- Linux-stable-mirror - lists.linaro.org

[PATCH net] ptp: Return -EINVAL on ptp_clock_register if required ops are NULL

by Tim Hostetler

ptp_clock should never be registered unless it stubs one of gettimex64() or gettime64() and settime64(). WARN_ON_ONCE and error out if either set of function pointers is null. Cc: stable(a)vger.kernel.org Fixes: d7d38f5bd7be ("ptp: use the 64 bit get/set time methods for the posix clock.") Suggested-by: Kuniyuki Iwashima <kuniyu(a)google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu(a)google.com> Reviewed-by: Harshitha Ramamurthy <hramamurthy(a)google.com> Signed-off-by: Tim Hostetler <thostet(a)google.com> --- drivers/ptp/ptp_clock.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c index ef020599b771..0bc79076771b 100644 --- a/drivers/ptp/ptp_clock.c +++ b/drivers/ptp/ptp_clock.c @@ -325,6 +325,10 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, if (info->n_alarm > PTP_MAX_ALARMS) return ERR_PTR(-EINVAL); + if (WARN_ON_ONCE((!info->gettimex64 && !info->gettime64) || + !info->settime64)) + return ERR_PTR(-EINVAL); + /* Initialize a clock structure. */ ptp = kzalloc(sizeof(struct ptp_clock), GFP_KERNEL); if (!ptp) { -- 2.51.1.851.g4ebd6896fd-goog

17 minutes

2
1
0 0

[PATCH v2] tools/testing/nvdimm: Use per-DIMM device handle

by Alison Schofield

KASAN reports a global-out-of-bounds access when running these nfit tests: clear.sh, pmem-errors.sh, pfn-meta-errors.sh, btt-errors.sh, daxdev-errors.sh, and inject-error.sh. [] BUG: KASAN: global-out-of-bounds in nfit_test_ctl+0x769f/0x7840 [nfit_test] [] Read of size 4 at addr ffffffffc03ea01c by task ndctl/1215 [] The buggy address belongs to the variable: [] handle+0x1c/0x1df4 [nfit_test] nfit_test_search_spa() uses handle[nvdimm->id] to retrieve a device handle and triggers a KASAN error when it reads past the end of the handle array. It should not be indexing the handle array at all. The correct device handle is stored in per-DIMM test data. Each DIMM has a struct nfit_mem that embeds a struct acpi_nfit_memdev that describes the NFIT device handle. Use that device handle here. Fixes: 10246dc84dfc ("acpi nfit: nfit_test supports translate SPA") Cc: <stable(a)vger.kernel.org> Signed-off-by: Alison Schofield <alison.schofield(a)intel.com> --- Changes in v2: - Use the correct handle in per-DIMM test data (Dan) - Update commit message and log - Update Fixes Tag tools/testing/nvdimm/test/nfit.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c index cfd4378e2129..f87e9f251d13 100644 --- a/tools/testing/nvdimm/test/nfit.c +++ b/tools/testing/nvdimm/test/nfit.c @@ -670,6 +670,7 @@ static int nfit_test_search_spa(struct nvdimm_bus *bus, .addr = spa->spa, .region = NULL, }; + struct nfit_mem *nfit_mem; u64 dpa; ret = device_for_each_child(&bus->dev, &ctx, @@ -687,8 +688,12 @@ static int nfit_test_search_spa(struct nvdimm_bus *bus, */ nd_mapping = &nd_region->mapping[nd_region->ndr_mappings - 1]; nvdimm = nd_mapping->nvdimm; + nfit_mem = nvdimm_provider_data(nvdimm); + if (!nfit_mem) + return -EINVAL; - spa->devices[0].nfit_device_handle = handle[nvdimm->id]; + spa->devices[0].nfit_device_handle = + __to_nfit_memdev(nfit_mem)->device_handle; spa->num_nvdimms = 1; spa->devices[0].dpa = dpa; base-commit: 211ddde0823f1442e4ad052a2f30f050145ccada -- 2.37.3

1 hour, 13 minutes

1
0
0 0

[PATCH] tools/testing/nvdimm: Stop read past end of global handle array

by Alison Schofield

KASAN reports a global-out-of-bounds access when running these nfit tests: clear.sh, pmem-errors, pfn-meta-errors.sh, btt-errors.sh, daxdev-errors.sh, and inject-error.sh. [] BUG: KASAN: global-out-of-bounds in nfit_test_ctl+0x769f/0x7840 [nfit_test] [] Read of size 4 at addr ffffffffc03ea01c by task ndctl/1215 [] The buggy address belongs to the variable: [] handle+0x1c/0x1df4 [nfit_test] The nfit_test mock platform defines a static table of 7 NFIT DIMM handles, but nfit_test.0 builds 8 mock DIMMs total (5 DCR + 3 PM). When the final DIMM (id == 7) is selected, this code: spa->devices[0].nfit_device_handle = handle[nvdimm->id]; indexes past the end of the 7-entry table, triggering KASAN. Fix this by adding an eighth entry to the handle[] table and a defensive bounds check so the test fails cleanly instead of dereferencing out-of-bounds memory. To generate a unique handle, the new entry sets the 'imc' field rather than the 'chan' field. This matches the pattern of earlier entries and avoids introducing a non-zero 'chan' which is never used in the table. Computing the new handle shows no collision. Notes from spelunkering for a Fixes Tag: Commit 209851649dc4 ("acpi: nfit: Add support for hot-add") increased the mock DIMMs to eight yet kept the handle[] array at seven. Commit 10246dc84dfc ("acpi nfit: nfit_test supports translate SPA") began using the last mock DIMM, triggering the KASAN. Commit af31b04b67f4 ("tools/testing/nvdimm: Fix the array size for dimm devices.") addressed a related KASAN warning but not the actual handle array length. Fixes: 209851649dc4 ("acpi: nfit: Add support for hot-add") Cc: <stable(a)vger.kernel.org> Signed-off-by: Alison Schofield <alison.schofield(a)intel.com> --- tools/testing/nvdimm/test/nfit.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c index cfd4378e2129..cdbf9e8ee80a 100644 --- a/tools/testing/nvdimm/test/nfit.c +++ b/tools/testing/nvdimm/test/nfit.c @@ -129,6 +129,7 @@ static u32 handle[] = { [4] = NFIT_DIMM_HANDLE(0, 1, 0, 0, 0), [5] = NFIT_DIMM_HANDLE(1, 0, 0, 0, 0), [6] = NFIT_DIMM_HANDLE(1, 0, 0, 0, 1), + [7] = NFIT_DIMM_HANDLE(1, 0, 1, 0, 1), }; static unsigned long dimm_fail_cmd_flags[ARRAY_SIZE(handle)]; @@ -688,6 +689,13 @@ static int nfit_test_search_spa(struct nvdimm_bus *bus, nd_mapping = &nd_region->mapping[nd_region->ndr_mappings - 1]; nvdimm = nd_mapping->nvdimm; + if (WARN_ON_ONCE(nvdimm->id >= ARRAY_SIZE(handle))) { + dev_err(&bus->dev, + "invalid nvdimm->id %u >= handle array size %zu\n", + nvdimm->id, ARRAY_SIZE(handle)); + return -EINVAL; + } + spa->devices[0].nfit_device_handle = handle[nvdimm->id]; spa->num_nvdimms = 1; spa->devices[0].dpa = dpa; base-commit: 211ddde0823f1442e4ad052a2f30f050145ccada -- 2.37.3

1 hour, 30 minutes

3
3
0 0

[PATCH 6.17 00/35] 6.17.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.7 release. There are 35 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 02 Nov 2025 14:00:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.7-rc1 Menglong Dong <menglong8.dong(a)gmail.com> arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Tejun Heo <tj(a)kernel.org> sched_ext: Make qmap dump operation non-destructive Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add inode extref checks Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction if we fail to update inode in log replay dir fixup Filipe Manana <fdmanana(a)suse.com> btrfs: use level argument in log tree walk callback replay_one_buffer() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: refine extent allocator hint selection Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: return error from btrfs_zone_finish_endio() Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction in the process_one_buffer() log tree walk callback Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on specific error places when walking log tree Chen Ridong <chenridong(a)huawei.com> cpuset: Use new excpus for nocpu error check when enabling root partition Avadhut Naik <avadhut.naik(a)amd.com> EDAC/mc_sysfs: Increase legacy channel support to 16 David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Aaron Lu <ziqianlu(a)bytedance.com> sched/fair: update_cfs_group() for throttled cfs_rqs David Kaplan <david.kaplan(a)amd.com> x86/bugs: Add attack vector controls for VMSCAPE Tejun Heo <tj(a)kernel.org> sched_ext: Keep bypass on between enable failure and scx_disable_workfn() Jiri Olsa <jolsa(a)kernel.org> seccomp: passthrough uprobe systemcall without filtering Kuan-Wei Chiu <visitorckw(a)gmail.com> EDAC: Fix wrong executable file modes for C source files Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Skip user unwind if the task is a kernel thread Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Have get_perf_callchain() return NULL if crosstask and user are set Steven Rostedt <rostedt(a)goodmis.org> perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK Kyle Manna <kyle(a)kylemanna.com> EDAC/ie31200: Add two more Intel Alder Lake-S SoCs for EDAC support Richard Guy Briggs <rgb(a)redhat.com> audit: record fanotify event regardless of presence of rules Charles Keepax <ckeepax(a)opensource.cirrus.com> genirq/manage: Add buslock back in to enable_irq() Charles Keepax <ckeepax(a)opensource.cirrus.com> genirq/manage: Add buslock back in to __disable_irq_nosync() Charles Keepax <ckeepax(a)opensource.cirrus.com> genirq/chip: Add buslock back in to irq_set_handler() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Qualify RETBLEED_INTEL_MSG David Kaplan <david.kaplan(a)amd.com> x86/bugs: Report correct retbleed mitigation status Haofeng Li <lihaofeng(a)kylinos.cn> timekeeping: Fix aux clocks sysfs initialization loop bound Tejun Heo <tj(a)kernel.org> sched_ext: Sync error_irq_work before freeing scx_sched Tejun Heo <tj(a)kernel.org> sched_ext: Put event_stats_cpu in struct scx_sched_pcpu Tejun Heo <tj(a)kernel.org> sched_ext: Move internal type and accessor definitions to ext_internal.h ------------- Diffstat: .../admin-guide/hw-vuln/attack_vector_controls.rst | 1 + Makefile | 4 +- arch/alpha/kernel/asm-offsets.c | 1 + arch/arc/kernel/asm-offsets.c | 1 + arch/arm/kernel/asm-offsets.c | 2 + arch/arm64/kernel/asm-offsets.c | 1 + arch/csky/kernel/asm-offsets.c | 1 + arch/hexagon/kernel/asm-offsets.c | 1 + arch/loongarch/kernel/asm-offsets.c | 2 + arch/m68k/kernel/asm-offsets.c | 1 + arch/microblaze/kernel/asm-offsets.c | 1 + arch/mips/kernel/asm-offsets.c | 2 + arch/nios2/kernel/asm-offsets.c | 1 + arch/openrisc/kernel/asm-offsets.c | 1 + arch/parisc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/riscv/kernel/asm-offsets.c | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/sh/kernel/asm-offsets.c | 1 + arch/sparc/kernel/asm-offsets.c | 1 + arch/um/kernel/asm-offsets.c | 2 + arch/x86/events/intel/core.c | 10 +- arch/x86/include/asm/perf_event.h | 6 +- arch/x86/kernel/cpu/bugs.c | 27 +- arch/x86/kvm/pmu.h | 2 +- arch/xtensa/kernel/asm-offsets.c | 1 + drivers/edac/ecs.c | 0 drivers/edac/edac_mc_sysfs.c | 24 + drivers/edac/ie31200_edac.c | 4 + drivers/edac/mem_repair.c | 0 drivers/edac/scrub.c | 0 fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 6 +- fs/btrfs/inode.c | 7 +- fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 37 + fs/btrfs/tree-log.c | 64 +- fs/btrfs/zoned.c | 8 +- fs/btrfs/zoned.h | 9 +- include/linux/audit.h | 2 +- kernel/cgroup/cpuset.c | 6 +- kernel/events/callchain.c | 16 +- kernel/events/core.c | 7 +- kernel/irq/chip.c | 2 +- kernel/irq/manage.c | 4 +- kernel/sched/build_policy.c | 1 + kernel/sched/ext.c | 1056 +------------------ kernel/sched/ext.h | 23 - kernel/sched/ext_internal.h | 1064 ++++++++++++++++++++ kernel/sched/fair.c | 3 - kernel/seccomp.c | 32 +- kernel/time/timekeeping.c | 2 +- tools/sched_ext/scx_qmap.bpf.c | 18 +- 54 files changed, 1326 insertions(+), 1150 deletions(-)

1 hour, 57 minutes

9
43
0 0

[PATCH] arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1

by Quentin Schulz

From: Quentin Schulz <quentin.schulz(a)cherry.de> In commit 296602b8e5f7 ("arm64: dts: rockchip: Move RK3399 OPPs to dtsi files for SoC variants"), everything shared between variants of RK3399 was put into rk3399-base.dtsi and the rest in variant-specific DTSI, such as rk3399-t, rk3399-op1, rk3399, etc. Therefore, the variant-specific DTSI should include rk3399-base.dtsi and not another variant's DTSI. rk3399-op1 wrongly includes rk3399 (a variant) DTSI instead of rk3399-base DTSI, let's fix this oversight by including the intended DTSI. Fortunately, this had no impact on the resulting DTB since all nodes were named the same and all node properties were overridden in rk3399-op1.dtsi. This was checked by doing a checksum of rk3399-op1 DTBs before and after this commit. No intended change in behavior. Fixes: 296602b8e5f7 ("arm64: dts: rockchip: Move RK3399 OPPs to dtsi files for SoC variants") Cc: stable(a)vger.kernel.org Signed-off-by: Quentin Schulz <quentin.schulz(a)cherry.de> --- arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi index c4f4f1ff6117b..9da6fd82e46b2 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi @@ -3,7 +3,7 @@ * Copyright (c) 2016-2017 Fuzhou Rockchip Electronics Co., Ltd */ -#include "rk3399.dtsi" +#include "rk3399-base.dtsi" / { cluster0_opp: opp-table-0 { --- base-commit: e53642b87a4f4b03a8d7e5f8507fc3cd0c595ea6 change-id: 20251029-rk3399-op1-include-b311b4e16909 Best regards, -- Quentin Schulz <quentin.schulz(a)cherry.de>

2 hours, 2 minutes

3
2
0 0

[PATCH v2] arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2

by Diederik de Haas

Page 13 of the PineTab2 v2 schematic dd 20230417 shows VCCIO4's power source is VCCIO_WL. Page 19 shows that VCCIO_WL is connected to VCCA1V8_PMU, so fix the PineTab2 dtsi to reflect that. Fixes: 1b7e19448f8f ("arm64: dts: rockchip: Add devicetree for Pine64 PineTab2") Cc: stable(a)vger.kernel.org Reviewed-by: Dragan Simic <dsimic(a)manjaro.org> Signed-off-by: Diederik de Haas <diederik(a)cknow-tech.com> --- Changes since v1: - Added Fixes tag (Dragan) - Added R-b tag arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi b/arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi index d0e38412d56a..08bf40de17ea 100644 --- a/arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi @@ -789,7 +789,7 @@ &pmu_io_domains { vccio1-supply = <&vccio_acodec>; vccio2-supply = <&vcc_1v8>; vccio3-supply = <&vccio_sd>; - vccio4-supply = <&vcc_1v8>; + vccio4-supply = <&vcca1v8_pmu>; vccio5-supply = <&vcc_1v8>; vccio6-supply = <&vcc1v8_dvp>; vccio7-supply = <&vcc_3v3>; -- 2.51.0

2 hours, 2 minutes

2
1
0 0

[PATCH 6.6 00/32] 6.6.116-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.116 release. There are 32 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 02 Nov 2025 14:00:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.116-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.116-rc1 William Breathitt Gray <wbg(a)kernel.org> gpio: idio-16: Define fixed direction of the GPIO lines Ioana Ciornei <ioana.ciornei(a)nxp.com> gpio: regmap: add the .fixed_direction_output configuration parameter Mathieu Dubois-Briand <mathieu.dubois-briand(a)bootlin.com> gpio: regmap: Allow to allocate regmap-irq device Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> bits: introduce fixed-type GENMASK_U*() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> bits: add comments and newlines to #if, #else and #endif directives Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Uday M Bhat <uday.m.bhat(a)intel.com> xhci: dbc: Allow users to modify DbC poll interval via sysfs Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: poll at different rate depending on data transfer activity Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove useless enable of enhanced features Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: refactor EFR lock Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: reorder code to remove prototype declarations Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove unused to_sc16is7xx_port macro Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: disable add_addr retrans in endpoint_tests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Menglong Dong <menglong8.dong(a)gmail.com> arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: use level argument in log tree walk callback replay_one_buffer() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: refine extent allocator hint selection Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: return error from btrfs_zone_finish_endio() Avadhut Naik <avadhut.naik(a)amd.com> EDAC/mc_sysfs: Increase legacy channel support to 16 David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline David Kaplan <david.kaplan(a)amd.com> x86/bugs: Report correct retbleed mitigation status Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Skip user unwind if the task is a kernel thread Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Have get_perf_callchain() return NULL if crosstask and user are set Steven Rostedt <rostedt(a)goodmis.org> perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Richard Guy Briggs <rgb(a)redhat.com> audit: record fanotify event regardless of presence of rules Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 10 ++ Makefile | 4 +- arch/alpha/kernel/asm-offsets.c | 1 + arch/arc/kernel/asm-offsets.c | 1 + arch/arm/kernel/asm-offsets.c | 2 + arch/arm64/kernel/asm-offsets.c | 1 + arch/csky/kernel/asm-offsets.c | 1 + arch/hexagon/kernel/asm-offsets.c | 1 + arch/loongarch/kernel/asm-offsets.c | 2 + arch/m68k/kernel/asm-offsets.c | 1 + arch/microblaze/kernel/asm-offsets.c | 1 + arch/mips/kernel/asm-offsets.c | 2 + arch/nios2/kernel/asm-offsets.c | 1 + arch/openrisc/kernel/asm-offsets.c | 1 + arch/parisc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/riscv/kernel/asm-offsets.c | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/sh/kernel/asm-offsets.c | 1 + arch/sparc/kernel/asm-offsets.c | 1 + arch/um/kernel/asm-offsets.c | 2 + arch/x86/kernel/cpu/bugs.c | 9 +- arch/xtensa/kernel/asm-offsets.c | 1 + drivers/edac/edac_mc_sysfs.c | 24 +++ drivers/gpio/gpio-idio-16.c | 5 + drivers/gpio/gpio-regmap.c | 53 +++++- drivers/tty/serial/sc16is7xx.c | 185 ++++++++++----------- drivers/usb/host/xhci-dbgcap.c | 70 +++++++- drivers/usb/host/xhci-dbgcap.h | 7 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 6 +- fs/btrfs/inode.c | 7 +- fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 9 +- fs/btrfs/zoned.c | 8 +- fs/btrfs/zoned.h | 9 +- include/linux/audit.h | 2 +- include/linux/bitops.h | 1 - include/linux/bits.h | 38 ++++- include/linux/gpio/regmap.h | 16 ++ include/net/pkt_sched.h | 25 ++- kernel/events/callchain.c | 16 +- kernel/events/core.c | 7 +- net/mptcp/pm_netlink.c | 6 + net/sched/sch_api.c | 10 -- net/sched/sch_hfsc.c | 16 -- net/sched/sch_qfq.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 3 +- 49 files changed, 405 insertions(+), 174 deletions(-)

2 hours, 18 minutes

5
36
0 0

[PATCH 6.12 00/40] 6.12.57-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.57 release. There are 40 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 02 Nov 2025 14:00:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.57-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.57-rc1 Edward Cree <ecree.xilinx(a)gmail.com> sfc: fix NULL dereferences in ef100_process_design_param() Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() Kees Bakker <kees(a)ijzerbout.nl> iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE William Breathitt Gray <wbg(a)kernel.org> gpio: idio-16: Define fixed direction of the GPIO lines Ioana Ciornei <ioana.ciornei(a)nxp.com> gpio: regmap: add the .fixed_direction_output configuration parameter Mathieu Dubois-Briand <mathieu.dubois-briand(a)bootlin.com> gpio: regmap: Allow to allocate regmap-irq device Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> bits: introduce fixed-type GENMASK_U*() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> bits: add comments and newlines to #if, #else and #endif directives Wang Liang <wangliang74(a)huawei.com> bonding: check xdp prog when set bond mode Hangbin Liu <liuhangbin(a)gmail.com> bonding: return detailed error when loading native XDP fails Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid panic once fallocation fails for pinfile Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Geliang Tang <geliang(a)kernel.org> selftests: mptcp: disable add_addr retrans in endpoint_tests Jonathan Corbet <corbet(a)lwn.net> docs: kdoc: handle the obsolescensce of docutils.ErrorString() Menglong Dong <menglong8.dong(a)gmail.com> arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Tejun Heo <tj(a)kernel.org> sched_ext: Make qmap dump operation non-destructive Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add inode extref checks Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction if we fail to update inode in log replay dir fixup Filipe Manana <fdmanana(a)suse.com> btrfs: use level argument in log tree walk callback replay_one_buffer() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: refine extent allocator hint selection Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: return error from btrfs_zone_finish_endio() Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction in the process_one_buffer() log tree walk callback Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on specific error places when walking log tree Chen Ridong <chenridong(a)huawei.com> cpuset: Use new excpus for nocpu error check when enabling root partition Avadhut Naik <avadhut.naik(a)amd.com> EDAC/mc_sysfs: Increase legacy channel support to 16 David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline David Kaplan <david.kaplan(a)amd.com> x86/bugs: Report correct retbleed mitigation status Jiri Olsa <jolsa(a)kernel.org> seccomp: passthrough uprobe systemcall without filtering Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Skip user unwind if the task is a kernel thread Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Have get_perf_callchain() return NULL if crosstask and user are set Steven Rostedt <rostedt(a)goodmis.org> perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK Richard Guy Briggs <rgb(a)redhat.com> audit: record fanotify event regardless of presence of rules Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: Documentation/sphinx/kernel_abi.py | 4 +- Documentation/sphinx/kernel_feat.py | 4 +- Documentation/sphinx/kernel_include.py | 6 ++- Documentation/sphinx/maintainers_include.py | 4 +- Makefile | 4 +- arch/alpha/kernel/asm-offsets.c | 1 + arch/arc/kernel/asm-offsets.c | 1 + arch/arm/kernel/asm-offsets.c | 2 + arch/arm64/kernel/asm-offsets.c | 1 + arch/csky/kernel/asm-offsets.c | 1 + arch/hexagon/kernel/asm-offsets.c | 1 + arch/loongarch/kernel/asm-offsets.c | 2 + arch/m68k/kernel/asm-offsets.c | 1 + arch/microblaze/kernel/asm-offsets.c | 1 + arch/mips/kernel/asm-offsets.c | 2 + arch/nios2/kernel/asm-offsets.c | 1 + arch/openrisc/kernel/asm-offsets.c | 1 + arch/parisc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/riscv/kernel/asm-offsets.c | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/sh/kernel/asm-offsets.c | 1 + arch/sparc/kernel/asm-offsets.c | 1 + arch/um/kernel/asm-offsets.c | 2 + arch/x86/events/intel/core.c | 10 ++-- arch/x86/include/asm/perf_event.h | 6 ++- arch/x86/kernel/cpu/bugs.c | 9 ++-- arch/x86/kvm/pmu.h | 2 +- arch/xtensa/kernel/asm-offsets.c | 1 + drivers/dma-buf/udmabuf.c | 2 +- drivers/edac/edac_mc_sysfs.c | 24 ++++++++++ drivers/gpio/gpio-idio-16.c | 5 ++ drivers/gpio/gpio-regmap.c | 53 ++++++++++++++++++-- drivers/iommu/intel/iommu.c | 7 +-- drivers/net/bonding/bond_main.c | 11 +++-- drivers/net/bonding/bond_options.c | 3 ++ drivers/net/ethernet/sfc/ef100_netdev.c | 6 +-- drivers/net/ethernet/sfc/ef100_nic.c | 47 ++++++++---------- drivers/net/wireless/ath/ath12k/mac.c | 6 +-- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 6 ++- fs/btrfs/inode.c | 7 +-- fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 37 ++++++++++++++ fs/btrfs/tree-log.c | 64 +++++++++++++++++++------ fs/btrfs/zoned.c | 8 ++-- fs/btrfs/zoned.h | 9 ++-- fs/f2fs/file.c | 8 ++-- fs/f2fs/segment.c | 20 ++++---- include/linux/audit.h | 2 +- include/linux/bitops.h | 1 - include/linux/bits.h | 38 ++++++++++++++- include/linux/gpio/regmap.h | 16 +++++++ include/net/bonding.h | 1 + include/net/pkt_sched.h | 25 +++++++++- kernel/cgroup/cpuset.c | 6 +-- kernel/events/callchain.c | 16 +++---- kernel/events/core.c | 7 +-- kernel/seccomp.c | 32 ++++++++++--- net/mptcp/pm_netlink.c | 6 +++ net/sched/sch_api.c | 10 ---- net/sched/sch_hfsc.c | 16 ------- net/sched/sch_qfq.c | 2 +- net/wireless/reg.c | 4 ++ tools/sched_ext/scx_qmap.bpf.c | 18 ++++++- tools/testing/selftests/net/mptcp/mptcp_join.sh | 3 +- 67 files changed, 442 insertions(+), 164 deletions(-)

2 hours, 19 minutes

6
45
0 0

+ mm-secretmem-fix-use-after-free-race-in-fault-handler.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/secretmem: fix use-after-free race in fault handler has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-secretmem-fix-use-after-free-race-in-fault-handler.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lance Yang <lance.yang(a)linux.dev> Subject: mm/secretmem: fix use-after-free race in fault handler Date: Fri, 31 Oct 2025 20:09:55 +0800 When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as not-present in the direct map, and add it to the file mapping. If two tasks cause a fault in the same page concurrently, both could end up allocating a folio and removing the page from the direct map, but only one would succeed in adding the folio to the file mapping. The task that failed undoes the effects of its attempt by (a) freeing the folio again and (b) putting the page back into the direct map. However, by doing these two operations in this order, the page becomes available to the allocator again before it is placed back in the direct mapping. If another task attempts to allocate the page between (a) and (b), and the kernel tries to access it via the direct map, it would result in a supervisor not-present page fault. Fix the ordering to restore the direct map before the folio is freed. Link: https://lkml.kernel.org/r/20251031120955.92116-1-lance.yang@linux.dev Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: Lance Yang <lance.yang(a)linux.dev> Reported-by: Google Big Sleep <big-sleep-vuln-reports(a)google.com> Closes: https://lore.kernel.org/linux-mm/CAEXGt5QeDpiHTu3K9tvjUTPqo+d-=wuCNYPa+6sWK… Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/secretmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/secretmem.c~mm-secretmem-fix-use-after-free-race-in-fault-handler +++ a/mm/secretmem.c @@ -82,13 +82,13 @@ retry: __folio_mark_uptodate(folio); err = filemap_add_folio(mapping, folio, offset, gfp); if (unlikely(err)) { - folio_put(folio); /* * If a split of large page was required, it * already happened when we marked the page invalid * which guarantees that this call won't fail */ set_direct_map_default_noflush(folio_page(folio, 0)); + folio_put(folio); if (err == -EEXIST) goto retry; _ Patches currently in -mm which might be from lance.yang(a)linux.dev are mm-secretmem-fix-use-after-free-race-in-fault-handler.patch mm-khugepaged-guard-is_zero_pfn-calls-with-pte_present.patch

2 hours, 57 minutes

1
0
0 0

[PATCH 0/2] fuse: Fix missing fuse_copy_finish in dev_uring.c

by Bernd Schubert

Both argument copies in dev_uring.c miss fuse_copy_finish. Signed-off-by: Bernd Schubert <bschubert(a)ddn.com> --- Bernd Schubert (1): fuse: Fix whitespace for fuse_uring_args_to_ring() comment Cheng Ding (1): fuse: missing copy_finish in fuse-over-io-uring argument copies fs/fuse/dev.c | 2 +- fs/fuse/dev_uring.c | 18 ++++++++++++------ fs/fuse/fuse_dev_i.h | 1 + 3 files changed, 14 insertions(+), 7 deletions(-) --- base-commit: 6548d364a3e850326831799d7e3ea2d7bb97ba08 change-id: 20251021-io-uring-fixes-copy-finish-07ae602e2ab1 Best regards, -- Bernd Schubert <bschubert(a)ddn.com>

3 hours, 25 minutes

2
2
0 0

[PATCH 5.10 000/332] 5.10.246-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.246 release. There are 332 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.246-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.246-rc1 Li Jinlin <lijinlin3(a)huawei.com> fsdax: Fix infinite loop in dax_iomap_rw() Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't fail in riscv_of_parent_hartid() for disabled HARTs Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Krzysztof Wilczyński <kw(a)linux.com> PCI/sysfs: Use sysfs_emit() and sysfs_emit_at() in "show" functions Maximilian Luz <luzmaximilian(a)gmail.com> PCI: Add sysfs attribute for device power state Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Sunil V L <sunilvl(a)ventanamicro.com> riscv: cpu: Add 64bit hartid support on RV64 Tsukasa OI <research_trasio(a)irq.a4lg.com> RISC-V: Minimal parser for "riscv, isa" strings Tsukasa OI <research_trasio(a)irq.a4lg.com> RISC-V: Correctly print supported extensions Rob Herring <robh(a)kernel.org> riscv: Use of_get_cpu_hwid() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add msg kind names Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Barry Song <song.bao.hua(a)hisilicon.com> sched/fair: Trivial correction of the newidle_balance() comment Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Jakub Kicinski <kuba(a)kernel.org> net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Christoph Hellwig <hch(a)lst.de> fsdax: switch dax_iomap_rw to use iomap_iter Christoph Hellwig <hch(a)lst.de> iomap: add the new iomap_iter model Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Jason A. Donenfeld <Jason(a)zx2c4.com> wifi: rt2x00: use explicitly signed or unsigned types Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: pci/ivtv: switch from 'pci_' to 'dma_' API David Laight <David.Laight(a)ACULAB.COM> minmax.h: remove some #defines that are only expanded once David Laight <David.Laight(a)ACULAB.COM> minmax.h: simplify the variants of clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: move all the clamp() definitions after the min/max() ones David Laight <David.Laight(a)ACULAB.COM> minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: reduce the #define expansion of min(), max() and clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: update some comments David Laight <David.Laight(a)ACULAB.COM> minmax.h: add whitespace around operators and after commas Linus Torvalds <torvalds(a)linux-foundation.org> minmax: fix up min3() and max3() too Linus Torvalds <torvalds(a)linux-foundation.org> minmax: improve macro expansion and type checking Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify min()/max()/clamp() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: don't use max() in situations that want a C constant expression Linus Torvalds <torvalds(a)linux-foundation.org> minmax: make generic MIN() and MAX() macros available everywhere Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify and clarify min_t()/max_t() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: add a few more MIN_T/MAX_T users Linus Torvalds <torvalds(a)linux-foundation.org> minmax: avoid overly complicated constant expressions in VM code David Laight <David.Laight(a)ACULAB.COM> minmax: relax check to allow comparison between unsigned arguments and signed constants David Laight <David.Laight(a)ACULAB.COM> minmax: allow comparisons of 'int' against 'unsigned char/short' David Laight <David.Laight(a)ACULAB.COM> minmax: fix indentation of __cmp_once() and __clamp_once() David Laight <David.Laight(a)ACULAB.COM> minmax: allow min()/max()/clamp() if the arguments have the same signedness. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: fix header inclusions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: deduplicate __unconst_integer_typeof() Herve Codina <herve.codina(a)bootlin.com> minmax: Introduce {min,max}_array() Matthew Wilcox (Oracle) <willy(a)infradead.org> minmax: add in_range() macro Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: clamp more efficiently by avoiding extra comparison Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: sanity check constant bounds when clamping Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: remove duplicated in_range() macro Bart Van Assche <bvanassche(a)acm.org> overflow, tracing: Define the is_signed_type() macro once Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Peter Zijlstra <peterz(a)infradead.org> locking: Introduce __cleanup() based infrastructure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Nalivayko Sergey <Sergey.Nalivayko(a)kaspersky.com> net/9p: fix double req put in p9_fd_cancelled Sean Christopherson <seanjc(a)google.com> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Ma Ke <make24(a)iscas.ac.cn> ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd934x: Simplify with dev_err_probe Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Gianfranco Trad <gianf.trad(a)gmail.com> udf: fix uninit-value use in udf_get_fileshortad Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Nathan Chancellor <nathan(a)kernel.org> lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Huacai Chen <chenhuacai(a)loongson.cn> init: handle bootloader identifier in kernel parameters Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue John Garry <john.garry(a)huawei.com> scsi: mvsas: Use sas_task_find_rq() for tagging John Garry <john.garry(a)huawei.com> scsi: mvsas: Delete mvs_tag_init() John Garry <john.garry(a)huawei.com> scsi: libsas: Add sas_task_find_rq() Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() Salah Triki <salah.triki(a)gmail.com> bus: fsl-mc: Check return value of platform_get_resource() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Marek Vasut <marek.vasut(a)mailbox.org> Input: atmel_mxt_ts - allow reset GPIO to sleep Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle copy_thresh allocation failure Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() Nishanth Menon <nm(a)ti.com> hwrng: ks-sa - fix division by zero in ks_sa_rng_init Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath10k: avoid unnecessary wait for service ready message Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Colin Ian King <colin.i.king(a)gmail.com> ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Håkon Bugge <haakon.bugge(a)oracle.com> RDMA/cm: Rate limit destroy CM ID timeout error message Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Power up UVD 3 for FW validation (v2) Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Dan Carpenter <dan.carpenter(a)linaro.org> serial: max310x: Add error checking in probe() Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible Qianfeng Rong <rongqianfeng(a)vivo.com> pinctrl: renesas: Use int type to store negative error codes Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Clear power.must_resume in noirq suspend error path Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Yureka Lilian <yuka(a)yuka.dev> libbpf: Fix reuse of DEVMAP Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> selftests: arm64: Check fread return value in exec_target Jeff Layton <jlayton(a)kernel.org> filelock: add FL_RECLAIM to show_fl_flags() macro Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rng - Ensure set_ent is always present Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/amd/display: Fix potential null dereference Roman Li <roman.li(a)amd.com> drm/amd/display: Remove redundant safeguards for dmub-srv destroy() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core/PM: Set power.no_callbacks along with power.no_pm Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: flush RX FIFO on read errors Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: fix maximum TX packet length check Raphael Gallais-Pou <raphael.gallais-pou(a)foss.st.com> serial: stm32: allow selecting console when the driver is module Arnaud Lecomte <contact(a)arnaud-lcm.com> hid: fix I2C read buffer overflow in raw_event() for mcp2221 hupu <hupu.gm(a)gmail.com> perf subcmd: avoid crash in exclude_cmds when excludes is empty Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: limit MAX_TAG_SIZE to 255 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Xiaowei Li <xiaowei.li(a)simcom.com> USB: serial: option: add SIMCom 8230C compositions Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe Duoming Zhou <duoming(a)zju.edu.cn> media: tuner: xc5000: Fix use-after-free in xc5000_release Ricardo Ribalda <ribalda(a)chromium.org> media: tunner: xc5000: Refactor firmware load Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Larshin Sergey <Sergey.Larshin(a)kaspersky.com> media: rc: fix races with imon_disconnect() Duoming Zhou <duoming(a)zju.edu.cn> media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove Wang Haoran <haoranwangsec(a)gmail.com> scsi: target: target_core_configfs: Add length check to avoid buffer overflow ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 9 + Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/arm64/silicon-errata.rst | 2 + Documentation/trace/histogram-design.rst | 4 +- Makefile | 4 +- arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm/mm/pageattr.c | 6 +- arch/arm64/Kconfig | 1 + arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/mte.c | 3 +- arch/m68k/include/asm/bitops.h | 25 +- arch/mips/mti-malta/malta-setup.c | 2 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/riscv/include/asm/processor.h | 4 +- arch/riscv/kernel/cpu.c | 28 ++- arch/riscv/kernel/cpufeature.c | 84 +++++-- arch/riscv/kernel/smpboot.c | 9 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/lib/M7memcpy.S | 20 +- arch/sparc/lib/Memcpy_utils.S | 9 + arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 ++- arch/sparc/lib/U1memcpy.S | 19 +- arch/sparc/lib/U3memcpy.S | 2 +- arch/sparc/mm/hugetlbpage.c | 20 ++ arch/um/drivers/mconsole_user.c | 2 + arch/x86/include/asm/segment.h | 8 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/emulate.c | 11 +- arch/x86/kvm/kvm_emulate.h | 2 +- arch/x86/kvm/x86.c | 9 +- arch/x86/mm/pgtable.c | 2 +- block/blk-crypto-fallback.c | 3 + block/blk-mq-sysfs.c | 6 +- block/blk-settings.c | 3 +- crypto/essiv.c | 14 +- crypto/rng.c | 8 + drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 3 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/node.c | 4 + drivers/base/power/main.c | 14 +- drivers/base/power/runtime.c | 44 ++++ drivers/base/regmap/regmap.c | 2 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 3 + drivers/bus/mhi/host/init.c | 5 +- drivers/char/hw_random/ks-sa-rng.c | 4 + drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clocksource/clps711x-timer.c | 23 +- drivers/clocksource/timer-riscv.c | 15 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/dma/ioat/dma.c | 12 +- drivers/edac/sb_edac.c | 4 +- drivers/edac/skx_common.h | 1 - drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpio/gpio-wcd934x.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 ++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 + .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/arm/display/include/malidp_utils.h | 2 +- .../drm/arm/display/komeda/komeda_pipeline_state.c | 24 +- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 --- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 - drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/radeon/evergreen_cs.c | 2 + drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 +- drivers/hid/hid-mcp2221.c | 4 + drivers/hid/hid-multitouch.c | 27 ++- drivers/hwmon/adt7475.c | 24 +- drivers/i2c/busses/i2c-designware-platdrv.c | 1 + drivers/i2c/busses/i2c-mt65xx.c | 17 +- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 39 +-- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/iio/inkern.c | 2 +- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/cm.c | 4 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 +- drivers/input/misc/uinput.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/irqchip/irq-riscv-intc.c | 7 +- drivers/irqchip/irq-sifive-plic.c | 7 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm.c | 7 +- drivers/media/dvb-frontends/stv0367_priv.h | 3 + drivers/media/i2c/mt9v111.c | 2 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/pci/b2c2/flexcop-pci.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 12 +- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-queue.c | 18 +- drivers/media/pci/ivtv/ivtv-streams.c | 22 +- drivers/media/pci/ivtv/ivtv-udma.c | 27 ++- drivers/media/pci/ivtv/ivtv-yuv.c | 24 +- drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +-- drivers/media/rc/imon.c | 27 ++- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 +- drivers/media/tuners/xc5000.c | 41 ++-- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/sdio.c | 6 +- drivers/most/most_usb.c | 13 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/net/bonding/bond_main.c | 40 ++- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 +- drivers/net/ethernet/dlink/dl2k.c | 30 ++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/fjes/fjes_main.c | 4 +- drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/lan78xx.c | 42 +++- drivers/net/usb/r8152.c | 2 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/rtl8150.c | 15 +- drivers/net/wireless/ath/ath10k/wmi.c | 39 ++- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 ++ drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 36 +-- drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 8 +- drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 +- drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 - drivers/nfc/pn544/i2c.c | 2 - drivers/pci/controller/cadence/pci-j721e.c | 25 ++ drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-tegra194.c | 22 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-label.c | 10 +- drivers/pci/pci-sysfs.c | 98 +++++--- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/perf/arm_spe_pmu.c | 3 +- drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 + drivers/pinctrl/pinmux.c | 2 +- drivers/pinctrl/renesas/pinctrl.c | 3 +- drivers/platform/x86/sony-laptop.c | 1 - drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/pwm/pwm-tiehrpwm.c | 4 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/rtc/interface.c | 27 +++ drivers/rtc/rtc-x1205.c | 2 +- drivers/scsi/hpsa.c | 21 +- drivers/scsi/isci/init.c | 6 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/mvsas/mv_defs.h | 1 + drivers/scsi/mvsas/mv_init.c | 13 +- drivers/scsi/mvsas/mv_sas.c | 42 ++-- drivers/scsi/mvsas/mv_sas.h | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_sas.c | 9 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/spi/spi-cadence-quadspi.c | 5 + drivers/staging/axis-fifo/axis-fifo.c | 32 ++- drivers/staging/comedi/comedi_buf.c | 2 +- .../pci/hive_isp_css_include/math_support.h | 5 - drivers/target/target_core_configfs.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/tty/serial/Kconfig | 2 +- drivers/tty/serial/max310x.c | 2 + drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/serial/option.c | 16 ++ drivers/usb/usbip/vhci_hcd.c | 22 ++ drivers/watchdog/mpc8xxx_wdt.c | 2 + drivers/xen/events/events_base.c | 20 +- drivers/xen/manage.c | 3 +- fs/btrfs/ctree.h | 2 - fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 1 + fs/btrfs/file-item.c | 1 + fs/btrfs/misc.h | 2 - fs/btrfs/raid56.c | 1 + fs/btrfs/tree-checker.c | 2 +- fs/cramfs/inode.c | 11 +- fs/dax.c | 54 +++-- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/erofs/zdata.h | 2 +- fs/exec.c | 2 +- fs/ext2/balloc.c | 2 - fs/ext4/ext4.h | 2 - fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 18 +- fs/ext4/super.c | 10 +- fs/ext4/xattr.c | 15 +- fs/file.c | 5 +- fs/fsopen.c | 70 +++--- fs/fuse/file.c | 8 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 ++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ---- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 ++++ fs/hfsplus/super.c | 25 +- fs/hfsplus/unicode.c | 24 ++ fs/iomap/apply.c | 74 +++++- fs/iomap/trace.h | 37 ++- fs/jbd2/transaction.c | 13 +- fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 11 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/lockd.c | 15 ++ fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++- fs/nfsd/nfs4xdr.c | 14 +- fs/nfsd/xdr4.h | 36 ++- fs/ocfs2/move_extents.c | 5 + fs/ocfs2/stack_user.c | 1 + fs/squashfs/inode.c | 31 ++- fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 12 +- fs/ufs/util.h | 6 - include/linux/cleanup.h | 171 +++++++++++++ include/linux/compiler-clang.h | 9 + include/linux/compiler.h | 15 ++ include/linux/compiler_attributes.h | 6 + include/linux/device.h | 10 + include/linux/file.h | 6 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/iomap.h | 56 +++++ include/linux/irqflags.h | 7 + include/linux/minmax.h | 267 ++++++++++++++++----- include/linux/mutex.h | 4 + include/linux/netdevice.h | 9 + include/linux/overflow.h | 1 - include/linux/percpu.h | 4 + include/linux/pm_runtime.h | 4 + include/linux/preempt.h | 5 + include/linux/rcupdate.h | 3 + include/linux/rwsem.h | 9 + include/linux/sched/task.h | 2 + include/linux/slab.h | 3 + include/linux/spinlock.h | 32 +++ include/linux/srcu.h | 5 + include/linux/trace_events.h | 2 - include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 16 +- include/scsi/libsas.h | 18 ++ include/trace/events/filelock.h | 3 +- include/uapi/linux/netlink.h | 1 + init/main.c | 14 ++ kernel/fork.c | 2 +- kernel/padata.c | 6 +- kernel/pid.c | 2 +- kernel/sched/fair.c | 38 +-- kernel/trace/preemptirq_delay_test.c | 2 - kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/btree.c | 1 - lib/crypto/Makefile | 4 + lib/decompress_unlzma.c | 2 + lib/genalloc.c | 5 +- lib/logic_pio.c | 3 - lib/vsprintf.c | 2 +- lib/zstd/zstd_internal.h | 2 - mm/hugetlb.c | 2 + mm/zsmalloc.c | 1 - net/9p/trans_fd.c | 8 +- net/bluetooth/mgmt.c | 10 +- net/core/filter.c | 18 +- net/core/rtnetlink.c | 87 +++++-- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/proc.c | 2 +- net/ipv4/tcp.c | 9 +- net/ipv4/tcp_input.c | 1 - net/ipv4/tcp_output.c | 19 +- net/ipv4/udp.c | 16 +- net/ipv6/ip6_tunnel.c | 3 +- net/ipv6/proc.c | 2 +- net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/netfilter/nf_nat_core.c | 6 +- net/sctp/inqueue.c | 13 +- net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/tipc/core.h | 2 +- net/tipc/link.c | 10 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 13 + net/vmw_vsock/af_vsock.c | 38 +-- scripts/checkpatch.pl | 2 +- security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/firewire/amdtp-stream.h | 2 +- sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/codecs/wcd934x.c | 30 ++- sound/soc/intel/boards/bytcht_es8316.c | 20 +- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 +- tools/build/feature/Makefile | 4 +- tools/lib/bpf/libbpf.c | 10 + tools/lib/perf/include/perf/event.h | 1 + tools/lib/subcmd/help.c | 3 + tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/arm64/pauth/exec_target.c | 7 +- tools/testing/selftests/rseq/rseq.c | 8 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 380 files changed, 2926 insertions(+), 1387 deletions(-)

5 hours, 8 minutes

8
340
0 0

[PATCH] mount: fix duplicate mounts using the new mount API

by GuangFei Luo

When using the new mount API, invoking the same mount command multiple times such as: mount /dev/mapper/mydevice /mnt/mydisk2 results in multiple identical mount entries being created: /dev/mapper/mydevice on /mnt/mydisk2 type ext4 (rw,relatime) /dev/mapper/mydevice on /mnt/mydisk2 type ext4 (rw,relatime) /dev/mapper/mydevice on /mnt/mydisk2 type ext4 (rw,relatime) ... Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around") Signed-off-by: GuangFei Luo <luogf2025(a)163.com> Cc: <stable(a)vger.kernel.org> # 5.2+ --- fs/namespace.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/namespace.c b/fs/namespace.c index d82910f33dc4..9436471955ce 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -4427,6 +4427,7 @@ SYSCALL_DEFINE5(move_mount, { struct path to_path __free(path_put) = {}; struct path from_path __free(path_put) = {}; + struct path path __free(path_put) = {}; struct filename *to_name __free(putname) = NULL; struct filename *from_name __free(putname) = NULL; unsigned int lflags, uflags; @@ -4472,6 +4473,14 @@ SYSCALL_DEFINE5(move_mount, return ret; } + ret = user_path_at(AT_FDCWD, to_pathname, LOOKUP_FOLLOW, &path); + if (ret) + return ret; + + /* Refuse the same filesystem on the same mount point */ + if (path.mnt->mnt_sb == to_path.mnt->mnt_sb && path_mounted(&path)) + return -EBUSY; + uflags = 0; if (flags & MOVE_MOUNT_F_EMPTY_PATH) uflags = AT_EMPTY_PATH; -- 2.43.0

6 hours, 7 minutes

4
5
0 0

[PATCH stable 5.10] sched/deadline: only set free_cpus for online runqueues

by Florian Fainelli

From: Doug Berger <opendmb(a)gmail.com> [ Upstream commit 382748c05e58a9f1935f5a653c352422375566ea ] Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect rd->online") introduced the cpudl_set/clear_freecpu functions to allow the cpu_dl::free_cpus mask to be manipulated by the deadline scheduler class rq_on/offline callbacks so the mask would also reflect this state. Commit 9659e1eeee28 ("sched/deadline: Remove cpu_active_mask from cpudl_find()") removed the check of the cpu_active_mask to save some processing on the premise that the cpudl::free_cpus mask already reflected the runqueue online state. Unfortunately, there are cases where it is possible for the cpudl_clear function to set the free_cpus bit for a CPU when the deadline runqueue is offline. When this occurs while a CPU is connected to the default root domain the flag may retain the bad state after the CPU has been unplugged. Later, a different CPU that is transitioning through the default root domain may push a deadline task to the powered down CPU when cpudl_find sees its free_cpus bit is set. If this happens the task will not have the opportunity to run. One example is outlined here: https://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com Another occurs when the last deadline task is migrated from a CPU that has an offlined runqueue. The dequeue_task member of the deadline scheduler class will eventually call cpudl_clear and set the free_cpus bit for the CPU. This commit modifies the cpudl_clear function to be aware of the online state of the deadline runqueue so that the free_cpus mask can be updated appropriately. It is no longer necessary to manage the mask outside of the cpudl_set/clear functions so the cpudl_set/clear_freecpu functions are removed. In addition, since the free_cpus mask is now only updated under the cpudl lock the code was changed to use the non-atomic __cpumask functions. Signed-off-by: Doug Berger <opendmb(a)gmail.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> --- kernel/sched/cpudeadline.c | 34 +++++++++------------------------- kernel/sched/cpudeadline.h | 4 +--- kernel/sched/deadline.c | 8 ++++---- 3 files changed, 14 insertions(+), 32 deletions(-) diff --git a/kernel/sched/cpudeadline.c b/kernel/sched/cpudeadline.c index 8cb06c8c7eb1..fd28ba4e1a28 100644 --- a/kernel/sched/cpudeadline.c +++ b/kernel/sched/cpudeadline.c @@ -166,12 +166,13 @@ int cpudl_find(struct cpudl *cp, struct task_struct *p, * cpudl_clear - remove a CPU from the cpudl max-heap * @cp: the cpudl max-heap context * @cpu: the target CPU + * @online: the online state of the deadline runqueue * * Notes: assumes cpu_rq(cpu)->lock is locked * * Returns: (void) */ -void cpudl_clear(struct cpudl *cp, int cpu) +void cpudl_clear(struct cpudl *cp, int cpu, bool online) { int old_idx, new_cpu; unsigned long flags; @@ -184,7 +185,7 @@ void cpudl_clear(struct cpudl *cp, int cpu) if (old_idx == IDX_INVALID) { /* * Nothing to remove if old_idx was invalid. - * This could happen if a rq_offline_dl is + * This could happen if rq_online_dl or rq_offline_dl is * called for a CPU without -dl tasks running. */ } else { @@ -195,9 +196,12 @@ void cpudl_clear(struct cpudl *cp, int cpu) cp->elements[new_cpu].idx = old_idx; cp->elements[cpu].idx = IDX_INVALID; cpudl_heapify(cp, old_idx); - - cpumask_set_cpu(cpu, cp->free_cpus); } + if (likely(online)) + __cpumask_set_cpu(cpu, cp->free_cpus); + else + __cpumask_clear_cpu(cpu, cp->free_cpus); + raw_spin_unlock_irqrestore(&cp->lock, flags); } @@ -228,7 +232,7 @@ void cpudl_set(struct cpudl *cp, int cpu, u64 dl) cp->elements[new_idx].cpu = cpu; cp->elements[cpu].idx = new_idx; cpudl_heapify_up(cp, new_idx); - cpumask_clear_cpu(cpu, cp->free_cpus); + __cpumask_clear_cpu(cpu, cp->free_cpus); } else { cp->elements[old_idx].dl = dl; cpudl_heapify(cp, old_idx); @@ -237,26 +241,6 @@ void cpudl_set(struct cpudl *cp, int cpu, u64 dl) raw_spin_unlock_irqrestore(&cp->lock, flags); } -/* - * cpudl_set_freecpu - Set the cpudl.free_cpus - * @cp: the cpudl max-heap context - * @cpu: rd attached CPU - */ -void cpudl_set_freecpu(struct cpudl *cp, int cpu) -{ - cpumask_set_cpu(cpu, cp->free_cpus); -} - -/* - * cpudl_clear_freecpu - Clear the cpudl.free_cpus - * @cp: the cpudl max-heap context - * @cpu: rd attached CPU - */ -void cpudl_clear_freecpu(struct cpudl *cp, int cpu) -{ - cpumask_clear_cpu(cpu, cp->free_cpus); -} - /* * cpudl_init - initialize the cpudl structure * @cp: the cpudl max-heap context diff --git a/kernel/sched/cpudeadline.h b/kernel/sched/cpudeadline.h index 0adeda93b5fb..ecff718d94ae 100644 --- a/kernel/sched/cpudeadline.h +++ b/kernel/sched/cpudeadline.h @@ -18,9 +18,7 @@ struct cpudl { #ifdef CONFIG_SMP int cpudl_find(struct cpudl *cp, struct task_struct *p, struct cpumask *later_mask); void cpudl_set(struct cpudl *cp, int cpu, u64 dl); -void cpudl_clear(struct cpudl *cp, int cpu); +void cpudl_clear(struct cpudl *cp, int cpu, bool online); int cpudl_init(struct cpudl *cp); -void cpudl_set_freecpu(struct cpudl *cp, int cpu); -void cpudl_clear_freecpu(struct cpudl *cp, int cpu); void cpudl_cleanup(struct cpudl *cp); #endif /* CONFIG_SMP */ diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 6548bd90c5c3..85e4ef476686 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1414,7 +1414,7 @@ static void dec_dl_deadline(struct dl_rq *dl_rq, u64 deadline) if (!dl_rq->dl_nr_running) { dl_rq->earliest_dl.curr = 0; dl_rq->earliest_dl.next = 0; - cpudl_clear(&rq->rd->cpudl, rq->cpu); + cpudl_clear(&rq->rd->cpudl, rq->cpu, rq->online); } else { struct rb_node *leftmost = dl_rq->root.rb_leftmost; struct sched_dl_entity *entry; @@ -2349,9 +2349,10 @@ static void rq_online_dl(struct rq *rq) if (rq->dl.overloaded) dl_set_overload(rq); - cpudl_set_freecpu(&rq->rd->cpudl, rq->cpu); if (rq->dl.dl_nr_running > 0) cpudl_set(&rq->rd->cpudl, rq->cpu, rq->dl.earliest_dl.curr); + else + cpudl_clear(&rq->rd->cpudl, rq->cpu, true); } /* Assumes rq->lock is held */ @@ -2360,8 +2361,7 @@ static void rq_offline_dl(struct rq *rq) if (rq->dl.overloaded) dl_clear_overload(rq); - cpudl_clear(&rq->rd->cpudl, rq->cpu); - cpudl_clear_freecpu(&rq->rd->cpudl, rq->cpu); + cpudl_clear(&rq->rd->cpudl, rq->cpu, false); } void __init init_sched_dl_class(void) -- 2.34.1

6 hours, 45 minutes

2
8
0 0

[PATCH v2 1/5] mm, swap: do not perform synchronous discard during allocation

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> Since commit 1b7e90020eb77 ("mm, swap: use percpu cluster as allocation fast path"), swap allocation is protected by a local lock, which means we can't do any sleeping calls during allocation. However, the discard routine is not taken well care of. When the swap allocator failed to find any usable cluster, it would look at the pending discard cluster and try to issue some blocking discards. It may not necessarily sleep, but the cond_resched at the bio layer indicates this is wrong when combined with a local lock. And the bio GFP flag used for discard bio is also wrong (not atomic). It's arguable whether this synchronous discard is helpful at all. In most cases, the async discard is good enough. And the swap allocator is doing very differently at organizing the clusters since the recent change, so it is very rare to see discard clusters piling up. So far, no issues have been observed or reported with typical SSD setups under months of high pressure. This issue was found during my code review. But by hacking the kernel a bit: adding a mdelay(500) in the async discard path, this issue will be observable with WARNING triggered by the wrong GFP and cond_resched in the bio layer for debug builds. So now let's apply a hotfix for this issue: remove the synchronous discard in the swap allocation path. And when order 0 is failing with all cluster list drained on all swap devices, try to do a discard following the swap device priority list. If any discards released some cluster, try the allocation again. This way, we can still avoid OOM due to swap failure if the hardware is very slow and memory pressure is extremely high. This may cause more fragmentation issues if the discarding hardware is really slow. Ideally, we want to discard pending clusters before continuing to iterate the fragment cluster lists. This can be implemented in a cleaner way if we clean up the device list iteration part first. Cc: stable(a)vger.kernel.org Fixes: 1b7e90020eb77 ("mm, swap: use percpu cluster as allocation fast path") Acked-by: Nhat Pham <nphamcs(a)gmail.com> Signed-off-by: Kairui Song <kasong(a)tencent.com> --- mm/swapfile.c | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/mm/swapfile.c b/mm/swapfile.c index cb2392ed8e0e..33e0bd905c55 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -1101,13 +1101,6 @@ static unsigned long cluster_alloc_swap_entry(struct swap_info_struct *si, int o goto done; } - /* - * We don't have free cluster but have some clusters in discarding, - * do discard now and reclaim them. - */ - if ((si->flags & SWP_PAGE_DISCARD) && swap_do_scheduled_discard(si)) - goto new_cluster; - if (order) goto done; @@ -1394,6 +1387,33 @@ static bool swap_alloc_slow(swp_entry_t *entry, return false; } +/* + * Discard pending clusters in a synchronized way when under high pressure. + * Return: true if any cluster is discarded. + */ +static bool swap_sync_discard(void) +{ + bool ret = false; + int nid = numa_node_id(); + struct swap_info_struct *si, *next; + + spin_lock(&swap_avail_lock); + plist_for_each_entry_safe(si, next, &swap_avail_heads[nid], avail_lists[nid]) { + spin_unlock(&swap_avail_lock); + if (get_swap_device_info(si)) { + if (si->flags & SWP_PAGE_DISCARD) + ret = swap_do_scheduled_discard(si); + put_swap_device(si); + } + if (ret) + return true; + spin_lock(&swap_avail_lock); + } + spin_unlock(&swap_avail_lock); + + return false; +} + /** * folio_alloc_swap - allocate swap space for a folio * @folio: folio we want to move to swap @@ -1432,11 +1452,17 @@ int folio_alloc_swap(struct folio *folio, gfp_t gfp) } } +again: local_lock(&percpu_swap_cluster.lock); if (!swap_alloc_fast(&entry, order)) swap_alloc_slow(&entry, order); local_unlock(&percpu_swap_cluster.lock); + if (unlikely(!order && !entry.val)) { + if (swap_sync_discard()) + goto again; + } + /* Need to call this even if allocation failed, for MEMCG_SWAP_FAIL. */ if (mem_cgroup_try_charge_swap(folio, entry)) goto out_free; -- 2.51.0

7 hours, 10 minutes

2
1
0 0

[PATCH 0/3] PCI: meson: Fix the parsing of DBI region

by Manivannan Sadhasivam

Hi, This compile tested only series aims to fix the DBI parsing issue repored in [1]. The issue stems from the fact that the DT and binding describing 'dbi' region as 'elbi' from the start. Now, both binding and DTs are fixed and the driver is reworked to work with both old and new DTs. Note: The driver patch is OK to be backported till 6.2 where the common resource parsing code was introduced. But the DTS patch should not be backported. And I'm not sure about the backporting of the binding. Please test this series on the Meson board with old and new DTs. - Mani Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> --- Manivannan Sadhasivam (3): dt-bindings: PCI: amlogic: Fix the register name of the DBI region arm64: dts: amlogic: Fix the register name of the 'DBI' region PCI: meson: Fix parsing the DBI register region .../devicetree/bindings/pci/amlogic,axg-pcie.yaml | 6 +++--- arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 4 ++-- arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 2 +- drivers/pci/controller/dwc/pci-meson.c | 18 +++++++++++++++--- drivers/pci/controller/dwc/pcie-designware.c | 12 +++++++----- 5 files changed, 28 insertions(+), 14 deletions(-) --- base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787 change-id: 20251031-pci-meson-fix-c8b651bc6662 Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com>

7 hours, 12 minutes

1
1
0 0

[PATCH] drm: sti: fix device leaks at component probe

by Johan Hovold

Make sure to drop the references taken to the vtg devices by of_find_device_by_node() when looking up their driver data during component probe. Note that holding a reference to a platform device does not prevent its driver data from going away so there is no point in keeping the reference after the lookup helper returns. Fixes: cc6b741c6f63 ("drm: sti: remove useless fields from vtg structure") Cc: stable(a)vger.kernel.org # 4.16 Cc: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/sti/sti_vtg.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/sti/sti_vtg.c b/drivers/gpu/drm/sti/sti_vtg.c index ee81691b3203..ce6bc7e7b135 100644 --- a/drivers/gpu/drm/sti/sti_vtg.c +++ b/drivers/gpu/drm/sti/sti_vtg.c @@ -143,12 +143,17 @@ struct sti_vtg { struct sti_vtg *of_vtg_find(struct device_node *np) { struct platform_device *pdev; + struct sti_vtg *vtg; pdev = of_find_device_by_node(np); if (!pdev) return NULL; - return (struct sti_vtg *)platform_get_drvdata(pdev); + vtg = platform_get_drvdata(pdev); + + put_device(&pdev->dev); + + return vtg; } static void vtg_reset(struct sti_vtg *vtg) -- 2.49.1

7 hours, 45 minutes

3
3
0 0

[PATCH v2 2/2] hisi_acc_vfio_pci: Add .match_token_uuid callback in hisi_acc_vfio_pci_migrn_ops

by Raghavendra Rao Ananta

The commit, <86624ba3b522> ("vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD") accidentally ignored including the .match_token_uuid callback in the hisi_acc_vfio_pci_migrn_ops struct. Introduce the missed callback here. Fixes: 86624ba3b522 ("vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD") Cc: stable(a)vger.kernel.org Suggested-by: Longfang Liu <liulongfang(a)huawei.com> Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> --- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c index fde33f54e99ec..d07093d7cc3f5 100644 --- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c +++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c @@ -1564,6 +1564,7 @@ static const struct vfio_device_ops hisi_acc_vfio_pci_migrn_ops = { .mmap = hisi_acc_vfio_pci_mmap, .request = vfio_pci_core_request, .match = vfio_pci_core_match, + .match_token_uuid = vfio_pci_core_match_token_uuid, .bind_iommufd = vfio_iommufd_physical_bind, .unbind_iommufd = vfio_iommufd_physical_unbind, .attach_ioas = vfio_iommufd_physical_attach_ioas, -- 2.51.1.930.gacf6e81ea2-goog

7 hours, 46 minutes

2
1
0 0

[PATCH v2 1/2] vfio: Fix ksize arg while copying user struct in vfio_df_ioctl_bind_iommufd()

by Raghavendra Rao Ananta

For the cases where user includes a non-zero value in 'token_uuid_ptr' field of 'struct vfio_device_bind_iommufd', the copy_struct_from_user() in vfio_df_ioctl_bind_iommufd() fails with -E2BIG. For the 'minsz' passed, copy_struct_from_user() expects the newly introduced field to be zero-ed, which would be incorrect in this case. Fix this by passing the actual size of the kernel struct. If working with a newer userspace, copy_struct_from_user() would copy the 'token_uuid_ptr' field, and if working with an old userspace, it would zero out this field, thus still retaining backward compatibility. Fixes: 86624ba3b522 ("vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD") Cc: stable(a)vger.kernel.org Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> --- drivers/vfio/device_cdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/vfio/device_cdev.c b/drivers/vfio/device_cdev.c index 480cac3a0c274..8ceca24ac136c 100644 --- a/drivers/vfio/device_cdev.c +++ b/drivers/vfio/device_cdev.c @@ -99,7 +99,7 @@ long vfio_df_ioctl_bind_iommufd(struct vfio_device_file *df, return ret; if (user_size < minsz) return -EINVAL; - ret = copy_struct_from_user(&bind, minsz, arg, user_size); + ret = copy_struct_from_user(&bind, sizeof(bind), arg, user_size); if (ret) return ret; -- 2.51.1.930.gacf6e81ea2-goog

7 hours, 49 minutes

1
0
0 0

[PATCH v2 0/9] dt-bindings: PCI: qcom: Add missing required power-domains and resets

by Krzysztof Kozlowski

Changes in v2: - Add also resets - Drop cc-stable tag in the last patch - Link to v1: https://patch.msgid.link/20251029-dt-bindings-pci-qcom-fixes-power-domains-… Recent binding changes forgot to make power-domains and resets required. I am not updating SC8180xp because it will be fixed other way in my next patchset. Best regards, Krzysztof --- Krzysztof Kozlowski (9): dt-bindings: PCI: qcom,pcie-sa8775p: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-x1e80100: Add missing required power-domains and resets Documentation/devicetree/bindings/pci/qcom,pcie-sa8775p.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-sc7280.yaml | 5 +++++ Documentation/devicetree/bindings/pci/qcom,pcie-sc8280xp.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8150.yaml | 5 +++++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8250.yaml | 5 +++++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8350.yaml | 5 +++++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8450.yaml | 5 +++++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8550.yaml | 5 +++++ Documentation/devicetree/bindings/pci/qcom,pcie-x1e80100.yaml | 5 +++++ 9 files changed, 41 insertions(+) --- base-commit: 326bbf6e2b1ce8d1e6166cce2ca414aa241c382f change-id: 20251029-dt-bindings-pci-qcom-fixes-power-domains-36a669b2e252 Best regards, -- Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>

8 hours, 24 minutes

3
9
0 0

[PATCH] drm/nouveau: set DMA mask before creating the flush page

by Timur Tabi

Set the DMA mask before calling nvkm_device_ctor(), so that when the flush page is created in nvkm_fb_ctor(), the allocation will not fail if the page is outside of DMA address space, which can easily happen if IOMMU is disable. In such situations, you will get an error like this: nouveau 0000:65:00.0: DMA addr 0x0000000107c56000+4096 overflow (mask ffffffff, bus limit 0). Commit 38f5359354d4 ("rm/nouveau/pci: set streaming DMA mask early") set the mask after calling nvkm_device_ctor(), but back then there was no flush page being created, which might explain why the mask wasn't set earlier. Flush page allocation was added in commit 5728d064190e ("drm/nouveau/fb: handle sysmem flush page from common code"). nvkm_fb_ctor() calls alloc_page(), which can allocate a page anywhere in system memory, but then calls dma_map_page() on that page. But since the DMA mask is still set to 32, the map can fail if the page is allocated above 4GB. This is easy to reproduce on systems with a lot of memory and IOMMU disabled. An alternative approach would be to force the allocation of the flush page to low memory, by specifying __GFP_DMA32. However, this would always allocate the page in low memory, even though the hardware can access high memory. Fixes: 5728d064190e ("drm/nouveau/fb: handle sysmem flush page from common code") Signed-off-by: Timur Tabi <ttabi(a)nvidia.com> --- .../gpu/drm/nouveau/nvkm/engine/device/pci.c | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c b/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c index 8f0261a0d618..7cc5a7499583 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c @@ -1695,6 +1695,18 @@ nvkm_device_pci_new(struct pci_dev *pci_dev, const char *cfg, const char *dbg, *pdevice = &pdev->device; pdev->pdev = pci_dev; + /* Set DMA mask based on capabilities reported by the MMU subdev. */ + if (pdev->device.mmu && !pdev->device.pci->agp.bridge) + bits = pdev->device.mmu->dma_bits; + else + bits = 32; + + ret = dma_set_mask_and_coherent(&pci_dev->dev, DMA_BIT_MASK(bits)); + if (ret && bits != 32) { + dma_set_mask_and_coherent(&pci_dev->dev, DMA_BIT_MASK(32)); + pdev->device.mmu->dma_bits = 32; + } + ret = nvkm_device_ctor(&nvkm_device_pci_func, quirk, &pci_dev->dev, pci_is_pcie(pci_dev) ? NVKM_DEVICE_PCIE : pci_find_capability(pci_dev, PCI_CAP_ID_AGP) ? @@ -1708,17 +1720,5 @@ nvkm_device_pci_new(struct pci_dev *pci_dev, const char *cfg, const char *dbg, if (ret) return ret; - /* Set DMA mask based on capabilities reported by the MMU subdev. */ - if (pdev->device.mmu && !pdev->device.pci->agp.bridge) - bits = pdev->device.mmu->dma_bits; - else - bits = 32; - - ret = dma_set_mask_and_coherent(&pci_dev->dev, DMA_BIT_MASK(bits)); - if (ret && bits != 32) { - dma_set_mask_and_coherent(&pci_dev->dev, DMA_BIT_MASK(32)); - pdev->device.mmu->dma_bits = 32; - } - return 0; } base-commit: 18a7e218cfcdca6666e1f7356533e4c988780b57 -- 2.51.0

8 hours, 45 minutes

1
0
0 0

[PATCH v3] block: Remove queue freezing from several sysfs store callbacks

by Bart Van Assche

Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_path option. Additionally, freezing the request queue slows down system boot on systems where sysfs attributes are set synchronously. Fix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue() calls from the store callbacks that do not strictly need these callbacks. This patch may cause a small delay in applying the new settings. This patch affects the following sysfs attributes: * io_poll_delay * io_timeout * nomerges * read_ahead_kb * rq_affinity Here is an example of a deadlock triggered by running test srp/002: task:multipathd Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 schedule_preempt_disabled+0x1c/0x30 __mutex_lock+0xb89/0x1650 mutex_lock_nested+0x1f/0x30 dm_table_set_restrictions+0x823/0xdf0 __bind+0x166/0x590 dm_swap_table+0x2a7/0x490 do_resume+0x1b1/0x610 dev_suspend+0x55/0x1a0 ctl_ioctl+0x3a5/0x7e0 dm_ctl_ioctl+0x12/0x20 __x64_sys_ioctl+0x127/0x1a0 x64_sys_call+0xe2b/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> task:(udev-worker) Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 blk_mq_freeze_queue_wait+0xf2/0x140 blk_mq_freeze_queue_nomemsave+0x23/0x30 queue_ra_store+0x14e/0x290 queue_attr_store+0x23e/0x2c0 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3b2/0x630 vfs_write+0x4fd/0x1390 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x276/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Nilay Shroff <nilay(a)linux.ibm.com> Cc: Martin Wilck <mwilck(a)suse.com> Cc: Benjamin Marzinski <bmarzins(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: af2814149883 ("block: freeze the queue in queue_attr_store") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- Changes compared to v2: - Dropped the controversial patch "block: Restrict the duration of sysfs attribute changes". Changes compared to v1: - Added patch "block: Restrict the duration of sysfs attribute changes". - Remove queue freezing from more sysfs callbacks. block/blk-sysfs.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index 76c47fe9b8d6..c698d83cbd29 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -143,7 +143,6 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) { unsigned long ra_kb; ssize_t ret; - unsigned int memflags; struct request_queue *q = disk->queue; ret = queue_var_store(&ra_kb, page, count); @@ -154,10 +153,8 @@ queue_ra_store(struct gendisk *disk, const char *page, size_t count) * calculated from the queue limits by queue_limits_commit_update. */ mutex_lock(&q->limits_lock); - memflags = blk_mq_freeze_queue(q); disk->bdi->ra_pages = ra_kb >> (PAGE_SHIFT - 10); mutex_unlock(&q->limits_lock); - blk_mq_unfreeze_queue(q, memflags); return ret; } @@ -375,21 +372,18 @@ static ssize_t queue_nomerges_store(struct gendisk *disk, const char *page, size_t count) { unsigned long nm; - unsigned int memflags; struct request_queue *q = disk->queue; ssize_t ret = queue_var_store(&nm, page, count); if (ret < 0) return ret; - memflags = blk_mq_freeze_queue(q); blk_queue_flag_clear(QUEUE_FLAG_NOMERGES, q); blk_queue_flag_clear(QUEUE_FLAG_NOXMERGES, q); if (nm == 2) blk_queue_flag_set(QUEUE_FLAG_NOMERGES, q); else if (nm) blk_queue_flag_set(QUEUE_FLAG_NOXMERGES, q); - blk_mq_unfreeze_queue(q, memflags); return ret; } @@ -409,7 +403,6 @@ queue_rq_affinity_store(struct gendisk *disk, const char *page, size_t count) #ifdef CONFIG_SMP struct request_queue *q = disk->queue; unsigned long val; - unsigned int memflags; ret = queue_var_store(&val, page, count); if (ret < 0) @@ -421,7 +414,6 @@ queue_rq_affinity_store(struct gendisk *disk, const char *page, size_t count) * are accessed individually using atomic test_bit operation. So we * don't grab any lock while updating these flags. */ - memflags = blk_mq_freeze_queue(q); if (val == 2) { blk_queue_flag_set(QUEUE_FLAG_SAME_COMP, q); blk_queue_flag_set(QUEUE_FLAG_SAME_FORCE, q); @@ -432,7 +424,6 @@ queue_rq_affinity_store(struct gendisk *disk, const char *page, size_t count) blk_queue_flag_clear(QUEUE_FLAG_SAME_COMP, q); blk_queue_flag_clear(QUEUE_FLAG_SAME_FORCE, q); } - blk_mq_unfreeze_queue(q, memflags); #endif return ret; } @@ -446,11 +437,9 @@ static ssize_t queue_poll_delay_store(struct gendisk *disk, const char *page, static ssize_t queue_poll_store(struct gendisk *disk, const char *page, size_t count) { - unsigned int memflags; ssize_t ret = count; struct request_queue *q = disk->queue; - memflags = blk_mq_freeze_queue(q); if (!(q->limits.features & BLK_FEAT_POLL)) { ret = -EINVAL; goto out; @@ -459,7 +448,6 @@ static ssize_t queue_poll_store(struct gendisk *disk, const char *page, pr_info_ratelimited("writes to the poll attribute are ignored.\n"); pr_info_ratelimited("please use driver specific parameters instead.\n"); out: - blk_mq_unfreeze_queue(q, memflags); return ret; } @@ -472,7 +460,7 @@ static ssize_t queue_io_timeout_show(struct gendisk *disk, char *page) static ssize_t queue_io_timeout_store(struct gendisk *disk, const char *page, size_t count) { - unsigned int val, memflags; + unsigned int val; int err; struct request_queue *q = disk->queue; @@ -480,9 +468,7 @@ static ssize_t queue_io_timeout_store(struct gendisk *disk, const char *page, if (err || val == 0) return -EINVAL; - memflags = blk_mq_freeze_queue(q); blk_queue_rq_timeout(q, msecs_to_jiffies(val)); - blk_mq_unfreeze_queue(q, memflags); return count; }

9 hours, 7 minutes

4
5
0 0

[PATCH net] Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()

by Ilia Gavrilov

In the parse_adv_monitor_pattern() function, the value of the 'length' variable is currently limited to HCI_MAX_EXT_AD_LENGTH(251). The size of the 'value' array in the mgmt_adv_pattern structure is 31. If the value of 'pattern[i].length' is set in the user space and exceeds 31, the 'patterns[i].value' array can be accessed out of bound when copied. Increasing the size of the 'value' array in the 'mgmt_adv_pattern' structure will break the userspace. Considering this, and to avoid OOB access revert the limits for 'offset' and 'length' back to the value of HCI_MAX_AD_LENGTH. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. Fixes: db08722fc7d4 ("Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH") Cc: stable(a)vger.kernel.org Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> --- include/net/bluetooth/mgmt.h | 2 +- net/bluetooth/mgmt.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h index 74edea06985b..4b07ce6dfd69 100644 --- a/include/net/bluetooth/mgmt.h +++ b/include/net/bluetooth/mgmt.h @@ -780,7 +780,7 @@ struct mgmt_adv_pattern { __u8 ad_type; __u8 offset; __u8 length; - __u8 value[31]; + __u8 value[HCI_MAX_AD_LENGTH]; } __packed; #define MGMT_OP_ADD_ADV_PATTERNS_MONITOR 0x0052 diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index a3d16eece0d2..500033b70a96 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -5391,9 +5391,9 @@ static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count, for (i = 0; i < pattern_count; i++) { offset = patterns[i].offset; length = patterns[i].length; - if (offset >= HCI_MAX_EXT_AD_LENGTH || - length > HCI_MAX_EXT_AD_LENGTH || - (offset + length) > HCI_MAX_EXT_AD_LENGTH) + if (offset >= HCI_MAX_AD_LENGTH || + length > HCI_MAX_AD_LENGTH || + (offset + length) > HCI_MAX_AD_LENGTH) return MGMT_STATUS_INVALID_PARAMS; p = kmalloc(sizeof(*p), GFP_KERNEL); -- 2.39.5

9 hours, 25 minutes

3
5
0 0

[PATCH v2 0/1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

this patch adds support for default NVM file Changes v2: - Add log for failed default nvm file request. - Added Cc: stable(a)vger.kernel.org to comply with stable kernel rules. - Link to v1: https://lore.kernel.org/all/20251028120550.2225434-1-quic_shuaz@quicinc.com/ Shuai Zhang (1): Bluetooth: btusb: add default nvm file drivers/bluetooth/btusb.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) -- 2.34.1

9 hours, 37 minutes

2
2
0 0

[PATCH v3] usb: storage: Fix memory leak in USB bulk transport

by Desnes Nunes

A kernel memory leak was identified by the 'ioctl_sg01' test from Linux Test Project (LTP). The following bytes were mainly observed: 0x53425355. When USB storage devices incorrectly skip the data phase with status data, the code extracts/validates the CSW from the sg buffer, but fails to clear it afterwards. This leaves status protocol data in srb's transfer buffer, such as the US_BULK_CS_SIGN 'USBS' signature observed here. Thus, this can lead to USB protocols leaks to user space through SCSI generic (/dev/sg*) interfaces, such as the one seen here when the LTP test requested 512 KiB. Fix the leak by zeroing the CSW data in srb's transfer buffer immediately after the validation of devices that skip data phase. Note: Differently from CVE-2018-1000204, which fixed a big leak by zero- ing pages at allocation time, this leak occurs after allocation, when USB protocol data is written to already-allocated sg pages. Fixes: a45b599ad808 ("scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()") Cc: stable(a)vger.kernel.org Signed-off-by: Desnes Nunes <desnesn(a)redhat.com> --- V2->V3: Changed memset to use sizeof(buf) and added a comment about the leak V1->V2: Used the same code style found on usb_stor_Bulk_transport() drivers/usb/storage/transport.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/usb/storage/transport.c b/drivers/usb/storage/transport.c index 1aa1bd26c81f..9a4bf86e7b6a 100644 --- a/drivers/usb/storage/transport.c +++ b/drivers/usb/storage/transport.c @@ -1200,7 +1200,23 @@ int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us) US_BULK_CS_WRAP_LEN && bcs->Signature == cpu_to_le32(US_BULK_CS_SIGN)) { + unsigned char buf[US_BULK_CS_WRAP_LEN]; + usb_stor_dbg(us, "Device skipped data phase\n"); + + /* + * Devices skipping data phase might leave CSW data in srb's + * transfer buffer. Zero it to prevent USB protocol leakage. + */ + sg = NULL; + offset = 0; + memset(buf, 0, sizeof(buf)); + if (usb_stor_access_xfer_buf(buf, + US_BULK_CS_WRAP_LEN, srb, &sg, + &offset, TO_XFER_BUF) != + US_BULK_CS_WRAP_LEN) + usb_stor_dbg(us, "Failed to clear CSW data\n"); + scsi_set_resid(srb, transfer_length); goto skipped_data_phase; } -- 2.51.0

10 hours, 30 minutes

2
1
0 0

[PATCH] gpiolib: Fix a null-ptr-deref in gpiolib_seq_stop()

by Ilia Gavrilov

Syzkaller reports a null-ptr-deref in gpiolib_seq_stop() [1] If the memory allocation for priv variable in gpiolib_seq_start() fails, then s->private remains uninitialized, which leads to a null pointer dereference to s->private in gpiolib_seq_stop(). [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 10120 Comm: gpio_seq_stop Not tainted 6.12.53 #4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:gpiolib_seq_stop+0x4c/0xd0 Code: 48 c1 ea 03 80 3c 02 00 0f 85 95 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 5d 8b RSP: 0018:ffffc90019f2fad8 EFLAGS: 00010247 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000400 RDX: 0000000000000000 RSI: ffffffff84c57bfe RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000dc0 R09: 00000000ffffffff R10: ffffffff8e3865b3 R11: 0000000000000001 R12: 0000000000000000 R13: ffffffff8bd9da80 R14: 0000000000010000 R15: 0000000000000000 FS: 00007fb9a07cf6c0(0000) GS:ffff888131600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004c2018 CR3: 00000000264c6000 CR4: 00000000000006f0 Call Trace: <TASK> seq_read_iter+0x610/0x1290 seq_read+0x3a4/0x570 ? __pfx_seq_read+0x10/0x10 full_proxy_read+0x12a/0x1a0 ? __pfx_full_proxy_read+0x10/0x10 vfs_read+0x1e2/0xcf0 ? __fget_files+0x23a/0x3f0 ? __pfx_lock_release+0x10/0x10 ? fdget_pos+0x24c/0x360 ? __pfx_vfs_read+0x10/0x10 ? __pfx___mutex_lock+0x10/0x10 ? __fget_files+0x244/0x3f0 ksys_read+0x12f/0x260 ? __pfx_ksys_read+0x10/0x10 do_syscall_64+0xcd/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller Fixes: e348544f7994 ("gpio: protect the list of GPIO devices with SRCU") Reported-by: syzbot+b95d0c98f01e7a95da72(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b95d0c98f01e7a95da72 Cc: stable(a)vger.kernel.org # 6.9+ Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> --- drivers/gpio/gpiolib.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 9952e412da50..13cf9f4bdc6d 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -5298,7 +5298,7 @@ static void *gpiolib_seq_start(struct seq_file *s, loff_t *pos) priv = kzalloc(sizeof(*priv), GFP_KERNEL); if (!priv) - return NULL; + return ERR_PTR(-ENOMEM); s->private = priv; if (*pos > 0) @@ -5331,8 +5331,11 @@ static void gpiolib_seq_stop(struct seq_file *s, void *v) { struct gpiolib_seq_priv *priv = s->private; - srcu_read_unlock(&gpio_devices_srcu, priv->idx); - kfree(priv); + if (!IS_ERR(v)) { + srcu_read_unlock(&gpio_devices_srcu, priv->idx); + kfree(priv); + } + s->private = NULL; } static int gpiolib_seq_show(struct seq_file *s, void *v) -- 2.39.5

10 hours, 31 minutes

1
0
0 0

[PATCH 0/3] SDM630/660: Add missing MDSS reset

by unknown＠example.com

Since kernel 6.17 display stack needs to reset the hardware properly to ensure that we don't run into issues with the hardware configured by the bootloader. MDSS reset is necessary to have working display when the bootloader has already initialized it for the boot splash screen. Signed-off-by: Alexey Minnekhanov <<alexeymin(a)postmarketos.org>> --- Alexey Minnekhanov (3): dt-bindings: clock: mmcc-sdm660: Add missing MDSS reset clk: qcom: mmcc-sdm660: Add missing MDSS reset arm64: dts: qcom: sdm630: Add missing MDSS reset arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + drivers/clk/qcom/mmcc-sdm660.c | 1 + include/dt-bindings/clock/qcom,mmcc-sdm660.h | 1 + 3 files changed, 3 insertions(+) --- base-commit: e53642b87a4f4b03a8d7e5f8507fc3cd0c595ea6 change-id: 20251031-sdm660-mdss-reset-015a46a238b5 Best regards, -- Alexey Minnekhanov <<alexeymin(a)postmarketos.org>>

10 hours, 34 minutes

5
8
0 0

[PATCH v4] arm64: dts: st: Add memory-region-names property for stm32mp257f-ev1

by Patrice Chotard

In order to set the AMCR register, which configures the memory-region split between ospi1 and ospi2, we need to identify the ospi instance. By using memory-region-names, it allows to identify the ospi instance this memory-region belongs to. Fixes: cad2492de91c ("arm64: dts: st: Add SPI NOR flash support on stm32mp257f-ev1 board") Cc: stable(a)vger.kernel.org Signed-off-by: Patrice Chotard <patrice.chotard(a)foss.st.com> --- Changes in v4: - Rebase on v6.18-rc1 - Link to v3: https://lore.kernel.org/r/20250811-upstream_fix_dts_omm-v3-1-c4186b7667cb@f… Changes in v3: - Set again "Cc: <stable(a)vger.kernel.org>" - Link to v2: https://lore.kernel.org/r/20250811-upstream_fix_dts_omm-v2-1-00ff55076bd5@f… Changes in v2: - Update commit message. - Use correct memory-region-names value. - Remove "Cc: <stable(a)vger.kernel.org>" tag as the fixed patch is not part of a LTS. - Link to v1: https://lore.kernel.org/r/20250806-upstream_fix_dts_omm-v1-1-e68c15ed422d@f… --- arch/arm64/boot/dts/st/stm32mp257f-ev1.dts | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/st/stm32mp257f-ev1.dts b/arch/arm64/boot/dts/st/stm32mp257f-ev1.dts index 6e165073f732..bb6d6393d2e4 100644 --- a/arch/arm64/boot/dts/st/stm32mp257f-ev1.dts +++ b/arch/arm64/boot/dts/st/stm32mp257f-ev1.dts @@ -266,6 +266,7 @@ &i2c8 { &ommanager { memory-region = <&mm_ospi1>; + memory-region-names = "ospi1"; pinctrl-0 = <&ospi_port1_clk_pins_a &ospi_port1_io03_pins_a &ospi_port1_cs0_pins_a>; --- base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787 change-id: 20250806-upstream_fix_dts_omm-c006b69042f1 Best regards, -- Patrice Chotard <patrice.chotard(a)foss.st.com>

10 hours, 48 minutes

1
0
0 0

[PATCH 0/9] dt-bindings: PCI: qcom: Add missing required power-domains

by Krzysztof Kozlowski

Recent binding changes forgot to make power-domains required. I am not updating SC8180xp because it will be fixed other way in my next patchset. Best regards, Krzysztof --- Krzysztof Kozlowski (9): dt-bindings: PCI: qcom,pcie-sa8775p: Add missing required power-domains dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains dt-bindings: PCI: qcom,pcie-x1e80100: Add missing required power-domains Documentation/devicetree/bindings/pci/qcom,pcie-sa8775p.yaml | 1 + Documentation/devicetree/bindings/pci/qcom,pcie-sc7280.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-sc8280xp.yaml | 1 + Documentation/devicetree/bindings/pci/qcom,pcie-sm8150.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8250.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8350.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8450.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-sm8550.yaml | 3 +++ Documentation/devicetree/bindings/pci/qcom,pcie-x1e80100.yaml | 3 +++ 9 files changed, 23 insertions(+) --- base-commit: 326bbf6e2b1ce8d1e6166cce2ca414aa241c382f change-id: 20251029-dt-bindings-pci-qcom-fixes-power-domains-36a669b2e252 Best regards, -- Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>

10 hours, 51 minutes

3
12
0 0

FAILED: patch "[PATCH] gpio: idio-16: Define fixed direction of the GPIO lines" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2ba5772e530f73eb847fb96ce6c4017894869552 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102619-plaster-sitting-ed2e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ba5772e530f73eb847fb96ce6c4017894869552 Mon Sep 17 00:00:00 2001 From: William Breathitt Gray <wbg(a)kernel.org> Date: Mon, 20 Oct 2025 17:51:46 +0900 Subject: [PATCH] gpio: idio-16: Define fixed direction of the GPIO lines The direction of the IDIO-16 GPIO lines is fixed with the first 16 lines as output and the remaining 16 lines as input. Set the gpio_config fixed_direction_output member to represent the fixed direction of the GPIO lines. Fixes: db02247827ef ("gpio: idio-16: Migrate to the regmap API") Reported-by: Mark Cave-Ayland <mark.caveayland(a)nutanix.com> Closes: https://lore.kernel.org/r/9b0375fd-235f-4ee1-a7fa-daca296ef6bf@nutanix.com Suggested-by: Michael Walle <mwalle(a)kernel.org> Cc: stable(a)vger.kernel.org # ae495810cffe: gpio: regmap: add the .fixed_direction_output configuration parameter Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: William Breathitt Gray <wbg(a)kernel.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Link: https://lore.kernel.org/r/20251020-fix-gpio-idio-16-regmap-v2-3-ebeb50e93c3… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/gpio/gpio-idio-16.c b/drivers/gpio/gpio-idio-16.c index 0103be977c66..4fbae6f6a497 100644 --- a/drivers/gpio/gpio-idio-16.c +++ b/drivers/gpio/gpio-idio-16.c @@ -6,6 +6,7 @@ #define DEFAULT_SYMBOL_NAMESPACE "GPIO_IDIO_16" +#include <linux/bitmap.h> #include <linux/bits.h> #include <linux/device.h> #include <linux/err.h> @@ -107,6 +108,7 @@ int devm_idio_16_regmap_register(struct device *const dev, struct idio_16_data *data; struct regmap_irq_chip *chip; struct regmap_irq_chip_data *chip_data; + DECLARE_BITMAP(fixed_direction_output, IDIO_16_NGPIO); if (!config->parent) return -EINVAL; @@ -164,6 +166,9 @@ int devm_idio_16_regmap_register(struct device *const dev, gpio_config.irq_domain = regmap_irq_get_domain(chip_data); gpio_config.reg_mask_xlate = idio_16_reg_mask_xlate; + bitmap_from_u64(fixed_direction_output, GENMASK_U64(15, 0)); + gpio_config.fixed_direction_output = fixed_direction_output; + return PTR_ERR_OR_ZERO(devm_gpio_regmap_register(dev, &gpio_config)); } EXPORT_SYMBOL_GPL(devm_idio_16_regmap_register);

11 hours, 43 minutes

3
9
0 0

Please backport commit 00d95fcc4dee ("docs: kdoc: handle the obsolescensce of docutils.ErrorString()") to v6.17.y

by Salvatore Bonaccorso

Hi When people update docutils to 0.22, then the Documentation build will start failing as documented with the commit 00d95fcc4dee ("docs: kdoc: handle the obsolescensce of docutils.ErrorString()"). So it would be nice if people can still build the documenation with newer versions (was for instance relevant for Debian unstable for building the 6.17.y based packages): https://bugs.debian.org/1118100 Thus can you please backport 00d95fcc4dee ("docs: kdoc: handle the obsolescensce of docutils.ErrorString()") down to 6.17.y stable series? The commit does not apply cleanly so adding a backport for it. Actually it would be nice to go further back, but I just tested as well 6.12.y and there due to missing faccc0ec64e1 ("docs: sphinx/kernel_abi: adjust coding style") there are more work. faccc0ec64e1 ("docs: sphinx/kernel_abi: adjust coding style") should be applicable but I'm not sure if you want to support that. Jonathan what would you think? Regards, Salvatore

12 hours, 22 minutes

4
6
0 0

[PATCH v2 1/1] mm/secretmem: fix use-after-free race in fault handler

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as not-present in the direct map, and add it to the file mapping. If two tasks cause a fault in the same page concurrently, both could end up allocating a folio and removing the page from the direct map, but only one would succeed in adding the folio to the file mapping. The task that failed undoes the effects of its attempt by (a) freeing the folio again and (b) putting the page back into the direct map. However, by doing these two operations in this order, the page becomes available to the allocator again before it is placed back in the direct mapping. If another task attempts to allocate the page between (a) and (b), and the kernel tries to access it via the direct map, it would result in a supervisor not-present page fault. Fix the ordering to restore the direct map before the folio is freed. Cc: <stable(a)vger.kernel.org> Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Reported-by: Google Big Sleep <big-sleep-vuln-reports(a)google.com> Closes: https://lore.kernel.org/linux-mm/CAEXGt5QeDpiHTu3K9tvjUTPqo+d-=wuCNYPa+6sWK… Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- v1 -> v2: - Collect Reviewed-by from Mike and Lorenzo - thanks! - Collect Acked-by from David - thanks! - Update the changelog as Mike suggested - https://lore.kernel.org/linux-mm/aQSIdCpf-2pJLwAF@kernel.org/ mm/secretmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/secretmem.c b/mm/secretmem.c index c1bd9a4b663d..37f6d1097853 100644 --- a/mm/secretmem.c +++ b/mm/secretmem.c @@ -82,13 +82,13 @@ static vm_fault_t secretmem_fault(struct vm_fault *vmf) __folio_mark_uptodate(folio); err = filemap_add_folio(mapping, folio, offset, gfp); if (unlikely(err)) { - folio_put(folio); /* * If a split of large page was required, it * already happened when we marked the page invalid * which guarantees that this call won't fail */ set_direct_map_default_noflush(folio_page(folio, 0)); + folio_put(folio); if (err == -EEXIST) goto retry; -- 2.49.0

12 hours, 45 minutes

1
0
0 0

[PATCH v3 1/6] ASoC: codecs: lpass-tx-macro: fix SM6115 support

by Srinivas Kandagatla

SM6115 does have soundwire controller in tx. For some reason we ended up with this incorrect patch. Fix this by adding the flag to reflect this in SoC data. Fixes: 510c46884299 ("ASoC: codecs: lpass-tx-macro: Add SM6115 support") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/codecs/lpass-tx-macro.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/lpass-tx-macro.c b/sound/soc/codecs/lpass-tx-macro.c index 1aefd3bde818..dbd8d0e4bc75 100644 --- a/sound/soc/codecs/lpass-tx-macro.c +++ b/sound/soc/codecs/lpass-tx-macro.c @@ -2473,7 +2473,8 @@ static const struct tx_macro_data lpass_ver_9_2 = { }; static const struct tx_macro_data lpass_ver_10_sm6115 = { - .flags = LPASS_MACRO_FLAG_HAS_NPL_CLOCK, + .flags = LPASS_MACRO_FLAG_HAS_NPL_CLOCK | + LPASS_MACRO_FLAG_RESET_SWR, .ver = LPASS_VER_10_0_0, .extra_widgets = tx_macro_dapm_widgets_v9_2, .extra_widgets_num = ARRAY_SIZE(tx_macro_dapm_widgets_v9_2), -- 2.51.0

12 hours, 48 minutes

1
0
0 0

[PATCH v2 1/6] ASoC: codecs: lpass-tx-macro: fix SM6115 support

by Srinivas Kandagatla

SM6115 does have soundwire controller in tx. For some reason we ended up with this incorrect patch. Fix this by adding the flag to reflect this in SoC data. Fixes: 510c46884299 ("ASoC: codecs: lpass-tx-macro: Add SM6115 support") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/codecs/lpass-tx-macro.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/codecs/lpass-tx-macro.c b/sound/soc/codecs/lpass-tx-macro.c index 1aefd3bde818..ac87c8874588 100644 --- a/sound/soc/codecs/lpass-tx-macro.c +++ b/sound/soc/codecs/lpass-tx-macro.c @@ -2474,6 +2474,7 @@ static const struct tx_macro_data lpass_ver_9_2 = { static const struct tx_macro_data lpass_ver_10_sm6115 = { .flags = LPASS_MACRO_FLAG_HAS_NPL_CLOCK, + LPASS_MACRO_FLAG_RESET_SWR, .ver = LPASS_VER_10_0_0, .extra_widgets = tx_macro_dapm_widgets_v9_2, .extra_widgets_num = ARRAY_SIZE(tx_macro_dapm_widgets_v9_2), -- 2.51.0

13 hours, 5 minutes

1
1
0 0

[PATCH 6.12 000/117] 6.12.56-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.56 release. There are 117 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.56-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.56-rc1 Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not warn if the page is already tagged in copy_highpage() Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove useless enable of enhanced features Daniel Golle <daniel(a)makrotopia.org> serial: 8250_mtk: Enable baud clock and manage in runtime PM Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Michael Grzeschik <m.grzeschik(a)pengutronix.de> tcpm: switch check for role_sw device with fw_node Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Junhao Xie <bigfoot(a)radxa.com> misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Andrew Cooper <andrew.cooper3(a)citrix.com> x86/microcode: Fix Entrysign revision check for Zen1/Naples Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Suma Hegde <suma.hegde(a)amd.com> platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL Kiran K <kiran.k(a)intel.com> Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: be smarter on when to update the stime usage Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: switch away from getrusage() for CPU accounting Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sched: Remove never used code in mm_cid_get() Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: correct __must_hold annotation in io_install_fixed_file Haotian Zhang <vulab(a)iscas.ac.cn> gpio: ljca: Fix duplicated IRQ mapping Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix qr_code, ensure vmargin is positive Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix drawing the logo on a small narrow screen Ondrej Mosnacek <omosnace(a)redhat.com> nbd: override creds to kernel when calling sock_{send,recv}msg() Guenter Roeck <linux(a)roeck-us.net> hwmon: (sht3x) Fix error handling Paul Walmsley <pjw(a)kernel.org> riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Anup Patel <apatel(a)ventanamicro.com> RISC-V: Define pgprot_dmacoherent() for non-coherent devices Akash Goel <akash.goel(a)arm.com> drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: fix reading/writing of flashes with more than one plane per lun Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: switch back to non-dma mode in the case of error Lorenzo Bianconi <lorenzo(a)kernel.org> spi: airoha: do not keep {tx,rx} dma buffer always mapped Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: add support of dual/quad wires spi modes to exec_op() handler Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: return an error for continuous mode dirmap creation cases Artem Shimko <a.shimko.dev(a)gmail.com> firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Account for failed debug initialization Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: broadcom: bcm2712: Define VGIC interrupt Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: broadcom: bcm2712: Add default GIC address cells Han Xu <han.xu(a)nxp.com> spi: spi-nxp-fspi: add extra delay after dll locked Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: increase max link count and fix link->enc NULL pointer access Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> mm: prevent poison consumption when splitting THP Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark implicit tests as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'flush re-add' as skipped if not supported Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Sebastian Reichel <sebastian.reichel(a)collabora.com> net: stmmac: dwmac-rk: Fix disabling set_clock_selection Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering David Howells <dhowells(a)redhat.com> cifs: Fix TCP_Server_Info::credits to be signed Marc Kleine-Budde <mkl(a)pengutronix.de> can: netlink: can_changelink(): allow disabling of automatic restart Xi Ruoyao <xry111(a)xry111.site> ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Hao Ge <gehao(a)kylinos.cn> slab: Fix obj_ext mistakenly considered NULL due to race condition Hao Ge <gehao(a)kylinos.cn> slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Darrick J. Wong <djwong(a)kernel.org> xfs: fix locking in xchk_nlinks_collect_dir William Breathitt Gray <wbg(a)kernel.org> gpio: 104-idio-16: Define maximum valid register address offset William Breathitt Gray <wbg(a)kernel.org> gpio: pci-idio-16: Define maximum valid register address offset Dewei Meng <mengdewei(a)cqsoftware.com.cn> btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Marek Szyprowski <m.szyprowski(a)samsung.com> dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Jakub Acs <acsjakub(a)amazon.de> fs/notify: call exportfs_encode_fid with s_umount Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix IPsec cleanup over MPV device Robert Marko <robert.marko(a)sartura.hr> net: phy: micrel: always set shared->phydev for LAN8814 Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Aksh Garg <a-garg7(a)ti.com> net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Wang Liang <wangliang74(a)huawei.com> net/smc: fix general protection fault in __smc_diag_dump Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Xin Long <lucien.xin(a)gmail.com> selftests: net: fix server bind failure in sctp_vrf.sh Marc Kleine-Budde <mkl(a)pengutronix.de> can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Marc Kleine-Budde <mkl(a)pengutronix.de> can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Marc Kleine-Budde <mkl(a)pengutronix.de> can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Jianpeng Chang <jianpeng.chang.cn(a)windriver.com> net: enetc: fix the deadlock of enetc_mdio_lock Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nathan Chancellor <nathan(a)kernel.org> net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Christian Loehle <christian.loehle(a)arm.com> PM: EM: Fix late boot with holes in CPU topology Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: EM: Move CPU capacity check to em_adjust_new_capacity() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: EM: Slightly reduce em_check_capacity_update() overhead Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: EM: Drop unused parameter from em_adjust_new_capacity() Linus Torvalds <torvalds(a)linux-foundation.org> Unbreak 'make tools/*' for user-space targets Stefan Metzmacher <metze(a)samba.org> smb: server: let smb_direct_flush_send_list() invalidate a remote key first Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Use __GFP_ACCOUNT for user page table allocations Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi: Relax the event ID check in the framework Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix unlikely race in gdlm_put_lock Fuad Tabba <tabba(a)google.com> arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Junjie Cao <junjie.cao(a)intel.com> lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kees Cook <kees(a)kernel.org> PCI: Test for bit underflow in pcie_set_readrq() Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret ------------- Diffstat: .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- Makefile | 8 +- arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/mm/copypage.c | 9 +- arch/arm64/tools/sysreg | 4 +- arch/m68k/include/asm/bitops.h | 25 +- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 ++ arch/powerpc/include/asm/pgtable.h | 12 - arch/powerpc/mm/book3s32/mmu.c | 4 +- arch/powerpc/mm/pgtable_32.c | 2 +- arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/kernel/cpu.c | 4 +- arch/riscv/kernel/sys_hwprobe.c | 6 + arch/s390/mm/pgalloc.c | 13 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- drivers/acpi/acpica/tbprint.c | 6 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 ++++++---- drivers/block/nbd.c | 15 ++ drivers/bluetooth/btintel.c | 28 ++- drivers/bluetooth/btintel.h | 3 + drivers/comedi/comedi_buf.c | 2 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/firmware/arm_scmi/common.h | 24 +- drivers/firmware/arm_scmi/driver.c | 47 ++-- drivers/gpio/gpio-104-idio-16.c | 1 + drivers/gpio/gpio-ljca.c | 14 +- drivers/gpio/gpio-pci-idio-16.c | 1 + .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 + drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 +- drivers/gpu/drm/drm_panic.c | 8 +- drivers/gpu/drm/panthor/panthor_mmu.c | 10 +- drivers/hwmon/sht3x.c | 27 +- drivers/misc/fastrpc.c | 2 + drivers/misc/lkdtm/fortify.c | 6 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 ++- drivers/net/can/bxcan.c | 2 +- drivers/net/can/dev/netlink.c | 6 +- drivers/net/can/esd/esdacc.c | 2 +- drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.c | 25 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 + .../net/ethernet/mellanox/mlx5/core/en/params.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 - .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 + .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 ++++++---- drivers/net/ethernet/renesas/ravb_main.c | 24 +- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 +- drivers/net/ethernet/ti/am65-cpts.c | 63 +++-- drivers/net/phy/micrel.c | 4 +- drivers/net/usb/rtl8150.c | 11 +- drivers/pci/pci.c | 6 +- drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 +- drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 +- drivers/platform/x86/amd/hsmp.c | 5 + drivers/ptp/ptp_ocp.c | 2 +- drivers/spi/spi-airoha-snfi.c | 280 ++++++++++++--------- drivers/spi/spi-nxp-fspi.c | 6 + drivers/tty/serial/8250/8250_dw.c | 4 +- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/tty/serial/8250/8250_mtk.c | 6 +- drivers/tty/serial/sc16is7xx.c | 7 - drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/xhci-dbgcap.c | 15 +- drivers/usb/serial/option.c | 10 + drivers/usb/typec/tcpm/tcpm.c | 4 +- fs/btrfs/super.c | 8 +- fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/gfs2/lock_dlm.c | 11 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 --- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 ++++ fs/hfsplus/super.c | 25 +- fs/notify/fdinfo.c | 6 + fs/ocfs2/move_extents.c | 5 + fs/smb/client/cifsglob.h | 2 +- fs/smb/server/transport_rdma.c | 11 +- fs/xfs/scrub/nlinks.c | 34 ++- fs/xfs/xfs_super.c | 33 ++- io_uring/fdinfo.c | 8 +- io_uring/filetable.c | 2 +- io_uring/sqpoll.c | 65 +++-- io_uring/sqpoll.h | 1 + kernel/dma/debug.c | 5 +- kernel/power/energy_model.c | 58 ++--- kernel/sched/sched.h | 2 - mm/huge_memory.c | 3 + mm/migrate.c | 3 +- mm/slub.c | 23 +- net/core/rtnetlink.c | 3 - net/sctp/inqueue.c | 13 +- net/smc/smc_inet.c | 13 - net/vmw_vsock/af_vsock.c | 38 +-- tools/objtool/check.c | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 +- tools/testing/selftests/net/sctp_hello.c | 17 +- tools/testing/selftests/net/sctp_vrf.sh | 73 +++--- 113 files changed, 1170 insertions(+), 688 deletions(-)

13 hours, 49 minutes

15
131
0 0

[PATCH 6.1 000/157] 6.1.158-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.158 release. There are 157 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.158-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.158-rc1 Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Leon Hwang <leon.hwang(a)linux.dev> Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix mailbox API compatibility by negotiating supported features Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbevf: fix getting link speed data for E610 devices Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> ixgbevf: Add support for Intel(R) E610 device Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> PCI: Add PCI_VDEVICE_SUB helper macro Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Christoph Hellwig <hch(a)lst.de> f2fs: factor a f2fs_map_blocks_cached helper Christoph Hellwig <hch(a)lst.de> f2fs: remove the create argument to f2fs_map_blocks Christoph Hellwig <hch(a)lst.de> f2fs: add a f2fs_get_block_locked helper Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Amir Goldstein <amir73il(a)gmail.com> fuse: allocate ff->release_args only if release is needed Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Devarsh Thakkar <devarsht(a)ti.com> phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> phy: cdns-dphy: Store hs_clk_rate and return it Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Junhao Xie <bigfoot(a)radxa.com> misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: correct __must_hold annotation in io_install_fixed_file Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Anup Patel <apatel(a)ventanamicro.com> RISC-V: Define pgprot_dmacoherent() for non-coherent devices Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark implicit tests as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'flush re-add' as skipped if not supported Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Sebastian Reichel <sebastian.reichel(a)collabora.com> net: stmmac: dwmac-rk: Fix disabling set_clock_selection Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde <mkl(a)pengutronix.de> can: netlink: can_changelink(): allow disabling of automatic restart Xi Ruoyao <xry111(a)xry111.site> ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nathan Chancellor <nathan(a)kernel.org> net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Stefan Metzmacher <metze(a)samba.org> smb: server: let smb_direct_flush_send_list() invalidate a remote key first Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Junjie Cao <junjie.cao(a)intel.com> lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads (part 2) Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> HID: multitouch: fix name of Stylus input devices Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: hid-input: only ignore 0 battery events for digitizers Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Alok Tiwari <alok.a.tiwari(a)oracle.com> drm/rockchip: vop2: use correct destination rectangle height check Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Generalize helper to clear IRQ status Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: nau8821: Cancel jdet_work before handling jack ejection Marek Vasut <marek.vasut(a)mailbox.org> drm/bridge: lt9211: Drop check for last nibble of version register Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for pending async decryptions if tls_strp_msg_hold fails Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sascha Hauer <s.hauer(a)pengutronix.de> net: tls: wait for async completion on last message Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Thomas Gleixner <tglx(a)linutronix.de> Bluetooth: hci_qca: Fix the teardown problem for real Steven Rostedt (Google) <rostedt(a)goodmis.org> timers: Update the documentation to reflect on the new timer_shutdown() API Thomas Gleixner <tglx(a)linutronix.de> timers: Provide timer_shutdown[_sync]() Thomas Gleixner <tglx(a)linutronix.de> timers: Add shutdown mechanism to the internal functions Thomas Gleixner <tglx(a)linutronix.de> timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode Thomas Gleixner <tglx(a)linutronix.de> timers: Silently ignore timers with a NULL function Thomas Gleixner <tglx(a)linutronix.de> Documentation: Replace del_timer/del_timer_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Replace BUG_ON()s Steven Rostedt (Google) <rostedt(a)goodmis.org> clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function Steven Rostedt (Google) <rostedt(a)goodmis.org> clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function Steven Rostedt (Google) <rostedt(a)goodmis.org> ARM: spear: Do not use timer namespace for timer_shutdown() function Thomas Gleixner <tglx(a)linutronix.de> Documentation: Remove bogus claim about del_timer_sync() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ecm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_rndis: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Marek Vasut <marek.vasut+renesas(a)mailbox.org> drm/rcar-du: dsi: Fix 1/2/3 lane support Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Check whether secure display TA loaded successfully Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Eugene Korenevsky <ekorenevsky(a)aliyun.com> cifs: parse_dfs_referrals: prevent oob on malformed input Filipe Manana <fdmanana(a)suse.com> btrfs: do not assert we found block group item when creating free space tree Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> ext4: wait for ongoing I/O to complete before freeing blocks Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init Shuhao Fu <sfual(a)cse.ust.hk> smb: client: Fix refcount leak for cifs_sb_tlink ------------- Diffstat: .../RCU/Design/Requirements/Requirements.rst | 2 +- Documentation/arm64/silicon-errata.rst | 2 + Documentation/core-api/local_ops.rst | 2 +- Documentation/kernel-hacking/locking.rst | 17 +- Documentation/networking/seg6-sysctl.rst | 3 + Documentation/timers/hrtimers.rst | 2 +- .../translations/it_IT/kernel-hacking/locking.rst | 14 +- .../translations/zh_CN/core-api/local_ops.rst | 2 +- Makefile | 4 +- arch/arm/mach-spear/time.c | 8 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/mte.c | 2 +- arch/m68k/include/asm/bitops.h | 25 +- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 + arch/powerpc/include/asm/pgtable.h | 12 - arch/powerpc/mm/book3s32/mmu.c | 4 +- arch/powerpc/mm/pgtable_32.c | 2 +- arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/kernel/cpu.c | 4 +- arch/riscv/kernel/probes/kprobes.c | 13 +- arch/x86/kernel/cpu/resctrl/monitor.c | 12 +- drivers/acpi/acpica/tbprint.c | 6 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 +++++---- drivers/base/power/runtime.c | 44 +++ drivers/bluetooth/hci_qca.c | 10 +- drivers/clocksource/arm_arch_timer.c | 12 +- drivers/clocksource/timer-sp804.c | 6 +- drivers/comedi/comedi_buf.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/bridge/lontium-lt9211.c | 3 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 +++--- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 5 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 8 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 13 +- drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 28 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +-- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/misc/fastrpc.c | 2 + drivers/misc/lkdtm/fortify.c | 6 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 ++- drivers/net/can/dev/netlink.c | 6 +- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/intel/ixgbevf/defines.h | 6 +- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 ++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 194 ++++++++++-- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 24 +- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 +- drivers/net/usb/lan78xx.c | 38 ++- drivers/net/usb/r8152.c | 7 +- drivers/net/usb/rtl8150.c | 11 +- drivers/pci/controller/cadence/pci-j721e.c | 64 +++- drivers/pci/controller/dwc/pcie-tegra194.c | 10 + drivers/pci/pci-sysfs.c | 10 +- drivers/phy/cadence/cdns-dphy.c | 133 ++++++-- drivers/s390/cio/device.c | 37 ++- drivers/tty/serial/8250/8250_dw.c | 4 +- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/function/f_acm.c | 42 ++- drivers/usb/gadget/function/f_ecm.c | 48 ++- drivers/usb/gadget/function/f_ncm.c | 78 ++--- drivers/usb/gadget/function/f_rndis.c | 85 +++--- drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/gadget/udc/core.c | 3 + drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/serial/option.c | 10 + fs/btrfs/free-space-tree.c | 15 +- fs/btrfs/relocation.c | 13 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/ext4/ext4_jbd2.c | 11 +- fs/ext4/inode.c | 8 + fs/ext4/super.c | 17 +- fs/f2fs/data.c | 108 ++++--- fs/f2fs/f2fs.h | 6 +- fs/f2fs/file.c | 16 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 75 +++-- fs/fuse/fuse_i.h | 2 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 --- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++ fs/hfsplus/super.c | 25 +- fs/hfsplus/unicode.c | 24 ++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 34 +-- fs/nfsd/nfs4xdr.c | 14 +- fs/nfsd/xdr4.h | 36 ++- fs/ocfs2/move_extents.c | 5 + fs/smb/client/inode.c | 6 +- fs/smb/client/misc.c | 17 ++ fs/smb/client/smb2ops.c | 8 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/server.h | 1 + fs/smb/server/smb2pdu.c | 4 + fs/smb/server/transport_ipc.c | 1 + fs/smb/server/transport_rdma.c | 11 +- fs/smb/server/transport_tcp.c | 67 ++--- fs/smb/server/transport_tcp.h | 1 + fs/xfs/libxfs/xfs_log_format.h | 30 +- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 ++- fs/xfs/xfs_ondisk.h | 2 + fs/xfs/xfs_super.c | 33 +- include/linux/cpufreq.h | 3 + include/linux/mm.h | 2 +- include/linux/pci.h | 14 + include/linux/pm_runtime.h | 4 + include/linux/timer.h | 2 + include/linux/usb/gadget.h | 25 ++ include/net/ip_tunnels.h | 15 + include/trace/events/f2fs.h | 11 +- io_uring/filetable.c | 2 +- kernel/padata.c | 6 +- kernel/sched/fair.c | 38 +-- kernel/time/timer.c | 335 ++++++++++++++++----- net/core/rtnetlink.c | 3 - net/ipv4/ip_tunnel.c | 14 - net/ipv4/tcp_output.c | 19 +- net/ipv6/ip6_tunnel.c | 3 +- net/sctp/inqueue.c | 13 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 28 +- net/vmw_vsock/af_vsock.c | 38 +-- rust/bindings/bindings_helper.h | 2 + rust/bindings/lib.rs | 1 + sound/firewire/amdtp-stream.h | 2 +- sound/soc/codecs/nau8821.c | 53 +++- sound/usb/card.c | 10 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 +- tools/testing/selftests/vm/map_hugetlb.c | 7 - 175 files changed, 2099 insertions(+), 1084 deletions(-)

13 hours, 50 minutes

12
168
0 0

Price Enquiries

by Elena Espinola

Hello! We introduce ourselves as Hanjin Group A general merchandise company located in South Korea. One of our partner introduced your company to us please let me know if you can accept new orders, I will have to forward our PO and specifications immediately to place a trial order. Please NOTE only copy & reply us to our sales box here> ( jannicre(a)yahoo.com ) Best Regards, Jannice Choi , Sales Director Email: jannicre(a)yahoo.com Head Office Address: 63, Namdaemun-ro, Jung-gu, Seoul, South Korea Tel: + 82-2-3287-742 Fax: +82-2-384-2491

14 hours, 3 minutes

1
0
0 0

[PATCH 1/1] mm/secretmem: fix use-after-free race in fault handler

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> The error path in secretmem_fault() frees a folio before restoring its direct map status, which is a race leading to a panic. Fix the ordering to restore the map before the folio is freed. Cc: <stable(a)vger.kernel.org> Reported-by: Google Big Sleep <big-sleep-vuln-reports(a)google.com> Closes: https://lore.kernel.org/linux-mm/CAEXGt5QeDpiHTu3K9tvjUTPqo+d-=wuCNYPa+6sWK… Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- mm/secretmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/secretmem.c b/mm/secretmem.c index c1bd9a4b663d..37f6d1097853 100644 --- a/mm/secretmem.c +++ b/mm/secretmem.c @@ -82,13 +82,13 @@ static vm_fault_t secretmem_fault(struct vm_fault *vmf) __folio_mark_uptodate(folio); err = filemap_add_folio(mapping, folio, offset, gfp); if (unlikely(err)) { - folio_put(folio); /* * If a split of large page was required, it * already happened when we marked the page invalid * which guarantees that this call won't fail */ set_direct_map_default_noflush(folio_page(folio, 0)); + folio_put(folio); if (err == -EEXIST) goto retry; -- 2.49.0

14 hours, 20 minutes

4
6
0 0

FAILED: patch "[PATCH] gpio: idio-16: Define fixed direction of the GPIO lines" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 2ba5772e530f73eb847fb96ce6c4017894869552 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102619-shortage-tabby-5157@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ba5772e530f73eb847fb96ce6c4017894869552 Mon Sep 17 00:00:00 2001 From: William Breathitt Gray <wbg(a)kernel.org> Date: Mon, 20 Oct 2025 17:51:46 +0900 Subject: [PATCH] gpio: idio-16: Define fixed direction of the GPIO lines The direction of the IDIO-16 GPIO lines is fixed with the first 16 lines as output and the remaining 16 lines as input. Set the gpio_config fixed_direction_output member to represent the fixed direction of the GPIO lines. Fixes: db02247827ef ("gpio: idio-16: Migrate to the regmap API") Reported-by: Mark Cave-Ayland <mark.caveayland(a)nutanix.com> Closes: https://lore.kernel.org/r/9b0375fd-235f-4ee1-a7fa-daca296ef6bf@nutanix.com Suggested-by: Michael Walle <mwalle(a)kernel.org> Cc: stable(a)vger.kernel.org # ae495810cffe: gpio: regmap: add the .fixed_direction_output configuration parameter Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: William Breathitt Gray <wbg(a)kernel.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Link: https://lore.kernel.org/r/20251020-fix-gpio-idio-16-regmap-v2-3-ebeb50e93c3… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/gpio/gpio-idio-16.c b/drivers/gpio/gpio-idio-16.c index 0103be977c66..4fbae6f6a497 100644 --- a/drivers/gpio/gpio-idio-16.c +++ b/drivers/gpio/gpio-idio-16.c @@ -6,6 +6,7 @@ #define DEFAULT_SYMBOL_NAMESPACE "GPIO_IDIO_16" +#include <linux/bitmap.h> #include <linux/bits.h> #include <linux/device.h> #include <linux/err.h> @@ -107,6 +108,7 @@ int devm_idio_16_regmap_register(struct device *const dev, struct idio_16_data *data; struct regmap_irq_chip *chip; struct regmap_irq_chip_data *chip_data; + DECLARE_BITMAP(fixed_direction_output, IDIO_16_NGPIO); if (!config->parent) return -EINVAL; @@ -164,6 +166,9 @@ int devm_idio_16_regmap_register(struct device *const dev, gpio_config.irq_domain = regmap_irq_get_domain(chip_data); gpio_config.reg_mask_xlate = idio_16_reg_mask_xlate; + bitmap_from_u64(fixed_direction_output, GENMASK_U64(15, 0)); + gpio_config.fixed_direction_output = fixed_direction_output; + return PTR_ERR_OR_ZERO(devm_gpio_regmap_register(dev, &gpio_config)); } EXPORT_SYMBOL_GPL(devm_idio_16_regmap_register);

15 hours, 22 minutes

4
8
0 0

[PATCH 5.10.y 0/3] v5.10: fix build with GCC 15

by Matthieu Baerts (NGI0)

This kernel version doesn't build with GCC 15: In file included from include/uapi/linux/posix_types.h:5, from include/uapi/linux/types.h:14, from include/linux/types.h:6, from arch/x86/realmode/rm/wakeup.h:11, from arch/x86/realmode/rm/wakemain.c:2: include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant 11 | false = 0, | ^~~~~ include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards include/linux/types.h:30:33: error: 'bool' cannot be defined via 'typedef' 30 | typedef _Bool bool; | ^~~~ include/linux/types.h:30:33: note: 'bool' is a keyword with '-std=c23' onwards include/linux/types.h:30:1: warning: useless type name in empty declaration 30 | typedef _Bool bool; | ^~~~~~~ I initially fixed this by adding -std=gnu11 in arch/x86/Makefile, then I realised this fix was already done in an upstream commit, created before the GCC 15 release and not mentioning the error I had. This is the first patch. When I was investigating my error, I noticed other commits were already backported to stable versions. They were all adding -std=gnu11 in different Makefiles. In their commit message, they were mentioning 'gnu11' was picked to use the same as the one from the main Makefile. But this is not the case in this kernel version. Patch 2 fixes that. Finally, I noticed an extra warning that I didn't have in v5.15. Patch 3 fixes that. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Alexey Dobriyan (1): x86/boot: Compile boot code with -std=gnu11 too Matthieu Baerts (NGI0) (2): arch: back to -std=gnu89 in < v5.18 tracing: fix declaration-after-statement warning arch/parisc/boot/compressed/Makefile | 2 +- arch/s390/Makefile | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- kernel/trace/trace_events_synth.c | 3 ++- 7 files changed, 8 insertions(+), 7 deletions(-) --- base-commit: a32db271d59d9f35f3a937ac27fcc2db1e029cdc change-id: 20251017-v5-10-gcc-15-ad2510f784f7 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

16 hours, 45 minutes

4
6
0 0

[PATCH 6.12.y] f2fs: fix to avoid panic once fallocation fails for pinfile

by Rajani Kantha

From: Chao Yu <chao(a)kernel.org> [ Upstream commit 48ea8b200414ac69ea96f4c231f5c7ef1fbeffef ] syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 RIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline] RIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876 Call Trace: <TASK> __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3210 f2fs_allocate_new_section fs/f2fs/segment.c:3224 [inline] f2fs_allocate_pinning_section+0xfa/0x4e0 fs/f2fs/segment.c:3238 f2fs_expand_inode_data+0x696/0xca0 fs/f2fs/file.c:1830 f2fs_fallocate+0x537/0xa10 fs/f2fs/file.c:1940 vfs_fallocate+0x569/0x6e0 fs/open.c:327 do_vfs_ioctl+0x258c/0x2e40 fs/ioctl.c:885 __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x80/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Concurrent pinfile allocation may run out of free section, result in panic in get_new_segment(), let's expand pin_sem lock coverage to include f2fs_gc(), so that we can make sure to reclaim enough free space for following allocation. In addition, do below changes to enhance error path handling: - call f2fs_bug_on() only in non-pinfile allocation path in get_new_segment(). - call reset_curseg_fields() to reset all fields of curseg in new_curseg() Fixes: f5a53edcf01e ("f2fs: support aligned pinned file") Reported-by: syzbot+15669ec8c35ddf6c3d43(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-f2fs-devel/675cd64e.050a0220.37aaf.00bb.GAE@g… Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Rajani Kantha <681739313(a)139.com> --- fs/f2fs/file.c | 8 +++++--- fs/f2fs/segment.c | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 2a108c561e8b..6317dd523ecd 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1836,18 +1836,20 @@ static int f2fs_expand_inode_data(struct inode *inode, loff_t offset, map.m_len = sec_blks; next_alloc: + f2fs_down_write(&sbi->pin_sem); + if (has_not_enough_free_secs(sbi, 0, f2fs_sb_has_blkzoned(sbi) ? ZONED_PIN_SEC_REQUIRED_COUNT : GET_SEC_FROM_SEG(sbi, overprovision_segments(sbi)))) { f2fs_down_write(&sbi->gc_lock); stat_inc_gc_call_count(sbi, FOREGROUND); err = f2fs_gc(sbi, &gc_control); - if (err && err != -ENODATA) + if (err && err != -ENODATA) { + f2fs_up_write(&sbi->pin_sem); goto out_err; + } } - f2fs_down_write(&sbi->pin_sem); - err = f2fs_allocate_pinning_section(sbi); if (err) { f2fs_up_write(&sbi->pin_sem); diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index e48b5e2efea2..8ac6206110a1 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -2749,7 +2749,7 @@ static int get_new_segment(struct f2fs_sb_info *sbi, MAIN_SECS(sbi)); if (secno >= MAIN_SECS(sbi)) { ret = -ENOSPC; - f2fs_bug_on(sbi, 1); + f2fs_bug_on(sbi, !pinning); goto out_unlock; } } @@ -2795,7 +2795,7 @@ static int get_new_segment(struct f2fs_sb_info *sbi, out_unlock: spin_unlock(&free_i->segmap_lock); - if (ret == -ENOSPC) + if (ret == -ENOSPC && !pinning) f2fs_stop_checkpoint(sbi, false, STOP_CP_REASON_NO_SEGMENT); return ret; } @@ -2868,6 +2868,13 @@ static unsigned int __get_next_segno(struct f2fs_sb_info *sbi, int type) return curseg->segno; } +static void reset_curseg_fields(struct curseg_info *curseg) +{ + curseg->inited = false; + curseg->segno = NULL_SEGNO; + curseg->next_segno = 0; +} + /* * Allocate a current working segment. * This function always allocates a free segment in LFS manner. @@ -2886,7 +2893,7 @@ static int new_curseg(struct f2fs_sb_info *sbi, int type, bool new_sec) ret = get_new_segment(sbi, &segno, new_sec, pinning); if (ret) { if (ret == -ENOSPC) - curseg->segno = NULL_SEGNO; + reset_curseg_fields(curseg); return ret; } @@ -3640,13 +3647,6 @@ static void f2fs_randomize_chunk(struct f2fs_sb_info *sbi, get_random_u32_inclusive(1, sbi->max_fragment_hole); } -static void reset_curseg_fields(struct curseg_info *curseg) -{ - curseg->inited = false; - curseg->segno = NULL_SEGNO; - curseg->next_segno = 0; -} - int f2fs_allocate_data_block(struct f2fs_sb_info *sbi, struct page *page, block_t old_blkaddr, block_t *new_blkaddr, struct f2fs_summary *sum, int type, -- 2.17.1

18 hours, 38 minutes

1
0
0 0

[PATCH net V2] virtio_net: fix alignment for virtio_net_hdr_v1_hash

by Jason Wang

From: "Michael S. Tsirkin" <mst(a)redhat.com> Changing alignment of header would mean it's no longer safe to cast a 2 byte aligned pointer between formats. Use two 16 bit fields to make it 2 byte aligned as previously. This fixes the performance regression since commit ("virtio_net: enable gso over UDP tunnel support.") as it uses virtio_net_hdr_v1_hash_tunnel which embeds virtio_net_hdr_v1_hash. Pktgen in guest + XDP_DROP on TAP + vhost_net shows the TX PPS is recovered from 2.4Mpps to 4.45Mpps. Fixes: 56a06bd40fab ("virtio_net: enable gso over UDP tunnel support.") Cc: stable(a)vger.kernel.org Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- Changes since V1: - Fix build issues of virtio_net_hdr_tnl_from_skb() --- drivers/net/virtio_net.c | 15 +++++++++++++-- include/linux/virtio_net.h | 3 ++- include/uapi/linux/virtio_net.h | 3 ++- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 8e8a179aaa49..e6e650bc3bc3 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -2539,6 +2539,13 @@ static struct sk_buff *receive_mergeable(struct net_device *dev, return NULL; } +static inline u32 +virtio_net_hash_value(const struct virtio_net_hdr_v1_hash *hdr_hash) +{ + return __le16_to_cpu(hdr_hash->hash_value_lo) | + (__le16_to_cpu(hdr_hash->hash_value_hi) << 16); +} + static void virtio_skb_set_hash(const struct virtio_net_hdr_v1_hash *hdr_hash, struct sk_buff *skb) { @@ -2565,7 +2572,7 @@ static void virtio_skb_set_hash(const struct virtio_net_hdr_v1_hash *hdr_hash, default: rss_hash_type = PKT_HASH_TYPE_NONE; } - skb_set_hash(skb, __le32_to_cpu(hdr_hash->hash_value), rss_hash_type); + skb_set_hash(skb, virtio_net_hash_value(hdr_hash), rss_hash_type); } static void virtnet_receive_done(struct virtnet_info *vi, struct receive_queue *rq, @@ -3311,6 +3318,10 @@ static int xmit_skb(struct send_queue *sq, struct sk_buff *skb, bool orphan) pr_debug("%s: xmit %p %pM\n", vi->dev->name, skb, dest); + /* Make sure it's safe to cast between formats */ + BUILD_BUG_ON(__alignof__(*hdr) != __alignof__(hdr->hash_hdr)); + BUILD_BUG_ON(__alignof__(*hdr) != __alignof__(hdr->hash_hdr.hdr)); + can_push = vi->any_header_sg && !((unsigned long)skb->data & (__alignof__(*hdr) - 1)) && !skb_header_cloned(skb) && skb_headroom(skb) >= hdr_len; @@ -6750,7 +6761,7 @@ static int virtnet_xdp_rx_hash(const struct xdp_md *_ctx, u32 *hash, hash_report = VIRTIO_NET_HASH_REPORT_NONE; *rss_type = virtnet_xdp_rss_type[hash_report]; - *hash = __le32_to_cpu(hdr_hash->hash_value); + *hash = virtio_net_hash_value(hdr_hash); return 0; } diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 4d1780848d0e..b673c31569f3 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -401,7 +401,8 @@ virtio_net_hdr_tnl_from_skb(const struct sk_buff *skb, if (!tnl_hdr_negotiated) return -EINVAL; - vhdr->hash_hdr.hash_value = 0; + vhdr->hash_hdr.hash_value_lo = 0; + vhdr->hash_hdr.hash_value_hi = 0; vhdr->hash_hdr.hash_report = 0; vhdr->hash_hdr.padding = 0; diff --git a/include/uapi/linux/virtio_net.h b/include/uapi/linux/virtio_net.h index 8bf27ab8bcb4..1db45b01532b 100644 --- a/include/uapi/linux/virtio_net.h +++ b/include/uapi/linux/virtio_net.h @@ -193,7 +193,8 @@ struct virtio_net_hdr_v1 { struct virtio_net_hdr_v1_hash { struct virtio_net_hdr_v1 hdr; - __le32 hash_value; + __le16 hash_value_lo; + __le16 hash_value_hi; #define VIRTIO_NET_HASH_REPORT_NONE 0 #define VIRTIO_NET_HASH_REPORT_IPv4 1 #define VIRTIO_NET_HASH_REPORT_TCPv4 2 -- 2.31.1

18 hours, 50 minutes

1
0
0 0

+ nilfs2-avoid-having-an-active-sc_timer-before-freeing-sci.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: avoid having an active sc_timer before freeing sci has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-avoid-having-an-active-sc_timer-before-freeing-sci.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Edward Adam Davis <eadavis(a)qq.com> Subject: nilfs2: avoid having an active sc_timer before freeing sci Date: Thu, 30 Oct 2025 07:51:52 +0900 Because kthread_stop did not stop sc_task properly and returned -EINTR, the sc_timer was not properly closed, ultimately causing the problem [1] reported by syzbot when freeing sci due to the sc_timer not being closed. Because the thread sc_task main function nilfs_segctor_thread() returns 0 when it succeeds, when the return value of kthread_stop() is not 0 in nilfs_segctor_destroy(), we believe that it has not properly closed sc_timer. We use timer_shutdown_sync() to sync wait for sc_timer to shutdown, and set the value of sc_task to NULL under the protection of lock sc_state_lock, so as to avoid the issue caused by sc_timer not being properly shutdowned. [1] ODEBUG: free active (active state 0) object: 00000000dacb411a object type: timer_list hint: nilfs_construction_timeout Call trace: nilfs_segctor_destroy fs/nilfs2/segment.c:2811 [inline] nilfs_detach_log_writer+0x668/0x8cc fs/nilfs2/segment.c:2877 nilfs_put_super+0x4c/0x12c fs/nilfs2/super.c:509 Link: https://lkml.kernel.org/r/20251029225226.16044-1-konishi.ryusuke@gmail.com Fixes: 3f66cc261ccb ("nilfs2: use kthread_create and kthread_stop for the log writer thread") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+24d8b70f039151f65590(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=24d8b70f039151f65590 Tested-by: syzbot+24d8b70f039151f65590(a)syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Cc: <stable(a)vger.kernel.org> [6.12+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/fs/nilfs2/segment.c~nilfs2-avoid-having-an-active-sc_timer-before-freeing-sci +++ a/fs/nilfs2/segment.c @@ -2768,7 +2768,12 @@ static void nilfs_segctor_destroy(struct if (sci->sc_task) { wake_up(&sci->sc_wait_daemon); - kthread_stop(sci->sc_task); + if (kthread_stop(sci->sc_task)) { + spin_lock(&sci->sc_state_lock); + sci->sc_task = NULL; + timer_shutdown_sync(&sci->sc_timer); + spin_unlock(&sci->sc_state_lock); + } } spin_lock(&sci->sc_state_lock); _ Patches currently in -mm which might be from eadavis(a)qq.com are nilfs2-avoid-having-an-active-sc_timer-before-freeing-sci.patch

20 hours, 35 minutes

1
0
0 0

+ scripts-decode_stacktracesh-fix-build-id-and-pc-source-parsing.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: scripts/decode_stacktrace.sh: fix build ID and PC source parsing has been added to the -mm mm-hotfixes-unstable branch. Its filename is scripts-decode_stacktracesh-fix-build-id-and-pc-source-parsing.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Carlos Llamas <cmllamas(a)google.com> Subject: scripts/decode_stacktrace.sh: fix build ID and PC source parsing Date: Thu, 30 Oct 2025 01:03:33 +0000 Support for parsing PC source info in stacktraces (e.g. '(P)') was added in commit 2bff77c665ed ("scripts/decode_stacktrace.sh: fix decoding of lines with an additional info"). However, this logic was placed after the build ID processing. This incorrect order fails to parse lines containing both elements, e.g.: drm_gem_mmap_obj+0x114/0x200 [drm 03d0564e0529947d67bb2008c3548be77279fd27] (P) This patch fixes the problem by extracting the PC source info first and then processing the module build ID. With this change, the line above is now properly parsed as such: drm_gem_mmap_obj (./include/linux/mmap_lock.h:212 ./include/linux/mm.h:811 drivers/gpu/drm/drm_gem.c:1177) drm (P) While here, also add a brief explanation the build ID section. Link: https://lkml.kernel.org/r/20251030010347.2731925-1-cmllamas@google.com Fixes: bdf8eafbf7f5 ("arm64: stacktrace: report source of unwind data") Fixes: 2bff77c665ed ("scripts/decode_stacktrace.sh: fix decoding of lines with an additional info") Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Reviewed-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Marc Rutland <mark.rutland(a)arm.com> Cc: Mark Brown <broonie(a)kernel.org> Cc: Matthieu Baerts <matttbe(a)kernel.org> Cc: Miroslav Benes <mbenes(a)suse.cz> Cc: Puranjay Mohan <puranjay(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/decode_stacktrace.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) --- a/scripts/decode_stacktrace.sh~scripts-decode_stacktracesh-fix-build-id-and-pc-source-parsing +++ a/scripts/decode_stacktrace.sh @@ -277,12 +277,6 @@ handle_line() { fi done - if [[ ${words[$last]} =~ ^[0-9a-f]+\] ]]; then - words[$last-1]="${words[$last-1]} ${words[$last]}" - unset words[$last] spaces[$last] - last=$(( $last - 1 )) - fi - # Extract info after the symbol if present. E.g.: # func_name+0x54/0x80 (P) # ^^^ @@ -294,6 +288,14 @@ handle_line() { unset words[$last] spaces[$last] last=$(( $last - 1 )) fi + + # Join module name with its build id if present, as these were + # split during tokenization (e.g. "[module" and "modbuildid]"). + if [[ ${words[$last]} =~ ^[0-9a-f]+\] ]]; then + words[$last-1]="${words[$last-1]} ${words[$last]}" + unset words[$last] spaces[$last] + last=$(( $last - 1 )) + fi if [[ ${words[$last]} =~ \[([^]]+)\] ]]; then module=${words[$last]} _ Patches currently in -mm which might be from cmllamas(a)google.com are scripts-decode_stacktracesh-fix-build-id-and-pc-source-parsing.patch

20 hours, 57 minutes

1
0
0 0

[PATCH v2] usb: storage: Fix memory leak in USB bulk transport

by Desnes Nunes

A kernel memory leak was identified by the 'ioctl_sg01' test from Linux Test Project (LTP). The following bytes were mainly observed: 0x53425355. When USB storage devices incorrectly skip the data phase with status data, the code extracts/validates the CSW from the sg buffer, but fails to clear it afterwards. This leaves status protocol data in srb's transfer buffer, such as the US_BULK_CS_SIGN 'USBS' signature observed here. Thus, this can lead to USB protocols leaks to user space through SCSI generic (/dev/sg*) interfaces, such as the one seen here when the LTP test requested 512 KiB. Fix the leak by zeroing the CSW data in srb's transfer buffer immediately after the validation of devices that skip data phase. Note: Differently from CVE-2018-1000204, which fixed a big leak by zero- ing pages at allocation time, this leak occurs after allocation, when USB protocol data is written to already-allocated sg pages. v2: Use the same code style found on usb_stor_Bulk_transport() Fixes: a45b599ad808 ("scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()") Cc: stable(a)vger.kernel.org Signed-off-by: Desnes Nunes <desnesn(a)redhat.com> --- drivers/usb/storage/transport.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/usb/storage/transport.c b/drivers/usb/storage/transport.c index 1aa1bd26c81f..ee6b89f7f9ac 100644 --- a/drivers/usb/storage/transport.c +++ b/drivers/usb/storage/transport.c @@ -1200,7 +1200,19 @@ int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us) US_BULK_CS_WRAP_LEN && bcs->Signature == cpu_to_le32(US_BULK_CS_SIGN)) { + unsigned char buf[US_BULK_CS_WRAP_LEN]; + + sg = NULL; + offset = 0; + memset(buf, 0, US_BULK_CS_WRAP_LEN); usb_stor_dbg(us, "Device skipped data phase\n"); + + if (usb_stor_access_xfer_buf(buf, + US_BULK_CS_WRAP_LEN, srb, &sg, + &offset, TO_XFER_BUF) != + US_BULK_CS_WRAP_LEN) + usb_stor_dbg(us, "Failed to clear CSW data\n"); + scsi_set_resid(srb, transfer_length); goto skipped_data_phase; } -- 2.51.0

21 hours, 3 minutes

2
2
0 0

+ mm-damon-sysfs-change-next_update_jiffies-to-a-global-variable.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/sysfs: change next_update_jiffies to a global variable has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-sysfs-change-next_update_jiffies-to-a-global-variable.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Quanmin Yan <yanquanmin1(a)huawei.com> Subject: mm/damon/sysfs: change next_update_jiffies to a global variable Date: Thu, 30 Oct 2025 10:07:46 +0800 In DAMON's damon_sysfs_repeat_call_fn(), time_before() is used to compare the current jiffies with next_update_jiffies to determine whether to update the sysfs files at this moment. On 32-bit systems, the kernel initializes jiffies to "-5 minutes" to make jiffies wrap bugs appear earlier. However, this causes time_before() in damon_sysfs_repeat_call_fn() to unexpectedly return true during the first 5 minutes after boot on 32-bit systems (see [1] for more explanation, which fixes another jiffies-related issue before). As a result, DAMON does not update sysfs files during that period. There is also an issue unrelated to the system's word size[2]: if the user stops DAMON just after next_update_jiffies is updated and restarts it after 'refresh_ms' or a longer delay, next_update_jiffies will retain an older value, causing time_before() to return false and the update to happen earlier than expected. Fix these issues by making next_update_jiffies a global variable and initializing it each time DAMON is started. Link: https://lkml.kernel.org/r/20251030020746.967174-3-yanquanmin1@huawei.com Link: https://lkml.kernel.org/r/20250822025057.1740854-1-ekffu200098@gmail.com [1] Link: https://lore.kernel.org/all/20251029013038.66625-1-sj@kernel.org/ [2] Fixes: d809a7c64ba8 ("mm/damon/sysfs: implement refresh_ms file internal work") Suggested-by: SeongJae Park <sj(a)kernel.org> Reviewed-by: SeongJae Park <sj(a)kernel.org> Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: ze zuo <zuoze1(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/damon/sysfs.c~mm-damon-sysfs-change-next_update_jiffies-to-a-global-variable +++ a/mm/damon/sysfs.c @@ -1552,16 +1552,17 @@ static struct damon_ctx *damon_sysfs_bui return ctx; } +static unsigned long damon_sysfs_next_update_jiffies; + static int damon_sysfs_repeat_call_fn(void *data) { struct damon_sysfs_kdamond *sysfs_kdamond = data; - static unsigned long next_update_jiffies; if (!sysfs_kdamond->refresh_ms) return 0; - if (time_before(jiffies, next_update_jiffies)) + if (time_before(jiffies, damon_sysfs_next_update_jiffies)) return 0; - next_update_jiffies = jiffies + + damon_sysfs_next_update_jiffies = jiffies + msecs_to_jiffies(sysfs_kdamond->refresh_ms); if (!mutex_trylock(&damon_sysfs_lock)) @@ -1607,6 +1608,9 @@ static int damon_sysfs_turn_damon_on(str } kdamond->damon_ctx = ctx; + damon_sysfs_next_update_jiffies = + jiffies + msecs_to_jiffies(kdamond->refresh_ms); + repeat_call_control->fn = damon_sysfs_repeat_call_fn; repeat_call_control->data = kdamond; repeat_call_control->repeat = true; _ Patches currently in -mm which might be from yanquanmin1(a)huawei.com are mm-damon-stat-change-last_refresh_jiffies-to-a-global-variable.patch mm-damon-sysfs-change-next_update_jiffies-to-a-global-variable.patch mm-damon-add-a-min_sz_region-parameter-to-damon_set_region_biggest_system_ram_default.patch mm-damon-reclaim-use-min_sz_region-for-core-address-alignment-when-setting-regions.patch

21 hours, 26 minutes

1
0
0 0

+ mm-damon-stat-change-last_refresh_jiffies-to-a-global-variable.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/stat: change last_refresh_jiffies to a global variable has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-stat-change-last_refresh_jiffies-to-a-global-variable.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Quanmin Yan <yanquanmin1(a)huawei.com> Subject: mm/damon/stat: change last_refresh_jiffies to a global variable Date: Thu, 30 Oct 2025 10:07:45 +0800 Patch series "mm/damon: fixes for the jiffies-related issues", v2. On 32-bit systems, the kernel initializes jiffies to "-5 minutes" to make jiffies wrap bugs appear earlier. However, this may cause the time_before() series of functions to return unexpected values, resulting in DAMON not functioning as intended. Meanwhile, similar issues exist in some specific user operation scenarios. This patchset addresses these issues. The first patch is about the DAMON_STAT module, and the second patch is about the core layer's sysfs. This patch (of 2): In DAMON_STAT's damon_stat_damon_call_fn(), time_before_eq() is used to avoid unnecessarily frequent stat update. On 32-bit systems, the kernel initializes jiffies to "-5 minutes" to make jiffies wrap bugs appear earlier. However, this causes time_before_eq() in DAMON_STAT to unexpectedly return true during the first 5 minutes after boot on 32-bit systems (see [1] for more explanation, which fixes another jiffies-related issue before). As a result, DAMON_STAT does not update any monitoring results during that period, which becomes more confusing when DAMON_STAT_ENABLED_DEFAULT is enabled. There is also an issue unrelated to the system's word size[2]: if the user stops DAMON_STAT just after last_refresh_jiffies is updated and restarts it after 5 seconds or a longer delay, last_refresh_jiffies will retain an older value, causing time_before_eq() to return false and the update to happen earlier than expected. Fix these issues by making last_refresh_jiffies a global variable and initializing it each time DAMON_STAT is started. Link: https://lkml.kernel.org/r/20251030020746.967174-2-yanquanmin1@huawei.com Link: https://lkml.kernel.org/r/20250822025057.1740854-1-ekffu200098@gmail.com [1] Link: https://lore.kernel.org/all/20251028143250.50144-1-sj@kernel.org/ [2] Fixes: fabdd1e911da ("mm/damon/stat: calculate and expose estimated memory bandwidth") Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com> Suggested-by: SeongJae Park <sj(a)kernel.org> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: ze zuo <zuoze1(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/stat.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/mm/damon/stat.c~mm-damon-stat-change-last_refresh_jiffies-to-a-global-variable +++ a/mm/damon/stat.c @@ -46,6 +46,8 @@ MODULE_PARM_DESC(aggr_interval_us, static struct damon_ctx *damon_stat_context; +static unsigned long damon_stat_last_refresh_jiffies; + static void damon_stat_set_estimated_memory_bandwidth(struct damon_ctx *c) { struct damon_target *t; @@ -130,13 +132,12 @@ static void damon_stat_set_idletime_perc static int damon_stat_damon_call_fn(void *data) { struct damon_ctx *c = data; - static unsigned long last_refresh_jiffies; /* avoid unnecessarily frequent stat update */ - if (time_before_eq(jiffies, last_refresh_jiffies + + if (time_before_eq(jiffies, damon_stat_last_refresh_jiffies + msecs_to_jiffies(5 * MSEC_PER_SEC))) return 0; - last_refresh_jiffies = jiffies; + damon_stat_last_refresh_jiffies = jiffies; aggr_interval_us = c->attrs.aggr_interval; damon_stat_set_estimated_memory_bandwidth(c); @@ -210,6 +211,8 @@ static int damon_stat_start(void) err = damon_start(&damon_stat_context, 1, true); if (err) return err; + + damon_stat_last_refresh_jiffies = jiffies; call_control.data = damon_stat_context; return damon_call(damon_stat_context, &call_control); } _ Patches currently in -mm which might be from yanquanmin1(a)huawei.com are mm-damon-stat-change-last_refresh_jiffies-to-a-global-variable.patch mm-damon-sysfs-change-next_update_jiffies-to-a-global-variable.patch mm-damon-add-a-min_sz_region-parameter-to-damon_set_region_biggest_system_ram_default.patch mm-damon-reclaim-use-min_sz_region-for-core-address-alignment-when-setting-regions.patch

21 hours, 26 minutes

1
0
0 0

[to-be-updated] s390-fix-hugetlb-vmemmap-optimization-crash.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: s390: fix HugeTLB vmemmap optimization crash has been removed from the -mm tree. Its filename was s390-fix-hugetlb-vmemmap-optimization-crash.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Luiz Capitulino <luizcap(a)redhat.com> Subject: s390: fix HugeTLB vmemmap optimization crash Date: Tue, 28 Oct 2025 17:15:33 -0400 A reproducible crash occurs when enabling HugeTLB vmemmap optimization (HVO) on s390. The crash and the proposed fix were worked on an s390 KVM guest running on an older hypervisor, as I don't have access to an LPAR. However, the same issue should occur on bare-metal. Reproducer (it may take a few runs to trigger): # sysctl vm.hugetlb_optimize_vmemmap=1 # echo 1 > /proc/sys/vm/nr_hugepages # echo 0 > /proc/sys/vm/nr_hugepages Crash log: [ 52.340369] list_del corruption. prev->next should be 000000d382110008, but was 000000d7116d3880. (prev=000000d7116d3910) [ 52.340420] ------------[ cut here ]------------ [ 52.340424] kernel BUG at lib/list_debug.c:62! [ 52.340566] monitor event: 0040 ilc:2 [#1]SMP [ 52.340573] Modules linked in: ctcm fsm qeth ccwgroup zfcp scsi_transport_fc qdio dasd_fba_mod dasd_eckd_mod dasd_mod xfs ghash_s390 prng des_s390 libdes sha3_512_s390 sha3_256_s390 virtio_net virtio_blk net_failover sha_common failover dm_mirror dm_region_hash dm_log dm_mod paes_s390 crypto_engine pkey_cca pkey_ep11 zcrypt pkey_pckmo pkey aes_s390 [ 52.340606] CPU: 1 UID: 0 PID: 1672 Comm: root-rep2 Kdump: loaded Not tainted 6.18.0-rc3 #1 NONE [ 52.340610] Hardware name: IBM 3931 LA1 400 (KVM/Linux) [ 52.340611] Krnl PSW : 0704c00180000000 0000015710cda7fe (__list_del_entry_valid_or_report+0xfe/0x128) [ 52.340619] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [ 52.340622] Krnl GPRS: c0000000ffffefff 0000000100000027 000000000000006d 0000000000000000 [ 52.340623] 000000d7116d35d8 000000d7116d35d0 0000000000000002 000000d7116d39b0 [ 52.340625] 000000d7116d3880 000000d7116d3910 000000d7116d3910 000000d382110008 [ 52.340626] 000003ffac1ccd08 000000d7116d39b0 0000015710cda7fa 000000d7116d37d0 [ 52.340632] Krnl Code: 0000015710cda7ee: c020003e496f larl %r2,00000157114a3acc 0000015710cda7f4: c0e5ffd5280e brasl %r14,000001571077f810 #0000015710cda7fa: af000000 mc 0,0 >0000015710cda7fe: b9040029 lgr %r2,%r9 0000015710cda802: c0e5ffe5e193 brasl %r14,0000015710996b28 0000015710cda808: e34090080004 lg %r4,8(%r9) 0000015710cda80e: b9040059 lgr %r5,%r9 0000015710cda812: b9040038 lgr %r3,%r8 [ 52.340643] Call Trace: [ 52.340645] [<0000015710cda7fe>] __list_del_entry_valid_or_report+0xfe/0x128 [ 52.340649] ([<0000015710cda7fa>] __list_del_entry_valid_or_report+0xfa/0x128) [ 52.340652] [<0000015710a30b2e>] hugetlb_vmemmap_restore_folios+0x96/0x138 [ 52.340655] [<0000015710a268ac>] update_and_free_pages_bulk+0x64/0x150 [ 52.340659] [<0000015710a26f8a>] set_max_huge_pages+0x4ca/0x6f0 [ 52.340662] [<0000015710a273ba>] hugetlb_sysctl_handler_common+0xea/0x120 [ 52.340665] [<0000015710a27484>] hugetlb_sysctl_handler+0x44/0x50 [ 52.340667] [<0000015710b53ffa>] proc_sys_call_handler+0x17a/0x280 [ 52.340672] [<0000015710a90968>] vfs_write+0x2c8/0x3a0 [ 52.340676] [<0000015710a90bd2>] ksys_write+0x72/0x100 [ 52.340679] [<00000157111483a8>] __do_syscall+0x150/0x318 [ 52.340682] [<0000015711153a5e>] system_call+0x6e/0x90 [ 52.340684] Last Breaking-Event-Address: [ 52.340684] [<000001571077f85c>] _printk+0x4c/0x58 [ 52.340690] Kernel panic - not syncing: Fatal exception: panic_on_oops This issue was introduced by commit f13b83fdd996 ("hugetlb: batch TLB flushes when freeing vmemmap"). Before that change, the HVO implementation called flush_tlb_kernel_range() each time a vmemmap PMD split and remapping was performed. The mentioned commit changed this to issue a few flush_tlb_all() calls after performing all remappings. However, on s390, flush_tlb_kernel_range() expands to __tlb_flush_kernel() while flush_tlb_all() is not implemented. As a result, we went from flushing the TLB for every remapping to no flushing at all. This commit fixes this by implementing flush_tlb_all() on s390 as an alias to __tlb_flush_global(). This should cause a flush on all TLB entries on all CPUs as expected by the flush_tlb_all() semantics. Link: https://lkml.kernel.org/r/20251028211533.47694-1-luizcap@redhat.com Fixes: f13b83fdd996 ("hugetlb: batch TLB flushes when freeing vmemmap") Signed-off-by: Luiz Capitulino <luizcap(a)redhat.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Joao Martins <joao.m.martins(a)oracle.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/include/asm/tlbflush.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/arch/s390/include/asm/tlbflush.h~s390-fix-hugetlb-vmemmap-optimization-crash +++ a/arch/s390/include/asm/tlbflush.h @@ -103,9 +103,13 @@ static inline void __tlb_flush_mm_lazy(s * flush_tlb_range functions need to do the flush. */ #define flush_tlb() do { } while (0) -#define flush_tlb_all() do { } while (0) #define flush_tlb_page(vma, addr) do { } while (0) +static inline void flush_tlb_all(void) +{ + __tlb_flush_global(); +} + static inline void flush_tlb_mm(struct mm_struct *mm) { __tlb_flush_mm_lazy(mm); _ Patches currently in -mm which might be from luizcap(a)redhat.com are

22 hours, 12 minutes

1
0
0 0

+ maple_tree-fix-tracepoint-string-pointers.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: fix tracepoint string pointers has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-fix-tracepoint-string-pointers.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Martin Kaiser <martin(a)kaiser.cx> Subject: maple_tree: fix tracepoint string pointers Date: Thu, 30 Oct 2025 16:55:05 +0100 maple_tree tracepoints contain pointers to function names. Such a pointer is saved when a tracepoint logs an event. There's no guarantee that it's still valid when the event is parsed later and the pointer is dereferenced. The kernel warns about these unsafe pointers. event 'ma_read' has unsafe pointer field 'fn' WARNING: kernel/trace/trace.c:3779 at ignore_event+0x1da/0x1e4 Mark the function names as tracepoint_string() to fix the events. Link: https://lkml.kernel.org/r/20251030155537.87972-1-martin@kaiser.cx Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Martin Kaiser <martin(a)kaiser.cx> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) --- a/lib/maple_tree.c~maple_tree-fix-tracepoint-string-pointers +++ a/lib/maple_tree.c @@ -64,6 +64,8 @@ #define CREATE_TRACE_POINTS #include <trace/events/maple_tree.h> +#define TP_FCT tracepoint_string(__func__) + /* * Kernel pointer hashing renders much of the maple tree dump useless as tagged * pointers get hashed to arbitrary values. @@ -2756,7 +2758,7 @@ static inline void mas_rebalance(struct MA_STATE(l_mas, mas->tree, mas->index, mas->last); MA_STATE(r_mas, mas->tree, mas->index, mas->last); - trace_ma_op(__func__, mas); + trace_ma_op(TP_FCT, mas); /* * Rebalancing occurs if a node is insufficient. Data is rebalanced @@ -2997,7 +2999,7 @@ static void mas_split(struct ma_state *m MA_STATE(prev_l_mas, mas->tree, mas->index, mas->last); MA_STATE(prev_r_mas, mas->tree, mas->index, mas->last); - trace_ma_op(__func__, mas); + trace_ma_op(TP_FCT, mas); mast.l = &l_mas; mast.r = &r_mas; @@ -3172,7 +3174,7 @@ static bool mas_is_span_wr(struct ma_wr_ return false; } - trace_ma_write(__func__, wr_mas->mas, wr_mas->r_max, entry); + trace_ma_write(TP_FCT, wr_mas->mas, wr_mas->r_max, entry); return true; } @@ -3416,7 +3418,7 @@ static noinline void mas_wr_spanning_sto * of data may happen. */ mas = wr_mas->mas; - trace_ma_op(__func__, mas); + trace_ma_op(TP_FCT, mas); if (unlikely(!mas->index && mas->last == ULONG_MAX)) return mas_new_root(mas, wr_mas->entry); @@ -3552,7 +3554,7 @@ done: } else { memcpy(wr_mas->node, newnode, sizeof(struct maple_node)); } - trace_ma_write(__func__, mas, 0, wr_mas->entry); + trace_ma_write(TP_FCT, mas, 0, wr_mas->entry); mas_update_gap(mas); mas->end = new_end; return; @@ -3596,7 +3598,7 @@ static inline void mas_wr_slot_store(str mas->offset++; /* Keep mas accurate. */ } - trace_ma_write(__func__, mas, 0, wr_mas->entry); + trace_ma_write(TP_FCT, mas, 0, wr_mas->entry); /* * Only update gap when the new entry is empty or there is an empty * entry in the original two ranges. @@ -3717,7 +3719,7 @@ static inline void mas_wr_append(struct mas_update_gap(mas); mas->end = new_end; - trace_ma_write(__func__, mas, new_end, wr_mas->entry); + trace_ma_write(TP_FCT, mas, new_end, wr_mas->entry); return; } @@ -3731,7 +3733,7 @@ static void mas_wr_bnode(struct ma_wr_st { struct maple_big_node b_node; - trace_ma_write(__func__, wr_mas->mas, 0, wr_mas->entry); + trace_ma_write(TP_FCT, wr_mas->mas, 0, wr_mas->entry); memset(&b_node, 0, sizeof(struct maple_big_node)); mas_store_b_node(wr_mas, &b_node, wr_mas->offset_end); mas_commit_b_node(wr_mas, &b_node); @@ -5062,7 +5064,7 @@ void *mas_store(struct ma_state *mas, vo { MA_WR_STATE(wr_mas, mas, entry); - trace_ma_write(__func__, mas, 0, entry); + trace_ma_write(TP_FCT, mas, 0, entry); #ifdef CONFIG_DEBUG_MAPLE_TREE if (MAS_WARN_ON(mas, mas->index > mas->last)) pr_err("Error %lX > %lX " PTR_FMT "\n", mas->index, mas->last, @@ -5163,7 +5165,7 @@ void mas_store_prealloc(struct ma_state } store: - trace_ma_write(__func__, mas, 0, entry); + trace_ma_write(TP_FCT, mas, 0, entry); mas_wr_store_entry(&wr_mas); MAS_WR_BUG_ON(&wr_mas, mas_is_err(mas)); mas_destroy(mas); @@ -5882,7 +5884,7 @@ void *mtree_load(struct maple_tree *mt, MA_STATE(mas, mt, index, index); void *entry; - trace_ma_read(__func__, &mas); + trace_ma_read(TP_FCT, &mas); rcu_read_lock(); retry: entry = mas_start(&mas); @@ -5925,7 +5927,7 @@ int mtree_store_range(struct maple_tree MA_STATE(mas, mt, index, last); int ret = 0; - trace_ma_write(__func__, &mas, 0, entry); + trace_ma_write(TP_FCT, &mas, 0, entry); if (WARN_ON_ONCE(xa_is_advanced(entry))) return -EINVAL; @@ -6148,7 +6150,7 @@ void *mtree_erase(struct maple_tree *mt, void *entry = NULL; MA_STATE(mas, mt, index, index); - trace_ma_op(__func__, &mas); + trace_ma_op(TP_FCT, &mas); mtree_lock(mt); entry = mas_erase(&mas); @@ -6485,7 +6487,7 @@ void *mt_find(struct maple_tree *mt, uns unsigned long copy = *index; #endif - trace_ma_read(__func__, &mas); + trace_ma_read(TP_FCT, &mas); if ((*index) > max) return NULL; _ Patches currently in -mm which might be from martin(a)kaiser.cx are maple_tree-fix-tracepoint-string-pointers.patch

22 hours, 22 minutes

1
0
0 0

[PATCH v4] mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order

by Zi Yan

folio split clears PG_has_hwpoisoned, but the flag should be preserved in after-split folios containing pages with PG_hwpoisoned flag if the folio is split to >0 order folios. Scan all pages in a to-be-split folio to determine which after-split folios need the flag. An alternatives is to change PG_has_hwpoisoned to PG_maybe_hwpoisoned to avoid the scan and set it on all after-split folios, but resulting false positive has undesirable negative impact. To remove false positive, caller of folio_test_has_hwpoisoned() and folio_contain_hwpoisoned_page() needs to do the scan. That might be causing a hassle for current and future callers and more costly than doing the scan in the split code. More details are discussed in [1]. This issue can be exposed via: 1. splitting a has_hwpoisoned folio to >0 order from debugfs interface; 2. truncating part of a has_hwpoisoned folio in truncate_inode_partial_folio(). And later accesses to a hwpoisoned page could be possible due to the missing has_hwpoisoned folio flag. This will lead to MCE errors. Link: https://lore.kernel.org/all/CAHbLzkoOZm0PXxE9qwtF4gKR=cpRXrSrJ9V9Pm2DJexs98… [1] Fixes: c010d47f107f ("mm: thp: split huge page to any lower order pages") Cc: stable(a)vger.kernel.org Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- From V3[1]: 1. Separated from the original series; 2. Added Fixes tag and cc'd stable; 3. Simplified page_range_has_hwpoisoned(); 4. Renamed check_poisoned_pages to handle_hwpoison, made it const, and shorten the statement; 5. Removed poisoned_new_folio variable and checked the condition directly. [1] https://lore.kernel.org/all/20251022033531.389351-2-ziy@nvidia.com/ mm/huge_memory.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index fc65ec3393d2..5215bb6aecfc 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3455,6 +3455,14 @@ bool can_split_folio(struct folio *folio, int caller_pins, int *pextra_pins) caller_pins; } +static bool page_range_has_hwpoisoned(struct page *page, long nr_pages) +{ + for (; nr_pages; page++, nr_pages--) + if (PageHWPoison(page)) + return true; + return false; +} + /* * It splits @folio into @new_order folios and copies the @folio metadata to * all the resulting folios. @@ -3462,17 +3470,24 @@ bool can_split_folio(struct folio *folio, int caller_pins, int *pextra_pins) static void __split_folio_to_order(struct folio *folio, int old_order, int new_order) { + /* Scan poisoned pages when split a poisoned folio to large folios */ + const bool handle_hwpoison = folio_test_has_hwpoisoned(folio) && new_order; long new_nr_pages = 1 << new_order; long nr_pages = 1 << old_order; long i; + folio_clear_has_hwpoisoned(folio); + + /* Check first new_nr_pages since the loop below skips them */ + if (handle_hwpoison && + page_range_has_hwpoisoned(folio_page(folio, 0), new_nr_pages)) + folio_set_has_hwpoisoned(folio); /* * Skip the first new_nr_pages, since the new folio from them have all * the flags from the original folio. */ for (i = new_nr_pages; i < nr_pages; i += new_nr_pages) { struct page *new_head = &folio->page + i; - /* * Careful: new_folio is not a "real" folio before we cleared PageTail. * Don't pass it around before clear_compound_head(). @@ -3514,6 +3529,10 @@ static void __split_folio_to_order(struct folio *folio, int old_order, (1L << PG_dirty) | LRU_GEN_MASK | LRU_REFS_MASK)); + if (handle_hwpoison && + page_range_has_hwpoisoned(new_head, new_nr_pages)) + folio_set_has_hwpoisoned(new_folio); + new_folio->mapping = folio->mapping; new_folio->index = folio->index + i; @@ -3600,8 +3619,6 @@ static int __split_unmapped_folio(struct folio *folio, int new_order, int start_order = uniform_split ? new_order : old_order - 1; int split_order; - folio_clear_has_hwpoisoned(folio); - /* * split to new_order one order at a time. For uniform split, * folio is split to new_order directly. -- 2.51.0

22 hours, 35 minutes

9
11
0 0

[PATCH 6.12.y] wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()

by alvalan9＠foxmail.com

From: Alexander Wetzel <Alexander(a)wetzel-home.de> [ Upstream commit 2c5dee15239f3f3e31aa5c8808f18996c039e2c1 ] Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock. Which triggers the warning below with the mesh_peer_connected_dfs test from hostapd and not (yet) released mac80211 code changes: WARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165 Modules linked in: CPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf Workqueue: cfg80211 cfg80211_propagate_cac_done_wk Stack: 00000000 00000001 ffffff00 6093267c 00000000 6002ec30 6d577c50 60037608 00000000 67e8d108 6063717b 00000000 Call Trace: [<6002ec30>] ? _printk+0x0/0x98 [<6003c2b3>] show_stack+0x10e/0x11a [<6002ec30>] ? _printk+0x0/0x98 [<60037608>] dump_stack_lvl+0x71/0xb8 [<6063717b>] ? wdev_chandef+0x60/0x165 [<6003766d>] dump_stack+0x1e/0x20 [<6005d1b7>] __warn+0x101/0x20f [<6005d3a8>] warn_slowpath_fmt+0xe3/0x15d [<600b0c5c>] ? mark_lock.part.0+0x0/0x4ec [<60751191>] ? __this_cpu_preempt_check+0x0/0x16 [<600b11a2>] ? mark_held_locks+0x5a/0x6e [<6005d2c5>] ? warn_slowpath_fmt+0x0/0x15d [<60052e53>] ? unblock_signals+0x3a/0xe7 [<60052f2d>] ? um_set_signals+0x2d/0x43 [<60751191>] ? __this_cpu_preempt_check+0x0/0x16 [<607508b2>] ? lock_is_held_type+0x207/0x21f [<6063717b>] wdev_chandef+0x60/0x165 [<605f89b4>] regulatory_propagate_dfs_state+0x247/0x43f [<60052f00>] ? um_set_signals+0x0/0x43 [<605e6bfd>] cfg80211_propagate_cac_done_wk+0x3a/0x4a [<6007e460>] process_scheduled_works+0x3bc/0x60e [<6007d0ec>] ? move_linked_works+0x4d/0x81 [<6007d120>] ? assign_work+0x0/0xaa [<6007f81f>] worker_thread+0x220/0x2dc [<600786ef>] ? set_pf_worker+0x0/0x57 [<60087c96>] ? to_kthread+0x0/0x43 [<6008ab3c>] kthread+0x2d3/0x2e2 [<6007f5ff>] ? worker_thread+0x0/0x2dc [<6006c05b>] ? calculate_sigpending+0x0/0x56 [<6003b37d>] new_thread_handler+0x4a/0x64 irq event stamp: 614611 hardirqs last enabled at (614621): [<00000000600bc96b>] __up_console_sem+0x82/0xaf hardirqs last disabled at (614630): [<00000000600bc92c>] __up_console_sem+0x43/0xaf softirqs last enabled at (614268): [<00000000606c55c6>] __ieee80211_wake_queue+0x933/0x985 softirqs last disabled at (614266): [<00000000606c52d6>] __ieee80211_wake_queue+0x643/0x985 Fixes: 26ec17a1dc5e ("cfg80211: Fix radar event during another phy CAC") Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de> Link: https://patch.msgid.link/20250717162547.94582-1-Alexander@wetzel-home.de Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [ The author recommends that when porting to older kernels, we should use wiphy_lock() and wiphy_unlock() instead of guard(). This tip is mentioned in the link: https://patch.msgid.link/20250717162547.94582-1-Alexander@wetzel-home.de. ] Signed-off-by: Alva Lan <alvalan9(a)foxmail.com> --- net/wireless/reg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/wireless/reg.c b/net/wireless/reg.c index f6846eb0f4b8..9f8428dc418a 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c @@ -4234,6 +4234,8 @@ static void cfg80211_check_and_end_cac(struct cfg80211_registered_device *rdev) struct wireless_dev *wdev; unsigned int link_id; + wiphy_lock(&rdev->wiphy); + /* If we finished CAC or received radar, we should end any * CAC running on the same channels. * the check !cfg80211_chandef_dfs_usable contain 2 options: @@ -4258,6 +4260,8 @@ static void cfg80211_check_and_end_cac(struct cfg80211_registered_device *rdev) rdev_end_cac(rdev, wdev->netdev, link_id); } } + + wiphy_unlock(&rdev->wiphy); } void regulatory_propagate_dfs_state(struct wiphy *wiphy, -- 2.43.0

23 hours, 5 minutes

1
0
0 0

[tip: x86/urgent] x86/CPU/AMD: Add RDSEED fix for Zen5

by tip-bot2 for Gregory Price

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 607b9fb2ce248cc5b633c5949e0153838992c152 Gitweb: https://git.kernel.org/tip/607b9fb2ce248cc5b633c5949e0153838992c152 Author: Gregory Price <gourry(a)gourry.net> AuthorDate: Mon, 20 Oct 2025 11:13:55 +02:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Tue, 28 Oct 2025 12:37:49 +01:00 x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly signaling success (CF=1)". Search the web for AMD-SB-7055 for more detail. Add a fix glue which checks microcode revisions. [ bp: Add microcode revisions checking, rewrite. ] Cc: stable(a)vger.kernel.org Signed-off-by: Gregory Price <gourry(a)gourry.net> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Link: https://lore.kernel.org/r/20251018024010.4112396-1-gourry@gourry.net --- arch/x86/kernel/cpu/amd.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index ccaa51c..bc29be6 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1035,8 +1035,18 @@ static void init_amd_zen4(struct cpuinfo_x86 *c) } } +static const struct x86_cpu_id zen5_rdseed_microcode[] = { + ZEN_MODEL_STEP_UCODE(0x1a, 0x02, 0x1, 0x0b00215a), + ZEN_MODEL_STEP_UCODE(0x1a, 0x11, 0x0, 0x0b101054), +}; + static void init_amd_zen5(struct cpuinfo_x86 *c) { + if (!x86_match_min_microcode_rev(zen5_rdseed_microcode)) { + clear_cpu_cap(c, X86_FEATURE_RDSEED); + msr_clear_bit(MSR_AMD64_CPUID_FN_7, 18); + pr_emerg_once("RDSEED32 is broken. Disabling the corresponding CPUID bit.\n"); + } } static void init_amd(struct cpuinfo_x86 *c)

1 day, 3 hours

2
2
0 0

[PATCH 1/2] usb: storage: Fix memory leak in USB bulk transport

by Desnes Nunes

A kernel memory leak was identified by the 'ioctl_sg01' test from Linux Test Project (LTP). The following bytes were maily observed: 0x53425355. When USB storage devices incorrectly skip the data phase with status data, the code extracts/validates the CSW from the sg buffer, but fails to clear it afterwards. This leaves status protocol data in srb's transfer buffer, such as the US_BULK_CS_SIGN 'USBS' signature observed here. Thus, this leads to USB protocols leaks to user space through SCSI generic (/dev/sg*) interfaces, such as the one seen here when the LTP test requested 512 KiB. Fix the leak by zeroing the CSW data in srb's transfer buffer immediately after the validation of devices that skip data phase. Note: Differently from CVE-2018-1000204, which fixed a big leak by zero- ing pages at allocation time, this leak occurs after allocation, when USB protocol data is written to already-allocated sg pages. Fixes: a45b599ad808 ("scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()") Cc: stable(a)vger.kernel.org Signed-off-by: Desnes Nunes <desnesn(a)redhat.com> --- drivers/usb/storage/transport.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/usb/storage/transport.c b/drivers/usb/storage/transport.c index 1aa1bd26c81f..8e9f6459e197 100644 --- a/drivers/usb/storage/transport.c +++ b/drivers/usb/storage/transport.c @@ -1200,7 +1200,17 @@ int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us) US_BULK_CS_WRAP_LEN && bcs->Signature == cpu_to_le32(US_BULK_CS_SIGN)) { + unsigned char buf[US_BULK_CS_WRAP_LEN]; + + sg = NULL; + offset = 0; + memset(buf, 0, US_BULK_CS_WRAP_LEN); usb_stor_dbg(us, "Device skipped data phase\n"); + + if (usb_stor_access_xfer_buf(buf, US_BULK_CS_WRAP_LEN, srb, + &sg, &offset, TO_XFER_BUF) != US_BULK_CS_WRAP_LEN) + usb_stor_dbg(us, "Failed to clear CSW data\n"); + scsi_set_resid(srb, transfer_length); goto skipped_data_phase; } -- 2.51.0

1 day, 3 hours

2
5
0 0

[PATCH 5.10] clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

by Vasiliy Kovalev

From: Al Viro <viro(a)zeniv.linux.org.uk> commit c28f922c9dcee0e4876a2c095939d77fe7e15116 upstream. What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above. Reviewed-by: Christian Brauner <brauner(a)kernel.org> Reported-by: "Orlando, Noah" <Noah.Orlando(a)deshaw.com> Fixes: 427215d85e8d ("ovl: prevent private clone if bind mount is not allowed") Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> [ merge conflict resolution: clone_private_mount() was reworked in db04662e2f4f ("fs: allow detached mounts in clone_private_mount()"). Tweak the relevant ns_capable check so that it works on older kernels ] Signed-off-by: Noah Orlando <Noah.Orlando(a)deshaw.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> (cherry picked from commit 36fecd740de2d542d2091d65d36554ee2bcf9c65) [ kovalev: bp to fix CVE-2025-38499 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- fs/namespace.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/namespace.c b/fs/namespace.c index e9b8d516f191..b6d9250e1b38 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1965,6 +1965,11 @@ struct vfsmount *clone_private_mount(const struct path *path) if (!check_mnt(old_mnt)) goto invalid; + if (!ns_capable(old_mnt->mnt_ns->user_ns, CAP_SYS_ADMIN)) { + up_read(&namespace_sem); + return ERR_PTR(-EPERM); + } + if (has_locked_children(old_mnt, path->dentry)) goto invalid; -- 2.50.1

1 day, 5 hours

1
0
0 0

[PATCH 5.10] seg6: Fix validation of nexthop addresses

by Vasiliy Kovalev

From: Ido Schimmel <idosch(a)nvidia.com> commit 7632fedb266d93ed0ed9f487133e6c6314a9b2d1 upstream. The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space provided a shorter length than the specified one. Fix by validating that the provided length exactly matches the specified one. Fixes: d1df6fd8a1d2 ("ipv6: sr: define core operations for seg6local lightweight tunnel") Reviewed-by: Petr Machata <petrm(a)nvidia.com> Signed-off-by: Ido Schimmel <idosch(a)nvidia.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Link: https://patch.msgid.link/20250604113252.371528-1-idosch@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ kovalev: bp to fix CVE-2025-38310 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/ipv6/seg6_local.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index de0b20cd09f0..26e7498206d8 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -648,10 +648,8 @@ static const struct nla_policy seg6_local_policy[SEG6_LOCAL_MAX + 1] = { [SEG6_LOCAL_ACTION] = { .type = NLA_U32 }, [SEG6_LOCAL_SRH] = { .type = NLA_BINARY }, [SEG6_LOCAL_TABLE] = { .type = NLA_U32 }, - [SEG6_LOCAL_NH4] = { .type = NLA_BINARY, - .len = sizeof(struct in_addr) }, - [SEG6_LOCAL_NH6] = { .type = NLA_BINARY, - .len = sizeof(struct in6_addr) }, + [SEG6_LOCAL_NH4] = NLA_POLICY_EXACT_LEN(sizeof(struct in_addr)), + [SEG6_LOCAL_NH6] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)), [SEG6_LOCAL_IIF] = { .type = NLA_U32 }, [SEG6_LOCAL_OIF] = { .type = NLA_U32 }, [SEG6_LOCAL_BPF] = { .type = NLA_NESTED }, -- 2.50.1

1 day, 5 hours

1
0
0 0

[PATCH 5.10/5.15] wifi: mac80211: reject TDLS operations when station is not associated

by Vasiliy Kovalev

From: Moon Hee Lee <moonhee.lee.ca(a)gmail.com> commit 16ecdab5446f15a61ec88eb0d23d25d009821db0 upstream. syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not associated. Reported-by: syzbot+f73f203f8c9b19037380(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=f73f203f8c9b19037380 Fixes: 81dd2b882241 ("mac80211: move TDLS data to mgd private part") Tested-by: syzbot+f73f203f8c9b19037380(a)syzkaller.appspotmail.com Signed-off-by: Moon Hee Lee <moonhee.lee.ca(a)gmail.com> Link: https://patch.msgid.link/20250715230904.661092-2-moonhee.lee.ca@gmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [ kovalev: bp to fix CVE-2025-38644; adapted check from !sdata->vif.cfg.assoc to !sdata->vif.bss_conf.assoc due to the older kernel not having the mac80211 configuration refactoring (see upstream commit f276e20b182d) ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/mac80211/tdls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c index 137be9ec94af..69a67fcf1112 100644 --- a/net/mac80211/tdls.c +++ b/net/mac80211/tdls.c @@ -1349,7 +1349,7 @@ int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev, if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)) return -ENOTSUPP; - if (sdata->vif.type != NL80211_IFTYPE_STATION) + if (sdata->vif.type != NL80211_IFTYPE_STATION || !sdata->vif.bss_conf.assoc) return -EINVAL; switch (oper) { -- 2.50.1

1 day, 5 hours

1
0
0 0

[PATCH 5.10/5.15/6.1/6.6] vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects

by Vasiliy Kovalev

From: Ido Schimmel <idosch(a)nvidia.com> commit 1f5d2fd1ca04a23c18b1bde9a43ce2fa2ffa1bce upstream. When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of the remote host. That is, if a matching and valid neighbor entry is configured on the VXLAN device whose MAC address is not behind the "any" remote (0.0.0.0 / ::). The code currently assumes that the FDB entry for the neighbor's MAC address points to a valid remote destination, but this is incorrect if the entry is associated with an FDB nexthop group. This can result in a NPD [1][3] which can be reproduced using [2][4]. Fix by checking that the remote destination exists before dereferencing it. [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] CPU: 4 UID: 0 PID: 365 Comm: arping Not tainted 6.17.0-rc2-virtme-g2a89cb21162c #2 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014 RIP: 0010:vxlan_xmit+0xb58/0x15f0 [...] Call Trace: <TASK> dev_hard_start_xmit+0x5d/0x1c0 __dev_queue_xmit+0x246/0xfd0 packet_sendmsg+0x113a/0x1850 __sock_sendmsg+0x38/0x70 __sys_sendto+0x126/0x180 __x64_sys_sendto+0x24/0x30 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x4b/0x53 [2] #!/bin/bash ip address add 192.0.2.1/32 dev lo ip nexthop add id 1 via 192.0.2.2 fdb ip nexthop add id 10 group 1 fdb ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 4789 proxy ip neigh add 192.0.2.3 lladdr 00:11:22:33:44:55 nud perm dev vx0 bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10 arping -b -c 1 -s 192.0.2.1 -I vx0 192.0.2.3 [3] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] CPU: 13 UID: 0 PID: 372 Comm: ndisc6 Not tainted 6.17.0-rc2-virtmne-g6ee90cb26014 #3 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1v996), BIOS 1.17.0-4.fc41 04/01/2x014 RIP: 0010:vxlan_xmit+0x803/0x1600 [...] Call Trace: <TASK> dev_hard_start_xmit+0x5d/0x1c0 __dev_queue_xmit+0x246/0xfd0 ip6_finish_output2+0x210/0x6c0 ip6_finish_output+0x1af/0x2b0 ip6_mr_output+0x92/0x3e0 ip6_send_skb+0x30/0x90 rawv6_sendmsg+0xe6e/0x12e0 __sock_sendmsg+0x38/0x70 __sys_sendto+0x126/0x180 __x64_sys_sendto+0x24/0x30 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f383422ec77 [4] #!/bin/bash ip address add 2001:db8:1::1/128 dev lo ip nexthop add id 1 via 2001:db8:1::1 fdb ip nexthop add id 10 group 1 fdb ip link add name vx0 up type vxlan id 10010 local 2001:db8:1::1 dstport 4789 proxy ip neigh add 2001:db8:1::3 lladdr 00:11:22:33:44:55 nud perm dev vx0 bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10 ndisc6 -r 1 -s 2001:db8:1::1 -w 1 2001:db8:1::3 vx0 Fixes: 1274e1cc4226 ("vxlan: ecmp support for mac fdb entries") Reviewed-by: Petr Machata <petrm(a)nvidia.com> Signed-off-by: Ido Schimmel <idosch(a)nvidia.com> Reviewed-by: Nikolay Aleksandrov <razor(a)blackwall.org> Link: https://patch.msgid.link/20250901065035.159644-3-idosch@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ kovalev: bp to fix CVE-2025-39850 ] Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/net/vxlan/vxlan_core.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c index 1b6b6acd3489..57606891e413 100644 --- a/drivers/net/vxlan/vxlan_core.c +++ b/drivers/net/vxlan/vxlan_core.c @@ -1883,6 +1883,7 @@ static int arp_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni) n = neigh_lookup(&arp_tbl, &tip, dev); if (n) { + struct vxlan_rdst *rdst = NULL; struct vxlan_fdb *f; struct sk_buff *reply; @@ -1892,7 +1893,9 @@ static int arp_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni) } f = vxlan_find_mac(vxlan, n->ha, vni); - if (f && vxlan_addr_any(&(first_remote_rcu(f)->remote_ip))) { + if (f) + rdst = first_remote_rcu(f); + if (rdst && vxlan_addr_any(&rdst->remote_ip)) { /* bridge-local neighbor */ neigh_release(n); goto out; @@ -2047,6 +2050,7 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni) n = neigh_lookup(ipv6_stub->nd_tbl, &msg->target, dev); if (n) { + struct vxlan_rdst *rdst = NULL; struct vxlan_fdb *f; struct sk_buff *reply; @@ -2056,7 +2060,9 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni) } f = vxlan_find_mac(vxlan, n->ha, vni); - if (f && vxlan_addr_any(&(first_remote_rcu(f)->remote_ip))) { + if (f) + rdst = first_remote_rcu(f); + if (rdst && vxlan_addr_any(&rdst->remote_ip)) { /* bridge-local neighbor */ neigh_release(n); goto out; -- 2.50.1

1 day, 5 hours

1
0
0 0

[PATCH 5.15 000/123] 5.15.196-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.196 release. There are 123 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.196-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.196-rc1 Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't fail in riscv_of_parent_hartid() for disabled HARTs Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Marek Vasut <marek.vasut+renesas(a)gmail.com> PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Amir Goldstein <amir73il(a)gmail.com> fuse: allocate ff->release_args only if release is needed Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Sunil V L <sunilvl(a)ventanamicro.com> riscv: cpu: Add 64bit hartid support on RV64 Tsukasa OI <research_trasio(a)irq.a4lg.com> RISC-V: Minimal parser for "riscv, isa" strings Tsukasa OI <research_trasio(a)irq.a4lg.com> RISC-V: Correctly print supported extensions Rob Herring <robh(a)kernel.org> riscv: Use of_get_cpu_hwid() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Niko Mauno <niko.mauno(a)vaisala.com> Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads (part 2) Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Jakub Kicinski <kuba(a)kernel.org> net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sascha Hauer <s.hauer(a)pengutronix.de> net: tls: wait for async completion on last message David Howells <dhowells(a)redhat.com> splice, net: Add a splice_eof op to file-ops and socket-ops Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/m68k/include/asm/bitops.h | 25 ++-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 +++ arch/riscv/include/asm/processor.h | 4 +- arch/riscv/kernel/cpu.c | 28 +++-- arch/riscv/kernel/cpufeature.c | 84 ++++++++++--- arch/riscv/kernel/probes/kprobes.c | 13 +- arch/riscv/kernel/smpboot.c | 9 +- block/blk-crypto-fallback.c | 3 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/power/runtime.c | 44 +++++++ drivers/clocksource/timer-riscv.c | 15 +-- drivers/comedi/comedi_buf.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 14 ++- drivers/cpuidle/governors/menu.c | 21 ++-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 +++++---------- drivers/hid/hid-multitouch.c | 27 ++-- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/irqchip/irq-riscv-intc.c | 7 +- drivers/irqchip/irq-sifive-plic.c | 7 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 ++---- drivers/media/rc/lirc_dev.c | 15 +-- drivers/media/rc/rc-main.c | 6 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 +++--- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 8 ++ drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/lan78xx.c | 42 +++++-- drivers/net/usb/r8152.c | 9 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/rtl8150.c | 13 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 +++ drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-tegra194.c | 28 ++++- drivers/pci/controller/pcie-rcar-host.c | 83 +++++++------ drivers/pci/pci-sysfs.c | 10 +- drivers/s390/cio/device.c | 37 ++++-- drivers/tty/serial/8250/8250_exar.c | 11 ++ drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/function/f_acm.c | 42 +++---- drivers/usb/gadget/function/f_ncm.c | 78 +++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/gadget/udc/core.c | 3 + drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/serial/option.c | 10 ++ fs/btrfs/relocation.c | 13 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/ext4/inode.c | 8 ++ fs/f2fs/data.c | 2 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 75 ++++++----- fs/fuse/fuse_i.h | 2 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ------ fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++++ fs/hfsplus/super.c | 25 +++- fs/hfsplus/unicode.c | 24 ++++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 ++ fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 34 +++-- fs/nfsd/nfs4xdr.c | 14 +-- fs/nfsd/xdr4.h | 36 +++++- fs/ocfs2/move_extents.c | 5 + fs/splice.c | 31 ++++- fs/xfs/libxfs/xfs_log_format.h | 30 ++++- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++-- fs/xfs/xfs_ondisk.h | 2 + fs/xfs/xfs_super.c | 33 +++-- include/linux/cpufreq.h | 3 + include/linux/fs.h | 1 + include/linux/net.h | 1 + include/linux/netdevice.h | 9 ++ include/linux/pm_runtime.h | 4 + include/linux/splice.h | 1 + include/linux/usb/gadget.h | 25 ++++ include/net/ip_tunnels.h | 15 +++ include/net/rtnetlink.h | 9 +- include/net/sock.h | 1 + include/uapi/linux/netlink.h | 1 + kernel/padata.c | 6 +- kernel/sched/fair.c | 38 +++--- net/core/rtnetlink.c | 81 ++++++++---- net/ipv4/ip_tunnel.c | 14 --- net/ipv4/tcp_output.c | 19 ++- net/ipv6/ip6_tunnel.c | 3 +- net/sctp/inqueue.c | 13 +- net/socket.c | 10 ++ net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 22 +++- net/vmw_vsock/af_vsock.c | 38 +++--- sound/firewire/amdtp-stream.h | 2 +- sound/usb/card.c | 10 +- tools/perf/tests/perf-record.c | 4 - 135 files changed, 1413 insertions(+), 774 deletions(-)

1 day, 6 hours

8
133
0 0

[PATCH] bna: prevent bad user input in bnad_debugfs_write_regrd()

by Miaoqian Lin

A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()") and commit 7ef4c19d245f ("smackfs: restrict bytes count in smackfs write functions") Found via static analysis and code review. Fixes: d0e6a8064c42 ("bna: use memdup_user to copy userspace buffers") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/brocade/bna/bnad_debugfs.c b/drivers/net/ethernet/brocade/bna/bnad_debugfs.c index 8f0972e6737c..ad33ab1d266d 100644 --- a/drivers/net/ethernet/brocade/bna/bnad_debugfs.c +++ b/drivers/net/ethernet/brocade/bna/bnad_debugfs.c @@ -311,6 +311,9 @@ bnad_debugfs_write_regrd(struct file *file, const char __user *buf, unsigned long flags; void *kern_buf; + if (nbytes == 0 || nbytes > PAGE_SIZE) + return -EINVAL; + /* Copy the user space buf */ kern_buf = memdup_user_nul(buf, nbytes); if (IS_ERR(kern_buf)) -- 2.39.5 (Apple Git-154)

1 day, 7 hours

2
1
0 0

[PATCH] drm/imx/tve: fix probe device leak

by Johan Hovold

Make sure to drop the reference taken to the DDC device during probe on probe failure (e.g. probe deferral) and on driver unbind. Fixes: fcbc51e54d2a ("staging: drm/imx: Add support for Television Encoder (TVEv2)") Cc: stable(a)vger.kernel.org # 3.10 Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/imx/ipuv3/imx-tve.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/gpu/drm/imx/ipuv3/imx-tve.c b/drivers/gpu/drm/imx/ipuv3/imx-tve.c index c5629e155d25..895413d26113 100644 --- a/drivers/gpu/drm/imx/ipuv3/imx-tve.c +++ b/drivers/gpu/drm/imx/ipuv3/imx-tve.c @@ -525,6 +525,13 @@ static const struct component_ops imx_tve_ops = { .bind = imx_tve_bind, }; +static void imx_tve_put_device(void *_dev) +{ + struct device *dev = _dev; + + put_device(dev); +} + static int imx_tve_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; @@ -546,6 +553,11 @@ static int imx_tve_probe(struct platform_device *pdev) if (ddc_node) { tve->ddc = of_find_i2c_adapter_by_node(ddc_node); of_node_put(ddc_node); + + ret = devm_add_action_or_reset(dev, imx_tve_put_device, + &tve->ddc->dev); + if (ret) + return ret; } tve->mode = of_get_tve_mode(np); -- 2.49.1

1 day, 8 hours

3
4
0 0

[PATCH v2] drm/imx/tve: fix probe device leak

by Johan Hovold

Make sure to drop the reference taken to the DDC device during probe on probe failure (e.g. probe deferral) and on driver unbind. Fixes: fcbc51e54d2a ("staging: drm/imx: Add support for Television Encoder (TVEv2)") Cc: stable(a)vger.kernel.org # 3.10 Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- Changes in v2: - add missing NULL ddc check drivers/gpu/drm/imx/ipuv3/imx-tve.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/gpu/drm/imx/ipuv3/imx-tve.c b/drivers/gpu/drm/imx/ipuv3/imx-tve.c index fd1e617e171e..68bbbdbd347b 100644 --- a/drivers/gpu/drm/imx/ipuv3/imx-tve.c +++ b/drivers/gpu/drm/imx/ipuv3/imx-tve.c @@ -525,6 +525,13 @@ static const struct component_ops imx_tve_ops = { .bind = imx_tve_bind, }; +static void imx_tve_put_device(void *_dev) +{ + struct device *dev = _dev; + + put_device(dev); +} + static int imx_tve_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; @@ -546,6 +553,12 @@ static int imx_tve_probe(struct platform_device *pdev) if (ddc_node) { tve->ddc = of_find_i2c_adapter_by_node(ddc_node); of_node_put(ddc_node); + if (tve->ddc) { + ret = devm_add_action_or_reset(dev, imx_tve_put_device, + &tve->ddc->dev); + if (ret) + return ret; + } } tve->mode = of_get_tve_mode(np); -- 2.51.0

1 day, 8 hours

1
0
0 0

[PATCH 0/4] Backport CVE fixes to 6.12.y

by Amelia Crate

These patches backport the following upstream commits fixing CVEs to the Linux 6.12.y stable tree. CVE-2025-21833 -> 60f030f7418d ("iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE") CVE-2025-37803 -> 021ba7f1babd ("udmabuf: fix a buf size overflow issue during udmabuf creation") CVE-2024-57995 -> 5a10971c7645 ("wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()") CVE-2025-37860 -> 8241ecec1cdc6 ("sfc: fix NULL dereferences in ef100_process_design_param()") The following upstream commit applies cleanly to v6.12.y, please pick it up. CVE-2024-58097 -> 16c6c35c03ea ("wifi: ath11k: fix RCU stall while reaping monitor destination ring")

1 day, 8 hours

2
10
0 0

[PATCH v3] w1: therm: Fix off-by-one buffer overflow in alarms_store

by Thorsten Blum

The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'. Fix this by parsing the 'buf' parameter directly using simple_strtol() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code. Cc: stable(a)vger.kernel.org Fixes: e2c94d6f5720 ("w1_therm: adding alarm sysfs entry") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- Compile-tested only. Changes in v3: - Add integer range check for 'temp' to match kstrtoint() behavior - Explicitly cast 'temp' to int when calling int_to_short() - Link to v2: https://lore.kernel.org/lkml/20251029130045.70127-2-thorsten.blum@linux.dev/ Changes in v2: - Fix buffer overflow instead of truncating the copy using strscpy() - Parse buffer directly using simple_strtol() as suggested by David - Update patch subject and description - Link to v1: https://lore.kernel.org/lkml/20251017170047.114224-2-thorsten.blum@linux.de… --- drivers/w1/slaves/w1_therm.c | 102 ++++++++++++----------------------- 1 file changed, 35 insertions(+), 67 deletions(-) diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c index 9ccedb3264fb..1dad9fa1ec4a 100644 --- a/drivers/w1/slaves/w1_therm.c +++ b/drivers/w1/slaves/w1_therm.c @@ -1836,59 +1836,32 @@ static ssize_t alarms_store(struct device *device, struct w1_slave *sl = dev_to_w1_slave(device); struct therm_info info; u8 new_config_register[3]; /* array of data to be written */ - int temp, ret; - char *token = NULL; + long temp; + int ret; s8 tl, th; /* 1 byte per value + temp ring order */ - char *p_args, *orig; + const char *p = buf; + char *endp; - p_args = orig = kmalloc(size, GFP_KERNEL); - /* Safe string copys as buf is const */ - if (!p_args) { - dev_warn(device, - "%s: error unable to allocate memory %d\n", - __func__, -ENOMEM); - return size; + temp = simple_strtol(p, &endp, 10); + if (temp < INT_MIN || temp > INT_MAX || p == endp || *endp != ' ') { + dev_info(device, "%s: error parsing args %d\n", + __func__, -EINVAL); + goto err; } - strcpy(p_args, buf); - - /* Split string using space char */ - token = strsep(&p_args, " "); + /* Cast to short to eliminate out of range values */ + tl = int_to_short((int)temp); - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - - /* Convert 1st entry to int */ - ret = kstrtoint (token, 10, &temp); - if (ret) { - dev_info(device, - "%s: error parsing args %d\n", __func__, ret); - goto free_m; - } - - tl = int_to_short(temp); - - /* Split string using space char */ - token = strsep(&p_args, " "); - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - /* Convert 2nd entry to int */ - ret = kstrtoint (token, 10, &temp); - if (ret) { - dev_info(device, - "%s: error parsing args %d\n", __func__, ret); - goto free_m; + p = endp + 1; + temp = simple_strtol(p, &endp, 10); + if (temp < INT_MIN || temp > INT_MAX || p == endp) { + dev_info(device, "%s: error parsing args %d\n", + __func__, -EINVAL); + goto err; } + /* Cast to short to eliminate out of range values */ + th = int_to_short((int)temp); - /* Prepare to cast to short by eliminating out of range values */ - th = int_to_short(temp); - - /* Reorder if required th and tl */ + /* Reorder if required */ if (tl > th) swap(tl, th); @@ -1897,35 +1870,30 @@ static ssize_t alarms_store(struct device *device, * (th : byte 2 - tl: byte 3) */ ret = read_scratchpad(sl, &info); - if (!ret) { - new_config_register[0] = th; /* Byte 2 */ - new_config_register[1] = tl; /* Byte 3 */ - new_config_register[2] = info.rom[4];/* Byte 4 */ - } else { - dev_info(device, - "%s: error reading from the slave device %d\n", - __func__, ret); - goto free_m; + if (ret) { + dev_info(device, "%s: error reading from the slave device %d\n", + __func__, ret); + goto err; } + new_config_register[0] = th; /* Byte 2 */ + new_config_register[1] = tl; /* Byte 3 */ + new_config_register[2] = info.rom[4]; /* Byte 4 */ /* Write data in the device RAM */ if (!SLAVE_SPECIFIC_FUNC(sl)) { - dev_info(device, - "%s: Device not supported by the driver %d\n", - __func__, -ENODEV); - goto free_m; + dev_info(device, "%s: Device not supported by the driver %d\n", + __func__, -ENODEV); + goto err; } ret = SLAVE_SPECIFIC_FUNC(sl)->write_data(sl, new_config_register); - if (ret) - dev_info(device, - "%s: error writing to the slave device %d\n", + if (ret) { + dev_info(device, "%s: error writing to the slave device %d\n", __func__, ret); + goto err; + } -free_m: - /* free allocated memory */ - kfree(orig); - +err: return size; } -- 2.51.0

1 day, 8 hours

1
0
0 0

[PATCH] powerpc/fsl_uli1575: fix device_node reference leak in uli_init()

by Miaoqian Lin

The of_get_parent() function increments the reference count of the returned parent node, and of_node_put() is required to release the reference when it is no longer needed. The uli_init() function has a device_node reference leak. The issue occurs in two scenarios: 1. When the function finds a matching device, it breaks out of the loop, the reference held by 'node' is not released. 2. When the loop terminates normally (of_get_parent returns NULL), the final parent node reference is not released. Fix this by adding of_node_put(node). Fixes: 91a6f347921e ("powerpc/mpc85xx_ds: convert to unified PCI init") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/powerpc/platforms/fsl_uli1575.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/fsl_uli1575.c b/arch/powerpc/platforms/fsl_uli1575.c index b8d37a9932f1..36624c88d5f3 100644 --- a/arch/powerpc/platforms/fsl_uli1575.c +++ b/arch/powerpc/platforms/fsl_uli1575.c @@ -376,4 +376,5 @@ void __init uli_init(void) break; } } + of_node_put(node); } -- 2.39.5 (Apple Git-154)

1 day, 9 hours

1
0
0 0

[PATCH v2 01/11] powerpc/64s/slb: Fix SLB multihit issue during SLB preload

by Ritesh Harjani (IBM)

From: Donet Tom <donettom(a)linux.ibm.com> On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to periodic eviction — typically after every 256 context switches — to remove old entry. To optimize performance, the kernel skips switch_mmu_context() in switch_mm_irqs_off() when the prev and next mm_struct are the same. However, on hash MMU systems, this can lead to inconsistencies between the hardware SLB and the software preload cache. If an SLB entry for a process is evicted from the software cache on one CPU, and the same process later runs on another CPU without executing switch_mmu_context(), the hardware SLB may retain stale entries. If the kernel then attempts to reload that entry, it can trigger an SLB multi-hit error. The following timeline shows how stale SLB entries are created and can cause a multi-hit error when a process moves between CPUs without a MMU context switch. CPU 0 CPU 1 ----- ----- Process P exec swapper/1 load_elf_binary begin_new_exc activate_mm switch_mm_irqs_off switch_mmu_context switch_slb /* * This invalidates all * the entries in the HW * and setup the new HW * SLB entries as per the * preload cache. */ context_switch sched_migrate_task migrates process P to cpu-1 Process swapper/0 context switch (to process P) (uses mm_struct of Process P) switch_mm_irqs_off() switch_slb load_slb++ /* * load_slb becomes 0 here * and we evict an entry from * the preload cache with * preload_age(). We still * keep HW SLB and preload * cache in sync, that is * because all HW SLB entries * anyways gets evicted in * switch_slb during SLBIA. * We then only add those * entries back in HW SLB, * which are currently * present in preload_cache * (after eviction). */ load_elf_binary continues... setup_new_exec() slb_setup_new_exec() sched_switch event sched_migrate_task migrates process P to cpu-0 context_switch from swapper/0 to Process P switch_mm_irqs_off() /* * Since both prev and next mm struct are same we don't call * switch_mmu_context(). This will cause the HW SLB and SW preload * cache to go out of sync in preload_new_slb_context. Because there * was an SLB entry which was evicted from both HW and preload cache * on cpu-1. Now later in preload_new_slb_context(), when we will try * to add the same preload entry again, we will add this to the SW * preload cache and then will add it to the HW SLB. Since on cpu-0 * this entry was never invalidated, hence adding this entry to the HW * SLB will cause a SLB multi-hit error. */ load_elf_binary continues... START_THREAD start_thread preload_new_slb_context /* * This tries to add a new EA to preload cache which was earlier * evicted from both cpu-1 HW SLB and preload cache. This caused the * HW SLB of cpu-0 to go out of sync with the SW preload cache. The * reason for this was, that when we context switched back on CPU-0, * we should have ideally called switch_mmu_context() which will * bring the HW SLB entries on CPU-0 in sync with SW preload cache * entries by setting up the mmu context properly. But we didn't do * that since the prev mm_struct running on cpu-0 was same as the * next mm_struct (which is true for swapper / kernel threads). So * now when we try to add this new entry into the HW SLB of cpu-0, * we hit a SLB multi-hit error. */ WARNING: CPU: 0 PID: 1810970 at arch/powerpc/mm/book3s64/slb.c:62 assert_slb_presence+0x2c/0x50(48 results) 02:47:29 [20157/42149] Modules linked in: CPU: 0 UID: 0 PID: 1810970 Comm: dd Not tainted 6.16.0-rc3-dirty #12 VOLUNTARY Hardware name: IBM pSeries (emulated by qemu) POWER8 (architected) 0x4d0200 0xf000004 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c00000000015426c LR: c0000000001543b4 CTR: 0000000000000000 REGS: c0000000497c77e0 TRAP: 0700 Not tainted (6.16.0-rc3-dirty) MSR: 8000000002823033 <SF,VEC,VSX,FP,ME,IR,DR,RI,LE> CR: 28888482 XER: 00000000 CFAR: c0000000001543b0 IRQMASK: 3 <...> NIP [c00000000015426c] assert_slb_presence+0x2c/0x50 LR [c0000000001543b4] slb_insert_entry+0x124/0x390 Call Trace: 0x7fffceb5ffff (unreliable) preload_new_slb_context+0x100/0x1a0 start_thread+0x26c/0x420 load_elf_binary+0x1b04/0x1c40 bprm_execve+0x358/0x680 do_execveat_common+0x1f8/0x240 sys_execve+0x58/0x70 system_call_exception+0x114/0x300 system_call_common+0x160/0x2c4 >From the above analysis, during early exec the hardware SLB is cleared, and entries from the software preload cache are reloaded into hardware by switch_slb. However, preload_new_slb_context and slb_setup_new_exec also attempt to load some of the same entries, which can trigger a multi-hit. In most cases, these additional preloads simply hit existing entries and add nothing new. Removing these functions avoids redundant preloads and eliminates the multi-hit issue. This patch removes these two functions. We tested process switching performance using the context_switch benchmark on POWER9/hash, and observed no regression. Without this patch: 129041 ops/sec With this patch: 129341 ops/sec We also measured SLB faults during boot, and the counts are essentially the same with and without this patch. SLB faults without this patch: 19727 SLB faults with this patch: 19786 Cc: Madhavan Srinivasan <maddy(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Paul Mackerras <paulus(a)ozlabs.org> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Donet Tom <donettom(a)linux.ibm.com> Cc: <linuxppc-dev(a)lists.ozlabs.org> Fixes: 5434ae74629a ("powerpc/64s/hash: Add a SLB preload cache") cc: <stable(a)vger.kernel.org> Suggested-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Signed-off-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> --- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/kernel/process.c | 5 -- arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/slb.c | 88 ------------------- 5 files changed, 98 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/mmu-hash.h b/arch/powerpc/include/asm/book3s/64/mmu-hash.h index 346351423207..af12e2ba8eb8 100644 --- a/arch/powerpc/include/asm/book3s/64/mmu-hash.h +++ b/arch/powerpc/include/asm/book3s/64/mmu-hash.h @@ -524,7 +524,6 @@ void slb_save_contents(struct slb_entry *slb_ptr); void slb_dump_contents(struct slb_entry *slb_ptr); extern void slb_vmalloc_update(void); -void preload_new_slb_context(unsigned long start, unsigned long sp); #ifdef CONFIG_PPC_64S_HASH_MMU void slb_set_size(u16 size); diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index eb23966ac0a9..a45fe147868b 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -1897,8 +1897,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) return 0; } -void preload_new_slb_context(unsigned long start, unsigned long sp); - /* * Set up a thread for executing a new program */ @@ -1906,9 +1904,6 @@ void start_thread(struct pt_regs *regs, unsigned long start, unsigned long sp) { #ifdef CONFIG_PPC64 unsigned long load_addr = regs->gpr[2]; /* saved by ELF_PLAT_INIT */ - - if (IS_ENABLED(CONFIG_PPC_BOOK3S_64) && !radix_enabled()) - preload_new_slb_context(start, sp); #endif #ifdef CONFIG_PPC_TRANSACTIONAL_MEM diff --git a/arch/powerpc/mm/book3s64/internal.h b/arch/powerpc/mm/book3s64/internal.h index a57a25f06a21..c26a6f0c90fc 100644 --- a/arch/powerpc/mm/book3s64/internal.h +++ b/arch/powerpc/mm/book3s64/internal.h @@ -24,8 +24,6 @@ static inline bool stress_hpt(void) void hpt_do_stress(unsigned long ea, unsigned long hpte_group); -void slb_setup_new_exec(void); - void exit_lazy_flush_tlb(struct mm_struct *mm, bool always_flush); #endif /* ARCH_POWERPC_MM_BOOK3S64_INTERNAL_H */ diff --git a/arch/powerpc/mm/book3s64/mmu_context.c b/arch/powerpc/mm/book3s64/mmu_context.c index 4e1e45420bd4..fb9dcf9ca599 100644 --- a/arch/powerpc/mm/book3s64/mmu_context.c +++ b/arch/powerpc/mm/book3s64/mmu_context.c @@ -150,8 +150,6 @@ static int hash__init_new_context(struct mm_struct *mm) void hash__setup_new_exec(void) { slice_setup_new_exec(); - - slb_setup_new_exec(); } #else static inline int hash__init_new_context(struct mm_struct *mm) diff --git a/arch/powerpc/mm/book3s64/slb.c b/arch/powerpc/mm/book3s64/slb.c index 6b783552403c..7e053c561a09 100644 --- a/arch/powerpc/mm/book3s64/slb.c +++ b/arch/powerpc/mm/book3s64/slb.c @@ -328,94 +328,6 @@ static void preload_age(struct thread_info *ti) ti->slb_preload_tail = (ti->slb_preload_tail + 1) % SLB_PRELOAD_NR; } -void slb_setup_new_exec(void) -{ - struct thread_info *ti = current_thread_info(); - struct mm_struct *mm = current->mm; - unsigned long exec = 0x10000000; - - WARN_ON(irqs_disabled()); - - /* - * preload cache can only be used to determine whether a SLB - * entry exists if it does not start to overflow. - */ - if (ti->slb_preload_nr + 2 > SLB_PRELOAD_NR) - return; - - hard_irq_disable(); - - /* - * We have no good place to clear the slb preload cache on exec, - * flush_thread is about the earliest arch hook but that happens - * after we switch to the mm and have already preloaded the SLBEs. - * - * For the most part that's probably okay to use entries from the - * previous exec, they will age out if unused. It may turn out to - * be an advantage to clear the cache before switching to it, - * however. - */ - - /* - * preload some userspace segments into the SLB. - * Almost all 32 and 64bit PowerPC executables are linked at - * 0x10000000 so it makes sense to preload this segment. - */ - if (!is_kernel_addr(exec)) { - if (preload_add(ti, exec)) - slb_allocate_user(mm, exec); - } - - /* Libraries and mmaps. */ - if (!is_kernel_addr(mm->mmap_base)) { - if (preload_add(ti, mm->mmap_base)) - slb_allocate_user(mm, mm->mmap_base); - } - - /* see switch_slb */ - asm volatile("isync" : : : "memory"); - - local_irq_enable(); -} - -void preload_new_slb_context(unsigned long start, unsigned long sp) -{ - struct thread_info *ti = current_thread_info(); - struct mm_struct *mm = current->mm; - unsigned long heap = mm->start_brk; - - WARN_ON(irqs_disabled()); - - /* see above */ - if (ti->slb_preload_nr + 3 > SLB_PRELOAD_NR) - return; - - hard_irq_disable(); - - /* Userspace entry address. */ - if (!is_kernel_addr(start)) { - if (preload_add(ti, start)) - slb_allocate_user(mm, start); - } - - /* Top of stack, grows down. */ - if (!is_kernel_addr(sp)) { - if (preload_add(ti, sp)) - slb_allocate_user(mm, sp); - } - - /* Bottom of heap, grows up. */ - if (heap && !is_kernel_addr(heap)) { - if (preload_add(ti, heap)) - slb_allocate_user(mm, heap); - } - - /* see switch_slb */ - asm volatile("isync" : : : "memory"); - - local_irq_enable(); -} - static void slb_cache_slbie_kernel(unsigned int index) { unsigned long slbie_data = get_paca()->slb_cache[index]; -- 2.51.0

1 day, 9 hours

1
0
0 0

[PATCH net v7] virtio-net: fix received length check in big packets

by Bui Quang Minh

Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change. Fixes: 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- Changes in v7: - Fix typos - Link to v6: https://lore.kernel.org/netdev/20251028143116.4532-1-minhquangbui99@gmail.c… Changes in v6: - Fix the length check - Link to v5: https://lore.kernel.org/netdev/20251024150649.22906-1-minhquangbui99@gmail.… Changes in v5: - Move the length check to receive_big - Link to v4: https://lore.kernel.org/netdev/20251022160623.51191-1-minhquangbui99@gmail.… Changes in v4: - Remove unrelated changes, add more comments - Link to v3: https://lore.kernel.org/netdev/20251021154534.53045-1-minhquangbui99@gmail.… Changes in v3: - Convert BUG_ON to WARN_ON_ONCE - Link to v2: https://lore.kernel.org/netdev/20250708144206.95091-1-minhquangbui99@gmail.… Changes in v2: - Remove incorrect give_pages call - Link to v1: https://lore.kernel.org/netdev/20250706141150.25344-1-minhquangbui99@gmail.… --- drivers/net/virtio_net.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index a757cbcab87f..421b9aa190a0 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -910,17 +910,6 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, goto ok; } - /* - * Verify that we can indeed put this data into a skb. - * This is here to handle cases when the device erroneously - * tries to receive more than is possible. This is usually - * the case of a broken device. - */ - if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) { - net_dbg_ratelimited("%s: too much data\n", skb->dev->name); - dev_kfree_skb(skb); - return NULL; - } BUG_ON(offset >= PAGE_SIZE); while (len) { unsigned int frag_size = min((unsigned)PAGE_SIZE - offset, len); @@ -2107,9 +2096,19 @@ static struct sk_buff *receive_big(struct net_device *dev, struct virtnet_rq_stats *stats) { struct page *page = buf; - struct sk_buff *skb = - page_to_skb(vi, rq, page, 0, len, PAGE_SIZE, 0); + struct sk_buff *skb; + + /* Make sure that len does not exceed the size allocated in + * add_recvbuf_big. + */ + if (unlikely(len > (vi->big_packets_num_skbfrags + 1) * PAGE_SIZE)) { + pr_debug("%s: rx error: len %u exceeds allocated size %lu\n", + dev->name, len, + (vi->big_packets_num_skbfrags + 1) * PAGE_SIZE); + goto err; + } + skb = page_to_skb(vi, rq, page, 0, len, PAGE_SIZE, 0); u64_stats_add(&stats->bytes, len - vi->hdr_len); if (unlikely(!skb)) goto err; -- 2.43.0

1 day, 10 hours

1
0
0 0

[PATCH v5 0/3] phy: qcom: edp: Add missing ref clock to x1e80100

by Abel Vesa

According to documentation, the DP PHY on x1e80100 has another clock called ref. The current X Elite devices supported upstream work fine without this clock, because the boot firmware leaves this clock enabled. But we should not rely on that. Also, when it comes to power management, this clock needs to be also disabled on suspend. So even though this change breaks the ABI, it is needed in order to make we disable this clock on runtime PM, when that is going to be enabled in the driver. So rework the driver to allow different number of clocks, fix the dt-bindings schema and add the clock to the DT node as well. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v5: - Picked-up Bjorn's R-b tags. - Replaced "parse" with "get" on clocks acquiring failure. - Link to v4: https://lore.kernel.org/r/20251029-phy-qcom-edp-add-missing-refclk-v4-0-adb… Changes in v4: - Picked Dmitry's R-b tag for the driver patch - Added x1e80100 substring to subject of dts patch - Link to v3 (resend): https://lore.kernel.org/r/20251014-phy-qcom-edp-add-missing-refclk-v3-0-078… Changes in v3 (resend) - picked-up Krzysztof's R-b tag for bindings patch - Link to v3: https://lore.kernel.org/r/20250909-phy-qcom-edp-add-missing-refclk-v3-0-4ec… Changes in v3: - Use dev_err_probe() on clocks parsing failure. - Explain why the ABI break is necessary. - Drop the extra 'clk' suffix from the clock name. So ref instead of refclk. - Link to v2: https://lore.kernel.org/r/20250903-phy-qcom-edp-add-missing-refclk-v2-0-d88… Changes in v2: - Fix schema by adding the minItems, as suggested by Krzysztof. - Use devm_clk_bulk_get_all, as suggested by Konrad. - Rephrase the commit messages to reflect the flexible number of clocks. - Link to v1: https://lore.kernel.org/r/20250730-phy-qcom-edp-add-missing-refclk-v1-0-6f7… --- Abel Vesa (3): dt-bindings: phy: qcom-edp: Add missing clock for X Elite phy: qcom: edp: Make the number of clocks flexible arm64: dts: qcom: x1e80100: Add missing TCSR ref clock to the DP PHYs .../devicetree/bindings/phy/qcom,edp-phy.yaml | 28 +++++++++++++++++++++- arch/arm64/boot/dts/qcom/hamoa.dtsi | 12 ++++++---- drivers/phy/qualcomm/phy-qcom-edp.c | 16 ++++++------- 3 files changed, 43 insertions(+), 13 deletions(-) --- base-commit: 131f3d9446a6075192cdd91f197989d98302faa6 change-id: 20250730-phy-qcom-edp-add-missing-refclk-5ab82828f8e7 Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

1 day, 10 hours

1
3
0 0

[PATCH v4 0/3] phy: qcom: edp: Add missing ref clock to x1e80100

by Abel Vesa

According to documentation, the DP PHY on x1e80100 has another clock called ref. The current X Elite devices supported upstream work fine without this clock, because the boot firmware leaves this clock enabled. But we should not rely on that. Also, when it comes to power management, this clock needs to be also disabled on suspend. So even though this change breaks the ABI, it is needed in order to make we disable this clock on runtime PM, when that is going to be enabled in the driver. So rework the driver to allow different number of clocks, fix the dt-bindings schema and add the clock to the DT node as well. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v4: - Picked Dmitry's R-b tag for the driver patch - Added x1e80100 substring to subject of dts patch - Link to v3 (resend): https://lore.kernel.org/r/20251014-phy-qcom-edp-add-missing-refclk-v3-0-078… Changes in v3 (resend) - picked-up Krzysztof's R-b tag for bindings patch - Link to v3: https://lore.kernel.org/r/20250909-phy-qcom-edp-add-missing-refclk-v3-0-4ec… Changes in v3: - Use dev_err_probe() on clocks parsing failure. - Explain why the ABI break is necessary. - Drop the extra 'clk' suffix from the clock name. So ref instead of refclk. - Link to v2: https://lore.kernel.org/r/20250903-phy-qcom-edp-add-missing-refclk-v2-0-d88… Changes in v2: - Fix schema by adding the minItems, as suggested by Krzysztof. - Use devm_clk_bulk_get_all, as suggested by Konrad. - Rephrase the commit messages to reflect the flexible number of clocks. - Link to v1: https://lore.kernel.org/r/20250730-phy-qcom-edp-add-missing-refclk-v1-0-6f7… --- Abel Vesa (3): dt-bindings: phy: qcom-edp: Add missing clock for X Elite phy: qcom: edp: Make the number of clocks flexible arm64: dts: qcom: x1e80100: Add missing TCSR ref clock to the DP PHYs .../devicetree/bindings/phy/qcom,edp-phy.yaml | 28 +++++++++++++++++++++- arch/arm64/boot/dts/qcom/hamoa.dtsi | 12 ++++++---- drivers/phy/qualcomm/phy-qcom-edp.c | 16 ++++++------- 3 files changed, 43 insertions(+), 13 deletions(-) --- base-commit: f9ba12abc5282bf992f9a9ae87ad814fd03a0270 change-id: 20250730-phy-qcom-edp-add-missing-refclk-5ab82828f8e7 Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

1 day, 10 hours

2
8
0 0

[PATCH v2 1/4] ASoC: cs4271: Fix cs4271 I2C and SPI drivers automatic module loading

by Herve Codina

In commit c973b8a7dc50 ("ASoC: cs4271: Split SPI and I2C code into different modules") the driver was slit into a core, an SPI and an I2C part. However, the MODULE_DEVICE_TABLE(of, cs4271_dt_ids) was in the core part and so, module loading based on module.alias (based on DT compatible string matching) loads the core part but not the SPI or I2C parts. In order to have the I2C or the SPI module loaded automatically, move the MODULE_DEVICE_TABLE(of, ...) the core to I2C and SPI parts. Also move cs4271_dt_ids itself from the core part to I2C and SPI parts as both the call to MODULE_DEVICE_TABLE(of, ...) and the cs4271_dt_ids table itself need to be in the same file. Fixes: c973b8a7dc50 ("ASoC: cs4271: Split SPI and I2C code into different modules") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- sound/soc/codecs/cs4271-i2c.c | 6 ++++++ sound/soc/codecs/cs4271-spi.c | 13 +++++++++++++ sound/soc/codecs/cs4271.c | 9 --------- sound/soc/codecs/cs4271.h | 1 - 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/sound/soc/codecs/cs4271-i2c.c b/sound/soc/codecs/cs4271-i2c.c index 1d210b969173..cefb8733fc61 100644 --- a/sound/soc/codecs/cs4271-i2c.c +++ b/sound/soc/codecs/cs4271-i2c.c @@ -28,6 +28,12 @@ static const struct i2c_device_id cs4271_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, cs4271_i2c_id); +static const struct of_device_id cs4271_dt_ids[] = { + { .compatible = "cirrus,cs4271", }, + { } +}; +MODULE_DEVICE_TABLE(of, cs4271_dt_ids); + static struct i2c_driver cs4271_i2c_driver = { .driver = { .name = "cs4271", diff --git a/sound/soc/codecs/cs4271-spi.c b/sound/soc/codecs/cs4271-spi.c index 4feb80436bd9..28dd7b8f3507 100644 --- a/sound/soc/codecs/cs4271-spi.c +++ b/sound/soc/codecs/cs4271-spi.c @@ -23,11 +23,24 @@ static int cs4271_spi_probe(struct spi_device *spi) return cs4271_probe(&spi->dev, devm_regmap_init_spi(spi, &config)); } +static const struct spi_device_id cs4271_id_spi[] = { + { "cs4271", 0 }, + {} +}; +MODULE_DEVICE_TABLE(spi, cs4271_id_spi); + +static const struct of_device_id cs4271_dt_ids[] = { + { .compatible = "cirrus,cs4271", }, + { } +}; +MODULE_DEVICE_TABLE(of, cs4271_dt_ids); + static struct spi_driver cs4271_spi_driver = { .driver = { .name = "cs4271", .of_match_table = of_match_ptr(cs4271_dt_ids), }, + .id_table = cs4271_id_spi, .probe = cs4271_spi_probe, }; module_spi_driver(cs4271_spi_driver); diff --git a/sound/soc/codecs/cs4271.c b/sound/soc/codecs/cs4271.c index 6a3cca3d26c7..ff9c6628224c 100644 --- a/sound/soc/codecs/cs4271.c +++ b/sound/soc/codecs/cs4271.c @@ -543,15 +543,6 @@ static int cs4271_soc_resume(struct snd_soc_component *component) #define cs4271_soc_resume NULL #endif /* CONFIG_PM */ -#ifdef CONFIG_OF -const struct of_device_id cs4271_dt_ids[] = { - { .compatible = "cirrus,cs4271", }, - { } -}; -MODULE_DEVICE_TABLE(of, cs4271_dt_ids); -EXPORT_SYMBOL_GPL(cs4271_dt_ids); -#endif - static int cs4271_component_probe(struct snd_soc_component *component) { struct cs4271_private *cs4271 = snd_soc_component_get_drvdata(component); diff --git a/sound/soc/codecs/cs4271.h b/sound/soc/codecs/cs4271.h index 290283a9149e..4965ce085875 100644 --- a/sound/soc/codecs/cs4271.h +++ b/sound/soc/codecs/cs4271.h @@ -4,7 +4,6 @@ #include <linux/regmap.h> -extern const struct of_device_id cs4271_dt_ids[]; extern const struct regmap_config cs4271_regmap_config; int cs4271_probe(struct device *dev, struct regmap *regmap); -- 2.51.0

1 day, 10 hours

3
5
0 0

[PATCH v2] Bluetooth: rfcomm: fix modem control handling

by Johan Hovold

The RFCOMM driver confuses the local and remote modem control signals, which specifically means that the reported DTR and RTS state will instead reflect the remote end (i.e. DSR and CTS). This issue dates back to the original driver (and a follow-on update) merged in 2002, which resulted in a non-standard implementation of TIOCMSET that allowed controlling also the TS07.10 IC and DV signals by mapping them to the RI and DCD input flags, while TIOCMGET failed to return the actual state of DTR and RTS. Note that the bogus control of input signals in tiocmset() is just dead code as those flags will have been masked out by the tty layer since 2003. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- Changes in v2 - fix a compilation issue discovered before sending v1 but never folded into the actual patch... net/bluetooth/rfcomm/tty.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index 376ce6de84be..b783526ab588 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -643,8 +643,8 @@ static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) tty_port_tty_hangup(&dev->port, true); dev->modem_status = - ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | - ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | + ((v24_sig & RFCOMM_V24_RTC) ? TIOCM_DSR : 0) | + ((v24_sig & RFCOMM_V24_RTR) ? TIOCM_CTS : 0) | ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); } @@ -1055,10 +1055,14 @@ static void rfcomm_tty_hangup(struct tty_struct *tty) static int rfcomm_tty_tiocmget(struct tty_struct *tty) { struct rfcomm_dev *dev = tty->driver_data; + struct rfcomm_dlc *dlc = dev->dlc; + u8 v24_sig; BT_DBG("tty %p dev %p", tty, dev); - return dev->modem_status; + rfcomm_dlc_get_modem_status(dlc, &v24_sig); + + return (v24_sig & (TIOCM_DTR | TIOCM_RTS)) | dev->modem_status; } static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) @@ -1071,23 +1075,15 @@ static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigne rfcomm_dlc_get_modem_status(dlc, &v24_sig); - if (set & TIOCM_DSR || set & TIOCM_DTR) + if (set & TIOCM_DTR) v24_sig |= RFCOMM_V24_RTC; - if (set & TIOCM_RTS || set & TIOCM_CTS) + if (set & TIOCM_RTS) v24_sig |= RFCOMM_V24_RTR; - if (set & TIOCM_RI) - v24_sig |= RFCOMM_V24_IC; - if (set & TIOCM_CD) - v24_sig |= RFCOMM_V24_DV; - if (clear & TIOCM_DSR || clear & TIOCM_DTR) + if (clear & TIOCM_DTR) v24_sig &= ~RFCOMM_V24_RTC; - if (clear & TIOCM_RTS || clear & TIOCM_CTS) + if (clear & TIOCM_RTS) v24_sig &= ~RFCOMM_V24_RTR; - if (clear & TIOCM_RI) - v24_sig &= ~RFCOMM_V24_IC; - if (clear & TIOCM_CD) - v24_sig &= ~RFCOMM_V24_DV; rfcomm_dlc_set_modem_status(dlc, v24_sig); -- 2.49.1

1 day, 11 hours

3
3
0 0

btrfs task hung in `lock_extent` syzbot report and CVE-2024-35784

by Andrey Kalachev

Hi. I've check c-repro [1] on 6.1.y branch and found that repro still produce the crash on 6.1.y. I notice that syzbot bisection result [2] is incorrect: indeed, the hung was fixed by upstream commit b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking"). Also, I saw CVE-2024-35784 [3][4] vulnerability, that have direct relation with that syzbot report. Therefore, syzbot reproducer provided additional way to check for CVE-2024-35784. I attempted to fix CVE-2024-35784 in stable 6.1.y (over v6.1.157), and found that the initial fix commit b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking") introduced regressions [5][6]. IMHO here is the minimum patch series to eliminate CVE-2024-35784 from 6.1.y: b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking") (Initial fix of the CVE-2024-35784) a1a4a9ca77f1 ("btrfs: fix race between ordered extent completion and fiemap") (Fixes: b0ad381fa769) 978b63f7464a ("btrfs: fix race when detecting delalloc ranges during fiemap") (Fixes: b0ad381fa769) 1cab1375ba6d ("btrfs: reuse cloned extent buffer during fiemap to avoid re-allocations") (Optimization: 978b63f7464a) 53e24158684b ("btrfs: set start on clone before calling copy_extent_buffer_full") (Fixes: 1cab1375ba6d) Required patches attached. Only two patches in the series have minor backport modifications due to v6.1.157 btrfs code differences. The remaining patches are identical to the upstream. Regards, AK Reported-by: syzbot+f8217aae382555004877(a)syzkaller.appspotmail.com ---- [1] https://syzkaller.appspot.com/text?tag=ReproC&x=12b4c88b280000 [2] https://syzkaller.appspot.com/bug?extid=f8217aae382555004877 [3] https://lore.kernel.org/all/2024051704-CVE-2024-35784-6dec@gregkh/ [4] https://cve.org/CVERecord/?id=CVE-2024-35784 [5] https://lore.kernel.org/linux-btrfs/cover.1709202499.git.fdmanana@suse.com/ [6] https://lore.kernel.org/all/20240304211551.880347593@linuxfoundation.org/

1 day, 11 hours

1
5
0 0

[PATCH v2 1/3] KVM: arm64: Make all 32bit ID registers fully writable

by Marc Zyngier

32bit ID registers aren't getting much love these days, and are often missed in updates. One of these updates broke restoring a GICv2 guest on a GICv3 machine. Instead of performing a piecemeal fix, just bite the bullet and make all 32bit ID regs fully writable. KVM itself never relies on them for anything, and if the VMM wants to mess up the guest, so be it. Fixes: 5cb57a1aff755 ("KVM: arm64: Zero ID_AA64PFR0_EL1.GIC when no GICv3 is presented to the guest") Reported-by: Peter Maydell <peter.maydell(a)linaro.org> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/sys_regs.c | 59 ++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index e67eb39ddc118..ad82264c6cbe1 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2595,19 +2595,23 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, .val = 0, \ } -/* sys_reg_desc initialiser for known cpufeature ID registers */ -#define AA32_ID_SANITISED(name) { \ - ID_DESC(name), \ - .visibility = aa32_id_visibility, \ - .val = 0, \ -} - /* sys_reg_desc initialiser for writable ID registers */ #define ID_WRITABLE(name, mask) { \ ID_DESC(name), \ .val = mask, \ } +/* + * 32bit ID regs are fully writable when the guest is 32bit + * capable. Nothing in the KVM code should rely on 32bit features + * anyway, only 64bit, so let the VMM do its worse. + */ +#define AA32_ID_WRITABLE(name) { \ + ID_DESC(name), \ + .visibility = aa32_id_visibility, \ + .val = GENMASK(31, 0), \ +} + /* sys_reg_desc initialiser for cpufeature ID registers that need filtering */ #define ID_FILTERED(sysreg, name, mask) { \ ID_DESC(sysreg), \ @@ -3128,40 +3132,39 @@ static const struct sys_reg_desc sys_reg_descs[] = { /* AArch64 mappings of the AArch32 ID registers */ /* CRm=1 */ - AA32_ID_SANITISED(ID_PFR0_EL1), - AA32_ID_SANITISED(ID_PFR1_EL1), + AA32_ID_WRITABLE(ID_PFR0_EL1), + AA32_ID_WRITABLE(ID_PFR1_EL1), { SYS_DESC(SYS_ID_DFR0_EL1), .access = access_id_reg, .get_user = get_id_reg, .set_user = set_id_dfr0_el1, .visibility = aa32_id_visibility, .reset = read_sanitised_id_dfr0_el1, - .val = ID_DFR0_EL1_PerfMon_MASK | - ID_DFR0_EL1_CopDbg_MASK, }, + .val = GENMASK(31, 0) }, ID_HIDDEN(ID_AFR0_EL1), - AA32_ID_SANITISED(ID_MMFR0_EL1), - AA32_ID_SANITISED(ID_MMFR1_EL1), - AA32_ID_SANITISED(ID_MMFR2_EL1), - AA32_ID_SANITISED(ID_MMFR3_EL1), + AA32_ID_WRITABLE(ID_MMFR0_EL1), + AA32_ID_WRITABLE(ID_MMFR1_EL1), + AA32_ID_WRITABLE(ID_MMFR2_EL1), + AA32_ID_WRITABLE(ID_MMFR3_EL1), /* CRm=2 */ - AA32_ID_SANITISED(ID_ISAR0_EL1), - AA32_ID_SANITISED(ID_ISAR1_EL1), - AA32_ID_SANITISED(ID_ISAR2_EL1), - AA32_ID_SANITISED(ID_ISAR3_EL1), - AA32_ID_SANITISED(ID_ISAR4_EL1), - AA32_ID_SANITISED(ID_ISAR5_EL1), - AA32_ID_SANITISED(ID_MMFR4_EL1), - AA32_ID_SANITISED(ID_ISAR6_EL1), + AA32_ID_WRITABLE(ID_ISAR0_EL1), + AA32_ID_WRITABLE(ID_ISAR1_EL1), + AA32_ID_WRITABLE(ID_ISAR2_EL1), + AA32_ID_WRITABLE(ID_ISAR3_EL1), + AA32_ID_WRITABLE(ID_ISAR4_EL1), + AA32_ID_WRITABLE(ID_ISAR5_EL1), + AA32_ID_WRITABLE(ID_MMFR4_EL1), + AA32_ID_WRITABLE(ID_ISAR6_EL1), /* CRm=3 */ - AA32_ID_SANITISED(MVFR0_EL1), - AA32_ID_SANITISED(MVFR1_EL1), - AA32_ID_SANITISED(MVFR2_EL1), + AA32_ID_WRITABLE(MVFR0_EL1), + AA32_ID_WRITABLE(MVFR1_EL1), + AA32_ID_WRITABLE(MVFR2_EL1), ID_UNALLOCATED(3,3), - AA32_ID_SANITISED(ID_PFR2_EL1), + AA32_ID_WRITABLE(ID_PFR2_EL1), ID_HIDDEN(ID_DFR1_EL1), - AA32_ID_SANITISED(ID_MMFR5_EL1), + AA32_ID_WRITABLE(ID_MMFR5_EL1), ID_UNALLOCATED(3,7), /* AArch64 ID registers */ -- 2.47.3

1 day, 12 hours

1
0
0 0

[PATCH] can: rcar_canfd: Fix controller mode setting for RZ/G2L SoCs

by Biju

From: Biju Das <biju.das.jz(a)bp.renesas.com> The commit 5cff263606a1 ("can: rcar_canfd: Fix controller mode setting") applies to all SoCs except the RZ/G2L family of SoCs. As per RZ/G2L hardware manual "Figure 28.16 CAN Setting Procedure after the MCU is Reset" CAN mode needs to be set before channel reset. Add the mode_before_ch_rst variable to struct rcar_canfd_hw_info to handle this difference. The above commit also breaks CANFD functionality on RZ/G3E. Adapt this change to RZ/G3E, as well as it works ok by following the initialisation sequence of RZ/G2L. Fixes: 5cff263606a1 ("can: rcar_canfd: Fix controller mode setting") Cc: stable(a)vger.kernel.org Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> --- drivers/net/can/rcar/rcar_canfd.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/net/can/rcar/rcar_canfd.c b/drivers/net/can/rcar/rcar_canfd.c index 49ab65274b51..1724fa5dace6 100644 --- a/drivers/net/can/rcar/rcar_canfd.c +++ b/drivers/net/can/rcar/rcar_canfd.c @@ -444,6 +444,7 @@ struct rcar_canfd_hw_info { unsigned ch_interface_mode:1; /* Has channel interface mode */ unsigned shared_can_regs:1; /* Has shared classical can registers */ unsigned external_clk:1; /* Has external clock */ + unsigned mode_before_ch_rst:1; /* Has set mode before channel reset */ }; /* Channel priv data */ @@ -615,6 +616,7 @@ static const struct rcar_canfd_hw_info rcar_gen3_hw_info = { .ch_interface_mode = 0, .shared_can_regs = 0, .external_clk = 1, + .mode_before_ch_rst = 0, }; static const struct rcar_canfd_hw_info rcar_gen4_hw_info = { @@ -632,6 +634,7 @@ static const struct rcar_canfd_hw_info rcar_gen4_hw_info = { .ch_interface_mode = 1, .shared_can_regs = 1, .external_clk = 1, + .mode_before_ch_rst = 0, }; static const struct rcar_canfd_hw_info rzg2l_hw_info = { @@ -649,6 +652,7 @@ static const struct rcar_canfd_hw_info rzg2l_hw_info = { .ch_interface_mode = 0, .shared_can_regs = 0, .external_clk = 1, + .mode_before_ch_rst = 1, }; static const struct rcar_canfd_hw_info r9a09g047_hw_info = { @@ -666,6 +670,7 @@ static const struct rcar_canfd_hw_info r9a09g047_hw_info = { .ch_interface_mode = 1, .shared_can_regs = 1, .external_clk = 0, + .mode_before_ch_rst = 1, }; /* Helper functions */ @@ -806,6 +811,10 @@ static int rcar_canfd_reset_controller(struct rcar_canfd_global *gpriv) /* Reset Global error flags */ rcar_canfd_write(gpriv->base, RCANFD_GERFL, 0x0); + /* RZ/G2L SoC needs setting the mode before channel reset */ + if (gpriv->info->mode_before_ch_rst) + rcar_canfd_set_mode(gpriv); + /* Transition all Channels to reset mode */ for_each_set_bit(ch, &gpriv->channels_mask, gpriv->info->max_channels) { rcar_canfd_clear_bit(gpriv->base, @@ -826,7 +835,8 @@ static int rcar_canfd_reset_controller(struct rcar_canfd_global *gpriv) } /* Set the controller into appropriate mode */ - rcar_canfd_set_mode(gpriv); + if (!gpriv->info->mode_before_ch_rst) + rcar_canfd_set_mode(gpriv); return 0; } -- 2.43.0

1 day, 12 hours

1
0
0 0

[PATCH 5.4.y] iommu/amd: Fix 2G+ memory-size overflow in unmap_sg()

by Jinhui Guo

Since npages is declared as int, shifting npages << PAGE_SHIFT for a 2 GB+ scatter-gather list overflows before reaching __unmap_single(), leading to incorrect unmapping. A 2 GB region equals 524,288 pages. The expression npages << PAGE_SHIFT yields 0x80000000, which exceeds INT32_MAX (0x7FFFFFFF). Casting to size_t therefore produces 0xFFFFFFFF80000000, an overflow value that breaks the unmap size calculation. Fix the overflow by casting npages to size_t before the PAGE_SHIFT left-shift. Fixes: 89736a0ee81d ("Revert "iommu/amd: Remove the leftover of bypass support"") Cc: stable(a)vger.kernel.org # 5.4 Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> --- Hi, We hit an IO_PAGE_FAULT on AMD with 5.4-stable when mapping a 2 GB scatter-gather list. The fault is caused by an overflow in unmap_sg(): on stable-5.4 the SG-mmap path was never moved to the IOMMU framework, so the bug exists only in this branch. Regards, Jinhui drivers/iommu/amd_iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c index a30aac41af42..60872d7be52b 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -2682,7 +2682,7 @@ static void unmap_sg(struct device *dev, struct scatterlist *sglist, dma_dom = to_dma_ops_domain(domain); npages = sg_num_pages(dev, sglist, nelems); - __unmap_single(dma_dom, startaddr, npages << PAGE_SHIFT, dir); + __unmap_single(dma_dom, startaddr, (size_t)npages << PAGE_SHIFT, dir); } /* -- 2.20.1

1 day, 13 hours

2
1
0 0

[PATCH 1/3] KVM: arm64: Make ID_PFR1_EL1.GIC writable

by Marc Zyngier

Similarly to ID_AA64PFR0_EL1.GIC, relax ID_PFR1_EL1.GIC to be writable. Fixes: 5cb57a1aff755 ("KVM: arm64: Zero ID_AA64PFR0_EL1.GIC when no GICv3 is presented to the guest") Reported-by: Peter Maydell <peter.maydell(a)linaro.org> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/sys_regs.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index b29f72478a50d..73dcefe51a3e7 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2528,6 +2528,12 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, .val = mask, \ } +#define AA32_ID_WRITABLE(name, mask) { \ + ID_DESC(name), \ + .visibility = aa32_id_visibility, \ + .val = mask, \ +} + /* sys_reg_desc initialiser for cpufeature ID registers that need filtering */ #define ID_FILTERED(sysreg, name, mask) { \ ID_DESC(sysreg), \ @@ -3040,7 +3046,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { /* AArch64 mappings of the AArch32 ID registers */ /* CRm=1 */ AA32_ID_SANITISED(ID_PFR0_EL1), - AA32_ID_SANITISED(ID_PFR1_EL1), + AA32_ID_WRITABLE(ID_PFR1_EL1, ID_PFR1_EL1_GIC), { SYS_DESC(SYS_ID_DFR0_EL1), .access = access_id_reg, .get_user = get_id_reg, -- 2.47.3

1 day, 13 hours

2
2
0 0

[PATCH] HID: amd_sfh: Stop sensor before starting

by Mario Limonciello (AMD)

Titas reports that the accelerometer sensor on their laptop only works after a warm boot or unloading/reloading the amd-sfh kernel module. Presumably the sensor is in a bad state on cold boot and failing to start, so explicitly stop it before starting. Cc: stable(a)vger.kernel.org Fixes: 93ce5e0231d79 ("HID: amd_sfh: Implement SFH1.1 functionality") Reported-by: Titas <novatitas366(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220670 Tested-by: Titas <novatitas366(a)gmail.com> Signed-off-by: Mario Limonciello (AMD) <superm1(a)kernel.org> --- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c index 0a9b44ce4904e..b0bab2a1ddcc5 100644 --- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c +++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c @@ -194,6 +194,8 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) if (rc) goto cleanup; + mp2_ops->stop(privdata, cl_data->sensor_idx[i]); + amd_sfh_wait_for_response(privdata, cl_data->sensor_idx[i], DISABLE_SENSOR); writel(0, privdata->mmio + amd_get_p2c_val(privdata, 0)); mp2_ops->start(privdata, info); status = amd_sfh_wait_for_response -- 2.43.0

1 day, 13 hours

2
1
0 0

[PATCH] net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()

by Jiaming Zhang

The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfig_prepare_data() -> dev_get_hwtstamp_phylib() -> vlan_hwtstamp_get() -> generic_hwtstamp_get_lower() -> generic_hwtstamp_ioctl_lower() results in generic_hwtstamp_ioctl_lower() being called with kernel_cfg->ifr as NULL. The generic_hwtstamp_ioctl_lower() function does not expect a NULL ifr and dereferences it, leading to a system crash. Fix this by adding a NULL check for kernel_cfg->ifr in generic_hwtstamp_get/set_lower(). If ifr is NULL, return -EOPNOTSUPP to prevent the call to the legacy IOCTL helper. Fixes: 6e9e2eed4f39 ("net: ethtool: Add support for tsconfig command to get/set hwtstamp config") Closes: https://lore.kernel.org/lkml/cd6a7056-fa6d-43f8-b78a-f5e811247ba8@linux.dev… Signed-off-by: Jiaming Zhang <r772577952(a)gmail.com> --- net/core/dev_ioctl.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c index ad54b12d4b4c..39eaf6ba981a 100644 --- a/net/core/dev_ioctl.c +++ b/net/core/dev_ioctl.c @@ -474,6 +474,10 @@ int generic_hwtstamp_get_lower(struct net_device *dev, return err; } + /* Netlink path with unconverted driver */ + if (!kernel_cfg->ifr) + return -EOPNOTSUPP; + /* Legacy path: unconverted lower driver */ return generic_hwtstamp_ioctl_lower(dev, SIOCGHWTSTAMP, kernel_cfg); } @@ -498,6 +502,10 @@ int generic_hwtstamp_set_lower(struct net_device *dev, return err; } + /* Netlink path with unconverted driver */ + if (!kernel_cfg->ifr) + return -EOPNOTSUPP; + /* Legacy path: unconverted lower driver */ return generic_hwtstamp_ioctl_lower(dev, SIOCSHWTSTAMP, kernel_cfg); } -- 2.34.1

1 day, 14 hours

3
4
0 0

[PATCH 2/2] drm/sched: Use proper locks for drm_sched_job_init()

by Philipp Stanner

drm_sched_job_init() is just racing when checking an entity's runqueue, without taking the proper spinlock. Add the lock. Cc: stable(a)vger.kernel.org # 6.7+ Fixes: 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/gpu/drm/scheduler/sched_main.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c index 7f938f491b6f..30028054385f 100644 --- a/drivers/gpu/drm/scheduler/sched_main.c +++ b/drivers/gpu/drm/scheduler/sched_main.c @@ -799,7 +799,12 @@ int drm_sched_job_init(struct drm_sched_job *job, u32 credits, void *owner, uint64_t drm_client_id) { - if (!entity->rq) { + struct drm_sched_rq *rq; + + spin_lock(&entity->lock); + rq = entity->rq; + spin_unlock(&entity->lock); + if (!rq) { /* This will most likely be followed by missing frames * or worse--a blank screen--leave a trail in the * logs, so this can be debugged easier. -- 2.49.0

1 day, 14 hours

1
0
0 0

[PATCH 1/2] drm/sched: Use proper locks in drm_sched_job_arm()

by Philipp Stanner

drm_sched_job_arm() is just racing when dereferencing entity and runqueue. Add the proper spinlocks. Cc: stable(a)vger.kernel.org # v5.16+ Fixes: dbe48d030b28 ("drm/sched: Split drm_sched_job_init") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/gpu/drm/scheduler/sched_main.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c index c39f0245e3a9..7f938f491b6f 100644 --- a/drivers/gpu/drm/scheduler/sched_main.c +++ b/drivers/gpu/drm/scheduler/sched_main.c @@ -859,10 +859,16 @@ void drm_sched_job_arm(struct drm_sched_job *job) BUG_ON(!entity); drm_sched_entity_select_rq(entity); + + spin_lock(&entity->lock); + spin_lock(&entity->rq->lock); sched = entity->rq->sched; + spin_unlock(&entity->rq->lock); + + job->s_priority = entity->priority; + spin_unlock(&entity->lock); job->sched = sched; - job->s_priority = entity->priority; drm_sched_fence_init(job->s_fence, job->entity); } -- 2.49.0

1 day, 14 hours

1
0
0 0

Re: [PATCH v2] HID: quirks: Add device descriptor for 4c4a:4155

by zhangheng

Hi Terry Junge， I have made the changes as per your suggestion. mic.txt is the microphone report descriptor and is working properly.

1 day, 14 hours

4
6
0 0

[PATCH 1/4] ASoC: codecs: lpass-tx-macro: fix SM6115 support

by Srinivas Kandagatla

SM6115 is compatible with SM8450 and SM6115 does have soundwire controller in tx. For some reason we ended up with this incorrect patch. Fix this by removing it from the codec compatible list and let dt use sm8450 as compatible codec for sm6115 SoC. Fixes: 510c46884299 ("ASoC: codecs: lpass-tx-macro: Add SM6115 support") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/codecs/lpass-tx-macro.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/sound/soc/codecs/lpass-tx-macro.c b/sound/soc/codecs/lpass-tx-macro.c index 1aefd3bde818..1f8fe87b310a 100644 --- a/sound/soc/codecs/lpass-tx-macro.c +++ b/sound/soc/codecs/lpass-tx-macro.c @@ -2472,15 +2472,6 @@ static const struct tx_macro_data lpass_ver_9_2 = { .extra_routes_num = ARRAY_SIZE(tx_audio_map_v9_2), }; -static const struct tx_macro_data lpass_ver_10_sm6115 = { - .flags = LPASS_MACRO_FLAG_HAS_NPL_CLOCK, - .ver = LPASS_VER_10_0_0, - .extra_widgets = tx_macro_dapm_widgets_v9_2, - .extra_widgets_num = ARRAY_SIZE(tx_macro_dapm_widgets_v9_2), - .extra_routes = tx_audio_map_v9_2, - .extra_routes_num = ARRAY_SIZE(tx_audio_map_v9_2), -}; - static const struct tx_macro_data lpass_ver_11 = { .flags = LPASS_MACRO_FLAG_RESET_SWR, .ver = LPASS_VER_11_0_0, @@ -2500,9 +2491,6 @@ static const struct of_device_id tx_macro_dt_match[] = { */ .compatible = "qcom,sc7280-lpass-tx-macro", .data = &lpass_ver_9, - }, { - .compatible = "qcom,sm6115-lpass-tx-macro", - .data = &lpass_ver_10_sm6115, }, { .compatible = "qcom,sm8250-lpass-tx-macro", .data = &lpass_ver_9, -- 2.51.0

1 day, 15 hours

2
2
0 0

[PATCH] misc: eeprom/idt_89hpesx: prevent bad user input in idt_dbgfs_csr_write()

by Miaoqian Lin

A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()") and commit 7ef4c19d245f ("smackfs: restrict bytes count in smackfs write functions") Found via static analysis and code review. Fixes: 183238ffb886 ("misc: eeprom/idt_89hpesx: Switch to memdup_user_nul() helper") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/misc/eeprom/idt_89hpesx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/misc/eeprom/idt_89hpesx.c b/drivers/misc/eeprom/idt_89hpesx.c index 60c42170d147..b2e771bfc6da 100644 --- a/drivers/misc/eeprom/idt_89hpesx.c +++ b/drivers/misc/eeprom/idt_89hpesx.c @@ -907,6 +907,9 @@ static ssize_t idt_dbgfs_csr_write(struct file *filep, const char __user *ubuf, if (*offp) return 0; + if (count == 0 || count > PAGE_SIZE) + return -EINVAL; + /* Copy data from User-space */ buf = memdup_user_nul(ubuf, count); if (IS_ERR(buf)) -- 2.39.5 (Apple Git-154)

1 day, 16 hours

2
1
0 0

[PATCH net] virtio_net: fix alignment for virtio_net_hdr_v1_hash

by Jason Wang

From: "Michael S. Tsirkin" <mst(a)redhat.com> Changing alignment of header would mean it's no longer safe to cast a 2 byte aligned pointer between formats. Use two 16 bit fields to make it 2 byte aligned as previously. This fixes the performance regression since commit ("virtio_net: enable gso over UDP tunnel support.") as it uses virtio_net_hdr_v1_hash_tunnel which embeds virtio_net_hdr_v1_hash. Pktgen in guest + XDP_DROP on TAP + vhost_net shows the TX PPS is recovered from 2.4Mpps to 4.45Mpps. Fixes: 56a06bd40fab ("virtio_net: enable gso over UDP tunnel support.") Cc: stable(a)vger.kernel.org Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- drivers/net/virtio_net.c | 15 +++++++++++++-- include/uapi/linux/virtio_net.h | 3 ++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index a757cbcab87f..5e998d88db44 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -2534,6 +2534,13 @@ static struct sk_buff *receive_mergeable(struct net_device *dev, return NULL; } +static inline u32 +virtio_net_hash_value(const struct virtio_net_hdr_v1_hash *hdr_hash) +{ + return __le16_to_cpu(hdr_hash->hash_value_lo) | + (__le16_to_cpu(hdr_hash->hash_value_hi) << 16); +} + static void virtio_skb_set_hash(const struct virtio_net_hdr_v1_hash *hdr_hash, struct sk_buff *skb) { @@ -2560,7 +2567,7 @@ static void virtio_skb_set_hash(const struct virtio_net_hdr_v1_hash *hdr_hash, default: rss_hash_type = PKT_HASH_TYPE_NONE; } - skb_set_hash(skb, __le32_to_cpu(hdr_hash->hash_value), rss_hash_type); + skb_set_hash(skb, virtio_net_hash_value(hdr_hash), rss_hash_type); } static void virtnet_receive_done(struct virtnet_info *vi, struct receive_queue *rq, @@ -3306,6 +3313,10 @@ static int xmit_skb(struct send_queue *sq, struct sk_buff *skb, bool orphan) pr_debug("%s: xmit %p %pM\n", vi->dev->name, skb, dest); + /* Make sure it's safe to cast between formats */ + BUILD_BUG_ON(__alignof__(*hdr) != __alignof__(hdr->hash_hdr)); + BUILD_BUG_ON(__alignof__(*hdr) != __alignof__(hdr->hash_hdr.hdr)); + can_push = vi->any_header_sg && !((unsigned long)skb->data & (__alignof__(*hdr) - 1)) && !skb_header_cloned(skb) && skb_headroom(skb) >= hdr_len; @@ -6745,7 +6756,7 @@ static int virtnet_xdp_rx_hash(const struct xdp_md *_ctx, u32 *hash, hash_report = VIRTIO_NET_HASH_REPORT_NONE; *rss_type = virtnet_xdp_rss_type[hash_report]; - *hash = __le32_to_cpu(hdr_hash->hash_value); + *hash = virtio_net_hash_value(hdr_hash); return 0; } diff --git a/include/uapi/linux/virtio_net.h b/include/uapi/linux/virtio_net.h index 8bf27ab8bcb4..1db45b01532b 100644 --- a/include/uapi/linux/virtio_net.h +++ b/include/uapi/linux/virtio_net.h @@ -193,7 +193,8 @@ struct virtio_net_hdr_v1 { struct virtio_net_hdr_v1_hash { struct virtio_net_hdr_v1 hdr; - __le32 hash_value; + __le16 hash_value_lo; + __le16 hash_value_hi; #define VIRTIO_NET_HASH_REPORT_NONE 0 #define VIRTIO_NET_HASH_REPORT_IPv4 1 #define VIRTIO_NET_HASH_REPORT_TCPv4 2 -- 2.42.0

1 day, 16 hours

4
5
0 0

[PATCH 5.10] smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path

by Andrey Troshin

From: Stefan Metzmacher <metze(a)samba.org> [ Upstream commit daac51c7032036a0ca5f1aa419ad1b0471d1c6e0 ] During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown() Cc: Steve French <smfrench(a)gmail.com> Cc: Tom Talpey <tom(a)talpey.com> Cc: Long Li <longli(a)microsoft.com> Cc: Namjae Jeon <linkinjeon(a)kernel.org> Cc: linux-cifs(a)vger.kernel.org Cc: samba-technical(a)lists.samba.org Fixes: f198186aa9bb ("CIFS: SMBD: Establish SMB Direct connection") Signed-off-by: Stefan Metzmacher <metze(a)samba.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Andrey Troshin: backport fix from fs/cifs/smbdirect.c to fs/smb/client/smbdirect.c] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39929 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39929 --- fs/cifs/smbdirect.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c index ae332f3771f6..e273f3b9efcb 100644 --- a/fs/cifs/smbdirect.c +++ b/fs/cifs/smbdirect.c @@ -1083,8 +1083,10 @@ static int smbd_negotiate(struct smbd_connection *info) log_rdma_event(INFO, "smbd_post_recv rc=%d iov.addr=%llx iov.length=%x iov.lkey=%x\n", rc, response->sge.addr, response->sge.length, response->sge.lkey); - if (rc) + if (rc) { + put_receive_buffer(info, response); return rc; + } init_completion(&info->negotiate_completion); info->negotiate_done = false; -- 2.34.1

1 day, 17 hours

1
0
0 0

[PATCH] sparc/led: prevent buffer underflow on zero-length write

by Miaoqian Lin

Fix out-of-bounds access in led_proc_write() when count is 0. Accessing buf[count - 1] with count=0 reads/writes buf[-1]. Check for count==0 and return -EINVAL early to fix this. Found via static analysis and code review. Fixes: ee1858d3122d ("[SPARC]: Add sun4m LED driver.") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/sparc/kernel/led.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/sparc/kernel/led.c b/arch/sparc/kernel/led.c index f4fb82b019bb..aa0ca0d8d0e2 100644 --- a/arch/sparc/kernel/led.c +++ b/arch/sparc/kernel/led.c @@ -70,6 +70,9 @@ static ssize_t led_proc_write(struct file *file, const char __user *buffer, { char *buf = NULL; + if (count == 0) + return -EINVAL; + if (count > LED_MAX_LENGTH) count = LED_MAX_LENGTH; -- 2.39.5 (Apple Git-154)

1 day, 17 hours

1
0
0 0

[PATCH 6.12.y 0/2] Backport 2 commits to 6.12.y to fix bond issue

by Rajani Kantha

Backport commit: 094ee6017ea0 ("bonding: check xdp prog when set bond mode") to 6.12.y to fix a bond issue. It depends on commit: 22ccb684c1ca ("bonding: return detailed error when loading native XDP fails) In order to make a clean backport on stable kernel, backport 2 commits. Hangbin Liu (1): bonding: return detailed error when loading native XDP fails Wang Liang (1): bonding: check xdp prog when set bond mode drivers/net/bonding/bond_main.c | 11 +++++++---- drivers/net/bonding/bond_options.c | 3 +++ include/net/bonding.h | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) -- 2.17.1

1 day, 17 hours

1
2
0 0

[PATCH] powerpc/pseries: add input size check in ofdt_write

by Miaoqian Lin

A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()") Found via static analysis and code review. Fixes: 3783225130f0 ("powerpc/pseries: use memdup_user_nul") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/powerpc/platforms/pseries/reconfig.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/platforms/pseries/reconfig.c b/arch/powerpc/platforms/pseries/reconfig.c index 599bd2c78514..b6bc1d8b2207 100644 --- a/arch/powerpc/platforms/pseries/reconfig.c +++ b/arch/powerpc/platforms/pseries/reconfig.c @@ -366,6 +366,9 @@ static ssize_t ofdt_write(struct file *file, const char __user *buf, size_t coun if (rv) return rv; + if (count == 0 || count > PAGE_SIZE) + return -EINVAL; + kbuf = memdup_user_nul(buf, count); if (IS_ERR(kbuf)) return PTR_ERR(kbuf); -- 2.39.5 (Apple Git-154)

1 day, 19 hours

1
0
0 0

[PATCH v2] net: usb: asix_devices: Check return value of usbnet_get_endpoints

by Miaoqian Lin

The code did not check the return value of usbnet_get_endpoints. Add checks and return the error if it fails to transfer the error. Found via static anlaysis and this is similar to commit 07161b2416f7 ("sr9800: Add check for usbnet_get_endpoints"). Fixes: 933a27d39e0e ("USB: asix - Add AX88178 support and many other changes") Fixes: 2e55cc7210fe ("[PATCH] USB: usbnet (3/9) module for ASIX Ethernet adapters") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- - v1:http://lore.kernel.org/all/20250830103743.2118777-1-linmq006@gmail.com changes in v2: - fix the blank line. - update message to clarify how this is detected - add Cc: stable --- drivers/net/usb/asix_devices.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c index 85bd5d845409..232bbd79a4de 100644 --- a/drivers/net/usb/asix_devices.c +++ b/drivers/net/usb/asix_devices.c @@ -230,7 +230,9 @@ static int ax88172_bind(struct usbnet *dev, struct usb_interface *intf) int i; unsigned long gpio_bits = dev->driver_info->data; - usbnet_get_endpoints(dev,intf); + ret = usbnet_get_endpoints(dev, intf); + if (ret) + goto out; /* Toggle the GPIOs in a manufacturer/model specific way */ for (i = 2; i >= 0; i--) { @@ -848,7 +850,9 @@ static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf) dev->driver_priv = priv; - usbnet_get_endpoints(dev, intf); + ret = usbnet_get_endpoints(dev, intf); + if (ret) + return ret; /* Maybe the boot loader passed the MAC address via device tree */ if (!eth_platform_get_mac_address(&dev->udev->dev, buf)) { @@ -1281,7 +1285,9 @@ static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf) int ret; u8 buf[ETH_ALEN] = {0}; - usbnet_get_endpoints(dev,intf); + ret = usbnet_get_endpoints(dev, intf); + if (ret) + return ret; /* Get the MAC address */ ret = asix_read_cmd(dev, AX_CMD_READ_NODE_ID, 0, 0, ETH_ALEN, buf, 0); -- 2.39.5 (Apple Git-154)

1 day, 23 hours

2
1
0 0

[PATCH net 0/4] mptcp: various rare sending issues

by Matthieu Baerts (NGI0)

Here are various fixes from Paolo, addressing very occasional issues on the sending side: - Patch 1: drop an optimisation that could lead to timeout in case of race conditions. A fix for up to v5.11. - Patch 2: fix stream corruption under very specific conditions. A fix for up to v5.13. - Patch 3: restore MPTCP-level zero window probe after a recent fix. A fix for up to v5.16. - Patch 4: new MIB counter to track MPTCP-level zero windows probe to help catching issues similar to the one fixed by the previous patch. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Paolo Abeni (4): mptcp: drop bogus optimization in __mptcp_check_push() mptcp: fix MSG_PEEK stream corruption mptcp: restore window probe mptcp: zero window probe mib net/mptcp/mib.c | 1 + net/mptcp/mib.h | 1 + net/mptcp/protocol.c | 57 +++++++++++++++++++++++++++++++++------------------- net/mptcp/protocol.h | 2 +- 4 files changed, 39 insertions(+), 22 deletions(-) --- base-commit: 210b35d6a7ea415494ce75490c4b43b4e717d935 change-id: 20251027-net-mptcp-send-timeout-7fc1474fd849 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

2 days

2
4
0 0

[PATCH] drm/ast: Clear preserved bits from register output value

by Thomas Zimmermann

Preserve the I/O register bits in __ast_write8_i_masked() as specified by preserve_mask. Accidentally OR-ing the output value into these will overwrite the register's previous settings. Fixes display output on the AST2300, where the screen can go blank at boot. The driver's original commit 312fec1405dd ("drm: Initial KMS driver for AST (ASpeed Technologies) 2000 series (v2)") already added the broken code. Commit 6f719373b943 ("drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off") triggered the bug. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: Peter Schneider <pschneider1968(a)googlemail.com> Closes: https://lore.kernel.org/dri-devel/a40caf8e-58ad-4f9c-af7f-54f6f69c29bb@goog… Tested-by: Peter Schneider <pschneider1968(a)googlemail.com> Fixes: 6f719373b943 ("drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off") Fixes: 312fec1405dd ("drm: Initial KMS driver for AST (ASpeed Technologies) 2000 series (v2)") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Nick Bowler <nbowler(a)draconx.ca> Cc: Douglas Anderson <dianders(a)chromium.org> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.5+ --- drivers/gpu/drm/ast/ast_drv.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/ast/ast_drv.h b/drivers/gpu/drm/ast/ast_drv.h index 7be36a358e74..787e38c6c17d 100644 --- a/drivers/gpu/drm/ast/ast_drv.h +++ b/drivers/gpu/drm/ast/ast_drv.h @@ -298,13 +298,13 @@ static inline void __ast_write8_i(void __iomem *addr, u32 reg, u8 index, u8 val) __ast_write8(addr, reg + 1, val); } -static inline void __ast_write8_i_masked(void __iomem *addr, u32 reg, u8 index, u8 read_mask, +static inline void __ast_write8_i_masked(void __iomem *addr, u32 reg, u8 index, u8 preserve_mask, u8 val) { - u8 tmp = __ast_read8_i_masked(addr, reg, index, read_mask); + u8 tmp = __ast_read8_i_masked(addr, reg, index, preserve_mask); - tmp |= val; - __ast_write8_i(addr, reg, index, tmp); + val &= ~preserve_mask; + __ast_write8_i(addr, reg, index, tmp | val); } static inline u32 ast_read32(struct ast_device *ast, u32 reg) -- 2.51.0

2 days, 1 hour

2
1
0 0

+ kasan-unpoison-vms-addresses-with-a-common-tag.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: unpoison vms[area] addresses with a common tag has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-unpoison-vms-addresses-with-a-common-tag.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Subject: kasan: unpoison vms[area] addresses with a common tag Date: Wed, 29 Oct 2025 19:06:03 +0000 The problem presented here is related to NUMA systems and tag-based KASAN modes - software and hardware ones. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Unpoison all vms[]->addr memory and pointers with the same tag to resolve the mismatch. Link: https://lkml.kernel.org/r/932121edc75be8e2038d64ecb4853df2e2b258df.17617636… Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Tested-by: Baoquan He <bhe(a)redhat.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Barry Song <baohua(a)kernel.org> Cc: Bill Wendling <morbo(a)google.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Breno Leitao <leitao(a)debian.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: FUJITA Tomonori <fujita.tomonori(a)gmail.com> Cc: Guilherme Giacomo Simoes <trintaeoitogc(a)gmail.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Jeremy Linton <jeremy.linton(a)arm.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Marco Elver <elver(a)google.com> Cc: Marc Rutland <mark.rutland(a)arm.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Mostafa Saleh <smostafa(a)google.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Pankaj Gupta <pankaj.gupta(a)amd.com> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Samuel Holland <samuel.holland(a)sifive.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Thomas Huth <thuth(a)redhat.com> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Uros Bizjak <ubizjak(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Will Deacon <will(a)kernel.org> Cc: Xin Li (Intel) <xin(a)zytor.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> [6.1+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/tags.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/mm/kasan/tags.c~kasan-unpoison-vms-addresses-with-a-common-tag +++ a/mm/kasan/tags.c @@ -148,12 +148,20 @@ void __kasan_save_free_info(struct kmem_ save_stack_info(cache, object, 0, true); } +/* + * A tag mismatch happens when calculating per-cpu chunk addresses, because + * they all inherit the tag from vms[0]->addr, even when nr_vms is bigger + * than 1. This is a problem because all the vms[]->addr come from separate + * allocations and have different tags so while the calculated address is + * correct the tag isn't. + */ void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) { int area; for (area = 0 ; area < nr_vms ; area++) { kasan_poison(vms[area]->addr, vms[area]->size, - arch_kasan_get_tag(vms[area]->addr), false); + arch_kasan_get_tag(vms[0]->addr), false); + arch_kasan_set_tag(vms[area]->addr, arch_kasan_get_tag(vms[0]->addr)); } } _ Patches currently in -mm which might be from maciej.wieczor-retman(a)intel.com are kasan-unpoison-pcpu-chunks-with-base-address-tag.patch kasan-unpoison-vms-addresses-with-a-common-tag.patch

2 days, 2 hours

1
0
0 0

+ kasan-unpoison-pcpu-chunks-with-base-address-tag.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: unpoison pcpu chunks with base address tag has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-unpoison-pcpu-chunks-with-base-address-tag.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Subject: kasan: unpoison pcpu chunks with base address tag Date: Wed, 29 Oct 2025 19:05:49 +0000 The problem presented here is related to NUMA systems and tag-based KASAN modes - software and hardware ones. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Refactor code by moving it into a helper in preparation for the actual fix. Link: https://lkml.kernel.org/r/fbce40a59b0a22a5735cb6e9b95c5a45a34b23cb.17617636… Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Tested-by: Baoquan He <bhe(a)redhat.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Barry Song <baohua(a)kernel.org> Cc: Bill Wendling <morbo(a)google.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Breno Leitao <leitao(a)debian.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: FUJITA Tomonori <fujita.tomonori(a)gmail.com> Cc: Guilherme Giacomo Simoes <trintaeoitogc(a)gmail.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Jeremy Linton <jeremy.linton(a)arm.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Marco Elver <elver(a)google.com> Cc: Marc Rutland <mark.rutland(a)arm.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Mostafa Saleh <smostafa(a)google.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Pankaj Gupta <pankaj.gupta(a)amd.com> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Samuel Holland <samuel.holland(a)sifive.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Thomas Huth <thuth(a)redhat.com> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Uros Bizjak <ubizjak(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Will Deacon <will(a)kernel.org> Cc: Xin Li (Intel) <xin(a)zytor.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> [6.1+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 10 ++++++++++ mm/kasan/tags.c | 11 +++++++++++ mm/vmalloc.c | 4 +--- 3 files changed, 22 insertions(+), 3 deletions(-) --- a/include/linux/kasan.h~kasan-unpoison-pcpu-chunks-with-base-address-tag +++ a/include/linux/kasan.h @@ -614,6 +614,13 @@ static __always_inline void kasan_poison __kasan_poison_vmalloc(start, size); } +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms); +static __always_inline void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ + if (kasan_enabled()) + __kasan_unpoison_vmap_areas(vms, nr_vms); +} + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -638,6 +645,9 @@ static inline void *kasan_unpoison_vmall static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } +static inline void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ --- a/mm/kasan/tags.c~kasan-unpoison-pcpu-chunks-with-base-address-tag +++ a/mm/kasan/tags.c @@ -18,6 +18,7 @@ #include <linux/static_key.h> #include <linux/string.h> #include <linux/types.h> +#include <linux/vmalloc.h> #include "kasan.h" #include "../slab.h" @@ -146,3 +147,13 @@ void __kasan_save_free_info(struct kmem_ { save_stack_info(cache, object, 0, true); } + +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ + int area; + + for (area = 0 ; area < nr_vms ; area++) { + kasan_poison(vms[area]->addr, vms[area]->size, + arch_kasan_get_tag(vms[area]->addr), false); + } +} --- a/mm/vmalloc.c~kasan-unpoison-pcpu-chunks-with-base-address-tag +++ a/mm/vmalloc.c @@ -4870,9 +4870,7 @@ retry: * With hardware tag-based KASAN, marking is skipped for * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). */ - for (area = 0; area < nr_vms; area++) - vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, - vms[area]->size, KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vmap_areas(vms, nr_vms); kfree(vas); return vms; _ Patches currently in -mm which might be from maciej.wieczor-retman(a)intel.com are kasan-unpoison-pcpu-chunks-with-base-address-tag.patch kasan-unpoison-vms-addresses-with-a-common-tag.patch

2 days, 2 hours

1
0
0 0

Missing backport of 3c591faadd8a ("Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default"") in 6.1.y stable series?

by Salvatore Bonaccorso

Hi We got in Debian a request to backport 3c591faadd8a ("Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default"") for the kernel in Debian bookworm, based on 6.1.y stable series. https://bugs.debian.org/1119232 While looking at he request, I noticed that the series of commits had a bit of a convuluted history. AFAICT the story began with: de05abe6b9d0 ("drm/amd/display: Enable Freesync Video Mode by default"), this landed in 5.18-rc1 (and backported to v6.1.5, v6.0.19). This was then reverted with 4243c84aa082 ("Revert "drm/amd/display: Enable Freesync Video Mode by default""), which landed in v6.3-rc1 (and in turn was backported to v6.1.53). So far we are in sync. The above was then reverted again, via 11b92df8a2f7 ("Revert "Revert drm/amd/display: Enable Freesync Video Mode by default"") applied in v6.5-rc1 and as well backported to v6.1.53 (so still in sync). Now comes were we are diverging: 3c591faadd8a ("Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default"") got applied later on, landing in v6.9-rc1 but *not* in 6.1.y anymore. I suspect this one was not applied to 6.1.y because in meanwhile there was a conflict to cherry-pick it cleanly due to context changes due to 3e094a287526 ("drm/amd/display: Use drm_connector in create_stream_for_sink"). If this is correct, then the 6.1.y series can be brough in sync with cherry-picking the commit and adjust the context around the change. I'm attaching the proposed change. Alex in particular, does that make sense? Regards, Salvatore

2 days, 3 hours

2
1
0 0

[PATCH v6 02/18] kasan: Unpoison vms[area] addresses with a common tag

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> The problem presented here is related to NUMA systems and tag-based KASAN modes - software and hardware ones. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Unpoison all vms[]->addr memory and pointers with the same tag to resolve the mismatch. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Tested-by: Baoquan He <bhe(a)redhat.com> --- Changelog v6: - Add Baoquan's tested-by tag. - Move patch to the beginning of the series as it is a fix. - Add fixes tag. mm/kasan/tags.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index ecc17c7c675a..c6b40cbffae3 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -148,12 +148,20 @@ void __kasan_save_free_info(struct kmem_cache *cache, void *object) save_stack_info(cache, object, 0, true); } +/* + * A tag mismatch happens when calculating per-cpu chunk addresses, because + * they all inherit the tag from vms[0]->addr, even when nr_vms is bigger + * than 1. This is a problem because all the vms[]->addr come from separate + * allocations and have different tags so while the calculated address is + * correct the tag isn't. + */ void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) { int area; for (area = 0 ; area < nr_vms ; area++) { kasan_poison(vms[area]->addr, vms[area]->size, - arch_kasan_get_tag(vms[area]->addr), false); + arch_kasan_get_tag(vms[0]->addr), false); + arch_kasan_set_tag(vms[area]->addr, arch_kasan_get_tag(vms[0]->addr)); } } -- 2.51.0

2 days, 5 hours

1
0
0 0

[PATCH v6 01/18] kasan: Unpoison pcpu chunks with base address tag

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> The problem presented here is related to NUMA systems and tag-based KASAN modes - software and hardware ones. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Refactor code by moving it into a helper in preparation for the actual fix. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Tested-by: Baoquan He <bhe(a)redhat.com> --- Changelog v6: - Add Baoquan's tested-by tag. - Move patch to the beginning of the series as it is a fix. - Move the refactored code to tags.c because both software and hardware modes compile it. - Add fixes tag. Changelog v4: - Redo the patch message numbered list. - Do the refactoring in this patch and move additions to the next new one. Changelog v3: - Remove last version of this patch that just resets the tag on base_addr and add this patch that unpoisons all areas with the same tag instead. include/linux/kasan.h | 10 ++++++++++ mm/kasan/tags.c | 11 +++++++++++ mm/vmalloc.c | 4 +--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index d12e1a5f5a9a..b00849ea8ffd 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -614,6 +614,13 @@ static __always_inline void kasan_poison_vmalloc(const void *start, __kasan_poison_vmalloc(start, size); } +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms); +static __always_inline void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ + if (kasan_enabled()) + __kasan_unpoison_vmap_areas(vms, nr_vms); +} + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -638,6 +645,9 @@ static inline void *kasan_unpoison_vmalloc(const void *start, static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } +static inline void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index b9f31293622b..ecc17c7c675a 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -18,6 +18,7 @@ #include <linux/static_key.h> #include <linux/string.h> #include <linux/types.h> +#include <linux/vmalloc.h> #include "kasan.h" #include "../slab.h" @@ -146,3 +147,13 @@ void __kasan_save_free_info(struct kmem_cache *cache, void *object) { save_stack_info(cache, object, 0, true); } + +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ + int area; + + for (area = 0 ; area < nr_vms ; area++) { + kasan_poison(vms[area]->addr, vms[area]->size, + arch_kasan_get_tag(vms[area]->addr), false); + } +} diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 798b2ed21e46..934c8bfbcebf 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4870,9 +4870,7 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, * With hardware tag-based KASAN, marking is skipped for * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). */ - for (area = 0; area < nr_vms; area++) - vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, - vms[area]->size, KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vmap_areas(vms, nr_vms); kfree(vas); return vms; -- 2.51.0

2 days, 5 hours

1
0
0 0

Bug: Performance regression in 1013af4f585f: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

by Uschakow, Stanislav

Hello. We have observed a huge latency increase using `fork()` after ingesting the CVE-2025-38085 fix which leads to the commit `1013af4f585f: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race`. On large machines with 1.5TB of memory with 196 cores, we identified mmapping of 1.2TB of shared memory and forking itself dozens or hundreds of times we see a increase of execution times of a factor of 4. The reproducer is at the end of the email. Comparing the a kernel without this patch with a kernel with this patch applied when spawning 1000 children we see those execution times: Patched kernel: $ time make stress ... real 0m11.275s user 0m0.177s sys 0m23.905s Original kernel : $ time make stress ...real 0m2.475s user 0m1.398s sys 0m2.501s The patch in question: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… My observation/assumption is: each child touches 100 random pages and despawns on each despawn `huge_pmd_unshare()` is called each call to `huge_pmd_unshare()` syncrhonizes all threads using `tlb_remove_table_sync_one()` leading to the regression I'm happy to provide more information. Thank you Stanislav Uschakow === Reproducer === Setup: #!/bin/bash echo "Setting up hugepages for reproduction..." # hugepages (1.2TB / 2MB = 614400 pages) REQUIRED_PAGES=614400 # Check current hugepage allocation CURRENT_PAGES=$(cat /proc/sys/vm/nr_hugepages) echo "Current hugepages: $CURRENT_PAGES" if [ "$CURRENT_PAGES" -lt "$REQUIRED_PAGES" ]; then echo "Allocating $REQUIRED_PAGES hugepages..." echo $REQUIRED_PAGES | sudo tee /proc/sys/vm/nr_hugepages ALLOCATED=$(cat /proc/sys/vm/nr_hugepages) echo "Allocated hugepages: $ALLOCATED" if [ "$ALLOCATED" -lt "$REQUIRED_PAGES" ]; then echo "Warning: Could not allocate all required hugepages" echo "Available: $ALLOCATED, Required: $REQUIRED_PAGES" fi fi echo never | sudo tee /sys/kernel/mm/transparent_hugepage/enabled echo -e "\nHugepage information:" cat /proc/meminfo | grep -i huge echo -e "\nSetup complete. You can now run the reproduction test." Makefile: CXX = gcc CXXFLAGS = -O2 -Wall TARGET = hugepage_repro SOURCE = hugepage_repro.c $(TARGET): $(SOURCE) $(CXX) $(CXXFLAGS) -o $(TARGET) $(SOURCE) clean: rm -f $(TARGET) setup: chmod +x setup_hugepages.sh ./setup_hugepages.sh test: $(TARGET) ./$(TARGET) 20 3 stress: $(TARGET) ./$(TARGET) 1000 1 .PHONY: clean setup test stress hugepage_repro.c: #include <sys/mman.h> #include <sys/wait.h> #include <unistd.h> #include <stdlib.h> #include <string.h> #include <time.h> #include <stdio.h> #define HUGEPAGE_SIZE (2 * 1024 * 1024) // 2MB #define TOTAL_SIZE (1200ULL * 1024 * 1024 * 1024) // 1.2TB #define NUM_HUGEPAGES (TOTAL_SIZE / HUGEPAGE_SIZE) void* create_hugepage_mapping() { void* addr = mmap(NULL, TOTAL_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB, -1, 0); if (addr == MAP_FAILED) { perror("mmap hugepages failed"); exit(1); } return addr; } void touch_random_pages(void* addr, int num_touches) { char* base = (char*)addr; for (int i = 0; i < num_touches; ++i) { size_t offset = (rand() % NUM_HUGEPAGES) * HUGEPAGE_SIZE; volatile char val = base[offset]; (void)val; } } void child_process(void* shared_mem, int child_id) { struct timespec start, end; clock_gettime(CLOCK_MONOTONIC, &start); touch_random_pages(shared_mem, 100); clock_gettime(CLOCK_MONOTONIC, &end); long duration = (end.tv_sec - start.tv_sec) * 1000000 + (end.tv_nsec - start.tv_nsec) / 1000; printf("Child %d completed in %ld μs\n", child_id, duration); } int main(int argc, char* argv[]) { int num_processes = argc > 1 ? atoi(argv[1]) : 50; int iterations = argc > 2 ? atoi(argv[2]) : 5; printf("Creating %lluGB hugepage mapping...\n", TOTAL_SIZE / (1024*1024*1024)); void* shared_mem = create_hugepage_mapping(); for (int iter = 0; iter < iterations; ++iter) { printf("\nIteration %d: Forking %d processes\n", iter + 1, num_processes); pid_t children[num_processes]; struct timespec iter_start, iter_end; clock_gettime(CLOCK_MONOTONIC, &iter_start); for (int i = 0; i < num_processes; ++i) { pid_t pid = fork(); if (pid == 0) { child_process(shared_mem, i); exit(0); } else if (pid > 0) { children[i] = pid; } } for (int i = 0; i < num_processes; ++i) { waitpid(children[i], NULL, 0); } clock_gettime(CLOCK_MONOTONIC, &iter_end); long iter_duration = (iter_end.tv_sec - iter_start.tv_sec) * 1000 + (iter_end.tv_nsec - iter_start.tv_nsec) / 1000000; printf("Iteration completed in %ld ms\n", iter_duration); } munmap(shared_mem, TOTAL_SIZE); return 0; } Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

2 days, 6 hours

5
27
0 0

[PATCH 06/25] media: i2c: ov01a10: Fix test-pattern disabling

by Hans de Goede

When the test-pattern control gets set to 0 (Disabled) 0 should be written to the test-pattern register, rather then doing nothing. Fixes: 0827b58dabff ("media: i2c: add ov01a10 image sensor driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/media/i2c/ov01a10.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index 0405ec7c75fd..733e5bf0180c 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -406,10 +406,8 @@ static int ov01a10_update_digital_gain(struct ov01a10 *ov01a10, u32 d_gain) static int ov01a10_test_pattern(struct ov01a10 *ov01a10, u32 pattern) { - if (!pattern) - return 0; - - pattern = (pattern - 1) | OV01A10_TEST_PATTERN_ENABLE; + if (pattern) + pattern = (pattern - 1) | OV01A10_TEST_PATTERN_ENABLE; return ov01a10_write_reg(ov01a10, OV01A10_REG_TEST_PATTERN, 1, pattern); } -- 2.51.0

2 days, 7 hours

3
6
0 0

, conoce mejor a tu candidato antes de contratar

by Valeria Pérez

Evaluaciones Psicométricas para RR.HH. body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Mejora tus procesos de selección con evaluaciones psicométricas fáciles y confiables. Hola, , Sabemos que encontrar al candidato ideal va más allá del currículum. Por eso quiero contarte brevemente sobre PsicoSmart, una plataforma que ayuda a equipos de RR.HH. a evaluar talento con pruebas psicométricas rápidas, confiables y fáciles de aplicar. Con PsicoSmart puedes: Aplicar evaluaciones psicométricas 100% en línea. Elegir entre más de 31 pruebas psicométricas Generar reportes automáticos, visuales y fáciles de interpretar. Comparar resultados entre candidatos en segundos. Ahorrar horas valiosas del proceso de selección. Si estás buscando mejorar tus contrataciones, te lo recomiendo muchísimo. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, ----------------------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewispppseup">click aquí</a>

2 days, 7 hours

1
0
0 0

[PATCH] dma: qcom: gpi: Fix memory leak in gpi_peripheral_config()

by Miaoqian Lin

Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue occurs when: 1. gchan->config points to previously allocated memory 2. krealloc() fails and returns NULL 3. The function directly assigns NULL to gchan->config, losing the reference to the original memory 4. The original memory becomes unreachable and cannot be freed Fix this by using a temporary variable to hold the krealloc() result and only updating gchan->config when the allocation succeeds. Found via static analysis and code review. Fixes: 5d0c3533a19f ("dmaengine: qcom: Add GPI dma driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/dma/qcom/gpi.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/dma/qcom/gpi.c b/drivers/dma/qcom/gpi.c index 8e87738086b2..8908b7c71900 100644 --- a/drivers/dma/qcom/gpi.c +++ b/drivers/dma/qcom/gpi.c @@ -1605,14 +1605,16 @@ static int gpi_peripheral_config(struct dma_chan *chan, struct dma_slave_config *config) { struct gchan *gchan = to_gchan(chan); + void *new_config; if (!config->peripheral_config) return -EINVAL; - gchan->config = krealloc(gchan->config, config->peripheral_size, GFP_NOWAIT); - if (!gchan->config) + new_config = krealloc(gchan->config, config->peripheral_size, GFP_NOWAIT); + if (!new_config) return -ENOMEM; + gchan->config = new_config; memcpy(gchan->config, config->peripheral_config, config->peripheral_size); return 0; -- 2.39.5 (Apple Git-154)

2 days, 7 hours

3
2
0 0

[PATCH 1/2] ASoC: codecs: Use component driver suspend/resume

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Since snd_soc_suspend() is invoked through snd_soc_pm_ops->suspend(), and snd_soc_pm_ops is associated with the soc_driver (defined in sound/soc/soc-core.c), and there is no parent-child relationship between the soc_driver and the DA7213 codec driver, the power management subsystem does not enforce a specific suspend/resume order between the DA7213 driver and the soc_driver. Because of this, the different codec component functionalities, called from snd_soc_resume() to reconfigure various functions, can race with the DA7213 resume function, leading to misapplied configuration. This occasionally results in clipped sound. Fix this by moving the regmap cache operations into struct snd_soc_component_driver::{suspend, resume}. This ensures the proper configuration sequence is handled by the ASoC subsystem. Cc: stable(a)vger.kernel.org Fixes: 431e040065c8 ("ASoC: da7213: Add suspend to RAM support") Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- sound/soc/codecs/da7213.c | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/sound/soc/codecs/da7213.c b/sound/soc/codecs/da7213.c index c1657f348ad9..051806982bbe 100644 --- a/sound/soc/codecs/da7213.c +++ b/sound/soc/codecs/da7213.c @@ -2124,11 +2124,31 @@ static int da7213_probe(struct snd_soc_component *component) return 0; } +static int da7213_suspend(struct snd_soc_component *component) +{ + struct da7213_priv *da7213 = snd_soc_component_get_drvdata(component); + + regcache_cache_only(da7213->regmap, true); + regcache_mark_dirty(da7213->regmap); + + return 0; +} + +static int da7213_resume(struct snd_soc_component *component) +{ + struct da7213_priv *da7213 = snd_soc_component_get_drvdata(component); + + regcache_cache_only(da7213->regmap, false); + return regcache_sync(da7213->regmap); +} + static const struct snd_soc_component_driver soc_component_dev_da7213 = { .probe = da7213_probe, .set_bias_level = da7213_set_bias_level, .controls = da7213_snd_controls, .num_controls = ARRAY_SIZE(da7213_snd_controls), + .suspend = da7213_suspend, + .resume = da7213_resume, .dapm_widgets = da7213_dapm_widgets, .num_dapm_widgets = ARRAY_SIZE(da7213_dapm_widgets), .dapm_routes = da7213_audio_map, @@ -2228,27 +2248,19 @@ static int da7213_runtime_suspend(struct device *dev) { struct da7213_priv *da7213 = dev_get_drvdata(dev); - regcache_cache_only(da7213->regmap, true); - regcache_mark_dirty(da7213->regmap); - regulator_bulk_disable(DA7213_NUM_SUPPLIES, da7213->supplies); - - return 0; + return regulator_bulk_disable(DA7213_NUM_SUPPLIES, da7213->supplies); } static int da7213_runtime_resume(struct device *dev) { struct da7213_priv *da7213 = dev_get_drvdata(dev); - int ret; - ret = regulator_bulk_enable(DA7213_NUM_SUPPLIES, da7213->supplies); - if (ret < 0) - return ret; - regcache_cache_only(da7213->regmap, false); - return regcache_sync(da7213->regmap); + return regulator_bulk_enable(DA7213_NUM_SUPPLIES, da7213->supplies); } -static DEFINE_RUNTIME_DEV_PM_OPS(da7213_pm, da7213_runtime_suspend, - da7213_runtime_resume, NULL); +static const struct dev_pm_ops da7213_pm = { + RUNTIME_PM_OPS(da7213_runtime_suspend, da7213_runtime_resume, NULL) +}; static const struct i2c_device_id da7213_i2c_id[] = { { "da7213" }, -- 2.43.0

2 days, 8 hours

4
6
0 0

[PATCH] Documentation: process: Also mention Sasha Levin as stable tree maintainer

by Bagas Sanjaya

Sasha has also maintaining stable branch in conjunction with Greg since cb5d21946d2a2f ("MAINTAINERS: Add Sasha as a stable branch maintainer"). Mention him in 2.Process.rst. Cc: stable(a)vger.kernel.org Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com> --- Documentation/process/2.Process.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Documentation/process/2.Process.rst b/Documentation/process/2.Process.rst index 8e63d171767db8..7bd41838a5464f 100644 --- a/Documentation/process/2.Process.rst +++ b/Documentation/process/2.Process.rst @@ -99,8 +99,10 @@ go out with a handful of known regressions, though, hopefully, none of them are serious. Once a stable release is made, its ongoing maintenance is passed off to the -"stable team," currently Greg Kroah-Hartman. The stable team will release -occasional updates to the stable release using the 9.x.y numbering scheme. +"stable team," currently consists of Greg Kroah-Hartman and Sasha Levin. The +stable team will release occasional updates to the stable release using the +9.x.y numbering scheme. + To be considered for an update release, a patch must (1) fix a significant bug, and (2) already be merged into the mainline for the next development kernel. Kernels will typically receive stable updates for a little more base-commit: 0aa760051f4eb3d3bcd812125557bd09629a71e8 -- An old man doll... just what I always wanted! - Clara

2 days, 8 hours

4
3
0 0

[PATCH v1] mm/mm_init: Fix hash table order logging in alloc_large_system_hash()

by Isaac J. Manjarres

When emitting the order of the allocation for a hash table, alloc_large_system_hash() unconditionally subtracts PAGE_SHIFT from log base 2 of the allocation size. This is not correct if the allocation size is smaller than a page, and yields a negative value for the order as seen below: TCP established hash table entries: 32 (order: -4, 256 bytes, linear) TCP bind hash table entries: 32 (order: -2, 1024 bytes, linear) Use get_order() to compute the order when emitting the hash table information to correctly handle cases where the allocation size is smaller than a page: TCP established hash table entries: 32 (order: 0, 256 bytes, linear) TCP bind hash table entries: 32 (order: 0, 1024 bytes, linear) Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org # v5.4+ Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> --- mm/mm_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/mm_init.c b/mm/mm_init.c index 3db2dea7db4c..7712d887b696 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -2469,7 +2469,7 @@ void *__init alloc_large_system_hash(const char *tablename, panic("Failed to allocate %s hash table\n", tablename); pr_info("%s hash table entries: %ld (order: %d, %lu bytes, %s)\n", - tablename, 1UL << log2qty, ilog2(size) - PAGE_SHIFT, size, + tablename, 1UL << log2qty, get_order(size), size, virt ? (huge ? "vmalloc hugepage" : "vmalloc") : "linear"); if (_hash_shift) -- 2.51.1.851.g4ebd6896fd-goog

2 days, 8 hours

4
5
0 0

[PATCH] drm/sun4i: Fix device node reference leak in sun4i_tcon_of_get_id_from_port

by Miaoqian Lin

Fix a device node reference leak where the remote endpoint node obtained by of_graph_get_remote_endpoint() was not being properly released. Add of_node_put() calls after of_property_read_u32() to fix this. Fixes: e8d5bbf7f4c4 ("drm/sun4i: tcon: get TCON ID and matching engine with remote endpoint ID") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/sun4i/sun4i_tcon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c index 960e83c8291d..9214769a2857 100644 --- a/drivers/gpu/drm/sun4i/sun4i_tcon.c +++ b/drivers/gpu/drm/sun4i/sun4i_tcon.c @@ -970,6 +970,7 @@ static int sun4i_tcon_of_get_id_from_port(struct device_node *port) continue; ret = of_property_read_u32(remote, "reg", &reg); + of_node_put(remote); if (ret) continue; -- 2.39.5 (Apple Git-154)

2 days, 8 hours

2
1
0 0

[PATCH net v6] virtio-net: fix received length check in big packets

by Bui Quang Minh

Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change. Fixes: 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- Changes in v6: - Fix the length check - Link to v5: https://lore.kernel.org/netdev/20251024150649.22906-1-minhquangbui99@gmail.… Changes in v5: - Move the length check to receive_big - Link to v4: https://lore.kernel.org/netdev/20251022160623.51191-1-minhquangbui99@gmail.… Changes in v4: - Remove unrelated changes, add more comments - Link to v3: https://lore.kernel.org/netdev/20251021154534.53045-1-minhquangbui99@gmail.… Changes in v3: - Convert BUG_ON to WARN_ON_ONCE - Link to v2: https://lore.kernel.org/netdev/20250708144206.95091-1-minhquangbui99@gmail.… Changes in v2: - Remove incorrect give_pages call - Link to v1: https://lore.kernel.org/netdev/20250706141150.25344-1-minhquangbui99@gmail.… --- drivers/net/virtio_net.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index a757cbcab87f..461ad1019c37 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -910,17 +910,6 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi, goto ok; } - /* - * Verify that we can indeed put this data into a skb. - * This is here to handle cases when the device erroneously - * tries to receive more than is possible. This is usually - * the case of a broken device. - */ - if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) { - net_dbg_ratelimited("%s: too much data\n", skb->dev->name); - dev_kfree_skb(skb); - return NULL; - } BUG_ON(offset >= PAGE_SIZE); while (len) { unsigned int frag_size = min((unsigned)PAGE_SIZE - offset, len); @@ -2107,9 +2096,19 @@ static struct sk_buff *receive_big(struct net_device *dev, struct virtnet_rq_stats *stats) { struct page *page = buf; - struct sk_buff *skb = - page_to_skb(vi, rq, page, 0, len, PAGE_SIZE, 0); + struct sk_buff *skb; + + /* Make sure that len does not exceed the allocated size in + * add_recvbuf_big. + */ + if (unlikely(len > (vi->big_packets_num_skbfrags + 1) * PAGE_SIZE)) { + pr_debug("%s: rx error: len %u exceeds allocate size %lu\n", + dev->name, len, + (vi->big_packets_num_skbfrags + 1) * PAGE_SIZE); + goto err; + } + skb = page_to_skb(vi, rq, page, 0, len, PAGE_SIZE, 0); u64_stats_add(&stats->bytes, len - vi->hdr_len); if (unlikely(!skb)) goto err; -- 2.43.0

2 days, 9 hours

2
2
0 0

[PATCH v2] w1: therm: Fix off-by-one buffer overflow in alarms_store

by Thorsten Blum

The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'. Fix this by parsing the 'buf' parameter directly using simple_strtol() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code. Cc: stable(a)vger.kernel.org Fixes: e2c94d6f5720 ("w1_therm: adding alarm sysfs entry") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- Compile-tested only. Changes in v2: - Fix buffer overflow instead of truncating the copy using strscpy() - Parse buffer directly using simple_strtol() as suggested by David - Update patch subject and description - Link to v1: https://lore.kernel.org/lkml/20251017170047.114224-2-thorsten.blum@linux.de… --- drivers/w1/slaves/w1_therm.c | 98 ++++++++++++------------------------ 1 file changed, 33 insertions(+), 65 deletions(-) diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c index 9ccedb3264fb..046fa682d57d 100644 --- a/drivers/w1/slaves/w1_therm.c +++ b/drivers/w1/slaves/w1_therm.c @@ -1836,59 +1836,32 @@ static ssize_t alarms_store(struct device *device, struct w1_slave *sl = dev_to_w1_slave(device); struct therm_info info; u8 new_config_register[3]; /* array of data to be written */ - int temp, ret; - char *token = NULL; + long temp; + int ret; s8 tl, th; /* 1 byte per value + temp ring order */ - char *p_args, *orig; + const char *p = buf; + char *endp; - p_args = orig = kmalloc(size, GFP_KERNEL); - /* Safe string copys as buf is const */ - if (!p_args) { - dev_warn(device, - "%s: error unable to allocate memory %d\n", - __func__, -ENOMEM); - return size; + temp = simple_strtol(p, &endp, 10); + if (p == endp || *endp != ' ') { + dev_info(device, "%s: error parsing args %d\n", + __func__, -EINVAL); + goto err; } - strcpy(p_args, buf); - - /* Split string using space char */ - token = strsep(&p_args, " "); - - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - - /* Convert 1st entry to int */ - ret = kstrtoint (token, 10, &temp); - if (ret) { - dev_info(device, - "%s: error parsing args %d\n", __func__, ret); - goto free_m; - } - + /* Cast to short to eliminate out of range values */ tl = int_to_short(temp); - /* Split string using space char */ - token = strsep(&p_args, " "); - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - /* Convert 2nd entry to int */ - ret = kstrtoint (token, 10, &temp); - if (ret) { - dev_info(device, - "%s: error parsing args %d\n", __func__, ret); - goto free_m; + p = endp + 1; + temp = simple_strtol(p, &endp, 10); + if (p == endp) { + dev_info(device, "%s: error parsing args %d\n", + __func__, -EINVAL); + goto err; } - - /* Prepare to cast to short by eliminating out of range values */ + /* Cast to short to eliminate out of range values */ th = int_to_short(temp); - /* Reorder if required th and tl */ + /* Reorder if required */ if (tl > th) swap(tl, th); @@ -1897,35 +1870,30 @@ static ssize_t alarms_store(struct device *device, * (th : byte 2 - tl: byte 3) */ ret = read_scratchpad(sl, &info); - if (!ret) { - new_config_register[0] = th; /* Byte 2 */ - new_config_register[1] = tl; /* Byte 3 */ - new_config_register[2] = info.rom[4];/* Byte 4 */ - } else { - dev_info(device, - "%s: error reading from the slave device %d\n", - __func__, ret); - goto free_m; + if (ret) { + dev_info(device, "%s: error reading from the slave device %d\n", + __func__, ret); + goto err; } + new_config_register[0] = th; /* Byte 2 */ + new_config_register[1] = tl; /* Byte 3 */ + new_config_register[2] = info.rom[4]; /* Byte 4 */ /* Write data in the device RAM */ if (!SLAVE_SPECIFIC_FUNC(sl)) { - dev_info(device, - "%s: Device not supported by the driver %d\n", - __func__, -ENODEV); - goto free_m; + dev_info(device, "%s: Device not supported by the driver %d\n", + __func__, -ENODEV); + goto err; } ret = SLAVE_SPECIFIC_FUNC(sl)->write_data(sl, new_config_register); - if (ret) - dev_info(device, - "%s: error writing to the slave device %d\n", + if (ret) { + dev_info(device, "%s: error writing to the slave device %d\n", __func__, ret); + goto err; + } -free_m: - /* free allocated memory */ - kfree(orig); - +err: return size; } -- 2.51.0

2 days, 9 hours

1
1
0 0

FAILED: patch "[PATCH] ksmbd: transport_ipc: validate payload size before reading" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102920-mace-herbal-edee@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0 Mon Sep 17 00:00:00 2001 From: Qianchang Zhao <pioooooooooip(a)gmail.com> Date: Wed, 22 Oct 2025 15:27:47 +0900 Subject: [PATCH] ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c index 46f87fd1ce1c..2c08cccfa680 100644 --- a/fs/smb/server/transport_ipc.c +++ b/fs/smb/server/transport_ipc.c @@ -263,10 +263,16 @@ static void ipc_msg_handle_free(int handle) static int handle_response(int type, void *payload, size_t sz) { - unsigned int handle = *(unsigned int *)payload; + unsigned int handle; struct ipc_msg_table_entry *entry; int ret = 0; + /* Prevent 4-byte read beyond declared payload size */ + if (sz < sizeof(unsigned int)) + return -EINVAL; + + handle = *(unsigned int *)payload; + ipc_update_last_active(); down_read(&ipc_msg_table_lock); hash_for_each_possible(ipc_msg_table, entry, ipc_table_hlist, handle) {

2 days, 9 hours

2
1
0 0

[PATCH V2] mm/slab: ensure all metadata in slab object are word-aligned

by Harry Yoo

When the SLAB_STORE_USER debug flag is used, any metadata placed after the original kmalloc request size (orig_size) is not properly aligned on 64-bit architectures because its type is unsigned int. When both KASAN and SLAB_STORE_USER are enabled, kasan_alloc_meta is misaligned. Note that 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS are assumed to require 64-bit accesses to be 64-bit aligned. See HAVE_64BIT_ALIGNED_ACCESS and commit adab66b71abf ("Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"") for more details. Because not all architectures support unaligned memory accesses, ensure that all metadata (track, orig_size, kasan_{alloc,free}_meta) in a slab object are word-aligned. struct track, kasan_{alloc,free}_meta are aligned by adding __aligned(__alignof__(unsigned long)). For orig_size, use ALIGN(sizeof(unsigned int), sizeof(unsigned long)) to make clear that its size remains unsigned int but it must be aligned to a word boundary. On 64-bit architectures, this reserves 8 bytes for orig_size, which is acceptable since kmalloc's original request size tracking is intended for debugging rather than production use. Cc: stable(a)vger.kernel.org Fixes: 6edf2576a6cc ("mm/slub: enable debugging memory wasting of kmalloc") Acked-by: Andrey Konovalov <andreyknvl(a)gmail.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- v1 -> v2: - Added Andrey's Acked-by. - Added references to HAVE_64BIT_ALIGNED_ACCESS and the commit that resurrected it. - Used __alignof__() instead of sizeof(), as suggested by Pedro (off-list). Note: either __alignof__ or sizeof() produces the exactly same mm/slub.o files, so there's no functional difference. Thanks! mm/kasan/kasan.h | 4 ++-- mm/slub.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 129178be5e64..b86b6e9f456a 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -265,7 +265,7 @@ struct kasan_alloc_meta { struct kasan_track alloc_track; /* Free track is stored in kasan_free_meta. */ depot_stack_handle_t aux_stack[2]; -}; +} __aligned(__alignof__(unsigned long)); struct qlist_node { struct qlist_node *next; @@ -289,7 +289,7 @@ struct qlist_node { struct kasan_free_meta { struct qlist_node quarantine_link; struct kasan_track free_track; -}; +} __aligned(__alignof__(unsigned long)); #endif /* CONFIG_KASAN_GENERIC */ diff --git a/mm/slub.c b/mm/slub.c index a585d0ac45d4..462a39d57b3a 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -344,7 +344,7 @@ struct track { int cpu; /* Was running on cpu */ int pid; /* Pid context */ unsigned long when; /* When did the operation occur */ -}; +} __aligned(__alignof__(unsigned long)); enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -1196,7 +1196,7 @@ static void print_trailer(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (slub_debug_orig_size(s)) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), __alignof__(unsigned long)); off += kasan_metadata_size(s, false); @@ -1392,7 +1392,8 @@ static int check_pad_bytes(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (s->flags & SLAB_KMALLOC) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } off += kasan_metadata_size(s, false); @@ -7820,9 +7821,14 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s) */ size += 2 * sizeof(struct track); - /* Save the original kmalloc request size */ + /* + * Save the original kmalloc request size. + * Although the request size is an unsigned int, + * make sure that is aligned to word boundary. + */ if (flags & SLAB_KMALLOC) - size += sizeof(unsigned int); + size += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } #endif -- 2.43.0

2 days, 10 hours

2
2
0 0

[PATCH 5.10] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()

by Andrey Troshin

From: Ian Abbott <abbotti(a)mev.co.uk> commit 3cd212e895ca2d58963fdc6422502b10dd3966bb upstream. syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `insn->n` samples (each of which is an `unsigned int`). For some instruction types, `insn->n` samples are copied back to user-space, unless an error code is being returned. The problem is that not all the instruction handlers that need to return data to userspace fill in the whole `insn->n` samples, so that there is an information leak. There is a similar syzbot report for `do_insnlist_ioctl()`, although it does not have a reproducer for it at the time of writing. One culprit is `insn_rw_emulate_bits()` which is used as the handler for `INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have a specific handler for that instruction, but do have an `INSN_BITS` handler. For `INSN_READ` it only fills in at most 1 sample, so if `insn->n` is greater than 1, the remaining `insn->n - 1` samples copied to userspace will be uninitialized kernel data. Another culprit is `vm80xx_ai_insn_read()` in the "vm80xx" driver. It never returns an error, even if it fails to fill the buffer. Fix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure that uninitialized parts of the allocated buffer are zeroed before handling each instruction. Thanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix replaced the call to `kmalloc_array()` with `kcalloc()`, but it is not always necessary to clear the whole buffer. Fixes: ed9eccbe8970 ("Staging: add comedi core") Reported-by: syzbot+a5e45f768aab5892da5d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=a5e45f768aab5892da5d Reported-by: syzbot+fb4362a104d45ab09cf9(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fb4362a104d45ab09cf9 Cc: stable <stable(a)kernel.org> # 5.13+ Cc: Arnaud Lecomte <contact(a)arnaud-lcm.com> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/20250725125324.80276-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Andrey Troshin: backport fix from drivers/comedi/comedi_fops.c to drivers/staging/comedi/comedi_fops.c] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39684 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39684 --- drivers/staging/comedi/comedi_fops.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c index 854b8bdc57a1..0af6e4a2fad9 100644 --- a/drivers/staging/comedi/comedi_fops.c +++ b/drivers/staging/comedi/comedi_fops.c @@ -1582,6 +1582,9 @@ static int do_insnlist_ioctl(struct comedi_device *dev, memset(&data[n], 0, (MIN_SAMPLES - n) * sizeof(unsigned int)); } + } else { + memset(data, 0, max_t(unsigned int, n, MIN_SAMPLES) * + sizeof(unsigned int)); } ret = parse_insn(dev, insns + i, data, file); if (ret < 0) @@ -1665,6 +1668,8 @@ static int do_insn_ioctl(struct comedi_device *dev, memset(&data[insn->n], 0, (MIN_SAMPLES - insn->n) * sizeof(unsigned int)); } + } else { + memset(data, 0, n_data * sizeof(unsigned int)); } ret = parse_insn(dev, insn, data, file); if (ret < 0) -- 2.34.1

2 days, 10 hours

1
0
0 0

[PATCH 2/2] ASoC: renesas: rz-ssi: Use proper dma_buffer_pos after resume

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> When the driver supports DMA, it enqueues four DMA descriptors per substream before the substream is started. New descriptors are enqueued in the DMA completion callback, and each time a new descriptor is queued, the dma_buffer_pos is incremented. During suspend, the DMA transactions are terminated. There might be cases where the four extra enqueued DMA descriptors are not completed and are instead canceled on suspend. However, the cancel operation does not take into account that the dma_buffer_pos was already incremented. Previously, the suspend code reinitialized dma_buffer_pos to zero, but this is not always correct. To avoid losing any audio periods during suspend/resume and to prevent clip sound, save the completed DMA buffer position in the DMA callback and reinitialize dma_buffer_pos on resume. Cc: stable(a)vger.kernel.org Fixes: 1fc778f7c833a ("ASoC: renesas: rz-ssi: Add suspend to RAM support") Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- sound/soc/renesas/rz-ssi.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index e00940814157..81b883e8ac92 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -85,6 +85,7 @@ struct rz_ssi_stream { struct snd_pcm_substream *substream; int fifo_sample_size; /* sample capacity of SSI FIFO */ int dma_buffer_pos; /* The address for the next DMA descriptor */ + int completed_dma_buf_pos; /* The address of the last completed DMA descriptor. */ int period_counter; /* for keeping track of periods transferred */ int sample_width; int buffer_pos; /* current frame position in the buffer */ @@ -215,6 +216,7 @@ static void rz_ssi_stream_init(struct rz_ssi_stream *strm, rz_ssi_set_substream(strm, substream); strm->sample_width = samples_to_bytes(runtime, 1); strm->dma_buffer_pos = 0; + strm->completed_dma_buf_pos = 0; strm->period_counter = 0; strm->buffer_pos = 0; @@ -437,6 +439,10 @@ static void rz_ssi_pointer_update(struct rz_ssi_stream *strm, int frames) snd_pcm_period_elapsed(strm->substream); strm->period_counter = current_period; } + + strm->completed_dma_buf_pos += runtime->period_size; + if (strm->completed_dma_buf_pos >= runtime->buffer_size) + strm->completed_dma_buf_pos = 0; } static int rz_ssi_pio_recv(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) @@ -778,10 +784,14 @@ static int rz_ssi_dma_request(struct rz_ssi_priv *ssi, struct device *dev) return -ENODEV; } -static int rz_ssi_trigger_resume(struct rz_ssi_priv *ssi) +static int rz_ssi_trigger_resume(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) { + struct snd_pcm_substream *substream = strm->substream; + struct snd_pcm_runtime *runtime = substream->runtime; int ret; + strm->dma_buffer_pos = strm->completed_dma_buf_pos + runtime->period_size; + if (rz_ssi_is_stream_running(&ssi->playback) || rz_ssi_is_stream_running(&ssi->capture)) return 0; @@ -794,16 +804,6 @@ static int rz_ssi_trigger_resume(struct rz_ssi_priv *ssi) ssi->hw_params_cache.channels); } -static void rz_ssi_streams_suspend(struct rz_ssi_priv *ssi) -{ - if (rz_ssi_is_stream_running(&ssi->playback) || - rz_ssi_is_stream_running(&ssi->capture)) - return; - - ssi->playback.dma_buffer_pos = 0; - ssi->capture.dma_buffer_pos = 0; -} - static int rz_ssi_dai_trigger(struct snd_pcm_substream *substream, int cmd, struct snd_soc_dai *dai) { @@ -813,7 +813,7 @@ static int rz_ssi_dai_trigger(struct snd_pcm_substream *substream, int cmd, switch (cmd) { case SNDRV_PCM_TRIGGER_RESUME: - ret = rz_ssi_trigger_resume(ssi); + ret = rz_ssi_trigger_resume(ssi, strm); if (ret) return ret; @@ -852,7 +852,6 @@ static int rz_ssi_dai_trigger(struct snd_pcm_substream *substream, int cmd, case SNDRV_PCM_TRIGGER_SUSPEND: rz_ssi_stop(ssi, strm); - rz_ssi_streams_suspend(ssi); break; case SNDRV_PCM_TRIGGER_STOP: -- 2.43.0

2 days, 10 hours

1
0
0 0

Linux 6.17.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.6 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/serial/renesas,scif.yaml | 1 Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Documentation/devicetree/bindings/usb/qcom,snps-dwc3.yaml | 3 Makefile | 6 arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/mm/copypage.c | 11 arch/arm64/tools/sysreg | 4 arch/m68k/include/asm/bitops.h | 25 +- arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 + arch/powerpc/include/asm/pgtable.h | 12 - arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/powerpc/platforms/pseries/cmm.c | 2 arch/riscv/include/asm/hwprobe.h | 7 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/include/asm/vdso/arch_data.h | 6 arch/riscv/kernel/cpu.c | 4 arch/riscv/kernel/cpufeature.c | 10 arch/riscv/kernel/pi/cmdline_early.c | 4 arch/riscv/kernel/pi/fdt_early.c | 40 +++ arch/riscv/kernel/pi/pi.h | 1 arch/riscv/kernel/sys_hwprobe.c | 90 ++++++- arch/riscv/kernel/unaligned_access_speed.c | 9 arch/riscv/kernel/vdso/hwprobe.c | 2 arch/riscv/mm/init.c | 11 arch/s390/mm/pgalloc.c | 13 - arch/x86/kernel/cpu/microcode/amd.c | 2 block/blk-settings.c | 10 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 136 +++++++----- drivers/block/nbd.c | 15 + drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/amd-pstate.c | 6 drivers/cpuidle/governors/menu.c | 21 - drivers/firmware/arm_ffa/driver.c | 37 ++- drivers/firmware/arm_scmi/common.h | 32 ++ drivers/firmware/arm_scmi/driver.c | 54 +--- drivers/gpio/gpio-104-idio-16.c | 1 drivers/gpio/gpio-idio-16.c | 5 drivers/gpio/gpio-ljca.c | 14 - drivers/gpio/gpio-pci-idio-16.c | 1 drivers/gpio/gpio-regmap.c | 53 ++++ drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 drivers/gpu/drm/drm_panic.c | 54 ++++ drivers/gpu/drm/panthor/panthor_mmu.c | 10 drivers/gpu/drm/xe/xe_ggtt.c | 3 drivers/hwmon/cgbc-hwmon.c | 3 drivers/hwmon/pmbus/isl68137.c | 3 drivers/hwmon/pmbus/max34440.c | 12 - drivers/hwmon/sht3x.c | 27 +- drivers/irqchip/irq-gic-v3-its-fsl-mc-msi.c | 2 drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/vmw_balloon.c | 8 drivers/most/most_usb.c | 13 - drivers/net/bonding/bond_main.c | 47 ++-- drivers/net/can/bxcan.c | 2 drivers/net/can/dev/netlink.c | 6 drivers/net/can/esd/esdacc.c | 2 drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 25 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/hisilicon/Kconfig | 1 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 51 +++- drivers/net/ethernet/renesas/ravb_main.c | 24 +- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/ethernet/ti/am65-cpts.c | 63 +++-- drivers/net/ovpn/tcp.c | 26 +- drivers/net/phy/micrel.c | 4 drivers/net/phy/realtek/realtek_main.c | 16 - drivers/net/usb/rtl8150.c | 11 drivers/nvmem/rcar-efuse.c | 1 drivers/of/irq.c | 62 +++-- drivers/pci/msi/irqdomain.c | 2 drivers/pci/pci.c | 6 drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 drivers/platform/mellanox/mlxbf-pmc.c | 1 drivers/platform/x86/dell/alienware-wmi-wmax.c | 12 - drivers/ptp/ptp_ocp.c | 2 drivers/s390/crypto/zcrypt_ep11misc.c | 4 drivers/spi/spi-airoha-snfi.c | 128 ++++++++--- drivers/spi/spi-cadence-quadspi.c | 5 drivers/spi/spi-nxp-fspi.c | 80 ++++++- drivers/spi/spi-rockchip-sfc.c | 12 - drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 12 - drivers/staging/gpib/fmh_gpib/fmh_gpib.c | 5 drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 13 - drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/8250/8250_mtk.c | 6 drivers/tty/serial/sc16is7xx.c | 7 drivers/tty/serial/sh-sci.c | 14 - drivers/usb/core/quirks.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/xhci-dbgcap.c | 15 + drivers/usb/serial/option.c | 10 drivers/usb/typec/tcpm/tcpm.c | 4 drivers/vfio/cdx/Makefile | 6 drivers/vfio/cdx/private.h | 14 + drivers/virtio/virtio_balloon.c | 2 fs/aio.c | 2 fs/btrfs/inode.c | 4 fs/btrfs/ref-verify.c | 2 fs/btrfs/send.c | 56 ++++ fs/btrfs/super.c | 8 fs/dlm/lock.c | 2 fs/dlm/lockspace.c | 2 fs/dlm/recover.c | 2 fs/erofs/zmap.c | 39 ++- fs/exec.c | 2 fs/gfs2/lock_dlm.c | 11 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 ++ fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 --- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 +++ fs/hfsplus/super.c | 25 +- fs/hugetlbfs/inode.c | 4 fs/jfs/jfs_metapage.c | 8 fs/notify/fdinfo.c | 6 fs/ocfs2/move_extents.c | 5 fs/smb/client/cifsglob.h | 2 fs/smb/client/inode.c | 5 fs/smb/client/smbdirect.c | 30 +- fs/smb/client/smbdirect.h | 2 fs/smb/server/transport_ipc.c | 8 fs/smb/server/transport_rdma.c | 11 fs/sysfs/group.c | 26 +- fs/xfs/scrub/nlinks.c | 34 ++- fs/xfs/xfs_super.c | 33 +- include/linux/arm_ffa.h | 21 + include/linux/exportfs.h | 7 include/linux/gpio/regmap.h | 16 + include/linux/hung_task.h | 8 include/linux/migrate.h | 11 include/linux/misc_cgroup.h | 2 include/linux/of_irq.h | 6 include/linux/skbuff.h | 3 include/linux/virtio_net.h | 4 io_uring/fdinfo.c | 8 io_uring/filetable.c | 2 io_uring/sqpoll.c | 65 +++-- io_uring/sqpoll.h | 1 io_uring/waitid.c | 2 kernel/dma/debug.c | 5 kernel/sched/fair.c | 9 kernel/sched/sched.h | 2 kernel/trace/rv/monitors/pagefault/Kconfig | 1 kernel/trace/rv/rv.c | 12 - mm/damon/core.c | 7 mm/damon/sysfs.c | 7 mm/huge_memory.c | 3 mm/migrate.c | 88 +++---- mm/migrate_device.c | 2 mm/mremap.c | 15 - mm/page_owner.c | 3 mm/slub.c | 23 +- mm/zsmalloc.c | 4 net/core/datagram.c | 44 +++ net/core/rtnetlink.c | 3 net/hsr/hsr_netlink.c | 8 net/mptcp/pm_kernel.c | 6 net/sctp/inqueue.c | 13 - net/smc/smc_inet.c | 13 - net/vmw_vsock/af_vsock.c | 38 +-- net/xfrm/espintcp.c | 6 rust/kernel/auxiliary.rs | 8 rust/kernel/device.rs | 4 tools/objtool/check.c | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 8 tools/testing/selftests/net/sctp_hello.c | 17 - tools/testing/selftests/net/sctp_vrf.sh | 73 +++--- 187 files changed, 1853 insertions(+), 832 deletions(-) Akash Goel (1): drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Aksh Garg (1): net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Aleksander Jan Bajkowski (1): net: phy: realtek: fix rtl8221b-vm-cg name Alexander Aring (2): dlm: move to rinfo for all middle conversion cases dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexei Starovoitov (1): mm: don't spin in add_stack_record when gfp flags don't allow Alexey Simakov (1): sctp: avoid NULL dereference when chunk data buffer is missing Alexis Czezar Torreno (1): hwmon: (pmbus/max34440) Update adpm12160 coeff due to latest FW Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): io_uring: fix incorrect unlikely() usage in io_waitid_prep() io_uring: correct __must_hold annotation in io_install_fixed_file Amery Hung (2): net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amit Dhingra (1): btrfs: ref-verify: fix IS_ERR() vs NULL check in btrfs_build_ref_tree() Andreas Gruenbacher (1): gfs2: Fix unlikely race in gdlm_put_lock Andrew Cooper (1): x86/microcode: Fix Entrysign revision check for Zen1/Naples Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (1): sched: Remove never used code in mm_cid_get() Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (2): firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode serial: 8250_dw: handle reset control deassert error Catalin Marinas (1): arm64: mte: Do not warn if the page is already tagged in copy_highpage() Charlene Liu (1): drm/amd/display: increase max link count and fix link->enc NULL pointer access Christoph Hellwig (1): block: require LBA dma_alignment when using PI Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Clément Léger (1): riscv: cpufeature: add validation for zfa, zfh and zfhmin Cosmin Tanislav (2): nvmem: rcar-efuse: add missing MODULE_DEVICE_TABLE tty: serial: sh-sci: fix RSCI FIFO overrun handling Cristian Marussi (2): firmware: arm_scmi: Account for failed debug initialization include: trace: Fix inflight count helper on failed initialization Daniel Golle (1): serial: 8250_mtk: Enable baud clock and manage in runtime PM Danilo Krummrich (1): rust: device: fix device context of Device::parent() Darrick J. Wong (2): xfs: fix locking in xchk_nlinks_collect_dir xfs: always warn about deprecated mount options Dave Penkler (3): staging: gpib: Fix no EOI on 1 and 2 byte writes staging: gpib: Return -EINTR on device clear staging: gpib: Fix sending clear and trigger events David Hildenbrand (3): mm/migrate: remove MIGRATEPAGE_UNMAP treewide: remove MIGRATEPAGE_SUCCESS vmw_balloon: indicate success when effectively deflating during migration David Howells (1): cifs: Fix TCP_Server_Info::credits to be signed David Thompson (1): platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init Deepanshu Kartikey (2): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dewei Meng (1): btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Enze Li (1): mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme Erick Karanja (1): hwmon: (pmbus/isl68137) Fix child node reference leak on early return Fernando Fernandez Mancera (2): net: hsr: prevent creation of HSR device with slaves from another netns sysfs: check visibility before changing group attribute ownership Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Fuad Tabba (1): arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Gao Xiang (2): erofs: fix crafted invalid cases for encoded extents erofs: avoid infinite loops due to corrupted subpage compact indexes Geert Uytterhoeven (2): m68k: bitops: Fix find_*_bit() signatures dt-bindings: serial: sh-sci: Fix r8a78000 interrupts Greg Kroah-Hartman (1): Linux 6.17.6 Guenter Roeck (1): hwmon: (sht3x) Fix error handling Haibo Chen (3): spi: spi-nxp-fspi: add the support for sample data from DQS pad spi: spi-nxp-fspi: re-config the clock rate when operation require new clock rate spi: spi-nxp-fspi: limit the clock rate for different sample clock source selection Han Xu (1): spi: spi-nxp-fspi: add extra delay after dll locked Hao Ge (2): slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts slab: Fix obj_ext mistakenly considered NULL due to race condition Haotian Zhang (1): gpio: ljca: Fix duplicated IRQ mapping Harald Freudenberger (1): s390/pkey: Forward keygenflags to ep11_unwrapkey Heiko Carstens (1): s390/mm: Use __GFP_ACCOUNT for user page table allocations Heiner Kallweit (1): net: hibmcge: select FIXED_PHY Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Hugo Villeneuve (1): serial: sc16is7xx: remove useless enable of enhanced features Ioana Ciornei (2): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path gpio: regmap: add the .fixed_direction_output configuration parameter Jakub Acs (1): fs/notify: call exportfs_encode_fid with s_umount Jan Kara (1): expfs: Fix exportfs_can_encode_fh() for EXPORT_FH_FID Jason Wang (1): virtio-net: zero unused hash fields Jens Axboe (2): io_uring/sqpoll: switch away from getrusage() for CPU accounting io_uring/sqpoll: be smarter on when to update the stime usage Jianpeng Chang (1): net: enetc: fix the deadlock of enetc_mdio_lock Jiasheng Jiang (1): ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Jingwei Wang (1): riscv: hwprobe: Fix stale vDSO data for late-initialized keys at boot Jocelyn Falempe (3): drm/panic: Fix drawing the logo on a small narrow screen drm/panic: Fix qr_code, ensure vmargin is positive drm/panic: Fix 24bit pixel crossing page boundaries Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junhui Liu (2): riscv: mm: Return intended SATP mode for noXlvl options riscv: mm: Use mmu-type from FDT to limit SATP mode Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure K Prateek Nayak (1): sched/fair: Block delayed tasks on throttled hierarchy during dequeue Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kees Cook (1): PCI: Test for bit underflow in pcie_set_readrq() Krishna Kurapati (1): dt-bindings: usb: qcom,snps-dwc3: Fix bindings for X1E80100 Krzysztof Kozlowski (1): arm64: dts: broadcom: bcm2712: Add default GIC address cells Kurt Borja (1): platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Lance Yang (1): hung_task: fix warnings caused by unaligned lock pointers Li Qiang (1): hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() Linus Torvalds (1): Unbreak 'make tools/*' for user-space targets Lorenzo Pieralisi (2): of/irq: Convert of_msi_map_id() callers to of_msi_xlate() of/irq: Add msi-parent check to of_msi_xlate() Lorenzo Stoakes (1): mm/mremap: correctly account old mapping after MREMAP_DONTUNMAP remap Ma Ke (1): staging: gpib: Fix device reference leak in fmh_gpib driver Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (4): can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: netlink: can_changelink(): allow disabling of automatic restart Marek Szyprowski (2): dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC spi: rockchip-sfc: Fix DMA-API usage Mario Limonciello (AMD) (1): cpufreq/amd-pstate: Fix a regression leading to EPP 0 after hibernate Mathias Nyman (2): xhci: dbc: enable back DbC in resume if it was enabled before suspend xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathieu Dubois-Briand (1): gpio: regmap: Allow to allocate regmap-irq device Matthew Brost (1): drm/xe: Check return value of GGTT workqueue allocation Matthieu Baerts (NGI0) (4): mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Mattijs Korpershoek (1): spi: cadence-quadspi: Fix pm_runtime unbalance on dma EPROBE_DEFER Michael Grzeschik (1): tcpm: switch check for role_sw device with fw_node Michal Pecio (1): net: usb: rtl8150: Fix frame padding Miguel Ojeda (1): objtool/rust: add one more `noreturn` Rust function Mikhail Kshevetskiy (4): spi: airoha: return an error for continuous mode dirmap creation cases spi: airoha: add support of dual/quad wires spi modes to exec_op() handler spi: airoha: switch back to non-dma mode in the case of error spi: airoha: fix reading/writing of flashes with more than one plane per lun Nam Cao (2): rv: Fully convert enabled_monitors to use list_head as iterator rv: Make rtapp/pagefault monitor depends on CONFIG_MMU Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Nipun Gupta (1): vfio/cdx: update driver to build without CONFIG_GENERIC_MSI_IRQ Ondrej Mosnacek (1): nbd: override creds to kernel when calling sock_{send,recv}msg() Patrisious Haddad (1): net/mlx5: Fix IPsec cleanup over MPV device Paul Walmsley (2): riscv: cpufeature: avoid uninitialized variable in has_thead_homogeneous_vlenb() riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Paulo Alcantara (1): smb: client: get rid of d_drop() in cifs_do_rename() Peter Robinson (1): arm64: dts: broadcom: bcm2712: Define VGIC interrupt Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Qiuxu Zhuo (1): mm: prevent poison consumption when splitting THP Rafael J. Wysocki (1): Revert "cpuidle: menu: Avoid discarding useful information" Ralf Lici (3): espintcp: use datagram_poll_queue for socket readiness net: datagram: introduce datagram_poll_queue for custom receive queues ovpn: use datagram_poll_queue for socket readiness in TCP Randy Dunlap (1): cgroup/misc: fix misc_res_type kernel-doc warning Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Robert Marko (1): net: phy: micrel: always set shared->phydev for LAN8814 Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection SeongJae Park (4): mm/damon/core: use damos_commit_quota_goal() for new goal commit mm/damon/core: fix list_add_tail() call on damon_call() mm/damon/sysfs: catch commit test ctx alloc failure mm/damon/sysfs: dealloc commit test ctx always Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (4): smb: client: queue post_recv_credits_work also if the peer raises the credit target smb: client: limit the range of info->receive_credit_target smb: client: make use of ib_wc_status_msg() and skip IB_WC_WR_FLUSH_ERR logging smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Sudeep Holla (1): firmware: arm_ffa: Add support for IMPDEF value in the memory access descriptor Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Ting-Chang Hou (1): btrfs: send: fix duplicated rmdir operations when using extrefs Tonghao Zhang (2): net: bonding: fix possible peer notify event loss or dup issue net: bonding: update the slave array for broadcast mode Viacheslav Dubeyko (5): hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Wang Liang (1): net/smc: fix general protection fault in __smc_diag_dump Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Breathitt Gray (3): gpio: pci-idio-16: Define maximum valid register address offset gpio: 104-idio-16: Define maximum valid register address offset gpio: idio-16: Define fixed direction of the GPIO lines Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xichao Zhao (1): exec: Fix incorrect type for ret Xin Long (1): selftests: net: fix server bind failure in sctp_vrf.sh Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yicong Yang (1): drivers/perf: hisi: Relax the event ID check in the framework tr1x_em (1): platform/x86: alienware-wmi-wmax: Add AWCC support to Dell G15 5530

2 days, 11 hours

1
1
0 0

Linux 6.12.56

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.56 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Makefile | 6 arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/mm/copypage.c | 9 arch/arm64/tools/sysreg | 4 arch/m68k/include/asm/bitops.h | 25 - arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 arch/powerpc/include/asm/pgtable.h | 12 arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/cpu.c | 4 arch/riscv/kernel/sys_hwprobe.c | 6 arch/s390/mm/pgalloc.c | 13 arch/x86/kernel/cpu/microcode/amd.c | 2 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 +++-- drivers/block/nbd.c | 15 drivers/bluetooth/btintel.c | 28 - drivers/bluetooth/btintel.h | 3 drivers/comedi/comedi_buf.c | 2 drivers/cpuidle/governors/menu.c | 21 drivers/firmware/arm_scmi/common.h | 24 - drivers/firmware/arm_scmi/driver.c | 47 -- drivers/gpio/gpio-104-idio-16.c | 1 drivers/gpio/gpio-ljca.c | 14 drivers/gpio/gpio-pci-idio-16.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 drivers/gpu/drm/drm_panic.c | 8 drivers/gpu/drm/panthor/panthor_mmu.c | 10 drivers/hwmon/sht3x.c | 27 - drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 drivers/net/bonding/bond_main.c | 40 - drivers/net/can/bxcan.c | 2 drivers/net/can/dev/netlink.c | 6 drivers/net/can/esd/esdacc.c | 2 drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 25 - drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 +++-- drivers/net/ethernet/renesas/ravb_main.c | 24 - drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/ethernet/ti/am65-cpts.c | 63 +- drivers/net/phy/micrel.c | 4 drivers/net/usb/rtl8150.c | 11 drivers/pci/pci.c | 6 drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 drivers/platform/x86/amd/hsmp.c | 5 drivers/ptp/ptp_ocp.c | 2 drivers/spi/spi-airoha-snfi.c | 280 +++++++----- drivers/spi/spi-nxp-fspi.c | 6 drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/8250/8250_mtk.c | 6 drivers/tty/serial/sc16is7xx.c | 7 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/xhci-dbgcap.c | 15 drivers/usb/serial/option.c | 10 drivers/usb/typec/tcpm/tcpm.c | 4 fs/btrfs/super.c | 8 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/gfs2/lock_dlm.c | 11 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 - fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 - fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 + fs/hfsplus/super.c | 25 - fs/notify/fdinfo.c | 6 fs/ocfs2/move_extents.c | 5 fs/smb/client/cifsglob.h | 2 fs/smb/server/transport_ipc.c | 8 fs/smb/server/transport_rdma.c | 11 fs/xfs/scrub/nlinks.c | 34 + fs/xfs/xfs_super.c | 33 - io_uring/fdinfo.c | 8 io_uring/filetable.c | 2 io_uring/sqpoll.c | 65 +- io_uring/sqpoll.h | 1 kernel/dma/debug.c | 5 kernel/power/energy_model.c | 58 +- kernel/sched/sched.h | 2 mm/huge_memory.c | 3 mm/migrate.c | 3 mm/slub.c | 23 net/core/rtnetlink.c | 3 net/sctp/inqueue.c | 13 net/smc/smc_inet.c | 13 net/vmw_vsock/af_vsock.c | 38 - tools/objtool/check.c | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 tools/testing/selftests/net/sctp_hello.c | 17 tools/testing/selftests/net/sctp_vrf.sh | 73 +-- 114 files changed, 1176 insertions(+), 688 deletions(-) Akash Goel (1): drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Aksh Garg (1): net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (1): sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (1): io_uring: correct __must_hold annotation in io_install_fixed_file Amery Hung (2): net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Andreas Gruenbacher (1): gfs2: Fix unlikely race in gdlm_put_lock Andrew Cooper (1): x86/microcode: Fix Entrysign revision check for Zen1/Naples Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (1): sched: Remove never used code in mm_cid_get() Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (2): firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode serial: 8250_dw: handle reset control deassert error Carolina Jubran (1): net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Catalin Marinas (1): arm64: mte: Do not warn if the page is already tagged in copy_highpage() Charlene Liu (1): drm/amd/display: increase max link count and fix link->enc NULL pointer access Christian Loehle (1): PM: EM: Fix late boot with holes in CPU topology Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Cristian Marussi (1): firmware: arm_scmi: Account for failed debug initialization Daniel Golle (1): serial: 8250_mtk: Enable baud clock and manage in runtime PM Darrick J. Wong (2): xfs: fix locking in xchk_nlinks_collect_dir xfs: always warn about deprecated mount options David Howells (1): cifs: Fix TCP_Server_Info::credits to be signed Deepanshu Kartikey (2): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dewei Meng (1): btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Fuad Tabba (1): arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 6.12.56 Guenter Roeck (1): hwmon: (sht3x) Fix error handling Han Xu (1): spi: spi-nxp-fspi: add extra delay after dll locked Hao Ge (2): slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts slab: Fix obj_ext mistakenly considered NULL due to race condition Haotian Zhang (1): gpio: ljca: Fix duplicated IRQ mapping Heiko Carstens (1): s390/mm: Use __GFP_ACCOUNT for user page table allocations Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Hugo Villeneuve (1): serial: sc16is7xx: remove useless enable of enhanced features Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jakub Acs (1): fs/notify: call exportfs_encode_fid with s_umount Jens Axboe (2): io_uring/sqpoll: switch away from getrusage() for CPU accounting io_uring/sqpoll: be smarter on when to update the stime usage Jianpeng Chang (1): net: enetc: fix the deadlock of enetc_mdio_lock Jiasheng Jiang (1): ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Jocelyn Falempe (2): drm/panic: Fix drawing the logo on a small narrow screen drm/panic: Fix qr_code, ensure vmargin is positive Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kees Cook (1): PCI: Test for bit underflow in pcie_set_readrq() Kiran K (1): Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP Krzysztof Kozlowski (1): arm64: dts: broadcom: bcm2712: Add default GIC address cells LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Linus Torvalds (1): Unbreak 'make tools/*' for user-space targets Lorenzo Bianconi (1): spi: airoha: do not keep {tx,rx} dma buffer always mapped Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (4): can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: netlink: can_changelink(): allow disabling of automatic restart Marek Szyprowski (1): dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Mathias Nyman (2): xhci: dbc: enable back DbC in resume if it was enabled before suspend xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported Michael Grzeschik (1): tcpm: switch check for role_sw device with fw_node Michal Pecio (1): net: usb: rtl8150: Fix frame padding Miguel Ojeda (1): objtool/rust: add one more `noreturn` Rust function Mikhail Kshevetskiy (4): spi: airoha: return an error for continuous mode dirmap creation cases spi: airoha: add support of dual/quad wires spi modes to exec_op() handler spi: airoha: switch back to non-dma mode in the case of error spi: airoha: fix reading/writing of flashes with more than one plane per lun Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Ondrej Mosnacek (1): nbd: override creds to kernel when calling sock_{send,recv}msg() Patrisious Haddad (1): net/mlx5: Fix IPsec cleanup over MPV device Paul Walmsley (1): riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Peter Robinson (1): arm64: dts: broadcom: bcm2712: Define VGIC interrupt Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Qiuxu Zhuo (1): mm: prevent poison consumption when splitting THP Rafael J. Wysocki (4): PM: EM: Drop unused parameter from em_adjust_new_capacity() PM: EM: Slightly reduce em_check_capacity_update() overhead PM: EM: Move CPU capacity check to em_adjust_new_capacity() Revert "cpuidle: menu: Avoid discarding useful information" Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Robert Marko (1): net: phy: micrel: always set shared->phydev for LAN8814 Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (1): smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Suma Hegde (1): platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (5): hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Wang Liang (1): net/smc: fix general protection fault in __smc_diag_dump Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Breathitt Gray (2): gpio: pci-idio-16: Define maximum valid register address offset gpio: 104-idio-16: Define maximum valid register address offset Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xichao Zhao (1): exec: Fix incorrect type for ret Xin Long (1): selftests: net: fix server bind failure in sctp_vrf.sh Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yicong Yang (1): drivers/perf: hisi: Relax the event ID check in the framework

2 days, 11 hours

1
1
0 0

Linux 6.6.115

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.115 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Makefile | 6 arch/arm64/include/asm/pgtable.h | 3 arch/m68k/include/asm/bitops.h | 25 - arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 arch/powerpc/include/asm/pgtable.h | 12 arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/cpu.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/cpu/resctrl/monitor.c | 8 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 ++++--- drivers/comedi/comedi_buf.c | 2 drivers/cpuidle/governors/menu.c | 21 - drivers/firmware/arm_scmi/common.h | 24 + drivers/firmware/arm_scmi/driver.c | 47 -- drivers/gpio/Kconfig | 4 drivers/gpio/gpio-104-idio-16.c | 1 drivers/gpio/gpio-ljca.c | 250 +++++++------ drivers/gpio/gpio-pci-idio-16.c | 1 drivers/hwmon/sht3x.c | 27 - drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 drivers/net/bonding/bond_main.c | 40 -- drivers/net/can/bxcan.c | 2 drivers/net/can/dev/netlink.c | 6 drivers/net/ethernet/amazon/ena/ena_netdev.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 27 + drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 2 drivers/net/ethernet/marvell/mvneta.c | 2 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 ++++-- drivers/net/ethernet/netronome/nfp/nfd3/xsk.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 24 + drivers/net/ethernet/sfc/efx_channels.c | 2 drivers/net/ethernet/sfc/siena/efx_channels.c | 2 drivers/net/ethernet/socionext/netsec.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/ethernet/ti/cpsw_priv.c | 2 drivers/net/usb/rtl8150.c | 11 drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 drivers/s390/cio/device.c | 37 + drivers/spi/spi-nxp-fspi.c | 6 drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/8250/8250_mtk.c | 6 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/serial/option.c | 10 drivers/usb/typec/tcpm/tcpm.c | 4 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 ++- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 + fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 -- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 ++ fs/hfsplus/super.c | 25 - fs/notify/fdinfo.c | 6 fs/ocfs2/move_extents.c | 5 fs/smb/client/cifsglob.h | 2 fs/smb/server/transport_ipc.c | 8 fs/smb/server/transport_rdma.c | 11 fs/xfs/xfs_super.c | 33 + io_uring/filetable.c | 2 kernel/dma/debug.c | 5 kernel/sched/sched.h | 2 net/core/rtnetlink.c | 3 net/sctp/inqueue.c | 13 net/vmw_vsock/af_vsock.c | 38 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 tools/testing/selftests/net/sctp_hello.c | 17 tools/testing/selftests/net/sctp_vrf.sh | 85 ++-- 99 files changed, 922 insertions(+), 603 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (1): sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (1): io_uring: correct __must_hold annotation in io_install_fixed_file Amery Hung (2): net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrew Cooper (1): x86/microcode: Fix Entrysign revision check for Zen1/Naples Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (1): sched: Remove never used code in mm_cid_get() Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (2): firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode serial: 8250_dw: handle reset control deassert error Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Carolina Jubran (1): net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Cristian Marussi (1): firmware: arm_scmi: Account for failed debug initialization Daniel Golle (1): serial: 8250_mtk: Enable baud clock and manage in runtime PM Darrick J. Wong (2): xfs: always warn about deprecated mount options fuse: fix livelock in synchronous file put from fuseblk workers David Howells (1): cifs: Fix TCP_Server_Info::credits to be signed Deepanshu Kartikey (2): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 6.6.115 Guenter Roeck (1): hwmon: (sht3x) Fix error handling Han Xu (1): spi: spi-nxp-fspi: add extra delay after dll locked Hangbin Liu (1): selftests/net: convert sctp_vrf.sh to run it in unique namespace Haotian Zhang (1): gpio: ljca: Fix duplicated IRQ mapping Haoyu Li (1): gpio: ljca: Initialize num before accessing item in ljca_gpio_config Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jakub Acs (1): fs/notify: call exportfs_encode_fid with s_umount Jianpeng Chang (1): net: enetc: fix the deadlock of enetc_mdio_lock Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Linus Torvalds (1): Unbreak 'make tools/*' for user-space targets Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (2): can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: netlink: can_changelink(): allow disabling of automatic restart Marek Szyprowski (1): dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported Michael Grzeschik (1): tcpm: switch check for role_sw device with fw_node Michal Pecio (1): net: usb: rtl8150: Fix frame padding Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Rafael J. Wysocki (1): Revert "cpuidle: menu: Avoid discarding useful information" Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sebastian Andrzej Siewior (1): net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (1): smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (5): hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Wentong Wu (1): gpio: update Intel LJCA USB GPIO driver William Breathitt Gray (2): gpio: pci-idio-16: Define maximum valid register address offset gpio: 104-idio-16: Define maximum valid register address offset Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xichao Zhao (1): exec: Fix incorrect type for ret Xin Long (1): selftests: net: fix server bind failure in sctp_vrf.sh Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yicong Yang (1): drivers/perf: hisi: Relax the event ID check in the framework

2 days, 11 hours

1
1
0 0

Linux 6.1.158

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.158 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/RCU/Design/Requirements/Requirements.rst | 2 Documentation/arm64/silicon-errata.rst | 2 Documentation/core-api/local_ops.rst | 2 Documentation/kernel-hacking/locking.rst | 17 Documentation/networking/seg6-sysctl.rst | 3 Documentation/timers/hrtimers.rst | 2 Documentation/translations/it_IT/kernel-hacking/locking.rst | 14 Documentation/translations/zh_CN/core-api/local_ops.rst | 2 Makefile | 2 arch/arm/mach-spear/time.c | 8 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/mte.c | 2 arch/m68k/include/asm/bitops.h | 25 arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 arch/powerpc/include/asm/pgtable.h | 12 arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/cpu.c | 4 arch/riscv/kernel/probes/kprobes.c | 13 arch/x86/kernel/cpu/resctrl/monitor.c | 8 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 +++-- drivers/base/power/runtime.c | 44 + drivers/bluetooth/hci_qca.c | 10 drivers/clocksource/arm_arch_timer.c | 12 drivers/clocksource/timer-sp804.c | 6 drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 +-- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 5 drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 8 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 - drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 drivers/net/bonding/bond_main.c | 40 - drivers/net/can/dev/netlink.c | 6 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 + drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 ++++++- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 24 drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/usb/lan78xx.c | 38 + drivers/net/usb/r8152.c | 7 drivers/net/usb/rtl8150.c | 11 drivers/pci/controller/cadence/pci-j721e.c | 64 ++ drivers/pci/controller/dwc/pcie-tegra194.c | 10 drivers/pci/pci-sysfs.c | 10 drivers/phy/cadence/cdns-dphy.c | 131 +++-- drivers/s390/cio/device.c | 37 - drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/function/f_acm.c | 42 - drivers/usb/gadget/function/f_ecm.c | 48 - drivers/usb/gadget/function/f_ncm.c | 78 +-- drivers/usb/gadget/function/f_rndis.c | 85 +-- drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/serial/option.c | 10 fs/btrfs/free-space-tree.c | 15 fs/btrfs/relocation.c | 13 fs/dax.c | 2 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/ext4/super.c | 17 fs/f2fs/data.c | 108 ++-- fs/f2fs/f2fs.h | 6 fs/f2fs/file.c | 16 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 +- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 - fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 - fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 + fs/hfsplus/super.c | 25 fs/hfsplus/unicode.c | 24 fs/jbd2/transaction.c | 13 fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 - fs/nfsd/nfs4xdr.c | 14 fs/nfsd/xdr4.h | 36 + fs/ocfs2/move_extents.c | 5 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 fs/smb/client/smb2ops.c | 8 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/server.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 9 fs/smb/server/transport_rdma.c | 11 fs/smb/server/transport_tcp.c | 69 +- fs/smb/server/transport_tcp.h | 1 fs/xfs/libxfs/xfs_log_format.h | 30 + fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 - fs/xfs/xfs_ondisk.h | 2 fs/xfs/xfs_super.c | 33 - include/linux/cpufreq.h | 3 include/linux/mm.h | 2 include/linux/pci.h | 14 include/linux/pm_runtime.h | 4 include/linux/timer.h | 2 include/linux/usb/gadget.h | 25 include/net/ip_tunnels.h | 15 include/trace/events/f2fs.h | 11 io_uring/filetable.c | 2 kernel/padata.c | 6 kernel/sched/fair.c | 38 - kernel/time/timer.c | 311 +++++++++--- net/core/rtnetlink.c | 3 net/ipv4/ip_tunnel.c | 14 net/ipv4/tcp_output.c | 19 net/ipv6/ip6_tunnel.c | 3 net/sctp/inqueue.c | 13 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 28 - net/vmw_vsock/af_vsock.c | 38 - rust/bindings/bindings_helper.h | 2 rust/bindings/lib.rs | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/codecs/nau8821.c | 53 +- sound/usb/card.c | 10 tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 tools/testing/selftests/vm/map_hugetlb.c | 7 175 files changed, 2091 insertions(+), 1070 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): drm/rockchip: vop2: use correct destination rectangle height check io_uring: correct __must_hold annotation in io_install_fixed_file Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (1): serial: 8250_dw: handle reset control deassert error Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Christoph Hellwig (5): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures f2fs: add a f2fs_get_block_locked helper f2fs: remove the create argument to f2fs_map_blocks f2fs: factor a f2fs_map_blocks_cached helper Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (2): fuse: fix livelock in synchronous file put from fuseblk workers xfs: always warn about deprecated mount options David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 6.1.158 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_rndis: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Leon Hwang (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (2): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: netlink: can_changelink(): allow disabling of automatic restart Marek Vasut (2): drm/rcar-du: dsi: Fix 1/2/3 lane support drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported Michal Pecio (1): net: usb: rtl8150: Fix frame padding Namjae Jeon (1): ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Rafael J. Wysocki (2): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sabrina Dubroca (4): tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Sean Nyekjaer (2): iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (1): smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Steven Rostedt (Google) (4): ARM: spear: Do not use timer namespace for timer_shutdown() function clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function timers: Update the documentation to reflect on the new timer_shutdown() API Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (1): crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Gleixner (8): Documentation: Remove bogus claim about del_timer_sync() timers: Replace BUG_ON()s Documentation: Replace del_timer/del_timer_sync() timers: Silently ignore timers with a NULL function timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode timers: Add shutdown mechanism to the internal functions timers: Provide timer_shutdown[_sync]() Bluetooth: hci_qca: Fix the teardown problem for real Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xichao Zhao (1): exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks

2 days, 11 hours

1
1
0 0

Linux 5.15.196

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.196 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/m68k/include/asm/bitops.h | 25 ++- arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 ++ arch/riscv/kernel/probes/kprobes.c | 13 + block/blk-crypto-fallback.c | 3 drivers/android/binder.c | 11 - drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 ++++++++++++-------- drivers/base/power/runtime.c | 44 ++++++ drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpuidle/governors/menu.c | 21 +-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 - drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 - drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++---------- drivers/hid/hid-multitouch.c | 27 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +---- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 - drivers/net/bonding/bond_main.c | 40 ++--- drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/usb/aqc111.c | 2 drivers/net/usb/lan78xx.c | 42 ++++-- drivers/net/usb/r8152.c | 9 + drivers/net/usb/rndis_host.c | 2 drivers/net/usb/rtl8150.c | 13 + drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 ++ drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++ drivers/pci/controller/dwc/pcie-designware-ep.c | 1 drivers/pci/controller/dwc/pcie-tegra194.c | 28 +++- drivers/pci/controller/pcie-rcar-host.c | 83 ++++++------ drivers/pci/pci-sysfs.c | 10 + drivers/s390/cio/device.c | 37 +++-- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/usb/core/quirks.c | 2 drivers/usb/gadget/function/f_acm.c | 42 ++---- drivers/usb/gadget/function/f_ncm.c | 78 ++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/host/xhci-dbgcap.c | 9 + drivers/usb/serial/option.c | 10 + fs/btrfs/relocation.c | 13 + fs/dax.c | 2 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 ++++++---- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 + fs/hfs/brec.c | 27 +++ fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 + fs/hfsplus/bnode.c | 41 ----- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 ++++++ fs/hfsplus/super.c | 25 ++- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 + fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 - fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 ++-- fs/nfsd/nfs4xdr.c | 14 -- fs/nfsd/xdr4.h | 36 +++++ fs/ocfs2/move_extents.c | 5 fs/splice.c | 31 ++++ fs/xfs/libxfs/xfs_log_format.h | 30 ++++ fs/xfs/xfs_log.c | 8 - fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 +++- fs/xfs/xfs_ondisk.h | 2 fs/xfs/xfs_super.c | 33 +++- include/linux/cpufreq.h | 3 include/linux/fs.h | 1 include/linux/net.h | 1 include/linux/netdevice.h | 9 + include/linux/pm_runtime.h | 4 include/linux/splice.h | 1 include/linux/usb/gadget.h | 25 +++ include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 9 + include/net/sock.h | 1 include/uapi/linux/netlink.h | 1 kernel/padata.c | 6 kernel/sched/fair.c | 38 ++--- net/core/rtnetlink.c | 81 ++++++++--- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 ++ net/ipv6/ip6_tunnel.c | 3 net/sctp/inqueue.c | 13 + net/socket.c | 10 + net/tls/tls_main.c | 7 - net/tls/tls_sw.c | 22 ++- net/vmw_vsock/af_vsock.c | 38 ++--- sound/firewire/amdtp-stream.h | 2 sound/usb/card.c | 10 + tools/perf/tests/perf-record.c | 4 128 files changed, 1304 insertions(+), 727 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Darrick J. Wong (2): fuse: fix livelock in synchronous file put from fuseblk workers xfs: always warn about deprecated mount options David Howells (1): splice, net: Add a splice_eof op to file-ops and socket-ops David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (1): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 5.15.196 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Kicinski (1): net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kuen-Han Tsai (4): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Ma Ke (1): media: lirc: Fix error handling in lirc_register() Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (1): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Marek Vasut (4): PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() PCI: rcar-host: Drop PMSR spinlock PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Michal Pecio (1): net: usb: rtl8150: Fix frame padding Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Niko Mauno (1): Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Nikolay Aleksandrov (6): net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Rafael J. Wysocki (2): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sabrina Dubroca (3): tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Sean Nyekjaer (2): iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended iio: imu: inv_icm42600: Simplify pm_runtime setup Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Thomas Fourier (1): crypto: rockchip - Fix dma_unmap_sg() nents value Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xichao Zhao (1): exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg keliu (1): media: rc: Directly use ida_free()

2 days, 11 hours

1
1
0 0

Linux 5.15.196

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.196 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/m68k/include/asm/bitops.h | 25 ++- arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 ++ arch/riscv/kernel/probes/kprobes.c | 13 + block/blk-crypto-fallback.c | 3 drivers/android/binder.c | 11 - drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 ++++++++++++-------- drivers/base/power/runtime.c | 44 ++++++ drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpuidle/governors/menu.c | 21 +-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 - drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 - drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++---------- drivers/hid/hid-multitouch.c | 27 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +---- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 - drivers/net/bonding/bond_main.c | 40 ++--- drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/usb/aqc111.c | 2 drivers/net/usb/lan78xx.c | 42 ++++-- drivers/net/usb/r8152.c | 9 + drivers/net/usb/rndis_host.c | 2 drivers/net/usb/rtl8150.c | 13 + drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 ++ drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++ drivers/pci/controller/dwc/pcie-designware-ep.c | 1 drivers/pci/controller/dwc/pcie-tegra194.c | 28 +++- drivers/pci/controller/pcie-rcar-host.c | 83 ++++++------ drivers/pci/pci-sysfs.c | 10 + drivers/s390/cio/device.c | 37 +++-- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/usb/core/quirks.c | 2 drivers/usb/gadget/function/f_acm.c | 42 ++---- drivers/usb/gadget/function/f_ncm.c | 78 ++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/host/xhci-dbgcap.c | 9 + drivers/usb/serial/option.c | 10 + fs/btrfs/relocation.c | 13 + fs/dax.c | 2 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 ++++++---- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 + fs/hfs/brec.c | 27 +++ fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 + fs/hfsplus/bnode.c | 41 ----- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 ++++++ fs/hfsplus/super.c | 25 ++- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 + fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 - fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 ++-- fs/nfsd/nfs4xdr.c | 14 -- fs/nfsd/xdr4.h | 36 +++++ fs/ocfs2/move_extents.c | 5 fs/splice.c | 31 ++++ fs/xfs/libxfs/xfs_log_format.h | 30 ++++ fs/xfs/xfs_log.c | 8 - fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 +++- fs/xfs/xfs_ondisk.h | 2 fs/xfs/xfs_super.c | 33 +++- include/linux/cpufreq.h | 3 include/linux/fs.h | 1 include/linux/net.h | 1 include/linux/netdevice.h | 9 + include/linux/pm_runtime.h | 4 include/linux/splice.h | 1 include/linux/usb/gadget.h | 25 +++ include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 9 + include/net/sock.h | 1 include/uapi/linux/netlink.h | 1 kernel/padata.c | 6 kernel/sched/fair.c | 38 ++--- net/core/rtnetlink.c | 81 ++++++++--- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 ++ net/ipv6/ip6_tunnel.c | 3 net/sctp/inqueue.c | 13 + net/socket.c | 10 + net/tls/tls_main.c | 7 - net/tls/tls_sw.c | 22 ++- net/vmw_vsock/af_vsock.c | 38 ++--- sound/firewire/amdtp-stream.h | 2 sound/usb/card.c | 10 + tools/perf/tests/perf-record.c | 4 128 files changed, 1304 insertions(+), 727 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Darrick J. Wong (2): fuse: fix livelock in synchronous file put from fuseblk workers xfs: always warn about deprecated mount options David Howells (1): splice, net: Add a splice_eof op to file-ops and socket-ops David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (1): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 5.15.196 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Kicinski (1): net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kuen-Han Tsai (4): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Ma Ke (1): media: lirc: Fix error handling in lirc_register() Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (1): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Marek Vasut (4): PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() PCI: rcar-host: Drop PMSR spinlock PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Michal Pecio (1): net: usb: rtl8150: Fix frame padding Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Niko Mauno (1): Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Nikolay Aleksandrov (6): net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Rafael J. Wysocki (2): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sabrina Dubroca (3): tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Sean Nyekjaer (2): iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended iio: imu: inv_icm42600: Simplify pm_runtime setup Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Thomas Fourier (1): crypto: rockchip - Fix dma_unmap_sg() nents value Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xichao Zhao (1): exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg keliu (1): media: rc: Directly use ida_free()

2 days, 11 hours

1
1
0 0

Linux 5.10.246

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.246 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-pci | 9 Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/arm64/silicon-errata.rst | 2 Documentation/trace/histogram-design.rst | 4 Makefile | 2 arch/arm/mach-omap2/pm33xx-core.c | 6 arch/arm/mm/pageattr.c | 6 arch/arm64/Kconfig | 1 arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/mte.c | 3 arch/m68k/include/asm/bitops.h | 25 arch/mips/mti-malta/malta-setup.c | 2 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/lib/M7memcpy.S | 20 arch/sparc/lib/Memcpy_utils.S | 9 arch/sparc/lib/NG4memcpy.S | 2 arch/sparc/lib/NGmemcpy.S | 29 - arch/sparc/lib/U1memcpy.S | 19 arch/sparc/lib/U3memcpy.S | 2 arch/sparc/mm/hugetlbpage.c | 20 arch/um/drivers/mconsole_user.c | 2 arch/x86/include/asm/segment.h | 8 arch/x86/kernel/umip.c | 15 arch/x86/kvm/emulate.c | 11 arch/x86/kvm/kvm_emulate.h | 2 arch/x86/kvm/x86.c | 9 arch/x86/mm/pgtable.c | 2 block/blk-crypto-fallback.c | 3 block/blk-mq-sysfs.c | 6 block/blk-settings.c | 3 crypto/essiv.c | 14 crypto/rng.c | 8 drivers/acpi/acpi_dbg.c | 26 drivers/acpi/acpi_tad.c | 3 drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 3 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/node.c | 4 drivers/base/power/main.c | 14 drivers/base/power/runtime.c | 44 + drivers/base/regmap/regmap.c | 2 drivers/bus/fsl-mc/fsl-mc-bus.c | 3 drivers/bus/mhi/host/init.c | 5 drivers/char/hw_random/ks-sa-rng.c | 4 drivers/char/tpm/tpm_tis_core.c | 4 drivers/clk/at91/clk-peripheral.c | 7 drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 drivers/clocksource/clps711x-timer.c | 23 drivers/cpufreq/intel_pstate.c | 8 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/atmel-tdes.c | 2 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/dma/ioat/dma.c | 12 drivers/edac/sb_edac.c | 4 drivers/edac/skx_common.h | 1 drivers/firmware/meson/meson_sm.c | 7 drivers/gpio/gpio-wcd934x.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/arm/display/include/malidp_utils.h | 2 drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c | 24 drivers/gpu/drm/drm_color_mgmt.c | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 - drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/radeon/evergreen_cs.c | 2 drivers/gpu/drm/radeon/r600_cs.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 drivers/hid/hid-mcp2221.c | 4 drivers/hid/hid-multitouch.c | 27 - drivers/hwmon/adt7475.c | 24 drivers/i2c/busses/i2c-designware-platdrv.c | 1 drivers/i2c/busses/i2c-mt65xx.c | 17 drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 39 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/iio/inkern.c | 2 drivers/infiniband/core/addr.c | 10 drivers/infiniband/core/cm.c | 4 drivers/infiniband/core/sa_query.c | 6 drivers/infiniband/sw/siw/siw_verbs.c | 25 drivers/input/misc/uinput.c | 1 drivers/input/touchscreen/atmel_mxt_ts.c | 2 drivers/input/touchscreen/cyttsp4_core.c | 2 drivers/mailbox/zynqmp-ipi-mailbox.c | 7 drivers/md/dm-integrity.c | 8 drivers/md/dm.c | 7 drivers/media/dvb-frontends/stv0367_priv.h | 3 drivers/media/i2c/mt9v111.c | 2 drivers/media/i2c/rj54n1cb0c.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/mc/mc-devnode.c | 6 drivers/media/pci/b2c2/flexcop-pci.c | 2 drivers/media/pci/cx18/cx18-queue.c | 12 drivers/media/pci/ivtv/ivtv-driver.c | 2 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-queue.c | 18 drivers/media/pci/ivtv/ivtv-streams.c | 22 drivers/media/pci/ivtv/ivtv-udma.c | 27 - drivers/media/pci/ivtv/ivtv-yuv.c | 24 drivers/media/pci/ivtv/ivtvfb.c | 6 drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 - drivers/media/rc/imon.c | 27 - drivers/media/rc/lirc_dev.c | 15 drivers/media/rc/rc-main.c | 6 drivers/media/tuners/xc5000.c | 41 - drivers/memory/samsung/exynos-srom.c | 10 drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/mfd/vexpress-sysreg.c | 6 drivers/misc/genwqe/card_ddcb.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/sdio.c | 6 drivers/most/most_usb.c | 13 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/net/bonding/bond_main.c | 40 - drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 drivers/net/ethernet/dlink/dl2k.c | 30 - drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/fjes/fjes_main.c | 4 drivers/net/usb/aqc111.c | 2 drivers/net/usb/lan78xx.c | 42 + drivers/net/usb/r8152.c | 2 drivers/net/usb/rndis_host.c | 2 drivers/net/usb/rtl8150.c | 15 drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2400pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2500pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 8 drivers/net/wireless/ralink/rt2x00/rt2500usb.h | 2 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 36 - drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 8 drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 drivers/nfc/pn544/i2c.c | 2 drivers/pci/controller/cadence/pci-j721e.c | 25 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/dwc/pcie-tegra194.c | 22 drivers/pci/controller/pci-tegra.c | 2 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/pci/pci-label.c | 10 drivers/pci/pci-sysfs.c | 98 ++- drivers/pci/pcie/aer.c | 12 drivers/pci/pcie/err.c | 8 drivers/perf/arm_spe_pmu.c | 3 drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 drivers/pinctrl/pinmux.c | 2 drivers/pinctrl/renesas/pinctrl.c | 3 drivers/platform/x86/sony-laptop.c | 1 drivers/pps/kapi.c | 5 drivers/pps/pps.c | 5 drivers/pwm/pwm-berlin.c | 4 drivers/pwm/pwm-tiehrpwm.c | 4 drivers/remoteproc/qcom_q6v5.c | 3 drivers/rtc/interface.c | 27 + drivers/rtc/rtc-x1205.c | 2 drivers/scsi/hpsa.c | 21 drivers/scsi/isci/init.c | 6 drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 drivers/scsi/mvsas/mv_defs.h | 1 drivers/scsi/mvsas/mv_init.c | 13 drivers/scsi/mvsas/mv_sas.c | 42 - drivers/scsi/mvsas/mv_sas.h | 8 drivers/scsi/myrs.c | 8 drivers/scsi/pm8001/pm8001_sas.c | 9 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/spi/spi-cadence-quadspi.c | 5 drivers/staging/axis-fifo/axis-fifo.c | 32 - drivers/staging/comedi/comedi_buf.c | 2 drivers/staging/media/atomisp/pci/hive_isp_css_include/math_support.h | 5 drivers/target/target_core_configfs.c | 2 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/Kconfig | 2 drivers/tty/serial/max310x.c | 2 drivers/uio/uio_hv_generic.c | 7 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/configfs.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/max3421-hcd.c | 2 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/phy/phy-twl6030-usb.c | 3 drivers/usb/serial/option.c | 16 drivers/usb/usbip/vhci_hcd.c | 22 drivers/watchdog/mpc8xxx_wdt.c | 2 drivers/xen/events/events_base.c | 20 drivers/xen/manage.c | 3 fs/btrfs/ctree.h | 2 fs/btrfs/export.c | 8 fs/btrfs/extent_io.c | 1 fs/btrfs/file-item.c | 1 fs/btrfs/misc.h | 2 fs/btrfs/raid56.c | 1 fs/btrfs/tree-checker.c | 2 fs/cramfs/inode.c | 11 fs/dax.c | 54 +- fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/erofs/zdata.h | 2 fs/exec.c | 2 fs/ext2/balloc.c | 2 fs/ext4/ext4.h | 2 fs/ext4/fsmap.c | 14 fs/ext4/inode.c | 18 fs/ext4/super.c | 10 fs/ext4/xattr.c | 15 fs/file.c | 5 fs/fsopen.c | 70 +- fs/fuse/file.c | 8 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 - fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 - fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 + fs/hfsplus/super.c | 25 fs/hfsplus/unicode.c | 24 fs/iomap/apply.c | 74 ++ fs/iomap/trace.h | 37 + fs/jbd2/transaction.c | 13 fs/minix/inode.c | 8 fs/namei.c | 8 fs/namespace.c | 11 fs/nfs/nfs4proc.c | 2 fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/lockd.c | 15 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 - fs/nfsd/nfs4xdr.c | 14 fs/nfsd/xdr4.h | 36 + fs/ocfs2/move_extents.c | 5 fs/ocfs2/stack_user.c | 1 fs/squashfs/inode.c | 31 + fs/squashfs/squashfs_fs_i.h | 2 fs/udf/inode.c | 12 fs/ufs/util.h | 6 include/linux/cleanup.h | 171 ++++++ include/linux/compiler-clang.h | 9 include/linux/compiler.h | 15 include/linux/compiler_attributes.h | 6 include/linux/device.h | 10 include/linux/file.h | 6 include/linux/iio/frequency/adf4350.h | 2 include/linux/iomap.h | 56 ++ include/linux/irqflags.h | 7 include/linux/minmax.h | 267 +++++++--- include/linux/mutex.h | 4 include/linux/netdevice.h | 9 include/linux/overflow.h | 1 include/linux/percpu.h | 4 include/linux/pm_runtime.h | 4 include/linux/preempt.h | 5 include/linux/rcupdate.h | 3 include/linux/rwsem.h | 9 include/linux/sched/task.h | 2 include/linux/slab.h | 3 include/linux/spinlock.h | 32 + include/linux/srcu.h | 5 include/linux/trace_events.h | 2 include/net/ip_tunnels.h | 15 include/net/rtnetlink.h | 16 include/scsi/libsas.h | 18 include/trace/events/filelock.h | 3 include/uapi/linux/netlink.h | 1 init/main.c | 14 kernel/fork.c | 2 kernel/padata.c | 6 kernel/pid.c | 2 kernel/sched/fair.c | 38 - kernel/trace/preemptirq_delay_test.c | 2 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 12 lib/btree.c | 1 lib/crypto/Makefile | 4 lib/decompress_unlzma.c | 2 lib/genalloc.c | 5 lib/logic_pio.c | 3 lib/vsprintf.c | 2 lib/zstd/zstd_internal.h | 2 mm/hugetlb.c | 2 mm/zsmalloc.c | 1 net/9p/trans_fd.c | 8 net/bluetooth/mgmt.c | 10 net/core/filter.c | 18 net/core/rtnetlink.c | 87 ++- net/ipv4/ip_tunnel.c | 14 net/ipv4/proc.c | 2 net/ipv4/tcp.c | 9 net/ipv4/tcp_input.c | 1 net/ipv4/tcp_output.c | 19 net/ipv4/udp.c | 16 net/ipv6/ip6_tunnel.c | 3 net/ipv6/proc.c | 2 net/netfilter/ipset/ip_set_hash_gen.h | 8 net/netfilter/ipvs/ip_vs_ftp.c | 4 net/netfilter/nf_nat_core.c | 6 net/sctp/inqueue.c | 13 net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 net/tipc/core.h | 2 net/tipc/link.c | 10 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 13 net/vmw_vsock/af_vsock.c | 38 - scripts/checkpatch.pl | 2 security/keys/trusted-keys/trusted_tpm1.c | 7 sound/firewire/amdtp-stream.h | 2 sound/pci/lx6464es/lx_core.c | 4 sound/soc/codecs/wcd934x.c | 30 - sound/soc/intel/boards/bytcht_es8316.c | 20 sound/soc/intel/boards/bytcr_rt5640.c | 7 sound/soc/intel/boards/bytcr_rt5651.c | 26 tools/build/feature/Makefile | 4 tools/lib/bpf/libbpf.c | 10 tools/lib/perf/include/perf/event.h | 1 tools/lib/subcmd/help.c | 3 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/zlib.c | 2 tools/testing/selftests/arm64/pauth/exec_target.c | 7 tools/testing/selftests/rseq/rseq.c | 8 tools/testing/selftests/watchdog/watchdog-test.c | 6 372 files changed, 2798 insertions(+), 1320 deletions(-) Abdun Nihaal (1): wifi: mt76: fix potential memory leak in mt76_wmac_probe() Adam Xue (1): bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Akhilesh Patil (1): selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Aleksa Sarai (1): fscontext: do not consume log entries when returning -EMSGSIZE Alex Deucher (1): drm/amdgpu: Add additional DCE6 SCL registers Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (4): gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type minmax: deduplicate __unconst_integer_typeof() minmax: fix header inclusions AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible Anthony Iliopoulos (1): NFSv4.1: fix backchannel max_resp_sz verification check Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Arnaud Lecomte (1): hid: fix I2C read buffer overflow in raw_event() for mcp2221 Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Askar Safin (1): openat2: don't trigger automounts with RESOLVE_NO_XDEV Bagas Sanjaya (1): Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Bala-Vignesh-Reddy (1): selftests: arm64: Check fread return value in exec_target Barry Song (1): sched/fair: Trivial correction of the newidle_balance() comment Bart Van Assche (1): overflow, tracing: Define the is_signed_type() macro once Bartosz Golaszewski (3): mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() pinctrl: check the return value of pinmux_ops::get_function_name() gpio: wcd934x: mark the GPIO controller as sleeping Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Bernard Metzler (1): RDMA/siw: Always report immediate post SQ errors Bitterblue Smith (1): wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Brahmajit Das (1): drm/radeon/r600_cs: clean up of dead code in r600_cs Brian Masney (2): clk: at91: peripheral: fix return value clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Christoph Hellwig (2): iomap: add the new iomap_iter model fsdax: switch dax_iomap_rw to use iomap_iter Christophe JAILLET (1): media: pci/ivtv: switch from 'pci_' to 'dma_' API Christophe Leroy (1): watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Colin Ian King (2): misc: genwqe: Fix incorrect cmd field being reported in error ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Cristian Ciocaltea (1): usb: vhci-hcd: Prevent suspending virtually attached devices Da Xue (1): pinctrl: meson-gxl: add missing i2c_d pinmux Dan Carpenter (5): usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup serial: max310x: Add error checking in probe() ocfs2: fix double free in user_cluster_connect() net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() mm/slab: make __free(kfree) accept error pointers Daniel Borkmann (1): bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Darrick J. Wong (1): fuse: fix livelock in synchronous file put from fuseblk workers David Laight (11): minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: fix indentation of __cmp_once() and __clamp_once() minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Donet Tom (2): drivers/base/node: handle error properly in register_one_node() drivers/base/node: fix double free in register_one_node() Duoming Zhou (4): media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove media: tuner: xc5000: Fix use-after-free in xc5000_release media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): sctp: Fix MAC comparison to be constant-time KEYS: trusted_tpm1: Compare HMAC values in constant time Eric Dumazet (2): tcp: fix __tcp_close() to only send RST when required tcp: fix tcp_tso_should_defer() vs large RTT Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (2): regmap: Remove superfluous check for !config in __regmap_init() m68k: bitops: Fix find_*_bit() signatures Gianfranco Trad (1): udf: fix uninit-value use in udf_get_fileshortad Greg Kroah-Hartman (1): Linux 5.10.246 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans de Goede (3): iio: consumers: Fix offset handling in iio_convert_raw_to_processed() mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Harini T (2): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Herbert Xu (2): crypto: rng - Ensure set_ent is always present crypto: essiv - Check ssize for decryption and in-place encryption Herve Codina (1): minmax: Introduce {min,max}_array() Huacai Chen (1): init: handle bootloader identifier in kernel parameters Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Huisong Li (1): ACPI: processor: idle: Fix memory leak when register cpuidle device failed Håkon Bugge (1): RDMA/cm: Rate limit destroy CM ID timeout error message I Viswanath (2): net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ian Forbes (1): drm/vmwgfx: Fix Use-after-free in validation Ian Rogers (1): libperf event: Ensure tracing data is multiple of 8 sized Igor Artemiev (1): drm/amd/display: Fix potential null dereference Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jakub Kicinski (2): Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jason A. Donenfeld (3): minmax: sanity check constant bounds when clamping minmax: clamp more efficiently by avoiding extra comparison wifi: rt2x00: use explicitly signed or unsigned types Jason Andryuk (2): xen/events: Cleanup find_virq() return codes xen/events: Update virq_to_irq on migration Jeff Layton (1): filelock: add FL_RECLAIM to show_fl_flags() macro Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (2): firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() Johannes Thumshirn (1): btrfs: remove duplicated in_range() macro Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace John Garry (3): scsi: libsas: Add sas_task_find_rq() scsi: mvsas: Delete mvs_tag_init() scsi: mvsas: Use sas_task_find_rq() for tagging Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: remove ctx->suspended Kohei Enju (2): nfp: fix RSS hash key size when RSS is not supported net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Krzysztof Kozlowski (1): ASoC: codecs: wcd934x: Simplify with dev_err_probe Krzysztof Wilczyński (1): PCI/sysfs: Use sysfs_emit() and sysfs_emit_at() in "show" functions Kunihiko Hayashi (1): i2c: designware: Add disabling clocks when probe fails Kuniyuki Iwashima (2): udp: Fix memory accounting leak. tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Larshin Sergey (2): media: rc: fix races with imon_disconnect() fs: udf: fix OOB read in lengthAllocDescs handling Leilk.Liu (1): i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Leo Yan (3): perf: arm_spe: Prevent overflow in PERF_IDX2OFF() perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf Li Jinlin (1): fsdax: Fix infinite loop in dax_iomap_rw() Li Nan (1): blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Linus Torvalds (8): minmax: avoid overly complicated constant expressions in VM code minmax: add a few more MIN_T/MAX_T users minmax: simplify and clarify min_t()/max_t() implementation minmax: make generic MIN() and MAX() macros available everywhere minmax: don't use max() in situations that want a C constant expression minmax: simplify min()/max()/clamp() implementation minmax: improve macro expansion and type checking minmax: fix up min3() and max3() too Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO Lukas Wunner (3): xen/manage: Fix suspend error path PCI/ERR: Fix uevent on failure to recover PCI/AER: Support errors introduced by PCIe r6.0 Ma Ke (3): sparc: fix error handling in scan_one_device() ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() media: lirc: Fix error handling in lirc_register() Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marek Vasut (1): Input: atmel_mxt_ts - allow reset GPIO to sleep Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Matthew Wilcox (Oracle) (1): minmax: add in_range() macro Maximilian Luz (1): PCI: Add sysfs attribute for device power state Miaoqian Lin (1): ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Karcher (5): sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara sparc: fix accurate exception reporting in copy_to_user for Niagara 4 sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michal Pecio (1): net: usb: rtl8150: Fix frame padding Mikhail Kobuk (1): media: pci: ivtv: Add check for DMA map result Mikulas Patocka (1): dm-integrity: limit MAX_TAG_SIZE to 255 Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nalivayko Sergey (1): net/9p: fix double req put in p9_fd_cancelled Naman Jain (1): uio_hv_generic: Let userspace take care of interrupt mask Nathan Chancellor (1): lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Niklas Cassel (2): scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Nikolay Aleksandrov (7): net: rtnetlink: add msg kind names net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nishanth Menon (1): hwrng: ks-sa - fix division by zero in ks_sa_rng_init Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Olga Kornievskaia (1): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Ovidiu Panait (2): staging: axis-fifo: fix maximum TX packet length check staging: axis-fifo: flush RX FIFO on read errors Parav Pandit (1): RDMA/core: Resolve MAC of next-hop device without ARP support Paul Chaignon (1): bpf: Explicitly check accesses to bpf_sock_addr Peter Zijlstra (1): locking: Introduce __cleanup() based infrastructure Phillip Lougher (3): Squashfs: fix uninit-value in squashfs_get_parent Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (6): block: use int to store blk_stack_limits() return value pinctrl: renesas: Use int type to store negative error codes ALSA: lx_core: use int type to store negative error codes media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Rafael J. Wysocki (4): driver core/PM: Set power.no_callbacks along with power.no_pm PM: sleep: core: Clear power.must_resume in noirq suspend error path cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Ranjan Kumar (1): scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Raphael Gallais-Pou (1): serial: stm32: allow selecting console when the driver is module Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Rex Chen (1): mmc: core: SPI mode remove cmd7 Ricardo Ribalda (1): media: tunner: xc5000: Refactor firmware load Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Roman Li (1): drm/amd/display: Remove redundant safeguards for dmub-srv destroy() Sabrina Dubroca (2): tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Salah Triki (1): bus: fsl-mc: Check return value of platform_get_resource() Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Sean Christopherson (4): rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Sean Nyekjaer (3): iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended iio: imu: inv_icm42600: Simplify pm_runtime setup Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Siddharth Vadapalli (2): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Slavin Liu (1): ipvs: Defer ip_vs_ftp unregister during netns cleanup Sneh Mankad (1): soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Stefan Kerkmann (1): wifi: mwifiex: send world regulatory domain to driver Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Stephan Gerhold (3): remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice arm64: dts: qcom: msm8916: Add missing MDSS reset arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Takashi Iwai (3): ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Tetsuo Handa (2): minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (5): scsi: myrs: Fix dma_alloc_coherent() error check crypto: atmel - Fix dma_unmap_sg() direction media: pci: ivtv: Add missing check after DMA map media: cx18: Add missing check after DMA map crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Weißschuh (1): fs: always return zero on success from replace_fd() Thorsten Blum (2): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (5): drm/amdgpu: Power up UVD 3 for FW validation (v2) drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 drm/amd/display: Properly disable scaling on DCE6 drm/amd/powerplay: Fix CIK shutdown temperature Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Uros Bizjak (1): x86/vdso: Fix output operand size of RDPID Uwe Kleine-König (1): pwm: tiehrpwm: Fix corner case in clock divisor calculation Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vlad Dumitrescu (1): IB/sa: Fix sa_local_svc_timeout_ms read race Wang Haoran (1): scsi: target: target_core_configfs: Add length check to avoid buffer overflow Wang Liang (1): pps: fix warning in pps_register_cdev when register device fail Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Wu (1): usb: gadget: configfs: Correctly set use_os_string at bind Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xiaowei Li (1): USB: serial: option: add SIMCom 8230C compositions Xichao Zhao (2): usb: phy: twl6030: Fix incorrect type for ret exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yang Shi (1): mm: hugetlb: avoid soft lockup when mprotect to large memory area Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (2): net: dlink: handle copy_thresh allocation failure net: dlink: handle dma_map_single() failure properly Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Yureka Lilian (1): libbpf: Fix reuse of DEVMAP Zhang Shurong (1): media: rj54n1cb0c: Fix memleak in rj54n1_probe() Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhen Ni (4): netfilter: ipset: Remove unused htable_bits in macro ahash_region Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Zheng Qixing (1): dm: fix NULL pointer dereference in __dm_suspend() Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns hupu (1): perf subcmd: avoid crash in exclude_cmds when excludes is empty keliu (1): media: rc: Directly use ida_free()

2 days, 11 hours

1
1
0 0

Linux 5.4.301

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.301 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/arm64/silicon-errata.rst | 2 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/m68k/include/asm/bitops.h | 25 + arch/mips/mti-malta/malta-setup.c | 2 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/lib/M7memcpy.S | 20 - arch/sparc/lib/Memcpy_utils.S | 9 arch/sparc/lib/NG4memcpy.S | 2 arch/sparc/lib/NGmemcpy.S | 29 +- arch/sparc/lib/U1memcpy.S | 19 - arch/sparc/lib/U3memcpy.S | 2 arch/sparc/mm/hugetlbpage.c | 20 + arch/x86/include/asm/kvm_emulate.h | 2 arch/x86/include/asm/segment.h | 8 arch/x86/kernel/umip.c | 15 + arch/x86/kvm/emulate.c | 10 arch/x86/kvm/x86.c | 9 block/blk-mq-sysfs.c | 6 block/blk-settings.c | 3 crypto/essiv.c | 14 - drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 drivers/acpi/processor_idle.c | 3 drivers/android/binder.c | 11 drivers/base/node.c | 4 drivers/base/regmap/regmap.c | 2 drivers/char/tpm/tpm_tis_core.c | 24 + drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 - drivers/clocksource/clps711x-timer.c | 23 + drivers/cpufreq/intel_pstate.c | 8 drivers/cpuidle/governors/menu.c | 21 - drivers/crypto/atmel-tdes.c | 2 drivers/firmware/meson/meson_sm.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 -- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/radeon/r600_cs.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 drivers/i2c/busses/i2c-designware-platdrv.c | 1 drivers/i2c/busses/i2c-mt65xx.c | 17 - drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 + drivers/iio/inkern.c | 2 drivers/infiniband/core/addr.c | 10 drivers/infiniband/core/sa_query.c | 6 drivers/infiniband/sw/siw/siw_verbs.c | 25 + drivers/input/misc/uinput.c | 1 drivers/mailbox/zynqmp-ipi-mailbox.c | 7 drivers/md/dm-integrity.c | 2 drivers/md/dm.c | 7 drivers/media/i2c/mt9v111.c | 2 drivers/media/i2c/rj54n1cb0c.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/mc/mc-devnode.c | 6 drivers/media/pci/b2c2/flexcop-pci.c | 2 drivers/media/pci/cx18/cx18-queue.c | 12 drivers/media/pci/ivtv/ivtv-driver.c | 2 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-queue.c | 18 - drivers/media/pci/ivtv/ivtv-streams.c | 22 - drivers/media/pci/ivtv/ivtv-udma.c | 19 - drivers/media/pci/ivtv/ivtv-yuv.c | 18 + drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +- drivers/media/rc/imon.c | 189 +++++++++------ drivers/media/rc/lirc_dev.c | 15 - drivers/media/rc/rc-main.c | 6 drivers/media/tuners/xc5000.c | 41 +-- drivers/memory/samsung/exynos-srom.c | 32 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/mfd/vexpress-sysreg.c | 6 drivers/misc/genwqe/card_ddcb.c | 2 drivers/mmc/core/sdio.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/mtd/spi-nor/cadence-quadspi.c | 5 drivers/net/bonding/bond_main.c | 40 +-- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 99 ++++--- drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 - drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 8 drivers/net/usb/rtl8150.c | 13 - drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/pci-tegra.c | 2 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/perf/arm_spe_pmu.c | 3 drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 drivers/pinctrl/pinmux.c | 2 drivers/pps/kapi.c | 5 drivers/pps/pps.c | 5 drivers/pwm/pwm-berlin.c | 4 drivers/pwm/pwm-tiehrpwm.c | 4 drivers/remoteproc/qcom_q6v5.c | 3 drivers/rtc/interface.c | 27 ++ drivers/rtc/rtc-x1205.c | 2 drivers/scsi/hpsa.c | 21 - drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 drivers/scsi/mvsas/mv_defs.h | 1 drivers/scsi/mvsas/mv_init.c | 13 - drivers/scsi/mvsas/mv_sas.c | 42 +-- drivers/scsi/mvsas/mv_sas.h | 8 drivers/scsi/myrs.c | 8 drivers/scsi/pm8001/pm8001_sas.c | 9 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/staging/axis-fifo/axis-fifo.c | 32 +- drivers/staging/comedi/comedi_buf.c | 2 drivers/target/target_core_configfs.c | 2 drivers/tty/serial/max310x.c | 2 drivers/uio/uio_hv_generic.c | 7 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/configfs.c | 2 drivers/usb/host/max3421-hcd.c | 2 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/phy/phy-twl6030-usb.c | 3 drivers/usb/serial/option.c | 16 + drivers/usb/usbip/vhci_hcd.c | 22 + drivers/watchdog/mpc8xxx_wdt.c | 2 drivers/xen/events/events_base.c | 25 + drivers/xen/manage.c | 3 fs/btrfs/export.c | 8 fs/cramfs/inode.c | 11 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/fsmap.c | 14 - fs/ext4/inode.c | 18 + fs/ext4/super.c | 10 fs/ext4/xattr.c | 15 - fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 +- fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 --- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 +++ fs/hfsplus/super.c | 25 + fs/hfsplus/unicode.c | 24 + fs/jbd2/transaction.c | 13 - fs/minix/inode.c | 8 fs/namespace.c | 11 fs/nfs/nfs4proc.c | 2 fs/nfsd/blocklayout.c | 5 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/lockd.c | 15 + fs/nfsd/nfs4proc.c | 34 +- fs/ocfs2/move_extents.c | 5 fs/ocfs2/stack_user.c | 1 fs/squashfs/inode.c | 31 ++ fs/squashfs/squashfs_fs_i.h | 2 fs/udf/inode.c | 3 include/linux/device.h | 3 include/linux/iio/frequency/adf4350.h | 2 include/linux/netdevice.h | 9 include/net/ip_tunnels.h | 15 + include/net/rtnetlink.h | 16 + include/scsi/libsas.h | 18 + include/uapi/linux/netlink.h | 1 kernel/padata.c | 6 kernel/pid.c | 2 kernel/sched/fair.c | 38 +-- kernel/sched/sched.h | 4 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 12 lib/genalloc.c | 5 mm/hugetlb.c | 2 net/9p/trans_fd.c | 8 net/core/filter.c | 16 - net/core/rtnetlink.c | 89 ++++--- net/ipv4/ip_tunnel.c | 14 - net/ipv4/tcp.c | 9 net/ipv4/tcp_input.c | 1 net/ipv4/tcp_output.c | 19 + net/ipv4/udp.c | 16 - net/ipv6/ip6_tunnel.c | 3 net/netfilter/ipset/ip_set_hash_gen.h | 8 net/netfilter/ipvs/ip_vs_ftp.c | 4 net/sctp/inqueue.c | 13 - net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 13 + security/keys/trusted.c | 7 sound/firewire/amdtp-stream.h | 2 sound/pci/lx6464es/lx_core.c | 4 sound/soc/intel/boards/bytcht_es8316.c | 20 + sound/soc/intel/boards/bytcr_rt5640.c | 7 sound/soc/intel/boards/bytcr_rt5651.c | 26 +- tools/build/feature/Makefile | 4 tools/lib/subcmd/help.c | 3 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/zlib.c | 2 tools/testing/selftests/rseq/rseq.c | 8 tools/testing/selftests/watchdog/watchdog-test.c | 6 216 files changed, 1509 insertions(+), 919 deletions(-) Abdun Nihaal (1): wifi: mt76: fix potential memory leak in mt76_wmac_probe() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Akhilesh Patil (1): selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andy Shevchenko (1): mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Anthony Iliopoulos (1): NFSv4.1: fix backchannel max_resp_sz verification check Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Barry Song (1): sched/fair: Trivial correction of the newidle_balance() comment Bartosz Golaszewski (2): pinctrl: check the return value of pinmux_ops::get_function_name() mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Bernard Metzler (1): RDMA/siw: Always report immediate post SQ errors Bitterblue Smith (1): wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Brahmajit Das (1): drm/radeon/r600_cs: clean up of dead code in r600_cs Brian Masney (1): clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Chen Yu (1): sched: Make newidle_balance() static again Christophe JAILLET (2): media: pci/ivtv: switch from 'pci_' to 'dma_' API net: dl2k: switch from 'pci_' to 'dma_' API Christophe Leroy (1): watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Colin Ian King (2): misc: genwqe: Fix incorrect cmd field being reported in error net: rtnetlink: remove redundant assignment to variable err Cristian Ciocaltea (1): usb: vhci-hcd: Prevent suspending virtually attached devices Da Xue (1): pinctrl: meson-gxl: add missing i2c_d pinmux Dan Carpenter (4): usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup serial: max310x: Add error checking in probe() ocfs2: fix double free in user_cluster_connect() net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Deepanshu Kartikey (3): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() ext4: detect invalid INLINE_DATA + EXTENTS flag combination Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Donet Tom (2): drivers/base/node: handle error properly in register_one_node() drivers/base/node: fix double free in register_one_node() Duoming Zhou (4): media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove media: tuner: xc5000: Fix use-after-free in xc5000_release media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): sctp: Fix MAC comparison to be constant-time KEYS: trusted_tpm1: Compare HMAC values in constant time Eric Dumazet (2): tcp: fix __tcp_close() to only send RST when required tcp: fix tcp_tso_should_defer() vs large RTT Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Flavius Georgescu (1): media: rc: Add support for another iMON 0xffdc device Geert Uytterhoeven (2): regmap: Remove superfluous check for !config in __regmap_init() m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 5.4.301 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans de Goede (3): iio: consumers: Fix offset handling in iio_convert_raw_to_processed() mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Harini T (2): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Herbert Xu (1): crypto: essiv - Check ssize for decryption and in-place encryption Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Huisong Li (1): ACPI: processor: idle: Fix memory leak when register cpuidle device failed I Viswanath (1): net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Ian Forbes (1): drm/vmwgfx: Fix Use-after-free in validation Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Jakub Kicinski (1): Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jason Andryuk (2): xen/events: Cleanup find_virq() return codes xen/events: Update virq_to_irq on migration Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (2): firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace John Garry (3): scsi: libsas: Add sas_task_find_rq() scsi: mvsas: Delete mvs_tag_init() scsi: mvsas: Use sas_task_find_rq() for tagging Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: remove ctx->suspended Kohei Enju (2): nfp: fix RSS hash key size when RSS is not supported net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Krzysztof Kozlowski (1): memory: samsung: exynos-srom: Correct alignment Kunihiko Hayashi (1): i2c: designware: Add disabling clocks when probe fails Kuniyuki Iwashima (2): udp: Fix memory accounting leak. tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Larshin Sergey (2): media: rc: fix races with imon_disconnect() fs: udf: fix OOB read in lengthAllocDescs handling Leilk.Liu (1): i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Leo Yan (3): perf: arm_spe: Prevent overflow in PERF_IDX2OFF() perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf Li Nan (1): blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Lino Sanfilippo (1): tpm, tpm_tis: Claim locality before writing interrupt registers Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Lukas Wunner (1): xen/manage: Fix suspend error path Ma Ke (2): sparc: fix error handling in scan_one_device() media: lirc: Fix error handling in lirc_register() Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Karcher (5): sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara sparc: fix accurate exception reporting in copy_to_user for Niagara 4 sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michal Pecio (1): net: usb: rtl8150: Fix frame padding Mikulas Patocka (1): dm-integrity: limit MAX_TAG_SIZE to 255 Nalivayko Sergey (1): net/9p: fix double req put in p9_fd_cancelled Naman Jain (1): uio_hv_generic: Let userspace take care of interrupt mask Niklas Cassel (1): scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Nikolay Aleksandrov (7): net: rtnetlink: add msg kind names net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Olga Kornievskaia (1): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Ovidiu Panait (2): staging: axis-fifo: fix maximum TX packet length check staging: axis-fifo: flush RX FIFO on read errors Parav Pandit (1): RDMA/core: Resolve MAC of next-hop device without ARP support Paul Chaignon (1): bpf: Explicitly check accesses to bpf_sock_addr Phillip Lougher (3): Squashfs: fix uninit-value in squashfs_get_parent Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (5): block: use int to store blk_stack_limits() return value ALSA: lx_core: use int type to store negative error codes media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Rafael J. Wysocki (3): driver core/PM: Set power.no_callbacks along with power.no_pm cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Ranjan Kumar (1): scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Rex Chen (1): mmc: core: SPI mode remove cmd7 Ricardo Ribalda (1): media: tunner: xc5000: Refactor firmware load Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Sabrina Dubroca (2): tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Sean Christopherson (4): rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Sergey Bashirov (2): NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Siddharth Vadapalli (1): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Slavin Liu (1): ipvs: Defer ip_vs_ftp unregister during netns cleanup Sneh Mankad (1): soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Stefan Kerkmann (1): wifi: mwifiex: send world regulatory domain to driver Stephan Gerhold (2): remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice arm64: dts: qcom: msm8916: Add missing MDSS reset Takashi Iwai (3): ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Tetsuo Handa (4): media: imon: reorganize serialization media: imon: grab lock earlier in imon_ir_change_protocol() minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (4): scsi: myrs: Fix dma_alloc_coherent() error check crypto: atmel - Fix dma_unmap_sg() direction media: cx18: Add missing check after DMA map media: pci: ivtv: Add missing check after DMA map Thorsten Blum (1): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Uros Bizjak (1): x86/vdso: Fix output operand size of RDPID Uwe Kleine-König (1): pwm: tiehrpwm: Fix corner case in clock divisor calculation Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vlad Dumitrescu (1): IB/sa: Fix sa_local_svc_timeout_ms read race Wang Haoran (1): scsi: target: target_core_configfs: Add length check to avoid buffer overflow Wang Liang (1): pps: fix warning in pps_register_cdev when register device fail Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Wu (1): usb: gadget: configfs: Correctly set use_os_string at bind Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xiaowei Li (1): USB: serial: option: add SIMCom 8230C compositions Xichao Zhao (2): usb: phy: twl6030: Fix incorrect type for ret exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yang Shi (1): mm: hugetlb: avoid soft lockup when mprotect to large memory area Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Zhang Shurong (1): media: rj54n1cb0c: Fix memleak in rj54n1_probe() Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhen Ni (4): netfilter: ipset: Remove unused htable_bits in macro ahash_region Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Zheng Qixing (1): dm: fix NULL pointer dereference in __dm_suspend() Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns hupu (1): perf subcmd: avoid crash in exclude_cmds when excludes is empty keliu (1): media: rc: Directly use ida_free()

2 days, 11 hours

1
1
0 0

[PATCH] rust: condvar: fix broken intra-doc link

by Miguel Ojeda

The future move of pin-init to `syn` uncovers the following broken intra-doc link: error: unresolved link to `crate::pin_init` --> rust/kernel/sync/condvar.rs:39:40 | 39 | /// instances is with the [`pin_init`](crate::pin_init!) and [`new_condvar`] macros. | ^^^^^^^^^^^^^^^^ no item named `pin_init` in module `kernel` | = note: `-D rustdoc::broken-intra-doc-links` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(rustdoc::broken_intra_doc_links)]` Currently, when rendered, the link points to a literal `crate::pin_init!` URL. Thus fix it. Cc: stable(a)vger.kernel.org Fixes: 129e97be8e28 ("rust: pin-init: fix documentation links") Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- rust/kernel/sync/condvar.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/kernel/sync/condvar.rs b/rust/kernel/sync/condvar.rs index c6ec64295c9f..aa5b9a7a726d 100644 --- a/rust/kernel/sync/condvar.rs +++ b/rust/kernel/sync/condvar.rs @@ -36,7 +36,7 @@ macro_rules! new_condvar { /// spuriously. /// /// Instances of [`CondVar`] need a lock class and to be pinned. The recommended way to create such -/// instances is with the [`pin_init`](crate::pin_init!) and [`new_condvar`] macros. +/// instances is with the [`pin_init`](pin_init::pin_init!) and [`new_condvar`] macros. /// /// # Examples /// base-commit: dcb6fa37fd7bc9c3d2b066329b0d27dedf8becaa -- 2.51.0

2 days, 12 hours

2
1
0 0

[PATCH] x86/mm: Fix check/use ordering in switch_mm_irqs_off()

by Stephen Dolan

[ Upstream commit 83b0177a6c48 ] [ Patch for 6.1.y, 6.6.y, 6.12.y trees ] To avoid racing with should_flush_tlb, setting loaded_mm to LOADED_MM_SWITCHING must happen before reading tlb_gen. This patch differs from the upstream fix since the ordering issue in stable trees is different: here, the relevant code blocks are in the wrong order due to a bad rebase earlier, so the fix is to reorder them. Signed-off-by: Stephen Dolan <sdolan(a)janestreet.com> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Link: https://lore.kernel.org/lkml/CAHDw0oGd0B4=uuv8NGqbUQ_ZVmSheU2bN70e4QhFXWvuA… --- arch/x86/mm/tlb.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 8629d90fdcd9..ed182831063c 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -606,6 +606,14 @@ void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next, */ cond_mitigation(tsk); + /* + * Indicate that CR3 is about to change. nmi_uaccess_okay() + * and others are sensitive to the window where mm_cpumask(), + * CR3 and cpu_tlbstate.loaded_mm are not all in sync. + */ + this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); + barrier(); + /* * Stop remote flushes for the previous mm. * Skip kernel threads; we never send init_mm TLB flushing IPIs, @@ -623,14 +631,6 @@ void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next, next_tlb_gen = atomic64_read(&next->context.tlb_gen); choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush); - - /* - * Indicate that CR3 is about to change. nmi_uaccess_okay() - * and others are sensitive to the window where mm_cpumask(), - * CR3 and cpu_tlbstate.loaded_mm are not all in sync. - */ - this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); - barrier(); } new_lam = mm_lam_cr3_mask(next); -- 2.43.7

2 days, 12 hours

1
0
0 0

[PATCH 5.10] comedi: pcl726: Prevent invalid irq number

by Andrey Troshin

From: Edward Adam Davis <eadavis(a)qq.com> commit 96cb948408b3adb69df7e451ba7da9d21f814d00 upstream. The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an irq number that was too large. If `it->options[1]` is 31, then `1 << it->options[1]` is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the `it->options[1]` value to 30 or lower, or using `1U << it->options[1]`. The old code would just not attempt to request the IRQ if the `options[1]` value were invalid. And it would still configure the device without interrupts even if the call to `request_irq` returned an error. So it would be better to combine this test with the test below. Fixes: fff46207245c ("staging: comedi: pcl726: enable the interrupt support code") Cc: stable <stable(a)kernel.org> # 5.13+ Reported-by: syzbot+5cd373521edd68bebcb3(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5cd373521edd68bebcb3 Tested-by: syzbot+5cd373521edd68bebcb3(a)syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Reviewed-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/tencent_3C66983CC1369E962436264A50759176BF09@qq.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Andrey Troshin: backport fix from drivers/comedi/drivers/pcl726.c to drivers/staging/comedi/drivers/pcl726.c] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39685 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39685 --- drivers/staging/comedi/drivers/pcl726.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/comedi/drivers/pcl726.c b/drivers/staging/comedi/drivers/pcl726.c index 64eb649c9813..f26d7f07d749 100644 --- a/drivers/staging/comedi/drivers/pcl726.c +++ b/drivers/staging/comedi/drivers/pcl726.c @@ -327,7 +327,8 @@ static int pcl726_attach(struct comedi_device *dev, * Hook up the external trigger source interrupt only if the * user config option is valid and the board supports interrupts. */ - if (it->options[1] && (board->irq_mask & (1 << it->options[1]))) { + if (it->options[1] > 0 && it->options[1] < 16 && + (board->irq_mask & (1U << it->options[1]))) { ret = request_irq(it->options[1], pcl726_interrupt, 0, dev->board_name, dev); if (ret == 0) { -- 2.34.1

2 days, 12 hours

1
0
0 0

[PATCH] rust: devres: fix private intra-doc link

by Miguel Ojeda

The future move of pin-init to `syn` uncovers the following private intra-doc link: error: public documentation for `Devres` links to private item `Self::inner` --> rust/kernel/devres.rs:106:7 | 106 | /// [`Self::inner`] is guaranteed to be initialized and is always accessed read-only. | ^^^^^^^^^^^ this item is private | = note: this link will resolve properly if you pass `--document-private-items` = note: `-D rustdoc::private-intra-doc-links` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(rustdoc::private_intra_doc_links)]` Currently, when rendered, the link points to "nowhere" (an inexistent anchor for a "method"). Thus fix it. Cc: stable(a)vger.kernel.org Fixes: f5d3ef25d238 ("rust: devres: get rid of Devres' inner Arc") Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- rust/kernel/devres.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/kernel/devres.rs b/rust/kernel/devres.rs index 10a6a1789854..2392c281459e 100644 --- a/rust/kernel/devres.rs +++ b/rust/kernel/devres.rs @@ -103,7 +103,7 @@ struct Inner<T: Send> { /// /// # Invariants /// -/// [`Self::inner`] is guaranteed to be initialized and is always accessed read-only. +/// `Self::inner` is guaranteed to be initialized and is always accessed read-only. #[pin_data(PinnedDrop)] pub struct Devres<T: Send> { dev: ARef<Device>, base-commit: dcb6fa37fd7bc9c3d2b066329b0d27dedf8becaa -- 2.51.0

2 days, 13 hours

3
2
0 0

[PATCH 6.17 000/184] 6.17.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.6 release. There are 184 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.6-rc1 William Breathitt Gray <wbg(a)kernel.org> gpio: idio-16: Define fixed direction of the GPIO lines Ioana Ciornei <ioana.ciornei(a)nxp.com> gpio: regmap: add the .fixed_direction_output configuration parameter Mathieu Dubois-Briand <mathieu.dubois-briand(a)bootlin.com> gpio: regmap: Allow to allocate regmap-irq device Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options David Hildenbrand <david(a)redhat.com> vmw_balloon: indicate success when effectively deflating during migration David Hildenbrand <david(a)redhat.com> treewide: remove MIGRATEPAGE_SUCCESS David Hildenbrand <david(a)redhat.com> mm/migrate: remove MIGRATEPAGE_UNMAP Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix sending clear and trigger events Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Return -EINTR on device clear Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix no EOI on 1 and 2 byte writes Ma Ke <make24(a)iscas.ac.cn> staging: gpib: Fix device reference leak in fmh_gpib driver Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove useless enable of enhanced features Daniel Golle <daniel(a)makrotopia.org> serial: 8250_mtk: Enable baud clock and manage in runtime PM Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> dt-bindings: usb: qcom,snps-dwc3: Fix bindings for X1E80100 Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: serial: sh-sci: Fix r8a78000 interrupts Cosmin Tanislav <cosmin-gabriel.tanislav.xa(a)renesas.com> tty: serial: sh-sci: fix RSCI FIFO overrun handling Michael Grzeschik <m.grzeschik(a)pengutronix.de> tcpm: switch check for role_sw device with fw_node Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Junhao Xie <bigfoot(a)radxa.com> misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Cosmin Tanislav <cosmin-gabriel.tanislav.xa(a)renesas.com> nvmem: rcar-efuse: add missing MODULE_DEVICE_TABLE Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Andrew Cooper <andrew.cooper3(a)citrix.com> x86/microcode: Fix Entrysign revision check for Zen1/Naples Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sched: Remove never used code in mm_cid_get() Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: correct __must_hold annotation in io_install_fixed_file Haotian Zhang <vulab(a)iscas.ac.cn> gpio: ljca: Fix duplicated IRQ mapping Christoph Hellwig <hch(a)lst.de> block: require LBA dma_alignment when using PI Lorenzo Pieralisi <lpieralisi(a)kernel.org> of/irq: Add msi-parent check to of_msi_xlate() Lorenzo Pieralisi <lpieralisi(a)kernel.org> of/irq: Convert of_msi_map_id() callers to of_msi_xlate() Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix 24bit pixel crossing page boundaries Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix qr_code, ensure vmargin is positive Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix drawing the logo on a small narrow screen Ondrej Mosnacek <omosnace(a)redhat.com> nbd: override creds to kernel when calling sock_{send,recv}msg() Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: fix incorrect unlikely() usage in io_waitid_prep() Guenter Roeck <linux(a)roeck-us.net> hwmon: (sht3x) Fix error handling Li Qiang <liqiang01(a)kylinos.cn> hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() Erick Karanja <karanja99erick(a)gmail.com> hwmon: (pmbus/isl68137) Fix child node reference leak on early return Paul Walmsley <pjw(a)kernel.org> riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Anup Patel <apatel(a)ventanamicro.com> RISC-V: Define pgprot_dmacoherent() for non-coherent devices Akash Goel <akash.goel(a)arm.com> drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Fernando Fernandez Mancera <fmancera(a)suse.de> sysfs: check visibility before changing group attribute ownership Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: fix reading/writing of flashes with more than one plane per lun Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: switch back to non-dma mode in the case of error Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: add support of dual/quad wires spi modes to exec_op() handler Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: return an error for continuous mode dirmap creation cases Artem Shimko <a.shimko.dev(a)gmail.com> firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode Cristian Marussi <cristian.marussi(a)arm.com> include: trace: Fix inflight count helper on failed initialization Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Account for failed debug initialization Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: broadcom: bcm2712: Define VGIC interrupt Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: broadcom: bcm2712: Add default GIC address cells Mattijs Korpershoek <mkorpershoek(a)kernel.org> spi: cadence-quadspi: Fix pm_runtime unbalance on dma EPROBE_DEFER Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: limit the clock rate for different sample clock source selection Han Xu <han.xu(a)nxp.com> spi: spi-nxp-fspi: add extra delay after dll locked Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: re-config the clock rate when operation require new clock rate Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: add the support for sample data from DQS pad Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Add support for IMPDEF value in the memory access descriptor Marek Szyprowski <m.szyprowski(a)samsung.com> spi: rockchip-sfc: Fix DMA-API usage SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: dealloc commit test ctx always SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: catch commit test ctx alloc failure Enze Li <lienze(a)kylinos.cn> mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme SeongJae Park <sj(a)kernel.org> mm/damon/core: fix list_add_tail() call on damon_call() SeongJae Park <sj(a)kernel.org> mm/damon/core: use damos_commit_quota_goal() for new goal commit Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: increase max link count and fix link->enc NULL pointer access Matthew Brost <matthew.brost(a)intel.com> drm/xe: Check return value of GGTT workqueue allocation Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/mremap: correctly account old mapping after MREMAP_DONTUNMAP remap Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> mm: prevent poison consumption when splitting THP Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark implicit tests as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'flush re-add' as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Sebastian Reichel <sebastian.reichel(a)collabora.com> net: stmmac: dwmac-rk: Fix disabling set_clock_selection Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: update the slave array for broadcast mode Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Nam Cao <namcao(a)linutronix.de> rv: Make rtapp/pagefault monitor depends on CONFIG_MMU Nam Cao <namcao(a)linutronix.de> rv: Fully convert enabled_monitors to use list_head as iterator Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Update adpm12160 coeff due to latest FW Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. David Howells <dhowells(a)redhat.com> cifs: Fix TCP_Server_Info::credits to be signed Marc Kleine-Budde <mkl(a)pengutronix.de> can: netlink: can_changelink(): allow disabling of automatic restart Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not warn if the page is already tagged in copy_highpage() Xi Ruoyao <xry111(a)xry111.site> ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Paulo Alcantara <pc(a)manguebit.org> smb: client: get rid of d_drop() in cifs_do_rename() Hao Ge <gehao(a)kylinos.cn> slab: Fix obj_ext mistakenly considered NULL due to race condition Hao Ge <gehao(a)kylinos.cn> slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts Danilo Krummrich <dakr(a)kernel.org> rust: device: fix device context of Device::parent() Paul Walmsley <pjw(a)kernel.org> riscv: cpufeature: avoid uninitialized variable in has_thead_homogeneous_vlenb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers tr1x_em <admin(a)trix.is-a.dev> platform/x86: alienware-wmi-wmax: Add AWCC support to Dell G15 5530 Darrick J. Wong <djwong(a)kernel.org> xfs: fix locking in xchk_nlinks_collect_dir William Breathitt Gray <wbg(a)kernel.org> gpio: 104-idio-16: Define maximum valid register address offset William Breathitt Gray <wbg(a)kernel.org> gpio: pci-idio-16: Define maximum valid register address offset Amit Dhingra <mechanicalamit(a)gmail.com> btrfs: ref-verify: fix IS_ERR() vs NULL check in btrfs_build_ref_tree() Ting-Chang Hou <tchou(a)synology.com> btrfs: send: fix duplicated rmdir operations when using extrefs Dewei Meng <mengdewei(a)cqsoftware.com.cn> btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: be smarter on when to update the stime usage Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: switch away from getrusage() for CPU accounting Jingwei Wang <wangjingwei(a)iscas.ac.cn> riscv: hwprobe: Fix stale vDSO data for late-initialized keys at boot Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Jason Wang <jasowang(a)redhat.com> virtio-net: zero unused hash fields Marek Szyprowski <m.szyprowski(a)samsung.com> dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Alexei Starovoitov <ast(a)kernel.org> mm: don't spin in add_stack_record when gfp flags don't allow Lance Yang <lance.yang(a)linux.dev> hung_task: fix warnings caused by unaligned lock pointers Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Jakub Acs <acsjakub(a)amazon.de> fs/notify: call exportfs_encode_fid with s_umount Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix IPsec cleanup over MPV device Robert Marko <robert.marko(a)sartura.hr> net: phy: micrel: always set shared->phydev for LAN8814 Ralf Lici <ralf(a)mandelbit.com> ovpn: use datagram_poll_queue for socket readiness in TCP Ralf Lici <ralf(a)mandelbit.com> net: datagram: introduce datagram_poll_queue for custom receive queues Ralf Lici <ralf(a)mandelbit.com> espintcp: use datagram_poll_queue for socket readiness Fernando Fernandez Mancera <fmancera(a)suse.de> net: hsr: prevent creation of HSR device with slaves from another netns Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Heiner Kallweit <hkallweit1(a)gmail.com> net: hibmcge: select FIXED_PHY Gao Xiang <xiang(a)kernel.org> erofs: avoid infinite loops due to corrupted subpage compact indexes Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Aksh Garg <a-garg7(a)ti.com> net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Wang Liang <wangliang74(a)huawei.com> net/smc: fix general protection fault in __smc_diag_dump Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ Xin Long <lucien.xin(a)gmail.com> selftests: net: fix server bind failure in sctp_vrf.sh Marc Kleine-Budde <mkl(a)pengutronix.de> can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Marc Kleine-Budde <mkl(a)pengutronix.de> can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Marc Kleine-Budde <mkl(a)pengutronix.de> can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Aleksander Jan Bajkowski <olek2(a)wp.pl> net: phy: realtek: fix rtl8221b-vm-cg name Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Jianpeng Chang <jianpeng.chang.cn(a)windriver.com> net: enetc: fix the deadlock of enetc_mdio_lock Gao Xiang <xiang(a)kernel.org> erofs: fix crafted invalid cases for encoded extents Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nathan Chancellor <nathan(a)kernel.org> net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Mario Limonciello (AMD) <superm1(a)kernel.org> cpufreq/amd-pstate: Fix a regression leading to EPP 0 after hibernate David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init Linus Torvalds <torvalds(a)linux-foundation.org> Unbreak 'make tools/*' for user-space targets Stefan Metzmacher <metze(a)samba.org> smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefan Metzmacher <metze(a)samba.org> smb: client: make use of ib_wc_status_msg() and skip IB_WC_WR_FLUSH_ERR logging Stefan Metzmacher <metze(a)samba.org> smb: client: limit the range of info->receive_credit_target Stefan Metzmacher <metze(a)samba.org> smb: client: queue post_recv_credits_work also if the peer raises the credit target Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Use __GFP_ACCOUNT for user page table allocations Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi: Relax the event ID check in the framework Clément Léger <cleger(a)rivosinc.com> riscv: cpufeature: add validation for zfa, zfh and zfhmin Junhui Liu <junhui.liu(a)pigmoral.tech> riscv: mm: Use mmu-type from FDT to limit SATP mode Junhui Liu <junhui.liu(a)pigmoral.tech> riscv: mm: Return intended SATP mode for noXlvl options Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix unlikely race in gdlm_put_lock Fuad Tabba <tabba(a)google.com> arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Junjie Cao <junjie.cao(a)intel.com> lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kees Cook <kees(a)kernel.org> PCI: Test for bit underflow in pcie_set_readrq() Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Harald Freudenberger <freude(a)linux.ibm.com> s390/pkey: Forward keygenflags to ep11_unwrapkey Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Alexander Aring <aahringo(a)redhat.com> dlm: move to rinfo for all middle conversion cases Randy Dunlap <rdunlap(a)infradead.org> cgroup/misc: fix misc_res_type kernel-doc warning Jan Kara <jack(a)suse.cz> expfs: Fix exportfs_can_encode_fh() for EXPORT_FH_FID Nipun Gupta <nipun.gupta(a)amd.com> vfio/cdx: update driver to build without CONFIG_GENERIC_MSI_IRQ K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Block delayed tasks on throttled hierarchy during dequeue ------------- Diffstat: .../devicetree/bindings/serial/renesas,scif.yaml | 1 + .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- .../devicetree/bindings/usb/qcom,snps-dwc3.yaml | 3 + Makefile | 8 +- arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/mm/copypage.c | 11 +- arch/arm64/tools/sysreg | 4 +- arch/m68k/include/asm/bitops.h | 25 ++-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 +++ arch/powerpc/include/asm/pgtable.h | 12 -- arch/powerpc/mm/book3s32/mmu.c | 4 +- arch/powerpc/mm/pgtable_32.c | 2 +- arch/powerpc/platforms/pseries/cmm.c | 2 +- arch/riscv/include/asm/hwprobe.h | 7 ++ arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/include/asm/vdso/arch_data.h | 6 + arch/riscv/kernel/cpu.c | 4 +- arch/riscv/kernel/cpufeature.c | 10 +- arch/riscv/kernel/pi/cmdline_early.c | 4 +- arch/riscv/kernel/pi/fdt_early.c | 40 ++++++ arch/riscv/kernel/pi/pi.h | 1 + arch/riscv/kernel/sys_hwprobe.c | 94 ++++++++++---- arch/riscv/kernel/unaligned_access_speed.c | 9 +- arch/riscv/kernel/vdso/hwprobe.c | 2 +- arch/riscv/mm/init.c | 11 +- arch/s390/mm/pgalloc.c | 13 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- block/blk-settings.c | 10 ++ drivers/acpi/acpica/tbprint.c | 6 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 136 +++++++++++++-------- drivers/block/nbd.c | 15 +++ drivers/comedi/comedi_buf.c | 2 +- drivers/cpufreq/amd-pstate.c | 6 +- drivers/cpuidle/governors/menu.c | 21 ++-- drivers/firmware/arm_ffa/driver.c | 37 ++++-- drivers/firmware/arm_scmi/common.h | 32 ++++- drivers/firmware/arm_scmi/driver.c | 54 +++----- drivers/gpio/gpio-104-idio-16.c | 1 + drivers/gpio/gpio-idio-16.c | 5 + drivers/gpio/gpio-ljca.c | 14 +-- drivers/gpio/gpio-pci-idio-16.c | 1 + drivers/gpio/gpio-regmap.c | 53 +++++++- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 + drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 +- drivers/gpu/drm/drm_panic.c | 54 +++++++- drivers/gpu/drm/panthor/panthor_mmu.c | 10 +- drivers/gpu/drm/xe/xe_ggtt.c | 3 + drivers/hwmon/cgbc-hwmon.c | 3 + drivers/hwmon/pmbus/isl68137.c | 3 +- drivers/hwmon/pmbus/max34440.c | 12 +- drivers/hwmon/sht3x.c | 27 ++-- drivers/irqchip/irq-gic-v3-its-fsl-mc-msi.c | 2 +- drivers/misc/fastrpc.c | 2 + drivers/misc/lkdtm/fortify.c | 6 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/vmw_balloon.c | 8 +- drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 47 ++++--- drivers/net/can/bxcan.c | 2 +- drivers/net/can/dev/netlink.c | 6 +- drivers/net/can/esd/esdacc.c | 2 +- drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.c | 25 +++- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/hisilicon/Kconfig | 1 + .../net/ethernet/mellanox/mlx5/core/en/params.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 + .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 +++- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 51 ++++++-- drivers/net/ethernet/renesas/ravb_main.c | 24 +++- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 +- drivers/net/ethernet/ti/am65-cpts.c | 63 +++++++--- drivers/net/ovpn/tcp.c | 26 +++- drivers/net/phy/micrel.c | 4 +- drivers/net/phy/realtek/realtek_main.c | 16 +-- drivers/net/usb/rtl8150.c | 11 +- drivers/nvmem/rcar-efuse.c | 1 + drivers/of/irq.c | 62 ++++++---- drivers/pci/msi/irqdomain.c | 2 +- drivers/pci/pci.c | 6 +- drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 +- drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 +- drivers/platform/mellanox/mlxbf-pmc.c | 1 + drivers/platform/x86/dell/alienware-wmi-wmax.c | 12 +- drivers/ptp/ptp_ocp.c | 2 +- drivers/s390/crypto/zcrypt_ep11misc.c | 4 +- drivers/spi/spi-airoha-snfi.c | 128 ++++++++++++++----- drivers/spi/spi-cadence-quadspi.c | 5 +- drivers/spi/spi-nxp-fspi.c | 80 +++++++++++- drivers/spi/spi-rockchip-sfc.c | 12 +- .../staging/gpib/agilent_82350b/agilent_82350b.c | 12 +- drivers/staging/gpib/fmh_gpib/fmh_gpib.c | 5 + drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 13 +- drivers/tty/serial/8250/8250_dw.c | 4 +- drivers/tty/serial/8250/8250_exar.c | 11 ++ drivers/tty/serial/8250/8250_mtk.c | 6 +- drivers/tty/serial/sc16is7xx.c | 7 -- drivers/tty/serial/sh-sci.c | 14 ++- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/xhci-dbgcap.c | 15 ++- drivers/usb/serial/option.c | 10 ++ drivers/usb/typec/tcpm/tcpm.c | 4 +- drivers/vfio/cdx/Makefile | 6 +- drivers/vfio/cdx/private.h | 14 +++ drivers/virtio/virtio_balloon.c | 2 +- fs/aio.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ref-verify.c | 2 +- fs/btrfs/send.c | 56 +++++++-- fs/btrfs/super.c | 8 +- fs/dlm/lock.c | 2 +- fs/dlm/lockspace.c | 2 +- fs/dlm/recover.c | 2 +- fs/erofs/zmap.c | 39 +++--- fs/exec.c | 2 +- fs/gfs2/lock_dlm.c | 11 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ------- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++++ fs/hfsplus/super.c | 25 +++- fs/hugetlbfs/inode.c | 4 +- fs/jfs/jfs_metapage.c | 8 +- fs/notify/fdinfo.c | 6 + fs/ocfs2/move_extents.c | 5 + fs/smb/client/cifsglob.h | 2 +- fs/smb/client/inode.c | 5 +- fs/smb/client/smbdirect.c | 30 +++-- fs/smb/client/smbdirect.h | 2 +- fs/smb/server/transport_rdma.c | 11 +- fs/sysfs/group.c | 26 +++- fs/xfs/scrub/nlinks.c | 34 +++++- fs/xfs/xfs_super.c | 33 +++-- include/linux/arm_ffa.h | 21 +++- include/linux/exportfs.h | 7 +- include/linux/gpio/regmap.h | 16 +++ include/linux/hung_task.h | 8 +- include/linux/migrate.h | 11 +- include/linux/misc_cgroup.h | 2 +- include/linux/of_irq.h | 6 - include/linux/skbuff.h | 3 + include/linux/virtio_net.h | 4 + io_uring/fdinfo.c | 8 +- io_uring/filetable.c | 2 +- io_uring/sqpoll.c | 65 +++++++--- io_uring/sqpoll.h | 1 + io_uring/waitid.c | 2 +- kernel/dma/debug.c | 5 +- kernel/sched/fair.c | 9 +- kernel/sched/sched.h | 2 - kernel/trace/rv/monitors/pagefault/Kconfig | 1 + kernel/trace/rv/rv.c | 12 +- mm/damon/core.c | 7 +- mm/damon/sysfs.c | 7 +- mm/huge_memory.c | 3 + mm/migrate.c | 88 +++++++------ mm/migrate_device.c | 2 +- mm/mremap.c | 15 +-- mm/page_owner.c | 3 + mm/slub.c | 23 ++-- mm/zsmalloc.c | 4 +- net/core/datagram.c | 44 +++++-- net/core/rtnetlink.c | 3 - net/hsr/hsr_netlink.c | 8 +- net/mptcp/pm_kernel.c | 6 + net/sctp/inqueue.c | 13 +- net/smc/smc_inet.c | 13 -- net/vmw_vsock/af_vsock.c | 38 +++--- net/xfrm/espintcp.c | 6 +- rust/kernel/auxiliary.rs | 8 +- rust/kernel/device.rs | 4 +- tools/objtool/check.c | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 8 +- tools/testing/selftests/net/sctp_hello.c | 17 +-- tools/testing/selftests/net/sctp_vrf.sh | 73 ++++++----- 186 files changed, 1849 insertions(+), 834 deletions(-)

2 days, 13 hours

14
197
0 0

[PATCH 6.6 00/84] 6.6.115-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.115 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.115-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.115-rc1 Haoyu Li <lihaoyu499(a)gmail.com> gpio: ljca: Initialize num before accessing item in ljca_gpio_config Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Amir Goldstein <amir73il(a)gmail.com> fuse: allocate ff->release_args only if release is needed Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Jakub Acs <acsjakub(a)amazon.de> fs/notify: call exportfs_encode_fid with s_umount Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Daniel Golle <daniel(a)makrotopia.org> serial: 8250_mtk: Enable baud clock and manage in runtime PM Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Michael Grzeschik <m.grzeschik(a)pengutronix.de> tcpm: switch check for role_sw device with fw_node Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Junhao Xie <bigfoot(a)radxa.com> misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Andrew Cooper <andrew.cooper3(a)citrix.com> x86/microcode: Fix Entrysign revision check for Zen1/Naples Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sched: Remove never used code in mm_cid_get() Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: correct __must_hold annotation in io_install_fixed_file Haotian Zhang <vulab(a)iscas.ac.cn> gpio: ljca: Fix duplicated IRQ mapping Wentong Wu <wentong.wu(a)intel.com> gpio: update Intel LJCA USB GPIO driver Guenter Roeck <linux(a)roeck-us.net> hwmon: (sht3x) Fix error handling Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Anup Patel <apatel(a)ventanamicro.com> RISC-V: Define pgprot_dmacoherent() for non-coherent devices Artem Shimko <a.shimko.dev(a)gmail.com> firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Account for failed debug initialization Han Xu <han.xu(a)nxp.com> spi: spi-nxp-fspi: add extra delay after dll locked Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark implicit tests as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'flush re-add' as skipped if not supported Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Sebastian Reichel <sebastian.reichel(a)collabora.com> net: stmmac: dwmac-rk: Fix disabling set_clock_selection Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering David Howells <dhowells(a)redhat.com> cifs: Fix TCP_Server_Info::credits to be signed Marc Kleine-Budde <mkl(a)pengutronix.de> can: netlink: can_changelink(): allow disabling of automatic restart Xi Ruoyao <xry111(a)xry111.site> ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" William Breathitt Gray <wbg(a)kernel.org> gpio: 104-idio-16: Define maximum valid register address offset William Breathitt Gray <wbg(a)kernel.org> gpio: pci-idio-16: Define maximum valid register address offset Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Marek Szyprowski <m.szyprowski(a)samsung.com> dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Xin Long <lucien.xin(a)gmail.com> selftests: net: fix server bind failure in sctp_vrf.sh Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert sctp_vrf.sh to run it in unique namespace Marc Kleine-Budde <mkl(a)pengutronix.de> can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Jianpeng Chang <jianpeng.chang.cn(a)windriver.com> net: enetc: fix the deadlock of enetc_mdio_lock Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nathan Chancellor <nathan(a)kernel.org> net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Linus Torvalds <torvalds(a)linux-foundation.org> Unbreak 'make tools/*' for user-space targets Stefan Metzmacher <metze(a)samba.org> smb: server: let smb_direct_flush_send_list() invalidate a remote key first Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi: Relax the event ID check in the framework Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Junjie Cao <junjie.cao(a)intel.com> lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret ------------- Diffstat: .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- Makefile | 8 +- arch/arm64/include/asm/pgtable.h | 3 +- arch/m68k/include/asm/bitops.h | 25 ++- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 ++ arch/powerpc/include/asm/pgtable.h | 12 - arch/powerpc/mm/book3s32/mmu.c | 4 +- arch/powerpc/mm/pgtable_32.c | 2 +- arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/kernel/cpu.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/resctrl/monitor.c | 12 +- drivers/acpi/acpica/tbprint.c | 6 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 +++++++----- drivers/comedi/comedi_buf.c | 2 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/firmware/arm_scmi/common.h | 24 +- drivers/firmware/arm_scmi/driver.c | 47 ++-- drivers/gpio/Kconfig | 4 +- drivers/gpio/gpio-104-idio-16.c | 1 + drivers/gpio/gpio-ljca.c | 248 ++++++++++++--------- drivers/gpio/gpio-pci-idio-16.c | 1 + drivers/hwmon/sht3x.c | 27 ++- drivers/misc/fastrpc.c | 2 + drivers/misc/lkdtm/fortify.c | 6 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 ++-- drivers/net/can/bxcan.c | 2 +- drivers/net/can/dev/netlink.c | 6 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.c | 27 ++- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 2 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 + .../net/ethernet/mellanox/mlx5/core/en/params.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 - drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 +++++++---- drivers/net/ethernet/netronome/nfp/nfd3/xsk.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 24 +- drivers/net/ethernet/sfc/efx_channels.c | 2 +- drivers/net/ethernet/sfc/siena/efx_channels.c | 2 +- drivers/net/ethernet/socionext/netsec.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 +- drivers/net/ethernet/ti/cpsw_priv.c | 2 +- drivers/net/usb/rtl8150.c | 11 +- drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 +- drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 +- drivers/s390/cio/device.c | 37 +-- drivers/spi/spi-nxp-fspi.c | 6 + drivers/tty/serial/8250/8250_dw.c | 4 +- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/tty/serial/8250/8250_mtk.c | 6 +- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/serial/option.c | 10 + drivers/usb/typec/tcpm/tcpm.c | 4 +- fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 75 ++++--- fs/fuse/fuse_i.h | 2 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 ++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ---- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 ++++ fs/hfsplus/super.c | 25 ++- fs/notify/fdinfo.c | 6 + fs/ocfs2/move_extents.c | 5 + fs/smb/client/cifsglob.h | 2 +- fs/smb/server/transport_rdma.c | 11 +- fs/xfs/xfs_super.c | 33 ++- io_uring/filetable.c | 2 +- kernel/dma/debug.c | 5 +- kernel/sched/sched.h | 2 - net/core/rtnetlink.c | 3 - net/sctp/inqueue.c | 13 +- net/vmw_vsock/af_vsock.c | 38 ++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 +- tools/testing/selftests/net/sctp_hello.c | 17 +- tools/testing/selftests/net/sctp_vrf.sh | 85 ++++--- 98 files changed, 917 insertions(+), 604 deletions(-)

2 days, 13 hours

11
94
0 0

[PATCH v2 2/4] ASoC: cs4271: Disable regulators in component_probe() error path

by Herve Codina

The commit 9a397f473657 ("ASoC: cs4271: add regulator consumer support") has introduced regulators in the driver. Regulators are enabled at the beginning of component_probe() but they are not disabled on errors. This can lead to unbalanced enable/disable. Fix the error path to disable regulators on errors. Fixes: 9a397f473657 ("ASoC: cs4271: add regulator consumer support") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- sound/soc/codecs/cs4271.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sound/soc/codecs/cs4271.c b/sound/soc/codecs/cs4271.c index ff9c6628224c..a9d333e6c723 100644 --- a/sound/soc/codecs/cs4271.c +++ b/sound/soc/codecs/cs4271.c @@ -572,17 +572,17 @@ static int cs4271_component_probe(struct snd_soc_component *component) ret = regcache_sync(cs4271->regmap); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN | CS4271_MODE2_CPEN, CS4271_MODE2_PDN | CS4271_MODE2_CPEN); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN, 0); if (ret < 0) - return ret; + goto err_disable_regulators; /* Power-up sequence requires 85 uS */ udelay(85); @@ -592,6 +592,10 @@ static int cs4271_component_probe(struct snd_soc_component *component) CS4271_MODE2_MUTECAEQUB); return 0; + +err_disable_regulators: + regulator_bulk_disable(ARRAY_SIZE(cs4271->supplies), cs4271->supplies); + return ret; } static void cs4271_component_remove(struct snd_soc_component *component) -- 2.51.0

2 days, 13 hours

2
1
0 0

[PATCH 5.15 000/117] 5.15.196-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.196 release. There are 117 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 30 Oct 2025 09:28:07 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.196-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.196-rc2 Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Marek Vasut <marek.vasut+renesas(a)gmail.com> PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Amir Goldstein <amir73il(a)gmail.com> fuse: allocate ff->release_args only if release is needed Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Niko Mauno <niko.mauno(a)vaisala.com> Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads (part 2) Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Jakub Kicinski <kuba(a)kernel.org> net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sascha Hauer <s.hauer(a)pengutronix.de> net: tls: wait for async completion on last message David Howells <dhowells(a)redhat.com> splice, net: Add a splice_eof op to file-ops and socket-ops Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/m68k/include/asm/bitops.h | 25 ++-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 +++ arch/riscv/kernel/probes/kprobes.c | 13 +- block/blk-crypto-fallback.c | 3 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/power/runtime.c | 44 +++++++ drivers/comedi/comedi_buf.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 14 ++- drivers/cpuidle/governors/menu.c | 21 ++-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 +++++---------- drivers/hid/hid-multitouch.c | 27 ++-- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 ++---- drivers/media/rc/lirc_dev.c | 15 +-- drivers/media/rc/rc-main.c | 6 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 +++--- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 8 ++ drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/lan78xx.c | 42 +++++-- drivers/net/usb/r8152.c | 9 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/rtl8150.c | 13 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 +++ drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-tegra194.c | 28 ++++- drivers/pci/controller/pcie-rcar-host.c | 83 +++++++------ drivers/pci/pci-sysfs.c | 10 +- drivers/s390/cio/device.c | 37 ++++-- drivers/tty/serial/8250/8250_exar.c | 11 ++ drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/function/f_acm.c | 42 +++---- drivers/usb/gadget/function/f_ncm.c | 78 +++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/gadget/udc/core.c | 3 + drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/serial/option.c | 10 ++ fs/btrfs/relocation.c | 13 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/ext4/inode.c | 8 ++ fs/f2fs/data.c | 2 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 75 ++++++----- fs/fuse/fuse_i.h | 2 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ------ fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++++ fs/hfsplus/super.c | 25 +++- fs/hfsplus/unicode.c | 24 ++++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 ++ fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 34 +++-- fs/nfsd/nfs4xdr.c | 14 +-- fs/nfsd/xdr4.h | 36 +++++- fs/ocfs2/move_extents.c | 5 + fs/splice.c | 31 ++++- fs/xfs/libxfs/xfs_log_format.h | 30 ++++- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++-- fs/xfs/xfs_ondisk.h | 2 + fs/xfs/xfs_super.c | 33 +++-- include/linux/cpufreq.h | 3 + include/linux/fs.h | 1 + include/linux/net.h | 1 + include/linux/netdevice.h | 9 ++ include/linux/pm_runtime.h | 4 + include/linux/splice.h | 1 + include/linux/usb/gadget.h | 25 ++++ include/net/ip_tunnels.h | 15 +++ include/net/rtnetlink.h | 9 +- include/net/sock.h | 1 + include/uapi/linux/netlink.h | 1 + kernel/padata.c | 6 +- kernel/sched/fair.c | 38 +++--- net/core/rtnetlink.c | 81 ++++++++---- net/ipv4/ip_tunnel.c | 14 --- net/ipv4/tcp_output.c | 19 ++- net/ipv6/ip6_tunnel.c | 3 +- net/sctp/inqueue.c | 13 +- net/socket.c | 10 ++ net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 22 +++- net/vmw_vsock/af_vsock.c | 38 +++--- sound/firewire/amdtp-stream.h | 2 +- sound/usb/card.c | 10 +- tools/perf/tests/perf-record.c | 4 - 128 files changed, 1305 insertions(+), 728 deletions(-)

2 days, 15 hours

9
8
0 0

[Patch v2] perf/x86/intel: Fix KASAN global-out-of-bounds warning

by Dapeng Mi

When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. 196.273657] ================================================================== [ 196.273662] BUG: KASAN: global-out-of-bounds in cmt_latency_data+0x176/0x1b0 [ 196.273669] Read of size 4 at addr ffffffffb721d000 by task dtlb/9850 [ 196.273676] CPU: 126 UID: 0 PID: 9850 Comm: dtlb Kdump: loaded Not tainted 6.17.0-rc3-2025-08-29-intel-next-34160-g316938187eb0 #1 PREEMPT(none) [ 196.273680] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.IPC.3544.P83.2507110208 07/11/2025 [ 196.273682] Call Trace: [ 196.273683] <NMI> [ 196.273684] dump_stack_lvl+0x55/0x70 [ 196.273689] print_address_description.constprop.0+0x2c/0x3d0 [ 196.273694] ? cmt_latency_data+0x176/0x1b0 [ 196.273696] print_report+0xb4/0x270 [ 196.273699] ? kasan_addr_to_slab+0xd/0xa0 [ 196.273702] kasan_report+0xb8/0xf0 [ 196.273705] ? cmt_latency_data+0x176/0x1b0 [ 196.273707] cmt_latency_data+0x176/0x1b0 [ 196.273710] setup_arch_pebs_sample_data+0xf49/0x2560 [ 196.273713] intel_pmu_drain_arch_pebs+0x577/0xb00 [ 196.273716] ? __pfx_intel_pmu_drain_arch_pebs+0x10/0x10 [ 196.273719] ? perf_output_begin+0x3e4/0xa10 [ 196.273724] ? intel_pmu_drain_bts_buffer+0xc2/0x6a0 [ 196.273727] ? __pfx_intel_pmu_drain_bts_buffer+0x10/0x10 [ 196.273730] handle_pmi_common+0x6c4/0xc80 [ 196.273734] ? __pfx_handle_pmi_common+0x10/0x10 [ 196.273738] ? intel_bts_interrupt+0xd3/0x4d0 [ 196.273740] ? __pfx_intel_bts_interrupt+0x10/0x10 [ 196.273742] ? intel_pmu_lbr_enable_all+0x25/0x150 [ 196.273745] intel_pmu_handle_irq+0x388/0x700 [ 196.273748] perf_event_nmi_handler+0xff/0x150 [ 196.273751] nmi_handle.part.0+0xa8/0x2d0 [ 196.273755] ? perf_output_begin+0x3e9/0xa10 [ 196.273757] default_do_nmi+0x79/0x1a0 [ 196.273760] fred_exc_nmi+0x40/0x90 [ 196.273762] asm_fred_entrypoint_kernel+0x45/0x60 [ 196.273765] RIP: 0010:perf_output_begin+0x3e9/0xa10 [ 196.273768] Code: 54 24 1c 85 d2 0f 85 19 03 00 00 48 8b 44 24 18 48 c1 e8 03 42 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 25 05 00 00 41 8b 44 24 18 <c1> e0 0c 48 98 48 83 e8 01 80 7c 24 2a 00 0f 85 f9 02 00 00 4c 29 [ 196.273770] RSP: 0018:ffffc9001cf575e8 EFLAGS: 00000246 [ 196.273774] RAX: 0000000000000080 RBX: ffff88c1a0f95028 RCX: 0000000000000004 [ 196.273775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88c08c8f9408 [ 196.273777] RBP: 0000000000000028 R08: 0000000000000000 R09: ffffed18341f2a05 [ 196.273778] R10: ffff88c1a0f9502f R11: ffff88c1a0dbe1b8 R12: ffff88c1a0f95000 [ 196.273779] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9001cf577e0 [ 196.273782] </NMI> The issue is caused by below code in __grt_latency_data(). The code tries to access x86_hybrid_pmu structure which doesn't exist on non-hybrid platform like CWF. WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big) So add is_hybrid() check before calling this WARN_ON_ONCE to fix the global-out-of-bounds access issue. Reported-by: Xudong Hao <xudong.hao(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 090262439f66 ("perf/x86/intel: Rename model-specific pebs_latency_data functions") Signed-off-by: Dapeng Mi <dapeng1.mi(a)linux.intel.com> Reviewed-by: Zide Chen <zide.chen(a)intel.com> --- Changes: v2: Wrap the line that exceeds 80 characters (Zide) arch/x86/events/intel/ds.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index c0b7ac1c7594..01bc59e9286c 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -317,7 +317,8 @@ static u64 __grt_latency_data(struct perf_event *event, u64 status, { u64 val; - WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big); + WARN_ON_ONCE(is_hybrid() && + hybrid_pmu(event->pmu)->pmu_type == hybrid_big); dse &= PERF_PEBS_DATA_SOURCE_GRT_MASK; val = hybrid_var(event->pmu, pebs_data_source)[dse]; base-commit: 45e1dccc0653c50e377dae57ef086a8d0f71061d -- 2.34.1

2 days, 15 hours

2
1
0 0

[PATCH] most: usb: fix double free on late probe failure

by Johan Hovold

The MOST subsystem has a non-standard registration function which frees the interface on registration failures and on deregistration. This unsurprisingly leads to bugs in the MOST drivers, and a couple of recent changes turned a reference underflow and use-after-free in the USB driver into several double free and a use-after-free on late probe failures. Fixes: 723de0f9171e ("staging: most: remove device from interface structure") Fixes: 4b1270902609 ("most: usb: Fix use-after-free in hdm_disconnect") Fixes: a8cc9e5fcb0e ("most: usb: hdm_probe: Fix calling put_device() before device initialization") Cc: stable(a)vger.kernel.org Cc: Christian Gromm <christian.gromm(a)microchip.com> Cc: Victoria Votokina <Victoria.Votokina(a)kaspersky.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/most/most_usb.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/most/most_usb.c b/drivers/most/most_usb.c index 10064d7b7249..41ee169f80c5 100644 --- a/drivers/most/most_usb.c +++ b/drivers/most/most_usb.c @@ -1058,7 +1058,7 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id) ret = most_register_interface(&mdev->iface); if (ret) - goto err_free_busy_urbs; + return ret; mutex_lock(&mdev->io_mutex); if (le16_to_cpu(usb_dev->descriptor.idProduct) == USB_DEV_ID_OS81118 || @@ -1068,8 +1068,7 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id) if (!mdev->dci) { mutex_unlock(&mdev->io_mutex); most_deregister_interface(&mdev->iface); - ret = -ENOMEM; - goto err_free_busy_urbs; + return -ENOMEM; } mdev->dci->dev.init_name = "dci"; @@ -1078,18 +1077,15 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id) mdev->dci->dev.release = release_dci; if (device_register(&mdev->dci->dev)) { mutex_unlock(&mdev->io_mutex); + put_device(&mdev->dci->dev); most_deregister_interface(&mdev->iface); - ret = -ENOMEM; - goto err_free_dci; + return -ENOMEM; } mdev->dci->usb_device = mdev->usb_device; } mutex_unlock(&mdev->io_mutex); return 0; -err_free_dci: - put_device(&mdev->dci->dev); -err_free_busy_urbs: - kfree(mdev->busy_urbs); + err_free_ep_address: kfree(mdev->ep_address); err_free_cap: -- 2.51.0

2 days, 15 hours

1
0
0 0

[PATCH v5 1/2] dma-mapping: benchmark: Restore padding to ensure uABI remained consistent

by Qinxin Xia

The padding field in the structure was previously reserved to maintain a stable interface for potential new fields, ensuring compatibility with user-space shared data structures. However,it was accidentally removed by tiantao in a prior commit, which may lead to incompatibility between user space and the kernel. This patch reinstates the padding to restore the original structure layout and preserve compatibility. Fixes: 8ddde07a3d28 ("dma-mapping: benchmark: extract a common header file for map_benchmark definition") Cc: stable(a)vger.kernel.org Acked-by: Barry Song <baohua(a)kernel.org> Signed-off-by: Qinxin Xia <xiaqinxin(a)huawei.com> --- include/linux/map_benchmark.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/map_benchmark.h b/include/linux/map_benchmark.h index 62674c83bde4..48e2ff95332f 100644 --- a/include/linux/map_benchmark.h +++ b/include/linux/map_benchmark.h @@ -27,5 +27,6 @@ struct map_benchmark { __u32 dma_dir; /* DMA data direction */ __u32 dma_trans_ns; /* time for DMA transmission in ns */ __u32 granule; /* how many PAGE_SIZE will do map/unmap once a time */ + __u8 expansion[76]; /* For future use */ }; #endif /* _KERNEL_DMA_BENCHMARK_H */ -- 2.33.0

2 days, 16 hours

3
2
0 0

[PATCH v2 1/2] PCI: Allow per function PCI slots

by Farhan Ali

On s390 systems, which use a machine level hypervisor, PCI devices are always accessed through a form of PCI pass-through which fundamentally operates on a per PCI function granularity. This is also reflected in the s390 PCI hotplug driver which creates hotplug slots for individual PCI functions. Its reset_slot() function, which is a wrapper for zpci_hot_reset_device(), thus also resets individual functions. Currently, the kernel's PCI_SLOT() macro assigns the same pci_slot object to multifunction devices. This approach worked fine on s390 systems that only exposed virtual functions as individual PCI domains to the operating system. Since commit 44510d6fa0c0 ("s390/pci: Handling multifunctions") s390 supports exposing the topology of multifunction PCI devices by grouping them in a shared PCI domain. When attempting to reset a function through the hotplug driver, the shared slot assignment causes the wrong function to be reset instead of the intended one. It also leaks memory as we do create a pci_slot object for the function, but don't correctly free it in pci_slot_release(). Add a flag for struct pci_slot to allow per function PCI slots for functions managed through a hypervisor, which exposes individual PCI functions while retaining the topology. Fixes: 44510d6fa0c0 ("s390/pci: Handling multifunctions") Cc: stable(a)vger.kernel.org Suggested-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Farhan Ali <alifm(a)linux.ibm.com> --- drivers/pci/pci.c | 5 +++-- drivers/pci/slot.c | 25 ++++++++++++++++++++++--- include/linux/pci.h | 1 + 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index b14dd064006c..36ee38e0d817 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -4980,8 +4980,9 @@ static int pci_reset_hotplug_slot(struct hotplug_slot *hotplug, bool probe) static int pci_dev_reset_slot_function(struct pci_dev *dev, bool probe) { - if (dev->multifunction || dev->subordinate || !dev->slot || - dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET) + if (dev->subordinate || !dev->slot || + dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET || + (dev->multifunction && !dev->slot->per_func_slot)) return -ENOTTY; return pci_reset_hotplug_slot(dev->slot->hotplug, probe); diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c index 50fb3eb595fe..ed10fa3ae727 100644 --- a/drivers/pci/slot.c +++ b/drivers/pci/slot.c @@ -63,6 +63,22 @@ static ssize_t cur_speed_read_file(struct pci_slot *slot, char *buf) return bus_speed_read(slot->bus->cur_bus_speed, buf); } +static bool pci_dev_matches_slot(struct pci_dev *dev, struct pci_slot *slot) +{ + if (slot->per_func_slot) + return dev->devfn == slot->number; + + return PCI_SLOT(dev->devfn) == slot->number; +} + +static bool pci_slot_enabled_per_func(void) +{ + if (IS_ENABLED(CONFIG_S390)) + return true; + + return false; +} + static void pci_slot_release(struct kobject *kobj) { struct pci_dev *dev; @@ -73,7 +89,7 @@ static void pci_slot_release(struct kobject *kobj) down_read(&pci_bus_sem); list_for_each_entry(dev, &slot->bus->devices, bus_list) - if (PCI_SLOT(dev->devfn) == slot->number) + if (pci_dev_matches_slot(dev, slot)) dev->slot = NULL; up_read(&pci_bus_sem); @@ -166,7 +182,7 @@ void pci_dev_assign_slot(struct pci_dev *dev) mutex_lock(&pci_slot_mutex); list_for_each_entry(slot, &dev->bus->slots, list) - if (PCI_SLOT(dev->devfn) == slot->number) + if (pci_dev_matches_slot(dev, slot)) dev->slot = slot; mutex_unlock(&pci_slot_mutex); } @@ -265,6 +281,9 @@ struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr, slot->bus = pci_bus_get(parent); slot->number = slot_nr; + if (pci_slot_enabled_per_func()) + slot->per_func_slot = 1; + slot->kobj.kset = pci_slots_kset; slot_name = make_slot_name(name); @@ -285,7 +304,7 @@ struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr, down_read(&pci_bus_sem); list_for_each_entry(dev, &parent->devices, bus_list) - if (PCI_SLOT(dev->devfn) == slot_nr) + if (pci_dev_matches_slot(dev, slot)) dev->slot = slot; up_read(&pci_bus_sem); diff --git a/include/linux/pci.h b/include/linux/pci.h index d1fdf81fbe1e..6ad194597ab5 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -78,6 +78,7 @@ struct pci_slot { struct list_head list; /* Node in list of slots */ struct hotplug_slot *hotplug; /* Hotplug info (move here) */ unsigned char number; /* PCI_SLOT(pci_dev->devfn) */ + unsigned int per_func_slot:1; /* Allow per function slot */ struct kobject kobj; }; -- 2.43.0

2 days, 16 hours

3
3
0 0

[PATCH net] virtio-net: calculate header alignment mask based on features

by Jason Wang

Commit 56a06bd40fab ("virtio_net: enable gso over UDP tunnel support.") switches to check the alignment of the virtio_net_hdr_v1_hash_tunnel even when doing the transmission even if the feature is not negotiated. This will cause a series performance degradation of pktgen as the skb->data can't satisfy the alignment requirement due to the increase of the header size then virtio-net must prepare at least 2 sgs with indirect descriptors which will introduce overheads in the device. Fixing this by calculate the header alignment during probe so when tunnel gso is not negotiated, we can less strict. Pktgen in guest + XDP_DROP on TAP + vhost_net shows the TX PPS is recovered from 2.4Mpps to 4.45Mpps. Note that we still need a way to recover the performance when tunnel gso is enabled, probably a new vnet header format. Fixes: 56a06bd40fab ("virtio_net: enable gso over UDP tunnel support.") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- drivers/net/virtio_net.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 31bd32bdecaf..5b851df749c0 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -441,6 +441,9 @@ struct virtnet_info { /* Packet virtio header size */ u8 hdr_len; + /* header alignment */ + size_t hdr_align; + /* Work struct for delayed refilling if we run low on memory. */ struct delayed_work refill; @@ -3308,8 +3311,9 @@ static int xmit_skb(struct send_queue *sq, struct sk_buff *skb, bool orphan) pr_debug("%s: xmit %p %pM\n", vi->dev->name, skb, dest); can_push = vi->any_header_sg && - !((unsigned long)skb->data & (__alignof__(*hdr) - 1)) && + !((unsigned long)skb->data & (vi->hdr_align - 1)) && !skb_header_cloned(skb) && skb_headroom(skb) >= hdr_len; + /* Even if we can, don't push here yet as this would skew * csum_start offset below. */ if (can_push) @@ -6926,15 +6930,20 @@ static int virtnet_probe(struct virtio_device *vdev) } if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO) || - virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO)) + virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO)) { vi->hdr_len = sizeof(struct virtio_net_hdr_v1_hash_tunnel); - else if (vi->has_rss_hash_report) + vi->hdr_align = __alignof__(struct virtio_net_hdr_v1_hash_tunnel); + } else if (vi->has_rss_hash_report) { vi->hdr_len = sizeof(struct virtio_net_hdr_v1_hash); - else if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF) || - virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) + vi->hdr_align = __alignof__(struct virtio_net_hdr_v1_hash); + } else if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF) || + virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) { vi->hdr_len = sizeof(struct virtio_net_hdr_mrg_rxbuf); - else + vi->hdr_align = __alignof__(struct virtio_net_hdr_mrg_rxbuf); + } else { vi->hdr_len = sizeof(struct virtio_net_hdr); + vi->hdr_align = __alignof__(struct virtio_net_hdr); + } if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM)) vi->rx_tnl_csum = true; -- 2.31.1

2 days, 16 hours

3
3
0 0

[PATCH] drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse()

by Miaoqian Lin

The function mtk_dp_dt_parse() calls of_graph_get_endpoint_by_regs() to get the endpoint device node, but fails to call of_node_put() to release the reference when the function returns. This results in a device node reference leak. Fix this by adding the missing of_node_put() call before returning from the function. Found via static analysis and code review. Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/mediatek/mtk_dp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c index bef6eeb30d3e..b0b1e158600f 100644 --- a/drivers/gpu/drm/mediatek/mtk_dp.c +++ b/drivers/gpu/drm/mediatek/mtk_dp.c @@ -2087,6 +2087,7 @@ static int mtk_dp_dt_parse(struct mtk_dp *mtk_dp, endpoint = of_graph_get_endpoint_by_regs(pdev->dev.of_node, 1, -1); len = of_property_count_elems_of_size(endpoint, "data-lanes", sizeof(u32)); + of_node_put(endpoint); if (len < 0 || len > 4 || len == 3) { dev_err(dev, "invalid data lane size: %d\n", len); return -EINVAL; -- 2.39.5 (Apple Git-154)

2 days, 16 hours

2
1
0 0

[PATCH] drm/bridge: sii902x: Fix device node reference leak sii902x_probe

by Miaoqian Lin

of_graph_get_endpoint_by_regs() gets a reference to the endpoint node to read the "bus-width" property but fails to call of_node_put() to release the reference, causing a reference count leak. Add the missing of_node_put() call to fix this. Found via static analysis and code review. Fixes: d284ccd8588c ("drm/bridge: sii902x: Set input bus format based on bus-width") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/bridge/sii902x.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/sii902x.c b/drivers/gpu/drm/bridge/sii902x.c index d537b1d036fb..3a247ac3c7dd 100644 --- a/drivers/gpu/drm/bridge/sii902x.c +++ b/drivers/gpu/drm/bridge/sii902x.c @@ -1189,8 +1189,10 @@ static int sii902x_probe(struct i2c_client *client) sii902x->bus_width = 24; endpoint = of_graph_get_endpoint_by_regs(dev->of_node, 0, -1); - if (endpoint) + if (endpoint) { of_property_read_u32(endpoint, "bus-width", &sii902x->bus_width); + of_node_put(endpoint); + } endpoint = of_graph_get_endpoint_by_regs(dev->of_node, 1, -1); if (endpoint) { -- 2.39.5 (Apple Git-154)

2 days, 17 hours

1
0
0 0

[PATCH] drm/bridge: samsung-dsim: Fix device node reference leak in samsung_dsim_parse_dt

by Miaoqian Lin

The function samsung_dsim_parse_dt() calls of_graph_get_endpoint_by_regs() to get the endpoint device node, but fails to call of_node_put() to release the reference when the function returns. This results in a device node reference leak. Fix this by adding the missing of_node_put() call before returning from the function. Found via static analysis and code review. Fixes: 77169a11d4e9 ("drm/bridge: samsung-dsim: add driver support for exynos7870 DSIM bridge") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/bridge/samsung-dsim.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/bridge/samsung-dsim.c b/drivers/gpu/drm/bridge/samsung-dsim.c index eabc4c32f6ab..1a5acd5077ad 100644 --- a/drivers/gpu/drm/bridge/samsung-dsim.c +++ b/drivers/gpu/drm/bridge/samsung-dsim.c @@ -2086,6 +2086,7 @@ static int samsung_dsim_parse_dt(struct samsung_dsim *dsi) if (lane_polarities[1]) dsi->swap_dn_dp_data = true; } + of_node_put(endpoint); return 0; } -- 2.39.5 (Apple Git-154)

2 days, 17 hours

1
0
0 0

[PATCH 5.4 000/224] 5.4.301-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.301 release. There are 224 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.301-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.301-rc1 Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Krzysztof Kozlowski <krzk(a)kernel.org> memory: samsung: exynos-srom: Correct alignment Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add msg kind names Colin Ian King <colin.king(a)canonical.com> net: rtnetlink: remove redundant assignment to variable err Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Barry Song <song.bao.hua(a)hisilicon.com> sched/fair: Trivial correction of the newidle_balance() comment Chen Yu <yu.c.chen(a)intel.com> sched: Make newidle_balance() static again Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dl2k: switch from 'pci_' to 'dma_' API Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: pci/ivtv: switch from 'pci_' to 'dma_' API Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Sean Christopherson <seanjc(a)google.com> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Nalivayko Sergey <Sergey.Nalivayko(a)kaspersky.com> net/9p: fix double req put in p9_fd_cancelled Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm, tpm_tis: Claim locality before writing interrupt registers Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue John Garry <john.garry(a)huawei.com> scsi: mvsas: Use sas_task_find_rq() for tagging John Garry <john.garry(a)huawei.com> scsi: mvsas: Delete mvs_tag_init() John Garry <john.garry(a)huawei.com> scsi: libsas: Add sas_task_find_rq() Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath10k: avoid unnecessary wait for service ready message Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Dan Carpenter <dan.carpenter(a)linaro.org> serial: max310x: Add error checking in probe() Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core/PM: Set power.no_callbacks along with power.no_pm Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: flush RX FIFO on read errors Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: fix maximum TX packet length check hupu <hupu.gm(a)gmail.com> perf subcmd: avoid crash in exclude_cmds when excludes is empty Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: limit MAX_TAG_SIZE to 255 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Xiaowei Li <xiaowei.li(a)simcom.com> USB: serial: option: add SIMCom 8230C compositions Larshin Sergey <Sergey.Larshin(a)kaspersky.com> media: rc: fix races with imon_disconnect() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: grab lock earlier in imon_ir_change_protocol() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: reorganize serialization Flavius Georgescu <pretoriano.mp(a)gmail.com> media: rc: Add support for another iMON 0xffdc device Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe Duoming Zhou <duoming(a)zju.edu.cn> media: tuner: xc5000: Fix use-after-free in xc5000_release Ricardo Ribalda <ribalda(a)chromium.org> media: tunner: xc5000: Refactor firmware load Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Duoming Zhou <duoming(a)zju.edu.cn> media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove Wang Haoran <haoranwangsec(a)gmail.com> scsi: target: target_core_configfs: Add length check to avoid buffer overflow ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/arm64/silicon-errata.rst | 2 + Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/m68k/include/asm/bitops.h | 25 +-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/lib/M7memcpy.S | 20 +-- arch/sparc/lib/Memcpy_utils.S | 9 + arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 ++-- arch/sparc/lib/U1memcpy.S | 19 ++- arch/sparc/lib/U3memcpy.S | 2 +- arch/sparc/mm/hugetlbpage.c | 20 +++ arch/x86/include/asm/kvm_emulate.h | 2 +- arch/x86/include/asm/segment.h | 8 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/emulate.c | 10 +- arch/x86/kvm/x86.c | 9 +- block/blk-mq-sysfs.c | 6 +- block/blk-settings.c | 3 +- crypto/essiv.c | 14 +- drivers/acpi/acpi_dbg.c | 26 +-- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/processor_idle.c | 3 + drivers/android/binder.c | 11 +- drivers/base/node.c | 4 + drivers/base/regmap/regmap.c | 2 +- drivers/char/tpm/tpm_tis_core.c | 26 +-- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 ++- drivers/clocksource/clps711x-timer.c | 23 ++- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpuidle/governors/menu.c | 21 +-- drivers/crypto/atmel-tdes.c | 2 +- drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 ---- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 +- drivers/i2c/busses/i2c-designware-platdrv.c | 1 + drivers/i2c/busses/i2c-mt65xx.c | 17 +- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 ++- drivers/iio/inkern.c | 2 +- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 +-- drivers/input/misc/uinput.c | 1 + drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm.c | 7 +- drivers/media/i2c/mt9v111.c | 2 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/pci/b2c2/flexcop-pci.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 12 +- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-queue.c | 18 +- drivers/media/pci/ivtv/ivtv-streams.c | 22 +-- drivers/media/pci/ivtv/ivtv-udma.c | 19 ++- drivers/media/pci/ivtv/ivtv-yuv.c | 18 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 ++-- drivers/media/rc/imon.c | 189 +++++++++++++-------- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 +- drivers/media/tuners/xc5000.c | 41 ++--- drivers/memory/samsung/exynos-srom.c | 32 ++-- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/mmc/core/sdio.c | 6 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/mtd/spi-nor/cadence-quadspi.c | 5 + drivers/net/bonding/bond_main.c | 40 ++--- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 99 ++++++----- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 -- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/usb/rtl8150.c | 13 +- drivers/net/wireless/ath/ath10k/wmi.c | 39 +++-- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 - drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/perf/arm_spe_pmu.c | 3 +- drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 ++ drivers/pinctrl/pinmux.c | 2 +- drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/pwm/pwm-tiehrpwm.c | 4 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/rtc/interface.c | 27 +++ drivers/rtc/rtc-x1205.c | 2 +- drivers/scsi/hpsa.c | 21 ++- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/mvsas/mv_defs.h | 1 + drivers/scsi/mvsas/mv_init.c | 13 +- drivers/scsi/mvsas/mv_sas.c | 42 ++--- drivers/scsi/mvsas/mv_sas.h | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_sas.c | 9 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/staging/axis-fifo/axis-fifo.c | 32 ++-- drivers/staging/comedi/comedi_buf.c | 2 +- drivers/target/target_core_configfs.c | 2 +- drivers/tty/serial/max310x.c | 2 + drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/serial/option.c | 16 ++ drivers/usb/usbip/vhci_hcd.c | 22 +++ drivers/watchdog/mpc8xxx_wdt.c | 2 + drivers/xen/events/events_base.c | 25 ++- drivers/xen/manage.c | 3 +- fs/btrfs/export.c | 8 +- fs/cramfs/inode.c | 11 +- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 18 +- fs/ext4/super.c | 10 +- fs/ext4/xattr.c | 15 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 ++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ----- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++ fs/hfsplus/super.c | 25 ++- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 +- fs/minix/inode.c | 8 +- fs/namespace.c | 11 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/lockd.c | 15 ++ fs/nfsd/nfs4proc.c | 34 ++-- fs/ocfs2/move_extents.c | 5 + fs/ocfs2/stack_user.c | 1 + fs/squashfs/inode.c | 31 +++- fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 3 + include/linux/device.h | 3 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/netdevice.h | 9 + include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 16 +- include/scsi/libsas.h | 18 ++ include/uapi/linux/netlink.h | 1 + kernel/padata.c | 6 +- kernel/pid.c | 2 +- kernel/sched/fair.c | 38 +++-- kernel/sched/sched.h | 4 - kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/genalloc.c | 5 +- mm/hugetlb.c | 2 + net/9p/trans_fd.c | 8 +- net/core/filter.c | 16 +- net/core/rtnetlink.c | 89 +++++++--- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp.c | 9 +- net/ipv4/tcp_input.c | 1 - net/ipv4/tcp_output.c | 19 ++- net/ipv4/udp.c | 16 +- net/ipv6/ip6_tunnel.c | 3 +- net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/sctp/inqueue.c | 13 +- net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 13 ++ security/keys/trusted.c | 7 +- sound/firewire/amdtp-stream.h | 2 +- sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/intel/boards/bytcht_es8316.c | 20 ++- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 ++- tools/build/feature/Makefile | 4 +- tools/lib/subcmd/help.c | 3 + tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/rseq/rseq.c | 8 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 217 files changed, 1530 insertions(+), 941 deletions(-)

2 days, 17 hours

9
233
0 0

[PATCH 5.10 000/325] 5.10.246-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.246 release. There are 325 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 30 Oct 2025 09:28:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.246-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.246-rc2 Li Jinlin <lijinlin3(a)huawei.com> fsdax: Fix infinite loop in dax_iomap_rw() Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Krzysztof Wilczyński <kw(a)linux.com> PCI/sysfs: Use sysfs_emit() and sysfs_emit_at() in "show" functions Maximilian Luz <luzmaximilian(a)gmail.com> PCI: Add sysfs attribute for device power state Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add msg kind names Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Barry Song <song.bao.hua(a)hisilicon.com> sched/fair: Trivial correction of the newidle_balance() comment Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Jakub Kicinski <kuba(a)kernel.org> net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Christoph Hellwig <hch(a)lst.de> fsdax: switch dax_iomap_rw to use iomap_iter Christoph Hellwig <hch(a)lst.de> iomap: add the new iomap_iter model Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Jason A. Donenfeld <Jason(a)zx2c4.com> wifi: rt2x00: use explicitly signed or unsigned types Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: pci/ivtv: switch from 'pci_' to 'dma_' API David Laight <David.Laight(a)ACULAB.COM> minmax.h: remove some #defines that are only expanded once David Laight <David.Laight(a)ACULAB.COM> minmax.h: simplify the variants of clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: move all the clamp() definitions after the min/max() ones David Laight <David.Laight(a)ACULAB.COM> minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: reduce the #define expansion of min(), max() and clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: update some comments David Laight <David.Laight(a)ACULAB.COM> minmax.h: add whitespace around operators and after commas Linus Torvalds <torvalds(a)linux-foundation.org> minmax: fix up min3() and max3() too Linus Torvalds <torvalds(a)linux-foundation.org> minmax: improve macro expansion and type checking Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify min()/max()/clamp() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: don't use max() in situations that want a C constant expression Linus Torvalds <torvalds(a)linux-foundation.org> minmax: make generic MIN() and MAX() macros available everywhere Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify and clarify min_t()/max_t() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: add a few more MIN_T/MAX_T users Linus Torvalds <torvalds(a)linux-foundation.org> minmax: avoid overly complicated constant expressions in VM code David Laight <David.Laight(a)ACULAB.COM> minmax: relax check to allow comparison between unsigned arguments and signed constants David Laight <David.Laight(a)ACULAB.COM> minmax: allow comparisons of 'int' against 'unsigned char/short' David Laight <David.Laight(a)ACULAB.COM> minmax: fix indentation of __cmp_once() and __clamp_once() David Laight <David.Laight(a)ACULAB.COM> minmax: allow min()/max()/clamp() if the arguments have the same signedness. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: fix header inclusions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: deduplicate __unconst_integer_typeof() Herve Codina <herve.codina(a)bootlin.com> minmax: Introduce {min,max}_array() Matthew Wilcox (Oracle) <willy(a)infradead.org> minmax: add in_range() macro Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: clamp more efficiently by avoiding extra comparison Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: sanity check constant bounds when clamping Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: remove duplicated in_range() macro Bart Van Assche <bvanassche(a)acm.org> overflow, tracing: Define the is_signed_type() macro once Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Peter Zijlstra <peterz(a)infradead.org> locking: Introduce __cleanup() based infrastructure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Nalivayko Sergey <Sergey.Nalivayko(a)kaspersky.com> net/9p: fix double req put in p9_fd_cancelled Sean Christopherson <seanjc(a)google.com> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Ma Ke <make24(a)iscas.ac.cn> ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd934x: Simplify with dev_err_probe Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Gianfranco Trad <gianf.trad(a)gmail.com> udf: fix uninit-value use in udf_get_fileshortad Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Nathan Chancellor <nathan(a)kernel.org> lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Huacai Chen <chenhuacai(a)loongson.cn> init: handle bootloader identifier in kernel parameters Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue John Garry <john.garry(a)huawei.com> scsi: mvsas: Use sas_task_find_rq() for tagging John Garry <john.garry(a)huawei.com> scsi: mvsas: Delete mvs_tag_init() John Garry <john.garry(a)huawei.com> scsi: libsas: Add sas_task_find_rq() Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() Salah Triki <salah.triki(a)gmail.com> bus: fsl-mc: Check return value of platform_get_resource() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Marek Vasut <marek.vasut(a)mailbox.org> Input: atmel_mxt_ts - allow reset GPIO to sleep Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle copy_thresh allocation failure Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() Nishanth Menon <nm(a)ti.com> hwrng: ks-sa - fix division by zero in ks_sa_rng_init Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Colin Ian King <colin.i.king(a)gmail.com> ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Håkon Bugge <haakon.bugge(a)oracle.com> RDMA/cm: Rate limit destroy CM ID timeout error message Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Power up UVD 3 for FW validation (v2) Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Dan Carpenter <dan.carpenter(a)linaro.org> serial: max310x: Add error checking in probe() Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible Qianfeng Rong <rongqianfeng(a)vivo.com> pinctrl: renesas: Use int type to store negative error codes Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Clear power.must_resume in noirq suspend error path Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Yureka Lilian <yuka(a)yuka.dev> libbpf: Fix reuse of DEVMAP Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> selftests: arm64: Check fread return value in exec_target Jeff Layton <jlayton(a)kernel.org> filelock: add FL_RECLAIM to show_fl_flags() macro Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rng - Ensure set_ent is always present Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/amd/display: Fix potential null dereference Roman Li <roman.li(a)amd.com> drm/amd/display: Remove redundant safeguards for dmub-srv destroy() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core/PM: Set power.no_callbacks along with power.no_pm Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: flush RX FIFO on read errors Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: fix maximum TX packet length check Raphael Gallais-Pou <raphael.gallais-pou(a)foss.st.com> serial: stm32: allow selecting console when the driver is module Arnaud Lecomte <contact(a)arnaud-lcm.com> hid: fix I2C read buffer overflow in raw_event() for mcp2221 hupu <hupu.gm(a)gmail.com> perf subcmd: avoid crash in exclude_cmds when excludes is empty Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: limit MAX_TAG_SIZE to 255 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Xiaowei Li <xiaowei.li(a)simcom.com> USB: serial: option: add SIMCom 8230C compositions Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe Duoming Zhou <duoming(a)zju.edu.cn> media: tuner: xc5000: Fix use-after-free in xc5000_release Ricardo Ribalda <ribalda(a)chromium.org> media: tunner: xc5000: Refactor firmware load Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Larshin Sergey <Sergey.Larshin(a)kaspersky.com> media: rc: fix races with imon_disconnect() Duoming Zhou <duoming(a)zju.edu.cn> media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove Wang Haoran <haoranwangsec(a)gmail.com> scsi: target: target_core_configfs: Add length check to avoid buffer overflow ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 9 + Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/arm64/silicon-errata.rst | 2 + Documentation/trace/histogram-design.rst | 4 +- Makefile | 4 +- arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm/mm/pageattr.c | 6 +- arch/arm64/Kconfig | 1 + arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/mte.c | 3 +- arch/m68k/include/asm/bitops.h | 25 +- arch/mips/mti-malta/malta-setup.c | 2 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/lib/M7memcpy.S | 20 +- arch/sparc/lib/Memcpy_utils.S | 9 + arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 ++- arch/sparc/lib/U1memcpy.S | 19 +- arch/sparc/lib/U3memcpy.S | 2 +- arch/sparc/mm/hugetlbpage.c | 20 ++ arch/um/drivers/mconsole_user.c | 2 + arch/x86/include/asm/segment.h | 8 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/emulate.c | 11 +- arch/x86/kvm/kvm_emulate.h | 2 +- arch/x86/kvm/x86.c | 9 +- arch/x86/mm/pgtable.c | 2 +- block/blk-crypto-fallback.c | 3 + block/blk-mq-sysfs.c | 6 +- block/blk-settings.c | 3 +- crypto/essiv.c | 14 +- crypto/rng.c | 8 + drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 3 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/node.c | 4 + drivers/base/power/main.c | 14 +- drivers/base/power/runtime.c | 44 ++++ drivers/base/regmap/regmap.c | 2 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 3 + drivers/bus/mhi/host/init.c | 5 +- drivers/char/hw_random/ks-sa-rng.c | 4 + drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clocksource/clps711x-timer.c | 23 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/dma/ioat/dma.c | 12 +- drivers/edac/sb_edac.c | 4 +- drivers/edac/skx_common.h | 1 - drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpio/gpio-wcd934x.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 ++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 + .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/arm/display/include/malidp_utils.h | 2 +- .../drm/arm/display/komeda/komeda_pipeline_state.c | 24 +- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 --- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 - drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/radeon/evergreen_cs.c | 2 + drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 +- drivers/hid/hid-mcp2221.c | 4 + drivers/hid/hid-multitouch.c | 27 ++- drivers/hwmon/adt7475.c | 24 +- drivers/i2c/busses/i2c-designware-platdrv.c | 1 + drivers/i2c/busses/i2c-mt65xx.c | 17 +- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 39 +-- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/iio/inkern.c | 2 +- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/cm.c | 4 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 +- drivers/input/misc/uinput.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm.c | 7 +- drivers/media/dvb-frontends/stv0367_priv.h | 3 + drivers/media/i2c/mt9v111.c | 2 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/pci/b2c2/flexcop-pci.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 12 +- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-queue.c | 18 +- drivers/media/pci/ivtv/ivtv-streams.c | 22 +- drivers/media/pci/ivtv/ivtv-udma.c | 27 ++- drivers/media/pci/ivtv/ivtv-yuv.c | 24 +- drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +-- drivers/media/rc/imon.c | 27 ++- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 +- drivers/media/tuners/xc5000.c | 41 ++-- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/sdio.c | 6 +- drivers/most/most_usb.c | 13 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/net/bonding/bond_main.c | 40 ++- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 +- drivers/net/ethernet/dlink/dl2k.c | 30 ++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/fjes/fjes_main.c | 4 +- drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/lan78xx.c | 42 +++- drivers/net/usb/r8152.c | 2 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/rtl8150.c | 15 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 ++ drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 36 +-- drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 8 +- drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 +- drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 - drivers/nfc/pn544/i2c.c | 2 - drivers/pci/controller/cadence/pci-j721e.c | 25 ++ drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-tegra194.c | 22 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-label.c | 10 +- drivers/pci/pci-sysfs.c | 98 +++++--- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/perf/arm_spe_pmu.c | 3 +- drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 + drivers/pinctrl/pinmux.c | 2 +- drivers/pinctrl/renesas/pinctrl.c | 3 +- drivers/platform/x86/sony-laptop.c | 1 - drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/pwm/pwm-tiehrpwm.c | 4 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/rtc/interface.c | 27 +++ drivers/rtc/rtc-x1205.c | 2 +- drivers/scsi/hpsa.c | 21 +- drivers/scsi/isci/init.c | 6 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/mvsas/mv_defs.h | 1 + drivers/scsi/mvsas/mv_init.c | 13 +- drivers/scsi/mvsas/mv_sas.c | 42 ++-- drivers/scsi/mvsas/mv_sas.h | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_sas.c | 9 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/spi/spi-cadence-quadspi.c | 5 + drivers/staging/axis-fifo/axis-fifo.c | 32 ++- drivers/staging/comedi/comedi_buf.c | 2 +- .../pci/hive_isp_css_include/math_support.h | 5 - drivers/target/target_core_configfs.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/tty/serial/Kconfig | 2 +- drivers/tty/serial/max310x.c | 2 + drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/serial/option.c | 16 ++ drivers/usb/usbip/vhci_hcd.c | 22 ++ drivers/watchdog/mpc8xxx_wdt.c | 2 + drivers/xen/events/events_base.c | 20 +- drivers/xen/manage.c | 3 +- fs/btrfs/ctree.h | 2 - fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 1 + fs/btrfs/file-item.c | 1 + fs/btrfs/misc.h | 2 - fs/btrfs/raid56.c | 1 + fs/btrfs/tree-checker.c | 2 +- fs/cramfs/inode.c | 11 +- fs/dax.c | 54 +++-- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/erofs/zdata.h | 2 +- fs/exec.c | 2 +- fs/ext2/balloc.c | 2 - fs/ext4/ext4.h | 2 - fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 18 +- fs/ext4/super.c | 10 +- fs/ext4/xattr.c | 15 +- fs/file.c | 5 +- fs/fsopen.c | 70 +++--- fs/fuse/file.c | 8 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 ++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ---- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 ++++ fs/hfsplus/super.c | 25 +- fs/hfsplus/unicode.c | 24 ++ fs/iomap/apply.c | 74 +++++- fs/iomap/trace.h | 37 ++- fs/jbd2/transaction.c | 13 +- fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 11 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/lockd.c | 15 ++ fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++- fs/nfsd/nfs4xdr.c | 14 +- fs/nfsd/xdr4.h | 36 ++- fs/ocfs2/move_extents.c | 5 + fs/ocfs2/stack_user.c | 1 + fs/squashfs/inode.c | 31 ++- fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 12 +- fs/ufs/util.h | 6 - include/linux/cleanup.h | 171 +++++++++++++ include/linux/compiler-clang.h | 9 + include/linux/compiler.h | 15 ++ include/linux/compiler_attributes.h | 6 + include/linux/device.h | 10 + include/linux/file.h | 6 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/iomap.h | 56 +++++ include/linux/irqflags.h | 7 + include/linux/minmax.h | 267 ++++++++++++++++----- include/linux/mutex.h | 4 + include/linux/netdevice.h | 9 + include/linux/overflow.h | 1 - include/linux/percpu.h | 4 + include/linux/pm_runtime.h | 4 + include/linux/preempt.h | 5 + include/linux/rcupdate.h | 3 + include/linux/rwsem.h | 9 + include/linux/sched/task.h | 2 + include/linux/slab.h | 3 + include/linux/spinlock.h | 32 +++ include/linux/srcu.h | 5 + include/linux/trace_events.h | 2 - include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 16 +- include/scsi/libsas.h | 18 ++ include/trace/events/filelock.h | 3 +- include/uapi/linux/netlink.h | 1 + init/main.c | 14 ++ kernel/fork.c | 2 +- kernel/padata.c | 6 +- kernel/pid.c | 2 +- kernel/sched/fair.c | 38 +-- kernel/trace/preemptirq_delay_test.c | 2 - kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/btree.c | 1 - lib/crypto/Makefile | 4 + lib/decompress_unlzma.c | 2 + lib/genalloc.c | 5 +- lib/logic_pio.c | 3 - lib/vsprintf.c | 2 +- lib/zstd/zstd_internal.h | 2 - mm/hugetlb.c | 2 + mm/zsmalloc.c | 1 - net/9p/trans_fd.c | 8 +- net/bluetooth/mgmt.c | 10 +- net/core/filter.c | 18 +- net/core/rtnetlink.c | 87 +++++-- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/proc.c | 2 +- net/ipv4/tcp.c | 9 +- net/ipv4/tcp_input.c | 1 - net/ipv4/tcp_output.c | 19 +- net/ipv4/udp.c | 16 +- net/ipv6/ip6_tunnel.c | 3 +- net/ipv6/proc.c | 2 +- net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/netfilter/nf_nat_core.c | 6 +- net/sctp/inqueue.c | 13 +- net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/tipc/core.h | 2 +- net/tipc/link.c | 10 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 13 + net/vmw_vsock/af_vsock.c | 38 +-- scripts/checkpatch.pl | 2 +- security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/firewire/amdtp-stream.h | 2 +- sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/codecs/wcd934x.c | 30 ++- sound/soc/intel/boards/bytcht_es8316.c | 20 +- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 +- tools/build/feature/Makefile | 4 +- tools/lib/bpf/libbpf.c | 10 + tools/lib/perf/include/perf/event.h | 1 + tools/lib/subcmd/help.c | 3 + tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/arm64/pauth/exec_target.c | 7 +- tools/testing/selftests/rseq/rseq.c | 8 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 372 files changed, 2799 insertions(+), 1321 deletions(-)

2 days, 17 hours

6
5
0 0

[PATCH] ASoC: sdw_utils: fix device reference leak in is_sdca_endpoint_present()

by Miaoqian Lin

The bus_find_device_by_name() function returns a device pointer with an incremented reference count, but the original code was missing put_device() calls in some return paths, leading to reference count leaks. Fix this by ensuring put_device() is called before function exit after bus_find_device_by_name() succeeds This follows the same pattern used elsewhere in the kernel where bus_find_device_by_name() is properly paired with put_device(). Found via static analysis and code review. Fixes: 4f8ef33dd44a ("ASoC: soc_sdw_utils: skip the endpoint that doesn't present") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- sound/soc/sdw_utils/soc_sdw_utils.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/sound/soc/sdw_utils/soc_sdw_utils.c b/sound/soc/sdw_utils/soc_sdw_utils.c index 270c66b90228..ea594f84f11a 100644 --- a/sound/soc/sdw_utils/soc_sdw_utils.c +++ b/sound/soc/sdw_utils/soc_sdw_utils.c @@ -1278,7 +1278,7 @@ static int is_sdca_endpoint_present(struct device *dev, struct sdw_slave *slave; struct device *sdw_dev; const char *sdw_codec_name; - int i; + int ret, i; dlc = kzalloc(sizeof(*dlc), GFP_KERNEL); if (!dlc) @@ -1308,13 +1308,16 @@ static int is_sdca_endpoint_present(struct device *dev, } slave = dev_to_sdw_dev(sdw_dev); - if (!slave) - return -EINVAL; + if (!slave) { + ret = -EINVAL; + goto put_device; + } /* Make sure BIOS provides SDCA properties */ if (!slave->sdca_data.interface_revision) { dev_warn(&slave->dev, "SDCA properties not found in the BIOS\n"); - return 1; + ret = 1; + goto put_device; } for (i = 0; i < slave->sdca_data.num_functions; i++) { @@ -1323,7 +1326,8 @@ static int is_sdca_endpoint_present(struct device *dev, if (dai_type == dai_info->dai_type) { dev_dbg(&slave->dev, "DAI type %d sdca function %s found\n", dai_type, slave->sdca_data.function[i].name); - return 1; + ret = 1; + goto put_device; } } @@ -1331,7 +1335,11 @@ static int is_sdca_endpoint_present(struct device *dev, "SDCA device function for DAI type %d not supported, skip endpoint\n", dai_info->dai_type); - return 0; + ret = 0; + +put_device: + put_device(sdw_dev); + return ret; } int asoc_sdw_parse_sdw_endpoints(struct snd_soc_card *card, -- 2.39.5 (Apple Git-154)

2 days, 17 hours

1
0
0 0

[PATCH] powerpc/kexec: Enable SMT before waking offline CPUs

by Nysal Jan K.A.

If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228. WARNING: CPU: 0 PID: 9062 at arch/powerpc/kexec/core_64.c:223 kexec_prepare_cpus+0x1b0/0x1bc [snip] NIP kexec_prepare_cpus+0x1b0/0x1bc LR kexec_prepare_cpus+0x1a0/0x1bc Call Trace: kexec_prepare_cpus+0x1a0/0x1bc (unreliable) default_machine_kexec+0x160/0x19c machine_kexec+0x80/0x88 kernel_kexec+0xd0/0x118 __do_sys_reboot+0x210/0x2c4 system_call_exception+0x124/0x320 system_call_vectored_common+0x15c/0x2ec This occurs as add_cpu() fails due to cpu_bootable() returning false for CPUs that fail the cpu_smt_thread_allowed() check or non primary threads if SMT is disabled. Fix the issue by enabling SMT and resetting the number of SMT threads to the number of threads per core, before attempting to wake up all present CPUs. Fixes: 38253464bc82 ("cpu/SMT: Create topology_smt_thread_allowed()") Reported-by: Sachin P Bappalige <sachinpb(a)linux.ibm.com> Cc: stable(a)vger.kernel.org # v6.6+ Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> --- arch/powerpc/kexec/core_64.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/powerpc/kexec/core_64.c b/arch/powerpc/kexec/core_64.c index 222aa326dace..ff6df43720c4 100644 --- a/arch/powerpc/kexec/core_64.c +++ b/arch/powerpc/kexec/core_64.c @@ -216,6 +216,11 @@ static void wake_offline_cpus(void) { int cpu = 0; + lock_device_hotplug(); + cpu_smt_num_threads = threads_per_core; + cpu_smt_control = CPU_SMT_ENABLED; + unlock_device_hotplug(); + for_each_present_cpu(cpu) { if (!cpu_online(cpu)) { printk(KERN_INFO "kexec: Waking offline cpu %d.\n", -- 2.51.0

2 days, 21 hours

5
6
0 0

[PATCH v2] codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext

by Hao Ge

From: Hao Ge <gehao(a)kylinos.cn> When alloc_slab_obj_exts() fails and then later succeeds in allocating a slab extension vector, it calls handle_failed_objexts_alloc() to mark all objects in the vector as empty. As a result all objects in this slab (slabA) will have their extensions set to CODETAG_EMPTY. Later on if this slabA is used to allocate a slabobj_ext vector for another slab (slabB), we end up with the slabB->obj_exts pointing to a slabobj_ext vector that itself has a non-NULL slabobj_ext equal to CODETAG_EMPTY. When slabB gets freed, free_slab_obj_exts() is called to free slabB->obj_exts vector. free_slab_obj_exts() calls mark_objexts_empty(slabB->obj_exts) which will generate a warning because it expects slabobj_ext vectors to have a NULL obj_ext, not CODETAG_EMPTY. Modify mark_objexts_empty() to skip the warning and setting the obj_ext value if it's already set to CODETAG_EMPTY. Fixes: 09c46563ff6d ("codetag: debug: introduce OBJEXTS_ALLOC_FAIL to mark failed slab_ext allocations") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hao Ge <gehao(a)kylinos.cn> --- v2: Update the commit message and code comments for greater accuracy, incorporating Suren's suggestions. Thanks for Suren's help. --- mm/slub.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index d4367f25b20d..589c596163c4 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2046,7 +2046,11 @@ static inline void mark_objexts_empty(struct slabobj_ext *obj_exts) if (slab_exts) { unsigned int offs = obj_to_index(obj_exts_slab->slab_cache, obj_exts_slab, obj_exts); - /* codetag should be NULL */ + + if (unlikely(is_codetag_empty(&slab_exts[offs].ref))) + return; + + /* codetag should be NULL here */ WARN_ON(slab_exts[offs].ref.ct); set_codetag_empty(&slab_exts[offs].ref); } -- 2.25.1

2 days, 21 hours

2
1
0 0

+ codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext has been added to the -mm mm-hotfixes-unstable branch. Its filename is codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hao Ge <gehao(a)kylinos.cn> Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext Date: Wed, 29 Oct 2025 09:43:17 +0800 When alloc_slab_obj_exts() fails and then later succeeds in allocating a slab extension vector, it calls handle_failed_objexts_alloc() to mark all objects in the vector as empty. As a result all objects in this slab (slabA) will have their extensions set to CODETAG_EMPTY. Later on if this slabA is used to allocate a slabobj_ext vector for another slab (slabB), we end up with the slabB->obj_exts pointing to a slabobj_ext vector that itself has a non-NULL slabobj_ext equal to CODETAG_EMPTY. When slabB gets freed, free_slab_obj_exts() is called to free slabB->obj_exts vector. free_slab_obj_exts() calls mark_objexts_empty(slabB->obj_exts) which will generate a warning because it expects slabobj_ext vectors to have a NULL obj_ext, not CODETAG_EMPTY. Modify mark_objexts_empty() to skip the warning and setting the obj_ext value if it's already set to CODETAG_EMPTY. To quickly detect this WARN, I modified the code from:WARN_ON(slab_exts[offs].ref.ct) to WARN_ON(slab_exts[offs].ref.ct == 1); We then obtained this message: [21630.898561] ------------[ cut here ]------------ [21630.898596] kernel BUG at mm/slub.c:2050! [21630.898611] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [21630.900372] Modules linked in: squashfs isofs vfio_iommu_type1 vhost_vsock vfio vhost_net vmw_vsock_virtio_transport_common vhost tap vhost_iotlb iommufd vsock binfmt_misc nfsv3 nfs_acl nfs lockd grace netfs tls rds dns_resolver tun brd overlay ntfs3 exfat btrfs blake2b_generic xor xor_neon raid6_pq loop sctp ip6_udp_tunnel udp_tunnel nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables rfkill ip_set sunrpc vfat fat joydev sg sch_fq_codel nfnetlink virtio_gpu sr_mod cdrom drm_client_lib virtio_dma_buf drm_shmem_helper drm_kms_helper drm ghash_ce backlight virtio_net virtio_blk virtio_scsi net_failover virtio_console failover virtio_mmio dm_mirror dm_region_hash dm_log dm_multipath dm_mod fuse i2c_dev virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev virtio virtio_ring autofs4 aes_neon_bs aes_ce_blk [last unloaded: hwpoison_inject] [21630.909177] CPU: 3 UID: 0 PID: 3787 Comm: kylin-process-m Kdump: loaded Tainted: G�� W�� 6.18.0-rc1+ #74 PREEMPT(voluntary) [21630.910495] Tainted: [W]=WARN [21630.910867] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [21630.911625] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [21630.912392] pc : __free_slab+0x228/0x250 [21630.912868] lr : __free_slab+0x18c/0x250[21630.913334] sp : ffff8000a02f73e0 [21630.913830] x29: ffff8000a02f73e0 x28: fffffdffc43fc800 x27: ffff0000c0011c40 [21630.914677] x26: ffff0000c000cac0 x25: ffff00010fe5e5f0 x24: ffff000102199b40 [21630.915469] x23: 0000000000000003 x22: 0000000000000003 x21: ffff0000c0011c40 [21630.916259] x20: fffffdffc4086600 x19: fffffdffc43fc800 x18: 0000000000000000 [21630.917048] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [21630.917837] x14: 0000000000000000 x13: 0000000000000000 x12: ffff70001405ee66 [21630.918640] x11: 1ffff0001405ee65 x10: ffff70001405ee65 x9 : ffff800080a295dc [21630.919442] x8 : ffff8000a02f7330 x7 : 0000000000000000 x6 : 0000000000003000 [21630.920232] x5 : 0000000024924925 x4 : 0000000000000001 x3 : 0000000000000007 [21630.921021] x2 : 0000000000001b40 x1 : 000000000000001f x0 : 0000000000000001 [21630.921810] Call trace: [21630.922130]�� __free_slab+0x228/0x250 (P) [21630.922669]�� free_slab+0x38/0x118 [21630.923079]�� free_to_partial_list+0x1d4/0x340 [21630.923591]�� __slab_free+0x24c/0x348 [21630.924024]�� ___cache_free+0xf0/0x110 [21630.924468]�� qlist_free_all+0x78/0x130 [21630.924922]�� kasan_quarantine_reduce+0x114/0x148 [21630.925525]�� __kasan_slab_alloc+0x7c/0xb0 [21630.926006]�� kmem_cache_alloc_noprof+0x164/0x5c8 [21630.926699]�� __alloc_object+0x44/0x1f8 [21630.927153]�� __create_object+0x34/0xc8 [21630.927604]�� kmemleak_alloc+0xb8/0xd8 [21630.928052]�� kmem_cache_alloc_noprof+0x368/0x5c8 [21630.928606]�� getname_flags.part.0+0xa4/0x610 [21630.929112]�� getname_flags+0x80/0xd8 [21630.929557]�� vfs_fstatat+0xc8/0xe0 [21630.929975]�� __do_sys_newfstatat+0xa0/0x100 [21630.930469]�� __arm64_sys_newfstatat+0x90/0xd8 [21630.931046]�� invoke_syscall+0xd4/0x258 [21630.931685]�� el0_svc_common.constprop.0+0xb4/0x240 [21630.932467]�� do_el0_svc+0x48/0x68 [21630.932972]�� el0_svc+0x40/0xe0 [21630.933472]�� el0t_64_sync_handler+0xa0/0xe8 [21630.934151]�� el0t_64_sync+0x1ac/0x1b0 [21630.934923] Code: aa1803e0 97ffef2b a9446bf9 17ffff9c (d4210000) [21630.936461] SMP: stopping secondary CPUs [21630.939550] Starting crashdump kernel... [21630.940108] Bye! Link: https://lkml.kernel.org/r/20251029014317.1533488-1-hao.ge@linux.dev Fixes: 09c46563ff6d ("codetag: debug: introduce OBJEXTS_ALLOC_FAIL to mark failed slab_ext allocations") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org> Cc: David Rientjes <rientjes(a)google.com> Cc: gehao <gehao(a)kylinos.cn> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/mm/slub.c~codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext +++ a/mm/slub.c @@ -2046,7 +2046,11 @@ static inline void mark_objexts_empty(st if (slab_exts) { unsigned int offs = obj_to_index(obj_exts_slab->slab_cache, obj_exts_slab, obj_exts); - /* codetag should be NULL */ + + if (unlikely(is_codetag_empty(&slab_exts[offs].ref))) + return; + + /* codetag should be NULL here */ WARN_ON(slab_exts[offs].ref.ct); set_codetag_empty(&slab_exts[offs].ref); } _ Patches currently in -mm which might be from gehao(a)kylinos.cn are codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch

2 days, 21 hours

1
0
0 0

Re: [PATCH] drm/mediatek: Disable AFBC support on Mediatek DRM driver

by Macpaul Lin (林智斌)

On Fri, 2025-10-24 at 17:27 -0300, Ariel D'Alessandro wrote: > > External email : Please do not click links or open attachments until > you have verified the sender or the content. > > > Commit c410fa9b07c32 ("drm/mediatek: Add AFBC support to Mediatek DRM > driver") added AFBC support to Mediatek DRM and enabled the > 32x8/split/sparse modifier. > > However, this is currently broken on Mediatek MT8188 (Genio 700 EVK > platform); tested using upstream Kernel and Mesa (v25.2.1), AFBC is > used by > default since Mesa v25.0. > > Kernel trace reports vblank timeouts constantly, and the render is > garbled: > > ``` > [CRTC:62:crtc-0] vblank wait timed out > WARNING: CPU: 7 PID: 70 at drivers/gpu/drm/drm_atomic_helper.c:1835 > drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c > [...] > Hardware name: MediaTek Genio-700 EVK (DT) > Workqueue: events_unbound commit_work > pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c > lr : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c > sp : ffff80008337bca0 > x29: ffff80008337bcd0 x28: 0000000000000061 x27: 0000000000000000 > x26: 0000000000000001 x25: 0000000000000000 x24: ffff0000c9dcc000 > x23: 0000000000000001 x22: 0000000000000000 x21: ffff0000c66f2f80 > x20: ffff0000c0d7d880 x19: 0000000000000000 x18: 000000000000000a > x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000000 > x14: 0000000000000000 x13: 74756f2064656d69 x12: 742074696177206b > x11: 0000000000000058 x10: 0000000000000018 x9 : ffff800082396a70 > x8 : 0000000000057fa8 x7 : 0000000000000cce x6 : ffff8000823eea70 > x5 : ffff0001fef5f408 x4 : ffff80017ccee000 x3 : ffff0000c12cb480 > x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c12cb480 > Call trace: > drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c (P) > drm_atomic_helper_commit_tail_rpm+0x64/0x80 > commit_tail+0xa4/0x1a4 > commit_work+0x14/0x20 > process_one_work+0x150/0x290 > worker_thread+0x2d0/0x3ec > kthread+0x12c/0x210 > ret_from_fork+0x10/0x20 > ---[ end trace 0000000000000000 ]--- > ``` > > Until this gets fixed upstream, disable AFBC support on this > platform, as > it's currently broken with upstream Mesa. > > Signed-off-by: Ariel D'Alessandro <ariel.dalessandro(a)collabora.com> > --- > drivers/gpu/drm/mediatek/mtk_plane.c | 24 +----------------------- > 1 file changed, 1 insertion(+), 23 deletions(-) > > diff --git a/drivers/gpu/drm/mediatek/mtk_plane.c > b/drivers/gpu/drm/mediatek/mtk_plane.c > index 02349bd440017..788b52c1d10c5 100644 > --- a/drivers/gpu/drm/mediatek/mtk_plane.c > +++ b/drivers/gpu/drm/mediatek/mtk_plane.c > @@ -21,9 +21,6 @@ > > static const u64 modifiers[] = { > DRM_FORMAT_MOD_LINEAR, > - DRM_FORMAT_MOD_ARM_AFBC(AFBC_FORMAT_MOD_BLOCK_SIZE_32x8 | > - AFBC_FORMAT_MOD_SPLIT | > - AFBC_FORMAT_MOD_SPARSE), > DRM_FORMAT_MOD_INVALID, > }; > > @@ -71,26 +68,7 @@ static bool mtk_plane_format_mod_supported(struct > drm_plane *plane, > uint32_t format, > uint64_t modifier) > { > - if (modifier == DRM_FORMAT_MOD_LINEAR) > - return true; > - > - if (modifier != DRM_FORMAT_MOD_ARM_AFBC( > - AFBC_FORMAT_MOD_BLOCK_SIZE_32x8 | > - AFBC_FORMAT_MOD_SPLIT | > - AFBC_FORMAT_MOD_SPARSE)) > - return false; > - > - if (format != DRM_FORMAT_XRGB8888 && > - format != DRM_FORMAT_ARGB8888 && > - format != DRM_FORMAT_BGRX8888 && > - format != DRM_FORMAT_BGRA8888 && > - format != DRM_FORMAT_ABGR8888 && > - format != DRM_FORMAT_XBGR8888 && > - format != DRM_FORMAT_RGB888 && > - format != DRM_FORMAT_BGR888) > - return false; > - > - return true; > + return modifier == DRM_FORMAT_MOD_LINEAR; > } > > static void mtk_plane_destroy_state(struct drm_plane *plane, > Great! Thanks for this patch. I've tested this patch against k6.17.5 on mt8395-genio-1200-evk board, and it is working. I've also tested this patch with 'modetest -M mediatek -s 34@59:1200x1290' is working as well. I'm not sure if it is possible to add a "Fixes:" tag to this patch? Maybe add this patch with 'Cc: stable(a)vger.kernel.org #6.17' at least? Some Linux distros are currently using 6.17 for testing. Reviewed-by: Macpaul Lin <macpaul.lin(a)mediatek.com> Regards, Macpaul Lin

2 days, 22 hours

2
1
0 0

[PATCH v2 1/1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

If no NVM file matches the board_id, load the default NVM file. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/bluetooth/btusb.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index dcbff7641..6903606d3 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3482,15 +3482,14 @@ static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, } static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, - const struct qca_version *ver) + const struct qca_version *ver, + u16 board_id) { u32 rom_version = le32_to_cpu(ver->rom_version); const char *variant, *fw_subdir; int len; - u16 board_id; fw_subdir = qca_get_fw_subdirectory(ver); - board_id = qca_extract_board_id(ver); switch (le32_to_cpu(ver->ram_version)) { case WCN6855_2_0_RAM_VERSION_GF: @@ -3522,14 +3521,28 @@ static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, const struct firmware *fw; char fwname[80]; int err; + u16 board_id = 0; - btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); + board_id = qca_extract_board_id(ver); +retry: + btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver, board_id); err = request_firmware(&fw, fwname, &hdev->dev); if (err) { + if (err == -EINVAL) { + bt_dev_err(hdev, "QCOM BT firmware file request failed (%d)", err); + return err; + } + bt_dev_err(hdev, "failed to request NVM file: %s (%d)", fwname, err); - return err; + if (err == -ENOENT && board_id != 0) { + board_id = 0; + goto retry; + } else { + bt_dev_err(hdev, "QCOM BT firmware file request failed (%d)", err); + return err; + } } bt_dev_info(hdev, "using NVM file: %s", fwname); -- 2.34.1

2 days, 22 hours

1
0
0 0

[PATCH v1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

If no NVM file matches the board_id, load the default NVM file. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/btusb.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index dcbff7641..998dfd455 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3482,15 +3482,14 @@ static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, } static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, - const struct qca_version *ver) + const struct qca_version *ver, + u16 board_id) { u32 rom_version = le32_to_cpu(ver->rom_version); const char *variant, *fw_subdir; int len; - u16 board_id; fw_subdir = qca_get_fw_subdirectory(ver); - board_id = qca_extract_board_id(ver); switch (le32_to_cpu(ver->ram_version)) { case WCN6855_2_0_RAM_VERSION_GF: @@ -3522,13 +3521,25 @@ static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, const struct firmware *fw; char fwname[80]; int err; + u16 board_id = 0; - btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); + board_id = qca_extract_board_id(ver); +retry: + btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver, board_id); err = request_firmware(&fw, fwname, &hdev->dev); if (err) { + if (err == -EINVAL) { + bt_dev_err(hdev, "QCOM BT firmware file request failed (%d)", err); + return err; + } + bt_dev_err(hdev, "failed to request NVM file: %s (%d)", fwname, err); + if (err == -ENOENT && board_id != 0) { + board_id = 0; + goto retry; + } return err; } -- 2.34.1

2 days, 22 hours

3
3
0 0

Inquiry about purchasing your products

by PERDIS SUPER U

-- Hi, PERDIS SUPER U is a leading retail group in France with numerous outlets across the country. After reviewing your company profile and products, we’re very interested in establishing a long-term partnership. Kindly share your product catalog or website so we can review your offerings and pricing. We are ready to place orders and begin cooperation.Please note: Our payment terms are SWIFT, 14 days after delivery. Looking forward to your response. Best regards, Dominique Schelcher Director, PERDIS SUPER U RUE DE SAVOIE, 45600 SAINT-PÈRE-SUR-LOIRE VAT: FR65380071464 www.magasins-u.com

3 days

1
0
0 0

+ mm-mremap-honour-writable-bit-in-mremap-pte-batching.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mremap: honour writable bit in mremap pte batching has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mremap-honour-writable-bit-in-mremap-pte-batching.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: mm/mremap: honour writable bit in mremap pte batching Date: Tue, 28 Oct 2025 12:09:52 +0530 Currently mremap folio pte batch ignores the writable bit during figuring out a set of similar ptes mapping the same folio. Suppose that the first pte of the batch is writable while the others are not - set_ptes will end up setting the writable bit on the other ptes, which is a violation of mremap semantics. Therefore, use FPB_RESPECT_WRITE to check the writable bit while determining the pte batch. Link: https://lkml.kernel.org/r/20251028063952.90313-1-dev.jain@arm.com Signed-off-by: Dev Jain <dev.jain(a)arm.com> Fixes: f822a9a81a31 ("mm: optimize mremap() by PTE batching") Reported-by: David Hildenbrand <david(a)redhat.com> Debugged-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Pedro Falcato <pfalcato(a)suse.de> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/mremap.c~mm-mremap-honour-writable-bit-in-mremap-pte-batching +++ a/mm/mremap.c @@ -187,7 +187,7 @@ static int mremap_folio_pte_batch(struct if (!folio || !folio_test_large(folio)) return 1; - return folio_pte_batch(folio, ptep, pte, max_nr); + return folio_pte_batch_flags(folio, NULL, ptep, &pte, max_nr, FPB_RESPECT_WRITE); } static int move_ptes(struct pagetable_move_control *pmc, _ Patches currently in -mm which might be from dev.jain(a)arm.com are mm-mremap-honour-writable-bit-in-mremap-pte-batching.patch

3 days, 1 hour

1
0
0 0

+ gcov-add-support-for-gcc-15.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: gcov: add support for GCC 15 has been added to the -mm mm-hotfixes-unstable branch. Its filename is gcov-add-support-for-gcc-15.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Oberparleiter <oberpar(a)linux.ibm.com> Subject: gcov: add support for GCC 15 Date: Tue, 28 Oct 2025 12:51:25 +0100 Using gcov on kernels compiled with GCC 15 results in truncated 16-byte long .gcda files with no usable data. To fix this, update GCOV_COUNTERS to match the value defined by GCC 15. Tested with GCC 14.3.0 and GCC 15.2.0. Link: https://lkml.kernel.org/r/20251028115125.1319410-1-oberpar@linux.ibm.com Signed-off-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reported-by: Matthieu Baerts <matttbe(a)kernel.org> Closes: https://github.com/linux-test-project/lcov/issues/445 Tested-by: Matthieu Baerts <matttbe(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/gcov/gcc_4_7.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/gcov/gcc_4_7.c~gcov-add-support-for-gcc-15 +++ a/kernel/gcov/gcc_4_7.c @@ -18,7 +18,9 @@ #include <linux/mm.h> #include "gcov.h" -#if (__GNUC__ >= 14) +#if (__GNUC__ >= 15) +#define GCOV_COUNTERS 10 +#elif (__GNUC__ >= 14) #define GCOV_COUNTERS 9 #elif (__GNUC__ >= 10) #define GCOV_COUNTERS 8 _ Patches currently in -mm which might be from oberpar(a)linux.ibm.com are gcov-add-support-for-gcc-15.patch

3 days, 2 hours

1
0
0 0

+ s390-fix-hugetlb-vmemmap-optimization-crash.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: s390: fix HugeTLB vmemmap optimization crash has been added to the -mm mm-hotfixes-unstable branch. Its filename is s390-fix-hugetlb-vmemmap-optimization-crash.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Luiz Capitulino <luizcap(a)redhat.com> Subject: s390: fix HugeTLB vmemmap optimization crash Date: Tue, 28 Oct 2025 17:15:33 -0400 A reproducible crash occurs when enabling HugeTLB vmemmap optimization (HVO) on s390. The crash and the proposed fix were worked on an s390 KVM guest running on an older hypervisor, as I don't have access to an LPAR. However, the same issue should occur on bare-metal. Reproducer (it may take a few runs to trigger): # sysctl vm.hugetlb_optimize_vmemmap=1 # echo 1 > /proc/sys/vm/nr_hugepages # echo 0 > /proc/sys/vm/nr_hugepages Crash log: [ 52.340369] list_del corruption. prev->next should be 000000d382110008, but was 000000d7116d3880. (prev=000000d7116d3910) [ 52.340420] ------------[ cut here ]------------ [ 52.340424] kernel BUG at lib/list_debug.c:62! [ 52.340566] monitor event: 0040 ilc:2 [#1]SMP [ 52.340573] Modules linked in: ctcm fsm qeth ccwgroup zfcp scsi_transport_fc qdio dasd_fba_mod dasd_eckd_mod dasd_mod xfs ghash_s390 prng des_s390 libdes sha3_512_s390 sha3_256_s390 virtio_net virtio_blk net_failover sha_common failover dm_mirror dm_region_hash dm_log dm_mod paes_s390 crypto_engine pkey_cca pkey_ep11 zcrypt pkey_pckmo pkey aes_s390 [ 52.340606] CPU: 1 UID: 0 PID: 1672 Comm: root-rep2 Kdump: loaded Not tainted 6.18.0-rc3 #1 NONE [ 52.340610] Hardware name: IBM 3931 LA1 400 (KVM/Linux) [ 52.340611] Krnl PSW : 0704c00180000000 0000015710cda7fe (__list_del_entry_valid_or_report+0xfe/0x128) [ 52.340619] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [ 52.340622] Krnl GPRS: c0000000ffffefff 0000000100000027 000000000000006d 0000000000000000 [ 52.340623] 000000d7116d35d8 000000d7116d35d0 0000000000000002 000000d7116d39b0 [ 52.340625] 000000d7116d3880 000000d7116d3910 000000d7116d3910 000000d382110008 [ 52.340626] 000003ffac1ccd08 000000d7116d39b0 0000015710cda7fa 000000d7116d37d0 [ 52.340632] Krnl Code: 0000015710cda7ee: c020003e496f larl %r2,00000157114a3acc 0000015710cda7f4: c0e5ffd5280e brasl %r14,000001571077f810 #0000015710cda7fa: af000000 mc 0,0 >0000015710cda7fe: b9040029 lgr %r2,%r9 0000015710cda802: c0e5ffe5e193 brasl %r14,0000015710996b28 0000015710cda808: e34090080004 lg %r4,8(%r9) 0000015710cda80e: b9040059 lgr %r5,%r9 0000015710cda812: b9040038 lgr %r3,%r8 [ 52.340643] Call Trace: [ 52.340645] [<0000015710cda7fe>] __list_del_entry_valid_or_report+0xfe/0x128 [ 52.340649] ([<0000015710cda7fa>] __list_del_entry_valid_or_report+0xfa/0x128) [ 52.340652] [<0000015710a30b2e>] hugetlb_vmemmap_restore_folios+0x96/0x138 [ 52.340655] [<0000015710a268ac>] update_and_free_pages_bulk+0x64/0x150 [ 52.340659] [<0000015710a26f8a>] set_max_huge_pages+0x4ca/0x6f0 [ 52.340662] [<0000015710a273ba>] hugetlb_sysctl_handler_common+0xea/0x120 [ 52.340665] [<0000015710a27484>] hugetlb_sysctl_handler+0x44/0x50 [ 52.340667] [<0000015710b53ffa>] proc_sys_call_handler+0x17a/0x280 [ 52.340672] [<0000015710a90968>] vfs_write+0x2c8/0x3a0 [ 52.340676] [<0000015710a90bd2>] ksys_write+0x72/0x100 [ 52.340679] [<00000157111483a8>] __do_syscall+0x150/0x318 [ 52.340682] [<0000015711153a5e>] system_call+0x6e/0x90 [ 52.340684] Last Breaking-Event-Address: [ 52.340684] [<000001571077f85c>] _printk+0x4c/0x58 [ 52.340690] Kernel panic - not syncing: Fatal exception: panic_on_oops This issue was introduced by commit f13b83fdd996 ("hugetlb: batch TLB flushes when freeing vmemmap"). Before that change, the HVO implementation called flush_tlb_kernel_range() each time a vmemmap PMD split and remapping was performed. The mentioned commit changed this to issue a few flush_tlb_all() calls after performing all remappings. However, on s390, flush_tlb_kernel_range() expands to __tlb_flush_kernel() while flush_tlb_all() is not implemented. As a result, we went from flushing the TLB for every remapping to no flushing at all. This commit fixes this by implementing flush_tlb_all() on s390 as an alias to __tlb_flush_global(). This should cause a flush on all TLB entries on all CPUs as expected by the flush_tlb_all() semantics. Link: https://lkml.kernel.org/r/20251028211533.47694-1-luizcap@redhat.com Fixes: f13b83fdd996 ("hugetlb: batch TLB flushes when freeing vmemmap") Signed-off-by: Luiz Capitulino <luizcap(a)redhat.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Joao Martins <joao.m.martins(a)oracle.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/include/asm/tlbflush.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/arch/s390/include/asm/tlbflush.h~s390-fix-hugetlb-vmemmap-optimization-crash +++ a/arch/s390/include/asm/tlbflush.h @@ -103,9 +103,13 @@ static inline void __tlb_flush_mm_lazy(s * flush_tlb_range functions need to do the flush. */ #define flush_tlb() do { } while (0) -#define flush_tlb_all() do { } while (0) #define flush_tlb_page(vma, addr) do { } while (0) +static inline void flush_tlb_all(void) +{ + __tlb_flush_global(); +} + static inline void flush_tlb_mm(struct mm_struct *mm) { __tlb_flush_mm_lazy(mm); _ Patches currently in -mm which might be from luizcap(a)redhat.com are s390-fix-hugetlb-vmemmap-optimization-crash.patch

3 days, 3 hours

1
0
0 0

[PATCH] video: valkyriefb: Fix reference count leak in valkyriefb_init

by Miaoqian Lin

The of_find_node_by_name() function returns a device tree node with its reference count incremented. The caller is responsible for calling of_node_put() to release this reference when done. Found via static analysis. Fixes: cc5d0189b9ba ("[PATCH] powerpc: Remove device_node addrs/n_addr") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/video/fbdev/valkyriefb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/video/fbdev/valkyriefb.c b/drivers/video/fbdev/valkyriefb.c index 91d070ef6989..6ff059ee1694 100644 --- a/drivers/video/fbdev/valkyriefb.c +++ b/drivers/video/fbdev/valkyriefb.c @@ -329,11 +329,13 @@ static int __init valkyriefb_init(void) if (of_address_to_resource(dp, 0, &r)) { printk(KERN_ERR "can't find address for valkyrie\n"); + of_node_put(dp); return 0; } frame_buffer_phys = r.start; cmap_regs_phys = r.start + 0x304000; + of_node_put(dp); } #endif /* ppc (!CONFIG_MAC) */ -- 2.39.5 (Apple Git-154)

3 days, 3 hours

2
1
0 0

+ codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext has been added to the -mm mm-new branch. Its filename is codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hao Ge <gehao(a)kylinos.cn> Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext Date: Mon, 27 Oct 2025 16:52:14 +0800 Even though obj_exts was created with the __GFP_NO_OBJ_EXT flag, objects in the same slab may have their extensions allocated via alloc_slab_obj_exts, and handle_failed_objexts_alloc may be called within alloc_slab_obj_exts to set their codetag to CODETAG_EMPTY. Therefore, both NULL and CODETAG_EMPTY are valid for the codetag of slabobj_ext, as we do not need to re-set it to CODETAG_EMPTY if it is already CODETAG_EMPTY. It also resolves the warning triggered when the codetag is CODETAG_EMPTY during slab freeing. This issue also occurred during our memory stress testing. The possibility of its occurrence should be as follows: When a slab allocates a slabobj_ext, the slab to which this slabobj_ext belongs may have already allocated its own slabobj_ext and called handle_failed_objexts_alloc. That is to say, the codetag of this slabobj_ext has been set to CODETAG_EMPTY. To quickly detect this WARN, I modified the code from:WARN_ON(slab_exts[offs].ref.ct) to WARN_ON(slab_exts[offs].ref.ct == 1); We then obtained this message: [21630.898561] ------------[ cut here ]------------ [21630.898596] kernel BUG at mm/slub.c:2050! [21630.898611] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [21630.900372] Modules linked in: squashfs isofs vfio_iommu_type1 vhost_vsock vfio vhost_net vmw_vsock_virtio_transport_common vhost tap vhost_iotlb iommufd vsock binfmt_misc nfsv3 nfs_acl nfs lockd grace netfs tls rds dns_resolver tun brd overlay ntfs3 exfat btrfs blake2b_generic xor xor_neon raid6_pq loop sctp ip6_udp_tunnel udp_tunnel nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables rfkill ip_set sunrpc vfat fat joydev sg sch_fq_codel nfnetlink virtio_gpu sr_mod cdrom drm_client_lib virtio_dma_buf drm_shmem_helper drm_kms_helper drm ghash_ce backlight virtio_net virtio_blk virtio_scsi net_failover virtio_console failover virtio_mmio dm_mirror dm_region_hash dm_log dm_multipath dm_mod fuse i2c_dev virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev virtio virtio_ring autofs4 aes_neon_bs aes_ce_blk [last unloaded: hwpoison_inject] [21630.909177] CPU: 3 UID: 0 PID: 3787 Comm: kylin-process-m Kdump: loaded Tainted: G�� W�� 6.18.0-rc1+ #74 PREEMPT(voluntary) [21630.910495] Tainted: [W]=WARN [21630.910867] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [21630.911625] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [21630.912392] pc : __free_slab+0x228/0x250 [21630.912868] lr : __free_slab+0x18c/0x250[21630.913334] sp : ffff8000a02f73e0 [21630.913830] x29: ffff8000a02f73e0 x28: fffffdffc43fc800 x27: ffff0000c0011c40 [21630.914677] x26: ffff0000c000cac0 x25: ffff00010fe5e5f0 x24: ffff000102199b40 [21630.915469] x23: 0000000000000003 x22: 0000000000000003 x21: ffff0000c0011c40 [21630.916259] x20: fffffdffc4086600 x19: fffffdffc43fc800 x18: 0000000000000000 [21630.917048] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [21630.917837] x14: 0000000000000000 x13: 0000000000000000 x12: ffff70001405ee66 [21630.918640] x11: 1ffff0001405ee65 x10: ffff70001405ee65 x9 : ffff800080a295dc [21630.919442] x8 : ffff8000a02f7330 x7 : 0000000000000000 x6 : 0000000000003000 [21630.920232] x5 : 0000000024924925 x4 : 0000000000000001 x3 : 0000000000000007 [21630.921021] x2 : 0000000000001b40 x1 : 000000000000001f x0 : 0000000000000001 [21630.921810] Call trace: [21630.922130]�� __free_slab+0x228/0x250 (P) [21630.922669]�� free_slab+0x38/0x118 [21630.923079]�� free_to_partial_list+0x1d4/0x340 [21630.923591]�� __slab_free+0x24c/0x348 [21630.924024]�� ___cache_free+0xf0/0x110 [21630.924468]�� qlist_free_all+0x78/0x130 [21630.924922]�� kasan_quarantine_reduce+0x114/0x148 [21630.925525]�� __kasan_slab_alloc+0x7c/0xb0 [21630.926006]�� kmem_cache_alloc_noprof+0x164/0x5c8 [21630.926699]�� __alloc_object+0x44/0x1f8 [21630.927153]�� __create_object+0x34/0xc8 [21630.927604]�� kmemleak_alloc+0xb8/0xd8 [21630.928052]�� kmem_cache_alloc_noprof+0x368/0x5c8 [21630.928606]�� getname_flags.part.0+0xa4/0x610 [21630.929112]�� getname_flags+0x80/0xd8 [21630.929557]�� vfs_fstatat+0xc8/0xe0 [21630.929975]�� __do_sys_newfstatat+0xa0/0x100 [21630.930469]�� __arm64_sys_newfstatat+0x90/0xd8 [21630.931046]�� invoke_syscall+0xd4/0x258 [21630.931685]�� el0_svc_common.constprop.0+0xb4/0x240 [21630.932467]�� do_el0_svc+0x48/0x68 [21630.932972]�� el0_svc+0x40/0xe0 [21630.933472]�� el0t_64_sync_handler+0xa0/0xe8 [21630.934151]�� el0t_64_sync+0x1ac/0x1b0 [21630.934923] Code: aa1803e0 97ffef2b a9446bf9 17ffff9c (d4210000) [21630.936461] SMP: stopping secondary CPUs [21630.939550] Starting crashdump kernel... [21630.940108] Bye! Link: https://lkml.kernel.org/r/20251027085214.184672-1-hao.ge@linux.dev Fixes: 09c46563ff6d ("codetag: debug: introduce OBJEXTS_ALLOC_FAIL to mark failed slab_ext allocations") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/mm/slub.c~codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext +++ a/mm/slub.c @@ -2046,7 +2046,17 @@ static inline void mark_objexts_empty(st if (slab_exts) { unsigned int offs = obj_to_index(obj_exts_slab->slab_cache, obj_exts_slab, obj_exts); - /* codetag should be NULL */ + + /* + * codetag should be either NULL or CODETAG_EMPTY. + * When the same slab calls handle_failed_objexts_alloc, + * it will set us to CODETAG_EMPTY. + * + * If codetag is already CODETAG_EMPTY, no action is needed here. + */ + if (unlikely(is_codetag_empty(&slab_exts[offs].ref))) + return; + WARN_ON(slab_exts[offs].ref.ct); set_codetag_empty(&slab_exts[offs].ref); } _ Patches currently in -mm which might be from gehao(a)kylinos.cn are codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch

3 days, 4 hours

1
0
0 0

+ mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mm_init: fix hash table order logging in alloc_large_system_hash() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Isaac J. Manjarres" <isaacmanjarres(a)google.com> Subject: mm/mm_init: fix hash table order logging in alloc_large_system_hash() Date: Tue, 28 Oct 2025 12:10:12 -0700 When emitting the order of the allocation for a hash table, alloc_large_system_hash() unconditionally subtracts PAGE_SHIFT from log base 2 of the allocation size. This is not correct if the allocation size is smaller than a page, and yields a negative value for the order as seen below: TCP established hash table entries: 32 (order: -4, 256 bytes, linear) TCP bind hash table entries: 32 (order: -2, 1024 bytes, linear) Use get_order() to compute the order when emitting the hash table information to correctly handle cases where the allocation size is smaller than a page: TCP established hash table entries: 32 (order: 0, 256 bytes, linear) TCP bind hash table entries: 32 (order: 0, 1024 bytes, linear) Link: https://lkml.kernel.org/r/20251028191020.413002-1-isaacmanjarres@google.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mm_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/mm_init.c~mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash +++ a/mm/mm_init.c @@ -2469,7 +2469,7 @@ void *__init alloc_large_system_hash(con panic("Failed to allocate %s hash table\n", tablename); pr_info("%s hash table entries: %ld (order: %d, %lu bytes, %s)\n", - tablename, 1UL << log2qty, ilog2(size) - PAGE_SHIFT, size, + tablename, 1UL << log2qty, get_order(size), size, virt ? (huge ? "vmalloc hugepage" : "vmalloc") : "linear"); if (_hash_shift) _ Patches currently in -mm which might be from isaacmanjarres(a)google.com are mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash.patch

3 days, 4 hours

1
0
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102058-citadel-crinkly-125f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

3 days, 4 hours

2
1
0 0

[tip: x86/urgent] x86/fpu: Ensure XFD state on signal delivery

by tip-bot2 for Chang S. Bae

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 388eff894d6bc5f921e9bfff0e4b0ab2684a96e9 Gitweb: https://git.kernel.org/tip/388eff894d6bc5f921e9bfff0e4b0ab2684a96e9 Author: Chang S. Bae <chang.seok.bae(a)intel.com> AuthorDate: Mon, 09 Jun 2025 17:16:59 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 28 Oct 2025 12:10:59 -07:00 x86/fpu: Ensure XFD state on signal delivery Sean reported [1] the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace: <TASK> fpu__clear_user_states+0x9c/0x100 arch_do_signal_or_restart+0x142/0x210 exit_to_user_mode_loop+0x55/0x100 do_syscall_64+0x205/0x2c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Chao further identified [2] a reproducible scenario involving signal delivery: a non-AMX task is preempted by an AMX-enabled task which modifies the XFD MSR. When the non-AMX task resumes and reloads XSTATE with init values, a warning is triggered due to a mismatch between fpstate::xfd and the CPU's current XFD state. fpu__clear_user_states() does not currently re-synchronize the XFD state after such preemption. Invoke xfd_update_state() which detects and corrects the mismatch if there is a dynamic feature. This also benefits the sigreturn path, as fpu__restore_sig() may call fpu__clear_user_states() when the sigframe is inaccessible. [ dhansen: minor changelog munging ] Closes: https://lore.kernel.org/lkml/aDCo_SczQOUaB2rS@google.com [1] Fixes: 672365477ae8a ("x86/fpu: Update XFD state where required") Reported-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Chang S. Bae <chang.seok.bae(a)intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Chao Gao <chao.gao(a)intel.com> Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/all/aDWbctO%2FRfTGiCg3@intel.com [2] Cc:stable@vger.kernel.org Link: https://patch.msgid.link/20250610001700.4097-1-chang.seok.bae%40intel.com --- arch/x86/kernel/fpu/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 1f71cc1..e88eacb 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -825,6 +825,9 @@ void fpu__clear_user_states(struct fpu *fpu) !fpregs_state_valid(fpu, smp_processor_id())) os_xrstor_supervisor(fpu->fpstate); + /* Ensure XFD state is in sync before reloading XSTATE */ + xfd_update_state(fpu->fpstate); + /* Reset user states in registers. */ restore_fpregs_from_init_fpstate(XFEATURE_MASK_USER_RESTORE);

3 days, 5 hours

1
0
0 0

[PATCH v3] PCI: dw-rockchip: Prevent advertising L1 Substates support

by Niklas Cassel

The L1 substates support requires additional steps to work, namely: -Proper handling of the CLKREQ# sideband signal. (It is mostly handled by hardware, but software still needs to set the clkreq fields in the PCIE_CLIENT_POWER_CON register to match the hardware implementation.) -Program the frequency of the aux clock into the DSP_PCIE_PL_AUX_CLK_FREQ_OFF register. (During L1 substates the core_clk is turned off and the aux_clk is used instead.) These steps are currently missing from the driver. For more details, see section '18.6.6.4 L1 Substate' in the RK3658 TRM 1.1 Part 2, or section '11.6.6.4 L1 Substate' in the RK3588 TRM 1.0 Part2. While this has always been a problem when using e.g. CONFIG_PCIEASPM_POWER_SUPERSAVE=y, or when modifying /sys/bus/pci/devices/.../link/l1_2_aspm, the lacking driver support for L1 substates became more apparent after commit f3ac2ff14834 ("PCI/ASPM: Enable all ClockPM and ASPM states for devicetree platforms"), which enabled ASPM also for CONFIG_PCIEASPM_DEFAULT=y. When using e.g. an NVMe drive connected to the PCIe controller, the problem will be seen as: nvme nvme0: controller is down; will reset: CSTS=0xffffffff, PCI_STATUS=0x10 nvme nvme0: Does your device have a faulty power saving mode enabled? nvme nvme0: Try "nvme_core.default_ps_max_latency_us=0 pcie_aspm=off pcie_port_pm=off" and report a bug Thus, prevent advertising L1 Substates support until proper driver support is added. Cc: stable(a)vger.kernel.org Fixes: 0e898eb8df4e ("PCI: rockchip-dwc: Add Rockchip RK356X host controller driver") Fixes: f3ac2ff14834 ("PCI/ASPM: Enable all ClockPM and ASPM states for devicetree platforms") Acked-by: Shawn Lin <shawn.lin(a)rock-chips.com> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- Changes since v2: -Improve commit message (Bjorn) drivers/pci/controller/dwc/pcie-dw-rockchip.c | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-dw-rockchip.c b/drivers/pci/controller/dwc/pcie-dw-rockchip.c index 3e2752c7dd09..84f882abbca5 100644 --- a/drivers/pci/controller/dwc/pcie-dw-rockchip.c +++ b/drivers/pci/controller/dwc/pcie-dw-rockchip.c @@ -200,6 +200,25 @@ static bool rockchip_pcie_link_up(struct dw_pcie *pci) return FIELD_GET(PCIE_LINKUP_MASK, val) == PCIE_LINKUP; } +/* + * See e.g. section '11.6.6.4 L1 Substate' in the RK3588 TRM V1.0 for the steps + * needed to support L1 substates. Currently, not a single rockchip platform + * performs these steps, so disable L1 substates until there is proper support. + */ +static void rockchip_pcie_disable_l1sub(struct dw_pcie *pci) +{ + u32 cap, l1subcap; + + cap = dw_pcie_find_ext_capability(pci, PCI_EXT_CAP_ID_L1SS); + if (cap) { + l1subcap = dw_pcie_readl_dbi(pci, cap + PCI_L1SS_CAP); + l1subcap &= ~(PCI_L1SS_CAP_L1_PM_SS | PCI_L1SS_CAP_ASPM_L1_1 | + PCI_L1SS_CAP_ASPM_L1_2 | PCI_L1SS_CAP_PCIPM_L1_1 | + PCI_L1SS_CAP_PCIPM_L1_2); + dw_pcie_writel_dbi(pci, cap + PCI_L1SS_CAP, l1subcap); + } +} + static void rockchip_pcie_enable_l0s(struct dw_pcie *pci) { u32 cap, lnkcap; @@ -264,6 +283,7 @@ static int rockchip_pcie_host_init(struct dw_pcie_rp *pp) irq_set_chained_handler_and_data(irq, rockchip_pcie_intx_handler, rockchip); + rockchip_pcie_disable_l1sub(pci); rockchip_pcie_enable_l0s(pci); return 0; @@ -301,6 +321,7 @@ static void rockchip_pcie_ep_init(struct dw_pcie_ep *ep) struct dw_pcie *pci = to_dw_pcie_from_ep(ep); enum pci_barno bar; + rockchip_pcie_disable_l1sub(pci); rockchip_pcie_enable_l0s(pci); rockchip_pcie_ep_hide_broken_ats_cap_rk3588(ep); -- 2.51.0

3 days, 5 hours

4
6
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102056-qualify-unopposed-be08@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

3 days, 6 hours

2
1
0 0

[PATCH] media: uvcvideo: Fix support for V4L2_CTRL_FLAG_HAS_WHICH_MIN_MAX

by Ricardo Ribalda

The VIDIOC_G_EXT_CTRLS with which V4L2_CTRL_WHICH_(MIN|MAX)_VAL can only work for controls that have previously announced support for it. This patch fixes the following v4l2-compliance error: info: checking extended control 'User Controls' (0x00980001) fail: v4l2-test-controls.cpp(980): ret != EINVAL (got 13) test VIDIOC_G/S/TRY_EXT_CTRLS: FAIL Fixes: 39d2c891c96e ("media: uvcvideo: support V4L2_CTRL_WHICH_MIN/MAX_VAL") Cc: stable(a)vger.kernel.org Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- drivers/media/usb/uvc/uvc_ctrl.c | 11 +++++++++-- drivers/media/usb/uvc/uvc_v4l2.c | 9 ++++++--- drivers/media/usb/uvc/uvcvideo.h | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 2905505c240c060e5034ea12d33b59d5702f2e1f..2f7d5cdd18e072a47fb5906da0f847dd449911b4 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1432,7 +1432,7 @@ static bool uvc_ctrl_is_readable(u32 which, struct uvc_control *ctrl, * auto_exposure=1, exposure_time_absolute=251. */ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl) { struct uvc_control_mapping *master_map = NULL; @@ -1442,14 +1442,21 @@ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, s32 val; int ret; int i; + bool is_which_min_max = (ioctl == VIDIOC_G_EXT_CTRLS && + (which == V4L2_CTRL_WHICH_MIN_VAL || + which == V4L2_CTRL_WHICH_MAX_VAL)); if (__uvc_query_v4l2_class(chain, v4l2_id, 0) >= 0) - return -EACCES; + return is_which_min_max ? -EINVAL : -EACCES; ctrl = uvc_find_control(chain, v4l2_id, &mapping); if (!ctrl) return -EINVAL; + if ((!(ctrl->info.flags & UVC_CTRL_FLAG_GET_MAX) || + !(ctrl->info.flags & UVC_CTRL_FLAG_GET_MIN)) && is_which_min_max) + return -EINVAL; + if (ioctl == VIDIOC_G_EXT_CTRLS) return uvc_ctrl_is_readable(ctrls->which, ctrl, mapping); diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index 9e4a251eca88085a1b4e0e854370015855be92ee..d5274dc94da3c60f1f4566b307dd445f30c4f45f 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -765,6 +765,7 @@ static int uvc_ioctl_query_ext_ctrl(struct file *file, void *priv, static int uvc_ctrl_check_access(struct uvc_video_chain *chain, struct v4l2_ext_controls *ctrls, + u32 which, unsigned long ioctl) { struct v4l2_ext_control *ctrl = ctrls->controls; @@ -772,7 +773,8 @@ static int uvc_ctrl_check_access(struct uvc_video_chain *chain, int ret = 0; for (i = 0; i < ctrls->count; ++ctrl, ++i) { - ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, ioctl); + ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, which, + ioctl); if (ret) break; } @@ -806,7 +808,7 @@ static int uvc_ioctl_g_ext_ctrls(struct file *file, void *priv, which = V4L2_CTRL_WHICH_CUR_VAL; } - ret = uvc_ctrl_check_access(chain, ctrls, VIDIOC_G_EXT_CTRLS); + ret = uvc_ctrl_check_access(chain, ctrls, which, VIDIOC_G_EXT_CTRLS); if (ret < 0) return ret; @@ -840,7 +842,8 @@ static int uvc_ioctl_s_try_ext_ctrls(struct uvc_fh *handle, if (!ctrls->count) return 0; - ret = uvc_ctrl_check_access(chain, ctrls, ioctl); + ret = uvc_ctrl_check_access(chain, ctrls, V4L2_CTRL_WHICH_CUR_VAL, + ioctl); if (ret < 0) return ret; diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index ed7bad31f75ca474c1037d666d5310c78dd764df..d583425893a5f716185153a07aae9bfe20182964 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -786,7 +786,7 @@ int uvc_ctrl_get(struct uvc_video_chain *chain, u32 which, struct v4l2_ext_control *xctrl); int uvc_ctrl_set(struct uvc_fh *handle, struct v4l2_ext_control *xctrl); int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl); int uvc_xu_ctrl_query(struct uvc_video_chain *chain, --- base-commit: c218ce4f98eccf5a40de64c559c52d61e9cc78ee change-id: 20251028-uvc-fix-which-c3ba1fb68ed5 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

3 days, 7 hours

1
0
0 0

[PATCH AUTOSEL 6.17] serial: qcom-geni: Add DFS clock mode support to GENI UART driver

by Sasha Levin

From: Viken Dadhaniya <viken.dadhaniya(a)oss.qualcomm.com> [ Upstream commit fc6a5b540c02d1ec624e4599f45a17f2941a5c00 ] GENI UART driver currently supports only non-DFS (Dynamic Frequency Scaling) mode for source frequency selection. However, to operate correctly in DFS mode, the GENI SCLK register must be programmed with the appropriate DFS index. Failing to do so can result in incorrect frequency selection Add support for Dynamic Frequency Scaling (DFS) mode in the GENI UART driver by configuring the GENI_CLK_SEL register with the appropriate DFS index. This ensures correct frequency selection when operating in DFS mode. Replace the UART driver-specific logic for clock selection with the GENI common driver function to obtain the desired frequency and corresponding clock index. This improves maintainability and consistency across GENI-based drivers. Signed-off-by: Viken Dadhaniya <viken.dadhaniya(a)oss.qualcomm.com> Link: https://lore.kernel.org/r/20250903063136.3015237-1-viken.dadhaniya@oss.qual… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: YES - Fixes a real bug in DFS mode: The UART driver previously never programmed the GENI DFS clock selection register, so on platforms where the GENI core clock runs in Dynamic Frequency Scaling (DFS) mode, UART could pick the wrong source clock and thus the wrong baud. This change explicitly programs the DFS index so the selected source frequency matches the computed divider. - New write of the DFS index to the hardware register: drivers/tty/serial/qcom_geni_serial.c:1306 - DFS clock select register and mask exist in the common header: include/linux/soc/qcom/geni-se.h:85, include/linux/soc/qcom/geni- se.h:145 - Uses the common GENI clock-matching helper instead of ad‑hoc logic: The patch replaces driver-local clock rounding/tolerance code with the GENI core’s frequency matching routine, ensuring consistent clock selection across GENI-based drivers and improving maintainability. - New source frequency selection via common helper: drivers/tty/serial/qcom_geni_serial.c:1270 - Common helper is present and exported in the GENI core: drivers/soc/qcom/qcom-geni-se.c:720 - Maintains existing divisor programming and adds a safety check: The driver still computes and programs the serial clock divider, now with a guard to avoid overflow of the divider field. - Divider computation and range check: drivers/tty/serial/qcom_geni_serial.c:1277, drivers/tty/serial/qcom_geni_serial.c:1279 - Divider write to both M/S clock cfg registers remains as before: drivers/tty/serial/qcom_geni_serial.c:1303, drivers/tty/serial/qcom_geni_serial.c:1304 - Consistency with other GENI drivers already using DFS index programming: Other GENI protocol drivers (e.g., SPI) already program `SE_GENI_CLK_SEL` with the index returned by the common helper, so this change aligns UART with established practice and reduces risk. - SPI uses the same pattern: drivers/spi/spi-geni-qcom.c:383, drivers/spi/spi-geni-qcom.c:385–386 - Small, contained, and low-risk: - Touches a single driver file with a localized change in clock setup. - No ABI or architectural changes; relies on existing GENI core helpers and headers. - Additional register write is standard and used by other GENI drivers; masks index with `CLK_SEL_MSK` (include/linux/soc/qcom/geni-se.h:145) for safety. - Includes defensive error handling if no matching clock level is found and a divider overflow guard (drivers/tty/serial/qcom_geni_serial.c:1271–1275, drivers/tty/serial/qcom_geni_serial.c:1279–1281). - User impact: Without this, UART on DFS-enabled platforms can run at an incorrect baud, causing broken serial communication (including console). The fix directly addresses that functional issue. - Stable backport criteria: - Fixes an important, user-visible bug (incorrect baud under DFS). - Minimal and self-contained change, no new features or interfaces. - Leverages existing, widely used GENI core APIs already present in stable series. Note: One minor nit in the debug print includes an extra newline before `clk_idx`, but it’s harmless and does not affect functionality (drivers/tty/serial/qcom_geni_serial.c:1284). drivers/tty/serial/qcom_geni_serial.c | 92 ++++++--------------------- 1 file changed, 21 insertions(+), 71 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 81f385d900d06..ff401e331f1bb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1,5 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 -// Copyright (c) 2017-2018, The Linux foundation. All rights reserved. +/* + * Copyright (c) 2017-2018, The Linux foundation. All rights reserved. + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. + */ /* Disable MMIO tracing to prevent excessive logging of unwanted MMIO traces */ #define __DISABLE_TRACE_MMIO__ @@ -1253,75 +1256,15 @@ static int qcom_geni_serial_startup(struct uart_port *uport) return 0; } -static unsigned long find_clk_rate_in_tol(struct clk *clk, unsigned int desired_clk, - unsigned int *clk_div, unsigned int percent_tol) -{ - unsigned long freq; - unsigned long div, maxdiv; - u64 mult; - unsigned long offset, abs_tol, achieved; - - abs_tol = div_u64((u64)desired_clk * percent_tol, 100); - maxdiv = CLK_DIV_MSK >> CLK_DIV_SHFT; - div = 1; - while (div <= maxdiv) { - mult = (u64)div * desired_clk; - if (mult != (unsigned long)mult) - break; - - offset = div * abs_tol; - freq = clk_round_rate(clk, mult - offset); - - /* Can only get lower if we're done */ - if (freq < mult - offset) - break; - - /* - * Re-calculate div in case rounding skipped rates but we - * ended up at a good one, then check for a match. - */ - div = DIV_ROUND_CLOSEST(freq, desired_clk); - achieved = DIV_ROUND_CLOSEST(freq, div); - if (achieved <= desired_clk + abs_tol && - achieved >= desired_clk - abs_tol) { - *clk_div = div; - return freq; - } - - div = DIV_ROUND_UP(freq, desired_clk); - } - - return 0; -} - -static unsigned long get_clk_div_rate(struct clk *clk, unsigned int baud, - unsigned int sampling_rate, unsigned int *clk_div) -{ - unsigned long ser_clk; - unsigned long desired_clk; - - desired_clk = baud * sampling_rate; - if (!desired_clk) - return 0; - - /* - * try to find a clock rate within 2% tolerance, then within 5% - */ - ser_clk = find_clk_rate_in_tol(clk, desired_clk, clk_div, 2); - if (!ser_clk) - ser_clk = find_clk_rate_in_tol(clk, desired_clk, clk_div, 5); - - return ser_clk; -} - static int geni_serial_set_rate(struct uart_port *uport, unsigned int baud) { struct qcom_geni_serial_port *port = to_dev_port(uport); unsigned long clk_rate; - unsigned int avg_bw_core; + unsigned int avg_bw_core, clk_idx; unsigned int clk_div; u32 ver, sampling_rate; u32 ser_clk_cfg; + int ret; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1329,17 +1272,22 @@ static int geni_serial_set_rate(struct uart_port *uport, unsigned int baud) if (ver >= QUP_SE_VERSION_2_5) sampling_rate /= 2; - clk_rate = get_clk_div_rate(port->se.clk, baud, - sampling_rate, &clk_div); - if (!clk_rate) { - dev_err(port->se.dev, - "Couldn't find suitable clock rate for %u\n", - baud * sampling_rate); + ret = geni_se_clk_freq_match(&port->se, baud * sampling_rate, &clk_idx, &clk_rate, false); + if (ret) { + dev_err(port->se.dev, "Failed to find src clk for baud rate: %d ret: %d\n", + baud, ret); + return ret; + } + + clk_div = DIV_ROUND_UP(clk_rate, baud * sampling_rate); + /* Check if calculated divider exceeds maximum allowed value */ + if (clk_div > (CLK_DIV_MSK >> CLK_DIV_SHFT)) { + dev_err(port->se.dev, "Calculated clock divider %u exceeds maximum\n", clk_div); return -EINVAL; } - dev_dbg(port->se.dev, "desired_rate = %u, clk_rate = %lu, clk_div = %u\n", - baud * sampling_rate, clk_rate, clk_div); + dev_dbg(port->se.dev, "desired_rate = %u, clk_rate = %lu, clk_div = %u\n, clk_idx = %u\n", + baud * sampling_rate, clk_rate, clk_div, clk_idx); uport->uartclk = clk_rate; port->clk_rate = clk_rate; @@ -1359,6 +1307,8 @@ static int geni_serial_set_rate(struct uart_port *uport, unsigned int baud) writel(ser_clk_cfg, uport->membase + GENI_SER_M_CLK_CFG); writel(ser_clk_cfg, uport->membase + GENI_SER_S_CLK_CFG); + /* Configure clock selection register with the selected clock index */ + writel(clk_idx & CLK_SEL_MSK, uport->membase + SE_GENI_CLK_SEL); return 0; } -- 2.51.0

3 days, 7 hours

15
479
0 0

[PATCH AUTOSEL 6.17-5.4] ACPI: property: Return present device nodes only on fwnode interface

by Sasha Levin

From: Sakari Ailus <sakari.ailus(a)linux.intel.com> [ Upstream commit d9f866b2bb3eec38b3734f1fed325ec7c55ccdfa ] fwnode_graph_get_next_subnode() may return fwnode backed by ACPI device nodes and there has been no check these devices are present in the system, unlike there has been on fwnode OF backend. In order to provide consistent behaviour towards callers, add a check for device presence by introducing a new function acpi_get_next_present_subnode(), used as the get_next_child_node() fwnode operation that also checks device node presence. Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Jonathan Cameron <jonathan.cameron(a)huawei.com> Link: https://patch.msgid.link/20251001102636.1272722-2-sakari.ailus@linux.intel.… [ rjw: Kerneldoc comment and changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: YES – this change fixes a real behavioural bug in the ACPI fwnode backend and should go to stable. - `drivers/acpi/property.c:1375` adds `acpi_get_next_present_subnode()` so `.get_next_child_node` skips ACPI child devices whose `_STA` says they are absent (`acpi_device_is_present()`), while still returning data subnodes unchanged. - The new helper is now wired into the ACPI fwnode ops (`drivers/acpi/property.c:1731`), making generic helpers such as `fwnode_get_next_child_node()` and macros like `fwnode_for_each_child_node` (`include/linux/property.h:167`) behave the same as the OF backend, which already filtered unavailable children via `of_get_next_available_child()` (`drivers/of/property.c:1070`). - Several core helpers assume disabled endpoints never surface: e.g. `fwnode_graph_get_endpoint_by_id()` in `drivers/base/property.c:1286` promises to hide endpoints on disabled devices, and higher layers such as `v4l2_fwnode_reference_get_int_prop()` (`drivers/media/v4l2-core/v4l2-fwnode.c:1064`) iterate child nodes without rechecking availability. On ACPI systems today they still see powered-off devices, leading to asynchronous notifiers that wait forever for hardware that can’t appear, or to bogus graph enumerations. This patch closes that gap. Risk is low: it only suppresses ACPI device nodes already known to be absent, aligns behaviour with DT userspace expectations, and leaves data nodes untouched. No extra dependencies are required, so the fix is self- contained and appropriate for stable backporting. Suggest running existing ACPI graph users (media/typec drivers) after backport to confirm no regressions. drivers/acpi/property.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/property.c b/drivers/acpi/property.c index c086786fe84cb..d74678f0ba4af 100644 --- a/drivers/acpi/property.c +++ b/drivers/acpi/property.c @@ -1357,6 +1357,28 @@ struct fwnode_handle *acpi_get_next_subnode(const struct fwnode_handle *fwnode, return NULL; } +/* + * acpi_get_next_present_subnode - Return the next present child node handle + * @fwnode: Firmware node to find the next child node for. + * @child: Handle to one of the device's child nodes or a null handle. + * + * Like acpi_get_next_subnode(), but the device nodes returned by + * acpi_get_next_present_subnode() are guaranteed to be present. + * + * Returns: The fwnode handle of the next present sub-node. + */ +static struct fwnode_handle * +acpi_get_next_present_subnode(const struct fwnode_handle *fwnode, + struct fwnode_handle *child) +{ + do { + child = acpi_get_next_subnode(fwnode, child); + } while (is_acpi_device_node(child) && + !acpi_device_is_present(to_acpi_device_node(child))); + + return child; +} + /** * acpi_node_get_parent - Return parent fwnode of this fwnode * @fwnode: Firmware node whose parent to get @@ -1701,7 +1723,7 @@ static int acpi_fwnode_irq_get(const struct fwnode_handle *fwnode, .property_read_string_array = \ acpi_fwnode_property_read_string_array, \ .get_parent = acpi_node_get_parent, \ - .get_next_child_node = acpi_get_next_subnode, \ + .get_next_child_node = acpi_get_next_present_subnode, \ .get_named_child_node = acpi_fwnode_get_named_child_node, \ .get_name = acpi_fwnode_get_name, \ .get_name_prefix = acpi_fwnode_get_name_prefix, \ -- 2.51.0

3 days, 7 hours

2
46
0 0

[PATCH] x86/fpu: Ensure XFD state on signal delivery

by Chang S. Bae

Sean reported [1] the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace: <TASK> fpu__clear_user_states+0x9c/0x100 arch_do_signal_or_restart+0x142/0x210 exit_to_user_mode_loop+0x55/0x100 do_syscall_64+0x205/0x2c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Chao further identified [2] a reproducible scenarios involving signal delivery: a non-AMX task is preempted by an AMX-enabled task which modifies the XFD MSR. When the non-AMX task resumes and reloads XSTATE with init values, a warning is triggered due to a mismatch between fpstate::xfd and the CPU's current XFD state. fpu__clear_user_states() does not currently re-synchronize the XFD state after such preemption. Invoke xfd_update_state() which detects and corrects the mismatch if the dynamic feature is enabled. This also benefits the sigreturn path, as fpu__restore_sig() may call fpu__clear_user_states() when the sigframe is inaccessible. Fixes: 672365477ae8a ("x86/fpu: Update XFD state where required") Reported-by: Sean Christopherson <seanjc(a)google.com> Closes: https://lore.kernel.org/lkml/aDCo_SczQOUaB2rS@google.com [1] Tested-by: Chao Gao <chao.gao(a)intel.com> Signed-off-by: Chang S. Bae <chang.seok.bae(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/aDWbctO%2FRfTGiCg3@intel.com [2] --- arch/x86/kernel/fpu/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index ea138583dd92..5fa782a2ae7c 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -800,6 +800,9 @@ void fpu__clear_user_states(struct fpu *fpu) !fpregs_state_valid(fpu, smp_processor_id())) os_xrstor_supervisor(fpu->fpstate); + /* Ensure XFD state is in sync before reloading XSTATE */ + xfd_update_state(fpu->fpstate); + /* Reset user states in registers. */ restore_fpregs_from_init_fpstate(XFEATURE_MASK_USER_RESTORE); -- 2.48.1

3 days, 7 hours

3
2
0 0

[PATCH v1 1/2] ALSA: hda/tas2781: fix speaker id retrieval for multiple probes

by Antheas Kapenekakis

Currently, on ASUS projects, the TAS2781 codec attaches the speaker GPIO to the first tasdevice_priv instance using devm. This causes tas2781_read_acpi to fail on subsequent probes since the GPIO is already managed by the first device. This causes a failure on Xbox Ally X, because it has two amplifiers, and prevents us from quirking both the Xbox Ally and Xbox Ally X in the realtek codec driver. It is unnecessary to attach the GPIO to a device as it is static. Therefore, instead of attaching it and then reading it when loading the firmware, read its value directly in tas2781_read_acpi and store it in the private data structure. Then, make reading the value non-fatal so that ASUS projects that miss a speaker pin can still work, perhaps using fallback firmware. Fixes: 4e7035a75da9 ("ALSA: hda/tas2781: Add speaker id check for ASUS projects") Cc: stable(a)vger.kernel.org # 6.17 Signed-off-by: Antheas Kapenekakis <lkml(a)antheas.dev> --- include/sound/tas2781.h | 2 +- .../hda/codecs/side-codecs/tas2781_hda_i2c.c | 44 +++++++++++-------- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/include/sound/tas2781.h b/include/sound/tas2781.h index 0fbcdb15c74b..29d15ba65f04 100644 --- a/include/sound/tas2781.h +++ b/include/sound/tas2781.h @@ -197,7 +197,6 @@ struct tasdevice_priv { struct acoustic_data acou_data; #endif struct tasdevice_fw *fmw; - struct gpio_desc *speaker_id; struct gpio_desc *reset; struct mutex codec_lock; struct regmap *regmap; @@ -215,6 +214,7 @@ struct tasdevice_priv { unsigned int magic_num; unsigned int chip_id; unsigned int sysclk; + int speaker_id; int irq; int cur_prog; diff --git a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c index 0357401a6023..c8619995b1d7 100644 --- a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c +++ b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c @@ -87,6 +87,7 @@ static const struct acpi_gpio_mapping tas2781_speaker_id_gpios[] = { static int tas2781_read_acpi(struct tasdevice_priv *p, const char *hid) { + struct gpio_desc *speaker_id; struct acpi_device *adev; struct device *physdev; LIST_HEAD(resources); @@ -119,19 +120,31 @@ static int tas2781_read_acpi(struct tasdevice_priv *p, const char *hid) /* Speaker id was needed for ASUS projects. */ ret = kstrtou32(sub, 16, &subid); if (!ret && upper_16_bits(subid) == PCI_VENDOR_ID_ASUSTEK) { - ret = devm_acpi_dev_add_driver_gpios(p->dev, - tas2781_speaker_id_gpios); - if (ret < 0) + ret = acpi_dev_add_driver_gpios(adev, tas2781_speaker_id_gpios); + if (ret < 0) { dev_err(p->dev, "Failed to add driver gpio %d.\n", ret); - p->speaker_id = devm_gpiod_get(p->dev, "speakerid", GPIOD_IN); - if (IS_ERR(p->speaker_id)) { - dev_err(p->dev, "Failed to get Speaker id.\n"); - ret = PTR_ERR(p->speaker_id); - goto err; + p->speaker_id = -1; + goto end_2563; + } + + speaker_id = fwnode_gpiod_get_index(acpi_fwnode_handle(adev), + "speakerid", 0, GPIOD_IN, NULL); + if (!IS_ERR(speaker_id)) { + p->speaker_id = gpiod_get_value_cansleep(speaker_id); + dev_dbg(p->dev, "Got speaker id gpio from ACPI: %d.\n", + p->speaker_id); + gpiod_put(speaker_id); + } else { + p->speaker_id = -1; + ret = PTR_ERR(speaker_id); + dev_err(p->dev, "Get speaker id gpio failed %d.\n", + ret); } + + acpi_dev_remove_driver_gpios(adev); } else { - p->speaker_id = NULL; + p->speaker_id = -1; } end_2563: @@ -432,23 +445,16 @@ static void tasdevice_dspfw_init(void *context) struct tas2781_hda *tas_hda = dev_get_drvdata(tas_priv->dev); struct tas2781_hda_i2c_priv *hda_priv = tas_hda->hda_priv; struct hda_codec *codec = tas_priv->codec; - int ret, spk_id; + int ret; tasdevice_dsp_remove(tas_priv); tas_priv->fw_state = TASDEVICE_DSP_FW_PENDING; - if (tas_priv->speaker_id != NULL) { - // Speaker id need to be checked for ASUS only. - spk_id = gpiod_get_value(tas_priv->speaker_id); - if (spk_id < 0) { - // Speaker id is not valid, use default. - dev_dbg(tas_priv->dev, "Wrong spk_id = %d\n", spk_id); - spk_id = 0; - } + if (tas_priv->speaker_id >= 0) { snprintf(tas_priv->coef_binaryname, sizeof(tas_priv->coef_binaryname), "TAS2XXX%04X%d.bin", lower_16_bits(codec->core.subsystem_id), - spk_id); + tas_priv->speaker_id); } else { snprintf(tas_priv->coef_binaryname, sizeof(tas_priv->coef_binaryname), base-commit: 211ddde0823f1442e4ad052a2f30f050145ccada -- 2.51.1

3 days, 7 hours

2
7
0 0

[PATCH] regmap: irq: Correct documentation of wake_invert flag

by Shawn Guo

From: Shawn Guo <shawnguo(a)kernel.org> Per commit 9442490a0286 ("regmap: irq: Support wake IRQ mask inversion") the wake_invert flag is to support enable register, so cleared bits are wake disabled. Fixes: 68622bdfefb9 ("regmap: irq: document mask/wake_invert flags") Cc: stable(a)vger.kernel.org Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> --- include/linux/regmap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/regmap.h b/include/linux/regmap.h index 4e1ac1fbcec4..55343795644b 100644 --- a/include/linux/regmap.h +++ b/include/linux/regmap.h @@ -1643,7 +1643,7 @@ struct regmap_irq_chip_data; * @status_invert: Inverted status register: cleared bits are active interrupts. * @status_is_level: Status register is actuall signal level: Xor status * register with previous value to get active interrupts. - * @wake_invert: Inverted wake register: cleared bits are wake enabled. + * @wake_invert: Inverted wake register: cleared bits are wake disabled. * @type_in_mask: Use the mask registers for controlling irq type. Use this if * the hardware provides separate bits for rising/falling edge * or low/high level interrupts and they should be combined into -- 2.43.0

3 days, 7 hours

2
3
0 0

[PATCH] ALSA: wavefront: fix buffer overflow in longname construction

by moonafterrain＠outlook.com

From: Junrui Luo <moonafterrain(a)outlook.com> The snd_wavefront_probe() function constructs the card->longname string using unsafe sprintf() calls that can overflow the 80-byte buffer when module parameters contain large values. The vulnerability exists at wavefront.c where multiple sprintf() operations append to card->longname without length checking. Fix by replacing all sprintf() calls with scnprintf() and proper length tracking to ensure writes never exceed sizeof(card->longname). Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Reported-by: Junrui Luo <moonafterrain(a)outlook.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain(a)outlook.com> --- sound/isa/wavefront/wavefront.c | 40 ++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/sound/isa/wavefront/wavefront.c b/sound/isa/wavefront/wavefront.c index 07c68568091d..74ea3a67620c 100644 --- a/sound/isa/wavefront/wavefront.c +++ b/sound/isa/wavefront/wavefront.c @@ -343,6 +343,7 @@ snd_wavefront_probe (struct snd_card *card, int dev) struct snd_rawmidi *ics2115_external_rmidi = NULL; struct snd_hwdep *fx_processor; int hw_dev = 0, midi_dev = 0, err; + size_t len, rem; /* --------- PCM --------------- */ @@ -492,26 +493,35 @@ snd_wavefront_probe (struct snd_card *card, int dev) length restrictions */ - sprintf(card->longname, "%s PCM 0x%lx irq %d dma %d", - card->driver, - chip->port, - cs4232_pcm_irq[dev], - dma1[dev]); + len = scnprintf(card->longname, sizeof(card->longname), + "%s PCM 0x%lx irq %d dma %d", + card->driver, + chip->port, + cs4232_pcm_irq[dev], + dma1[dev]); - if (dma2[dev] >= 0 && dma2[dev] < 8) - sprintf(card->longname + strlen(card->longname), "&%d", dma2[dev]); + if (dma2[dev] >= 0 && dma2[dev] < 8 && len < sizeof(card->longname)) { + rem = sizeof(card->longname) - len; + len += scnprintf(card->longname + len, rem, "&%d", dma2[dev]); + } if (cs4232_mpu_port[dev] > 0 && cs4232_mpu_port[dev] != SNDRV_AUTO_PORT) { - sprintf (card->longname + strlen (card->longname), - " MPU-401 0x%lx irq %d", - cs4232_mpu_port[dev], - cs4232_mpu_irq[dev]); + if (len < sizeof(card->longname)) { + rem = sizeof(card->longname) - len; + len += scnprintf(card->longname + len, rem, + " MPU-401 0x%lx irq %d", + cs4232_mpu_port[dev], + cs4232_mpu_irq[dev]); + } } - sprintf (card->longname + strlen (card->longname), - " SYNTH 0x%lx irq %d", - ics2115_port[dev], - ics2115_irq[dev]); + if (len < sizeof(card->longname)) { + rem = sizeof(card->longname) - len; + scnprintf(card->longname + len, rem, + " SYNTH 0x%lx irq %d", + ics2115_port[dev], + ics2115_irq[dev]); + } return snd_card_register(card); } -- 2.51.1.dirty

3 days, 8 hours

2
1
0 0

[PATCH] mm/mremap: Honour writable bit in mremap pte batching

by Dev Jain

Currently mremap folio pte batch ignores the writable bit during figuring out a set of similar ptes mapping the same folio. Suppose that the first pte of the batch is writable while the others are not - set_ptes will end up setting the writable bit on the other ptes, which is a violation of mremap semantics. Therefore, use FPB_RESPECT_WRITE to check the writable bit while determining the pte batch. Cc: stable(a)vger.kernel.org #6.17 Fixes: f822a9a81a31 ("mm: optimize mremap() by PTE batching") Reported-by: David Hildenbrand <david(a)redhat.com> Debugged-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- mm-selftests pass. Based on mm-new. Need David H. to confirm whether the repro passes. mm/mremap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/mremap.c b/mm/mremap.c index a7f531c17b79..8ad06cf50783 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -187,7 +187,7 @@ static int mremap_folio_pte_batch(struct vm_area_struct *vma, unsigned long addr if (!folio || !folio_test_large(folio)) return 1; - return folio_pte_batch(folio, ptep, pte, max_nr); + return folio_pte_batch_flags(folio, NULL, ptep, &pte, max_nr, FPB_RESPECT_WRITE); } static int move_ptes(struct pagetable_move_control *pmc, -- 2.30.2

3 days, 8 hours

4
3
0 0

, conoce mejor a tu candidato antes de contratar

by Valeria Pérez

Evaluaciones Psicométricas para RR.HH. body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Mejora tus procesos de selección con evaluaciones psicométricas fáciles y confiables. Hola, , Sabemos que encontrar al candidato ideal va más allá del currículum. Por eso quiero contarte brevemente sobre PsicoSmart, una plataforma que ayuda a equipos de RR.HH. a evaluar talento con pruebas psicométricas rápidas, confiables y fáciles de aplicar. Con PsicoSmart puedes: Aplicar evaluaciones psicométricas 100% en línea. Elegir entre más de 31 pruebas psicométricas Generar reportes automáticos, visuales y fáciles de interpretar. Comparar resultados entre candidatos en segundos. Ahorrar horas valiosas del proceso de selección. Si estás buscando mejorar tus contrataciones, te lo recomiendo muchísimo. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, ----------------------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewisppiseup">click aquí</a>

3 days, 8 hours

1
0
0 0

[PATCH] scsi: aic94xx: fix use-after-free in device removal path

by moonafterrain＠outlook.com

From: Junrui Luo <moonafterrain(a)outlook.com> The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability. When a device removal is triggered (via hot-unplug or module unload), race condition can occur. The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Reported-by: Junrui Luo <moonafterrain(a)outlook.com> Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver") Cc: stable(a)vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain(a)outlook.com> --- drivers/scsi/aic94xx/aic94xx_init.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/scsi/aic94xx/aic94xx_init.c b/drivers/scsi/aic94xx/aic94xx_init.c index adf3d9145606..95f3620059f7 100644 --- a/drivers/scsi/aic94xx/aic94xx_init.c +++ b/drivers/scsi/aic94xx/aic94xx_init.c @@ -882,6 +882,9 @@ static void asd_pci_remove(struct pci_dev *dev) asd_disable_ints(asd_ha); + /* Ensure all scheduled tasklets complete before freeing resources */ + tasklet_kill(&asd_ha->seq.dl_tasklet); + asd_remove_dev_attrs(asd_ha); /* XXX more here as needed */ -- 2.51.1.dirty

3 days, 8 hours

1
0
0 0

[PATCH] agp/uninorth: fix out-of-bounds access with negative pg_start

by moonafterrain＠outlook.com

From: Junrui Luo <moonafterrain(a)outlook.com> The uninorth_insert_memory and uninorth_remove_memory functions lack proper validation of the pg_start parameter before using it as an array index into the GATT (Graphics Address Translation Table). The current bounds check fails to reject negative pg_start values and potentially causes out-of-bounds writes. Fix by explicitly checking that pg_start is non-negative before performing bounds checking. This makes the security requirement clear and does not rely on implicit type conversion behavior. The uninorth_remove_memory function has no bounds checking at all, so add the same validation there. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Reported-by: Junrui Luo <moonafterrain(a)outlook.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain(a)outlook.com> --- drivers/char/agp/uninorth-agp.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/char/agp/uninorth-agp.c b/drivers/char/agp/uninorth-agp.c index b8d7115b8c9e..4e0b949016f7 100644 --- a/drivers/char/agp/uninorth-agp.c +++ b/drivers/char/agp/uninorth-agp.c @@ -169,7 +169,9 @@ static int uninorth_insert_memory(struct agp_memory *mem, off_t pg_start, int ty temp = agp_bridge->current_size; num_entries = A_SIZE_32(temp)->num_entries; - if ((pg_start + mem->page_count) > num_entries) + if (pg_start < 0 || + (pg_start + mem->page_count) > num_entries || + (pg_start + mem->page_count) < pg_start) return -EINVAL; gp = (u32 *) &agp_bridge->gatt_table[pg_start]; @@ -200,6 +202,9 @@ static int uninorth_insert_memory(struct agp_memory *mem, off_t pg_start, int ty static int uninorth_remove_memory(struct agp_memory *mem, off_t pg_start, int type) { size_t i; + int num_entries; + void *temp; + u32 *gp; int mask_type; @@ -215,6 +220,14 @@ static int uninorth_remove_memory(struct agp_memory *mem, off_t pg_start, int ty if (mem->page_count == 0) return 0; + temp = agp_bridge->current_size; + num_entries = A_SIZE_32(temp)->num_entries; + + if (pg_start < 0 || + (pg_start + mem->page_count) > num_entries || + (pg_start + mem->page_count) < pg_start) + return -EINVAL; + gp = (u32 *) &agp_bridge->gatt_table[pg_start]; for (i = 0; i < mem->page_count; ++i) { gp[i] = scratch_value; -- 2.51.1.dirty

3 days, 8 hours

1
0
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102054-slacks-ambush-f774@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

3 days, 8 hours

2
1
0 0

[PATCH v2] leds: leds-lp50xx: enable chip before any communication

by Christian Hitz

From: Christian Hitz <christian.hitz(a)bbv.ch> If a GPIO is used to control the chip's enable pin, it needs to be pulled high before any i2c communication is attempted. Currently, the enable GPIO handling is not correct. Assume the enable GPIO is low when the probe function is entered. In this case the device is in SHUTDOWN mode and does not react to i2c commands. During probe the following sequence happens: 1. The call to lp50xx_reset() on line 548 has no effect as i2c is not possible yet. 2. Then - on line 552 - lp50xx_enable_disable() is called. As "priv->enable_gpio“ has not yet been initialized, setting the GPIO has no effect. Also the i2c enable command is not executed as the device is still in SHUTDOWN. 3. On line 556 the call to lp50xx_probe_dt() finally parses the rest of the DT and the configured priv->enable_gpio is set up. As a result the device is still in SHUTDOWN mode and not ready for operation. Split lp50xx_enable_disable() into distinct enable and disable functions to enforce correct ordering between enable_gpio manipulations and i2c commands. Read enable_gpio configuration from DT before attempting to manipulate enable_gpio. Add delays to observe correct wait timing after manipulating enable_gpio and before any i2c communication. Fixes: 242b81170fb8 ("leds: lp50xx: Add the LP50XX family of the RGB LED driver") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hitz <christian.hitz(a)bbv.ch> --- Changes in v2: - Unconditionally reset in lp50xx_enable - Define magic numbers - Improve log message --- drivers/leds/leds-lp50xx.c | 55 +++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 15 deletions(-) diff --git a/drivers/leds/leds-lp50xx.c b/drivers/leds/leds-lp50xx.c index 94f8ef6b482c..d3485d814cf4 100644 --- a/drivers/leds/leds-lp50xx.c +++ b/drivers/leds/leds-lp50xx.c @@ -50,6 +50,12 @@ #define LP50XX_SW_RESET 0xff #define LP50XX_CHIP_EN BIT(6) +#define LP50XX_CHIP_DISABLE 0x00 +#define LP50XX_START_TIME_US 500 +#define LP50XX_RESET_TIME_US 3 + +#define LP50XX_EN_GPIO_LOW 0 +#define LP50XX_EN_GPIO_HIGH 1 /* There are 3 LED outputs per bank */ #define LP50XX_LEDS_PER_MODULE 3 @@ -371,19 +377,42 @@ static int lp50xx_reset(struct lp50xx *priv) return regmap_write(priv->regmap, priv->chip_info->reset_reg, LP50XX_SW_RESET); } -static int lp50xx_enable_disable(struct lp50xx *priv, int enable_disable) +static int lp50xx_enable(struct lp50xx *priv) { int ret; - ret = gpiod_direction_output(priv->enable_gpio, enable_disable); + if (priv->enable_gpio) { + ret = gpiod_direction_output(priv->enable_gpio, LP50XX_EN_GPIO_HIGH); + if (ret) + return ret; + + udelay(LP50XX_START_TIME_US); + } + + ret = lp50xx_reset(priv); if (ret) return ret; - if (enable_disable) - return regmap_write(priv->regmap, LP50XX_DEV_CFG0, LP50XX_CHIP_EN); - else - return regmap_write(priv->regmap, LP50XX_DEV_CFG0, 0); + return regmap_write(priv->regmap, LP50XX_DEV_CFG0, LP50XX_CHIP_EN); +} +static int lp50xx_disable(struct lp50xx *priv) +{ + int ret; + + ret = regmap_write(priv->regmap, LP50XX_DEV_CFG0, LP50XX_CHIP_DISABLE); + if (ret) + return ret; + + if (priv->enable_gpio) { + ret = gpiod_direction_output(priv->enable_gpio, LP50XX_EN_GPIO_LOW); + if (ret) + return ret; + + udelay(LP50XX_RESET_TIME_US); + } + + return 0; } static int lp50xx_probe_leds(struct fwnode_handle *child, struct lp50xx *priv, @@ -447,6 +476,10 @@ static int lp50xx_probe_dt(struct lp50xx *priv) return dev_err_probe(priv->dev, PTR_ERR(priv->enable_gpio), "Failed to get enable GPIO\n"); + ret = lp50xx_enable(priv); + if (ret) + return ret; + priv->regulator = devm_regulator_get(priv->dev, "vled"); if (IS_ERR(priv->regulator)) priv->regulator = NULL; @@ -547,14 +580,6 @@ static int lp50xx_probe(struct i2c_client *client) return ret; } - ret = lp50xx_reset(led); - if (ret) - return ret; - - ret = lp50xx_enable_disable(led, 1); - if (ret) - return ret; - return lp50xx_probe_dt(led); } @@ -563,7 +588,7 @@ static void lp50xx_remove(struct i2c_client *client) struct lp50xx *led = i2c_get_clientdata(client); int ret; - ret = lp50xx_enable_disable(led, 0); + ret = lp50xx_disable(led); if (ret) dev_err(led->dev, "Failed to disable chip\n"); -- 2.51.1

3 days, 9 hours

1
0
0 0

[PATCH] leds: leds-cros_ec: Skip LEDs without color components

by Thomas Weißschuh

A user reports that on their Lenovo Corsola Magneton with EC firmware steelix-15194.270.0 the driver probe fails with EINVAL. It turns out that the power LED does not contain any color components as indicated by the following "ectool led power query" output: Brightness range for LED 1: red : 0x0 green : 0x0 blue : 0x0 yellow : 0x0 white : 0x0 amber : 0x0 The LED also does not react to commands sent manually through ectool and is generally non-functional. Instead of failing the probe for all LEDs managed by the EC when one without color components is encountered, silently skip those. Fixes: 8d6ce6f3ec9d ("leds: Add ChromeOS EC driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- drivers/leds/leds-cros_ec.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/leds/leds-cros_ec.c b/drivers/leds/leds-cros_ec.c index 377cf04e202a..bea3cc3fbfd2 100644 --- a/drivers/leds/leds-cros_ec.c +++ b/drivers/leds/leds-cros_ec.c @@ -142,9 +142,6 @@ static int cros_ec_led_count_subleds(struct device *dev, } } - if (!num_subleds) - return -EINVAL; - *max_brightness = common_range; return num_subleds; } @@ -189,6 +186,8 @@ static int cros_ec_led_probe_one(struct device *dev, struct cros_ec_device *cros &priv->led_mc_cdev.led_cdev.max_brightness); if (num_subleds < 0) return num_subleds; + if (num_subleds == 0) + return 0; /* LED without any colors, skip */ priv->cros_ec = cros_ec; priv->led_id = id; --- base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787 change-id: 20251028-cros_ec-leds-no-colors-18eb8d1efa92 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

3 days, 9 hours

1
0
0 0

[PATCH] iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source

by Miaoqian Lin

When simple_write_to_buffer() succeeds, it returns the number of bytes actually copied to the buffer, which may be less than the requested 'count' if the buffer size is insufficient. However, the current code incorrectly uses 'count' as the index for null termination instead of the actual bytes copied, leading to out-of-bound write. Add a check for the count and use the return value as the index. Found via static analysis. This is similar to the commit da9374819eb3 ("iio: backend: fix out-of-bound write") Fixes: b1c5d68ea66e ("iio: dac: ad3552r-hs: add support for internal ramp") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/iio/dac/ad3552r-hs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/dac/ad3552r-hs.c b/drivers/iio/dac/ad3552r-hs.c index 41b96b48ba98..a9578afa7015 100644 --- a/drivers/iio/dac/ad3552r-hs.c +++ b/drivers/iio/dac/ad3552r-hs.c @@ -549,12 +549,15 @@ static ssize_t ad3552r_hs_write_data_source(struct file *f, guard(mutex)(&st->lock); + if (count >= sizeof(buf)) + return -ENOSPC; + ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); if (ret < 0) return ret; - buf[count] = '\0'; + buf[ret] = '\0'; ret = match_string(dbgfs_attr_source, ARRAY_SIZE(dbgfs_attr_source), buf); -- 2.39.5 (Apple Git-154)

3 days, 9 hours

5
12
0 0

[PATCH] drm/mediatek: fix device use-after-free on unbind

by Johan Hovold

A recent change fixed device reference leaks when looking up drm platform device driver data during bind() but failed to remove a partial fix which had been added by commit 80805b62ea5b ("drm/mediatek: Fix kobject put for component sub-drivers"). This results in a reference imbalance on component bind() failures and on unbind() which could lead to a user-after-free. Make sure to only drop the references after retrieving the driver data by effectively reverting the previous partial fix. Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference. Fixes: 1f403699c40f ("drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv") Reported-by: Sjoerd Simons <sjoerd(a)collabora.com> Link: https://lore.kernel.org/r/20251003-mtk-drm-refcount-v1-1-3b3f2813b0db@colla… Cc: stable(a)vger.kernel.org Cc: Ma Ke <make24(a)iscas.ac.cn> Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c index 384b0510272c..a94c51a83261 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c @@ -686,10 +686,6 @@ static int mtk_drm_bind(struct device *dev) for (i = 0; i < private->data->mmsys_dev_num; i++) private->all_drm_private[i]->drm = NULL; err_put_dev: - for (i = 0; i < private->data->mmsys_dev_num; i++) { - /* For device_find_child in mtk_drm_get_all_priv() */ - put_device(private->all_drm_private[i]->dev); - } put_device(private->mutex_dev); return ret; } @@ -697,18 +693,12 @@ static int mtk_drm_bind(struct device *dev) static void mtk_drm_unbind(struct device *dev) { struct mtk_drm_private *private = dev_get_drvdata(dev); - int i; /* for multi mmsys dev, unregister drm dev in mmsys master */ if (private->drm_master) { drm_dev_unregister(private->drm); mtk_drm_kms_deinit(private->drm); drm_dev_put(private->drm); - - for (i = 0; i < private->data->mmsys_dev_num; i++) { - /* For device_find_child in mtk_drm_get_all_priv() */ - put_device(private->all_drm_private[i]->dev); - } put_device(private->mutex_dev); } private->mtk_drm_bound = false; -- 2.49.1

3 days, 9 hours

6
6
0 0

[PATCH] drm/of: Fix device node reference leak in drm_of_panel_bridge_remove

by Miaoqian Lin

of_graph_get_remote_node() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add of_node_put(remote) to fix the reference leak. Found via static analysis. Fixes: c70087e8f16f ("drm/drm_of: add drm_of_panel_bridge_remove function") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- include/drm/drm_of.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/drm/drm_of.h b/include/drm/drm_of.h index 7f0256dae3f1..5940b1cd542b 100644 --- a/include/drm/drm_of.h +++ b/include/drm/drm_of.h @@ -171,6 +171,7 @@ static inline int drm_of_panel_bridge_remove(const struct device_node *np, return -ENODEV; bridge = of_drm_find_bridge(remote); + of_node_put(remote); drm_panel_bridge_remove(bridge); return 0; -- 2.39.5 (Apple Git-154)

3 days, 10 hours

2
3
0 0

[PATCH] iio: accel: bmc150: Fix irq assumption regression

by Linus Walleij

The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read CPU: 0 UID: 0 PID: 393 Comm: iio-sensor-prox Not tainted 6.18.0-rc1-postmarketos-stericsson-00001-g6b43386e3737 #73 PREEMPT Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support) PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) Call trace: bmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108 bmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc __iio_update_buffers from enable_store+0x84/0xc8 enable_store from kernfs_fop_write_iter+0x154/0x1b4 kernfs_fop_write_iter from do_iter_readv_writev+0x178/0x1e4 do_iter_readv_writev from vfs_writev+0x158/0x3f4 vfs_writev from do_writev+0x74/0xe4 do_writev from __sys_trace_return+0x0/0x10 This bug seems to have been in the driver since the beginning, but it only manifests recently, I do not know why. Cc: stable(a)vger.kernel.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/iio/accel/bmc150-accel-core.c | 5 +++++ drivers/iio/accel/bmc150-accel.h | 1 + 2 files changed, 6 insertions(+) diff --git a/drivers/iio/accel/bmc150-accel-core.c b/drivers/iio/accel/bmc150-accel-core.c index 3c5d1560b163..f4421a3b0ef2 100644 --- a/drivers/iio/accel/bmc150-accel-core.c +++ b/drivers/iio/accel/bmc150-accel-core.c @@ -523,6 +523,10 @@ static int bmc150_accel_set_interrupt(struct bmc150_accel_data *data, int i, const struct bmc150_accel_interrupt_info *info = intr->info; int ret; + /* We do not always have an IRQ */ + if (!data->has_irq) + return 0; + if (state) { if (atomic_inc_return(&intr->users) > 1) return 0; @@ -1696,6 +1700,7 @@ int bmc150_accel_core_probe(struct device *dev, struct regmap *regmap, int irq, } if (irq > 0) { + data->has_irq = true; ret = devm_request_threaded_irq(dev, irq, bmc150_accel_irq_handler, bmc150_accel_irq_thread_handler, diff --git a/drivers/iio/accel/bmc150-accel.h b/drivers/iio/accel/bmc150-accel.h index 7a7baf52e595..6e9bb69a1fd4 100644 --- a/drivers/iio/accel/bmc150-accel.h +++ b/drivers/iio/accel/bmc150-accel.h @@ -59,6 +59,7 @@ enum bmc150_accel_trigger_id { struct bmc150_accel_data { struct regmap *regmap; struct regulator_bulk_data regulators[2]; + bool has_irq; struct bmc150_accel_interrupt interrupts[BMC150_ACCEL_INTERRUPTS]; struct bmc150_accel_trigger triggers[BMC150_ACCEL_TRIGGERS]; struct mutex mutex; --- base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787 change-id: 20251027-fix-bmc150-7e568122b265 Best regards, -- Linus Walleij <linus.walleij(a)linaro.org>

3 days, 10 hours

2
4
0 0

[PATCH 5.10] ipv6: sr: Fix MAC comparison to be constant-time

by Andrey Troshin

From: Eric Biggers <ebiggers(a)kernel.org> commit a458b2902115b26a25d67393b12ddd57d1216aaa upstream. To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Andrea Mayer <andrea.mayer(a)uniroma2.it> Link: https://patch.msgid.link/20250818202724.15713-1-ebiggers@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Andrey Troshin: backport fix for 5.10] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39702 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39702 --- net/ipv6/seg6_hmac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c index 4a3f7bb027ed..8bb7f94cba1e 100644 --- a/net/ipv6/seg6_hmac.c +++ b/net/ipv6/seg6_hmac.c @@ -35,6 +35,7 @@ #include <net/xfrm.h> #include <crypto/hash.h> +#include <crypto/algapi.h> #include <crypto/sha.h> #include <net/seg6.h> #include <net/genetlink.h> @@ -270,7 +271,7 @@ bool seg6_hmac_validate_skb(struct sk_buff *skb) if (seg6_hmac_compute(hinfo, srh, &ipv6_hdr(skb)->saddr, hmac_output)) return false; - if (memcmp(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN) != 0) + if (crypto_memneq(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN)) return false; return true; -- 2.34.1

3 days, 10 hours

1
0
0 0

[PATCH 2/2] ext4: fix string copying in parse_apply_sb_mount_options()

by Fedor Pchelkin

strscpy_pad() can't be used to copy a possibly non-NUL-term string into a NUL-term string. Commit 0efc5990bca5 ("string.h: Introduce memtostr() and memtostr_pad()") provides additional information in that regard. So if this happens, the following warning is observed: strnlen: detected buffer overflow: 65 byte read of buffer size 64 WARNING: CPU: 0 PID: 28655 at lib/string_helpers.c:1032 __fortify_report+0x96/0xc0 lib/string_helpers.c:1032 Modules linked in: CPU: 0 UID: 0 PID: 28655 Comm: syz-executor.3 Not tainted 6.12.54-syzkaller-00144-g5f0270f1ba00 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:__fortify_report+0x96/0xc0 lib/string_helpers.c:1032 Call Trace: <TASK> __fortify_panic+0x1f/0x30 lib/string_helpers.c:1039 strnlen include/linux/fortify-string.h:235 [inline] sized_strscpy include/linux/fortify-string.h:309 [inline] parse_apply_sb_mount_options fs/ext4/super.c:2504 [inline] __ext4_fill_super fs/ext4/super.c:5261 [inline] ext4_fill_super+0x3c35/0xad00 fs/ext4/super.c:5706 get_tree_bdev_flags+0x387/0x620 fs/super.c:1636 vfs_get_tree+0x93/0x380 fs/super.c:1814 do_new_mount fs/namespace.c:3553 [inline] path_mount+0x6ae/0x1f70 fs/namespace.c:3880 do_mount fs/namespace.c:3893 [inline] __do_sys_mount fs/namespace.c:4103 [inline] __se_sys_mount fs/namespace.c:4080 [inline] __x64_sys_mount+0x280/0x300 fs/namespace.c:4080 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x64/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e Since s_es->s_mount_opts might be non-NUL-term, annotate it with __nonstring and use the proper memtostr_pad() routine to get its NULL-term copy. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 8ecb790ea8c3 ("ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- fs/ext4/ext4.h | 2 +- fs/ext4/super.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 57087da6c7be..4c8698316457 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1429,7 +1429,7 @@ struct ext4_super_block { __le64 s_last_error_block; /* block involved of last error */ __u8 s_last_error_func[32] __nonstring; /* function where the error happened */ #define EXT4_S_ERR_END offsetof(struct ext4_super_block, s_mount_opts) - __u8 s_mount_opts[64]; + __u8 s_mount_opts[64] __nonstring; __le32 s_usr_quota_inum; /* inode for tracking user quota */ __le32 s_grp_quota_inum; /* inode for tracking group quota */ __le32 s_overhead_clusters; /* overhead blocks/clusters in fs */ diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 33e7c08c9529..57df129873e3 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2483,7 +2483,7 @@ static int parse_apply_sb_mount_options(struct super_block *sb, if (!sbi->s_es->s_mount_opts[0]) return 0; - strscpy_pad(s_mount_opts, sbi->s_es->s_mount_opts); + memtostr_pad(s_mount_opts, sbi->s_es->s_mount_opts); fc = kzalloc(sizeof(struct fs_context), GFP_KERNEL); if (!fc) -- 2.51.0

3 days, 11 hours

1
1
0 0

[PATCH] iommu/of: Fix device node reference leak in of_iommu_get_resv_regions

by Miaoqian Lin

In of_iommu_get_resv_regions(), of_find_node_by_phandle() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add a call to of_node_put() to release the reference after the usage. Found via static analysis. Fixes: a5bf3cfce8cb ("iommu: Implement of_iommu_get_resv_regions()") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/iommu/of_iommu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c index 6b989a62def2..02448da8ff90 100644 --- a/drivers/iommu/of_iommu.c +++ b/drivers/iommu/of_iommu.c @@ -256,6 +256,7 @@ void of_iommu_get_resv_regions(struct device *dev, struct list_head *list) maps = of_translate_dma_region(np, maps, &iova, &length); if (length == 0) { dev_warn(dev, "Cannot reserve IOVA region of 0 size\n"); + of_node_put(np); continue; } type = iommu_resv_region_get_type(dev, &phys, iova, length); @@ -265,6 +266,7 @@ void of_iommu_get_resv_regions(struct device *dev, struct list_head *list) if (region) list_add_tail(&region->list, list); } + of_node_put(np); } } #endif -- 2.39.5 (Apple Git-154)

3 days, 11 hours

3
2
0 0

[PATCH AUTOSEL 6.17-6.1] spi: intel-pci: Add support for Intel Wildcat Lake SPI serial flash

by Sasha Levin

From: Mika Westerberg <mika.westerberg(a)linux.intel.com> [ Upstream commit f7e37affbc9085f2b77ccb6596521a44eabf7505 ] Add Intel Wildcat Lake SPI serial flash PCI ID to the list of supported devices. Signed-off-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Link: https://patch.msgid.link/20251020145415.3377022-4-mika.westerberg@linux.int… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## BACKPORT ANALYSIS COMPLETE **Backport Status: YES** --- ## DETAILED ANALYSIS ### 1. COMMIT CHARACTERIZATION **Type**: Hardware enablement (PCI device ID addition) **Code Changes**: - Single line addition to `drivers/spi/spi-intel-pci.c` - Adds PCI device ID `0x4d23` (Intel Wildcat Lake SPI serial flash) - Maps to existing `cnl_info` configuration structure - No behavioral changes to existing code paths ### 2. SEMANTIC CODE ANALYSIS FINDINGS #### Tools Used: - **Read**: Examined the complete file structure (drivers/spi/spi-intel- pci.c:68-99) - **Grep**: Located PCI device table usage and MODULE_DEVICE_TABLE macro - **Git analysis**: Reviewed commit history and backport precedents #### Impact Scope Analysis: - **Direct impact**: Only affects systems with PCI ID 0x4d23 (Wildcat Lake hardware) - **Caller analysis**: The PCI device table is used by the kernel's PCI subsystem for automatic device-driver matching - **Dependency analysis**: Uses `cnl_info` structure (drivers/spi/spi- intel-pci.c:38-41), which has existed since 2022 - **Risk assessment**: Zero risk to existing hardware - new entry only triggers on matching PCI ID ### 3. BACKPORT PRECEDENT (Strong Evidence) I found multiple similar commits that **WERE backported** to stable trees: **Example 1 - Lunar Lake-M** (commit ec33549be99fe): ``` commit ec33549be99fe25c6927c8b3d6ed13918b27656e Author: Mika Westerberg <mika.westerberg(a)linux.intel.com> Commit: Sasha Levin <sashal(a)kernel.org> [STABLE MAINTAINER] spi: intel-pci: Add support for Lunar Lake-M SPI serial flash [ Upstream commit 8f44e3808200c1434c26ef459722f88f48b306df ] ``` **Example 2 - Granite Rapids** (commit 60446b5e74865): ``` commit 60446b5e74865acff1af5f2d89d99551c8e6e2c1 Author: Mika Westerberg <mika.westerberg(a)linux.intel.com> Commit: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [STABLE MAINTAINER] spi: intel-pci: Add support for Granite Rapids SPI serial flash [ Upstream commit 9855d60cfc720ff32355484c119acafd3c4dc806 ] ``` **Key Finding**: Both commits were backported to stable trees by stable maintainers (Sasha Levin, Greg Kroah-Hartman) **despite having NO explicit stable tags** in the original commits. ### 4. STABLE TREE COMPLIANCE **Positive Factors**: - ✅ Fixes a real user problem (Wildcat Lake users cannot access SPI flash on stable kernels) - ✅ Extremely low risk (single line, static table entry) - ✅ No architectural changes - ✅ No dependencies on unreleased features - ✅ Follows established backporting pattern for PCI ID additions - ✅ "Obviously correct" - uses tested configuration from 20+ other Intel platforms **Considerations**: - ⚠️ Technically a "new feature" (new hardware support) - ✅ However, PCI ID additions are a **special exception** routinely accepted by stable maintainers - ✅ Hardware enablement is considered "fixing" missing support for existing hardware ### 5. DEPENDENCY VERIFICATION - **cnl_info structure**: Present since 2022, exists in all stable kernels that would receive this backport - **PCI_VDEVICE macro**: Standard kernel infrastructure - **intel_spi_probe()**: Core function, no recent changes that would conflict - **Clean backport**: No conflicts expected with any stable kernel version ### 6. RISK ANALYSIS **Regression Risk**: **MINIMAL** - Only triggered when PCI ID 0x4d23 is detected - No effect on systems without Wildcat Lake hardware - Uses well-tested code path (cnl_info shared with 20+ other platforms) - No user-space API changes **Testing Coverage**: - Same code path used by numerous Intel platforms (Ice Lake, Tiger Lake, Alder Lake, etc.) - Configuration structure (cnl_info) battle-tested across multiple generations ### 7. COMMIT MESSAGE ANALYSIS The commit message is: - ✅ Clear and descriptive - ✅ Identifies specific hardware (Intel Wildcat Lake) - ✅ Consistent with previous similar commits - ❌ No "Fixes:" tag (not applicable - this is new hardware support) - ❌ No "Cc: stable(a)vger.kernel.org" tag (but precedent shows this doesn't prevent backporting) --- ## RECOMMENDATION **YES - This commit SHOULD be backported to stable kernel trees** ### Rationale: 1. **Strong precedent**: Multiple similar PCI ID additions for Intel platforms (Lunar Lake, Granite Rapids, Arrow Lake) have been backported to stable trees by stable maintainers 2. **User benefit**: Enables critical SPI flash functionality for Wildcat Lake hardware owners running stable kernels 3. **Minimal risk**: Single-line change to static table with no impact on existing hardware 4. **Well-established pattern**: PCI ID additions for hardware enablement are routinely accepted for stable backports as they "fix" missing hardware support 5. **Clean backport**: No dependencies or conflicts expected ### Target Stable Trees: - All currently maintained stable kernels (6.17.x, 6.16.x, 6.15.x, etc.) - The commit is from v6.18-rc3, so it would benefit users on any stable kernel before 6.18 drivers/spi/spi-intel-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/spi/spi-intel-pci.c b/drivers/spi/spi-intel-pci.c index 4b63cb98df9cc..4bb158a23349e 100644 --- a/drivers/spi/spi-intel-pci.c +++ b/drivers/spi/spi-intel-pci.c @@ -75,6 +75,7 @@ static const struct pci_device_id intel_spi_pci_ids[] = { { PCI_VDEVICE(INTEL, 0x38a4), (unsigned long)&bxt_info }, { PCI_VDEVICE(INTEL, 0x43a4), (unsigned long)&cnl_info }, { PCI_VDEVICE(INTEL, 0x4b24), (unsigned long)&bxt_info }, + { PCI_VDEVICE(INTEL, 0x4d23), (unsigned long)&cnl_info }, { PCI_VDEVICE(INTEL, 0x4da4), (unsigned long)&bxt_info }, { PCI_VDEVICE(INTEL, 0x51a4), (unsigned long)&cnl_info }, { PCI_VDEVICE(INTEL, 0x54a4), (unsigned long)&cnl_info }, -- 2.51.0

3 days, 12 hours

1
8
0 0

[PATCH] net: phy: motorcomm: Fix the issue in the code regarding the incorrect use of time units

by Yi Cong

From: Yi Cong <yicong(a)kylinos.cn> Currently, NS (nanoseconds) is being used, but according to the datasheet, the correct unit should be PS (picoseconds). Fixes: 4869a146cd60 ("net: phy: Add BIT macro for Motorcomm yt8521/yt8531 gigabit ethernet phy") Cc: stable(a)vger.kernel.org Signed-off-by: Yi Cong <yicong(a)kylinos.cn> --- drivers/net/phy/motorcomm.c | 102 ++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/drivers/net/phy/motorcomm.c b/drivers/net/phy/motorcomm.c index a3593e663059..81491c71e75b 100644 --- a/drivers/net/phy/motorcomm.c +++ b/drivers/net/phy/motorcomm.c @@ -171,7 +171,7 @@ * 1b1 enable 1.9ns rxc clock delay */ #define YT8521_CCR_RXC_DLY_EN BIT(8) -#define YT8521_CCR_RXC_DLY_1_900_NS 1900 +#define YT8521_CCR_RXC_DLY_1_900_PS 1900 #define YT8521_CCR_MODE_SEL_MASK (BIT(2) | BIT(1) | BIT(0)) #define YT8521_CCR_MODE_UTP_TO_RGMII 0 @@ -196,22 +196,22 @@ #define YT8521_RC1R_RX_DELAY_MASK GENMASK(13, 10) #define YT8521_RC1R_FE_TX_DELAY_MASK GENMASK(7, 4) #define YT8521_RC1R_GE_TX_DELAY_MASK GENMASK(3, 0) -#define YT8521_RC1R_RGMII_0_000_NS 0 -#define YT8521_RC1R_RGMII_0_150_NS 1 -#define YT8521_RC1R_RGMII_0_300_NS 2 -#define YT8521_RC1R_RGMII_0_450_NS 3 -#define YT8521_RC1R_RGMII_0_600_NS 4 -#define YT8521_RC1R_RGMII_0_750_NS 5 -#define YT8521_RC1R_RGMII_0_900_NS 6 -#define YT8521_RC1R_RGMII_1_050_NS 7 -#define YT8521_RC1R_RGMII_1_200_NS 8 -#define YT8521_RC1R_RGMII_1_350_NS 9 -#define YT8521_RC1R_RGMII_1_500_NS 10 -#define YT8521_RC1R_RGMII_1_650_NS 11 -#define YT8521_RC1R_RGMII_1_800_NS 12 -#define YT8521_RC1R_RGMII_1_950_NS 13 -#define YT8521_RC1R_RGMII_2_100_NS 14 -#define YT8521_RC1R_RGMII_2_250_NS 15 +#define YT8521_RC1R_RGMII_0_000_PS 0 +#define YT8521_RC1R_RGMII_0_150_PS 1 +#define YT8521_RC1R_RGMII_0_300_PS 2 +#define YT8521_RC1R_RGMII_0_450_PS 3 +#define YT8521_RC1R_RGMII_0_600_PS 4 +#define YT8521_RC1R_RGMII_0_750_PS 5 +#define YT8521_RC1R_RGMII_0_900_PS 6 +#define YT8521_RC1R_RGMII_1_050_PS 7 +#define YT8521_RC1R_RGMII_1_200_PS 8 +#define YT8521_RC1R_RGMII_1_350_PS 9 +#define YT8521_RC1R_RGMII_1_500_PS 10 +#define YT8521_RC1R_RGMII_1_650_PS 11 +#define YT8521_RC1R_RGMII_1_800_PS 12 +#define YT8521_RC1R_RGMII_1_950_PS 13 +#define YT8521_RC1R_RGMII_2_100_PS 14 +#define YT8521_RC1R_RGMII_2_250_PS 15 /* LED CONFIG */ #define YT8521_MAX_LEDS 3 @@ -800,40 +800,40 @@ struct ytphy_cfg_reg_map { static const struct ytphy_cfg_reg_map ytphy_rgmii_delays[] = { /* for tx delay / rx delay with YT8521_CCR_RXC_DLY_EN is not set. */ - { 0, YT8521_RC1R_RGMII_0_000_NS }, - { 150, YT8521_RC1R_RGMII_0_150_NS }, - { 300, YT8521_RC1R_RGMII_0_300_NS }, - { 450, YT8521_RC1R_RGMII_0_450_NS }, - { 600, YT8521_RC1R_RGMII_0_600_NS }, - { 750, YT8521_RC1R_RGMII_0_750_NS }, - { 900, YT8521_RC1R_RGMII_0_900_NS }, - { 1050, YT8521_RC1R_RGMII_1_050_NS }, - { 1200, YT8521_RC1R_RGMII_1_200_NS }, - { 1350, YT8521_RC1R_RGMII_1_350_NS }, - { 1500, YT8521_RC1R_RGMII_1_500_NS }, - { 1650, YT8521_RC1R_RGMII_1_650_NS }, - { 1800, YT8521_RC1R_RGMII_1_800_NS }, - { 1950, YT8521_RC1R_RGMII_1_950_NS }, /* default tx/rx delay */ - { 2100, YT8521_RC1R_RGMII_2_100_NS }, - { 2250, YT8521_RC1R_RGMII_2_250_NS }, + { 0, YT8521_RC1R_RGMII_0_000_PS }, + { 150, YT8521_RC1R_RGMII_0_150_PS }, + { 300, YT8521_RC1R_RGMII_0_300_PS }, + { 450, YT8521_RC1R_RGMII_0_450_PS }, + { 600, YT8521_RC1R_RGMII_0_600_PS }, + { 750, YT8521_RC1R_RGMII_0_750_PS }, + { 900, YT8521_RC1R_RGMII_0_900_PS }, + { 1050, YT8521_RC1R_RGMII_1_050_PS }, + { 1200, YT8521_RC1R_RGMII_1_200_PS }, + { 1350, YT8521_RC1R_RGMII_1_350_PS }, + { 1500, YT8521_RC1R_RGMII_1_500_PS }, + { 1650, YT8521_RC1R_RGMII_1_650_PS }, + { 1800, YT8521_RC1R_RGMII_1_800_PS }, + { 1950, YT8521_RC1R_RGMII_1_950_PS }, /* default tx/rx delay */ + { 2100, YT8521_RC1R_RGMII_2_100_PS }, + { 2250, YT8521_RC1R_RGMII_2_250_PS }, /* only for rx delay with YT8521_CCR_RXC_DLY_EN is set. */ - { 0 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_000_NS }, - { 150 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_150_NS }, - { 300 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_300_NS }, - { 450 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_450_NS }, - { 600 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_600_NS }, - { 750 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_750_NS }, - { 900 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_900_NS }, - { 1050 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_050_NS }, - { 1200 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_200_NS }, - { 1350 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_350_NS }, - { 1500 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_500_NS }, - { 1650 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_650_NS }, - { 1800 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_800_NS }, - { 1950 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_950_NS }, - { 2100 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_100_NS }, - { 2250 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_250_NS } + { 0 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_000_PS }, + { 150 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_150_PS }, + { 300 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_300_PS }, + { 450 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_450_PS }, + { 600 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_600_PS }, + { 750 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_750_PS }, + { 900 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_900_PS }, + { 1050 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_050_PS }, + { 1200 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_200_PS }, + { 1350 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_350_PS }, + { 1500 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_500_PS }, + { 1650 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_650_PS }, + { 1800 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_800_PS }, + { 1950 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_950_PS }, + { 2100 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_100_PS }, + { 2250 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_250_PS } }; static u32 ytphy_get_delay_reg_value(struct phy_device *phydev, @@ -890,10 +890,10 @@ static int ytphy_rgmii_clk_delay_config(struct phy_device *phydev) rx_reg = ytphy_get_delay_reg_value(phydev, "rx-internal-delay-ps", ytphy_rgmii_delays, tb_size, &rxc_dly_en, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); tx_reg = ytphy_get_delay_reg_value(phydev, "tx-internal-delay-ps", ytphy_rgmii_delays, tb_size, NULL, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); switch (phydev->interface) { case PHY_INTERFACE_MODE_RGMII: -- 2.25.1

3 days, 12 hours

3
5
0 0

[PATCH net v3 2/3] bpf,sockmap: disallow MPTCP sockets from sockmap

by Jiayuan Chen

MPTCP creates subflows for data transmission, and these sockets should not be added to sockmap because MPTCP sets specialized data_ready handlers that would be overridden by sockmap. Additionally, for the parent socket of MPTCP subflows (plain TCP socket), MPTCP sk requires specific protocol handling that conflicts with sockmap's operation(mptcp_prot). This patch adds proper checks to reject MPTCP subflows and their parent sockets from being added to sockmap, while preserving compatibility with reuseport functionality for listening MPTCP sockets. We cannot add this logic to sock_map_sk_state_allowed() because the sockops path doesn't execute this function, and the socket state coming from sockops might be in states like SYN_RECV. So moving sock_map_sk_state_allowed() to sock_{map,hash}_update_common() is not appropriate. Instead, we introduce a new function to handle MPTCP checks. Fixes: 0b4f33def7bb ("mptcp: fix tcp fallback crash") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Suggested-by: Jakub Sitnicki <jakub(a)cloudflare.com> --- net/core/sock_map.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 5947b38e4f8b..5be38cdfb5cc 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -467,6 +467,27 @@ static int sock_map_get_next_key(struct bpf_map *map, void *key, void *next) return 0; } +/* Disallow MPTCP subflows and their parent sockets. However, a TCP_LISTEN + * MPTCP socket is permitted because sockmap can also serve for reuseport + * socket selection. + */ +static inline bool sock_map_sk_type_allowed(const struct sock *sk) +{ + /* MPTCP subflows are not intended for data I/O by user */ + if (sk_is_tcp(sk) && sk_is_mptcp(sk)) + goto disallow; + + /* MPTCP parents use mptcp_prot - not supported with sockmap yet */ + if (sk->sk_protocol == IPPROTO_MPTCP && sk->sk_state != TCP_LISTEN) + goto disallow; + + return true; + +disallow: + pr_err_once("sockmap/sockhash: MPTCP sockets are not supported\n"); + return false; +} + static int sock_map_update_common(struct bpf_map *map, u32 idx, struct sock *sk, u64 flags) { @@ -482,6 +503,9 @@ static int sock_map_update_common(struct bpf_map *map, u32 idx, if (unlikely(idx >= map->max_entries)) return -E2BIG; + if (!sock_map_sk_type_allowed(sk)) + return -EOPNOTSUPP; + link = sk_psock_init_link(); if (!link) return -ENOMEM; @@ -1003,6 +1027,9 @@ static int sock_hash_update_common(struct bpf_map *map, void *key, if (unlikely(flags > BPF_EXIST)) return -EINVAL; + if (!sock_map_sk_type_allowed(sk)) + return -EOPNOTSUPP; + link = sk_psock_init_link(); if (!link) return -ENOMEM; -- 2.43.0

3 days, 12 hours

2
1
0 0

[PATCH] thermal: thermal_of: Fix device node reference leak in thermal_of_cm_lookup

by Miaoqian Lin

In thermal_of_cm_lookup(), of_parse_phandle() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add of_node_put(tr_np) to fix the reference leaks. Found via static analysis. Fixes: 3fd6d6e2b4e8 ("thermal/of: Rework the thermal device tree initialization") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/thermal/thermal_of.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index 1a51a4d240ff..2bb1b8e471cf 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -284,8 +284,11 @@ static bool thermal_of_cm_lookup(struct device_node *cm_np, int count, i; tr_np = of_parse_phandle(child, "trip", 0); - if (tr_np != trip->priv) + if (tr_np != trip->priv) { + of_node_put(tr_np); continue; + } + of_node_put(tr_np); /* The trip has been found, look up the cdev. */ count = of_count_phandle_with_args(child, "cooling-device", -- 2.39.5 (Apple Git-154)

3 days, 12 hours

2
1
0 0

[PATCH] gcov: Add support for GCC 15

by Peter Oberparleiter

Using gcov on kernels compiled with GCC 15 results in truncated 16-byte long .gcda files with no usable data. To fix this, update GCOV_COUNTERS to match the value defined by GCC 15. Tested with GCC 14.3.0 and GCC 15.2.0. Reported-by: Matthieu Baerts <matttbe(a)kernel.org> Closes: https://github.com/linux-test-project/lcov/issues/445 Tested-by: Matthieu Baerts <matttbe(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> --- kernel/gcov/gcc_4_7.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/gcov/gcc_4_7.c b/kernel/gcov/gcc_4_7.c index a08cc076f332..ffde93d051a4 100644 --- a/kernel/gcov/gcc_4_7.c +++ b/kernel/gcov/gcc_4_7.c @@ -18,7 +18,9 @@ #include <linux/mm.h> #include "gcov.h" -#if (__GNUC__ >= 14) +#if (__GNUC__ >= 15) +#define GCOV_COUNTERS 10 +#elif (__GNUC__ >= 14) #define GCOV_COUNTERS 9 #elif (__GNUC__ >= 10) #define GCOV_COUNTERS 8 -- 2.48.1

3 days, 13 hours

1
0
0 0

[PATCH net v3 1/3] net,mptcp: fix proto fallback detection with BPF sockmap

by Jiayuan Chen

When the server has MPTCP enabled but receives a non-MP-capable request from a client, it calls mptcp_fallback_tcp_ops(). Since non-MPTCP connections are allowed to use sockmap, which replaces sk->sk_prot, using sk->sk_prot to determine the IP version in mptcp_fallback_tcp_ops() becomes unreliable. This can lead to assigning incorrect ops to sk->sk_socket->ops. Additionally, when BPF Sockmap modifies the protocol handlers, the original WARN_ON_ONCE(sk->sk_prot != &tcp_prot) check would falsely trigger warnings. Fix this by using the more stable sk_family to distinguish between IPv4 and IPv6 connections, ensuring correct fallback protocol operations are selected even when BPF Sockmap has modified the socket protocol handlers. Fixes: 0b4f33def7bb ("mptcp: fix tcp fallback crash") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Reviewed-by: Jakub Sitnicki <jakub(a)cloudflare.com> --- net/mptcp/protocol.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 0292162a14ee..2393741bc310 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -61,11 +61,16 @@ static u64 mptcp_wnd_end(const struct mptcp_sock *msk) static const struct proto_ops *mptcp_fallback_tcp_ops(const struct sock *sk) { + /* When BPF sockmap is used, it may replace sk->sk_prot. + * Using sk_family is a reliable way to determine the IP version. + */ + unsigned short family = READ_ONCE(sk->sk_family); + #if IS_ENABLED(CONFIG_MPTCP_IPV6) - if (sk->sk_prot == &tcpv6_prot) + if (family == AF_INET6) return &inet6_stream_ops; #endif - WARN_ON_ONCE(sk->sk_prot != &tcp_prot); + WARN_ON_ONCE(family != AF_INET); return &inet_stream_ops; } -- 2.43.0

3 days, 13 hours

3
4
0 0

[PATCH 05/25] media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format()

by Hans de Goede

The 2 argument version of v4l2_subdev_state_get_format() takes the pad as second argument, not the stream. Fixes: bc0e8d91feec ("media: v4l: subdev: Switch to stream-aware state functions") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- Note the problem pre-exists the Fixes: commit but backporting further will require manual backports and seems unnecessary. --- drivers/media/i2c/ov01a10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index f92867f542f0..0405ec7c75fd 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -731,7 +731,7 @@ static int ov01a10_set_format(struct v4l2_subdev *sd, h_blank); } - format = v4l2_subdev_state_get_format(sd_state, fmt->stream); + format = v4l2_subdev_state_get_format(sd_state, fmt->pad); *format = fmt->format; return 0; -- 2.51.0

3 days, 13 hours

2
1
0 0

[PATCH 04/25] media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls

by Hans de Goede

Add missing v4l2_subdev_cleanup() calls to cleanup after v4l2_subdev_init_finalize(). Fixes: 0827b58dabff ("media: i2c: add ov01a10 image sensor driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/media/i2c/ov01a10.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index 95d6a0f046a0..f92867f542f0 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -864,6 +864,7 @@ static void ov01a10_remove(struct i2c_client *client) struct v4l2_subdev *sd = i2c_get_clientdata(client); v4l2_async_unregister_subdev(sd); + v4l2_subdev_cleanup(sd); media_entity_cleanup(&sd->entity); v4l2_ctrl_handler_free(sd->ctrl_handler); @@ -934,6 +935,7 @@ static int ov01a10_probe(struct i2c_client *client) err_pm_disable: pm_runtime_disable(dev); pm_runtime_set_suspended(&client->dev); + v4l2_subdev_cleanup(&ov01a10->sd); err_media_entity_cleanup: media_entity_cleanup(&ov01a10->sd.entity); -- 2.51.0

3 days, 13 hours

3
3
0 0

[PATCH wireless v4 1/4] wifi: cfg80211: add an hrtimer based delayed work item

by Miri Korenblit

From: Benjamin Berg <benjamin.berg(a)intel.com> The normal timer mechanism assume that timeout further in the future need a lower accuracy. As an example, the granularity for a timer scheduled 4096 ms in the future on a 1000 Hz system is already 512 ms. This granularity is perfectly sufficient for e.g. timeouts, but there are other types of events that will happen at a future point in time and require a higher accuracy. Add a new wiphy_hrtimer_work type that uses an hrtimer internally. The API is almost identical to the existing wiphy_delayed_work and it can be used as a drop-in replacement after minor adjustments. The work will be scheduled relative to the current time with a slack of 1 millisecond. CC: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com> Reviewed-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> --- include/net/cfg80211.h | 78 ++++++++++++++++++++++++++++++++++++++++++ net/wireless/core.c | 56 ++++++++++++++++++++++++++++++ net/wireless/trace.h | 21 ++++++++++++ 3 files changed, 155 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 781624f5913a..820e299f06b5 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -6435,6 +6435,11 @@ static inline void wiphy_delayed_work_init(struct wiphy_delayed_work *dwork, * after wiphy_lock() was called. Therefore, wiphy_cancel_work() can * use just cancel_work() instead of cancel_work_sync(), it requires * being in a section protected by wiphy_lock(). + * + * Note that these are scheduled with a timer where the accuracy + * becomes less the longer in the future the scheduled timer is. Use + * wiphy_hrtimer_work_queue() if the timer must be not be late by more + * than approximately 10 percent. */ void wiphy_delayed_work_queue(struct wiphy *wiphy, struct wiphy_delayed_work *dwork, @@ -6506,6 +6511,79 @@ void wiphy_delayed_work_flush(struct wiphy *wiphy, bool wiphy_delayed_work_pending(struct wiphy *wiphy, struct wiphy_delayed_work *dwork); +struct wiphy_hrtimer_work { + struct wiphy_work work; + struct wiphy *wiphy; + struct hrtimer timer; +}; + +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t); + +static inline void wiphy_hrtimer_work_init(struct wiphy_hrtimer_work *hrwork, + wiphy_work_func_t func) +{ + hrtimer_setup(&hrwork->timer, wiphy_hrtimer_work_timer, + CLOCK_BOOTTIME, HRTIMER_MODE_REL); + wiphy_work_init(&hrwork->work, func); +} + +/** + * wiphy_hrtimer_work_queue - queue hrtimer work for the wiphy + * @wiphy: the wiphy to queue for + * @hrwork: the high resolution timer worker + * @delay: the delay given as a ktime_t + * + * Please refer to wiphy_delayed_work_queue(). The difference is that + * the hrtimer work uses a high resolution timer for scheduling. This + * may be needed if timeouts might be scheduled further in the future + * and the accuracy of the normal timer is not sufficient. + * + * Expect a delay of a few milliseconds as the timer is scheduled + * with some slack and some more time may pass between queueing the + * work and its start. + */ +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay); + +/** + * wiphy_hrtimer_work_cancel - cancel previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrtimer: the hrtimer work to cancel + * + * Cancel the work *without* waiting for it, this assumes being + * called under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrtimer); + +/** + * wiphy_hrtimer_work_flush - flush previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work to flush + * + * Flush the work (i.e. run it if pending). This must be called + * under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + +/** + * wiphy_hrtimer_work_pending - Find out whether a wiphy hrtimer + * work item is currently pending. + * + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work in question + * + * Return: true if timer is pending, false otherwise + * + * Please refer to the wiphy_delayed_work_pending() documentation as + * this is the equivalent function for hrtimer based delayed work + * items. + */ +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + /** * enum ieee80211_ap_reg_power - regulatory power for an Access Point * diff --git a/net/wireless/core.c b/net/wireless/core.c index 797f9f2004a6..54a34d8d356e 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -1787,6 +1787,62 @@ bool wiphy_delayed_work_pending(struct wiphy *wiphy, } EXPORT_SYMBOL_GPL(wiphy_delayed_work_pending); +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t) +{ + struct wiphy_hrtimer_work *hrwork = + container_of(t, struct wiphy_hrtimer_work, timer); + + wiphy_work_queue(hrwork->wiphy, &hrwork->work); + + return HRTIMER_NORESTART; +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_timer); + +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay) +{ + trace_wiphy_hrtimer_work_queue(wiphy, &hrwork->work, delay); + + if (!delay) { + hrtimer_cancel(&hrwork->timer); + wiphy_work_queue(wiphy, &hrwork->work); + return; + } + + hrwork->wiphy = wiphy; + hrtimer_start_range_ns(&hrwork->timer, delay, + 1000 * NSEC_PER_USEC, HRTIMER_MODE_REL); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_queue); + +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_cancel(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_cancel); + +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_flush(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_flush); + +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + return hrtimer_is_queued(&hrwork->timer); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_pending); + static int __init cfg80211_init(void) { int err; diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 8a4c34112eb5..2b71f1d867a0 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -304,6 +304,27 @@ TRACE_EVENT(wiphy_delayed_work_queue, __entry->delay) ); +TRACE_EVENT(wiphy_hrtimer_work_queue, + TP_PROTO(struct wiphy *wiphy, struct wiphy_work *work, + ktime_t delay), + TP_ARGS(wiphy, work, delay), + TP_STRUCT__entry( + WIPHY_ENTRY + __field(void *, instance) + __field(void *, func) + __field(ktime_t, delay) + ), + TP_fast_assign( + WIPHY_ASSIGN; + __entry->instance = work; + __entry->func = work->func; + __entry->delay = delay; + ), + TP_printk(WIPHY_PR_FMT " instance=%p func=%pS delay=%llu", + WIPHY_PR_ARG, __entry->instance, __entry->func, + __entry->delay) +); + TRACE_EVENT(wiphy_work_worker_start, TP_PROTO(struct wiphy *wiphy), TP_ARGS(wiphy), -- 2.34.1

3 days, 13 hours

1
0
0 0

[PATCH] phy: ti: omap-usb2: Fix device node reference leak in omap_usb2_probe

by Miaoqian Lin

In omap_usb2_probe(), of_parse_phandle() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add of_node_put(control_node) after usage to fix the reference leak. Found via static analysis. Fixes: 478b6c7436c2 ("usb: phy: omap-usb2: Don't use omap_get_control_dev()") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/phy/ti/phy-omap-usb2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/ti/phy-omap-usb2.c b/drivers/phy/ti/phy-omap-usb2.c index 1eb252604441..660df3181e4f 100644 --- a/drivers/phy/ti/phy-omap-usb2.c +++ b/drivers/phy/ti/phy-omap-usb2.c @@ -426,6 +426,7 @@ static int omap_usb2_probe(struct platform_device *pdev) } control_pdev = of_find_device_by_node(control_node); + of_node_put(control_node); if (!control_pdev) { dev_err(&pdev->dev, "Failed to get control device\n"); return -EINVAL; -- 2.39.5 (Apple Git-154)

3 days, 14 hours

2
1
0 0

[PATCH v2 1/2] media: mediatek: mdp: fix device leak on probe

by Johan Hovold

Make sure to drop the reference taken when looking up the VPU firmware device during probe on probe failure (e.g. probe deferral) and on driver unbind. Fixes: c8eb2d7e8202 ("[media] media: Add Mediatek MDP Driver") Cc: stable(a)vger.kernel.org # 4.10 Cc: Minghsiu Tsai <minghsiu.tsai(a)mediatek.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/media/platform/mediatek/mdp/mtk_mdp_core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c b/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c index 80fdc6ff57e0..5c7dcf4090f4 100644 --- a/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c +++ b/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c @@ -198,7 +198,7 @@ static int mtk_mdp_probe(struct platform_device *pdev) VPU_RST_MDP); if (ret) { dev_err(&pdev->dev, "Failed to register reset handler\n"); - goto err_m2m_register; + goto err_put_vpu; } platform_set_drvdata(pdev, mdp); @@ -206,7 +206,7 @@ static int mtk_mdp_probe(struct platform_device *pdev) ret = vb2_dma_contig_set_max_seg_size(&pdev->dev, DMA_BIT_MASK(32)); if (ret) { dev_err(&pdev->dev, "Failed to set vb2 dma mag seg size\n"); - goto err_m2m_register; + goto err_put_vpu; } pm_runtime_enable(dev); @@ -214,6 +214,8 @@ static int mtk_mdp_probe(struct platform_device *pdev) return 0; +err_put_vpu: + put_device(&mdp->vpu_dev->dev); err_m2m_register: v4l2_device_unregister(&mdp->v4l2_dev); @@ -241,6 +243,7 @@ static void mtk_mdp_remove(struct platform_device *pdev) struct mtk_mdp_comp *comp, *comp_temp; pm_runtime_disable(&pdev->dev); + put_device(&mdp->vpu_dev->dev); vb2_dma_contig_clear_max_seg_size(&pdev->dev); mtk_mdp_unregister_m2m_device(mdp); v4l2_device_unregister(&mdp->v4l2_dev); -- 2.51.0

3 days, 14 hours

1
0
0 0

[PATCH] drm/meson: Fix reference count leak in meson_encoder_dsi_probe

by Miaoqian Lin

The of_graph_get_remote_node() function returns a device node with its reference count incremented. The caller is responsible for calling of_node_put() to release this reference when done. Fixes: 42dcf15f901c ("drm/meson: add DSI encoder") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/meson/meson_encoder_dsi.c b/drivers/gpu/drm/meson/meson_encoder_dsi.c index 6c6624f9ba24..01edf46e30d0 100644 --- a/drivers/gpu/drm/meson/meson_encoder_dsi.c +++ b/drivers/gpu/drm/meson/meson_encoder_dsi.c @@ -121,6 +121,7 @@ int meson_encoder_dsi_probe(struct meson_drm *priv) } meson_encoder_dsi->next_bridge = of_drm_find_bridge(remote); + of_node_put(remote); if (!meson_encoder_dsi->next_bridge) return dev_err_probe(priv->dev, -EPROBE_DEFER, "Failed to find DSI transceiver bridge\n"); -- 2.39.5 (Apple Git-154)

3 days, 15 hours

2
1
0 0

[PATCH] soc: samsung: exynos-pmu: fix reference count leak in exynos_get_pmu_regmap_by_phandle

by Miaoqian Lin

The driver_find_device_by_of_node() function calls driver_find_device and returns a device with its reference count incremented. Add the missing put_device() call to release this reference after the device is used. Found via static analysis. Fixes: 0b7c6075022c ("soc: samsung: exynos-pmu: Add regmap support for SoCs that protect PMU regs") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/soc/samsung/exynos-pmu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/soc/samsung/exynos-pmu.c b/drivers/soc/samsung/exynos-pmu.c index 22c50ca2aa79..a53c1f882e1a 100644 --- a/drivers/soc/samsung/exynos-pmu.c +++ b/drivers/soc/samsung/exynos-pmu.c @@ -346,6 +346,7 @@ struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np, if (!dev) return ERR_PTR(-EPROBE_DEFER); + put_device(dev); return syscon_node_to_regmap(pmu_np); } EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap_by_phandle); -- 2.39.5 (Apple Git-154)

3 days, 15 hours

3
2
0 0

Hello

by Eric

3 days, 16 hours

1
0
0 0

[RESEND] [PATCH] nvme-tcp: fix usage of page_frag_cache

by Dmitry Bogdanov

nvme uses page_frag_cache to preallocate PDU for each preallocated request of block device. Block devices are created in parallel threads, consequently page_frag_cache is used in not thread-safe manner. That leads to incorrect refcounting of backstore pages and premature free. That can be catched by !sendpage_ok inside network stack: WARNING: CPU: 7 PID: 467 at ../net/core/skbuff.c:6931 skb_splice_from_iter+0xfa/0x310. tcp_sendmsg_locked+0x782/0xce0 tcp_sendmsg+0x27/0x40 sock_sendmsg+0x8b/0xa0 nvme_tcp_try_send_cmd_pdu+0x149/0x2a0 Then random panic may occur. Fix that by serializing the usage of page_frag_cache. Cc: stable(a)vger.kernel.org # 6.12 Fixes: 4e893ca81170 ("nvme_core: scan namespaces asynchronously") Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> --- drivers/nvme/host/tcp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index 1413788ca7d52..823e07759e0d3 100644 --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -145,6 +145,7 @@ struct nvme_tcp_queue { struct mutex queue_lock; struct mutex send_mutex; + struct mutex pf_cache_lock; struct llist_head req_list; struct list_head send_list; @@ -556,9 +557,11 @@ static int nvme_tcp_init_request(struct blk_mq_tag_set *set, struct nvme_tcp_queue *queue = &ctrl->queues[queue_idx]; u8 hdgst = nvme_tcp_hdgst_len(queue); + mutex_lock(&queue->pf_cache_lock); req->pdu = page_frag_alloc(&queue->pf_cache, sizeof(struct nvme_tcp_cmd_pdu) + hdgst, GFP_KERNEL | __GFP_ZERO); + mutex_unlock(&queue->pf_cache_lock); if (!req->pdu) return -ENOMEM; @@ -1420,9 +1423,11 @@ static int nvme_tcp_alloc_async_req(struct nvme_tcp_ctrl *ctrl) struct nvme_tcp_request *async = &ctrl->async_req; u8 hdgst = nvme_tcp_hdgst_len(queue); + mutex_lock(&queue->pf_cache_lock); async->pdu = page_frag_alloc(&queue->pf_cache, sizeof(struct nvme_tcp_cmd_pdu) + hdgst, GFP_KERNEL | __GFP_ZERO); + mutex_unlock(&queue->pf_cache_lock); if (!async->pdu) return -ENOMEM; @@ -1450,6 +1455,7 @@ static void nvme_tcp_free_queue(struct nvme_ctrl *nctrl, int qid) kfree(queue->pdu); mutex_destroy(&queue->send_mutex); mutex_destroy(&queue->queue_lock); + mutex_destroy(&queue->pf_cache_lock); } static int nvme_tcp_init_connection(struct nvme_tcp_queue *queue) @@ -1772,6 +1778,7 @@ static int nvme_tcp_alloc_queue(struct nvme_ctrl *nctrl, int qid, INIT_LIST_HEAD(&queue->send_list); mutex_init(&queue->send_mutex); INIT_WORK(&queue->io_work, nvme_tcp_io_work); + mutex_init(&queue->pf_cache_lock); if (qid > 0) queue->cmnd_capsule_len = nctrl->ioccsz * 16; @@ -1903,6 +1910,7 @@ static int nvme_tcp_alloc_queue(struct nvme_ctrl *nctrl, int qid, err_destroy_mutex: mutex_destroy(&queue->send_mutex); mutex_destroy(&queue->queue_lock); + mutex_destroy(&queue->pf_cache_lock); return ret; } -- 2.25.1

3 days, 16 hours

2
2
0 0

[PATCH] cpufreq: nforce2: fix reference count leak in nforce2

by Miaoqian Lin

There are two reference count leaks in this driver: 1. In nforce2_fsb_read(): pci_get_subsys() increases the reference count of the PCI device, but pci_dev_put() is never called to release it, thus leaking the reference. 2. In nforce2_detect_chipset(): pci_get_subsys() gets a reference to the nforce2_dev which is stored in a global variable, but the reference is never released when the module is unloaded. Fix both by: - Adding pci_dev_put(nforce2_sub5) in nforce2_fsb_read() after reading the configuration. - Adding pci_dev_put(nforce2_dev) in nforce2_exit() to release the global device reference. Found via static analysis. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/cpufreq/cpufreq-nforce2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cpufreq/cpufreq-nforce2.c b/drivers/cpufreq/cpufreq-nforce2.c index fedad1081973..fbbbe501cf2d 100644 --- a/drivers/cpufreq/cpufreq-nforce2.c +++ b/drivers/cpufreq/cpufreq-nforce2.c @@ -145,6 +145,8 @@ static unsigned int nforce2_fsb_read(int bootfsb) pci_read_config_dword(nforce2_sub5, NFORCE2_BOOTFSB, &fsb); fsb /= 1000000; + pci_dev_put(nforce2_sub5); + /* Check if PLL register is already set */ pci_read_config_byte(nforce2_dev, NFORCE2_PLLENABLE, (u8 *)&temp); @@ -426,6 +428,7 @@ static int __init nforce2_init(void) static void __exit nforce2_exit(void) { cpufreq_unregister_driver(&nforce2_driver); + pci_dev_put(nforce2_dev); } module_init(nforce2_init); -- 2.39.5 (Apple Git-154)

3 days, 19 hours

2
1
0 0

[PATCH] mfd: altera-sysmgr: Fix device reference leak in altr_sysmgr_regmap_lookup_by_phandle

by Miaoqian Lin

driver_find_device_by_of_node() calls driver_find_device(), which calls get_device(). get_device() increments the device's reference count, so driver_find_device_by_of_node() returns a device with its reference count incremented. We need to release this reference after usage to avoid a reference leak. Add put_device(dev) after dev_get_drvdata() to fix the reference leak. Found via static analysis. Fixes: f36e789a1f8d ("mfd: altera-sysmgr: Add SOCFPGA System Manager") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/mfd/altera-sysmgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mfd/altera-sysmgr.c b/drivers/mfd/altera-sysmgr.c index fb5f988e61f3..cb66b2fff536 100644 --- a/drivers/mfd/altera-sysmgr.c +++ b/drivers/mfd/altera-sysmgr.c @@ -116,6 +116,7 @@ struct regmap *altr_sysmgr_regmap_lookup_by_phandle(struct device_node *np, return ERR_PTR(-EPROBE_DEFER); sysmgr = dev_get_drvdata(dev); + put_device(dev); return sysmgr->regmap; } -- 2.39.5 (Apple Git-154)

3 days, 20 hours

1
0
0 0

[PATCH] soc: imx: gpc: fix reference count leak in imx_gpc_remove

by Miaoqian Lin

of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. Fixes: 721cabf6c660 ("soc: imx: move PGC handling to a new GPC driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/pmdomain/imx/gpc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pmdomain/imx/gpc.c b/drivers/pmdomain/imx/gpc.c index 33991f3c6b55..a34b260274f7 100644 --- a/drivers/pmdomain/imx/gpc.c +++ b/drivers/pmdomain/imx/gpc.c @@ -536,6 +536,8 @@ static void imx_gpc_remove(struct platform_device *pdev) return; } } + + of_node_put(pgc_node); } static struct platform_driver imx_gpc_driver = { -- 2.39.5 (Apple Git-154)

3 days, 21 hours

1
0
0 0

[PATCH v2] f2fs: invalidate dentry cache on failed whiteout creation

by Deepanshu Kartikey

F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAX_DIR_HASH_DEPTH. When RENAME_WHITEOUT operations are performed on such directories, f2fs_rename performs directory modifications (updating target entry and deleting source entry) before attempting to add the whiteout entry via f2fs_add_link. If f2fs_add_link fails due to the corrupted directory structure, the function returns an error to VFS, but the partial directory modifications have already been committed to disk. VFS assumes the entire rename operation failed and does not update the dentry cache, leaving stale mappings. In the error path, VFS does not call d_move() to update the dentry cache. This results in new_dentry still pointing to the old inode (new_inode) which has already had its i_nlink decremented to zero. The stale cache causes subsequent operations to incorrectly reference the freed inode. This causes subsequent operations to use cached dentry information that no longer matches the on-disk state. When a second rename targets the same entry, VFS attempts to decrement i_nlink on the stale inode, which may already have i_nlink=0, triggering a WARNING in drop_nlink(). Example sequence: 1. First rename (RENAME_WHITEOUT): file2 → file1 - f2fs updates file1 entry on disk (points to inode 8) - f2fs deletes file2 entry on disk - f2fs_add_link(whiteout) fails (corrupted directory) - Returns error to VFS - VFS does not call d_move() due to error - VFS cache still has: file1 → inode 7 (stale!) - inode 7 has i_nlink=0 (already decremented) 2. Second rename: file3 → file1 - VFS uses stale cache: file1 → inode 7 - Tries to drop_nlink on inode 7 (i_nlink already 0) - WARNING in drop_nlink() Fix this by explicitly invalidating old_dentry and new_dentry when f2fs_add_link fails during whiteout creation. This forces VFS to refresh from disk on subsequent operations, ensuring cache consistency even when the rename partially succeeds. Reproducer: 1. Mount F2FS image with corrupted i_current_depth 2. renameat2(file2, file1, RENAME_WHITEOUT) 3. renameat2(file3, file1, 0) 4. System triggers WARNING in drop_nlink() Fixes: 7e01e7ad746b ("f2fs: support RENAME_WHITEOUT") Reported-by: syzbot+632cf32276a9a564188d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=632cf32276a9a564188d Suggested-by: Chao Yu <chao(a)kernel.org> Link: https://lore.kernel.org/all/20251022233349.102728-1-kartikey406@gmail.com/ [v1] Cc: stable(a)vger.kernel.org Signed-off-by: Deepanshu Kartikey <kartikey406(a)gmail.com> --- Changes in v2: - Added detailed explanation about VFS not calling d_move() in error path, resulting in new_dentry still pointing to inode with zeroed i_nlink (suggested by Chao Yu) - Added Fixes tag pointing to commit 7e01e7ad746b - Added Cc: stable(a)vger.kernel.org for backporting to stable kernels --- fs/f2fs/namei.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index b882771e4699..712479b7b93d 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -1053,9 +1053,11 @@ static int f2fs_rename(struct mnt_idmap *idmap, struct inode *old_dir, if (whiteout) { set_inode_flag(whiteout, FI_INC_LINK); err = f2fs_add_link(old_dentry, whiteout); - if (err) + if (err) { + d_invalidate(old_dentry); + d_invalidate(new_dentry); goto put_out_dir; - + } spin_lock(&whiteout->i_lock); whiteout->i_state &= ~I_LINKABLE; spin_unlock(&whiteout->i_lock); -- 2.43.0

3 days, 22 hours

2
1
0 0

[PATCH] net: phy: motorcomm: Fix the issue in the code regarding the incorrect use of time units

by Yi Cong

From: Yi Cong <yicong(a)kylinos.cn> Currently, NS (nanoseconds) is being used, but according to the datasheet, the correct unit should be PS (picoseconds). Fixes: 4869a146cd60 ("net: phy: Add BIT macro for Motorcomm yt8521/yt8531 gigabit ethernet phy") Cc: stable(a)vger.kernel.org Signed-off-by: Yi Cong <yicong(a)kylinos.cn> --- drivers/net/phy/motorcomm.c | 102 ++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/drivers/net/phy/motorcomm.c b/drivers/net/phy/motorcomm.c index a3593e663059..81491c71e75b 100644 --- a/drivers/net/phy/motorcomm.c +++ b/drivers/net/phy/motorcomm.c @@ -171,7 +171,7 @@ * 1b1 enable 1.9ns rxc clock delay */ #define YT8521_CCR_RXC_DLY_EN BIT(8) -#define YT8521_CCR_RXC_DLY_1_900_NS 1900 +#define YT8521_CCR_RXC_DLY_1_900_PS 1900 #define YT8521_CCR_MODE_SEL_MASK (BIT(2) | BIT(1) | BIT(0)) #define YT8521_CCR_MODE_UTP_TO_RGMII 0 @@ -196,22 +196,22 @@ #define YT8521_RC1R_RX_DELAY_MASK GENMASK(13, 10) #define YT8521_RC1R_FE_TX_DELAY_MASK GENMASK(7, 4) #define YT8521_RC1R_GE_TX_DELAY_MASK GENMASK(3, 0) -#define YT8521_RC1R_RGMII_0_000_NS 0 -#define YT8521_RC1R_RGMII_0_150_NS 1 -#define YT8521_RC1R_RGMII_0_300_NS 2 -#define YT8521_RC1R_RGMII_0_450_NS 3 -#define YT8521_RC1R_RGMII_0_600_NS 4 -#define YT8521_RC1R_RGMII_0_750_NS 5 -#define YT8521_RC1R_RGMII_0_900_NS 6 -#define YT8521_RC1R_RGMII_1_050_NS 7 -#define YT8521_RC1R_RGMII_1_200_NS 8 -#define YT8521_RC1R_RGMII_1_350_NS 9 -#define YT8521_RC1R_RGMII_1_500_NS 10 -#define YT8521_RC1R_RGMII_1_650_NS 11 -#define YT8521_RC1R_RGMII_1_800_NS 12 -#define YT8521_RC1R_RGMII_1_950_NS 13 -#define YT8521_RC1R_RGMII_2_100_NS 14 -#define YT8521_RC1R_RGMII_2_250_NS 15 +#define YT8521_RC1R_RGMII_0_000_PS 0 +#define YT8521_RC1R_RGMII_0_150_PS 1 +#define YT8521_RC1R_RGMII_0_300_PS 2 +#define YT8521_RC1R_RGMII_0_450_PS 3 +#define YT8521_RC1R_RGMII_0_600_PS 4 +#define YT8521_RC1R_RGMII_0_750_PS 5 +#define YT8521_RC1R_RGMII_0_900_PS 6 +#define YT8521_RC1R_RGMII_1_050_PS 7 +#define YT8521_RC1R_RGMII_1_200_PS 8 +#define YT8521_RC1R_RGMII_1_350_PS 9 +#define YT8521_RC1R_RGMII_1_500_PS 10 +#define YT8521_RC1R_RGMII_1_650_PS 11 +#define YT8521_RC1R_RGMII_1_800_PS 12 +#define YT8521_RC1R_RGMII_1_950_PS 13 +#define YT8521_RC1R_RGMII_2_100_PS 14 +#define YT8521_RC1R_RGMII_2_250_PS 15 /* LED CONFIG */ #define YT8521_MAX_LEDS 3 @@ -800,40 +800,40 @@ struct ytphy_cfg_reg_map { static const struct ytphy_cfg_reg_map ytphy_rgmii_delays[] = { /* for tx delay / rx delay with YT8521_CCR_RXC_DLY_EN is not set. */ - { 0, YT8521_RC1R_RGMII_0_000_NS }, - { 150, YT8521_RC1R_RGMII_0_150_NS }, - { 300, YT8521_RC1R_RGMII_0_300_NS }, - { 450, YT8521_RC1R_RGMII_0_450_NS }, - { 600, YT8521_RC1R_RGMII_0_600_NS }, - { 750, YT8521_RC1R_RGMII_0_750_NS }, - { 900, YT8521_RC1R_RGMII_0_900_NS }, - { 1050, YT8521_RC1R_RGMII_1_050_NS }, - { 1200, YT8521_RC1R_RGMII_1_200_NS }, - { 1350, YT8521_RC1R_RGMII_1_350_NS }, - { 1500, YT8521_RC1R_RGMII_1_500_NS }, - { 1650, YT8521_RC1R_RGMII_1_650_NS }, - { 1800, YT8521_RC1R_RGMII_1_800_NS }, - { 1950, YT8521_RC1R_RGMII_1_950_NS }, /* default tx/rx delay */ - { 2100, YT8521_RC1R_RGMII_2_100_NS }, - { 2250, YT8521_RC1R_RGMII_2_250_NS }, + { 0, YT8521_RC1R_RGMII_0_000_PS }, + { 150, YT8521_RC1R_RGMII_0_150_PS }, + { 300, YT8521_RC1R_RGMII_0_300_PS }, + { 450, YT8521_RC1R_RGMII_0_450_PS }, + { 600, YT8521_RC1R_RGMII_0_600_PS }, + { 750, YT8521_RC1R_RGMII_0_750_PS }, + { 900, YT8521_RC1R_RGMII_0_900_PS }, + { 1050, YT8521_RC1R_RGMII_1_050_PS }, + { 1200, YT8521_RC1R_RGMII_1_200_PS }, + { 1350, YT8521_RC1R_RGMII_1_350_PS }, + { 1500, YT8521_RC1R_RGMII_1_500_PS }, + { 1650, YT8521_RC1R_RGMII_1_650_PS }, + { 1800, YT8521_RC1R_RGMII_1_800_PS }, + { 1950, YT8521_RC1R_RGMII_1_950_PS }, /* default tx/rx delay */ + { 2100, YT8521_RC1R_RGMII_2_100_PS }, + { 2250, YT8521_RC1R_RGMII_2_250_PS }, /* only for rx delay with YT8521_CCR_RXC_DLY_EN is set. */ - { 0 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_000_NS }, - { 150 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_150_NS }, - { 300 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_300_NS }, - { 450 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_450_NS }, - { 600 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_600_NS }, - { 750 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_750_NS }, - { 900 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_900_NS }, - { 1050 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_050_NS }, - { 1200 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_200_NS }, - { 1350 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_350_NS }, - { 1500 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_500_NS }, - { 1650 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_650_NS }, - { 1800 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_800_NS }, - { 1950 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_950_NS }, - { 2100 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_100_NS }, - { 2250 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_250_NS } + { 0 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_000_PS }, + { 150 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_150_PS }, + { 300 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_300_PS }, + { 450 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_450_PS }, + { 600 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_600_PS }, + { 750 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_750_PS }, + { 900 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_900_PS }, + { 1050 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_050_PS }, + { 1200 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_200_PS }, + { 1350 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_350_PS }, + { 1500 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_500_PS }, + { 1650 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_650_PS }, + { 1800 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_800_PS }, + { 1950 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_950_PS }, + { 2100 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_100_PS }, + { 2250 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_250_PS } }; static u32 ytphy_get_delay_reg_value(struct phy_device *phydev, @@ -890,10 +890,10 @@ static int ytphy_rgmii_clk_delay_config(struct phy_device *phydev) rx_reg = ytphy_get_delay_reg_value(phydev, "rx-internal-delay-ps", ytphy_rgmii_delays, tb_size, &rxc_dly_en, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); tx_reg = ytphy_get_delay_reg_value(phydev, "tx-internal-delay-ps", ytphy_rgmii_delays, tb_size, NULL, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); switch (phydev->interface) { case PHY_INTERFACE_MODE_RGMII: -- 2.25.1

3 days, 23 hours

1
0
0 0

[PATCH] crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value

by Miaoqian Lin

The qm_get_qos_value() function calls bus_find_device_by_name() which increases the device reference count, but fails to call put_device() to balance the reference count and lead to a device reference leak. Add put_device() calls in both the error path and success path to properly balance the reference count. Found via static analysis. Fixes: 22d7a6c39cab ("crypto: hisilicon/qm - add pci bdf number check") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/crypto/hisilicon/qm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c index a5b96adf2d1e..3b391a146635 100644 --- a/drivers/crypto/hisilicon/qm.c +++ b/drivers/crypto/hisilicon/qm.c @@ -3871,10 +3871,12 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf, pdev = container_of(dev, struct pci_dev, dev); if (pci_physfn(pdev) != qm->pdev) { pci_err(qm->pdev, "the pdev input does not match the pf!\n"); + put_device(dev); return -EINVAL; } *fun_index = pdev->devfn; + put_device(dev); return 0; } -- 2.39.5 (Apple Git-154)

3 days, 23 hours

2
1
0 0

[PATCH] clk: rockchip: rk3588: Don't change PLL rates when setting dclk_vop2_src

by Heiko Stuebner

dclk_vop2_src currently has CLK_SET_RATE_PARENT | CLK_SET_RATE_NO_REPARENT flags set, which is vastly different than dclk_vop0_src or dclk_vop1_src, which have none of those. With these flags in dclk_vop2_src, actually setting the clock then results in a lot of other peripherals breaking, because setting the rate results in the PLL source getting changed: [ 14.898718] clk_core_set_rate_nolock: setting rate for dclk_vop2 to 152840000 [ 15.155017] clk_change_rate: setting rate for pll_gpll to 1680000000 [ clk adjusting every gpll user ] This includes possibly the other vops, i2s, spdif and even the uarts. Among other possible things, this breaks the uart console on a board I use. Sometimes it recovers later on, but there will be a big block of garbled output for a while at least. Shared PLLs should not be changed by individual users, so drop these flags from dclk_vop2_src and make the flags the same as on dclk_vop0 and dclk_vop1. Fixes: f1c506d152ff ("clk: rockchip: add clock controller for the RK3588") Cc: stable(a)vger.kernel.org Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> --- drivers/clk/rockchip/clk-rk3588.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/rockchip/clk-rk3588.c b/drivers/clk/rockchip/clk-rk3588.c index 1694223f4f84..cf83242d1726 100644 --- a/drivers/clk/rockchip/clk-rk3588.c +++ b/drivers/clk/rockchip/clk-rk3588.c @@ -2094,7 +2094,7 @@ static struct rockchip_clk_branch rk3588_early_clk_branches[] __initdata = { COMPOSITE(DCLK_VOP1_SRC, "dclk_vop1_src", gpll_cpll_v0pll_aupll_p, 0, RK3588_CLKSEL_CON(111), 14, 2, MFLAGS, 9, 5, DFLAGS, RK3588_CLKGATE_CON(52), 11, GFLAGS), - COMPOSITE(DCLK_VOP2_SRC, "dclk_vop2_src", gpll_cpll_v0pll_aupll_p, CLK_SET_RATE_PARENT | CLK_SET_RATE_NO_REPARENT, + COMPOSITE(DCLK_VOP2_SRC, "dclk_vop2_src", gpll_cpll_v0pll_aupll_p, 0, RK3588_CLKSEL_CON(112), 5, 2, MFLAGS, 0, 5, DFLAGS, RK3588_CLKGATE_CON(52), 12, GFLAGS), COMPOSITE_NODIV(DCLK_VOP0, "dclk_vop0", dclk_vop0_p, -- 2.47.2

3 days, 23 hours

5
8
0 0

[PATCH net 1/1] batman-adv: Release references to inactive interfaces

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> Trying to dump the originators or the neighbors via netlink for a meshif with an inactive primary interface is not allowed. The dump functions were checking this correctly but they didn't handle non-existing primary interfaces and existing _inactive_ interfaces differently. (Primary) batadv_hard_ifaces hold a references to a net_device. And accessing them is only allowed when either being in a RCU/spinlock protected section or when holding a valid reference to them. The netlink dump functions use the latter. But because the missing specific error handling for inactive primary interfaces, the reference was never dropped. This reference counting error was only detected when the interface should have been removed from the system: unregister_netdevice: waiting for batadv_slave_0 to become free. Usage count = 2 Cc: stable(a)vger.kernel.org Fixes: 6ecc4fd6c2f4 ("batman-adv: netlink: reduce duplicate code by returning interfaces") Reported-by: syzbot+881d65229ca4f9ae8c84(a)syzkaller.appspotmail.com Reported-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/originator.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c index a464ff96b9291..ed89d7fd1e7f4 100644 --- a/net/batman-adv/originator.c +++ b/net/batman-adv/originator.c @@ -764,11 +764,16 @@ int batadv_hardif_neigh_dump(struct sk_buff *msg, struct netlink_callback *cb) bat_priv = netdev_priv(mesh_iface); primary_if = batadv_primary_if_get_selected(bat_priv); - if (!primary_if || primary_if->if_status != BATADV_IF_ACTIVE) { + if (!primary_if) { ret = -ENOENT; goto out_put_mesh_iface; } + if (primary_if->if_status != BATADV_IF_ACTIVE) { + ret = -ENOENT; + goto out_put_primary_if; + } + hard_iface = batadv_netlink_get_hardif(bat_priv, cb); if (IS_ERR(hard_iface) && PTR_ERR(hard_iface) != -ENONET) { ret = PTR_ERR(hard_iface); @@ -1333,11 +1338,16 @@ int batadv_orig_dump(struct sk_buff *msg, struct netlink_callback *cb) bat_priv = netdev_priv(mesh_iface); primary_if = batadv_primary_if_get_selected(bat_priv); - if (!primary_if || primary_if->if_status != BATADV_IF_ACTIVE) { + if (!primary_if) { ret = -ENOENT; goto out_put_mesh_iface; } + if (primary_if->if_status != BATADV_IF_ACTIVE) { + ret = -ENOENT; + goto out_put_primary_if; + } + hard_iface = batadv_netlink_get_hardif(bat_priv, cb); if (IS_ERR(hard_iface) && PTR_ERR(hard_iface) != -ENONET) { ret = PTR_ERR(hard_iface); -- 2.47.3

3 days, 23 hours

2
1
0 0

[PATCH] riscv: Fix memory leak in module_frob_arch_sections()

by Miaoqian Lin

The current code directly overwrites the scratch pointer with the return value of kvrealloc(). If kvrealloc() fails and returns NULL, the original buffer becomes unreachable, causing a memory leak. Fix this by using a temporary variable to store kvrealloc()'s return value and only update the scratch pointer on success. Found via static anlaysis and this is similar to commit 42378a9ca553 ("bpf, verifier: Fix memory leak in array reallocation for stack state") Fixes: be17c0df6795 ("riscv: module: Optimize PLT/GOT entry counting") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/riscv/kernel/module-sections.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/module-sections.c b/arch/riscv/kernel/module-sections.c index 75551ac6504c..1675cbad8619 100644 --- a/arch/riscv/kernel/module-sections.c +++ b/arch/riscv/kernel/module-sections.c @@ -119,6 +119,7 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, unsigned int num_plts = 0; unsigned int num_gots = 0; Elf_Rela *scratch = NULL; + Elf_Rela *new_scratch; size_t scratch_size = 0; int i; @@ -168,9 +169,12 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, scratch_size_needed = (num_scratch_relas + num_relas) * sizeof(*scratch); if (scratch_size_needed > scratch_size) { scratch_size = scratch_size_needed; - scratch = kvrealloc(scratch, scratch_size, GFP_KERNEL); - if (!scratch) + new_scratch = kvrealloc(scratch, scratch_size, GFP_KERNEL); + if (!new_scratch) { + kvfree(scratch); return -ENOMEM; + } + scratch = new_scratch; } for (size_t j = 0; j < num_relas; j++) -- 2.39.5 (Apple Git-154)

4 days

2
1
0 0

[PATCH AUTOSEL 6.17-6.1] smb/server: fix possible memory leak in smb2_read()

by Sasha Levin

From: ZhangGuoDong <zhangguodong(a)kylinos.cn> [ Upstream commit 6fced056d2cc8d01b326e6fcfabaacb9850b71a4 ] Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree(). Co-developed-by: ChenXiaoSong <chenxiaosong(a)kylinos.cn> Signed-off-by: ChenXiaoSong <chenxiaosong(a)kylinos.cn> Signed-off-by: ZhangGuoDong <zhangguodong(a)kylinos.cn> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## **Backport Status: YES** ### **Extensive Analysis** Based on comprehensive semantic code analysis and repository examination, this commit **should be backported** to stable kernel trees. --- ## **1. Code Change Analysis** The commit adds a single line to fix a memory leak in `fs/smb/server/smb2pdu.c`: ```c nbytes = ksmbd_vfs_read(work, fp, length, &offset, aux_payload_buf); if (nbytes < 0) { + kvfree(aux_payload_buf); // <-- Added line err = nbytes; goto out; } ``` **What was wrong:** Memory allocated at line 6821 (`aux_payload_buf = kvzalloc(ALIGN(length, 8), KSMBD_DEFAULT_GFP)`) was not freed when `ksmbd_vfs_read()` fails, while all other error paths properly call `kvfree()`. --- ## **2. Semantic Analysis Tools Used** ### **Tool 1: mcp__semcode__find_function** - Located `smb2_read()` in `fs/smb/server/smb2pdu.c:6727-6895` - Confirmed it's an SMB2 protocol handler (169 lines, 24 function calls) - Return type: `int` (returns error codes) ### **Tool 2: mcp__semcode__find_callers** - Result: No direct function callers - However, cross-referenced with `smb2ops.c:183` showing `smb2_read` is registered as a handler: `[SMB2_READ_HE] = { .proc = smb2_read }` - **Conclusion:** This is a protocol handler invoked by the SMB2 message dispatcher, meaning it's **directly user-triggerable** via network requests ### **Tool 3: mcp__semcode__find_calls** - Analyzed `ksmbd_vfs_read()` dependencies - Found it can fail with multiple error codes: `-EISDIR`, `-EACCES`, `-EAGAIN`, plus any errors from `kernel_read()` - **All of these failure paths trigger the memory leak** ### **Tool 4: git blame & git log** - Bug introduced: commit `e2f34481b24db2` (2021-03-16) - **4 years old!** - Recent modification: commit `06a025448b572c` (2024-11-30) changed allocation to `ALIGN(length, 8)` but didn't fix the leak - Found 15+ similar "memory leak" fixes in ksmbd history, indicating active maintenance --- ## **3. Impact Scope Analysis** ### **User Exposure: CRITICAL** - **Protocol Handler:** Any SMB client can trigger this by sending SMB2 READ requests - **Network-facing:** ksmbd is a kernel SMB server exposed to network clients - **No authentication required to trigger:** The error path can be reached even with permission errors ### **Trigger Conditions (from VFS analysis):** 1. **-EISDIR**: Client tries to read a directory 2. **-EACCES**: Permission denied (no FILE_READ_DATA or FILE_EXECUTE access) 3. **-EAGAIN**: File is locked by another process 4. **kernel_read() failures**: Various VFS/filesystem errors All of these are **easily triggerable** by malicious or misbehaving clients. ### **Memory Leak Severity: HIGH** - **Allocation size:** `ALIGN(length, 8)` where `length` is client- controlled - **Maximum per leak:** Up to `SMB3_MAX_IOSIZE` = **8 MB** (from smb2pdu.h:28) - **Default size:** `SMB21_DEFAULT_IOSIZE` = **1 MB** (from smb2pdu.h:25) - **Attack scenario:** An attacker could repeatedly: 1. Send READ requests for locked files (triggers -EAGAIN) 2. Each failed request leaks up to 8MB 3. 100 requests = 800MB leaked 4. Can exhaust server memory leading to **DoS** --- ## **4. Regression Risk Analysis** ### **Risk Level: VERY LOW** - **Change size:** Single line addition - **Operation:** Adding missing cleanup (defensive programming) - **No behavior change:** Only affects error path that already returns failure - **Idempotent:** `kvfree()` is safe to call and simply frees allocated memory - **No dependencies:** No API changes or external impact --- ## **5. Stable Tree Compliance** | Criterion | Status | Evidence | |-----------|--------|----------| | Fixes important bug | ✅ YES | Memory leak leading to potential DoS | | Small and contained | ✅ YES | 1 line change, single function | | No new features | ✅ YES | Pure bug fix | | No architectural changes | ✅ YES | No structural modifications | | Low regression risk | ✅ YES | Minimal, defensive change | | Confined to subsystem | ✅ YES | Only affects ksmbd | | User-facing impact | ✅ YES | Affects all ksmbd users | --- ## **6. Comparison with Similar Commits** Recent ksmbd fixes in the repository show similar patterns: - `379510a815cb2`: "fix possible refcount leak in smb2_sess_setup()" - `5929e98f3bb76`: "fix potential double free on smb2_read_pipe() error path" - `e523a26c05672`: "fix passing freed memory 'aux_payload_buf'" - `809d50d36e71b`: "fix memory leak in smb2_lock()" **All these are typical stable tree backport candidates** with similar characteristics (small resource leak fixes). --- ## **7. Missing Stable Tags** **Notable:** The commit lacks explicit stable tree tags: - ❌ No `Cc: stable(a)vger.kernel.org` - ❌ No `Fixes:` tag pointing to the original buggy commit However, this doesn't diminish backport worthiness - the technical merits clearly justify backporting. --- ## **Conclusion** This commit is an **excellent candidate for backporting** because: 1. **Security concern:** Remote memory exhaustion DoS vector 2. **Long-standing bug:** Present since ksmbd's introduction (4+ years) 3. **Wide impact:** Affects all ksmbd deployments 4. **Minimal risk:** Single-line defensive fix 5. **Clear bug fix:** Unambiguous resource leak on error path 6. **Pattern consistency:** Matches other successfully backported ksmbd fixes **Recommendation:** Backport to all active stable trees where ksmbd exists (5.15+). fs/smb/server/smb2pdu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 287200d7c0764..409b85af82e1c 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -6826,6 +6826,7 @@ int smb2_read(struct ksmbd_work *work) nbytes = ksmbd_vfs_read(work, fp, length, &offset, aux_payload_buf); if (nbytes < 0) { + kvfree(aux_payload_buf); err = nbytes; goto out; } -- 2.51.0

4 days

1
25
0 0

[PATCH v2] PCI: xilinx-xdma: Enable INTx interrupts

by Ravi Kumar Bandi

The pcie-xilinx-dma-pl driver does not enable INTx interrupts after initializing the port, preventing INTx interrupts from PCIe endpoints from flowing through the Xilinx XDMA root port bridge. This issue affects kernel 6.6.0 and later versions. This patch allows INTx interrupts generated by PCIe endpoints to flow through the root port. Tested the fix on a board with two endpoints generating INTx interrupts. Interrupts are properly detected and serviced. The /proc/interrupts output shows: [...] 32: 320 0 pl_dma:RC-Event 16 Level 400000000.axi-pcie, azdrv 52: 470 0 pl_dma:RC-Event 16 Level 500000000.axi-pcie, azdrv [...] Changes since v1:: - Fixed commit message per reviewer's comments Fixes: 8d786149d78c ("PCI: xilinx-xdma: Add Xilinx XDMA Root Port driver") Cc: stable(a)vger.kernel.org Signed-off-by: Ravi Kumar Bandi <ravib(a)amazon.com> --- drivers/pci/controller/pcie-xilinx-dma-pl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/pci/controller/pcie-xilinx-dma-pl.c b/drivers/pci/controller/pcie-xilinx-dma-pl.c index b037c8f315e4..cc539292d10a 100644 --- a/drivers/pci/controller/pcie-xilinx-dma-pl.c +++ b/drivers/pci/controller/pcie-xilinx-dma-pl.c @@ -659,6 +659,12 @@ static int xilinx_pl_dma_pcie_setup_irq(struct pl_dma_pcie *port) return err; } + /* Enable interrupts */ + pcie_write(port, XILINX_PCIE_DMA_IMR_ALL_MASK, + XILINX_PCIE_DMA_REG_IMR); + pcie_write(port, XILINX_PCIE_DMA_IDRN_MASK, + XILINX_PCIE_DMA_REG_IDRN_MASK); + return 0; } -- 2.47.3

4 days

8
31
0 0

[PATCH] powerpc: Fix mprotect on book3s32

by Dave Vasilevsky via B4 Relay

From: Dave Vasilevsky <dave(a)vasilevsky.ca> On 32-bit book3s with hash-MMUs, tlb_flush() was a no-op. This was unnoticed because all uses until recently were for unmaps, and thus handled by __tlb_remove_tlb_entry(). After commit 4a18419f71cd ("mm/mprotect: use mmu_gather") in kernel 5.19, tlb_gather_mmu() started being used for mprotect as well. This caused mprotect to simply not work on these machines: int *ptr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); *ptr = 1; // force HPTE to be created mprotect(ptr, 4096, PROT_READ); *ptr = 2; // should segfault, but succeeds Fixed by making tlb_flush() actually flush TLB pages. This finally agrees with the behaviour of boot3s64's tlb_flush(). Fixes: 4a18419f71cd ("mm/mprotect: use mmu_gather") Signed-off-by: Dave Vasilevsky <dave(a)vasilevsky.ca> --- arch/powerpc/include/asm/book3s/32/tlbflush.h | 8 ++++++-- arch/powerpc/mm/book3s32/tlb.c | 6 ++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/32/tlbflush.h b/arch/powerpc/include/asm/book3s/32/tlbflush.h index e43534da5207aa3b0cb3c07b78e29b833c141f3f..b8c587ad2ea954f179246a57d6e86e45e91dcfdc 100644 --- a/arch/powerpc/include/asm/book3s/32/tlbflush.h +++ b/arch/powerpc/include/asm/book3s/32/tlbflush.h @@ -11,6 +11,7 @@ void hash__flush_tlb_mm(struct mm_struct *mm); void hash__flush_tlb_page(struct vm_area_struct *vma, unsigned long vmaddr); void hash__flush_range(struct mm_struct *mm, unsigned long start, unsigned long end); +void hash__flush_gather(struct mmu_gather *tlb); #ifdef CONFIG_SMP void _tlbie(unsigned long address); @@ -28,9 +29,12 @@ void _tlbia(void); */ static inline void tlb_flush(struct mmu_gather *tlb) { - /* 603 needs to flush the whole TLB here since it doesn't use a hash table. */ - if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) + if (mmu_has_feature(MMU_FTR_HPTE_TABLE)) { + hash__flush_gather(tlb); + } else { + /* 603 needs to flush the whole TLB here since it doesn't use a hash table. */ _tlbia(); + } } static inline void flush_range(struct mm_struct *mm, unsigned long start, unsigned long end) diff --git a/arch/powerpc/mm/book3s32/tlb.c b/arch/powerpc/mm/book3s32/tlb.c index 9ad6b56bfec96e989b96f027d075ad5812500854..3da95ecfbbb296303082e378425e92a5fbdbfac8 100644 --- a/arch/powerpc/mm/book3s32/tlb.c +++ b/arch/powerpc/mm/book3s32/tlb.c @@ -105,3 +105,9 @@ void hash__flush_tlb_page(struct vm_area_struct *vma, unsigned long vmaddr) flush_hash_pages(mm->context.id, vmaddr, pmd_val(*pmd), 1); } EXPORT_SYMBOL(hash__flush_tlb_page); + +void hash__flush_gather(struct mmu_gather *tlb) +{ + hash__flush_range(tlb->mm, tlb->start, tlb->end); +} +EXPORT_SYMBOL(hash__flush_gather); --- base-commit: dcb6fa37fd7bc9c3d2b066329b0d27dedf8becaa change-id: 20251027-vasi-mprotect-g3-f8f5278d4140 Best regards, -- Dave Vasilevsky <dave(a)vasilevsky.ca>

4 days, 1 hour

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror