state.c | 20 +- fs/nfsd/vfs.c | 14 +- fs/ntfs3/frecord.c | 35 +- fs/smb/server/smb2pdu.c | 4 +- include/drm/drm_buddy.h | 11 +- include/drm/drm_edid.h | 6 + include/drm/drm_pagemap.h | 17 +- include/kunit/run-in-irq-context.h | 53 +-- include/linux/compiler_types.h | 13 + include/linux/genalloc.h | 1 + include/linux/huge_mm.h | 8 +- include/linux/kasan.h | 16 + include/linux/kexec.h | 4 +- include/linux/mm.h | 8 +- include/linux/vfio_pci_core.h | 10 +- include/net/dsa.h | 1 + include/uapi/rdma/irdma-abi.h | 2 +- include/uapi/rdma/rdma_user_cm.h | 4 +- kernel/cgroup/cpuset.c | 21 +- kernel/kexec_core.c | 16 +- kernel/sched/deadline.c | 2 +- kernel/sched/debug.c | 8 +- kernel/sched/ext.c | 22 +- kernel/sched/fair.c | 249 +++++++++---- kernel/sched/rt.c | 2 +- kernel/sched/sched.h | 4 +- kernel/sched/syscalls.c | 5 +- kernel/trace/fgraph.c | 10 +- lib/idr.c | 2 + mm/damon/tests/core-kunit.h | 132 ++++++- mm/damon/tests/sysfs-kunit.h | 25 ++ mm/damon/tests/vaddr-kunit.h | 26 +- mm/huge_memory.c | 71 ++-- mm/kasan/common.c | 32 ++ mm/kasan/hw_tags.c | 2 +- mm/kasan/shadow.c | 4 +- mm/page_alloc.c | 24 +- mm/page_owner.c | 2 +- mm/swapfile.c | 40 ++- mm/vmalloc.c | 8 +- net/bluetooth/mgmt.c | 6 + net/bridge/br_private.h | 1 + net/dsa/dsa.c | 67 ++-- net/ipv4/fib_semantics.c | 26 +- net/ipv4/fib_trie.c | 7 +- net/ipv4/ip_gre.c | 6 +- net/ipv6/calipso.c | 3 +- net/ipv6/ip6_gre.c | 15 +- net/ipv6/route.c | 13 +- net/mac80211/cfg.c | 10 - net/mac80211/rx.c | 5 + net/mptcp/options.c | 10 + net/mptcp/protocol.h | 6 +- net/mptcp/subflow.c | 6 - net/nfc/core.c | 9 +- net/openvswitch/vport-netdev.c | 17 +- net/rose/af_rose.c | 2 +- net/unix/af_unix.c | 11 +- net/wireless/sme.c | 2 +- rust/kernel/maple_tree.rs | 11 +- samples/ftrace/ftrace-direct-modify.c | 8 +- samples/ftrace/ftrace-direct-multi-modify.c | 8 +- samples/ftrace/ftrace-direct-multi.c | 4 +- samples/ftrace/ftrace-direct-too.c | 4 +- samples/ftrace/ftrace-direct.c | 4 +- scripts/Makefile.build | 26 +- scripts/mod/devicetable-offsets.c | 3 + scripts/mod/file2alias.c | 9 + security/integrity/ima/ima_kexec.c | 4 +- sound/soc/codecs/cs35l41.c | 7 +- sound/soc/codecs/lpass-tx-macro.c | 3 +- sound/soc/codecs/pm4125.c | 40 ++- sound/soc/codecs/wcd937x.c | 43 ++- sound/soc/codecs/wcd939x-sdw.c | 8 +- sound/soc/qcom/qdsp6/q6adm.c | 146 ++++---- sound/soc/qcom/qdsp6/q6apm-dai.c | 2 + sound/soc/qcom/qdsp6/q6asm-dai.c | 7 +- sound/soc/qcom/sc7280.c | 2 +- sound/soc/qcom/sc8280xp.c | 2 +- sound/soc/qcom/sdw.c | 105 +++--- sound/soc/qcom/sdw.h | 1 + sound/soc/qcom/sm8250.c | 2 +- sound/soc/qcom/x1e80100.c | 2 +- sound/soc/renesas/rz-ssi.c | 64 +++- sound/soc/stm/stm32_sai.c | 14 +- sound/soc/stm/stm32_sai_sub.c | 51 ++- tools/mm/page_owner_sort.c | 6 +- tools/sched_ext/scx_show_state.py | 7 +- tools/testing/radix-tree/idr-test.c | 21 ++ tools/testing/selftests/drivers/net/psp.py | 6 +- .../test.d/ftrace/func_traceonoff_triggers.tc | 5 +- tools/testing/selftests/mm/uffd-unit-tests.c | 2 +- tools/testing/selftests/net/tap.c | 16 +- 326 files changed, 3276 insertions(+), 1649 deletions(-)

4 days, 6 hours

+ x86-kfence-avoid-writing-l1tf-vulnerable-ptes.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: x86/kfence: avoid writing L1TF-vulnerable PTEs has been added to the -mm mm-hotfixes-unstable branch. Its filename is x86-kfence-avoid-writing-l1tf-vulnerable-ptes.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Andrew Cooper <andrew.cooper3(a)citrix.com> Subject: x86/kfence: avoid writing L1TF-vulnerable PTEs Date: Tue, 6 Jan 2026 18:04:26 +0000 For native, the choice of PTE is fine. There's real memory backing the non-present PTE. However, for XenPV, Xen complains: (XEN) d1 L1TF-vulnerable L1e 8010000018200066 - Shadowing To explain, some background on XenPV pagetables: Xen PV guests are control their own pagetables; they choose the new PTE value, and use hypercalls to make changes so Xen can audit for safety. In addition to a regular reference count, Xen also maintains a type reference count. e.g. SegDesc (referenced by vGDT/vLDT), Writable (referenced with _PAGE_RW) or L{1..4} (referenced by vCR3 or a lower pagetable level). This is in order to prevent e.g. a page being inserted into the pagetables for which the guest has a writable mapping. For non-present mappings, all other bits become software accessible, and typically contain metadata rather a real frame address. There is nothing that a reference count could sensibly be tied to. As such, even if Xen could recognise the address as currently safe, nothing would prevent that frame from changing owner to another VM in the future. When Xen detects a PV guest writing a L1TF-PTE, it responds by activating shadow paging. This is normally only used for the live phase of migration, and comes with a reasonable overhead. KFENCE only cares about getting #PF to catch wild accesses; it doesn't care about the value for non-present mappings. Use a fully inverted PTE, to avoid hitting the slow path when running under Xen. While adjusting the logic, take the opportunity to skip all actions if the PTE is already in the right state, half the number PVOps callouts, and skip TLB maintenance on a !P -> P transition which benefits non-Xen cases too. Link: https://lkml.kernel.org/r/20260106180426.710013-1-andrew.cooper3@citrix.com Fixes: 1dc0da6e9ec0 ("x86, kfence: enable KFENCE for x86") Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Tested-by: Marco Elver <elver(a)google.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/include/asm/kfence.h | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) --- a/arch/x86/include/asm/kfence.h~x86-kfence-avoid-writing-l1tf-vulnerable-ptes +++ a/arch/x86/include/asm/kfence.h @@ -42,10 +42,34 @@ static inline bool kfence_protect_page(u { unsigned int level; pte_t *pte = lookup_address(addr, &level); + pteval_t val; if (WARN_ON(!pte || level != PG_LEVEL_4K)) return false; + val = pte_val(*pte); + + /* + * protect requires making the page not-present. If the PTE is + * already in the right state, there's nothing to do. + */ + if (protect != !!(val & _PAGE_PRESENT)) + return true; + + /* + * Otherwise, invert the entire PTE. This avoids writing out an + * L1TF-vulnerable PTE (not present, without the high address bits + * set). + */ + set_pte(pte, __pte(~val)); + + /* + * If the page was protected (non-present) and we're making it + * present, there is no need to flush the TLB at all. + */ + if (!protect) + return true; + /* * We need to avoid IPIs, as we may get KFENCE allocations or faults * with interrupts disabled. Therefore, the below is best-effort, and @@ -53,11 +77,6 @@ static inline bool kfence_protect_page(u * lazy fault handling takes care of faults after the page is PRESENT. */ - if (protect) - set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT)); - else - set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT)); - /* * Flush this CPU's TLB, assuming whoever did the allocation/free is * likely to continue running on this CPU. _ Patches currently in -mm which might be from andrew.cooper3(a)citrix.com are x86-kfence-avoid-writing-l1tf-vulnerable-ptes.patch

4 days, 6 hours

[PATCH] ACPI: bus: Use OF match data for PRP0001 matched devices

by Kartik Rajput

When a device is matched via PRP0001, the driver's OF (DT) match table must be used to obtain the device match data. If a driver provides both an acpi_match_table and an of_match_table, the current acpi_device_get_match_data() path consults the driver's acpi_match_table and returns NULL (no ACPI ID matches). Explicitly detect PRP0001 and fetch match data from the driver's of_match_table via acpi_of_device_get_match_data(). Fixes: 886ca88be6b3 ("ACPI / bus: Respect PRP0001 when retrieving device match data") Cc: stable(a)vger.kernel.org Signed-off-by: Kartik Rajput <kkartik(a)nvidia.com> --- drivers/acpi/bus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c index 5e110badac7b..4cd425fffa97 100644 --- a/drivers/acpi/bus.c +++ b/drivers/acpi/bus.c @@ -1031,8 +1031,9 @@ const void *acpi_device_get_match_data(const struct device *dev) { const struct acpi_device_id *acpi_ids = dev->driver->acpi_match_table; const struct acpi_device_id *match; + struct acpi_device = ACPI_COMPANION(dev); - if (!acpi_ids) + if (!strcmp(ACPI_DT_NAMESPACE_HID, acpi_device_hid(adev)) return acpi_of_device_get_match_data(dev); match = acpi_match_device(acpi_ids, dev); -- 2.43.0

4 days, 7 hours

[PATCH] cpufreq/amd-pstate: Fix MinPerf MSR value for performance policy

by Juan Martinez

When the CPU frequency policy is set to CPUFREQ_POLICY_PERFORMANCE (which occurs when EPP hint is set to "performance"), the driver incorrectly sets the MinPerf field in CPPC request MSR to nominal_perf instead of lowest_nonlinear_perf. According to the AMD architectural programmer's manual volume 2 [1], in section "17.6.4.1 CPPC_CAPABILITY_1", lowest_nonlinear_perf represents the most energy efficient performance level (in terms of performance per watt). The MinPerf field should be set to this value even in performance mode to maintain proper power/performance characteristics. This fixes a regression introduced by commit 0c411b39e4f4c ("amd-pstate: Set min_perf to nominal_perf for active mode performance gov"), which correctly identified that highest_perf was too high but chose nominal_perf as an intermediate value instead of lowest_nonlinear_perf. The fix changes amd_pstate_update_min_max_limit() to use lowest_nonlinear_perf instead of nominal_perf when the policy is CPUFREQ_POLICY_PERFORMANCE. [1] https://docs.amd.com/v/u/en-US/24593_3.43 AMD64 Architecture Programmer's Manual Volume 2: System Programming Section 17.6.4.1 CPPC_CAPABILITY_1 (Referenced in commit 5d9a354cf839a) Fixes: 0c411b39e4f4c ("amd-pstate: Set min_perf to nominal_perf for active mode performance gov") Tested-by: Kaushik Reddy S <kaushik.reddys(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Juan Martinez <juan.martinez(a)amd.com> --- drivers/cpufreq/amd-pstate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index e4f1933dd7d47..de0bb5b325502 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -634,8 +634,8 @@ static void amd_pstate_update_min_max_limit(struct cpufreq_policy *policy) WRITE_ONCE(cpudata->max_limit_freq, policy->max); if (cpudata->policy == CPUFREQ_POLICY_PERFORMANCE) { - perf.min_limit_perf = min(perf.nominal_perf, perf.max_limit_perf); - WRITE_ONCE(cpudata->min_limit_freq, min(cpudata->nominal_freq, cpudata->max_limit_freq)); + perf.min_limit_perf = min(perf.lowest_nonlinear_perf, perf.max_limit_perf); + WRITE_ONCE(cpudata->min_limit_freq, min(cpudata->lowest_nonlinear_freq, cpudata->max_limit_freq)); } else { perf.min_limit_perf = freq_to_perf(perf, cpudata->nominal_freq, policy->min); WRITE_ONCE(cpudata->min_limit_freq, policy->min); -- 2.34.1

4 days, 8 hours

[PATCH mm-hotfixes] mm/page_alloc: prevent pcp corruption with SMP=n

by Vlastimil Babka

The kernel test robot has reported: BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28 lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0 CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470 Call Trace: <IRQ> __dump_stack (lib/dump_stack.c:95) dump_stack_lvl (lib/dump_stack.c:123) dump_stack (lib/dump_stack.c:130) spin_dump (kernel/locking/spinlock_debug.c:71) do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?) _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138) __free_frozen_pages (mm/page_alloc.c:2973) ___free_pages (mm/page_alloc.c:5295) __free_pages (mm/page_alloc.c:5334) tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290) ? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289) ? rcu_core (kernel/rcu/tree.c:?) rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861) rcu_core_si (kernel/rcu/tree.c:2879) handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623) __irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725) irq_exit_rcu (kernel/softirq.c:741) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052) </IRQ> <TASK> RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) free_pcppages_bulk (mm/page_alloc.c:1494) drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632) __drain_all_pages (mm/page_alloc.c:2731) drain_all_pages (mm/page_alloc.c:2747) kcompactd (mm/compaction.c:3115) kthread (kernel/kthread.c:465) ? __cfi_kcompactd (mm/compaction.c:3166) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork (arch/x86/kernel/process.c:164) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork_asm (arch/x86/entry/entry_64.S:255) </TASK> Matthew has analyzed the report and identified that in drain_page_zone() we are in a section protected by spin_lock(&pcp->lock) and then get an interrupt that attempts spin_trylock() on the same lock. The code is designed to work this way without disabling IRQs and occasionally fail the trylock with a fallback. However, the SMP=n spinlock implementation assumes spin_trylock() will always succeed, and thus it's normally a no-op. Here the enabled lock debugging catches the problem, but otherwise it could cause a corruption of the pcp structure. The problem has been introduced by commit 574907741599 ("mm/page_alloc: leave IRQs enabled for per-cpu page allocations"). The pcp locking scheme recognizes the need for disabling IRQs to prevent nesting spin_trylock() sections on SMP=n, but the need to prevent the nesting in spin_lock() has not been recognized. Fix it by introducing local wrappers that change the spin_lock() to spin_lock_iqsave() with SMP=n and use them in all places that do spin_lock(&pcp->lock). Fixes: 574907741599 ("mm/page_alloc: leave IRQs enabled for per-cpu page allocations") Cc: stable(a)vger.kernel.org Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202512101320.e2f2dd6f-lkp@intel.com Analyzed-by: Matthew Wilcox <willy(a)infradead.org> Link: https://lore.kernel.org/all/aUW05pyc9nZkvY-1@casper.infradead.org/ Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- This fix is intentionally made self-contained and not trying to expand upon the existing pcp[u]_spin() helpers. This is to make stable backports easier due to recent cleanups to that helpers. We could follow up with a proper helpers integration going forward. However I think the assumptions SMP=n of the spinlock UP implementation are just wrong. It should be valid to do a spin_lock() without disabling irq's and rely on a nested spin_trylock() to fail. I will thus try proposing the remove the UP implementation first. It should be within the current trend of removing stuff that's optimized for a minority configuration if it makes maintainability of the majority worse. (c.f. recent scheduler SMP=n removal) --- mm/page_alloc.c | 45 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 8 deletions(-) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 822e05f1a964..ec3551d56cde 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -167,6 +167,31 @@ static inline void __pcp_trylock_noop(unsigned long *flags) { } pcp_trylock_finish(UP_flags); \ }) +/* + * With the UP spinlock implementation, when we spin_lock(&pcp->lock) (for i.e. + * a potentially remote cpu drain) and get interrupted by an operation that + * attempts pcp_spin_trylock(), we can't rely on the trylock failure due to UP + * spinlock assumptions making the trylock a no-op. So we have to turn that + * spin_lock() to a spin_lock_irqsave(). This works because on UP there are no + * remote cpu's so we can only be locking the only existing local one. + */ +#if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT_RT) +static inline void __flags_noop(unsigned long *flags) { } +#define spin_lock_maybe_irqsave(lock, flags) \ +({ \ + __flags_noop(&(flags)); \ + spin_lock(lock); \ +}) +#define spin_unlock_maybe_irqrestore(lock, flags) \ +({ \ + spin_unlock(lock); \ + __flags_noop(&(flags)); \ +}) +#else +#define spin_lock_maybe_irqsave(lock, flags) spin_lock_irqsave(lock, flags) +#define spin_unlock_maybe_irqrestore(lock, flags) spin_unlock_irqrestore(lock, flags) +#endif + #ifdef CONFIG_USE_PERCPU_NUMA_NODE_ID DEFINE_PER_CPU(int, numa_node); EXPORT_PER_CPU_SYMBOL(numa_node); @@ -2556,6 +2581,7 @@ static int rmqueue_bulk(struct zone *zone, unsigned int order, bool decay_pcp_high(struct zone *zone, struct per_cpu_pages *pcp) { int high_min, to_drain, to_drain_batched, batch; + unsigned long UP_flags; bool todo = false; high_min = READ_ONCE(pcp->high_min); @@ -2575,9 +2601,9 @@ bool decay_pcp_high(struct zone *zone, struct per_cpu_pages *pcp) to_drain = pcp->count - pcp->high; while (to_drain > 0) { to_drain_batched = min(to_drain, batch); - spin_lock(&pcp->lock); + spin_lock_maybe_irqsave(&pcp->lock, UP_flags); free_pcppages_bulk(zone, to_drain_batched, pcp, 0); - spin_unlock(&pcp->lock); + spin_unlock_maybe_irqrestore(&pcp->lock, UP_flags); todo = true; to_drain -= to_drain_batched; @@ -2594,14 +2620,15 @@ bool decay_pcp_high(struct zone *zone, struct per_cpu_pages *pcp) */ void drain_zone_pages(struct zone *zone, struct per_cpu_pages *pcp) { + unsigned long UP_flags; int to_drain, batch; batch = READ_ONCE(pcp->batch); to_drain = min(pcp->count, batch); if (to_drain > 0) { - spin_lock(&pcp->lock); + spin_lock_maybe_irqsave(&pcp->lock, UP_flags); free_pcppages_bulk(zone, to_drain, pcp, 0); - spin_unlock(&pcp->lock); + spin_unlock_maybe_irqrestore(&pcp->lock, UP_flags); } } #endif @@ -2612,10 +2639,11 @@ void drain_zone_pages(struct zone *zone, struct per_cpu_pages *pcp) static void drain_pages_zone(unsigned int cpu, struct zone *zone) { struct per_cpu_pages *pcp = per_cpu_ptr(zone->per_cpu_pageset, cpu); + unsigned long UP_flags; int count; do { - spin_lock(&pcp->lock); + spin_lock_maybe_irqsave(&pcp->lock, UP_flags); count = pcp->count; if (count) { int to_drain = min(count, @@ -2624,7 +2652,7 @@ static void drain_pages_zone(unsigned int cpu, struct zone *zone) free_pcppages_bulk(zone, to_drain, pcp, 0); count -= to_drain; } - spin_unlock(&pcp->lock); + spin_unlock_maybe_irqrestore(&pcp->lock, UP_flags); } while (count); } @@ -6109,6 +6137,7 @@ static void zone_pcp_update_cacheinfo(struct zone *zone, unsigned int cpu) { struct per_cpu_pages *pcp; struct cpu_cacheinfo *cci; + unsigned long UP_flags; pcp = per_cpu_ptr(zone->per_cpu_pageset, cpu); cci = get_cpu_cacheinfo(cpu); @@ -6119,12 +6148,12 @@ static void zone_pcp_update_cacheinfo(struct zone *zone, unsigned int cpu) * This can reduce zone lock contention without hurting * cache-hot pages sharing. */ - spin_lock(&pcp->lock); + spin_lock_maybe_irqsave(&pcp->lock, UP_flags); if ((cci->per_cpu_data_slice_size >> PAGE_SHIFT) > 3 * pcp->batch) pcp->flags |= PCPF_FREE_HIGH_BATCH; else pcp->flags &= ~PCPF_FREE_HIGH_BATCH; - spin_unlock(&pcp->lock); + spin_unlock_maybe_irqrestore(&pcp->lock, UP_flags); } void setup_pcp_cacheinfo(unsigned int cpu) --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20260105-fix-pcp-up-3c88c09752ec Best regards, -- Vlastimil Babka <vbabka(a)suse.cz>

4 days, 8 hours

[PATCH v2] drm/xe: Adjust page count tracepoints in shrinker

by Matthew Brost

Page accounting can change via the shrinker without calling xe_ttm_tt_unpopulate(), which normally updates page count tracepoints through update_global_total_pages. Add a call to update_global_total_pages when the shrinker successfully shrinks a BO. v2: - Don't adjust global accounting when pinning (Stuart) Cc: stable(a)vger.kernel.org Fixes: ce3d39fae3d3 ("drm/xe/bo: add GPU memory trace points") Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_bo.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 8b6474cd3eaf..6ab52fa397e3 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -1054,6 +1054,7 @@ static long xe_bo_shrink_purge(struct ttm_operation_ctx *ctx, unsigned long *scanned) { struct xe_device *xe = ttm_to_xe_device(bo->bdev); + struct ttm_tt *tt = bo->ttm; long lret; /* Fake move to system, without copying data. */ @@ -1078,8 +1079,10 @@ static long xe_bo_shrink_purge(struct ttm_operation_ctx *ctx, .writeback = false, .allow_move = false}); - if (lret > 0) + if (lret > 0) { xe_ttm_tt_account_subtract(xe, bo->ttm); + update_global_total_pages(bo->bdev, -(long)tt->num_pages); + } return lret; } @@ -1165,8 +1168,10 @@ long xe_bo_shrink(struct ttm_operation_ctx *ctx, struct ttm_buffer_object *bo, if (needs_rpm) xe_pm_runtime_put(xe); - if (lret > 0) + if (lret > 0) { xe_ttm_tt_account_subtract(xe, tt); + update_global_total_pages(bo->bdev, -(long)tt->num_pages); + } out_unref: xe_bo_put(xe_bo); -- 2.34.1

4 days, 8 hours

[PATCH v2 6/6] ceph: Fix write storm on fscrypted files

by Sam Edwards

CephFS stores file data across multiple RADOS objects. An object is the atomic unit of storage, so the writeback code must clean only folios that belong to the same object with each OSD request. CephFS also supports RAID0-style striping of file contents: if enabled, each object stores multiple unbroken "stripe units" covering different portions of the file; if disabled, a "stripe unit" is simply the whole object. The stripe unit is (usually) reported as the inode's block size. Though the writeback logic could, in principle, lock all dirty folios belonging to the same object, its current design is to lock only a single stripe unit at a time. Ever since this code was first written, it has determined this size by checking the inode's block size. However, the relatively-new fscrypt support needed to reduce the block size for encrypted inodes to the crypto block size (see 'fixes' commit), which causes an unnecessarily high number of write operations (~1024x as many, with 4MiB objects) and correspondingly degraded performance. Fix this (and clarify intent) by using i_layout.stripe_unit directly in ceph_define_write_size() so that encrypted inodes are written back with the same number of operations as if they were unencrypted. Fixes: 94af0470924c ("ceph: add some fscrypt guardrails") Cc: stable(a)vger.kernel.org Signed-off-by: Sam Edwards <CFSworks(a)gmail.com> --- fs/ceph/addr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index f2db05b51a3b..b97a6120d4b9 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -1000,7 +1000,8 @@ unsigned int ceph_define_write_size(struct address_space *mapping) { struct inode *inode = mapping->host; struct ceph_fs_client *fsc = ceph_inode_to_fs_client(inode); - unsigned int wsize = i_blocksize(inode); + struct ceph_inode_info *ci = ceph_inode(inode); + unsigned int wsize = ci->i_layout.stripe_unit; if (fsc->mount_options->wsize < wsize) wsize = fsc->mount_options->wsize; -- 2.51.2

4 days, 8 hours

[PATCH v2 3/6] ceph: Free page array when ceph_submit_write fails

by Sam Edwards

If `locked_pages` is zero, the page array must not be allocated: ceph_process_folio_batch() uses `locked_pages` to decide when to allocate `pages`, and redundant allocations trigger ceph_allocate_page_array()'s BUG_ON(), resulting in a worker oops (and writeback stall) or even a kernel panic. Consequently, the main loop in ceph_writepages_start() assumes that the lifetime of `pages` is confined to a single iteration. The ceph_submit_write() function claims ownership of the page array on success. But failures only redirty/unlock the pages and fail to free the array, making the failure case in ceph_submit_write() fatal. Free the page array (and reset locked_pages) in ceph_submit_write()'s error-handling 'if' block so that the caller's invariant (that the array does not outlive the iteration) is maintained unconditionally, making failures in ceph_submit_write() recoverable as originally intended. Fixes: 1551ec61dc55 ("ceph: introduce ceph_submit_write() method") Cc: stable(a)vger.kernel.org Signed-off-by: Sam Edwards <CFSworks(a)gmail.com> --- fs/ceph/addr.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 2b722916fb9b..467aa7242b49 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -1466,6 +1466,14 @@ int ceph_submit_write(struct address_space *mapping, unlock_page(page); } + if (ceph_wbc->from_pool) { + mempool_free(ceph_wbc->pages, ceph_wb_pagevec_pool); + ceph_wbc->from_pool = false; + } else + kfree(ceph_wbc->pages); + ceph_wbc->pages = NULL; + ceph_wbc->locked_pages = 0; + ceph_osdc_put_request(req); return -EIO; } -- 2.51.2

4 days, 8 hours

[PATCH] drm/xe: Tie page count tracepoints to TTM accounting functions

by Matthew Brost

Page accounting can change via the shrinker without calling xe_ttm_tt_unpopulate(), but those paths already update accounting through the xe_ttm_tt_account_*() helpers. Move the page count tracepoints into xe_ttm_tt_account_add() and xe_ttm_tt_account_subtract() so accounting updates are recorded consistently, regardless of whether pages are populated, unpopulated, or reclaimed via the shrinker. This avoids missing page count updates and keeps global accounting balanced across all TT lifecycle paths. Cc: stable(a)vger.kernel.org Fixes: ce3d39fae3d3 ("drm/xe/bo: add GPU memory trace points") Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_bo.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 8b6474cd3eaf..33afaee38f48 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -432,6 +432,9 @@ struct sg_table *xe_bo_sg(struct xe_bo *bo) return xe_tt->sg; } +static void update_global_total_pages(struct ttm_device *ttm_dev, + long num_pages); + /* * Account ttm pages against the device shrinker's shrinkable and * purgeable counts. @@ -440,6 +443,7 @@ static void xe_ttm_tt_account_add(struct xe_device *xe, struct ttm_tt *tt) { struct xe_ttm_tt *xe_tt = container_of(tt, struct xe_ttm_tt, ttm); + update_global_total_pages(&xe->ttm, tt->num_pages); if (xe_tt->purgeable) xe_shrinker_mod_pages(xe->mem.shrinker, 0, tt->num_pages); else @@ -450,6 +454,7 @@ static void xe_ttm_tt_account_subtract(struct xe_device *xe, struct ttm_tt *tt) { struct xe_ttm_tt *xe_tt = container_of(tt, struct xe_ttm_tt, ttm); + update_global_total_pages(&xe->ttm, -(long)tt->num_pages); if (xe_tt->purgeable) xe_shrinker_mod_pages(xe->mem.shrinker, 0, -(long)tt->num_pages); else @@ -575,7 +580,6 @@ static int xe_ttm_tt_populate(struct ttm_device *ttm_dev, struct ttm_tt *tt, xe_tt->purgeable = false; xe_ttm_tt_account_add(ttm_to_xe_device(ttm_dev), tt); - update_global_total_pages(ttm_dev, tt->num_pages); return 0; } @@ -592,7 +596,6 @@ static void xe_ttm_tt_unpopulate(struct ttm_device *ttm_dev, struct ttm_tt *tt) ttm_pool_free(&ttm_dev->pool, tt); xe_ttm_tt_account_subtract(xe, tt); - update_global_total_pages(ttm_dev, -(long)tt->num_pages); } static void xe_ttm_tt_destroy(struct ttm_device *ttm_dev, struct ttm_tt *tt) -- 2.34.1

4 days, 9 hours

Bounce probe for stable@vger.kernel.org (no action required)

by stable+owner＠vger.kernel.org

Greetings! This is the mlmmj program managing the <stable(a)vger.kernel.org> mailing list. Your mail host rejected some of the messages we tried to deliver. This usually happens if we have accepted a spam message, but your mail server refused to take it from us (because it's spam). This automated probe is just a test to make sure that there are no other problems with mail delivery to your account. No action is required on your part -- if you are seeing this message, that means everything is normal. (In fact, you can add "Subject: Bounce probe" to your filters to avoid seeing this message in the future.) For internal tracking purposes, here is the list of bounced messages: - 206207

4 days, 9 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror