- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.59 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4 arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4 arch/arm/crypto/Kconfig | 2 arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 arch/arm64/boot/dts/rockchip/rk3588-opp.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 2 arch/arm64/kernel/probes/kprobes.c | 5 arch/loongarch/include/asm/hw_breakpoint.h | 4 arch/loongarch/include/asm/pgtable.h | 11 arch/loongarch/kernel/traps.c | 4 arch/loongarch/kvm/timer.c | 2 arch/loongarch/kvm/vcpu.c | 5 arch/riscv/Makefile | 2 arch/riscv/kernel/cpu-hotplug.c | 1 arch/riscv/kernel/setup.c | 7 arch/x86/kernel/acpi/cppc.c | 2 arch/x86/kernel/cpu/microcode/amd.c | 1 arch/x86/kvm/svm/svm.c | 4 arch/x86/kvm/vmx/common.h | 34 arch/x86/kvm/vmx/vmx.c | 25 drivers/acpi/cppc_acpi.c | 6 drivers/acpi/numa/hmat.c | 46 drivers/acpi/numa/srat.c | 2 drivers/bluetooth/btusb.c | 13 drivers/crypto/hisilicon/qm.c | 2 drivers/edac/altera_edac.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 12 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 drivers/gpu/drm/i915/i915_vma.c | 16 drivers/gpu/drm/mediatek/mtk_crtc.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/gpu/drm/xe/xe_device.c | 14 drivers/gpu/drm/xe/xe_guc_ct.c | 3 drivers/hid/hid-ids.h | 4 drivers/hid/hid-logitech-hidpp.c | 21 drivers/hid/hid-nintendo.c | 2 drivers/hid/hid-ntrig.c | 7 drivers/hid/hid-playstation.c | 2 drivers/hid/hid-quirks.c | 2 drivers/hid/hid-uclogic-params.c | 4 drivers/iommu/iommufd/io_pagetable.c | 12 drivers/iommu/iommufd/ioas.c | 4 drivers/irqchip/irq-riscv-intc.c | 3 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 drivers/mmc/host/dw_mmc-rockchip.c | 4 drivers/mmc/host/sdhci-of-dwcmshc.c | 2 drivers/mtd/nand/onenand/onenand_samsung.c | 2 drivers/net/dsa/sja1105/sja1105_static_config.c | 6 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33 drivers/net/ethernet/ti/am65-cpsw-qos.c | 51 drivers/net/phy/mdio_bus.c | 5 drivers/net/phy/micrel.c | 515 ++++++---- drivers/net/virtio_net.c | 16 drivers/net/wireless/ath/ath11k/pci.c | 2 drivers/net/wireless/ath/ath11k/wmi.c | 3 drivers/pmdomain/arm/scmi_pm_domain.c | 13 drivers/pmdomain/imx/gpc.c | 2 drivers/pmdomain/samsung/exynos-pm-domains.c | 11 drivers/regulator/fixed.c | 1 drivers/spi/spi.c | 10 drivers/uio/uio_hv_generic.c | 32 fs/btrfs/inode.c | 4 fs/btrfs/scrub.c | 2 fs/btrfs/tree-log.c | 2 fs/btrfs/zoned.c | 4 fs/erofs/decompressor_zstd.c | 11 fs/exfat/namei.c | 6 fs/ext4/inode.c | 5 fs/ext4/xattr.c | 32 fs/ext4/xattr.h | 10 fs/f2fs/compress.c | 2 fs/fuse/virtio_fs.c | 2 fs/hostfs/hostfs_kern.c | 29 fs/namespace.c | 32 fs/nfs/dir.c | 23 fs/nfs/inode.c | 18 fs/nfs/nfs3client.c | 14 fs/nfs/nfs4client.c | 15 fs/nfs/nfs4proc.c | 22 fs/nfs/pnfs_nfs.c | 34 fs/nfs/sysfs.c | 1 fs/nfs/write.c | 3 fs/nfsd/nfs4state.c | 3 fs/nfsd/nfs4xdr.c | 3 fs/nfsd/nfsd.h | 1 fs/nfsd/nfsfh.c | 6 fs/nilfs2/segment.c | 7 fs/proc/base.c | 12 fs/proc/generic.c | 12 fs/proc/task_mmu.c | 8 fs/proc/task_nommu.c | 4 fs/smb/client/fs_context.c | 2 fs/smb/client/smb2inode.c | 2 fs/smb/client/transport.c | 2 fs/smb/server/smb2pdu.c | 2 fs/smb/server/transport_tcp.c | 5 include/linux/compiler_types.h | 5 include/linux/filter.h | 20 include/linux/huge_mm.h | 21 include/linux/kvm_host.h | 7 include/linux/map_benchmark.h | 1 include/linux/netpoll.h | 1 include/linux/nfs_xdr.h | 1 include/net/bluetooth/mgmt.h | 2 include/net/cfg80211.h | 78 + include/net/tc_act/tc_connmark.h | 1 include/uapi/linux/mount.h | 2 io_uring/napi.c | 19 kernel/bpf/trampoline.c | 5 kernel/bpf/verifier.c | 6 kernel/crash_core.c | 2 kernel/gcov/gcc_4_7.c | 4 kernel/power/swap.c | 17 kernel/sched/ext.c | 4 kernel/trace/ftrace.c | 20 mm/filemap.c | 20 mm/huge_memory.c | 32 mm/ksm.c | 113 ++ mm/memory.c | 23 mm/mm_init.c | 2 mm/percpu.c | 8 mm/secretmem.c | 2 mm/shmem.c | 9 mm/slub.c | 6 mm/truncate.c | 27 net/bluetooth/6lowpan.c | 97 + net/bluetooth/l2cap_core.c | 1 net/bluetooth/mgmt.c | 260 +++-- net/bluetooth/mgmt_util.c | 46 net/bluetooth/mgmt_util.h | 3 net/core/netpoll.c | 56 - net/handshake/tlshd.c | 1 net/hsr/hsr_device.c | 3 net/ipv4/route.c | 5 net/mac80211/chan.c | 2 net/mac80211/ieee80211_i.h | 4 net/mac80211/iface.c | 14 net/mac80211/link.c | 4 net/mac80211/mlme.c | 18 net/mac80211/rx.c | 10 net/mptcp/protocol.c | 36 net/netfilter/nf_tables_api.c | 66 - net/sched/act_bpf.c | 6 net/sched/act_connmark.c | 30 net/sched/act_ife.c | 12 net/sched/cls_bpf.c | 6 net/sched/sch_generic.c | 17 net/sctp/transport.c | 13 net/smc/smc_clc.c | 1 net/strparser/strparser.c | 2 net/tipc/net.c | 2 net/unix/garbage.c | 14 net/wireless/core.c | 56 + net/wireless/trace.h | 21 rust/Makefile | 16 sound/pci/hda/hda_component.c | 4 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/lpass-va-macro.c | 2 sound/soc/codecs/max98090.c | 6 sound/soc/codecs/tas2781-i2c.c | 9 sound/usb/endpoint.c | 5 sound/usb/mixer.c | 2 tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 4 tools/testing/selftests/iommu/iommufd.c | 2 tools/testing/selftests/net/forwarding/local_termination.sh | 2 tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 90 - tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21 tools/testing/selftests/user_events/perf_test.c | 2 virt/kvm/guest_memfd.c | 89 + 182 files changed, 2089 insertions(+), 907 deletions(-) Abdun Nihaal (3): HID: playstation: Fix memory leak in dualshock4_get_calibration_data() HID: uclogic: Fix potential memory leak in error path isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Aksh Garg (2): net: ethernet: ti: am65-cpsw-qos: fix IET verify/response timeout net: ethernet: ti: am65-cpsw-qos: fix IET verify retry mechanism Al Viro (1): simplify nfs_atomic_open_v23() Alexander Sverdlin (1): selftests: net: local_termination: Wait for interfaces to come up Alok Tiwari (1): virtio-fs: fix incorrect check for fsvq->kobj Anand Moon (1): arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 Andrei Vagin (1): fs/namespace: correctly handle errors returned by grab_requested_mnt_ns André Draszik (1): pmdomain: samsung: plug potential memleak during probe Ankit Khushwaha (1): selftests/user_events: fix type cast for write_index packed member in perf_test Balasubramani Vivekanandan (1): drm/xe/guc: Synchronize Dead CT worker with unbind Benjamin Berg (3): wifi: mac80211: skip rate verification for not captured PSDUs wifi: cfg80211: add an hrtimer based delayed work item wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work Bibo Mao (2): LoongArch: KVM: Restore guest PMU if it is enabled LoongArch: KVM: Add delay until timer interrupt injected Borislav Petkov (AMD) (1): x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev Breno Leitao (3): net: netpoll: Individualize the skb pool net: netpoll: flush skb pool during cleanup net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Chao Yu (1): f2fs: fix to avoid overflow while left shift operation Christian König (2): drm/amdgpu: remove two invalid BUG_ON()s drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Chuck Lever (1): NFSD: Skip close replay processing if XDR encoding fails D. Wythe (1): net/smc: fix mismatch between CLC header and proposal Dai Ngo (1): NFS: Fix LTP test failures when timestamps are delegated Dan Carpenter (1): mtd: onenand: Pass correct pointer to IRQ handler Danil Skrebenkov (1): RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Dave Jiang (1): acpi/hmat: Fix lockdep warning for hmem_register_resource() Denis Arefev (1): ALSA: hda: Fix missing pointer check in hda_component_manager_init function Dragan Simic (1): arm64: dts: rockchip: Make RK3588 GPU OPP table naming less generic Eduard Zingerman (1): bpf: account for current allocated stack depth in widen_imprecise_scalars() Edward Adam Davis (2): nilfs2: avoid having an active sc_timer before freeing sci cifs: client: fix memory leak in smb3_fs_context_parse_param Eric Biggers (1): lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Eric Dumazet (4): sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: act_connmark: use RCU in tcf_connmark_dump() net_sched: limit try_bulk_dequeue_skb() batches bpf: Add bpf_prog_run_data_pointers() Felix Maurer (1): hsr: Fix supervision frame sending on HSRv0 Feng Jiang (1): riscv: Build loader.bin exclusively for Canaan K210 Filipe Manana (1): btrfs: do not update last_log_commit when logging inode due to a new name Gal Pressman (3): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps net/mlx5e: Fix potentially misleading debug message Gao Xiang (1): erofs: avoid infinite loop due to incomplete zstd-compressed data Gautham R. Shenoy (4): ACPI: CPPC: Detect preferred core availability on online CPUs ACPI: CPPC: Check _CPC validity for only the online CPUs ACPI: CPPC: Perform fast check switch only for online CPUs ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Greg Kroah-Hartman (1): Linux 6.12.59 Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Han Gao (1): riscv: acpi: avoid errors caused by probing DT devices when ACPI is used Hans de Goede (1): spi: Try to get ACPI GPIO IRQ earlier Hao Ge (1): codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext Haotian Zhang (3): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure ASoC: codecs: va-macro: fix resource leak in probe error path Henrique Carvalho (1): smb: client: fix cifs_pick_channel when channel needs reconnect Hongbo Li (1): hostfs: Fix only passing host root in boot stage with new mount Horatiu Vultur (4): net: phy: micrel: Introduce lanphy_modify_page_reg net: phy: micrel: Replace hardcoded pages with defines net: phy: micrel: lan8814 fix reset of the QSGMII interface net: phy: micrel: Fix lan8814_config_init Huacai Chen (2): LoongArch: Use correct accessor to read FWPC/MWPC LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Isaac J. Manjarres (1): mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jaehun Gou (1): exfat: fix improper check of dentry.stream.valid_size Janusz Krzysztofik (1): drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jason Gunthorpe (1): iommufd: Make vfio_compat's unmap succeed if the range is already empty Jason-JH Lin (1): drm/mediatek: Add pm_runtime support for GCE power control Jesse.Zhang (1): drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Jialin Wang (1): proc: proc_maps_open allow proc_mem_open to return NULL Jihed Chaibi (1): ARM: dts: imx51-zii-rdu1: Fix audmux node names Johannes Berg (1): wifi: mac80211: reject address change while connecting John Sperbeck (1): net: netpoll: ensure skb_pool list is always initialized Jonathan Kim (1): drm/amdkfd: relax checks for over allocation of save area Joshua Rogers (1): ksmbd: close accepted socket when per-IP limit rejects connection Joshua Watt (2): NFS4: Fix state renewals missing after boot NFS4: Apply delay_retrans to async operations Jouni Högander (1): drm/xe: Do clean shutdown also when using flr Kairui Song (1): mm/shmem: fix THP allocation and fallback loop Kiryl Shutsemau (2): mm/memory: do not populate page table entries beyond i_size mm/truncate: unmap large folio on split failure Kuniyuki Iwashima (2): tipc: Fix use-after-free in tipc_mon_reinit_self(). af_unix: Initialise scc_index in unix_add_edge(). Lance Yang (1): mm/secretmem: fix use-after-free race in fault handler Long Li (1): uio_hv_generic: Set event for all channels on the device Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix possible UAFs Manivannan Sadhasivam (1): wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path Mario Limonciello (1): drm/amd: Fix suspend failure with secure display TA Mario Limonciello (AMD) (2): PM: hibernate: Emit an error when image writing fails PM: hibernate: Use atomic64_t for compressed_size variable Masami Ichikawa (1): HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Matthieu Baerts (NGI0) (6): selftests: mptcp: connect: fix fallback note due to OoO selftests: mptcp: join: rm: set backup flag selftests: mptcp: join: endpoints: longer transfer selftests: mptcp: connect: trunc: read all recv data selftests: mptcp: join: userspace: longer transfer selftests: mptcp: join: properly kill background tasks Miaoqian Lin (2): crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value pmdomain: imx: Fix reference count leak in imx_gpc_remove Michal Hocko (1): mm, percpu: do not consider sleepable allocations atomic Miguel Ojeda (2): rust: kbuild: treat `build_error` and `rustdoc` as kernel objects rust: kbuild: workaround `rustdoc` doctests modifier bug Naohiro Aota (1): btrfs: zoned: fix conventional zone capacity calculation Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug NeilBrown (1): nfsd: fix refcount leak in nfsd_set_fh_dentry() Nick Hu (1): irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops Nicolas Escande (1): wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Niravkumar L Rabara (2): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Oleg Makarenko (1): HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel Olga Kornievskaia (2): nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes NFSD: free copynotify stateid in nfs4_free_ol_stateid() Olivier Langlois (1): io_uring/napi: fix io_napi_entry RCU accesses Pablo Neira Ayuso (2): Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" netfilter: nf_tables: reject duplicate device on updates Paolo Abeni (1): mptcp: fix MSG_PEEK stream corruption Pauli Virtanen (6): Bluetooth: MGMT: cancel mesh send timer when hdev removed Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete Pedro Demarchi Gomes (1): ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Penglei Jiang (1): proc: fix the issue of proc_mem_open returning NULL Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Qinxin Xia (1): dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Rafał Miłecki (1): ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY Ranganath V N (2): net: sched: act_connmark: initialize struct tc_ife to fix kernel leak net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Raphael Pinsonneault-Thibeault (1): Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Scott Mayhew (1): NFS: check if suid/sgid was cleared after a write as needed Sean Christopherson (3): KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying KVM: VMX: Split out guts of EPT violation to common/exposed function Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shawn Lin (2): mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 mmc: dw_mmc-rockchip: Fix wrong internal phase calculate Shenghao Ding (1): ASoC: tas2781: fix getting the wrong device number Shuai Xue (1): acpi,srat: Fix incorrect device handle check for Generic Initiator Shuhao Fu (1): smb: client: fix refcount leak in smb2_set_path_attr Song Liu (1): ftrace: Fix BPF fexit with livepatch Sourabh Jain (1): crash: fix crashkernel resource shrink Steven Rostedt (1): selftests/tracing: Run sample events to clear page cache events Stuart Hayhurst (1): HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Sukrit Bhatnagar (1): KVM: VMX: Fix check for valid GVA on an EPT violation Takashi Iwai (1): ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Tejas Upadhyay (1): drm/xe: Move declarations under conditional branch Tianyang Zhang (1): LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Timur Kristóf (1): drm/amd/pm: Disable MCLK switching on SI at high pixel clocks Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Trond Myklebust (4): pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS NFSv2/v3: Fix error handling in nfs_atomic_open_v23() NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Umesh Nerlige Ramappa (1): drm/i915: Fix conversion between clock ticks and nanoseconds Vicki Pfau (1): HID: nintendo: Wait longer for initial probe Vitaly Prosyak (1): drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces Vladimir Oltean (1): net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() Xi Ruoyao (1): rust: Add -fno-isolate-erroneous-paths-dereference to bindgen_skip_c_flags Xuan Zhuo (1): virtio-net: fix incorrect flags recording in big mode Yan Zhao (1): KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file Yang Shi (1): arm64: kprobes: check the return value of set_memory_rox() Yang Xiuwei (1): NFS: sysfs: fix leak when nfs_client kobject add fails Ye Bin (2): ext4: introduce ITAIL helper ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() Yosry Ahmed (1): KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated ZhangGuoDong (2): smb/server: fix possible memory leak in smb2_read() smb/server: fix possible refcount leak in smb2_sess_setup() Zi Yan (2): mm/huge_memory: do not change split_huge_page*() target order silently mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order Zilin Guan (3): net/handshake: Fix memory leak in tls_handshake_accept() btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() btrfs: release root after error in data_reloc_print_warning_inode() Zqiang (1): sched_ext: Fix unsafe locking in the scx_dump_state()

3 days, 1 hour

1
1
0 0

Linux 6.6.117

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.117 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/cgroup-v2.rst | 9 MAINTAINERS | 1 Makefile | 2 arch/arc/include/asm/bitops.h | 2 arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4 arch/arm/boot/dts/nvidia/tegra20-asus-tf101.dts | 5 arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4 arch/arm/crypto/Kconfig | 2 arch/arm/mach-at91/pm_suspend.S | 8 arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 arch/arm64/boot/dts/xilinx/zynqmp-zcu106-revA.dts | 4 arch/loongarch/include/asm/hw_breakpoint.h | 4 arch/loongarch/include/asm/pgtable.h | 11 arch/loongarch/kernel/traps.c | 4 arch/mips/boot/dts/lantiq/danube.dtsi | 6 arch/mips/boot/dts/lantiq/danube_easy50712.dts | 4 arch/mips/lantiq/xway/sysctrl.c | 2 arch/powerpc/kernel/eeh_driver.c | 2 arch/riscv/kernel/cpu-hotplug.c | 1 arch/riscv/kernel/entry.S | 18 arch/riscv/kernel/setup.c | 7 arch/riscv/kernel/stacktrace.c | 27 arch/riscv/mm/ptdump.c | 2 arch/riscv/net/bpf_jit_comp64.c | 5 arch/s390/Kconfig | 1 arch/s390/include/asm/pci.h | 1 arch/s390/pci/pci_event.c | 7 arch/s390/pci/pci_irq.c | 9 arch/sparc/include/asm/elf_64.h | 1 arch/sparc/include/asm/io_64.h | 6 arch/sparc/kernel/module.c | 1 arch/um/drivers/ssl.c | 5 arch/x86/entry/vsyscall/vsyscall_64.c | 17 arch/x86/kernel/cpu/microcode/amd.c | 3 arch/x86/kernel/fpu/core.c | 3 arch/x86/kernel/kvm.c | 20 arch/x86/kvm/svm/svm.c | 4 arch/x86/net/bpf_jit_comp.c | 2 block/blk-cgroup.c | 23 drivers/accel/habanalabs/common/memory.c | 2 drivers/accel/habanalabs/gaudi/gaudi.c | 19 drivers/accel/habanalabs/gaudi2/gaudi2.c | 15 drivers/accel/habanalabs/gaudi2/gaudi2_coresight.c | 2 drivers/acpi/acpi_video.c | 4 drivers/acpi/acpica/dsmethod.c | 10 drivers/acpi/button.c | 4 drivers/acpi/cppc_acpi.c | 6 drivers/acpi/numa/hmat.c | 322 +++++-- drivers/acpi/numa/srat.c | 2 drivers/acpi/prmt.c | 19 drivers/acpi/property.c | 24 drivers/acpi/scan.c | 2 drivers/base/node.c | 18 drivers/base/regmap/regmap-slimbus.c | 6 drivers/bluetooth/btmtksdio.c | 12 drivers/bluetooth/btrtl.c | 4 drivers/bluetooth/btusb.c | 30 drivers/bluetooth/hci_bcsp.c | 3 drivers/char/misc.c | 40 drivers/clk/at91/clk-master.c | 3 drivers/clk/at91/clk-sam9x60-pll.c | 75 - drivers/clk/sunxi-ng/ccu-sun6i-rtc.c | 11 drivers/clk/ti/clk-33xx.c | 2 drivers/clocksource/timer-vf-pit.c | 22 drivers/cpufreq/longhaul.c | 3 drivers/cpufreq/tegra186-cpufreq.c | 27 drivers/cpuidle/cpuidle.c | 8 drivers/cpuidle/governors/menu.c | 73 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 1 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 5 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 2 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-prng.c | 1 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c | 1 drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/aspeed/aspeed-acry.c | 8 drivers/crypto/caam/ctrl.c | 4 drivers/crypto/hisilicon/qm.c | 2 drivers/crypto/intel/qat/qat_common/qat_uclo.c | 2 drivers/dma/dw-edma/dw-edma-core.c | 22 drivers/dma/mv_xor.c | 4 drivers/dma/sh/shdma-base.c | 25 drivers/dma/sh/shdmac.c | 17 drivers/edac/altera_edac.c | 22 drivers/extcon/extcon-adc-jack.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 66 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 19 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 10 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 23 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c | 16 drivers/gpu/drm/amd/display/dc/core/dc.c | 19 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 14 drivers/gpu/drm/amd/display/dc/dc_helper.c | 5 drivers/gpu/drm/amd/display/dc/dc_stream.h | 3 drivers/gpu/drm/amd/display/dc/dm_services.h | 2 drivers/gpu/drm/amd/display/dc/dml/dcn301/dcn301_fpu.c | 20 drivers/gpu/drm/amd/display/dc/link/link_detection.c | 5 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c | 9 drivers/gpu/drm/amd/display/include/dal_asic_id.h | 5 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 drivers/gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 12 drivers/gpu/drm/bridge/display-connector.c | 3 drivers/gpu/drm/drm_gem_atomic_helper.c | 6 drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 drivers/gpu/drm/i915/i915_vma.c | 16 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 10 drivers/gpu/drm/mediatek/mtk_drm_plane.c | 24 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 drivers/gpu/drm/scheduler/sched_entity.c | 37 drivers/gpu/drm/tidss/tidss_crtc.c | 7 drivers/gpu/drm/tidss/tidss_dispc.c | 16 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/hid/hid-asus.c | 6 drivers/hid/hid-ids.h | 6 drivers/hid/hid-ntrig.c | 7 drivers/hid/hid-quirks.c | 2 drivers/hid/hid-uclogic-params.c | 4 drivers/hid/i2c-hid/i2c-hid-acpi.c | 8 drivers/hid/i2c-hid/i2c-hid-core.c | 28 drivers/hid/i2c-hid/i2c-hid.h | 2 drivers/hwmon/asus-ec-sensors.c | 2 drivers/hwmon/dell-smm-hwmon.c | 7 drivers/hwmon/k10temp.c | 10 drivers/hwmon/sbtsi_temp.c | 46 - drivers/hwmon/sy7636a-hwmon.c | 1 drivers/iio/adc/imx93_adc.c | 18 drivers/iio/adc/spear_adc.c | 9 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 drivers/infiniband/hw/hns/hns_roce_qp.c | 2 drivers/infiniband/hw/irdma/pble.c | 2 drivers/infiniband/hw/irdma/verbs.c | 4 drivers/infiniband/hw/irdma/verbs.h | 8 drivers/iommu/amd/init.c | 28 drivers/iommu/apple-dart.c | 5 drivers/iommu/intel/debugfs.c | 10 drivers/iommu/intel/perf.c | 10 drivers/iommu/intel/perf.h | 5 drivers/iommu/iommufd/io_pagetable.c | 12 drivers/iommu/iommufd/ioas.c | 4 drivers/irqchip/irq-gic-v2m.c | 13 drivers/irqchip/irq-loongson-pch-lpc.c | 9 drivers/irqchip/irq-riscv-intc.c | 3 drivers/irqchip/irq-sifive-plic.c | 6 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 drivers/media/i2c/Kconfig | 2 drivers/media/i2c/adv7180.c | 48 - drivers/media/i2c/ir-kbd-i2c.c | 6 drivers/media/i2c/og01a1b.c | 6 drivers/media/i2c/ov08x40.c | 2 drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 drivers/media/pci/ivtv/ivtv-driver.h | 3 drivers/media/pci/ivtv/ivtv-fileops.c | 18 drivers/media/pci/ivtv/ivtv-irq.c | 4 drivers/media/platform/amphion/vpu_v4l2.c | 7 drivers/media/platform/verisilicon/hantro_drv.c | 2 drivers/media/platform/verisilicon/hantro_v4l2.c | 6 drivers/media/rc/imon.c | 61 - drivers/media/rc/redrat3.c | 2 drivers/media/tuners/xc4000.c | 8 drivers/media/tuners/xc5000.c | 12 drivers/media/usb/uvc/uvc_driver.c | 15 drivers/memstick/core/memstick.c | 8 drivers/mfd/da9063-i2c.c | 27 drivers/mfd/madera-core.c | 4 drivers/mfd/stmpe-i2c.c | 1 drivers/mfd/stmpe.c | 3 drivers/mmc/host/renesas_sdhi_core.c | 6 drivers/mmc/host/sdhci-msm.c | 15 drivers/mmc/host/sdhci-of-dwcmshc.c | 2 drivers/mtd/nand/onenand/onenand_samsung.c | 2 drivers/net/dsa/b53/b53_common.c | 15 drivers/net/dsa/b53/b53_regs.h | 3 drivers/net/dsa/dsa_loop.c | 9 drivers/net/dsa/microchip/ksz9477.c | 98 +- drivers/net/dsa/microchip/ksz9477_reg.h | 3 drivers/net/dsa/microchip/ksz_common.c | 4 drivers/net/dsa/microchip/ksz_common.h | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 drivers/net/ethernet/cadence/macb_main.c | 4 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 drivers/net/ethernet/intel/ice/ice_main.c | 2 drivers/net/ethernet/intel/ice/ice_trace.h | 10 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 10 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 12 drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c | 18 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 2 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 4 drivers/net/ethernet/microchip/lan966x/lan966x_vcap_impl.c | 8 drivers/net/ethernet/microchip/sparx5/Kconfig | 2 drivers/net/ethernet/realtek/Kconfig | 2 drivers/net/ethernet/realtek/r8169_main.c | 6 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/sfc/mae.c | 4 drivers/net/ethernet/smsc/smsc911x.c | 14 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 23 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 3 drivers/net/ethernet/wangxun/libwx/wx_type.h | 4 drivers/net/hamradio/6pack.c | 57 - drivers/net/ipvlan/ipvlan_l3s.c | 1 drivers/net/mdio/of_mdio.c | 1 drivers/net/phy/dp83867.c | 8 drivers/net/phy/fixed_phy.c | 1 drivers/net/phy/marvell.c | 39 drivers/net/phy/mdio_bus.c | 5 drivers/net/phy/phy.c | 13 drivers/net/usb/asix_devices.c | 12 drivers/net/usb/qmi_wwan.c | 6 drivers/net/usb/usbnet.c | 2 drivers/net/virtio_net.c | 41 drivers/net/wireless/ath/ath10k/mac.c | 12 drivers/net/wireless/ath/ath10k/wmi.c | 40 drivers/net/wireless/ath/ath11k/core.c | 54 + drivers/net/wireless/ath/ath11k/wmi.c | 3 drivers/net/wireless/ath/ath12k/dp.h | 2 drivers/net/wireless/ath/ath12k/mac.c | 34 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 1 drivers/net/wireless/realtek/rtw88/sdio.c | 4 drivers/net/wireless/virtual/mac80211_hwsim.c | 7 drivers/ntb/hw/epf/ntb_hw_epf.c | 103 +- drivers/nvme/host/core.c | 8 drivers/nvme/host/fc.c | 10 drivers/nvme/target/fc.c | 16 drivers/pci/controller/cadence/pcie-cadence-host.c | 2 drivers/pci/controller/cadence/pcie-cadence.c | 4 drivers/pci/controller/cadence/pcie-cadence.h | 6 drivers/pci/controller/dwc/pcie-designware.c | 4 drivers/pci/p2pdma.c | 2 drivers/pci/pci-driver.c | 2 drivers/pci/pci.c | 5 drivers/pci/quirks.c | 3 drivers/phy/cadence/cdns-dphy.c | 4 drivers/phy/renesas/r8a779f0-ether-serdes.c | 28 drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 drivers/pinctrl/pinctrl-keembay.c | 7 drivers/pinctrl/pinctrl-single.c | 4 drivers/pmdomain/apple/pmgr-pwrstate.c | 1 drivers/pmdomain/samsung/exynos-pm-domains.c | 11 drivers/power/supply/qcom_battmgr.c | 8 drivers/power/supply/sbs-charger.c | 16 drivers/ptp/ptp_clock.c | 13 drivers/regulator/fixed.c | 1 drivers/remoteproc/qcom_q6v5.c | 5 drivers/remoteproc/wkup_m3_rproc.c | 6 drivers/rtc/rtc-pcf2127.c | 19 drivers/rtc/rtc-rx8025.c | 2 drivers/scsi/libfc/fc_encode.h | 2 drivers/scsi/lpfc/lpfc_debugfs.h | 3 drivers/scsi/lpfc/lpfc_els.c | 6 drivers/scsi/lpfc/lpfc_init.c | 7 drivers/scsi/lpfc/lpfc_scsi.c | 14 drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 drivers/scsi/mpt3sas/mpt3sas_transport.c | 3 drivers/scsi/pm8001/pm8001_ctl.c | 24 drivers/scsi/pm8001/pm8001_init.c | 1 drivers/scsi/pm8001/pm8001_sas.h | 4 drivers/soc/aspeed/aspeed-socinfo.c | 4 drivers/soc/qcom/smem.c | 2 drivers/soc/tegra/fuse/fuse-tegra30.c | 122 ++ drivers/spi/spi-loopback-test.c | 12 drivers/spi/spi-rpc-if.c | 2 drivers/spi/spi.c | 10 drivers/tee/tee_core.c | 2 drivers/thunderbolt/tb.c | 2 drivers/ufs/core/ufshcd-crypto.c | 34 drivers/ufs/core/ufshcd-crypto.h | 36 drivers/ufs/core/ufshcd.c | 25 drivers/ufs/host/ufs-mediatek.c | 179 +++- drivers/ufs/host/ufshcd-pci.c | 70 + drivers/usb/cdns3/cdnsp-gadget.c | 8 drivers/usb/gadget/function/f_fs.c | 8 drivers/usb/gadget/function/f_hid.c | 4 drivers/usb/gadget/function/f_ncm.c | 3 drivers/usb/host/xhci-plat.c | 1 drivers/usb/mon/mon_bin.c | 14 drivers/vfio/iova_bitmap.c | 5 drivers/vfio/vfio_main.c | 2 drivers/video/backlight/lp855x_bl.c | 2 drivers/video/fbdev/aty/atyfb_base.c | 8 drivers/video/fbdev/core/bitblit.c | 33 drivers/video/fbdev/core/fbcon.c | 19 drivers/video/fbdev/core/fbmem.c | 1 drivers/video/fbdev/pvr2fb.c | 2 drivers/video/fbdev/valkyriefb.c | 2 drivers/watchdog/s3c2410_wdt.c | 10 fs/9p/v9fs.c | 9 fs/btrfs/extent_io.c | 8 fs/btrfs/file.c | 10 fs/btrfs/scrub.c | 2 fs/btrfs/tree-log.c | 2 fs/ceph/dir.c | 3 fs/ceph/file.c | 6 fs/ceph/locks.c | 5 fs/exfat/fatent.c | 11 fs/ext4/fast_commit.c | 2 fs/ext4/xattr.c | 2 fs/f2fs/compress.c | 2 fs/f2fs/extent_cache.c | 6 fs/fuse/inode.c | 11 fs/hpfs/namei.c | 18 fs/jfs/inode.c | 8 fs/jfs/jfs_txnmgr.c | 9 fs/nfs/nfs3client.c | 15 fs/nfs/nfs4client.c | 17 fs/nfs/nfs4proc.c | 15 fs/nfs/nfs4state.c | 3 fs/nfs/pnfs_nfs.c | 34 fs/nfs/sysfs.c | 1 fs/nfs/write.c | 3 fs/nfsd/nfs4proc.c | 7 fs/nfsd/nfs4state.c | 3 fs/ntfs3/inode.c | 1 fs/open.c | 10 fs/orangefs/xattr.c | 12 fs/proc/generic.c | 12 fs/smb/client/cached_dir.c | 16 fs/smb/client/file.c | 115 ++ fs/smb/client/fs_context.c | 2 fs/smb/client/smb2inode.c | 2 fs/smb/client/smb2ops.c | 3 fs/smb/client/smb2pdu.c | 7 fs/smb/client/transport.c | 12 fs/smb/server/smb2pdu.c | 2 fs/smb/server/transport_tcp.c | 12 include/linux/blk_types.h | 11 include/linux/cgroup.h | 1 include/linux/compiler_types.h | 5 include/linux/fbcon.h | 2 include/linux/filter.h | 22 include/linux/map_benchmark.h | 1 include/linux/memcontrol.h | 8 include/linux/memory-tiers.h | 39 include/linux/netpoll.h | 1 include/linux/node.h | 26 include/linux/pci.h | 2 include/linux/shdma-base.h | 2 include/linux/swap.h | 3 include/linux/vm_event_item.h | 1 include/net/bluetooth/hci.h | 1 include/net/bluetooth/hci_core.h | 8 include/net/bluetooth/mgmt.h | 2 include/net/cls_cgroup.h | 2 include/net/gro.h | 3 include/net/nfc/nci_core.h | 2 include/net/tc_act/tc_connmark.h | 1 include/net/xdp.h | 5 include/ufs/ufs_quirks.h | 3 include/ufs/ufshcd.h | 44 + include/ufs/ufshci.h | 4 kernel/bpf/helpers.c | 2 kernel/bpf/ringbuf.c | 2 kernel/bpf/verifier.c | 6 kernel/cgroup/cgroup.c | 24 kernel/events/uprobes.c | 7 kernel/futex/syscalls.c | 106 +- kernel/gcov/gcc_4_7.c | 4 kernel/sched/fair.c | 15 kernel/trace/ftrace.c | 2 kernel/trace/trace_events_hist.c | 6 lib/crypto/Makefile | 2 mm/filemap.c | 24 mm/memcontrol.c | 290 +++--- mm/memory-tiers.c | 162 +++ mm/memory.c | 24 mm/mm_init.c | 2 mm/page_io.c | 8 mm/percpu.c | 8 mm/secretmem.c | 2 mm/truncate.c | 27 mm/vmscan.c | 3 mm/vmstat.c | 1 mm/workingset.c | 54 - mm/zswap.c | 4 net/8021q/vlan.c | 2 net/bluetooth/6lowpan.c | 97 +- net/bluetooth/hci_event.c | 18 net/bluetooth/hci_sync.c | 21 net/bluetooth/iso.c | 8 net/bluetooth/l2cap_core.c | 1 net/bluetooth/mgmt.c | 7 net/bluetooth/rfcomm/tty.c | 26 net/bluetooth/sco.c | 7 net/bridge/br.c | 5 net/bridge/br_forward.c | 5 net/bridge/br_if.c | 1 net/bridge/br_input.c | 4 net/bridge/br_mst.c | 10 net/bridge/br_private.h | 13 net/core/filter.c | 1 net/core/gro.c | 3 net/core/netpoll.c | 71 - net/core/page_pool.c | 12 net/core/skbuff.c | 10 net/core/sock.c | 15 net/dsa/dsa.c | 7 net/dsa/tag_brcm.c | 10 net/ethernet/eth.c | 5 net/handshake/tlshd.c | 1 net/hsr/hsr_device.c | 3 net/ipv4/esp4.c | 4 net/ipv4/netfilter/nf_reject_ipv4.c | 25 net/ipv4/nexthop.c | 6 net/ipv4/route.c | 5 net/ipv4/udp_tunnel_nic.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ah6.c | 50 - net/ipv6/esp6.c | 4 net/ipv6/netfilter/nf_reject_ipv6.c | 30 net/ipv6/raw.c | 2 net/ipv6/udp.c | 2 net/mac80211/iface.c | 14 net/mac80211/mlme.c | 2 net/mac80211/rx.c | 10 net/mptcp/protocol.c | 54 - net/mptcp/protocol.h | 2 net/netfilter/nf_tables_api.c | 30 net/rds/rds.h | 2 net/sched/act_bpf.c | 6 net/sched/act_connmark.c | 30 net/sched/act_ife.c | 12 net/sched/cls_bpf.c | 6 net/sched/sch_generic.c | 17 net/sctp/diag.c | 21 net/sctp/transport.c | 13 net/smc/smc_clc.c | 1 net/strparser/strparser.c | 2 net/tipc/net.c | 2 net/unix/garbage.c | 14 net/xfrm/espintcp.c | 4 security/integrity/ima/ima_appraise.c | 23 sound/drivers/serial-generic.c | 12 sound/pci/hda/patch_realtek.c | 17 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/lpass-va-macro.c | 2 sound/soc/codecs/max98090.c | 6 sound/soc/codecs/tas2781-i2c.c | 9 sound/soc/codecs/tlv320aic3x.c | 32 sound/soc/fsl/fsl_sai.c | 3 sound/soc/intel/avs/pcm.c | 2 sound/soc/meson/aiu-encoder-i2s.c | 9 sound/soc/qcom/qdsp6/q6asm.c | 2 sound/soc/qcom/sc8280xp.c | 3 sound/soc/stm/stm32_sai_sub.c | 8 sound/usb/endpoint.c | 5 sound/usb/mixer.c | 9 sound/usb/mixer_s1810c.c | 28 sound/usb/validate.c | 9 tools/bpf/bpftool/btf_dumper.c | 2 tools/bpf/bpftool/prog.c | 2 tools/include/linux/bitmap.h | 1 tools/lib/bpf/bpf_tracing.h | 2 tools/lib/thermal/Makefile | 9 tools/perf/util/symbol.c | 1 tools/power/cpupower/lib/cpuidle.c | 5 tools/power/cpupower/lib/cpupower.c | 2 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 30 tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 tools/testing/selftests/bpf/test_xsk.sh | 2 tools/testing/selftests/drivers/net/netdevsim/Makefile | 21 tools/testing/selftests/drivers/net/netdevsim/settings | 1 tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 4 tools/testing/selftests/iommu/iommufd.c | 2 tools/testing/selftests/net/fcnal-test.sh | 432 +++++----- tools/testing/selftests/net/forwarding/local_termination.sh | 2 tools/testing/selftests/net/gro.c | 101 ++ tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 54 - tools/testing/selftests/net/psock_tpacket.c | 4 tools/testing/selftests/net/traceroute.sh | 13 tools/testing/selftests/user_events/perf_test.c | 2 usr/include/headers_check.pl | 2 503 files changed, 4860 insertions(+), 2077 deletions(-) Aaron Kling (1): cpufreq: tegra186: Initialize all cores to max frequencies Abdun Nihaal (4): sfc: fix potential memory leak in efx_mae_process_mport() Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() HID: uclogic: Fix potential memory leak in error path isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Adrian Hunter (3): scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers scsi: ufs: core: Add a quirk to suppress link_startup_again scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL Akhil P Oommen (1): drm/msm/a6xx: Fix GMU firmware parser Al Viro (3): allow finish_no_open(file, ERR_PTR(-E...)) sparc64: fix prototypes of reads[bwl]() nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Albin Babu Varghese (1): fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Aleksander Jan Bajkowski (5): mips: lantiq: danube: add missing properties to cpu node mips: lantiq: danube: add model to EASY50712 dts mips: lantiq: danube: add missing device_type in pci node mips: lantiq: xway: sysctrl: rename stp clock mips: lantiq: danube: rename stp node on EASY50712 reference board Alex Deucher (4): drm/amd/display: add more cyan skillfish devices drm/amd: add more cyan skillfish PCI ids drm/amdgpu: don't enable SMU on cyan skillfish drm/amdgpu: add support for cyan skillfish gpu_info Alex Hung (1): drm/amd/display: Fix black screen with HDMI outputs Alex Mastro (1): vfio: return -ENOTTY for unsupported device feature Alexander Stein (2): mfd: stmpe: Remove IRQ domain upon removal mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Sverdlin (1): selftests: net: local_termination: Wait for interfaces to come up Alexey Klimov (2): regmap: slimbus: fix bus_context pointer in regmap init calls ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() Alice Chao (2): scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change scsi: ufs: host: mediatek: Fix invalid access in vccqx handling Alistair Francis (1): nvme: Use non zero KATO for persistent discovery connections Alok Tiwari (2): udp_tunnel: use netdev_warn() instead of netdev_WARN() scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Amber Lin (1): drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Amery Hung (1): bpf: Clear pfmemalloc flag when freeing all fragments Amirreza Zarrabi (1): tee: allow a driver to allocate a tee_device without a pool Anand Moon (1): arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 Andreas Kemnade (1): hwmon: sy7636a: add alias Andrew Davis (1): remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper Andrii Nakryiko (1): libbpf: Fix powerpc's stack register definition in bpf_tracing.h André Draszik (1): pmdomain: samsung: plug potential memleak during probe Ankit Khushwaha (1): selftests/user_events: fix type cast for write_index packed member in perf_test Antheas Kapenekakis (1): HID: asus: add Z13 folio to generic group for multitouch to work Anthony Iliopoulos (1): NFSv4.1: fix mount hang after CREATE_SESSION failure Anton Blanchard (1): riscv: Improve exception and system call latency Antonino Maniscalco (1): drm/msm: make sure to not queue up recovery more than once Anubhav Singh (2): selftests/net: fix out-of-order delivery of FIN in gro:tcp test selftests/net: use destination options instead of hop-by-hop Ariel D'Alessandro (1): drm/mediatek: Disable AFBC support on Mediatek DRM driver Arkadiusz Bokowy (1): Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames Armin Wolf (1): hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Arnd Bergmann (1): mfd: madera: Work around false-positive -Wininitialized warning Arseniy Krasnov (1): Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Ashish Kalra (1): iommu/amd: Skip enabling command/event buffers for kdump Avadhut Naik (1): hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models Baochen Qiang (1): Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Bart Van Assche (1): scsi: ufs: core: Disable timestamp functionality if not supported Bartosz Golaszewski (1): pinctrl: keembay: release allocated memory in detach path Ben Copeland (1): hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex Benjamin Berg (1): wifi: mac80211: skip rate verification for not captured PSDUs Benjamin Lin (1): wifi: mt76: mt7996: Temporarily disable EPCS Biju Das (2): mmc: host: renesas_sdhi: Fix the actual clock spi: rpc-if: Add resume support for RZ/G3E Borislav Petkov (AMD) (1): x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev Brahmajit Das (1): net: intel: fm10k: Fix parameter idx set but not used Breno Leitao (4): net: netpoll: Individualize the skb pool net: netpoll: flush skb pool during cleanup net: netpoll: fix incorrect refcount handling causing incorrect cleanup memcg: fix data-race KCSAN bug in rstats Bruno Thomsen (1): rtc: pcf2127: fix watchdog interrupt mask on pcf2131 Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Bui Quang Minh (1): virtio-net: fix received length check in big packets Carolina Jubran (1): net/mlx5e: Don't query FEC statistics when FEC is disabled Cen Zhang (1): Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once Cezary Rojewski (1): ASoC: Intel: avs: Unprepare a stream when XRUN occurs Chandrakanth Patil (1): scsi: mpi3mr: Fix controller init failure on fault during queue creation Chang S. Bae (1): x86/fpu: Ensure XFD state on signal delivery Chao Yu (1): f2fs: fix to avoid overflow while left shift operation Charalampos Mitrodimas (1): net: ipv6: fix field-spanning memcpy warning in AH output Chelsy Ratnawat (1): media: fix uninitialized symbol warnings Chen Wang (1): PCI: cadence: Check for the existence of cdns_pcie::ops before using it Chen Yufeng (1): usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget Chen-Yu Tsai (1): clk: sunxi-ng: sun6i-rtc: Add A523 specifics Chenghao Duan (1): riscv: bpf: Fix uninitialized symbol 'retval_off' Chi Zhang (1): pinctrl: single: fix bias pull up/down handling in pin_config_set Chi Zhiling (1): exfat: limit log print for IO error Chris Lu (1): Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset Christian Bruel (1): irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Christian König (1): drm/amdgpu: reject gang submissions under SRIOV Christoph Paasch (1): net: When removing nexthops, don't call synchronize_net if it is not necessary Christopher Ruehl (1): power: supply: qcom_battmgr: add OOI chemistry Chuande Chen (1): hwmon: (sbtsi_temp) AMD CPU extended temperature range support Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Chuck Lever (1): NFSD: Fix crash in nfsd4_read_release() ChunHao Lin (1): r8169: set EEE speed down ratio to 1 Chunyan Zhang (1): riscv: stacktrace: Disable KASAN checks for non-current tasks Clay King (1): drm/amd/display: ensure committing streams is seamless Clément Léger (1): riscv: stacktrace: fix backtracing through exceptions Coiby Xu (1): ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Colin Foster (1): smsc911x: add second read of EEPROM mac when possible corruption seen Cryolitia PukNgae (1): ALSA: usb-audio: apply quirk for MOONDROP Quark2 D. Wythe (1): net/smc: fix mismatch between CLC header and proposal Damien Le Moal (2): block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL block: make REQ_OP_ZONE_OPEN a write operation Dan Carpenter (1): mtd: onenand: Pass correct pointer to IRQ handler Daniel Lezcano (1): clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Daniel Palmer (2): fbdev: atyfb: Check if pll_ops->init_pll failed eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP Daniel Wagner (2): nvmet-fc: avoid scheduling association deletion twice nvme-fc: use lock accessing port_state and rport state Danil Skrebenkov (1): RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Dave Jiang (8): base/node / acpi: Change 'node_hmem_attrs' to 'access_coordinates' acpi: numa: Create enum for memory_target access coordinates indexing acpi: numa: Add genport target allocation to the HMAT parsing acpi: Break out nesting for hmat_parse_locality() acpi: numa: Add setting of generic port system locality attributes base/node / ACPI: Enumerate node access class for 'struct access_coordinate' acpi/hmat: Fix lockdep warning for hmem_register_resource() ACPI: HMAT: Remove register of memory node for generic target David Ahern (2): selftests: Disable dad for ipv6 in fcnal-test.sh selftests: Replace sleep with slowwait David Francis (1): drm/amdgpu: Allow kfd CRIU with no buffer objects David Howells (1): cifs: Fix uncached read into ITER_KVEC iterator David Wei (1): netdevsim: add Makefile for selftests Dennis Beier (1): cpufreq/longhaul: handle NULL policy in longhaul_exit Devendra K Verma (1): dmaengine: dw-edma: Set status for callback_result Dmitry Baryshkov (1): drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Domenico Cerasuolo (1): mm: memcg: add per-memcg zswap writeback stat Dragos Tatulea (2): page_pool: Clamp pool size to max 16K pages net/mlx5e: SHAMPO, Fix skb size check for 64K pages Eduard Zingerman (1): bpf: account for current allocated stack depth in widen_imprecise_scalars() Edward Adam Davis (1): cifs: client: fix memory leak in smb3_fs_context_parse_param Emanuele Ghidoli (1): net: phy: dp83867: Disable EEE support as not implemented Emil Dahl Juhl (1): tools: lib: thermal: don't preserve owner in install Eric Biggers (6): lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN scsi: ufs: core: Add UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE scsi: ufs: core: fold ufshcd_clear_keyslot() into its caller scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE scsi: ufs: core: Add fill_crypto_prdt variant op scsi: ufs: core: Add UFSHCD_QUIRK_KEYS_IN_PRDT Eric Dumazet (7): net: call cond_resched() less often in __release_sock() ipv6: np->rxpmtu race annotation sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: act_connmark: use RCU in tcf_connmark_dump() net_sched: limit try_bulk_dequeue_skb() batches bpf: Add bpf_prog_run_data_pointers() netpoll: remove netpoll_srcu Eric Huang (1): drm/amdkfd: fix vram allocation failure for a special case Fabien Proriol (1): power: supply: sbs-charger: Support multiple devices Farhan Ali (1): s390/pci: Restore IRQ unconditionally for the zPCI device Felix Maurer (1): hsr: Fix supervision frame sending on HSRv0 Fenglin Wu (1): power: supply: qcom_battmgr: handle charging state change notifications Filipe Manana (1): btrfs: do not update last_log_commit when logging inode due to a new name Fiona Ebner (1): smb: client: transport: avoid reconnects triggered by pending task work Florian Fuchs (1): fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Florian Westphal (1): netfilter: nf_reject: don't reply to icmp error messages Forest Crossman (1): usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Francisco Gutierrez (1): scsi: pm80xx: Fix race condition caused by static variables Gal Pressman (5): net/mlx5e: Use extack in get module eeprom by page callback net/mlx5e: Fix return value in case of module EEPROM read error net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps net/mlx5e: Fix potentially misleading debug message Gaurav Jain (1): crypto: caam - double the entropy delay interval for retry Gautham R. Shenoy (3): ACPI: CPPC: Check _CPC validity for only the online CPUs ACPI: CPPC: Perform fast check switch only for online CPUs ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Geert Uytterhoeven (1): kbuild: uapi: Strip comments before size type check Geoffrey McRae (1): drm/amdkfd: return -ENOTTY for unsupported IOCTLs Gerd Bayer (1): s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Gokul Sivakumar (1): wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Greg Kroah-Hartman (1): Linux 6.6.117 Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Haibo Chen (1): iio: adc: imx93_adc: load calibrated values even calibration failed Han Gao (1): riscv: acpi: avoid errors caused by probing DT devices when ACPI is used Hangbin Liu (1): net: vlan: sync VLAN features with lower device Hans de Goede (3): ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() spi: Try to get ACPI GPIO IRQ earlier Hao Yao (1): media: ov08x40: Fix the horizontal flip control Haotian Zhang (4): crypto: aspeed - fix double free caused by devm regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure ASoC: codecs: va-macro: fix resource leak in probe error path Harikrishna Shenoy (1): phy: cadence: cdns-dphy: Enable lower resolutions in dphy Hector Martin (1): iommu/apple-dart: Clear stream error indicator bits for T8110 DARTs Heiko Carstens (1): s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP Heiner Kallweit (1): net: phy: fixed_phy: let fixed_phy_unregister free the phy_device Henrique Carvalho (3): smb: client: fix potential cfid UAF in smb2_query_info_compound smb: client: fix potential UAF in smb2_close_cached_fid() smb: client: fix cifs_pick_channel when channel needs reconnect Horatiu Vultur (1): lan966x: Fix sleeping in atomic context Hoyoung Seo (1): scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS Huacai Chen (2): LoongArch: Use correct accessor to read FWPC/MWPC LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY Huang Ying (3): memory tiering: add abstract distance calculation algorithms management acpi, hmat: refactor hmat_register_target_initiators() acpi, hmat: calculate abstract distance with HMAT Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Ian Rogers (1): tools bitmap: Add missing asm-generic/bitsperlong.h include Ido Schimmel (2): bridge: Redirect to backup port when port is administratively down selftests: traceroute: Use require_command() Ilan Peer (1): wifi: mac80211: Fix HE capabilities element check Ilia Gavrilov (1): Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() Inochi Amaoto (1): irqchip/sifive-plic: Respect mask state when setting affinity Isaac J. Manjarres (1): mm/mm_init: fix hash table order logging in alloc_large_system_hash() Ivan Pravdin (1): Bluetooth: bcsp: receive data only if registered Jacob Moroni (3): RDMA/irdma: Fix SD index calculation RDMA/irdma: Remove unused struct irdma_cq fields RDMA/irdma: Set irdma_cq cq_num field during CQ create Jakub Kicinski (3): selftests: net: replace sleeps in fcnal-test with waits page_pool: always add GFP_NOWARN for ATOMIC allocations selftests: netdevsim: set test timeout to 10 minutes Janne Grunau (1): pmdomain: apple: Add "apple,t8103-pmgr-pwrstate" Janusz Krzysztofik (1): drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jason Gunthorpe (2): iommufd: Make vfio_compat's unmap succeed if the range is already empty iommufd: Don't overflow during division for dirty tracking Jayesh Choudhary (1): drm/tidss: Set crtc modesetting parameters with adjusted mode Jens Kehne (1): mfd: da9063: Split chip variant reading in two bus transactions Jens Reidel (1): soc: qcom: smem: Fix endian-unaware access of num_entries Jerome Brunet (1): NTB: epf: Allow arbitrary BAR mapping Jesse.Zhang (1): drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Jiawen Wu (1): net: libwx: fix device bus LAN ID Jiayi Li (1): memstick: Add timeout to prevent indefinite waiting Jihed Chaibi (1): ARM: dts: imx51-zii-rdu1: Fix audmux node names Jijie Shao (1): net: hns3: return error code when function fails Jiri Olsa (1): uprobe: Do not emulate/sstep original instruction when ip is changed Johan Hovold (2): Bluetooth: rfcomm: fix modem control handling drm/mediatek: Fix device use-after-free on unbind Johannes Berg (1): wifi: mac80211: reject address change while connecting John Keeping (1): ALSA: serial-generic: remove shared static buffer John Smith (2): drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Sperbeck (1): net: netpoll: ensure skb_pool list is always initialized Jonas Gorski (4): net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx net: dsa: b53: fix resetting speed and pause on forced link net: dsa: b53: fix enabling ip multicast net: dsa: b53: stop reading ARL entries if search is done Josephine Pfeiffer (1): riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Joshua Rogers (2): smb: client: validate change notify buffer before copy ksmbd: close accepted socket when per-IP limit rejects connection Joshua Watt (1): NFS4: Fix state renewals missing after boot Josua Mayer (1): rtc: pcf2127: clear minute/second interrupt Julian Sun (1): ext4: increase IO priority of fastcommit Junjie Cao (1): fbdev: bitblit: bound-check glyph index in bit_putcs* Junxian Huang (1): RDMA/hns: Fix wrong WQE data when QP wraps around Juraj Šarinay (1): net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Justin Tee (3): scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup scsi: lpfc: Define size of debugfs entry for xri rebalancing Kailang Yang (1): ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Kalesh AP (1): bnxt_en: Fix a possible memory leak in bnxt_ptp_init Karthi Kandasamy (1): drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream Karthik M (1): wifi: ath12k: free skb during idr cleanup callback Kaushlendra Kumar (4): ACPI: button: Call input_free_device() on failing input device registration tools/cpupower: fix error return value in cpupower_write_sysfs() tools/cpupower: Fix incorrect size in cpuidle_state_disable() tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kees Cook (1): arc: Fix __fls() const-foldability via __builtin_clzl() Kent Russell (1): drm/amdkfd: Handle lack of READ permissions in SVM mapping Kirill A. Shutemov (1): x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Kiryl Shutsemau (2): mm/memory: do not populate page table entries beyond i_size mm/truncate: unmap large folio on split failure Koakuma (1): sparc/module: Add R_SPARC_UA64 relocation handling Konstantin Sinyuk (1): accel/habanalabs/gaudi2: read preboot status after recovering from dirty state Krishna Kurapati (1): usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Krzysztof Kozlowski (4): extcon: adc-jack: Fix wakeup source leaks on device unbind drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL drm/msm/dsi/phy_7nm: Fix missing initial VCO rate extcon: adc-jack: Cleanup wakeup source only if it was enabled Kumar Kartikeya Dwivedi (1): bpf: Do not limit bpf_cgroup_from_id to current's namespace Kuniyuki Iwashima (3): net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. tipc: Fix use-after-free in tipc_mon_reinit_self(). af_unix: Initialise scc_index in unix_add_edge(). Lance Yang (1): mm/secretmem: fix use-after-free race in fault handler Laurent Pinchart (2): media: pci: ivtv: Don't create fake v4l2_fh media: amphion: Delete v4l2_fh synchronously in .release() Len Brown (2): tools/power x86_energy_perf_policy: Enhance HWP enable tools/power x86_energy_perf_policy: Prefer driver HWP limits Li RongQing (1): x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Li Zhijian (1): mm/memory-tier: fix abstract distance calculation overflow Lijo Lazar (2): drm/amd/pm: Use cached metrics data on aldebaran drm/amd/pm: Use cached metrics data on arcturus Lizhi Xu (1): usbnet: Prevents free active kevent Loic Poulain (2): wifi: ath10k: Fix memory leak on unsupported WMI command wifi: ath10k: Fix connection after GTK rekeying Luiz Augusto von Dentz (4): Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 Bluetooth: ISO: Fix another instance of dst_type handling Bluetooth: hci_core: Fix tracking of periodic advertisement Bluetooth: SCO: Fix UAF on sco_conn_free Lukas Wunner (1): thunderbolt: Use is_pciehp instead of is_hotplug_bridge Manivannan Sadhasivam (1): scsi: ufs: core: Add a quirk for handling broken LSDBS field in controller capabilities register Marcos Del Sol Vives (1): PCI: Disable MSI on RDC PCI to PCIe bridges Mario Limonciello (2): PCI/PM: Skip resuming to D0 if device is disconnected drm/amd: Fix suspend failure with secure display TA Mario Limonciello (AMD) (3): drm/amd: Avoid evicting resources at S5 HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 x86/microcode/AMD: Add more known models to entry sign checking Mark Pearson (1): wifi: ath11k: Add missing platform IDs for quirk table Martin Willi (1): wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup Masami Ichikawa (1): HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Matthias Schiffer (1): clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Matthieu Baerts (NGI0) (3): selftests: mptcp: connect: fix fallback note due to OoO selftests: mptcp: join: rm: set backup flag selftests: mptcp: connect: trunc: read all recv data Mehdi Djait (1): media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR Miaoqian Lin (3): net: usb: asix_devices: Check return value of usbnet_get_endpoints fbdev: valkyriefb: Fix reference count leak in valkyriefb_init crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value Michael Dege (1): phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet Michael Riesch (1): phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Michael Strauss (1): drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration Michal Hocko (1): mm, percpu: do not consider sleepable allocations atomic Mike Marshall (1): orangefs: fix xattr related buffer overflow... Miklos Szeredi (1): fuse: zero initialize inode private data Ming Wang (1): irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller Miroslav Lichvar (1): ptp: Limit time setting of PTP clocks Moti Haimovski (1): accel/habanalabs: support mapping cb with vmalloc-backed coherent memory Nai-Chen Cheng (1): selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Namjae Jeon (1): ksmbd: use sock_create_kern interface to create kernel socket Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug Nathan Chancellor (1): lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Nhat Pham (1): cachestat: do not flush stats in recency check Nick Hu (1): irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops Nicolas Escande (1): wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Nicolas Ferre (2): ARM: at91: pm: save and restore ACR during PLL disable/enable clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register Niklas Cassel (1): PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() Niklas Schnelle (2): powerpc/eeh: Use result of error_detected() in uevent s390/pci: Use pci_uevent_ers() in PCI recovery Niklas Söderlund (4): media: adv7180: Add missing lock in suspend callback media: adv7180: Do not write format to device in set_fmt media: adv7180: Only validate format in querystd net: sh_eth: Disable WoL if system can not suspend Nikolay Aleksandrov (2): net: bridge: fix use-after-free due to MST port state bypass net: bridge: fix MST static key usage Niravkumar L Rabara (2): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Nithyanantham Paramasivam (1): wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 Noorain Eqbal (1): bpf: Sync pending IRQ work before freeing ring buffer Oleg Makarenko (1): HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel Oleksij Rempel (2): net: stmmac: Correctly handle Rx checksum offload errors net: phy: clear link parameters on admin link down Olga Kornievskaia (2): NFSv4: handle ERR_GRACE on delegation recalls NFSD: free copynotify stateid in nfs4_free_ol_stateid() Olivier Moysan (1): ASoC: stm32: sai: manage context in set_sysclk callback Ondrej Mosnacek (1): bpf: Do not audit capability check in do_jit() Ovidiu Panait (1): crypto: sun8i-ce - remove channel timeout field Owen Gu (1): usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Pablo Neira Ayuso (1): netfilter: nf_tables: reject duplicate device on updates Pankaj Raghav (1): filemap: cap PTE range to be created to allowed zero fill in folio_map_range() Paolo Abeni (4): mptcp: drop bogus optimization in __mptcp_check_push() mptcp: restore window probe mptcp: fix MSG_PEEK stream corruption net: allow small head cache usage with large MAX_SKB_FRAGS values Paul Hsieh (1): drm/amd/display: update dpp/disp clock from smu clock table Paul Kocialkowski (1): media: verisilicon: Explicitly disable selection api ioctls for decoders Pauli Virtanen (5): Bluetooth: MGMT: cancel mesh send timer when hdev removed Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Wang (5): scsi: ufs: host: mediatek: Fix auto-hibern8 timer configuration scsi: ufs: host: mediatek: Change reset sequence for improved stability scsi: ufs: host: mediatek: Enhance recovery on resume failure scsi: ufs: host: mediatek: Enhance recovery on hibernation exit failure scsi: ufs: host: mediatek: Disable auto-hibern8 during power mode changes Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Petr Machata (1): net: bridge: Install FDB for bridge MAC on VLAN 0 Philipp Stanner (1): drm/sched: Fix race in drm_sched_entity_select_rq() Pierre Gondois (1): sched/fair: Use all little CPUs for CPU-bound workloads Pierre-Eric Pelloux-Prayer (1): drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb Ping-Ke Shih (1): wifi: rtw88: sdio: use indirect IO for device registers before power-on Pranav Tyagi (1): futex: Don't leak robust_list pointer on exec race Primoz Fiser (1): ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 Qendrim Maxhuni (1): net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Qianfeng Rong (3): crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() scsi: pm8001: Use int instead of u32 to store error codes media: redrat3: use int type to store negative error codes Qingfang Deng (2): 6pack: drop redundant locking and refcounting net: stmmac: Fix accessing freed irq affinity_hint Qinxin Xia (1): dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Qu Wenruo (1): btrfs: ensure no dirty metadata is written back for an fs with errors Quan Zhou (1): wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device Quanmin Yan (1): fbcon: Set fb_display[i]->mode to NULL when the mode is released Radhey Shyam Pandey (1): arm64: zynqmp: Revert usb node drive strength and slew rate for zcu106 Rafael J. Wysocki (3): cpuidle: governors: menu: Rearrange main loop in menu_select() cpuidle: governors: menu: Select polling state in some more cases cpuidle: Fail cpuidle device registration if there is one already Rafał Miłecki (1): ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY Randall P. Embry (2): 9p: fix /sys/fs/9p/caches overwriting itself 9p: sysfs_init: don't hardcode error to ENOMEM Ranganath V N (2): net: sched: act_connmark: initialize struct tc_ife to fix kernel leak net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranjan Kumar (1): scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate Raphael Pinsonneault-Thibeault (2): Bluetooth: hci_event: validate skb length for unknown CC opcode Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Ricardo B. Marlière (2): selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh Ricardo Ribalda (1): media: uvcvideo: Use heuristic to find stream entity Richard Gobert (1): selftests/net: fix GRO coalesce test and add ext header coalesce tests Robert Marko (1): net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Rodrigo Gobbi (1): iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Rohan G Thomas (1): net: phy: marvell: Fix 88e1510 downshift counter errata Rong Zhang (1): hwmon: (k10temp) Add device ID for Strix Halo Rosen Penev (1): dmaengine: mv_xor: match alloc_wc and free_wc Roy Vegard Ovesen (2): ALSA: usb-audio: fix control pipe direction ALSA: usb-audio: add mono main switch to Presonus S1824c Ryan Chen (1): soc: aspeed: socinfo: Add AST27xx silicon IDs Ryan Wanner (1): clk: at91: clk-master: Add check for divide by 3 Sabrina Dubroca (1): espintcp: fix skb leaks Sakari Ailus (1): ACPI: property: Return present device nodes only on fwnode interface Saket Dumbre (1): ACPICA: Update dsmethod.c to get rid of unused variable warning Sangwook Shin (1): watchdog: s3c2410_wdt: Fix max_timeout being calculated larger Sarthak Garg (1): mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Sascha Hauer (1): tools: lib: thermal: use pkg-config to locate libnl3 Sathishkumar S (1): drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Scott Mayhew (1): NFS: check if suid/sgid was cleared after a write as needed Seyediman Seyedarab (2): drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Shang song (Lenovo) (1): ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shaurya Rane (1): jfs: fix uninitialized waitqueue in transaction manager Shawn Lin (1): mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Shenghao Ding (1): ASoC: tas2781: fix getting the wrong device number Shengjiu Wang (1): ASoC: fsl_sai: fix bit order for DSD format Shuai Xue (1): acpi,srat: Fix incorrect device handle check for Generic Initiator Shuhao Fu (1): smb: client: fix refcount leak in smb2_set_path_attr Shyam Prasad N (1): cifs: stop writeback extension when change of size is detected Srinivas Kandagatla (1): ASoC: qdsp6: q6asm: do not sleep while atomic Srinivasan Shanmugam (1): drm/amdgpu: Fix function header names in amdgpu_connectors.c Stefan Wahren (1): ethernet: Extend device_get_mac_address() to use NVMEM Stefan Wiehler (3): sctp: Hold RCU read lock while iterating over address list sctp: Prevent TOCTOU out-of-bounds write sctp: Hold sock lock while iterating over address list Stephan Gerhold (1): remoteproc: qcom: q6v5: Avoid handling handover twice Steven Rostedt (1): selftests/tracing: Run sample events to clear page cache events Sungho Kim (1): PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Svyatoslav Ryhel (4): soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups ARM: tegra: transformer-20: add missing magnetometer interrupt ARM: tegra: transformer-20: fix audio-codec interrupt video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Takashi Iwai (2): ALSA: usb-audio: Add validation of UAC2/UAC3 effect units ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Tetsuo Handa (3): media: imon: make send_packet() more robust ntfs3: pretend $Extend records as regular files jfs: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): char: misc: restrict the dynamic range to exclude reserved minors Thomas Andreatta (1): dmaengine: sh: setup_xref error handling Thomas Weißschuh (3): spi: loopback-test: Don't use %pK through printk bpf: Don't use %pK through printk ice: Don't use %pK through printk or tracepoints Thomas Zimmermann (1): drm/sysfb: Do not dereference NULL pointer in plane reset Théo Lebrun (1): net: macb: avoid dealing with endianness in macb_set_hwaddr() Tianyang Zhang (1): LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Tiezhu Yang (1): net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Timur Kristóf (4): drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) drm/amd/display: Fix DVI-D/HDMI adapters drm/amd/display: Disable VRR on DCE 6 drm/amd/pm: Disable MCLK switching on SI at high pixel clocks Tiwei Bie (1): um: Fix help message for ssl-non-raw Tom Stellard (1): bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 Tomer Tayar (1): accel/habanalabs: return ENOMEM if less than requested pages were pinned Tomeu Vizoso (1): drm/etnaviv: fix flush sequence logic Tomi Valkeinen (3): drm/tidss: Use the crtc_* timings when programming the HW drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Tristram Ha (1): net: dsa: microchip: Fix reserved multicast address table programming Trond Myklebust (4): pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() NFS: enable nconnect for RDMA pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Tvrtko Ursulin (1): drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl Ujwal Kundur (1): rds: Fix endianness annotation for RDS_MPATH_HASH Umesh Nerlige Ramappa (1): drm/i915: Fix conversion between clock ticks and nanoseconds Uwe Kleine-König (1): crypto: aspeed-acry - Convert to platform remove callback returning void Valerio Setti (1): ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Vered Yavniely (1): accel/habanalabs/gaudi2: fix BMON disable configuration Viacheslav Dubeyko (2): ceph: add checking of wait_for_completion_killable() return value ceph: refactor wake_up_bit() pattern of calling Vincent Guittot (1): sched/pelt: Avoid underestimation of task utilization Vladimir Oltean (1): net: dsa: improve shutdown sequence Vladimir Riabchun (1): ftrace: Fix softlockup in ftrace_module_enable Vladimir Zapolskiy (1): media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer Wake Liu (2): selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 selftests/net: Ensure assert() triggers in psock_tpacket.c Wang Liang (2): selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh net: fix NULL pointer dereference in l3mdev_l3_rcv Wayne Lin (1): drm/amd/display: Enable mst when it's detected but yet to be initialized Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() William Wu (1): usb: gadget: f_hid: Fix zero length packet transfer Wonkon Kim (1): scsi: ufs: core: Initialize value of an attribute returned by uic cmd Xin Hao (1): mm: memcg: add THP swap out info for anonymous reclaim Xion Wang (1): char: Use list_del_init() in misc_deregister() to reinitialize list pointer Xuan Zhuo (1): virtio-net: fix incorrect flags recording in big mode Yafang Shao (1): net/cls_cgroup: Fix task_get_classid() during qdisc run Yang Wang (1): drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Yang Xiuwei (1): NFS: sysfs: fix leak when nfs_client kobject add fails Yifan Zhang (1): amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw Yikang Yue (1): fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Ying Huang (1): memory tiers: use default_dram_perf_ref_source in log message Yosry Ahmed (7): KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated mm: memcg: change flush_next_time to flush_last_time mm: memcg: move vmstats structs definition above flushing code mm: memcg: make stats flushing threshold per-memcg mm: workingset: move the stats flush into workingset_test_recent() mm: memcg: restore subtree stats flushing mm: memcg: optimize parent iteration in memcg_rstat_updated() Yu Kuai (1): blk-cgroup: fix possible deadlock while configuring policy Yue Haibing (1): ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Yuhao Jiang (1): ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Yuta Hayama (1): rtc: rx8025: fix incorrect register reference ZhangGuoDong (2): smb/server: fix possible memory leak in smb2_read() smb/server: fix possible refcount leak in smb2_sess_setup() Zijun Hu (2): char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor char: misc: Does not request module for miscdevice with dynamic minor Zilin Guan (3): tracing: Fix memory leaks in create_field_var() net/handshake: Fix memory leak in tls_handshake_accept() btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() austinchang (1): btrfs: mark dirty extent range for out of bound prealloc extents chuguangqing (1): fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock jingxian.li (1): Revert "perf dso: Add missed dso__put to dso__load_kcore" raub camaioni (1): usb: gadget: f_ncm: Fix MAC assignment NCM ethernet wangzijie (1): f2fs: fix infinite loop in __insert_extent_tree() wenglianfa (1): RDMA/hns: Fix the modification of max_send_sge

3 days, 1 hour

1
1
0 0

[PATCH] NFC: Fix error handling in nfc_genl_dump_targets

by Ma Ke

nfc_genl_dump_targets() increments the device reference count via nfc_get_device() but fails to decrement it properly. nfc_get_device() calls class_find_device() which internally calls get_device() to increment the reference count. No corresponding put_device() is made to decrement the reference count. Add proper reference count decrementing using nfc_put_device() when the dump operation completes or encounters an error, ensuring balanced reference counting. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- net/nfc/netlink.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index a18e2c503da6..9ae138ee91dd 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb, cb->args[0] = i; + if (rc < 0 || i >= dev->n_targets) { + nfc_put_device(dev); + cb->args[1] = 0; + } + return skb->len; } -- 2.17.1

3 days, 2 hours

2
2
0 0

[PATCH AUTOSEL 6.17-5.10] platform/x86: huawei-wmi: add keys for HONOR models

by Sasha Levin

From: Jia Ston <ston.jia(a)outlook.com> [ Upstream commit 5c72329716d0858621021193330594d5d26bf44d ] HONOR MagicBook X16/X14 models produced in 2025 cannot use the Print Screen and YOYO keys properly, with the system reporting them as unknown key presses (codes: 0x028b and 0x028e). To resolve this, a key_entry is added for both the HONOR Print Screen key and the HONOR YOYO key, ensuring they function correctly on these models. Signed-off-by: Ston Jia <ston.jia(a)outlook.com> Link: https://patch.msgid.link/20251029051804.220111-1-ston.jia@outlook.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ### Comprehensive Analysis 1. **Commit Message and Issue Analysis** The commit addresses a functional hardware defect on HONOR MagicBook X16/X14 laptops (2025 models). The "Print Screen" and "YOYO" keys do not generate input events, instead triggering "Unknown key pressed" warning logs with scancodes `0x028b` and `0x028e`. This means users cannot use these hardware features, which constitutes a real-world bug for owners of these devices. 2. **Code Review and Mechanism** The fix is a surgical addition to the `huawei_wmi_keymap` array in `drivers/platform/x86/huawei-wmi.c`. - **Mechanism:** The driver uses `sparse_keymap_entry_from_scancode` to translate WMI events into input events. Without these entries, the lookup fails, and the driver drops the event. - **Change:** Two lines are added: ```c { KE_KEY, 0x28b, { KEY_NOTIFICATION_CENTER } }, { KE_KEY, 0x28e, { KEY_PRINT } }, ``` - **Dependencies:** `KEY_NOTIFICATION_CENTER` was introduced in Linux 5.10. This patch is suitable for stable trees 5.10, 5.15, 6.1, and 6.6 without modification. Older LTS versions (4.19, 5.4) would require a minor adjustment (using a different keycode or backporting the definition), but the patch remains conceptually valid for them. 3. **Stable Kernel Rules Assessment** - **Exception Category:** This commit falls squarely under the **"QUIRKS and WORKAROUNDS"** and **"TRIVIAL SUBSYSTEM-SPECIFIC ADDITIONS"** exceptions defined in stable kernel rules. Adding keymap entries is functionally identical to adding PCI/USB IDs: it enables hardware that is currently present but non-functional. - **Feature vs. Fix:** While the commit says "add keys," it is fixing broken hardware support. The keys physically exist but do not work; enabling them is a fix, not a new software feature. - **New Hardware on Stable:** While the hardware is from 2025, it is common for users to run Long Term Support (LTS) kernels (e.g., Ubuntu LTS, RHEL, or community LTS kernels like 6.6.y) on new hardware. Refusing to backport hardware enablement forces these users to run bleeding-edge kernels or suffer broken functionality. 4. **Risk vs. Benefit** - **Regression Risk:** **Negligible.** The change adds data to a static array. It only affects the handling of two specific scancodes (`0x28b`, `0x28e`) which previously resulted in an error log. It cannot affect existing key mappings or other hardware. - **Benefit:** Restores functionality for the "Print Screen" key (essential for workflows) and the specific "YOYO" key on supported laptops. 5. **Conclusion** Although the commit lacks a "Cc: stable" tag, it meets all objective criteria for a stable backport. It is an obviously correct, low-risk, hardware-enabling fix that fits the "Quirks" exception. It should be included to ensure this hardware works correctly on supported LTS releases. ### TODO Items - No further investigation required. **YES** drivers/platform/x86/huawei-wmi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/platform/x86/huawei-wmi.c b/drivers/platform/x86/huawei-wmi.c index c3772df34679f..8a4c54089ace3 100644 --- a/drivers/platform/x86/huawei-wmi.c +++ b/drivers/platform/x86/huawei-wmi.c @@ -81,6 +81,10 @@ static const struct key_entry huawei_wmi_keymap[] = { { KE_KEY, 0x289, { KEY_WLAN } }, // Huawei |M| key { KE_KEY, 0x28a, { KEY_CONFIG } }, + // HONOR YOYO key + { KE_KEY, 0x28b, { KEY_NOTIFICATION_CENTER } }, + // HONOR print screen + { KE_KEY, 0x28e, { KEY_PRINT } }, // Keyboard backlit { KE_IGNORE, 0x293, { KEY_KBDILLUMTOGGLE } }, { KE_IGNORE, 0x294, { KEY_KBDILLUMUP } }, -- 2.51.0

3 days, 2 hours

1
20
0 0

[PATCH] ksmbd: vfs: fix race on m_flags in vfs_cache

by Qianchang Zhao

ksmbd maintains delete-on-close and pending-delete state in ksmbd_inode->m_flags. In vfs_cache.c this field is accessed under inconsistent locking: some paths read and modify m_flags under ci->m_lock while others do so without taking the lock at all. Examples: - ksmbd_query_inode_status() and __ksmbd_inode_close() use ci->m_lock when checking or updating m_flags. - ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(), ksmbd_clear_inode_pending_delete() and ksmbd_fd_set_delete_on_close() used to read and modify m_flags without ci->m_lock. This creates a potential data race on m_flags when multiple threads open, close and delete the same file concurrently. In the worst case delete-on-close and pending-delete bits can be lost or observed in an inconsistent state, leading to confusing delete semantics (files that stay on disk after delete-on-close, or files that disappear while still in use). Fix it by: - Making ksmbd_query_inode_status() look at m_flags under ci->m_lock after dropping inode_hash_lock. - Adding ci->m_lock protection to all helpers that read or modify m_flags (ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(), ksmbd_clear_inode_pending_delete(), ksmbd_fd_set_delete_on_close()). - Keeping the existing ci->m_lock protection in __ksmbd_inode_close(), and moving the actual unlink/xattr removal outside the lock. This unifies the locking around m_flags and removes the data race while preserving the existing delete-on-close behaviour. Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com> --- fs/smb/server/vfs_cache.c | 114 +++++++++++++++++++++++++++++--------- 1 file changed, 87 insertions(+), 27 deletions(-) diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index dfed6fce8..b44e0d618 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -112,40 +112,88 @@ int ksmbd_query_inode_status(struct dentry *dentry) read_lock(&inode_hash_lock); ci = __ksmbd_inode_lookup(dentry); - if (ci) { - ret = KSMBD_INODE_STATUS_OK; - if (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS)) - ret = KSMBD_INODE_STATUS_PENDING_DELETE; - atomic_dec(&ci->m_count); - } read_unlock(&inode_hash_lock); + if (!ci) + return ret; + down_read(&ci->m_lock); + if (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS)) + ret = KSMBD_INODE_STATUS_PENDING_DELETE; + else + ret = KSMBD_INODE_STATUS_OK; + up_read(&ci->m_lock); + + atomic_dec(&ci->m_count); return ret; } bool ksmbd_inode_pending_delete(struct ksmbd_file *fp) { - return (fp->f_ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS)); + struct ksmbd_inode *ci; + bool ret; + + if (!fp) + return false; + + ci = fp->f_ci; + if (!ci) + return false; + + down_read(&ci->m_lock); + ret = ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS); + up_read(&ci->m_lock); + + return ret; } void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp) { - fp->f_ci->m_flags |= S_DEL_PENDING; + struct ksmbd_inode *ci; + + if (!fp) + return; + + ci = fp->f_ci; + if (!ci) + return; + + down_write(&ci->m_lock); + ci->m_flags |= S_DEL_PENDING; + up_write(&ci->m_lock); } void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp) { - fp->f_ci->m_flags &= ~S_DEL_PENDING; + struct ksmbd_inode *ci; + + if (!fp) + return; + + ci = fp->f_ci; + if (!ci) + return; + + down_write(&ci->m_lock); + ci->m_flags &= ~S_DEL_PENDING; + up_write(&ci->m_lock); } -void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, - int file_info) +void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, int file_info) { - if (ksmbd_stream_fd(fp)) { - fp->f_ci->m_flags |= S_DEL_ON_CLS_STREAM; + struct ksmbd_inode *ci; + + if (!fp) + return; + + ci = fp->f_ci; + if (!ci) return; - } - fp->f_ci->m_flags |= S_DEL_ON_CLS; + down_write(&ci->m_lock); + if (ksmbd_stream_fd(fp)) + ci->m_flags |= S_DEL_ON_CLS_STREAM; + else + ci->m_flags |= S_DEL_ON_CLS; + up_write(&ci->m_lock); } static void ksmbd_inode_hash(struct ksmbd_inode *ci) @@ -255,29 +303,41 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) struct ksmbd_inode *ci = fp->f_ci; int err; struct file *filp; + bool remove_stream_xattr = false; + bool do_unlink = false; filp = fp->filp; - if (ksmbd_stream_fd(fp) && (ci->m_flags & S_DEL_ON_CLS_STREAM)) { - ci->m_flags &= ~S_DEL_ON_CLS_STREAM; - err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp), - &filp->f_path, - fp->stream.name, - true); - if (err) - pr_err("remove xattr failed : %s\n", - fp->stream.name); + + if (ksmbd_stream_fd(fp)) { + down_write(&ci->m_lock); + if (ci->m_flags & S_DEL_ON_CLS_STREAM) { + ci->m_flags &= ~S_DEL_ON_CLS_STREAM; + remove_stream_xattr = true; + } + up_write(&ci->m_lock); + + if (remove_stream_xattr) { + err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp), + &filp->f_path, + fp->stream.name, + true); + if (err) + pr_err("remove xattr failed : %s\n", + fp->stream.name); + } } if (atomic_dec_and_test(&ci->m_count)) { down_write(&ci->m_lock); if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); - up_write(&ci->m_lock); - ksmbd_vfs_unlink(filp); - down_write(&ci->m_lock); + do_unlink = true; } up_write(&ci->m_lock); + if (do_unlink) + ksmbd_vfs_unlink(filp); + ksmbd_inode_free(ci); } } -- 2.34.1

3 days, 3 hours

2
1
0 0

LPO 94914 Monday, November 24, 2025 at 08:03:35 AM

by Gusikowski Inc

Dear Stable, I hope this message finds you well. I am reaching out to follow up regarding the products listed in the attached document, as I am currently gathering the necessary information to move forward with our evaluation and procurement process. Your insights and clarification will be greatly appreciated. To better understand your offerings, could you please provide more detailed information on the following: Pricing structure for each product, including any volume discounts or tiered pricing options. Availability and stock levels, especially for high-demand items or products with known lead times. Technical specifications, features, and product variations, so we can accurately assess compatibility with our needs. Current promotions, special offers, or bundled packages that may apply to this order. Shipping and logistics details, including available carriers, estimated delivery timelines, and any additional fees we should be aware of. If there are catalogs, brochures, or updated product sheets available, please feel free to include them as well. Any additional insight you can share regarding after-sales support, warranty terms, or return policies would also be helpful as we work toward a final decision. Due to the timelines of our internal review, I would greatly appreciate your prompt response at your earliest convenience. Your assistance plays a vital role in helping us move forward efficiently and confidently. Thank you again for your time, cooperation, and support. I look forward to hearing from you soon and continuing our discussion. Warm regards, Olive Bailey Head of Procurement

3 days, 3 hours

1
0
0 0

Supply Inquiry for Mexico 2026 FIFA

by Valeria R Elena

Dear Sir, I'm one of the registered and authorized International procurement consultants of the Mexico 2026 FIFA world cup. The government of Mexico through the Mexico 2026 FIFA World Cup Local Organizing Committee has approved a massive procurement of your products for nationwide distribution to Airports facilities, offices, stadiums, Hostels, Hotels, Shops, etc as part of their national and regional sensitization programs towards the hosting of the FIFA world cup 2026. The packaging of the products will be customized with the Mexico 2026 Logo. The Local Organizing Committee is looking for a capable company to handle the supply under a bidding process. I wish to know if your company will be interested to participate in this project so that we could discuss our possible collaboration to ensure a successful bidding. More details would be provided upon hearing from you. Best regards, Best Regards, Dr. Ms Valeria R Elena Green Palms México Ltd Mexico City La Ciudad de los Palacios

3 days, 4 hours

1
0
0 0

FAILED: patch "[PATCH] fs/proc: fix uaf in proc_readdir_de()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 895b4c0c79b092d732544011c3cecaf7322c36a1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112019-mantra-unwind-1db7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 895b4c0c79b092d732544011c3cecaf7322c36a1 Mon Sep 17 00:00:00 2001 From: Wei Yang <albinwyang(a)tencent.com> Date: Sat, 25 Oct 2025 10:42:33 +0800 Subject: [PATCH] fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2 sys_getdents64() | iterate_dir() | proc_readdir() | proc_readdir_de() | snmp6_unregister_dev() pde_get(de); | proc_remove() read_unlock(&proc_subdir_lock); | remove_proc_subtree() | write_lock(&proc_subdir_lock); [time window] | rb_erase(&root->subdir_node, &parent->subdir); | write_unlock(&proc_subdir_lock); read_lock(&proc_subdir_lock); | next = pde_subdir_next(de); | pde_put(de); | de = next; //UAF | rbtree of dev_snmp6 | pde(tun3) / \ NULL pde(tun2) Link: https://lkml.kernel.org/r/20251025024233.158363-1-albin_yang@163.com Signed-off-by: Wei Yang <albinwyang(a)tencent.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: wangzijie <wangzijie1(a)honor.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/proc/generic.c b/fs/proc/generic.c index 176281112273..501889856461 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -698,6 +698,12 @@ void pde_put(struct proc_dir_entry *pde) } } +static void pde_erase(struct proc_dir_entry *pde, struct proc_dir_entry *parent) +{ + rb_erase(&pde->subdir_node, &parent->subdir); + RB_CLEAR_NODE(&pde->subdir_node); +} + /* * Remove a /proc entry and free it if it's not currently in use. */ @@ -720,7 +726,7 @@ void remove_proc_entry(const char *name, struct proc_dir_entry *parent) WARN(1, "removing permanent /proc entry '%s'", de->name); de = NULL; } else { - rb_erase(&de->subdir_node, &parent->subdir); + pde_erase(de, parent); if (S_ISDIR(de->mode)) parent->nlink--; } @@ -764,7 +770,7 @@ int remove_proc_subtree(const char *name, struct proc_dir_entry *parent) root->parent->name, root->name); return -EINVAL; } - rb_erase(&root->subdir_node, &parent->subdir); + pde_erase(root, parent); de = root; while (1) { @@ -776,7 +782,7 @@ int remove_proc_subtree(const char *name, struct proc_dir_entry *parent) next->parent->name, next->name); return -EINVAL; } - rb_erase(&next->subdir_node, &de->subdir); + pde_erase(next, de); de = next; continue; }

3 days, 8 hours

3
2
0 0

[PATCH 5.4.y] fs/proc: fix uaf in proc_readdir_de()

by albin_yang＠163.com

From: Wei Yang <albinwyang(a)tencent.com> commit 895b4c0c79b092d732544011c3cecaf7322c36a1 upstream. Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2 sys_getdents64() | iterate_dir() | proc_readdir() | proc_readdir_de() | snmp6_unregister_dev() pde_get(de); | proc_remove() read_unlock(&proc_subdir_lock); | remove_proc_subtree() | write_lock(&proc_subdir_lock); [time window] | rb_erase(&root->subdir_node, &parent->subdir); | write_unlock(&proc_subdir_lock); read_lock(&proc_subdir_lock); | next = pde_subdir_next(de); | pde_put(de); | de = next; //UAF | rbtree of dev_snmp6 | pde(tun3) / \ NULL pde(tun2) Link: https://lkml.kernel.org/r/20251025024233.158363-1-albin_yang@163.com Signed-off-by: Wei Yang <albinwyang(a)tencent.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: wangzijie <wangzijie1(a)honor.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/generic.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/fs/proc/generic.c b/fs/proc/generic.c index 372b4dad4863..c4a7d96787f3 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -671,6 +671,12 @@ void pde_put(struct proc_dir_entry *pde) } } +static void pde_erase(struct proc_dir_entry *pde, struct proc_dir_entry *parent) +{ + rb_erase(&pde->subdir_node, &parent->subdir); + RB_CLEAR_NODE(&pde->subdir_node); +} + /* * Remove a /proc entry and free it if it's not currently in use. */ @@ -689,7 +695,7 @@ void remove_proc_entry(const char *name, struct proc_dir_entry *parent) de = pde_subdir_find(parent, fn, len); if (de) { - rb_erase(&de->subdir_node, &parent->subdir); + pde_erase(de, parent); if (S_ISDIR(de->mode)) { parent->nlink--; } @@ -727,13 +733,13 @@ int remove_proc_subtree(const char *name, struct proc_dir_entry *parent) write_unlock(&proc_subdir_lock); return -ENOENT; } - rb_erase(&root->subdir_node, &parent->subdir); + pde_erase(root, parent); de = root; while (1) { next = pde_subdir_first(de); if (next) { - rb_erase(&next->subdir_node, &de->subdir); + pde_erase(next, de); de = next; continue; } -- 2.43.7

3 days, 9 hours

1
0
0 0

[PATCH] nvmem: apple-spmi-nvmem: wrap regmap calls to satisfy CFI

by Jens Reidel

The Apple SPMI NVMEM driver previously cast regmap_bulk_read/write to void * when assigning them to nvmem_config's reg_read/reg_write function pointers. This cast breaks the expected function signature of nvmem_reg_read_t and nvmem_reg_write_t. With CFI enabled, indirect calls through these pointers fail: CFI failure at nvmem_reg_write+0x194/0x1e4 (target: regmap_bulk_write+0x0/0x2c8; expected type: 0x83a189c3) ... Call trace: nvmem_reg_write+0x194/0x1e4 (P) __nvmem_cell_entry_write+0x298/0x2e8 nvmem_cell_write+0x24/0x34 macsmc_reboot_probe+0x1dc/0x454 [macsmc_reboot] ... Introduce thin wrapper functions with the correct nvmem function pointer types to satisfy the CFI checks. Fixes: fe91c24a551c ("nvmem: Add apple-spmi-nvmem driver") Signed-off-by: Jens Reidel <adrian(a)mainlining.org> Reported-by: Clayton Craft <craftyguy(a)postmarketos.org> Tested-by: Clayton Craft <craftyguy(a)postmarketos.org> Cc: stable(a)vger.kernel.org --- drivers/nvmem/apple-spmi-nvmem.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/drivers/nvmem/apple-spmi-nvmem.c b/drivers/nvmem/apple-spmi-nvmem.c index 88614005d5ce1dc2d1cafcb89ac66d8376ffcc96..7acb0c07d6abe9e9984908f5ea2f4e2e9c10bb06 100644 --- a/drivers/nvmem/apple-spmi-nvmem.c +++ b/drivers/nvmem/apple-spmi-nvmem.c @@ -18,6 +18,22 @@ static const struct regmap_config apple_spmi_regmap_config = { .max_register = 0xffff, }; +static int apple_spmi_nvmem_read(void *priv, unsigned int offset, void *val, + size_t bytes) +{ + struct regmap *map = priv; + + return regmap_bulk_read(map, offset, val, bytes); +} + +static int apple_spmi_nvmem_write(void *priv, unsigned int offset, void *val, + size_t bytes) +{ + struct regmap *map = priv; + + return regmap_bulk_write(map, offset, val, bytes); +} + static int apple_spmi_nvmem_probe(struct spmi_device *sdev) { struct regmap *regmap; @@ -28,8 +44,8 @@ static int apple_spmi_nvmem_probe(struct spmi_device *sdev) .word_size = 1, .stride = 1, .size = 0xffff, - .reg_read = (void *)regmap_bulk_read, - .reg_write = (void *)regmap_bulk_write, + .reg_read = apple_spmi_nvmem_read, + .reg_write = apple_spmi_nvmem_write, }; regmap = devm_regmap_init_spmi_ext(sdev, &apple_spmi_regmap_config); --- base-commit: 0c1c7a6a83feaf2cf182c52983ffe330ffb50280 change-id: 20251118-apple-spmi-nvmem-cfi-6037c1abfd12 Best regards, -- Jens Reidel <adrian(a)mainlining.org>

3 days, 13 hours

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror