- Linux-stable-mirror - lists.linaro.org

[PATCH] mpi3mr: Prevent duplicate SAS/SATA device entries in channel 1

by Suganath Prabu S

This fix avoids scanning of SAS/SATA devices in channel 1 when SAS transport is enabled as the SAS/SATA devices are exposed through channel 0 when SAS transport is enabled. Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Signed-off-by: Suganath Prabu S <suganath-prabu.subramani(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr.h | 4 ++-- drivers/scsi/mpi3mr/mpi3mr_os.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index 6742684..31d68c1 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -56,8 +56,8 @@ extern struct list_head mrioc_list; extern int prot_mask; extern atomic64_t event_counter; -#define MPI3MR_DRIVER_VERSION "8.15.0.5.50" -#define MPI3MR_DRIVER_RELDATE "12-August-2025" +#define MPI3MR_DRIVER_VERSION "8.15.0.5.51" +#define MPI3MR_DRIVER_RELDATE "18-November-2025" #define MPI3MR_DRIVER_NAME "mpi3mr" #define MPI3MR_DRIVER_LICENSE "GPL" diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index b88633e..bca3671 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -1184,6 +1184,8 @@ static void mpi3mr_update_tgtdev(struct mpi3mr_ioc *mrioc, if (is_added == true) tgtdev->io_throttle_enabled = (flags & MPI3_DEVICE0_FLAGS_IO_THROTTLING_REQUIRED) ? 1 : 0; + if(!mrioc->sas_transport_enabled) + tgtdev->non_stl = 1; switch (flags & MPI3_DEVICE0_FLAGS_MAX_WRITE_SAME_MASK) { case MPI3_DEVICE0_FLAGS_MAX_WRITE_SAME_256_LB: @@ -4844,7 +4846,7 @@ static int mpi3mr_target_alloc(struct scsi_target *starget) spin_lock_irqsave(&mrioc->tgtdev_lock, flags); if (starget->channel == mrioc->scsi_device_channel) { tgt_dev = __mpi3mr_get_tgtdev_by_perst_id(mrioc, starget->id); - if (tgt_dev && !tgt_dev->is_hidden) { + if (tgt_dev && !tgt_dev->is_hidden && tgt_dev->non_stl) { scsi_tgt_priv_data->starget = starget; scsi_tgt_priv_data->dev_handle = tgt_dev->dev_handle; scsi_tgt_priv_data->perst_id = tgt_dev->perst_id; -- 2.47.3

14 minutes

3
3
0 0

[PATCH v4 0/2] Enable 1GHz OPP am335x-bonegreen-eco

by Kory Maincent (TI.com)

The vdd_mpu regulator maximum voltage was previously limited to 1.2985V, which prevented the CPU from reaching the 1GHz operating point. This limitation was put in place because voltage changes were not working correctly, causing the board to stall when attempting higher frequencies. Increase the maximum voltage to 1.3515V to allow the full 1GHz OPP to be used. Add a TPS65219 PMIC driver fixes that properly implement the LOCK register handling, to make voltage transitions work reliably. Changes in v4: - Move the registers unlock in the probe instead of a custom regmap write operation. - Link to v3: https://lore.kernel.org/r/20251112-fix_tps65219-v3-0-e49bab4c01ce@bootlin.c… Changes in v3: - Remove an unused variable - Link to v2: https://lore.kernel.org/r/20251106-fix_tps65219-v2-0-a7d608c4272f@bootlin.c… Changes in v2: - Setup a custom regmap_bus only for the TPS65214 instead of checking the chip_id every time reg_write is called. - Add the am335x-bonegreen-eco devicetree change in the same patch series. Signed-off-by: Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> --- Kory Maincent (TI.com) (2): mfd: tps65219: Implement LOCK register handling for TPS65214 ARM: dts: am335x-bonegreen-eco: Enable 1GHz OPP by increasing vdd_mpu voltage arch/arm/boot/dts/ti/omap/am335x-bonegreen-eco.dts | 2 +- drivers/mfd/tps65219.c | 7 +++++++ include/linux/mfd/tps65219.h | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) --- base-commit: 1c353dc8d962de652bc7ad2ba2e63f553331391c change-id: 20251106-fix_tps65219-dd62141d22cf Best regards, -- Köry Maincent, Bootlin Embedded Linux and kernel engineering https://bootlin.com

26 minutes

4
5
0 0

Re: [PATCH V6] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by Richard Lyu

What is the current status of this patch? Link: https://lore.kernel.org/lkml/1752290685-22164-1-git-send-email-yangge1116@1… Best Regards, Richard Lyu

50 minutes

1
0
0 0

[PATCH v3 01/10] crypto: virtio: Add spinlock protection with virtqueue notification

by Bibo Mao

When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well. Fixes: fed93fb62e05 ("crypto: virtio - Handle dataq logic with tasklet") Cc: stable(a)vger.kernel.org Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- drivers/crypto/virtio/virtio_crypto_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index 3d241446099c..ccc6b5c1b24b 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -75,15 +75,20 @@ static void virtcrypto_done_task(unsigned long data) struct data_queue *data_vq = (struct data_queue *)data; struct virtqueue *vq = data_vq->vq; struct virtio_crypto_request *vc_req; + unsigned long flags; unsigned int len; + spin_lock_irqsave(&data_vq->lock, flags); do { virtqueue_disable_cb(vq); while ((vc_req = virtqueue_get_buf(vq, &len)) != NULL) { + spin_unlock_irqrestore(&data_vq->lock, flags); if (vc_req->alg_cb) vc_req->alg_cb(vc_req, len); + spin_lock_irqsave(&data_vq->lock, flags); } } while (!virtqueue_enable_cb(vq)); + spin_unlock_irqrestore(&data_vq->lock, flags); } static void virtcrypto_dataq_callback(struct virtqueue *vq) -- 2.39.3

1 hour, 13 minutes

1
0
0 0

[PATCH v3 01/10] crypto: virtio: Add spinlock protection with virtqueue notification

by Bibo Mao

When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well. Fixes: fed93fb62e05 ("crypto: virtio - Handle dataq logic with tasklet") Cc: stable(a)vger.kernel.org Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- drivers/crypto/virtio/virtio_crypto_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index 3d241446099c..ccc6b5c1b24b 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -75,15 +75,20 @@ static void virtcrypto_done_task(unsigned long data) struct data_queue *data_vq = (struct data_queue *)data; struct virtqueue *vq = data_vq->vq; struct virtio_crypto_request *vc_req; + unsigned long flags; unsigned int len; + spin_lock_irqsave(&data_vq->lock, flags); do { virtqueue_disable_cb(vq); while ((vc_req = virtqueue_get_buf(vq, &len)) != NULL) { + spin_unlock_irqrestore(&data_vq->lock, flags); if (vc_req->alg_cb) vc_req->alg_cb(vc_req, len); + spin_lock_irqsave(&data_vq->lock, flags); } } while (!virtqueue_enable_cb(vq)); + spin_unlock_irqrestore(&data_vq->lock, flags); } static void virtcrypto_dataq_callback(struct virtqueue *vq) -- 2.39.3

1 hour, 36 minutes

1
0
0 0

[PATCH V2] mm/slab: ensure all metadata in slab object are word-aligned

by Harry Yoo

When the SLAB_STORE_USER debug flag is used, any metadata placed after the original kmalloc request size (orig_size) is not properly aligned on 64-bit architectures because its type is unsigned int. When both KASAN and SLAB_STORE_USER are enabled, kasan_alloc_meta is misaligned. Note that 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS are assumed to require 64-bit accesses to be 64-bit aligned. See HAVE_64BIT_ALIGNED_ACCESS and commit adab66b71abf ("Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"") for more details. Because not all architectures support unaligned memory accesses, ensure that all metadata (track, orig_size, kasan_{alloc,free}_meta) in a slab object are word-aligned. struct track, kasan_{alloc,free}_meta are aligned by adding __aligned(__alignof__(unsigned long)). For orig_size, use ALIGN(sizeof(unsigned int), sizeof(unsigned long)) to make clear that its size remains unsigned int but it must be aligned to a word boundary. On 64-bit architectures, this reserves 8 bytes for orig_size, which is acceptable since kmalloc's original request size tracking is intended for debugging rather than production use. Cc: stable(a)vger.kernel.org Fixes: 6edf2576a6cc ("mm/slub: enable debugging memory wasting of kmalloc") Acked-by: Andrey Konovalov <andreyknvl(a)gmail.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- v1 -> v2: - Added Andrey's Acked-by. - Added references to HAVE_64BIT_ALIGNED_ACCESS and the commit that resurrected it. - Used __alignof__() instead of sizeof(), as suggested by Pedro (off-list). Note: either __alignof__ or sizeof() produces the exactly same mm/slub.o files, so there's no functional difference. Thanks! mm/kasan/kasan.h | 4 ++-- mm/slub.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 129178be5e64..b86b6e9f456a 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -265,7 +265,7 @@ struct kasan_alloc_meta { struct kasan_track alloc_track; /* Free track is stored in kasan_free_meta. */ depot_stack_handle_t aux_stack[2]; -}; +} __aligned(__alignof__(unsigned long)); struct qlist_node { struct qlist_node *next; @@ -289,7 +289,7 @@ struct qlist_node { struct kasan_free_meta { struct qlist_node quarantine_link; struct kasan_track free_track; -}; +} __aligned(__alignof__(unsigned long)); #endif /* CONFIG_KASAN_GENERIC */ diff --git a/mm/slub.c b/mm/slub.c index a585d0ac45d4..462a39d57b3a 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -344,7 +344,7 @@ struct track { int cpu; /* Was running on cpu */ int pid; /* Pid context */ unsigned long when; /* When did the operation occur */ -}; +} __aligned(__alignof__(unsigned long)); enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -1196,7 +1196,7 @@ static void print_trailer(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (slub_debug_orig_size(s)) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), __alignof__(unsigned long)); off += kasan_metadata_size(s, false); @@ -1392,7 +1392,8 @@ static int check_pad_bytes(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (s->flags & SLAB_KMALLOC) - off += sizeof(unsigned int); + off += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } off += kasan_metadata_size(s, false); @@ -7820,9 +7821,14 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s) */ size += 2 * sizeof(struct track); - /* Save the original kmalloc request size */ + /* + * Save the original kmalloc request size. + * Although the request size is an unsigned int, + * make sure that is aligned to word boundary. + */ if (flags & SLAB_KMALLOC) - size += sizeof(unsigned int); + size += ALIGN(sizeof(unsigned int), + __alignof__(unsigned long)); } #endif -- 2.43.0

1 hour, 57 minutes

2
3
0 0

[PATCH v4 1/6] drm/amdgpu: Fix gfx9 update PTE mtype flag

by Philip Yang

With this bug MTYPE_UC 0x3 can not be updated to MTYPE_RW 0x1. CC stables. cc: stable(a)vger.kernel.org Signed-off-by: Philip Yang <Philip.Yang(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c index 97a04e3171f2..205c34eb8d11 100644 --- a/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c @@ -1204,16 +1204,16 @@ static void gmc_v9_0_get_vm_pte(struct amdgpu_device *adev, *flags = AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_NC); break; case AMDGPU_VM_MTYPE_WC: - *flags |= AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_WC); + *flags = AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_WC); break; case AMDGPU_VM_MTYPE_RW: - *flags |= AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_RW); + *flags = AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_RW); break; case AMDGPU_VM_MTYPE_CC: - *flags |= AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_CC); + *flags = AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_CC); break; case AMDGPU_VM_MTYPE_UC: - *flags |= AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_UC); + *flags = AMDGPU_PTE_MTYPE_VG10(*flags, MTYPE_UC); break; } -- 2.50.1

2 hours, 10 minutes

1
0
0 0

[BUG] Missing backport for commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x")

by Slavin Liu

Hi, I would like to request backporting commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x") to all LTS kernels. This patch actually fixes a use-after-free issue, but it hasn't been backported to any of the LTS versions, which are still being affected. As the patch describes, a specific trigger scenario could be: If a tunnel packet is received (e.g., in ip_local_deliver()), with the outer layer being IPComp protocol and the inner layer being fragmented packets, during outer packet processing, it will go through xfrm_input() to hold a reference to the IPComp xfrm_state. Then, it is re-injected into the network stack via gro_cells_receive() and placed in the reassembly queue. When exiting the netns and calling cleanup_net(), although ipv4_frags_exit_net() is called before xfrm_net_exit(), due to asynchronous scheduling, fqdir_free_work() may execute after xfrm_state_fini(). In xfrm_state_fini(), xfrm_state_flush() puts and deletes the xfrm_state for IPPROTO_COMP, but does not delete the xfrm_state for IPPROTO_IPIP. Meanwhile, the skb in the reassembly queue holds the last reference to the IPPROTO_COMP xfrm_state, so it isn't destroyed yet. Only when the skb in the reassembly queue is destroyed does the IPPROTO_COMP xfrm_state get fully destroyed, which calls ipcomp_destroy() to delete the IPPROTO_IPIP xfrm_state. However, by this time, the hash tables (net->xfrm.state_byxxx) have already been kfreed in xfrm_state_fini(), leading to a use-after-free during the deletion. The bug has existed since kernel v2.6.29, so the patch should be backported to all LTS kernels. thanks, Slavin Liu

2 hours, 23 minutes

3
4
0 0

More details about DUOONE OLED for your setup

by InnLead Innovative

More details about DUOONE OLED for your setup Hello, Following up on your interest in portable dual-screen setups, I’d love to share the latest details about the DUOONE OLED SPAN & FOLD, now launching on Kickstarter. This monitor is designed to eliminate the hassle of heavy or complicated multi-screen setups—whether you're gaming with friends or getting work done. Here’s what makes it stand out: • True Portability – Ultra-light design that fits in your bag, ready for work or play anywhere. • One-Cable Setup – Connect with a single USB-C cable (HDMI supported as well). • OLED Visuals – Vivid colors, deep blacks, and smooth motion for gaming, design, and content creation. • Flexible Modes – Switch between extended desktop for productivity or head-to-head mode for multiplayer gaming. You can view the full specs and current Kickstarter pricing here: View product details on Kickstarter ( https://eeenew.com/index.php?option=com_acym&ctrl=fronturl&task=click&urlid… ) If you have any questions, feel free to reply — happy to help anytime. Best regards, Shirley Xue DUOONE OLED Team

2 hours, 24 minutes

1
0
0 0

[PATCH v3 0/7] rust: build_assert: document and fix use with function arguments

by Alexandre Courbot

`build_assert` relies on the compiler to optimize out its error path, lest build fails with the dreaded error: ERROR: modpost: "rust_build_error" [path/to/module.ko] undefined! It has been observed that very trivial code performing I/O accesses (sometimes even using an immediate value) would seemingly randomly fail with this error whenever `CLIPPY=1` was set. The same behavior was also observed until different, very similar conditions [1][2]. The cause, as pointed out by Gary Guo [3], appears to be that the failing function is eventually using `build_assert` with its argument, but is only annotated with `#[inline]`. This gives the compiler freedom to not inline the function, which it notably did when Clippy was active, triggering the error. The fix is to annotate functions passing their argument to `build_assert` with `#[inline(always)]`, telling the compiler to be as aggressive as possible with their inlining. This is also the correct behavior as inlining is mandatory for correct behavior in these cases. This series fixes all possible points of failure in the kernel crate, and adds documentation to `build_assert` explaining how to properly inline functions for which this behavior may arise. [1] https://lore.kernel.org/all/DEEUYUOAEZU3.1J1HM2YQ10EX1@nvidia.com/ [2] https://lore.kernel.org/all/A1A280D4-836E-4D75-863E-30B1C276C80C@collabora.… [3] https://lore.kernel.org/all/20251121143008.2f5acc33.gary@garyguo.net/ Signed-off-by: Alexandre Courbot <acourbot(a)nvidia.com> --- Changes in v3: - Add "Fixes:" tags. - CC stable on fixup patches. - Link to v2: https://patch.msgid.link/20251128-io-build-assert-v2-0-a9ea9ce7d45d@nvidia.… Changes in v2: - Turn into a series and address other similar cases in the kernel crate. - Link to v1: https://patch.msgid.link/20251127-io-build-assert-v1-1-04237f2e5850@nvidia.… --- Alexandre Courbot (7): rust: build_assert: add instructions for use with function arguments rust: io: always inline functions using build_assert with arguments rust: cpufreq: always inline functions using build_assert with arguments rust: bits: always inline functions using build_assert with arguments rust: sync: refcount: always inline functions using build_assert with arguments rust: irq: always inline functions using build_assert with arguments rust: num: bounded: add missing comment for always inlined function rust/kernel/bits.rs | 6 ++++-- rust/kernel/build_assert.rs | 7 ++++++- rust/kernel/cpufreq.rs | 2 ++ rust/kernel/io.rs | 9 ++++++--- rust/kernel/io/resource.rs | 2 ++ rust/kernel/irq/flags.rs | 2 ++ rust/kernel/num/bounded.rs | 1 + rust/kernel/sync/refcount.rs | 3 ++- 8 files changed, 25 insertions(+), 7 deletions(-) --- base-commit: ba65a4e7120a616d9c592750d9147f6dcafedffa change-id: 20251127-io-build-assert-3579a5bfb81c Best regards, -- Alexandre Courbot <acourbot(a)nvidia.com>

2 hours, 34 minutes

3
10
0 0

[PATCH AUTOSEL 6.18-6.1] ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit b39a1833cc4a2755b02603eec3a71a85e9dff926 ] Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ### 3. CLASSIFICATION This is a **security/stability bug fix**: - **Use-after-free (UAF)** is a serious memory safety issue - ksmbd is **network-facing code** (SMB server) - security-sensitive - Can lead to kernel crashes, data corruption, or potential remote exploitation ### 4. SCOPE AND RISK ASSESSMENT **Size**: ~30 lines changed across 3 files **Files affected**: - `fs/smb/server/mgmt/tree_connect.c` - core reference counting logic - `fs/smb/server/mgmt/tree_connect.h` - struct definition - `fs/smb/server/smb2pdu.c` - disconnect path **Technical mechanism of the bug**: The previous fix (commit 33b235a6e6ebe) introduced a waitqueue-based refcount mechanism: 1. `ksmbd_tree_conn_disconnect()` would decrement refcount, wait for it to hit 0, then always call `kfree()` 2. `ksmbd_tree_connect_put()` would decrement refcount and wake up waiters **The race condition**: - Thread A: In disconnect, waits for refcount to hit 0, then runs more code before `kfree()` - Thread B: Drops last reference via `_put()`, refcount hits 0 - Thread A: Wakes up, but Thread B might still be executing code that accesses `tcon` - Thread A: Frees `tcon` - Thread B: UAF when accessing `tcon` after `_put()` returns **The fix**: Changes to standard "kref-style" reference counting: - Whoever drops refcount to 0 immediately calls `kfree()` - No window between refcount hitting 0 and free - Removes the buggy waitqueue mechanism entirely **Risk**: LOW - The new pattern (free on last put) is the standard kernel pattern (kref) - Simpler code is easier to verify correct - Self-contained within tree_connect subsystem ### 5. USER IMPACT - **Affected users**: Anyone running ksmbd (kernel SMB server) - **Trigger**: High concurrency - realistic for file servers - **Severity**: HIGH - kernel crash or potential security exploitation - **Real-world occurrence**: Two Reported-by tags confirm users hit this ### 6. STABILITY INDICATORS - Signed-off by ksmbd maintainer (Namjae Jeon) and CIFS/SMB maintainer (Steve French) - Two independent reporters indicate real bug - The buggy code was introduced in commit 33b235a6e6ebe (v6.6-rc1) ### 7. DEPENDENCY CHECK - The fix is self-contained - Depends only on commit 33b235a6e6ebe being present (which introduced the bug) - Affects: v6.6 and all later versions - Should apply cleanly - only 2 minor unrelated commits to tree_connect.c since the buggy commit ### Summary | Criterion | Assessment | |-----------|------------| | Fixes real bug | ✅ UAF in network-facing code | | Security impact | ✅ High - potential remote exploitation | | Small and contained | ✅ ~30 lines, 3 files, single subsystem | | No new features | ✅ Pure bug fix | | User-reported | ✅ Two Reported-by tags | | Clean backport | ✅ Self-contained fix | This commit fixes a use-after-free vulnerability in ksmbd, the in-kernel SMB server. The bug exists in the reference counting mechanism for tree connections and can be triggered under concurrent access - a realistic scenario for network file servers. UAF bugs in network-facing kernel code are serious security issues. The fix is small, uses a well- established kernel pattern (kref-style refcounting), and is self- contained. It should be backported to all stable kernels containing commit 33b235a6e6ebe (v6.6+). **YES** fs/smb/server/mgmt/tree_connect.c | 18 ++++-------------- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/smb2pdu.c | 3 --- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index ecfc575086712..d3483d9c757c7 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -78,7 +78,6 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) tree_conn->t_state = TREE_NEW; status.tree_conn = tree_conn; atomic_set(&tree_conn->refcount, 1); - init_waitqueue_head(&tree_conn->refcount_q); ret = xa_err(xa_store(&sess->tree_conns, tree_conn->id, tree_conn, KSMBD_DEFAULT_GFP)); @@ -100,14 +99,8 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon) { - /* - * Checking waitqueue to releasing tree connect on - * tree disconnect. waitqueue_active is safe because it - * uses atomic operation for condition. - */ - if (!atomic_dec_return(&tcon->refcount) && - waitqueue_active(&tcon->refcount_q)) - wake_up(&tcon->refcount_q); + if (atomic_dec_and_test(&tcon->refcount)) + kfree(tcon); } int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, @@ -119,14 +112,11 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, xa_erase(&sess->tree_conns, tree_conn->id); write_unlock(&sess->tree_conns_lock); - if (!atomic_dec_and_test(&tree_conn->refcount)) - wait_event(tree_conn->refcount_q, - atomic_read(&tree_conn->refcount) == 0); - ret = ksmbd_ipc_tree_disconnect_request(sess->id, tree_conn->id); ksmbd_release_tree_conn_id(sess, tree_conn->id); ksmbd_share_config_put(tree_conn->share_conf); - kfree(tree_conn); + if (atomic_dec_and_test(&tree_conn->refcount)) + kfree(tree_conn); return ret; } diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index a42cdd0510411..f0023d86716f2 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -33,7 +33,6 @@ struct ksmbd_tree_connect { int maximal_access; bool posix_extensions; atomic_t refcount; - wait_queue_head_t refcount_q; unsigned int t_state; }; diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 447e76da44409..aae42d2abf7bc 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2200,7 +2200,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - WARN_ON_ONCE(atomic_dec_and_test(&tcon->refcount)); tcon->t_state = TREE_DISCONNECTED; write_unlock(&sess->tree_conns_lock); @@ -2210,8 +2209,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - work->tcon = NULL; - rsp->StructureSize = cpu_to_le16(4); err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_tree_disconnect_rsp)); -- 2.51.0

3 hours, 20 minutes

1
44
0 0

[PATCH 6.17 000/146] 6.17.11-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.11 release. There are 146 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.11-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.11-rc1 Siddharth Vadapalli <s-vadapalli(a)ti.com> spi: cadence-quadspi: Fix cqspi_probe() error handling for runtime pm Punit Agrawal <punit.agrawal(a)oss.qualcomm.com> Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" Jimmy Hu <hhhuuu(a)google.com> usb: gadget: udc: fix use-after-free in usb_gadget_state_work Kuen-Han Tsai <khtsai(a)google.com> usb: udc: Add trace event for usb_gadget_set_state Youngjun Park <youngjun.park(a)lge.com> mm: swap: remove duplicate nr_swap_pages decrement in get_swap_page_of_type() ziming zhang <ezrakiez(a)gmail.com> libceph: replace BUG_ON with bounds check for map->max_osd ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Free previously initialized ports on init failures Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Don't free uninitialized ksz_irq Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: ptp: Fix checks on irq_find_mapping() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: common: Fix checks on irq_find_mapping() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase EDID read retries Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Don't change brightness for disabled connectors Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Michael Chen <michael.chen(a)amd.com> drm/amd/amdgpu: reserve vm invalidation engine for uni_mes Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: attach tlb fence to the PTs update Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/guc: Fix stack_depot usage Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/psr: Reject async flips when selective fetch is enabled Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix stale flag preventig URBs after link state error is cleared Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Sort out the Intel device IDs Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Nova Lake -S Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Fix 8250_rsa symbol loop Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Paolo Abeni <pabeni(a)redhat.com> mptcp: clear scheduled subflows on retransmit Jisheng Zhang <jszhang(a)kernel.org> mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level Deepanshu Kartikey <kartikey406(a)gmail.com> mm/memfd: fix information leak in hugetlb folios Wei Yang <richard.weiyang(a)gmail.com> mm/huge_memory: fix NULL pointer deference when splitting folio Gustavo A. R. Silva <gustavoars(a)kernel.org> iommufd/driver: Fix counter initialization for counted_by annotation Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Jens Axboe <axboe(a)kernel.dk> io_uring/net: ensure vectored buffer node import is tied to notification ChiYuan Huang <cy_huang(a)richtek.com> regulator: rtq2208: Correct LDO2 logic judgment bits ChiYuan Huang <cy_huang(a)richtek.com> regulator: rtq2208: Correct buck group2 phase mapping logic Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix RTL8127 hang on suspend/shutdown Jon Hunter <jonathanh(a)nvidia.com> pmdomain: tegra: Add GENPD_FLAG_NO_STAY_ON flag Wentao Guan <guanwentao(a)uniontech.com> nvmem: layouts: fix nvmem_layout_bus_uevent Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Thomas Zimmermann <tzimmermann(a)suse.de> drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Dharma Balasubiramani <dharma.b(a)microchip.com> counter: microchip-tcb-capture: Allow shared IRQ for multi-channel TCBs Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: fix crash in process_v2_sparse_read() for encrypted directories Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Biju Das <biju.das.jz(a)bp.renesas.com> can: rcar_canfd: Fix CAN-FD mode as default Douglas Anderson <dianders(a)chromium.org> Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Maarten Zanders <maarten(a)zanders.be> ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Xu Yang <xu.yang_2(a)nxp.com> arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8dxl: Correct pcie-ep interrupt number Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos Ivan Zhaldak <i.v.zhaldak(a)gmail.com> ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 René Rebe <rene(a)exactco.de> ALSA: hda/cirrus fix cs420x MacPro 6,1 inverted jack detection Deepanshu Kartikey <kartikey406(a)gmail.com> tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs Jason Wang <jasowang(a)redhat.com> vhost: rewind next_avail_head while discarding descriptors Jon Kohler <jon(a)nutanix.com> virtio-net: avoid unnecessary checksum calculation on guest RX Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification ChiYuan Huang <cy_huang(a)richtek.com> iio: adc: rtq6056: Correct the sign bit index David Lechner <dlechner(a)baylibre.com> iio: adc: ad7380: fix SPI offload trigger rate David Lechner <dlechner(a)baylibre.com> iio: adc: ad7280a: fix ad7280_store_balance_timer() David Lechner <dlechner(a)baylibre.com> iio: adc: ad7124: fix temperature channel Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad4030: Fix _scale value for common-mode channels Valek Andrej <andrej.v(a)skyrain.eu> iio: accel: fix ADXL355 startup race condition Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Olivier Moysan <olivier.moysan(a)foss.st.com> iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Achim Gratz <Achim.Gratz(a)Stromeko.DE> iio: pressure: bmp280: correct meas_time_us calculation Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> iio: humditiy: hdc3020: fix units for thresholds and hysteresis Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> iio: humditiy: hdc3020: fix units for temperature and humidity measurement Nuno Sá <nuno.sa(a)analog.com> iio: buffer: support getting dma channel from the buffer Nuno Sá <nuno.sa(a)analog.com> iio: buffer-dmaengine: enable .get_dma_dev() Nuno Sá <nuno.sa(a)analog.com> iio: buffer-dma: support getting the DMA channel Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/display: Move setup_stream_attribute" Dan Carpenter <dan.carpenter(a)linaro.org> timekeeping: Fix error code in tk_aux_sysfs_init() David Howells <dhowells(a)redhat.com> afs: Fix uninit var in afs_alloc_anon_key() Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: nxp-fspi: Propagate fwnode in ACPI case as well Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: Add OCT-DTR mode support Haotian Zhang <vulab(a)iscas.ac.cn> spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Francesco Lavra <flavra(a)baylibre.com> spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA Sergey Matyukevich <geomatsi(a)gmail.com> riscv: dts: allwinner: d1: fix vlenb property NeilBrown <neil(a)brown.name> ovl: fail ovl_lock_rename_workdir() if either target is unhashed David Howells <dhowells(a)redhat.com> afs: Fix delayed allocation of a cell's anonymous key Andrei Vagin <avagin(a)google.com> fs/namespace: fix reference leak in grab_requested_mnt_ns Anurag Dutta <a-dutta(a)ti.com> spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance Anurag Dutta <a-dutta(a)ti.com> spi: spi-cadence-quadspi: Remove duplicate pm_runtime_put_autosuspend() call Jamie Iles <jamie.iles(a)oss.qualcomm.com> mailbox: pcc: don't zero error register Jason-JH Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Refine DMA address handling for the command buffer Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Haotian Zhang <vulab(a)iscas.ac.cn> usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors Mario Tesi <martepisa(a)gmail.com> iio: st_lsm6dsx: Fixed calibrated timestamp calculation Wei Fang <wei.fang(a)nxp.com> net: fec: do not register PPS event for PEROUT Wei Fang <wei.fang(a)nxp.com> net: fec: do not allow enabling PPS and PEROUT simultaneously Wei Fang <wei.fang(a)nxp.com> net: fec: do not update PEROUT if it is enabled Wei Fang <wei.fang(a)nxp.com> net: fec: cancel perout_timer when PEROUT is disabled Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: unconditionally set skb->dev on dst output Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Mohsin Bashir <mohsin.bashr(a)gmail.com> eth: fbnic: Fix counter roll-over issue Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Slark Xiao <slark_xiao(a)163.com> net: wwan: mhi: Keep modem name match with Foxconn T99W640 Pranjal Shrivastava <praan(a)google.com> dma-direct: Fix missing sg_dma_len assignment in P2PDMA bus mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Fernando Fernandez Mancera <fmancera(a)suse.de> xsk: avoid data corruption on cq descriptor number Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: avoid overwriting skb fields for multi-buffer traffic Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Nikola Z. Ivanov <zlatistiv(a)gmail.com> team: Move team device type change at the end of team_port_add Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Harish Chegondi <harish.chegondi(a)intel.com> drm/xe: Fix conversion from clock ticks to milliseconds Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix the initialization of taprio Daniel Golle <daniel(a)makrotopia.org> net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle <daniel(a)makrotopia.org> net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Devarsh Thakkar <devarsht(a)ti.com> drm/bridge: sii902x: Fix HDMI detection with DRM_BRIDGE_ATTACH_NO_CONNECTOR Jesper Dangaard Brouer <hawk(a)kernel.org> veth: reduce XDP no_direct return section to fix race Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Edward Adam Davis <eadavis(a)qq.com> Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8dxl-ss-conn.dtsi | 4 +- arch/arm64/boot/dts/freescale/imx8dxl-ss-hsio.dtsi | 5 + arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 4 +- arch/arm64/kernel/acpi.c | 10 +- arch/mips/mm/tlb-r4k.c | 118 ++++++++++----- arch/riscv/boot/dts/allwinner/sun20i-d1s.dtsi | 2 +- arch/x86/events/core.c | 10 +- drivers/atm/fore200e.c | 2 + drivers/bluetooth/btusb.c | 39 ++++- drivers/counter/microchip-tcb-capture.c | 2 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 ++ .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 1 - .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 - .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 2 - drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 + .../display/dc/virtual/virtual_stream_encoder.c | 7 - drivers/gpu/drm/bridge/sii902x.c | 20 ++- drivers/gpu/drm/drm_fb_helper.c | 14 -- drivers/gpu/drm/i915/display/intel_display.c | 8 ++ drivers/gpu/drm/i915/display/intel_psr.c | 6 - drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/xe/xe_gt_clock.c | 7 +- drivers/gpu/drm/xe/xe_guc_ct.c | 3 + drivers/iio/accel/adxl355_core.c | 44 +++++- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/ad4030.c | 2 +- drivers/iio/adc/ad7124.c | 12 +- drivers/iio/adc/ad7280a.c | 2 +- drivers/iio/adc/ad7380.c | 8 ++ drivers/iio/adc/rtq6056.c | 2 +- drivers/iio/adc/stm32-dfsdm-adc.c | 5 +- drivers/iio/buffer/industrialio-buffer-dma.c | 6 + drivers/iio/buffer/industrialio-buffer-dmaengine.c | 2 + drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/humidity/hdc3020.c | 73 ++++++---- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 ++++-- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 ++- drivers/iio/industrialio-buffer.c | 21 ++- drivers/iio/pressure/bmp280-core.c | 15 +- drivers/iommu/iommufd/driver.c | 2 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/mailbox/mtk-cmdq-mailbox.c | 45 ++++-- drivers/mailbox/pcc.c | 8 +- drivers/md/dm-verity-fec.c | 6 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 29 ++-- drivers/most/most_usb.c | 14 +- drivers/net/can/rcar/rcar_canfd.c | 53 ++++--- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 102 +++++++++++-- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/microchip/ksz_common.c | 31 ++-- drivers/net/dsa/microchip/ksz_ptp.c | 22 ++- drivers/net/dsa/sja1105/sja1105_main.c | 7 - .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 +++ .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +-- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/freescale/fec.h | 1 + drivers/net/ethernet/freescale/fec_ptp.c | 64 +++++++-- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 +- drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 2 +- .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 19 ++- drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/phy/mxl-gpy.c | 20 +-- drivers/net/team/team_core.c | 23 +-- drivers/net/tun_vnet.h | 2 +- drivers/net/veth.c | 7 +- drivers/net/virtio_net.c | 3 +- drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/nvmem/layouts.c | 2 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- drivers/pmdomain/tegra/powergate-bpmp.c | 1 + drivers/regulator/rtq2208-regulator.c | 6 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/spi/Kconfig | 4 +- drivers/spi/spi-amlogic-spifc-a1.c | 4 +- drivers/spi/spi-bcm63xx.c | 14 ++ drivers/spi/spi-cadence-quadspi.c | 18 ++- drivers/spi/spi-nxp-fspi.c | 28 +++- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/tty/serial/8250/8250.h | 4 +- drivers/tty/serial/8250/8250_platform.c | 2 +- drivers/tty/serial/8250/8250_rsa.c | 26 ++-- drivers/tty/serial/8250/Makefile | 2 +- drivers/tty/serial/amba-pl011.c | 2 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 82 +++++------ drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/udc/core.c | 18 ++- drivers/usb/gadget/udc/renesas_usbf.c | 4 +- drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/host/xhci-dbgcap.h | 1 + drivers/usb/host/xhci-dbgtty.c | 23 ++- drivers/usb/host/xhci-ring.c | 15 +- drivers/usb/host/xhci.c | 1 + drivers/usb/renesas_usbhs/common.c | 14 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 +++ drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/vhost/net.c | 53 ++++--- drivers/vhost/vhost.c | 76 ++++++++-- drivers/vhost/vhost.h | 10 +- drivers/video/fbdev/core/fbcon.c | 9 ++ fs/afs/cell.c | 43 ++---- fs/afs/internal.h | 1 + fs/afs/security.c | 49 +++++-- fs/namespace.c | 7 +- fs/overlayfs/util.c | 4 +- fs/smb/client/connect.c | 1 + include/linux/iio/buffer-dma.h | 1 + include/linux/iio/buffer_impl.h | 2 + include/linux/mailbox/mtk-cmdq-mailbox.h | 10 ++ include/linux/usb/gadget.h | 5 + include/linux/virtio_net.h | 7 +- include/net/bluetooth/hci_core.h | 21 ++- io_uring/net.c | 6 +- kernel/dma/direct.c | 1 + kernel/time/timekeeping.c | 4 +- kernel/trace/trace.c | 10 ++ mm/huge_memory.c | 22 ++- mm/memfd.c | 27 ++++ mm/swapfile.c | 4 +- net/bluetooth/hci_core.c | 89 +++++------- net/bluetooth/hci_sock.c | 2 + net/bluetooth/iso.c | 30 +++- net/bluetooth/l2cap_core.c | 23 ++- net/bluetooth/sco.c | 35 +++-- net/bluetooth/smp.c | 31 +--- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 ++++--- net/ceph/debugfs.c | 16 ++- net/ceph/messenger_v2.c | 11 +- net/ceph/osdmap.c | 18 ++- net/mctp/route.c | 1 + net/mptcp/protocol.c | 19 ++- net/xdp/xsk.c | 160 +++++++++++++-------- sound/hda/codecs/cirrus/cs420x.c | 1 + sound/usb/quirks.c | 3 + 159 files changed, 1538 insertions(+), 807 deletions(-)

4 hours, 22 minutes

18
172
0 0

[PATCH 6.18.y] Documentation/rtla: rename common_xxx.rst files to common_xxx.txt

by Bagas Sanjaya

From: Gopi Krishna Menon <krishnagopi487(a)gmail.com> commit 96b546c241b11a97ba1247580208c554458e7866 upstream. Sphinx reports htmldocs errors: Documentation/tools/rtla/common_options.rst:58: ERROR: Undefined substitution referenced: "threshold". Documentation/tools/rtla/common_options.rst:88: ERROR: Undefined substitution referenced: "tool". Documentation/tools/rtla/common_options.rst:88: ERROR: Undefined substitution referenced: "thresharg". Documentation/tools/rtla/common_options.rst:88: ERROR: Undefined substitution referenced: "tracer". Documentation/tools/rtla/common_options.rst:92: ERROR: Undefined substitution referenced: "tracer". Documentation/tools/rtla/common_options.rst:98: ERROR: Undefined substitution referenced: "actionsperf". Documentation/tools/rtla/common_options.rst:113: ERROR: Undefined substitution referenced: "tool". common_*.rst files are snippets that are intended to be included by rtla docs (rtla*.rst). common_options.rst in particular contains substitutions which depend on other common_* includes, so building it independently as reST source results in above errors. Rename all common_*.rst files to common_*.txt to prevent Sphinx from building these snippets as standalone reST source and update all include references accordingly. Cc: stable(a)vger.kernel.org Link: https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html#sub… Suggested-by: Tomas Glozar <tglozar(a)redhat.com> Suggested-by: Bagas Sanjaya <bagasdotme(a)gmail.com> Signed-off-by: Gopi Krishna Menon <krishnagopi487(a)gmail.com> Reviewed-by: Tomas Glozar <tglozar(a)redhat.com> Fixes: 05b7e10687c6 ("tools/rtla: Add remaining support for osnoise actions") Reviewed-by: Bagas Sanjaya <bagasdotme(a)gmail.com> Link: https://lore.kernel.org/r/20251008184522.13201-1-krishnagopi487@gmail.com [Bagas: massage commit message and apply trailers] Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com> Reviewed-by: Randy Dunlap <rdunlap(a)infradead.org> Tested-by: Randy Dunlap <rdunlap(a)infradead.org> Signed-off-by: Jonathan Corbet <corbet(a)lwn.net> Message-ID: <20251013092719.30780-2-bagasdotme(a)gmail.com> Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com> --- Note: The warnings were present in 6.18 cycle but unfortunately the original 96b546c241b11a97ba1247580208c554458e7866 got instead queued up for 6.19 merge window. .../{common_appendix.rst => common_appendix.txt} | 0 ...mmon_hist_options.rst => common_hist_options.txt} | 0 .../rtla/{common_options.rst => common_options.txt} | 0 ...escription.rst => common_osnoise_description.txt} | 0 ...snoise_options.rst => common_osnoise_options.txt} | 0 ...common_timerlat_aa.rst => common_timerlat_aa.txt} | 0 ...scription.rst => common_timerlat_description.txt} | 0 ...erlat_options.rst => common_timerlat_options.txt} | 0 ...common_top_options.rst => common_top_options.txt} | 0 Documentation/tools/rtla/rtla-hwnoise.rst | 8 ++++---- Documentation/tools/rtla/rtla-osnoise-hist.rst | 10 +++++----- Documentation/tools/rtla/rtla-osnoise-top.rst | 10 +++++----- Documentation/tools/rtla/rtla-osnoise.rst | 4 ++-- Documentation/tools/rtla/rtla-timerlat-hist.rst | 12 ++++++------ Documentation/tools/rtla/rtla-timerlat-top.rst | 12 ++++++------ Documentation/tools/rtla/rtla-timerlat.rst | 4 ++-- Documentation/tools/rtla/rtla.rst | 2 +- 17 files changed, 31 insertions(+), 31 deletions(-) rename Documentation/tools/rtla/{common_appendix.rst => common_appendix.txt} (100%) rename Documentation/tools/rtla/{common_hist_options.rst => common_hist_options.txt} (100%) rename Documentation/tools/rtla/{common_options.rst => common_options.txt} (100%) rename Documentation/tools/rtla/{common_osnoise_description.rst => common_osnoise_description.txt} (100%) rename Documentation/tools/rtla/{common_osnoise_options.rst => common_osnoise_options.txt} (100%) rename Documentation/tools/rtla/{common_timerlat_aa.rst => common_timerlat_aa.txt} (100%) rename Documentation/tools/rtla/{common_timerlat_description.rst => common_timerlat_description.txt} (100%) rename Documentation/tools/rtla/{common_timerlat_options.rst => common_timerlat_options.txt} (100%) rename Documentation/tools/rtla/{common_top_options.rst => common_top_options.txt} (100%) diff --git a/Documentation/tools/rtla/common_appendix.rst b/Documentation/tools/rtla/common_appendix.txt similarity index 100% rename from Documentation/tools/rtla/common_appendix.rst rename to Documentation/tools/rtla/common_appendix.txt diff --git a/Documentation/tools/rtla/common_hist_options.rst b/Documentation/tools/rtla/common_hist_options.txt similarity index 100% rename from Documentation/tools/rtla/common_hist_options.rst rename to Documentation/tools/rtla/common_hist_options.txt diff --git a/Documentation/tools/rtla/common_options.rst b/Documentation/tools/rtla/common_options.txt similarity index 100% rename from Documentation/tools/rtla/common_options.rst rename to Documentation/tools/rtla/common_options.txt diff --git a/Documentation/tools/rtla/common_osnoise_description.rst b/Documentation/tools/rtla/common_osnoise_description.txt similarity index 100% rename from Documentation/tools/rtla/common_osnoise_description.rst rename to Documentation/tools/rtla/common_osnoise_description.txt diff --git a/Documentation/tools/rtla/common_osnoise_options.rst b/Documentation/tools/rtla/common_osnoise_options.txt similarity index 100% rename from Documentation/tools/rtla/common_osnoise_options.rst rename to Documentation/tools/rtla/common_osnoise_options.txt diff --git a/Documentation/tools/rtla/common_timerlat_aa.rst b/Documentation/tools/rtla/common_timerlat_aa.txt similarity index 100% rename from Documentation/tools/rtla/common_timerlat_aa.rst rename to Documentation/tools/rtla/common_timerlat_aa.txt diff --git a/Documentation/tools/rtla/common_timerlat_description.rst b/Documentation/tools/rtla/common_timerlat_description.txt similarity index 100% rename from Documentation/tools/rtla/common_timerlat_description.rst rename to Documentation/tools/rtla/common_timerlat_description.txt diff --git a/Documentation/tools/rtla/common_timerlat_options.rst b/Documentation/tools/rtla/common_timerlat_options.txt similarity index 100% rename from Documentation/tools/rtla/common_timerlat_options.rst rename to Documentation/tools/rtla/common_timerlat_options.txt diff --git a/Documentation/tools/rtla/common_top_options.rst b/Documentation/tools/rtla/common_top_options.txt similarity index 100% rename from Documentation/tools/rtla/common_top_options.rst rename to Documentation/tools/rtla/common_top_options.txt diff --git a/Documentation/tools/rtla/rtla-hwnoise.rst b/Documentation/tools/rtla/rtla-hwnoise.rst index 3a7163c02ac8e8..26512b15fe7ba5 100644 --- a/Documentation/tools/rtla/rtla-hwnoise.rst +++ b/Documentation/tools/rtla/rtla-hwnoise.rst @@ -29,11 +29,11 @@ collection of the tracer output. OPTIONS ======= -.. include:: common_osnoise_options.rst +.. include:: common_osnoise_options.txt -.. include:: common_top_options.rst +.. include:: common_top_options.txt -.. include:: common_options.rst +.. include:: common_options.txt EXAMPLE ======= @@ -106,4 +106,4 @@ AUTHOR ====== Written by Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt diff --git a/Documentation/tools/rtla/rtla-osnoise-hist.rst b/Documentation/tools/rtla/rtla-osnoise-hist.rst index 1fc60ef2610677..007521c865d97e 100644 --- a/Documentation/tools/rtla/rtla-osnoise-hist.rst +++ b/Documentation/tools/rtla/rtla-osnoise-hist.rst @@ -15,7 +15,7 @@ SYNOPSIS DESCRIPTION =========== -.. include:: common_osnoise_description.rst +.. include:: common_osnoise_description.txt The **rtla osnoise hist** tool collects all **osnoise:sample_threshold** occurrence in a histogram, displaying the results in a user-friendly way. @@ -24,11 +24,11 @@ collection of the tracer output. OPTIONS ======= -.. include:: common_osnoise_options.rst +.. include:: common_osnoise_options.txt -.. include:: common_hist_options.rst +.. include:: common_hist_options.txt -.. include:: common_options.rst +.. include:: common_options.txt EXAMPLE ======= @@ -65,4 +65,4 @@ AUTHOR ====== Written by Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt diff --git a/Documentation/tools/rtla/rtla-osnoise-top.rst b/Documentation/tools/rtla/rtla-osnoise-top.rst index b1cbd7bcd4aed2..6ccadae3894570 100644 --- a/Documentation/tools/rtla/rtla-osnoise-top.rst +++ b/Documentation/tools/rtla/rtla-osnoise-top.rst @@ -15,7 +15,7 @@ SYNOPSIS DESCRIPTION =========== -.. include:: common_osnoise_description.rst +.. include:: common_osnoise_description.txt **rtla osnoise top** collects the periodic summary from the *osnoise* tracer, including the counters of the occurrence of the interference source, @@ -26,11 +26,11 @@ collection of the tracer output. OPTIONS ======= -.. include:: common_osnoise_options.rst +.. include:: common_osnoise_options.txt -.. include:: common_top_options.rst +.. include:: common_top_options.txt -.. include:: common_options.rst +.. include:: common_options.txt EXAMPLE ======= @@ -60,4 +60,4 @@ AUTHOR ====== Written by Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt diff --git a/Documentation/tools/rtla/rtla-osnoise.rst b/Documentation/tools/rtla/rtla-osnoise.rst index c129b206ce3484..540d2bf6c15247 100644 --- a/Documentation/tools/rtla/rtla-osnoise.rst +++ b/Documentation/tools/rtla/rtla-osnoise.rst @@ -14,7 +14,7 @@ SYNOPSIS DESCRIPTION =========== -.. include:: common_osnoise_description.rst +.. include:: common_osnoise_description.txt The *osnoise* tracer outputs information in two ways. It periodically prints a summary of the noise of the operating system, including the counters of @@ -56,4 +56,4 @@ AUTHOR ====== Written by Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt diff --git a/Documentation/tools/rtla/rtla-timerlat-hist.rst b/Documentation/tools/rtla/rtla-timerlat-hist.rst index 4923a362129bbd..f56fe546411bd4 100644 --- a/Documentation/tools/rtla/rtla-timerlat-hist.rst +++ b/Documentation/tools/rtla/rtla-timerlat-hist.rst @@ -16,7 +16,7 @@ SYNOPSIS DESCRIPTION =========== -.. include:: common_timerlat_description.rst +.. include:: common_timerlat_description.txt The **rtla timerlat hist** displays a histogram of each tracer event occurrence. This tool uses the periodic information, and the @@ -25,13 +25,13 @@ occurrence. This tool uses the periodic information, and the OPTIONS ======= -.. include:: common_timerlat_options.rst +.. include:: common_timerlat_options.txt -.. include:: common_hist_options.rst +.. include:: common_hist_options.txt -.. include:: common_options.rst +.. include:: common_options.txt -.. include:: common_timerlat_aa.rst +.. include:: common_timerlat_aa.txt EXAMPLE ======= @@ -110,4 +110,4 @@ AUTHOR ====== Written by Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt diff --git a/Documentation/tools/rtla/rtla-timerlat-top.rst b/Documentation/tools/rtla/rtla-timerlat-top.rst index 50968cdd2095a1..7dbe625d0c4243 100644 --- a/Documentation/tools/rtla/rtla-timerlat-top.rst +++ b/Documentation/tools/rtla/rtla-timerlat-top.rst @@ -16,7 +16,7 @@ SYNOPSIS DESCRIPTION =========== -.. include:: common_timerlat_description.rst +.. include:: common_timerlat_description.txt The **rtla timerlat top** displays a summary of the periodic output from the *timerlat* tracer. It also provides information for each @@ -26,13 +26,13 @@ seem with the option **-T**. OPTIONS ======= -.. include:: common_timerlat_options.rst +.. include:: common_timerlat_options.txt -.. include:: common_top_options.rst +.. include:: common_top_options.txt -.. include:: common_options.rst +.. include:: common_options.txt -.. include:: common_timerlat_aa.rst +.. include:: common_timerlat_aa.txt **--aa-only** *us* @@ -133,4 +133,4 @@ AUTHOR ------ Written by Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt diff --git a/Documentation/tools/rtla/rtla-timerlat.rst b/Documentation/tools/rtla/rtla-timerlat.rst index 20e2d259467fd0..ce9f57e038c37f 100644 --- a/Documentation/tools/rtla/rtla-timerlat.rst +++ b/Documentation/tools/rtla/rtla-timerlat.rst @@ -14,7 +14,7 @@ SYNOPSIS DESCRIPTION =========== -.. include:: common_timerlat_description.rst +.. include:: common_timerlat_description.txt The **rtla timerlat top** mode displays a summary of the periodic output from the *timerlat* tracer. The **rtla timerlat hist** mode displays @@ -51,4 +51,4 @@ AUTHOR ====== Written by Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt diff --git a/Documentation/tools/rtla/rtla.rst b/Documentation/tools/rtla/rtla.rst index fc0d233efcd5df..2a5fb7004ad448 100644 --- a/Documentation/tools/rtla/rtla.rst +++ b/Documentation/tools/rtla/rtla.rst @@ -45,4 +45,4 @@ AUTHOR ====== Daniel Bristot de Oliveira <bristot(a)kernel.org> -.. include:: common_appendix.rst +.. include:: common_appendix.txt base-commit: a66aab4b0ed2ca786d5512e843f32d96942ff311 -- An old man doll... just what I always wanted! - Clara

4 hours, 23 minutes

1
0
0 0

[PATCH] Revert "clk: qcom: cpu-8996: simplify the cpu_clk_notifier_cb"

by Christopher Obbard

This reverts commit b3b274bc9d3d7307308aeaf75f70731765ac999a. On the DragonBoard 820c (which uses APQ8096/MSM8996) this change causes the CPUs to downclock to roughly half speed under sustained load. The regression is visible both during boot and when running CPU stress workloads such as stress-ng: the CPUs initially ramp up to the expected frequency, then drop to a lower OPP even though the system is clearly CPU-bound. Bisecting points to this commit and reverting it restores the expected behaviour on the DragonBoard 820c - the CPUs track the cpufreq policy and run at full performance under load. The exact interaction with the ACD is not yet fully understood and we would like to keep ACD in use to avoid possible SoC reliability issues. Until we have a better fix that preserves ACD while avoiding this performance regression, revert the bisected patch to restore the previous behaviour. Fixes: b3b274bc9d3d ("clk: qcom: cpu-8996: simplify the cpu_clk_notifier_cb") Cc: stable(a)vger.kernel.org # v6.3+ Link: https://lore.kernel.org/linux-arm-msm/20230113120544.59320-8-dmitry.baryshk… Cc: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Signed-off-by: Christopher Obbard <christopher.obbard(a)linaro.org> --- Hi all, This series contains a single revert for a regression affecting the APQ8096/MSM8996 (DragonBoard 820c). The commit being reverted, b3b274bc9d3d ("clk: qcom: cpu-8996: simplify the cpu_clk_notifier_cb"), introduces a significant performance issue where the CPUs downclock to ~50% of their expected frequency under sustained load. The problem is reproducible both at boot and when running CPU-bound workloads such as stress-ng. Bisecting the issue pointed directly to this commit and reverting it restores correct cpufreq behaviour. The root cause appears to be related to the interaction between the simplified notifier callback and ACD (Adaptive Clock Distribution). Since we would prefer to keep ACD enabled for SoC reliability reasons, a revert is the safest option until a proper fix is identified. Full details are included in the commit message. Feedback & suggestions welcome. Cheers! Christopher Obbard --- drivers/clk/qcom/clk-cpu-8996.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/drivers/clk/qcom/clk-cpu-8996.c b/drivers/clk/qcom/clk-cpu-8996.c index 21d13c0841ed..028476931747 100644 --- a/drivers/clk/qcom/clk-cpu-8996.c +++ b/drivers/clk/qcom/clk-cpu-8996.c @@ -547,35 +547,27 @@ static int cpu_clk_notifier_cb(struct notifier_block *nb, unsigned long event, { struct clk_cpu_8996_pmux *cpuclk = to_clk_cpu_8996_pmux_nb(nb); struct clk_notifier_data *cnd = data; + int ret; switch (event) { case PRE_RATE_CHANGE: + ret = clk_cpu_8996_pmux_set_parent(&cpuclk->clkr.hw, ALT_INDEX); qcom_cpu_clk_msm8996_acd_init(cpuclk->clkr.regmap); - - /* - * Avoid overvolting. clk_core_set_rate_nolock() walks from top - * to bottom, so it will change the rate of the PLL before - * chaging the parent of PMUX. This can result in pmux getting - * clocked twice the expected rate. - * - * Manually switch to PLL/2 here. - */ - if (cnd->new_rate < DIV_2_THRESHOLD && - cnd->old_rate > DIV_2_THRESHOLD) - clk_cpu_8996_pmux_set_parent(&cpuclk->clkr.hw, SMUX_INDEX); - break; - case ABORT_RATE_CHANGE: - /* Revert manual change */ - if (cnd->new_rate < DIV_2_THRESHOLD && - cnd->old_rate > DIV_2_THRESHOLD) - clk_cpu_8996_pmux_set_parent(&cpuclk->clkr.hw, ACD_INDEX); + case POST_RATE_CHANGE: + if (cnd->new_rate < DIV_2_THRESHOLD) + ret = clk_cpu_8996_pmux_set_parent(&cpuclk->clkr.hw, + SMUX_INDEX); + else + ret = clk_cpu_8996_pmux_set_parent(&cpuclk->clkr.hw, + ACD_INDEX); break; default: + ret = 0; break; } - return NOTIFY_OK; + return notifier_from_errno(ret); }; static int qcom_cpu_clk_msm8996_driver_probe(struct platform_device *pdev) --- base-commit: c17e270dfb342a782d69c4a7c4c32980455afd9c change-id: 20251202-wip-obbardc-qcom-msm8096-clk-cpu-fix-downclock-b7561da4cb95 Best regards, -- Christopher Obbard <christopher.obbard(a)linaro.org>

4 hours, 59 minutes

2
2
0 0

[PATCH v4] drm/tilcdc: Fix removal actions in case of failed probe

by Kory Maincent

From: "Kory Maincent (TI.com)" <kory.maincent(a)bootlin.com> The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently, these functions are called unconditionally in tilcdc_fini(), which causes warnings during probe deferral scenarios. [ 7.972317] WARNING: CPU: 0 PID: 23 at drivers/gpu/drm/drm_atomic_state_helper.c:175 drm_atomic_helper_crtc_duplicate_state+0x60/0x68 ... [ 8.005820] drm_atomic_helper_crtc_duplicate_state from drm_atomic_get_crtc_state+0x68/0x108 [ 8.005858] drm_atomic_get_crtc_state from drm_atomic_helper_disable_all+0x90/0x1c8 [ 8.005885] drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x90/0x144 [ 8.005911] drm_atomic_helper_shutdown from tilcdc_fini+0x68/0xf8 [tilcdc] [ 8.005957] tilcdc_fini [tilcdc] from tilcdc_pdev_probe+0xb0/0x6d4 [tilcdc] Fix this by rewriting the failed probe cleanup path using the standard goto error handling pattern, which ensures that cleanup functions are only called on successfully initialized resources. Additionally, remove the now-unnecessary is_registered flag. Cc: stable(a)vger.kernel.org Fixes: 3c4babae3c4a ("drm: Call drm_atomic_helper_shutdown() at shutdown/remove time for misc drivers") Signed-off-by: Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> --- I'm working on removing the usage of deprecated functions as well as general improvements to this driver, but it will take some time so for now this is a simple fix to a functional bug. Change in v4: - Fix an unused label warning reported by the kernel test robot. Change in v3: - Rewrite the failed probe clean up path using goto - Remove the is_registered flag Change in v2: - Add missing cc: stable tag - Add Swamil reviewed-by --- drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 +- drivers/gpu/drm/tilcdc/tilcdc_drv.c | 53 ++++++++++++++++++---------- drivers/gpu/drm/tilcdc/tilcdc_drv.h | 2 +- 3 files changed, 37 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/tilcdc/tilcdc_crtc.c b/drivers/gpu/drm/tilcdc/tilcdc_crtc.c index 5718d9d83a49f..52c95131af5af 100644 --- a/drivers/gpu/drm/tilcdc/tilcdc_crtc.c +++ b/drivers/gpu/drm/tilcdc/tilcdc_crtc.c @@ -586,7 +586,7 @@ static void tilcdc_crtc_recover_work(struct work_struct *work) drm_modeset_unlock(&crtc->mutex); } -static void tilcdc_crtc_destroy(struct drm_crtc *crtc) +void tilcdc_crtc_destroy(struct drm_crtc *crtc) { struct tilcdc_drm_private *priv = crtc->dev->dev_private; diff --git a/drivers/gpu/drm/tilcdc/tilcdc_drv.c b/drivers/gpu/drm/tilcdc/tilcdc_drv.c index 7caec4d38ddf0..3dcbec312bacb 100644 --- a/drivers/gpu/drm/tilcdc/tilcdc_drv.c +++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.c @@ -172,8 +172,7 @@ static void tilcdc_fini(struct drm_device *dev) if (priv->crtc) tilcdc_crtc_shutdown(priv->crtc); - if (priv->is_registered) - drm_dev_unregister(dev); + drm_dev_unregister(dev); drm_kms_helper_poll_fini(dev); drm_atomic_helper_shutdown(dev); @@ -220,21 +219,21 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) priv->wq = alloc_ordered_workqueue("tilcdc", 0); if (!priv->wq) { ret = -ENOMEM; - goto init_failed; + goto put_drm; } priv->mmio = devm_platform_ioremap_resource(pdev, 0); if (IS_ERR(priv->mmio)) { dev_err(dev, "failed to request / ioremap\n"); ret = PTR_ERR(priv->mmio); - goto init_failed; + goto free_wq; } priv->clk = clk_get(dev, "fck"); if (IS_ERR(priv->clk)) { dev_err(dev, "failed to get functional clock\n"); ret = -ENODEV; - goto init_failed; + goto free_wq; } pm_runtime_enable(dev); @@ -313,7 +312,7 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) ret = tilcdc_crtc_create(ddev); if (ret < 0) { dev_err(dev, "failed to create crtc\n"); - goto init_failed; + goto disable_pm; } modeset_init(ddev); @@ -324,46 +323,46 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) if (ret) { dev_err(dev, "failed to register cpufreq notifier\n"); priv->freq_transition.notifier_call = NULL; - goto init_failed; + goto destroy_crtc; } #endif if (priv->is_componentized) { ret = component_bind_all(dev, ddev); if (ret < 0) - goto init_failed; + goto unregister_cpufreq_notif; ret = tilcdc_add_component_encoder(ddev); if (ret < 0) - goto init_failed; + goto unbind_component; } else { ret = tilcdc_attach_external_device(ddev); if (ret) - goto init_failed; + goto unregister_cpufreq_notif; } if (!priv->external_connector && ((priv->num_encoders == 0) || (priv->num_connectors == 0))) { dev_err(dev, "no encoders/connectors found\n"); ret = -EPROBE_DEFER; - goto init_failed; + goto unbind_component; } ret = drm_vblank_init(ddev, 1); if (ret < 0) { dev_err(dev, "failed to initialize vblank\n"); - goto init_failed; + goto unbind_component; } ret = platform_get_irq(pdev, 0); if (ret < 0) - goto init_failed; + goto unbind_component; priv->irq = ret; ret = tilcdc_irq_install(ddev, priv->irq); if (ret < 0) { dev_err(dev, "failed to install IRQ handler\n"); - goto init_failed; + goto unbind_component; } drm_mode_config_reset(ddev); @@ -372,16 +371,34 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) ret = drm_dev_register(ddev, 0); if (ret) - goto init_failed; - priv->is_registered = true; + goto stop_poll; drm_client_setup_with_color_mode(ddev, bpp); return 0; -init_failed: - tilcdc_fini(ddev); +stop_poll: + drm_kms_helper_poll_fini(ddev); + tilcdc_irq_uninstall(ddev); +unbind_component: + if (priv->is_componentized) + component_unbind_all(dev, ddev); +unregister_cpufreq_notif: +#ifdef CONFIG_CPU_FREQ + cpufreq_unregister_notifier(&priv->freq_transition, + CPUFREQ_TRANSITION_NOTIFIER); +destroy_crtc: +#endif + tilcdc_crtc_destroy(priv->crtc); +disable_pm: + pm_runtime_disable(dev); + clk_put(priv->clk); +free_wq: + destroy_workqueue(priv->wq); +put_drm: platform_set_drvdata(pdev, NULL); + ddev->dev_private = NULL; + drm_dev_put(ddev); return ret; } diff --git a/drivers/gpu/drm/tilcdc/tilcdc_drv.h b/drivers/gpu/drm/tilcdc/tilcdc_drv.h index b818448c83f61..58b276f82a669 100644 --- a/drivers/gpu/drm/tilcdc/tilcdc_drv.h +++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.h @@ -82,7 +82,6 @@ struct tilcdc_drm_private { struct drm_encoder *external_encoder; struct drm_connector *external_connector; - bool is_registered; bool is_componentized; bool irq_enabled; }; @@ -164,6 +163,7 @@ void tilcdc_crtc_set_panel_info(struct drm_crtc *crtc, void tilcdc_crtc_set_simulate_vesa_sync(struct drm_crtc *crtc, bool simulate_vesa_sync); void tilcdc_crtc_shutdown(struct drm_crtc *crtc); +void tilcdc_crtc_destroy(struct drm_crtc *crtc); int tilcdc_crtc_update_fb(struct drm_crtc *crtc, struct drm_framebuffer *fb, struct drm_pending_vblank_event *event); -- 2.43.0

5 hours, 14 minutes

3
3
0 0

[PATCH] riva/fbdev: fix divide error in nv3_arb()

by Guangshuo Li

A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT_VSCREENINFO ioctl on /dev/fb*. When doing so, the driver recomputes FIFO arbitration parameters in nv3_arb(), using state->mclk_khz (derived from the PRAMDAC MCLK PLL) as a divisor without validating it first. In a normal setup, state->mclk_khz is provided by the real hardware and is non-zero. However, an attacker can construct a malicious or misconfigured device (e.g. a crafted/emulated PCI device) that exposes a bogus PLL configuration, causing state->mclk_khz to become zero. Once nv3_get_param() calls nv3_arb(), the division by state->mclk_khz in the gns calculation causes a divide error and crashes the kernel. Fix this by checking whether state->mclk_khz is zero and bailing out before doing the division. The following log reveals it: rivafb: setting virtual Y resolution to 2184 divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 PID: 2187 Comm: syz-executor.0 Not tainted 5.18.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:nv3_arb drivers/video/fbdev/riva/riva_hw.c:439 [inline] RIP: 0010:nv3_get_param+0x3ab/0x13b0 drivers/video/fbdev/riva/riva_hw.c:546 Code: c1 e8 03 42 0f b6 14 38 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 b7 0e 00 00 41 8b 46 18 01 d8 69 c0 40 42 0f 00 99 <41> f7 fc 48 63 c8 4c 89 e8 48 c1 e8 03 42 0f b6 14 38 4c 89 e8 83 RSP: 0018:ffff888013b2f318 EFLAGS: 00010206 RAX: 0000000001d905c0 RBX: 0000000000000016 RCX: 0000000000040000 RDX: 0000000000000000 RSI: 0000000000000080 RDI: ffff888013b2f6f0 RBP: 0000000000000002 R08: ffffffff82226288 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffff888013b2f4d8 R14: ffff888013b2f6d8 R15: dffffc0000000000 Call Trace: nv3CalcArbitration.constprop.0+0x255/0x460 drivers/video/fbdev/riva/riva_hw.c:603 nv3UpdateArbitrationSettings drivers/video/fbdev/riva/riva_hw.c:637 [inline] CalcStateExt+0x447/0x1b90 drivers/video/fbdev/riva/riva_hw.c:1246 riva_load_video_mode+0x8a9/0xea0 drivers/video/fbdev/riva/fbdev.c:779 rivafb_set_par+0xc0/0x5f0 drivers/video/fbdev/riva/fbdev.c:1196 fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1033 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1109 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1188 __x64_sys_ioctl+0x122/0x190 fs/ioctl.c:856 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Guangshuo Li <lgs201920130244(a)gmail.com> --- drivers/video/fbdev/riva/riva_hw.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/riva/riva_hw.c b/drivers/video/fbdev/riva/riva_hw.c index 8b829b720064..d70c6c4d28e8 100644 --- a/drivers/video/fbdev/riva/riva_hw.c +++ b/drivers/video/fbdev/riva/riva_hw.c @@ -436,6 +436,9 @@ static char nv3_arb(nv3_fifo_info * res_info, nv3_sim_state * state, nv3_arb_in vmisses = 2; eburst_size = state->memory_width * 1; mburst_size = 32; + if (!state->mclk_khz) + return (0); + gns = 1000000 * (gmisses*state->mem_page_miss + state->mem_latency)/state->mclk_khz; ainfo->by_gfacc = gns*ainfo->gdrain_rate/1000000; ainfo->wcmocc = 0; -- 2.43.0

5 hours, 34 minutes

2
1
0 0

FAILED: patch "[PATCH] usb: gadget: udc: fix use-after-free in usb_gadget_state_work" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x baeb66fbd4201d1c4325074e78b1f557dff89b5b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120129-earthlike-curse-b3f8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From baeb66fbd4201d1c4325074e78b1f557dff89b5b Mon Sep 17 00:00:00 2001 From: Jimmy Hu <hhhuuu(a)google.com> Date: Thu, 23 Oct 2025 05:49:45 +0000 Subject: [PATCH] usb: gadget: udc: fix use-after-free in usb_gadget_state_work A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN: BUG: KASAN: invalid-access in sysfs_notify+0x2c/0xd0 Workqueue: events usb_gadget_state_work The fundamental race occurs because a concurrent event (e.g., an interrupt) can call usb_gadget_set_state() and schedule gadget->work at any time during the cleanup process in usb_del_gadget(). Commit 399a45e5237c ("usb: gadget: core: flush gadget workqueue after device removal") attempted to fix this by moving flush_work() to after device_del(). However, this does not fully solve the race, as a new work item can still be scheduled *after* flush_work() completes but before the gadget's memory is freed, leading to the same use-after-free. This patch fixes the race condition robustly by introducing a 'teardown' flag and a 'state_lock' spinlock to the usb_gadget struct. The flag is set during cleanup in usb_del_gadget() *before* calling flush_work() to prevent any new work from being scheduled once cleanup has commenced. The scheduling site, usb_gadget_set_state(), now checks this flag under the lock before queueing the work, thus safely closing the race window. Fixes: 5702f75375aa9 ("usb: gadget: udc-core: move sysfs_notify() to a workqueue") Cc: stable <stable(a)kernel.org> Signed-off-by: Jimmy Hu <hhhuuu(a)google.com> Link: https://patch.msgid.link/20251023054945.233861-1-hhhuuu@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 694653761c44..8dbe79bdc0f9 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1126,8 +1126,13 @@ static void usb_gadget_state_work(struct work_struct *work) void usb_gadget_set_state(struct usb_gadget *gadget, enum usb_device_state state) { + unsigned long flags; + + spin_lock_irqsave(&gadget->state_lock, flags); gadget->state = state; - schedule_work(&gadget->work); + if (!gadget->teardown) + schedule_work(&gadget->work); + spin_unlock_irqrestore(&gadget->state_lock, flags); trace_usb_gadget_set_state(gadget, 0); } EXPORT_SYMBOL_GPL(usb_gadget_set_state); @@ -1361,6 +1366,8 @@ static void usb_udc_nop_release(struct device *dev) void usb_initialize_gadget(struct device *parent, struct usb_gadget *gadget, void (*release)(struct device *dev)) { + spin_lock_init(&gadget->state_lock); + gadget->teardown = false; INIT_WORK(&gadget->work, usb_gadget_state_work); gadget->dev.parent = parent; @@ -1535,6 +1542,7 @@ EXPORT_SYMBOL_GPL(usb_add_gadget_udc); void usb_del_gadget(struct usb_gadget *gadget) { struct usb_udc *udc = gadget->udc; + unsigned long flags; if (!udc) return; @@ -1548,6 +1556,13 @@ void usb_del_gadget(struct usb_gadget *gadget) kobject_uevent(&udc->dev.kobj, KOBJ_REMOVE); sysfs_remove_link(&udc->dev.kobj, "gadget"); device_del(&gadget->dev); + /* + * Set the teardown flag before flushing the work to prevent new work + * from being scheduled while we are cleaning up. + */ + spin_lock_irqsave(&gadget->state_lock, flags); + gadget->teardown = true; + spin_unlock_irqrestore(&gadget->state_lock, flags); flush_work(&gadget->work); ida_free(&gadget_id_numbers, gadget->id_number); cancel_work_sync(&udc->vbus_work); diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h index 3aaf19e77558..8285b19a25e0 100644 --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -376,6 +376,9 @@ struct usb_gadget_ops { * can handle. The UDC must support this and all slower speeds and lower * number of lanes. * @state: the state we are now (attached, suspended, configured, etc) + * @state_lock: Spinlock protecting the `state` and `teardown` members. + * @teardown: True if the device is undergoing teardown, used to prevent + * new work from being scheduled during cleanup. * @name: Identifies the controller hardware type. Used in diagnostics * and sometimes configuration. * @dev: Driver model state for this abstract device. @@ -451,6 +454,8 @@ struct usb_gadget { enum usb_ssp_rate max_ssp_rate; enum usb_device_state state; + spinlock_t state_lock; + bool teardown; const char *name; struct device dev; unsigned isoch_delay;

6 hours, 30 minutes

2
1
0 0

FAILED: patch "[PATCH] usb: gadget: udc: fix use-after-free in usb_gadget_state_work" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x baeb66fbd4201d1c4325074e78b1f557dff89b5b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120123-borax-cut-5c52@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From baeb66fbd4201d1c4325074e78b1f557dff89b5b Mon Sep 17 00:00:00 2001 From: Jimmy Hu <hhhuuu(a)google.com> Date: Thu, 23 Oct 2025 05:49:45 +0000 Subject: [PATCH] usb: gadget: udc: fix use-after-free in usb_gadget_state_work A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN: BUG: KASAN: invalid-access in sysfs_notify+0x2c/0xd0 Workqueue: events usb_gadget_state_work The fundamental race occurs because a concurrent event (e.g., an interrupt) can call usb_gadget_set_state() and schedule gadget->work at any time during the cleanup process in usb_del_gadget(). Commit 399a45e5237c ("usb: gadget: core: flush gadget workqueue after device removal") attempted to fix this by moving flush_work() to after device_del(). However, this does not fully solve the race, as a new work item can still be scheduled *after* flush_work() completes but before the gadget's memory is freed, leading to the same use-after-free. This patch fixes the race condition robustly by introducing a 'teardown' flag and a 'state_lock' spinlock to the usb_gadget struct. The flag is set during cleanup in usb_del_gadget() *before* calling flush_work() to prevent any new work from being scheduled once cleanup has commenced. The scheduling site, usb_gadget_set_state(), now checks this flag under the lock before queueing the work, thus safely closing the race window. Fixes: 5702f75375aa9 ("usb: gadget: udc-core: move sysfs_notify() to a workqueue") Cc: stable <stable(a)kernel.org> Signed-off-by: Jimmy Hu <hhhuuu(a)google.com> Link: https://patch.msgid.link/20251023054945.233861-1-hhhuuu@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 694653761c44..8dbe79bdc0f9 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1126,8 +1126,13 @@ static void usb_gadget_state_work(struct work_struct *work) void usb_gadget_set_state(struct usb_gadget *gadget, enum usb_device_state state) { + unsigned long flags; + + spin_lock_irqsave(&gadget->state_lock, flags); gadget->state = state; - schedule_work(&gadget->work); + if (!gadget->teardown) + schedule_work(&gadget->work); + spin_unlock_irqrestore(&gadget->state_lock, flags); trace_usb_gadget_set_state(gadget, 0); } EXPORT_SYMBOL_GPL(usb_gadget_set_state); @@ -1361,6 +1366,8 @@ static void usb_udc_nop_release(struct device *dev) void usb_initialize_gadget(struct device *parent, struct usb_gadget *gadget, void (*release)(struct device *dev)) { + spin_lock_init(&gadget->state_lock); + gadget->teardown = false; INIT_WORK(&gadget->work, usb_gadget_state_work); gadget->dev.parent = parent; @@ -1535,6 +1542,7 @@ EXPORT_SYMBOL_GPL(usb_add_gadget_udc); void usb_del_gadget(struct usb_gadget *gadget) { struct usb_udc *udc = gadget->udc; + unsigned long flags; if (!udc) return; @@ -1548,6 +1556,13 @@ void usb_del_gadget(struct usb_gadget *gadget) kobject_uevent(&udc->dev.kobj, KOBJ_REMOVE); sysfs_remove_link(&udc->dev.kobj, "gadget"); device_del(&gadget->dev); + /* + * Set the teardown flag before flushing the work to prevent new work + * from being scheduled while we are cleaning up. + */ + spin_lock_irqsave(&gadget->state_lock, flags); + gadget->teardown = true; + spin_unlock_irqrestore(&gadget->state_lock, flags); flush_work(&gadget->work); ida_free(&gadget_id_numbers, gadget->id_number); cancel_work_sync(&udc->vbus_work); diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h index 3aaf19e77558..8285b19a25e0 100644 --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -376,6 +376,9 @@ struct usb_gadget_ops { * can handle. The UDC must support this and all slower speeds and lower * number of lanes. * @state: the state we are now (attached, suspended, configured, etc) + * @state_lock: Spinlock protecting the `state` and `teardown` members. + * @teardown: True if the device is undergoing teardown, used to prevent + * new work from being scheduled during cleanup. * @name: Identifies the controller hardware type. Used in diagnostics * and sometimes configuration. * @dev: Driver model state for this abstract device. @@ -451,6 +454,8 @@ struct usb_gadget { enum usb_ssp_rate max_ssp_rate; enum usb_device_state state; + spinlock_t state_lock; + bool teardown; const char *name; struct device dev; unsigned isoch_delay;

6 hours, 33 minutes

2
1
0 0

[net PATCH] wifi: ath11k: fix wrong usage of resource_size() causing firmware panic

by Christian Marangi

On converting to the of_reserved_mem_region_to_resource() helper with commit 900730dc4705 ("wifi: ath: Use of_reserved_mem_region_to_resource() for "memory-region"") a logic error was introduced in the ath11k_core_coldboot_cal_support() if condition. The original code checked for hremote_node presence and skipped ath11k_core_coldboot_cal_support() in the other switch case but now everything is driven entirely on the values of the resource struct. resource_size() (in this case) is wrongly assumed to return a size of zero if the passed resource struct is init to zero. This is not the case as a resource struct should be always init with correct values (or at best set the end value to -1 to signal it's not configured) (the return value of resource_size() for a resource struct with start and end set to zero is 1) On top of this, using resource_size() to check if a resource struct is initialized or not is generally wrong and other measure should be used instead. To better handle this, use the DEFINE_RES macro to initialize the resource struct and set the IORESOURCE_UNSET flag by default. Replace the resource_size() check with checking for the resource struct flags and check if it's IORESOURCE_UNSET. This change effectively restore the original logic and restore correct loading of the ath11k firmware (restoring correct functionality of Wi-Fi) Cc: stable(a)vger.kernel.org Fixes: 900730dc4705 ("wifi: ath: Use of_reserved_mem_region_to_resource() for "memory-region"") Link: https://lore.kernel.org/all/20251207215359.28895-1-ansuelsmth@gmail.com/T/#… Cc: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/net/wireless/ath/ath11k/qmi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c index ff6a97e328b8..afa663c00620 100644 --- a/drivers/net/wireless/ath/ath11k/qmi.c +++ b/drivers/net/wireless/ath/ath11k/qmi.c @@ -2039,8 +2039,8 @@ static int ath11k_qmi_alloc_target_mem_chunk(struct ath11k_base *ab) static int ath11k_qmi_assign_target_mem_chunk(struct ath11k_base *ab) { + struct resource res = DEFINE_RES(0, 0, IORESOURCE_UNSET); struct device *dev = ab->dev; - struct resource res = {}; u32 host_ddr_sz; int i, idx, ret; @@ -2086,7 +2086,7 @@ static int ath11k_qmi_assign_target_mem_chunk(struct ath11k_base *ab) } if (ath11k_core_coldboot_cal_support(ab)) { - if (resource_size(&res)) { + if (res.flags != IORESOURCE_UNSET) { ab->qmi.target_mem[idx].paddr = res.start + host_ddr_sz; ab->qmi.target_mem[idx].iaddr = -- 2.51.0

7 hours, 31 minutes

1
0
0 0

[PATCH] ocfs2: Fix kernel BUG in ocfs2_write_block

by Prithvi Tambewagh

When the filesystem is being mounted, the kernel panics while the data regarding slot map allocation to the local node, is being written to the disk. This occurs because the value of slot map buffer head block number, which should have been greater than or equal to `OCFS2_SUPER_BLOCK_BLKNO` (evaluating to 2) is less than it, indicative of disk metadata corruption. This triggers BUG_ON(bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) in ocfs2_write_block(), causing the kernel to panic. This is fixed by introducing an if condition block in ocfs2_update_disk_slot(), right before calling ocfs2_write_block(), which checks if `bh->b_blocknr` is lesser than `OCFS2_SUPER_BLOCK_BLKNO`; if yes, then ocfs2_error is called, which prints the error log, for debugging purposes, and the return value of ocfs2_error() is returned back to caller of ocfs2_update_disk_slot() i.e. ocfs2_find_slot(). If the return value is zero. then error code EIO is returned. Reported-by: syzbot+c818e5c4559444f88aa0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0 Tested-by: syzbot+c818e5c4559444f88aa0(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Prithvi Tambewagh <activprithvi(a)gmail.com> --- fs/ocfs2/slot_map.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c index e544c704b583..788924fc3663 100644 --- a/fs/ocfs2/slot_map.c +++ b/fs/ocfs2/slot_map.c @@ -193,6 +193,16 @@ static int ocfs2_update_disk_slot(struct ocfs2_super *osb, else ocfs2_update_disk_slot_old(si, slot_num, &bh); spin_unlock(&osb->osb_lock); + if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) { + status = ocfs2_error(osb->sb, + "Invalid Slot Map Buffer Head " + "Block Number : %llu, Should be >= %d", + le16_to_cpu(bh->b_blocknr), + le16_to_cpu((int)OCFS2_SUPER_BLOCK_BLKNO)); + if (!status) + return -EIO; + return status; + } status = ocfs2_write_block(osb, bh, INODE_CACHE(si->si_inode)); if (status < 0) base-commit: 24172e0d79900908cf5ebf366600616d29c9b417 -- 2.43.0

8 hours, 24 minutes

2
1
0 0

[PATCH] KEYS: trusted: Fix overwrite of keyhandle parameter

by Jarkko Sakkinen

tpm2_key_decode() overrides the explicit keyhandle parameter, which can lead to problems, if the loaded parent handle does not match the handle stored to the key file. This can easily happen as handle by definition is an ambiguous attribute. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index fb76c4ea496f..950684e54c71 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -121,7 +121,9 @@ static int tpm2_key_decode(struct trusted_key_payload *payload, return -ENOMEM; *buf = blob; - options->keyhandle = ctx.parent; + + if (!options->keyhandle) + options->keyhandle = ctx.parent; memcpy(blob, ctx.priv, ctx.priv_len); blob += ctx.priv_len; -- 2.39.5

8 hours, 39 minutes

1
1
0 0

FAILED: patch "[PATCH] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4da3768e1820cf15cced390242d8789aed34f54d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120802-remedy-glimmer-fc9d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4da3768e1820cf15cced390242d8789aed34f54d Mon Sep 17 00:00:00 2001 From: Omar Sandoval <osandov(a)fb.com> Date: Tue, 4 Nov 2025 09:55:26 -0800 Subject: [PATCH] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the code stream is changed (e.g. by a different vCPU) between when the CPU executes the instruction and when KVM decodes the instruction to get the next RIP. As effectively predicted by commit 6ef88d6e36c2 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction"), failure to verify that the correct INTn instruction was decoded can effectively clobber guest state due to decoding the wrong instruction and thus specifying the wrong next RIP. The bug most often manifests as "Oops: int3" panics on static branch checks in Linux guests. Enabling or disabling a static branch in Linux uses the kernel's "text poke" code patching mechanism. To modify code while other CPUs may be executing that code, Linux (temporarily) replaces the first byte of the original instruction with an int3 (opcode 0xcc), then patches in the new code stream except for the first byte, and finally replaces the int3 with the first byte of the new code stream. If a CPU hits the int3, i.e. executes the code while it's being modified, then the guest kernel must look up the RIP to determine how to handle the #BP, e.g. by emulating the new instruction. If the RIP is incorrect, then this lookup fails and the guest kernel panics. The bug reproduces almost instantly by hacking the guest kernel to repeatedly check a static branch[1] while running a drgn script[2] on the host to constantly swap out the memory containing the guest's TSS. [1]: https://gist.github.com/osandov/44d17c51c28c0ac998ea0334edf90b5a [2]: https://gist.github.com/osandov/10e45e45afa29b11e0c7209247afc00b Fixes: 6ef88d6e36c2 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction") Cc: stable(a)vger.kernel.org Co-developed-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Omar Sandoval <osandov(a)fb.com> Link: https://patch.msgid.link/1cc6dcdf36e3add7ee7c8d90ad58414eeb6c3d34.176227876… Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 48598d017d6f..974d64bf0a4d 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2143,6 +2143,11 @@ u64 vcpu_tsc_khz(struct kvm_vcpu *vcpu); * the gfn, i.e. retrying the instruction will hit a * !PRESENT fault, which results in a new shadow page * and sends KVM back to square one. + * + * EMULTYPE_SKIP_SOFT_INT - Set in combination with EMULTYPE_SKIP to only skip + * an instruction if it could generate a given software + * interrupt, which must be encoded via + * EMULTYPE_SET_SOFT_INT_VECTOR(). */ #define EMULTYPE_NO_DECODE (1 << 0) #define EMULTYPE_TRAP_UD (1 << 1) @@ -2153,6 +2158,10 @@ u64 vcpu_tsc_khz(struct kvm_vcpu *vcpu); #define EMULTYPE_PF (1 << 6) #define EMULTYPE_COMPLETE_USER_EXIT (1 << 7) #define EMULTYPE_WRITE_PF_TO_SP (1 << 8) +#define EMULTYPE_SKIP_SOFT_INT (1 << 9) + +#define EMULTYPE_SET_SOFT_INT_VECTOR(v) ((u32)((v) & 0xff) << 16) +#define EMULTYPE_GET_SOFT_INT_VECTOR(e) (((e) >> 16) & 0xff) static inline bool kvm_can_emulate_event_vectoring(int emul_type) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1ae7b3c5a7c5..459db8154929 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -272,6 +272,7 @@ static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask) } static int __svm_skip_emulated_instruction(struct kvm_vcpu *vcpu, + int emul_type, bool commit_side_effects) { struct vcpu_svm *svm = to_svm(vcpu); @@ -293,7 +294,7 @@ static int __svm_skip_emulated_instruction(struct kvm_vcpu *vcpu, if (unlikely(!commit_side_effects)) old_rflags = svm->vmcb->save.rflags; - if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP)) + if (!kvm_emulate_instruction(vcpu, emul_type)) return 0; if (unlikely(!commit_side_effects)) @@ -311,11 +312,13 @@ static int __svm_skip_emulated_instruction(struct kvm_vcpu *vcpu, static int svm_skip_emulated_instruction(struct kvm_vcpu *vcpu) { - return __svm_skip_emulated_instruction(vcpu, true); + return __svm_skip_emulated_instruction(vcpu, EMULTYPE_SKIP, true); } -static int svm_update_soft_interrupt_rip(struct kvm_vcpu *vcpu) +static int svm_update_soft_interrupt_rip(struct kvm_vcpu *vcpu, u8 vector) { + const int emul_type = EMULTYPE_SKIP | EMULTYPE_SKIP_SOFT_INT | + EMULTYPE_SET_SOFT_INT_VECTOR(vector); unsigned long rip, old_rip = kvm_rip_read(vcpu); struct vcpu_svm *svm = to_svm(vcpu); @@ -331,7 +334,7 @@ static int svm_update_soft_interrupt_rip(struct kvm_vcpu *vcpu) * in use, the skip must not commit any side effects such as clearing * the interrupt shadow or RFLAGS.RF. */ - if (!__svm_skip_emulated_instruction(vcpu, !nrips)) + if (!__svm_skip_emulated_instruction(vcpu, emul_type, !nrips)) return -EIO; rip = kvm_rip_read(vcpu); @@ -367,7 +370,7 @@ static void svm_inject_exception(struct kvm_vcpu *vcpu) kvm_deliver_exception_payload(vcpu, ex); if (kvm_exception_is_soft(ex->vector) && - svm_update_soft_interrupt_rip(vcpu)) + svm_update_soft_interrupt_rip(vcpu, ex->vector)) return; svm->vmcb->control.event_inj = ex->vector @@ -3642,11 +3645,12 @@ static bool svm_set_vnmi_pending(struct kvm_vcpu *vcpu) static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected) { + struct kvm_queued_interrupt *intr = &vcpu->arch.interrupt; struct vcpu_svm *svm = to_svm(vcpu); u32 type; - if (vcpu->arch.interrupt.soft) { - if (svm_update_soft_interrupt_rip(vcpu)) + if (intr->soft) { + if (svm_update_soft_interrupt_rip(vcpu, intr->nr)) return; type = SVM_EVTINJ_TYPE_SOFT; @@ -3654,12 +3658,10 @@ static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected) type = SVM_EVTINJ_TYPE_INTR; } - trace_kvm_inj_virq(vcpu->arch.interrupt.nr, - vcpu->arch.interrupt.soft, reinjected); + trace_kvm_inj_virq(intr->nr, intr->soft, reinjected); ++vcpu->stat.irq_injections; - svm->vmcb->control.event_inj = vcpu->arch.interrupt.nr | - SVM_EVTINJ_VALID | type; + svm->vmcb->control.event_inj = intr->nr | SVM_EVTINJ_VALID | type; } void svm_complete_interrupt_delivery(struct kvm_vcpu *vcpu, int delivery_mode, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 42ecd093bb4c..8e14c0292809 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9338,6 +9338,23 @@ static bool is_vmware_backdoor_opcode(struct x86_emulate_ctxt *ctxt) return false; } +static bool is_soft_int_instruction(struct x86_emulate_ctxt *ctxt, + int emulation_type) +{ + u8 vector = EMULTYPE_GET_SOFT_INT_VECTOR(emulation_type); + + switch (ctxt->b) { + case 0xcc: + return vector == BP_VECTOR; + case 0xcd: + return vector == ctxt->src.val; + case 0xce: + return vector == OF_VECTOR; + default: + return false; + } +} + /* * Decode an instruction for emulation. The caller is responsible for handling * code breakpoints. Note, manually detecting code breakpoints is unnecessary @@ -9448,6 +9465,10 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, * injecting single-step #DBs. */ if (emulation_type & EMULTYPE_SKIP) { + if (emulation_type & EMULTYPE_SKIP_SOFT_INT && + !is_soft_int_instruction(ctxt, emulation_type)) + return 0; + if (ctxt->mode != X86EMUL_MODE_PROT64) ctxt->eip = (u32)ctxt->_eip; else

8 hours, 47 minutes

3
4
0 0

¿Cuánto cuesta una mala contratación?

by Valeria Pérez

¿Cuánto cuesta una mala contratación? body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Una mala contratación cuesta 3X el salario. Evítalo con datos, no percepciones. Hola, , ¿Sabías que una mala contratación cuesta hasta 3 veces el salario anual? El 74% de empresas admite haber contratado a la persona equivocada. El motivo: decisiones basadas en percepciones, no en datos objetivos. PsicoSmart te ayuda a evaluar talento con precisión: 31 pruebas psicométricas validadas para medir liderazgo, honestidad e inteligencia 2,500+ exámenes técnicos especializados por industria Verificación de identidad con captura fotográfica automática Resultados en minutos, accesible desde cualquier dispositivo Reduce hasta 60% el riesgo de error en selección. ¿Quieres una demostración gratuita? Responde este correo y te contacto en menos de 24 horas. Saludos, -------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewiswqrpseup">click aquí</a>

10 hours, 45 minutes

1
0
0 0

[PATCH] pmdomain: imx: Fix reference count leak in imx_gpc_probe()

by Wentao Liang

of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not needed anymore. Add missing of_node_put() calls in imx_gpc_probe() to avoid reference count leak. This commit fixes the following issues: 1. Add of_node_put(pgc_node) before returning from imx_gpc_probe() 2. Use goto pattern to consolidate error handling Fixes: 721cabf6c660 ("soc: imx: move PGC handling to a new GPC driver") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/pmdomain/imx/gpc.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/drivers/pmdomain/imx/gpc.c b/drivers/pmdomain/imx/gpc.c index f18c7e6e75dd..754c60effc8a 100644 --- a/drivers/pmdomain/imx/gpc.c +++ b/drivers/pmdomain/imx/gpc.c @@ -416,8 +416,10 @@ static int imx_gpc_probe(struct platform_device *pdev) return 0; base = devm_platform_ioremap_resource(pdev, 0); - if (IS_ERR(base)) - return PTR_ERR(base); + if (IS_ERR(base)) { + ret = PTR_ERR(base); + goto err_free; + } regmap = devm_regmap_init_mmio_clk(&pdev->dev, NULL, base, &imx_gpc_regmap_config); @@ -425,7 +427,7 @@ static int imx_gpc_probe(struct platform_device *pdev) ret = PTR_ERR(regmap); dev_err(&pdev->dev, "failed to init regmap: %d\n", ret); - return ret; + goto err_free; } /* @@ -460,29 +462,33 @@ static int imx_gpc_probe(struct platform_device *pdev) int domain_index; ipg_clk = devm_clk_get(&pdev->dev, "ipg"); - if (IS_ERR(ipg_clk)) - return PTR_ERR(ipg_clk); + if (IS_ERR(ipg_clk)) { + ret = PTR_ERR(ipg_clk); + goto err_free; + } ipg_rate_mhz = clk_get_rate(ipg_clk) / 1000000; for_each_child_of_node_scoped(pgc_node, np) { ret = of_property_read_u32(np, "reg", &domain_index); if (ret) - return ret; + goto err_free; if (domain_index >= of_id_data->num_domains) continue; pd_pdev = platform_device_alloc("imx-pgc-power-domain", domain_index); - if (!pd_pdev) - return -ENOMEM; + if (!pd_pdev) { + ret = -ENOMEM; + goto err_free; + } ret = platform_device_add_data(pd_pdev, &imx_gpc_domains[domain_index], sizeof(imx_gpc_domains[domain_index])); if (ret) { platform_device_put(pd_pdev); - return ret; + goto err_free; } domain = pd_pdev->dev.platform_data; domain->regmap = regmap; @@ -495,12 +501,17 @@ static int imx_gpc_probe(struct platform_device *pdev) ret = platform_device_add(pd_pdev); if (ret) { platform_device_put(pd_pdev); - return ret; + goto err_free; } } } + of_node_put(pgc_node); return 0; + +err_free: + of_node_put(pgc_node); + return ret; } static void imx_gpc_remove(struct platform_device *pdev) -- 2.34.1

12 hours

3
2
0 0

[PATCH v3 1/2] intel_th: fix device leak on output open()

by Johan Hovold

Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close(). Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open(). Fixes: 39f4034693b7 ("intel_th: Add driver infrastructure for Intel(R) Trace Hub devices") Fixes: 6d5925b667e4 ("intel_th: Fix error handling in intel_th_output_open") Cc: stable(a)vger.kernel.org # 4.4: 6d5925b667e4 Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Ma Ke <make24(a)iscas.ac.cn> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/hwtracing/intel_th/core.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/hwtracing/intel_th/core.c b/drivers/hwtracing/intel_th/core.c index 591b7c12aae5..d9c17214d3dc 100644 --- a/drivers/hwtracing/intel_th/core.c +++ b/drivers/hwtracing/intel_th/core.c @@ -810,9 +810,12 @@ static int intel_th_output_open(struct inode *inode, struct file *file) int err; dev = bus_find_device_by_devt(&intel_th_bus, inode->i_rdev); - if (!dev || !dev->driver) { + if (!dev) + return -ENODEV; + + if (!dev->driver) { err = -ENODEV; - goto out_no_device; + goto out_put_device; } thdrv = to_intel_th_driver(dev->driver); @@ -836,12 +839,22 @@ static int intel_th_output_open(struct inode *inode, struct file *file) out_put_device: put_device(dev); -out_no_device: + return err; } +static int intel_th_output_release(struct inode *inode, struct file *file) +{ + struct intel_th_device *thdev = file->private_data; + + put_device(&thdev->dev); + + return 0; +} + static const struct file_operations intel_th_output_fops = { .open = intel_th_output_open, + .release = intel_th_output_release, .llseek = noop_llseek, }; -- 2.52.0

12 hours

1
0
0 0

[PATCH 1/1] PCI: Use resource_set_range() that correctly sets ->end

by Ilpo Järvinen

__pci_read_base() sets resource start and end addresses when resource is larger than 4G but pci_bus_addr_t or resource_size_t are not capable of representing 64-bit PCI addresses. This creates a problematic resource that has non-zero flags but the start and end addresses do not yield to resource size of 0 but 1. Replace custom resource addresses setup with resource_set_range() that correctly sets end address as -1 which results in resource_size() returning 0. For consistency, also use resource_set_range() in the other branch that does size based resource setup. Fixes: 23b13bc76f35 ("PCI: Fail safely if we can't handle BARs larger than 4GB") Link: https://lore.kernel.org/all/20251207215359.28895-1-ansuelsmth@gmail.com/T/#… Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/pci/probe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 124d2d309c58..b8294a2f11f9 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -287,8 +287,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, if ((sizeof(pci_bus_addr_t) < 8 || sizeof(resource_size_t) < 8) && sz64 > 0x100000000ULL) { res->flags |= IORESOURCE_UNSET | IORESOURCE_DISABLED; - res->start = 0; - res->end = 0; + resource_set_range(res, 0, 0); pci_err(dev, "%s: can't handle BAR larger than 4GB (size %#010llx)\n", res_name, (unsigned long long)sz64); goto out; @@ -297,8 +296,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, if ((sizeof(pci_bus_addr_t) < 8) && l) { /* Above 32-bit boundary; try to reallocate */ res->flags |= IORESOURCE_UNSET; - res->start = 0; - res->end = sz64 - 1; + resource_set_range(res, 0, sz64); pci_info(dev, "%s: can't handle BAR above 4GB (bus address %#010llx)\n", res_name, (unsigned long long)l64); goto out; base-commit: 43dfc13ca972988e620a6edb72956981b75ab6b0 -- 2.39.5

12 hours, 20 minutes

2
1
0 0

[PATCH] fsi: master-gpio: Fix reference count leak in probe error path

by Wentao Liang

The function of_node_get() returns a node pointer with its refcount incremented, but in the error path of the fsi_master_gpio_probe(), this reference is not released before freeing the master structure, causing a refcount leak. Add the missing of_node_put() in the error handling path to properly release the device tree node reference. Fixes: 8ef9ccf81044 ("fsi: master-gpio: Add missing release function") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/fsi/fsi-master-gpio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/fsi/fsi-master-gpio.c b/drivers/fsi/fsi-master-gpio.c index 69de0b5b9cbd..ae9e156284d0 100644 --- a/drivers/fsi/fsi-master-gpio.c +++ b/drivers/fsi/fsi-master-gpio.c @@ -861,6 +861,7 @@ static int fsi_master_gpio_probe(struct platform_device *pdev) } return 0; err_free: + of_node_put(master->master.dev.of_node); kfree(master); return rc; } -- 2.34.1

12 hours, 25 minutes

2
1
0 0

[PATCH] resource: handle wrong resource_size value on zero start/end resource

by Christian Marangi

Commit 900730dc4705 ("wifi: ath: Use of_reserved_mem_region_to_resource() for "memory-region"") uncovered a massive problem with the usage of resource_size() helper. The reported commit caused a regression with ath11k WiFi firmware loading and the change was just a simple replacement of duplicate code with a new helper of_reserved_mem_region_to_resource(). On reworking this, in the commit also a check for the presence of the node was replaced with resource_size(&res). This was done following the logic that if the node wasn't present then it's expected that also the resource_size is zero, mimicking the same if-else logic. This was also the reason the regression was mostly hard to catch at first sight as the rework is correctly done given the assumption on the used helpers. BUT this is actually not the case. On further inspection on resource_size() it was found that it NEVER actually returns 0. Even if the resource value of start and end are 0, the return value of resource_size() will ALWAYS be 1, resulting in the broken if-else condition ALWAYS going in the first if condition. This was simply confirmed by reading the resource_size() logic: return res->end - res->start + 1; Given the confusion, also other case of such usage were searched in the kernel and with great suprise it seems LOTS of place assume resource_size() should return zero in the context of the resource start and end set to 0. Quoting for example comments in drivers/vfio/pci/vfio_pci_core.c: /* * The PCI core shouldn't set up a resource with a * type but zero size. But there may be bugs that * cause us to do that. */ if (!resource_size(res)) goto no_mmap; It really seems resource_size() was tought with the assumption that resource struct was always correctly initialized before calling it and never set to zero. But across the year this got lost and now there are lots of driver that assume resource_size() returns 0 if start and end are also 0. To better handle this and make resource_size() returns correct value in such case, add a simple check and return 0 if both resource start and resource end are zero. Cc: Rob Herring (Arm) <robh(a)kernel.org> Cc: stable(a)vger.kernel.org Fixes: 1a4e564b7db9 ("resource: add resource_size()") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- include/linux/ioport.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/ioport.h b/include/linux/ioport.h index 9afa30f9346f..1b8ce62255db 100644 --- a/include/linux/ioport.h +++ b/include/linux/ioport.h @@ -288,6 +288,9 @@ static inline void resource_set_range(struct resource *res, static inline resource_size_t resource_size(const struct resource *res) { + if (!res->start && !res->end) + return 0; + return res->end - res->start + 1; } static inline unsigned long resource_type(const struct resource *res) -- 2.51.0

12 hours, 32 minutes

3
10
0 0

PROBLEM: hwclock busted w/ M48T59 RTC (regression)

by Nick Bowler

Hi, After a stable kernel update, the hwclock command seems no longer functional on my SPARC system with an ST M48T59Y-70PC1 RTC: # hwclock [...long delay...] hwclock: select() to /dev/rtc0 to wait for clock tick timed out On prior kernels, there is no problem: # hwclock 2025-10-22 22:21:04.806992-04:00 I reproduced the same failure on 6.18-rc2 and bisected to this commit: commit 795cda8338eab036013314dbc0b04aae728880ab Author: Esben Haabendal <esben(a)geanix.com> Date: Fri May 16 09:23:35 2025 +0200 rtc: interface: Fix long-standing race when setting alarm This commit was backported to all current 6.x stable branches, as well as 5.15.x, so they all have the same regression. Reverting this commit on top of 6.18-rc2 corrects the problem. Let me know if you need any more info! Thanks, Nick

13 hours

4
7
0 0

[PATCH] powerpc/pseries: Fix MSI-X allocation failure when quota is exceeded

by Nam Cao

Nilay reported that since commit daaa574aba6f ("powerpc/pseries/msi: Switch to msi_create_parent_irq_domain()"), the NVMe driver cannot enable MSI-X when the device's MSI-X table size is larger than the firmware's MSI quota for the device. This is because the commit changes how rtas_prepare_msi_irqs() is called: - Before, it is called when interrupts are allocated at the global interrupt domain with nvec_in being the number of allocated interrupts. rtas_prepare_msi_irqs() can return a positive number and the allocation will be retried. - Now, it is called at the creation of per-device interrupt domain with nvec_in being the number of interrupts that the device supports. If rtas_prepare_msi_irqs() returns positive, domain creation just fails. For Nilay's NVMe driver case, rtas_prepare_msi_irqs() returns a positive number (the quota). This causes per-device interrupt domain creation to fail and thus the NVMe driver cannot enable MSI-X. Rework to make this scenario works again: - pseries_msi_ops_prepare() only prepares as many interrupts as the quota permit. - pseries_irq_domain_alloc() fails if the device's quota is exceeded. Now, if the quota is exceeded, pseries_msi_ops_prepare() will only prepare as allowed by the quota. If device drivers attempt to allocate more interrupts than the quota permits, pseries_irq_domain_alloc() will return an error code and msi_handle_pci_fail() will allow device drivers a retry. Reported-by: Nilay Shroff <nilay(a)inux.ibm.com> Closes: https://lore.kernel.org/linuxppc-dev/6af2c4c2-97f6-4758-be33-256638ef39e5@l… Fixes: daaa574aba6f ("powerpc/pseries/msi: Switch to msi_create_parent_irq_domain()") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Acked-by: Nilay Shroff <nilay(a)inux.ibm.com> Cc: stable(a)vger.kernel.org --- arch/powerpc/platforms/pseries/msi.c | 42 ++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/msi.c b/arch/powerpc/platforms/pseries/msi.c index a82aaa786e9e..8898a968a59b 100644 --- a/arch/powerpc/platforms/pseries/msi.c +++ b/arch/powerpc/platforms/pseries/msi.c @@ -19,6 +19,11 @@ #include "pseries.h" +struct pseries_msi_device { + unsigned int msi_quota; + unsigned int msi_used; +}; + static int query_token, change_token; #define RTAS_QUERY_FN 0 @@ -433,8 +438,26 @@ static int pseries_msi_ops_prepare(struct irq_domain *domain, struct device *dev struct msi_domain_info *info = domain->host_data; struct pci_dev *pdev = to_pci_dev(dev); int type = (info->flags & MSI_FLAG_PCI_MSIX) ? PCI_CAP_ID_MSIX : PCI_CAP_ID_MSI; + int ret; + + struct pseries_msi_device *pseries_dev __free(kfree) + = kmalloc(sizeof(*pseries_dev), GFP_KERNEL); + if (!pseries_dev) + return -ENOMEM; + + ret = rtas_prepare_msi_irqs(pdev, nvec, type, arg); + if (ret > 0) { + nvec = ret; + ret = rtas_prepare_msi_irqs(pdev, nvec, type, arg); + } + if (ret < 0) + return ret; - return rtas_prepare_msi_irqs(pdev, nvec, type, arg); + pseries_dev->msi_quota = nvec; + pseries_dev->msi_used = 0; + + arg->scratchpad[0].ptr = no_free_ptr(pseries_dev); + return 0; } /* @@ -443,9 +466,13 @@ static int pseries_msi_ops_prepare(struct irq_domain *domain, struct device *dev */ static void pseries_msi_ops_teardown(struct irq_domain *domain, msi_alloc_info_t *arg) { + struct pseries_msi_device *pseries_dev = arg->scratchpad[0].ptr; struct pci_dev *pdev = to_pci_dev(domain->dev); rtas_disable_msi(pdev); + + WARN_ON(pseries_dev->msi_used); + kfree(pseries_dev); } static void pseries_msi_shutdown(struct irq_data *d) @@ -546,12 +573,18 @@ static int pseries_irq_domain_alloc(struct irq_domain *domain, unsigned int virq unsigned int nr_irqs, void *arg) { struct pci_controller *phb = domain->host_data; + struct pseries_msi_device *pseries_dev; msi_alloc_info_t *info = arg; struct msi_desc *desc = info->desc; struct pci_dev *pdev = msi_desc_to_pci_dev(desc); int hwirq; int i, ret; + pseries_dev = info->scratchpad[0].ptr; + + if (pseries_dev->msi_used + nr_irqs > pseries_dev->msi_quota) + return -ENOSPC; + hwirq = rtas_query_irq_number(pci_get_pdn(pdev), desc->msi_index); if (hwirq < 0) { dev_err(&pdev->dev, "Failed to query HW IRQ: %d\n", hwirq); @@ -567,9 +600,10 @@ static int pseries_irq_domain_alloc(struct irq_domain *domain, unsigned int virq goto out; irq_domain_set_hwirq_and_chip(domain, virq + i, hwirq + i, - &pseries_msi_irq_chip, domain->host_data); + &pseries_msi_irq_chip, pseries_dev); } + pseries_dev->msi_used++; return 0; out: @@ -582,9 +616,11 @@ static void pseries_irq_domain_free(struct irq_domain *domain, unsigned int virq unsigned int nr_irqs) { struct irq_data *d = irq_domain_get_irq_data(domain, virq); - struct pci_controller *phb = irq_data_get_irq_chip_data(d); + struct pseries_msi_device *pseries_dev = irq_data_get_irq_chip_data(d); + struct pci_controller *phb = domain->host_data; pr_debug("%s bridge %pOF %d #%d\n", __func__, phb->dn, virq, nr_irqs); + pseries_dev->msi_used -= nr_irqs; irq_domain_free_irqs_parent(domain, virq, nr_irqs); } -- 2.47.3

13 hours, 56 minutes

1
0
0 0

[PATCH] nvme-pci: add quirk for Wodposit WPBSNM8-256GTP to disable secondary temp thresholds

by Ilikara Zheng

Secondary temperature thresholds (temp2_{min,max}) were not reported properly on this NVMe SSD. This resulted in an error while attempting to read these values with sensors(1): ERROR: Can't get value of subfeature temp2_min: I/O error ERROR: Can't get value of subfeature temp2_max: I/O error Add the device to the nvme_id_table with the NVME_QUIRK_NO_SECONDARY_TEMP_THRESH flag to suppress access to all non- composite temperature thresholds. Cc: stable(a)vger.kernel.org Signed-off-by: Ilikara Zheng <ilikara(a)aosc.io> --- drivers/nvme/host/pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index e5ca8301bb8b..31049f33f27d 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -3997,6 +3997,8 @@ static const struct pci_device_id nvme_id_table[] = { .driver_data = NVME_QUIRK_NO_DEEPEST_PS, }, { PCI_DEVICE(0x1e49, 0x0041), /* ZHITAI TiPro7000 NVMe SSD */ .driver_data = NVME_QUIRK_NO_DEEPEST_PS, }, + { PCI_DEVICE(0x1fa0, 0x2283), /* Wodposit WPBSNM8-256GTP */ + .driver_data = NVME_QUIRK_NO_SECONDARY_TEMP_THRESH, }, { PCI_DEVICE(0x025e, 0xf1ac), /* SOLIDIGM P44 pro SSDPFKKW020X7 */ .driver_data = NVME_QUIRK_NO_DEEPEST_PS, }, { PCI_DEVICE(0xc0a9, 0x540a), /* Crucial P2 */ -- 2.52.0

14 hours, 8 minutes

2
1
0 0

FAILED: patch "[PATCH] xhci: dbgtty: fix device unregister" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1f73b8b56cf35de29a433aee7bfff26cea98be3f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120110-coastal-litigator-8952@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f73b8b56cf35de29a433aee7bfff26cea98be3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Bartosik?= <ukaszb(a)chromium.org> Date: Wed, 19 Nov 2025 21:29:09 +0000 Subject: [PATCH] xhci: dbgtty: fix device unregister MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When DbC is disconnected then xhci_dbc_tty_unregister_device() is called. However if there is any user space process blocked on write to DbC terminal device then it will never be signalled and thus stay blocked indifinitely. This fix adds a tty_vhangup() call in xhci_dbc_tty_unregister_device(). The tty_vhangup() wakes up any blocked writers and causes subsequent write attempts to DbC terminal device to fail. Cc: stable <stable(a)kernel.org> Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Signed-off-by: Łukasz Bartosik <ukaszb(a)chromium.org> Link: https://patch.msgid.link/20251119212910.1245694-1-ukaszb@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-dbgtty.c b/drivers/usb/host/xhci-dbgtty.c index b7f95565524d..57cdda4e09c8 100644 --- a/drivers/usb/host/xhci-dbgtty.c +++ b/drivers/usb/host/xhci-dbgtty.c @@ -550,6 +550,12 @@ static void xhci_dbc_tty_unregister_device(struct xhci_dbc *dbc) if (!port->registered) return; + /* + * Hang up the TTY. This wakes up any blocked + * writers and causes subsequent writes to fail. + */ + tty_vhangup(port->port.tty); + tty_unregister_device(dbc_tty_driver, port->minor); xhci_dbc_tty_exit_port(port); port->registered = false;

14 hours, 34 minutes

2
1
0 0

FAILED: patch "[PATCH] mptcp: Initialise rcv_mss before calling" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f07f4ea53e22429c84b20832fa098b5ecc0d4e35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120333-undamaged-punctual-31dc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f07f4ea53e22429c84b20832fa098b5ecc0d4e35 Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima <kuniyu(a)google.com> Date: Tue, 25 Nov 2025 19:53:29 +0000 Subject: [PATCH] mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). syzbot reported divide-by-zero in __tcp_select_window() by MPTCP socket. [0] We had a similar issue for the bare TCP and fixed in commit 499350a5a6e7 ("tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0"). Let's apply the same fix to mptcp_do_fastclose(). [0]: Oops: divide error: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 6068 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:__tcp_select_window+0x824/0x1320 net/ipv4/tcp_output.c:3336 Code: ff ff ff 44 89 f1 d3 e0 89 c1 f7 d1 41 01 cc 41 21 c4 e9 a9 00 00 00 e8 ca 49 01 f8 e9 9c 00 00 00 e8 c0 49 01 f8 44 89 e0 99 <f7> 7c 24 1c 41 29 d4 48 bb 00 00 00 00 00 fc ff df e9 80 00 00 00 RSP: 0018:ffffc90003017640 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88807b469e40 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90003017730 R08: ffff888033268143 R09: 1ffff1100664d028 R10: dffffc0000000000 R11: ffffed100664d029 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 000055557faa0500(0000) GS:ffff888126135000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f64a1912ff8 CR3: 0000000072122000 CR4: 00000000003526f0 Call Trace: <TASK> tcp_select_window net/ipv4/tcp_output.c:281 [inline] __tcp_transmit_skb+0xbc7/0x3aa0 net/ipv4/tcp_output.c:1568 tcp_transmit_skb net/ipv4/tcp_output.c:1649 [inline] tcp_send_active_reset+0x2d1/0x5b0 net/ipv4/tcp_output.c:3836 mptcp_do_fastclose+0x27e/0x380 net/mptcp/protocol.c:2793 mptcp_disconnect+0x238/0x710 net/mptcp/protocol.c:3253 mptcp_sendmsg_fastopen+0x2f8/0x580 net/mptcp/protocol.c:1776 mptcp_sendmsg+0x1774/0x1980 net/mptcp/protocol.c:1855 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0xe5/0x270 net/socket.c:742 __sys_sendto+0x3bd/0x520 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2247 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f66e998f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffff9acedb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f66e9be5fa0 RCX: 00007f66e998f749 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007ffff9acee10 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007f66e9be5fa0 R14: 00007f66e9be5fa0 R15: 0000000000000006 </TASK> Fixes: ae155060247b ("mptcp: fix duplicate reset on fastclose") Reported-by: syzbot+3a92d359bc2ec6255a33(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/69260882.a70a0220.d98e3.00b4.GAE@google.com/ Signed-off-by: Kuniyuki Iwashima <kuniyu(a)google.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251125195331.309558-1-kuniyu@google.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8abb425d8b5f..1e413426deee 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2798,6 +2798,12 @@ static void mptcp_do_fastclose(struct sock *sk) goto unlock; subflow->send_fastclose = 1; + + /* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0 + * issue in __tcp_select_window(), see tcp_disconnect(). + */ + inet_csk(ssk)->icsk_ack.rcv_mss = TCP_MIN_MSS; + tcp_send_active_reset(ssk, ssk->sk_allocation, SK_RST_REASON_TCP_ABORT_ON_CLOSE); unlock:

14 hours, 35 minutes

2
1
0 0

Performance regressions introduced via Revert "cpuidle: menu: Avoid discarding useful information" on 5.15 LTS

by Harshvardhan Jha

Hi there, While running performance benchmarks for the 5.15.196 LTS tags , it was observed that several regressions across different benchmarks is being introduced when compared to the previous 5.15.193 kernel tag. Running an automated bisect on both of them narrowed down the culprit commit to: - 5666bcc3c00f7 Revert "cpuidle: menu: Avoid discarding useful information" for 5.15 Regressions on 5.15.196 include: -9.3% : Phoronix pts/sqlite using 2 processes on OnPrem X6-2 -6.3% : Phoronix system/sqlite on OnPrem X6-2 -18% : rds-stress -M 1 (readonly rdma-mode) metrics with 1 depth & 1 thread & 1M buffer size on OnPrem X6-2 -4 -> -8% : rds-stress -M 2 (writeonly rdma-mode) metrics with 1 depth & 1 thread & 1M buffer size on OnPrem X6-2 Up to -30% : Some Netpipe metrics on OnPrem X5-2 The culprit commits' messages mention that these reverts were done due to performance regressions introduced in Intel Jasper Lake systems but this revert is causing issues in other systems unfortunately. I wanted to know the maintainers' opinion on how we should proceed in order to fix this. If we reapply it'll bring back the previous regressions on Jasper Lake systems and if we don't revert it then it's stuck with current regressions. If this problem has been reported before and a fix is in the works then please let me know I shall follow developments to that mail thread. Thanks & Regards, Harshvardhan

14 hours, 48 minutes

3
4
0 0

FAILED: patch "[PATCH] mptcp: Initialise rcv_mss before calling" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f07f4ea53e22429c84b20832fa098b5ecc0d4e35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120334-preamble-cobalt-4ca0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f07f4ea53e22429c84b20832fa098b5ecc0d4e35 Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima <kuniyu(a)google.com> Date: Tue, 25 Nov 2025 19:53:29 +0000 Subject: [PATCH] mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). syzbot reported divide-by-zero in __tcp_select_window() by MPTCP socket. [0] We had a similar issue for the bare TCP and fixed in commit 499350a5a6e7 ("tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0"). Let's apply the same fix to mptcp_do_fastclose(). [0]: Oops: divide error: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 6068 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:__tcp_select_window+0x824/0x1320 net/ipv4/tcp_output.c:3336 Code: ff ff ff 44 89 f1 d3 e0 89 c1 f7 d1 41 01 cc 41 21 c4 e9 a9 00 00 00 e8 ca 49 01 f8 e9 9c 00 00 00 e8 c0 49 01 f8 44 89 e0 99 <f7> 7c 24 1c 41 29 d4 48 bb 00 00 00 00 00 fc ff df e9 80 00 00 00 RSP: 0018:ffffc90003017640 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88807b469e40 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90003017730 R08: ffff888033268143 R09: 1ffff1100664d028 R10: dffffc0000000000 R11: ffffed100664d029 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 000055557faa0500(0000) GS:ffff888126135000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f64a1912ff8 CR3: 0000000072122000 CR4: 00000000003526f0 Call Trace: <TASK> tcp_select_window net/ipv4/tcp_output.c:281 [inline] __tcp_transmit_skb+0xbc7/0x3aa0 net/ipv4/tcp_output.c:1568 tcp_transmit_skb net/ipv4/tcp_output.c:1649 [inline] tcp_send_active_reset+0x2d1/0x5b0 net/ipv4/tcp_output.c:3836 mptcp_do_fastclose+0x27e/0x380 net/mptcp/protocol.c:2793 mptcp_disconnect+0x238/0x710 net/mptcp/protocol.c:3253 mptcp_sendmsg_fastopen+0x2f8/0x580 net/mptcp/protocol.c:1776 mptcp_sendmsg+0x1774/0x1980 net/mptcp/protocol.c:1855 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0xe5/0x270 net/socket.c:742 __sys_sendto+0x3bd/0x520 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2247 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f66e998f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffff9acedb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f66e9be5fa0 RCX: 00007f66e998f749 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007ffff9acee10 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007f66e9be5fa0 R14: 00007f66e9be5fa0 R15: 0000000000000006 </TASK> Fixes: ae155060247b ("mptcp: fix duplicate reset on fastclose") Reported-by: syzbot+3a92d359bc2ec6255a33(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/69260882.a70a0220.d98e3.00b4.GAE@google.com/ Signed-off-by: Kuniyuki Iwashima <kuniyu(a)google.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251125195331.309558-1-kuniyu@google.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8abb425d8b5f..1e413426deee 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2798,6 +2798,12 @@ static void mptcp_do_fastclose(struct sock *sk) goto unlock; subflow->send_fastclose = 1; + + /* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0 + * issue in __tcp_select_window(), see tcp_disconnect(). + */ + inet_csk(ssk)->icsk_ack.rcv_mss = TCP_MIN_MSS; + tcp_send_active_reset(ssk, ssk->sk_allocation, SK_RST_REASON_TCP_ABORT_ON_CLOSE); unlock:

15 hours, 56 minutes

3
2
0 0

[PATCH 0/4] drm: Revert and fix enable/disable sequence

by Tomi Valkeinen

Changing the enable/disable sequence in commit c9b1150a68d9 ("drm/atomic-helper: Re-order bridge chain pre-enable and post-disable") has caused regressions on multiple platforms: R-Car, MCDE, Rockchip. This is an alternate series to Linus' series: https://lore.kernel.org/all/20251202-mcde-drm-regression-thirdfix-v6-0-f1bf… This series first reverts the original commit and reverts a fix for mediatek which is no longer needed. It then exposes helper functions from DRM core, and finally implements the new sequence only in the tidss driver. There is one more fix in upstream for the original commit, commit 5d91394f2361 ("drm/exynos: fimd: Guard display clock control with runtime PM calls"), but I have not reverted that one as it looks like a valid patch in its own. I added Cc stable v6.17+ to all patches, but I didn't add Fixes tags, as I wasn't sure what should they point to. But I could perhaps add Fixes: <original commit> to all of these. Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> --- Linus Walleij (1): drm/atomic-helper: Export and namespace some functions Tomi Valkeinen (3): Revert "drm/atomic-helper: Re-order bridge chain pre-enable and post-disable" Revert "drm/mediatek: dsi: Fix DSI host and panel bridge pre-enable order" drm/tidss: Fix enable/disable order drivers/gpu/drm/drm_atomic_helper.c | 122 ++++++++++++++---- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 - drivers/gpu/drm/tidss/tidss_kms.c | 30 ++++- include/drm/drm_atomic_helper.h | 22 ++++ include/drm/drm_bridge.h | 249 ++++++++++-------------------------- 5 files changed, 214 insertions(+), 215 deletions(-) --- base-commit: 88e721ab978a86426aa08da520de77430fa7bb84 change-id: 20251205-drm-seq-fix-b4ed1f56604b Best regards, -- Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>

16 hours, 9 minutes

5
10
0 0

[PATCH v1 1/4] mm/hugetlb: fix hugetlb_pmd_shared()

by David Hildenbrand (Red Hat)

We switched from (wrongly) using the page count to an independent shared count. Now, shared page tables have a refcount of 1 (excluding speculative references) and instead use ptdesc->pt_share_count to identify sharing. We didn't convert hugetlb_pmd_shared(), so right now, we would never detect a shared PMD table as such, because sharing/unsharing no longer touches the refcount of a PMD table. Page migration, like mbind() or migrate_pages() would allow for migrating folios mapped into such shared PMD tables, even though the folios are not exclusive. In smaps we would account them as "private" although they are "shared", and we would be wrongly setting the PM_MMAP_EXCLUSIVE in the pagemap interface. Fix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared(). Fixes: 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count") Cc: <stable(a)vger.kernel.org> Cc: Liu Shixin <liushixin2(a)huawei.com> Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org> --- include/linux/hugetlb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 019a1c5281e4e..03c8725efa289 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -1326,7 +1326,7 @@ static inline __init void hugetlb_cma_reserve(int order) #ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING static inline bool hugetlb_pmd_shared(pte_t *pte) { - return page_count(virt_to_page(pte)) > 1; + return ptdesc_pmd_is_shared(virt_to_ptdesc(pte)); } #else static inline bool hugetlb_pmd_shared(pte_t *pte) -- 2.52.0

16 hours, 34 minutes

5
6
0 0

[PATCH] Revert "wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0"

by Oliver Sedlbauer

This reverts commit 3b5e5185881edf4ee5a1af575e3aedac4a38a764. The REO queue lookup table feature was enabled in 6.12.y due to an upstream backport, but it causes severe RX performance degradation on QCN9274 hw2.0 devices. With this feature enabled, the vast majority of received packets are dropped, reducing throughput drastically and making the device nearly unusable. Reverting this change restores full RX performance. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.5-01651-QCAHKSWPL_SILICONZ-1 Fixes: 3b5e5185881e ("wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0") Signed-off-by: Oliver Sedlbauer <os(a)dev.tdt.de> --- Note: This commit reverts a backport that was not a fix. The backported change breaks previously working behavior on QCN9274 hw2.0 devices and should not have been applied to the 6.12.y stable kernel. drivers/net/wireless/ath/ath12k/hw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/hw.c b/drivers/net/wireless/ath/ath12k/hw.c index 057ef2d282b2..e3eb22bb9e1c 100644 --- a/drivers/net/wireless/ath/ath12k/hw.c +++ b/drivers/net/wireless/ath/ath12k/hw.c @@ -1084,7 +1084,7 @@ static const struct ath12k_hw_params ath12k_hw_params[] = { .download_calib = true, .supports_suspend = false, .tcl_ring_retry = true, - .reoq_lut_support = true, + .reoq_lut_support = false, .supports_shadow_regs = false, .num_tcl_banks = 48, -- 2.39.5

17 hours, 4 minutes

1
0
0 0

[PATCH] wifi: ath11k: fix qmi memory allocation logic for CALDB region

by Alexandru Gagniuc

Memory region assignment in ath11k_qmi_assign_target_mem_chunk() assumes that: 1. firmware will make a HOST_DDR_REGION_TYPE request, and 2. this request is processed before CALDB_MEM_REGION_TYPE In this case CALDB_MEM_REGION_TYPE, can safely be assigned immediately after the host region. However, if the HOST_DDR_REGION_TYPE request is not made, or the reserved-memory node is not present, then res.start and res.end are 0, and host_ddr_sz remains uninitialized. The physical address should fall back to ATH11K_QMI_CALDB_ADDRESS. That doesn't happen: resource_size(&res) returns 1 for an empty resource, and thus the if clause never takes the fallback path. ab->qmi.target_mem[idx].paddr is assigned the uninitialized value of host_ddr_sz + 0 (res.start). Use "if (res.end > res.start)" for the predicate, which correctly falls back to ATH11K_QMI_CALDB_ADDRESS. Fixes: 900730dc4705 ("wifi: ath: Use of_reserved_mem_region_to_resource() for "memory-region"") Cc: stable(a)vger.kernel.org # v6.18 Signed-off-by: Alexandru Gagniuc <mr.nuke.me(a)gmail.com> --- drivers/net/wireless/ath/ath11k/qmi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c index aea56c38bf8f3..6cc26d1c1e2a4 100644 --- a/drivers/net/wireless/ath/ath11k/qmi.c +++ b/drivers/net/wireless/ath/ath11k/qmi.c @@ -2054,7 +2054,7 @@ static int ath11k_qmi_assign_target_mem_chunk(struct ath11k_base *ab) return ret; } - if (res.end - res.start + 1 < ab->qmi.target_mem[i].size) { + if (resource_size(&res) < ab->qmi.target_mem[i].size) { ath11k_dbg(ab, ATH11K_DBG_QMI, "fail to assign memory of sz\n"); return -EINVAL; @@ -2086,7 +2086,7 @@ static int ath11k_qmi_assign_target_mem_chunk(struct ath11k_base *ab) } if (ath11k_core_coldboot_cal_support(ab)) { - if (resource_size(&res)) { + if (res.end > res.start) { ab->qmi.target_mem[idx].paddr = res.start + host_ddr_sz; ab->qmi.target_mem[idx].iaddr = -- 2.45.1

17 hours, 10 minutes

3
3
0 0

回复:6.12.50 regression: netem: cannot mix duplicating netems with other netems in tree.

by zyc zyc

Hello, Resend my last email without HTML. ---- zyc zyc <zyc199902(a)zohomail.cn> 在 Sat, 2025-11-29 18:57:01 写到：--- > Hello, maintainer > > I would like to report what appears to be a regression in 6.12.50 kernel release related to netem. > It rejects our configuration with the message: > Error: netem: cannot mix duplicating netems with other netems in tree. > > This breaks setups that previously worked correctly for many years. > > > Our team uses multiple netem qdiscs in the same HTB branch, arranged in a parallel fashion using a prio fan-out. Each branch of the prio qdisc has its own distinct netem instance with different duplication characteristics. > > This is used to emulate our production conditions where a single logical path fans out into two downstream segments, for example: > > two ECMP next hops with different misbehaviour characteristics, or > > > an HA firewall cluster where only one node is replaying frames, or > > > two LAG / ToR paths where one path intermittently duplicates packets. > > > In our environments, only a subset of flows are affected, and different downstream devices may cause different styles of duplication. > This regression breaks existing automated tests, training environments, and network simulation pipelines. > > I would be happy to provide our reproducer if needed. > > Thank you for your time and for maintaining Linux kernel. > > > > Best regards, > zyc > > >

17 hours, 37 minutes

2
5
0 0

[PATCH v2] media: uvcvideo: Fix support for V4L2_CTRL_FLAG_HAS_WHICH_MIN_MAX

by Ricardo Ribalda

The VIDIOC_G_EXT_CTRLS with which V4L2_CTRL_WHICH_(MIN|MAX)_VAL can only work for controls that have previously announced support for it. This patch fixes the following v4l2-compliance error: info: checking extended control 'User Controls' (0x00980001) fail: v4l2-test-controls.cpp(980): ret != EINVAL (got 13) test VIDIOC_G/S/TRY_EXT_CTRLS: FAIL Fixes: 39d2c891c96e ("media: uvcvideo: support V4L2_CTRL_WHICH_MIN/MAX_VAL") Cc: stable(a)vger.kernel.org Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v2, Thanks Laurent: - Remove redundant ioctl check - CodeStyle - Link to v1: https://lore.kernel.org/r/20251028-uvc-fix-which-v1-1-a7e6b82672a3@chromium… --- drivers/media/usb/uvc/uvc_ctrl.c | 14 ++++++++++++-- drivers/media/usb/uvc/uvc_v4l2.c | 10 ++++++---- drivers/media/usb/uvc/uvcvideo.h | 2 +- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 2905505c240c060e5034ea12d33b59d5702f2e1f..2738ef74c7373b185b67611da57610fd0b442080 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1432,7 +1432,7 @@ static bool uvc_ctrl_is_readable(u32 which, struct uvc_control *ctrl, * auto_exposure=1, exposure_time_absolute=251. */ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl) { struct uvc_control_mapping *master_map = NULL; @@ -1442,14 +1442,24 @@ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, s32 val; int ret; int i; + /* + * There is no need to check the ioctl, all the ioctls except + * VIDIOC_G_EXT_CTRLS use which=V4L2_CTRL_WHICH_CUR_VAL. + */ + bool is_which_min_max = which == V4L2_CTRL_WHICH_MIN_VAL || + which == V4L2_CTRL_WHICH_MAX_VAL; if (__uvc_query_v4l2_class(chain, v4l2_id, 0) >= 0) - return -EACCES; + return is_which_min_max ? -EINVAL : -EACCES; ctrl = uvc_find_control(chain, v4l2_id, &mapping); if (!ctrl) return -EINVAL; + if ((!(ctrl->info.flags & UVC_CTRL_FLAG_GET_MIN) || + !(ctrl->info.flags & UVC_CTRL_FLAG_GET_MAX)) && is_which_min_max) + return -EINVAL; + if (ioctl == VIDIOC_G_EXT_CTRLS) return uvc_ctrl_is_readable(ctrls->which, ctrl, mapping); diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index 9e4a251eca88085a1b4e0e854370015855be92ee..30c160daed8cb057b31ec00d665107dfdf4be1dc 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -765,14 +765,15 @@ static int uvc_ioctl_query_ext_ctrl(struct file *file, void *priv, static int uvc_ctrl_check_access(struct uvc_video_chain *chain, struct v4l2_ext_controls *ctrls, - unsigned long ioctl) + u32 which, unsigned long ioctl) { struct v4l2_ext_control *ctrl = ctrls->controls; unsigned int i; int ret = 0; for (i = 0; i < ctrls->count; ++ctrl, ++i) { - ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, ioctl); + ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, which, + ioctl); if (ret) break; } @@ -806,7 +807,7 @@ static int uvc_ioctl_g_ext_ctrls(struct file *file, void *priv, which = V4L2_CTRL_WHICH_CUR_VAL; } - ret = uvc_ctrl_check_access(chain, ctrls, VIDIOC_G_EXT_CTRLS); + ret = uvc_ctrl_check_access(chain, ctrls, which, VIDIOC_G_EXT_CTRLS); if (ret < 0) return ret; @@ -840,7 +841,8 @@ static int uvc_ioctl_s_try_ext_ctrls(struct uvc_fh *handle, if (!ctrls->count) return 0; - ret = uvc_ctrl_check_access(chain, ctrls, ioctl); + ret = uvc_ctrl_check_access(chain, ctrls, V4L2_CTRL_WHICH_CUR_VAL, + ioctl); if (ret < 0) return ret; diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index ed7bad31f75ca474c1037d666d5310c78dd764df..d583425893a5f716185153a07aae9bfe20182964 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -786,7 +786,7 @@ int uvc_ctrl_get(struct uvc_video_chain *chain, u32 which, struct v4l2_ext_control *xctrl); int uvc_ctrl_set(struct uvc_fh *handle, struct v4l2_ext_control *xctrl); int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl); int uvc_xu_ctrl_query(struct uvc_video_chain *chain, --- base-commit: c218ce4f98eccf5a40de64c559c52d61e9cc78ee change-id: 20251028-uvc-fix-which-c3ba1fb68ed5 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

17 hours, 44 minutes

2
1
0 0

[PATCH] ASoC: cs35l41: Always return 0 when a subsystem ID is found

by Eric Naim

When trying to get the system name in the _HID path, after successfully retrieving the subsystem ID the return value isn't set to 0 but instead still kept at -ENODATA, leading to a false negative: [ 12.382507] cs35l41 spi-VLV1776:00: Subsystem ID: VLV1776 [ 12.382521] cs35l41 spi-VLV1776:00: probe with driver cs35l41 failed with error -61 Always return 0 when a subsystem ID is found to mitigate these false negatives. Link: https://github.com/CachyOS/CachyOS-Handheld/issues/83 Fixes: 46c8b4d2a693 ("ASoC: cs35l41: Fallback to reading Subsystem ID property if not ACPI") Cc: stable(a)vger.kernel.org # 6.18 Signed-off-by: Eric Naim <dnaim(a)cachyos.org> --- sound/soc/codecs/cs35l41.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sound/soc/codecs/cs35l41.c b/sound/soc/codecs/cs35l41.c index 173d7c59b725..5001a546a3e7 100644 --- a/sound/soc/codecs/cs35l41.c +++ b/sound/soc/codecs/cs35l41.c @@ -1188,13 +1188,14 @@ static int cs35l41_get_system_name(struct cs35l41_private *cs35l41) } } -err: if (sub) { cs35l41->dsp.system_name = sub; dev_info(cs35l41->dev, "Subsystem ID: %s\n", cs35l41->dsp.system_name); - } else - dev_warn(cs35l41->dev, "Subsystem ID not found\n"); + return 0; + } +err: + dev_warn(cs35l41->dev, "Subsystem ID not found\n"); return ret; } -- 2.52.0

18 hours, 4 minutes

2
1
0 0

[PATCH] staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure

by Liang Jie

From: Liang Jie <liangjie(a)lixiang.com> The return value of sdio_alloc_irq() was not stored in status. If sdio_alloc_irq() fails after rtw_drv_register_netdev() succeeds, status remains _SUCCESS and the error path skips resource cleanup, while rtw_drv_init() still returns success. Store the return value of sdio_alloc_irq() in status and reuse the existing error handling which relies on status. Cc: stable(a)vger.kernel.org Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Reviewed-by: fanggeng <fanggeng(a)lixiang.com> Signed-off-by: Liang Jie <liangjie(a)lixiang.com> --- drivers/staging/rtl8723bs/os_dep/sdio_intf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/os_dep/sdio_intf.c b/drivers/staging/rtl8723bs/os_dep/sdio_intf.c index f3caaa857c86..139ace51486d 100644 --- a/drivers/staging/rtl8723bs/os_dep/sdio_intf.c +++ b/drivers/staging/rtl8723bs/os_dep/sdio_intf.c @@ -377,7 +377,8 @@ static int rtw_drv_init( if (status != _SUCCESS) goto free_if1; - if (sdio_alloc_irq(dvobj) != _SUCCESS) + status = sdio_alloc_irq(dvobj); + if (status != _SUCCESS) goto free_if1; status = _SUCCESS; -- 2.25.1

18 hours, 8 minutes

1
0
0 0

[PATCH 6.18 regression fix] dma-mapping: Fix DMA_BIT_MASK() macro being broken

by Hans de Goede

After commit a50f7456f853 ("dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope"), the DMA_BIT_MASK() macro is broken when passed non trivial statements for the value of 'n'. This is caused by the new version missing parenthesis around 'n' when evaluating 'n'. One example of this breakage is the IPU6 driver now crashing due to it getting DMA-addresses with address bit 32 set even though it has tried to set a 32 bit DMA mask. The IPU6 CSI2 engine has a DMA mask of either 31 or 32 bits depending on if it is in secure mode or not and it sets this masks like this: mmu_info->aperture_end = (dma_addr_t)DMA_BIT_MASK(isp->secure_mode ? IPU6_MMU_ADDR_BITS : IPU6_MMU_ADDR_BITS_NON_SECURE); So the 'n' argument here is "isp->secure_mode ? IPU6_MMU_ADDR_BITS : IPU6_MMU_ADDR_BITS_NON_SECURE" which gets expanded into: isp->secure_mode ? IPU6_MMU_ADDR_BITS : IPU6_MMU_ADDR_BITS_NON_SECURE - 1 With the -1 only being applied in the non secure case, causing the secure mode mask to be one 1 bit too large. Fixes: a50f7456f853 ("dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope") Cc: Sakari Ailus <sakari.ailus(a)linux.intel.com> Cc: James Clark <james.clark(a)linaro.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <johannes.goede(a)oss.qualcomm.com> --- include/linux/dma-mapping.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h index 2ceda49c609f..aa36a0d1d9df 100644 --- a/include/linux/dma-mapping.h +++ b/include/linux/dma-mapping.h @@ -90,7 +90,7 @@ */ #define DMA_MAPPING_ERROR (~(dma_addr_t)0) -#define DMA_BIT_MASK(n) GENMASK_ULL(n - 1, 0) +#define DMA_BIT_MASK(n) GENMASK_ULL((n) - 1, 0) struct dma_iova_state { dma_addr_t addr; -- 2.52.0

18 hours, 53 minutes

4
3
0 0

[PATCH] reset: gpio: suppress bind attributes in sysfs

by Bartosz Golaszewski

This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle. Fixes: cee544a40e44 ("reset: gpio: Add GPIO-based reset controller") Cc: stable(a)vger.kernel.org Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com> --- drivers/reset/reset-gpio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/reset/reset-gpio.c b/drivers/reset/reset-gpio.c index e5512b3b596b..626c4c639c15 100644 --- a/drivers/reset/reset-gpio.c +++ b/drivers/reset/reset-gpio.c @@ -111,6 +111,7 @@ static struct auxiliary_driver reset_gpio_driver = { .id_table = reset_gpio_ids, .driver = { .name = "reset-gpio", + .suppress_bind_attrs = true, }, }; module_auxiliary_driver(reset_gpio_driver); -- 2.51.0

20 hours, 20 minutes

3
5
0 0

FAILED: patch "[PATCH] xhci: dbgtty: fix device unregister" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1f73b8b56cf35de29a433aee7bfff26cea98be3f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120110-deuce-arrange-e66c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f73b8b56cf35de29a433aee7bfff26cea98be3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Bartosik?= <ukaszb(a)chromium.org> Date: Wed, 19 Nov 2025 21:29:09 +0000 Subject: [PATCH] xhci: dbgtty: fix device unregister MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When DbC is disconnected then xhci_dbc_tty_unregister_device() is called. However if there is any user space process blocked on write to DbC terminal device then it will never be signalled and thus stay blocked indifinitely. This fix adds a tty_vhangup() call in xhci_dbc_tty_unregister_device(). The tty_vhangup() wakes up any blocked writers and causes subsequent write attempts to DbC terminal device to fail. Cc: stable <stable(a)kernel.org> Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Signed-off-by: Łukasz Bartosik <ukaszb(a)chromium.org> Link: https://patch.msgid.link/20251119212910.1245694-1-ukaszb@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-dbgtty.c b/drivers/usb/host/xhci-dbgtty.c index b7f95565524d..57cdda4e09c8 100644 --- a/drivers/usb/host/xhci-dbgtty.c +++ b/drivers/usb/host/xhci-dbgtty.c @@ -550,6 +550,12 @@ static void xhci_dbc_tty_unregister_device(struct xhci_dbc *dbc) if (!port->registered) return; + /* + * Hang up the TTY. This wakes up any blocked + * writers and causes subsequent writes to fail. + */ + tty_vhangup(port->port.tty); + tty_unregister_device(dbc_tty_driver, port->minor); xhci_dbc_tty_exit_port(port); port->registered = false;

20 hours, 41 minutes

2
2
0 0

[PATCH] xfs: Fix a memory leak bug in xfs_buf_item_init()

by Haoxiang Li

xfs_buf_item_get_format() may allocate memory for bip->bli_formats, free the memory in the error path. Fixes: c3d5f0c2fb85 ("xfs: complain if anyone tries to create a too-large buffer log item") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- fs/xfs/xfs_buf_item.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c index 8d85b5eee444..f4c5be67826e 100644 --- a/fs/xfs/xfs_buf_item.c +++ b/fs/xfs/xfs_buf_item.c @@ -896,6 +896,7 @@ xfs_buf_item_init( map_size = DIV_ROUND_UP(chunks, NBWORD); if (map_size > XFS_BLF_DATAMAP_SIZE) { + xfs_buf_item_free_format(bip); kmem_cache_free(xfs_buf_item_cache, bip); xfs_err(mp, "buffer item dirty bitmap (%u uints) too small to reflect %u bytes!", -- 2.25.1

20 hours, 46 minutes

2
1
0 0

Re: Patch "dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope" has been added to the 6.17-stable tree

by Nathan Chancellor

On Sun, Dec 07, 2025 at 10:07:49PM -0500, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope > > to the 6.17-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > dma-mapping-allow-use-of-dma_bit_mask-64-in-global-s.patch > and it can be found in the queue-6.17 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 51a1912d46ceb70602de50c167e440966b9836f1 > Author: James Clark <james.clark(a)linaro.org> > Date: Thu Oct 30 14:05:27 2025 +0000 > > dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope > > [ Upstream commit a50f7456f853ec3a6f07cbe1d16ad8a8b2501320 ] This change has a pending bug fix, consider waiting to apply this to the stable trees. https://lore.kernel.org/20251207184756.97904-1-johannes.goede@oss.qualcomm.… Cheers, Nathan

1 day

1
0
0 0

[STATUS] stable/linux-5.10.y - f964b940099f9982d723d4c77988d4b0dda9c165

by KernelCI bot

Hello, Status summary for stable/linux-5.10.y Dashboard: https://d.kernelci.org/c/stable/linux-5.10.y/f964b940099f9982d723d4c77988d4… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-5.10.y commit hash: f964b940099f9982d723d4c77988d4b0dda9c165 origin: maestro test start time: 2025-12-06 22:05:22.856000+00:00 Builds: 38 ✅ 0 ❌ 0 ⚠️ Boots: 69 ✅ 0 ❌ 0 ⚠️ Tests: 972 ✅ 267 ❌ 200 ⚠️ ### POSSIBLE REGRESSIONS No possible regressions observed. ### FIXED REGRESSIONS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934ce3b1ca5bf9d0fd6c4d7 history: > ❌ > ❌ > ✅ > ✅ > ✅ ### UNSTABLE TESTS No unstable tests observed. Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 day, 1 hour

1
0
0 0

[STATUS] stable/linux-6.12.y - dcbeffaf66d03968970d7d68ec7800032d00180e

by KernelCI bot

Hello, Status summary for stable/linux-6.12.y Dashboard: https://d.kernelci.org/c/stable/linux-6.12.y/dcbeffaf66d03968970d7d68ec7800… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-6.12.y commit hash: dcbeffaf66d03968970d7d68ec7800032d00180e origin: maestro test start time: 2025-12-06 22:05:24.548000+00:00 Builds: 39 ✅ 0 ❌ 0 ⚠️ Boots: 193 ✅ 0 ❌ 0 ⚠️ Tests: 12053 ✅ 779 ❌ 3133 ⚠️ ### POSSIBLE REGRESSIONS Hardware: dell-latitude-5400-4305U-sarien > Config: x86_64_defconfig+lab-setup+x86-board+kselftest - Architecture/compiler: x86_64/gcc-14 - kselftest.cpufreq.suspend last run: https://d.kernelci.org/test/maestro:6934b9581ca5bf9d0fd66c53 history: > ✅ > ❌ - kselftest.cpufreq.suspend.cpufreq_main_sh last run: https://d.kernelci.org/test/maestro:6935156f1ca5bf9d0fd7d7ed history: > ✅ > ❌ Hardware: dell-latitude-5400-8665U-sarien > Config: x86_64_defconfig+lab-setup+x86-board+kselftest - Architecture/compiler: x86_64/gcc-14 - kselftest.cpufreq.suspend last run: https://d.kernelci.org/test/maestro:6934b9591ca5bf9d0fd66c56 history: > ✅ > ❌ - kselftest.cpufreq.suspend.cpufreq_main_sh last run: https://d.kernelci.org/test/maestro:6934c2821ca5bf9d0fd6a446 history: > ✅ > ❌ Hardware: hp-x360-12b-ca0010nr-n4020-octopus > Config: x86_64_defconfig+lab-setup+x86-board+kselftest - Architecture/compiler: x86_64/gcc-14 - kernelci_wifi_basic last run: https://d.kernelci.org/test/maestro:6934bc4b1ca5bf9d0fd68a11 history: > ✅ > ❌ Hardware: meson-sm1-s905d3-libretech-cc > Config: defconfig+lab-setup+kselftest - Architecture/compiler: arm64/gcc-14 - kselftest.breakpoints last run: https://d.kernelci.org/test/maestro:6934b5901ca5bf9d0fd64a44 history: > ✅ > ❌ Hardware: sun50i-h5-libretech-all-h3-cc > Config: defconfig+lab-setup+kselftest - Architecture/compiler: arm64/gcc-14 - kselftest.arm64 last run: https://d.kernelci.org/test/maestro:6934b58e1ca5bf9d0fd64a2a history: > ✅ > ❌ ### FIXED REGRESSIONS Hardware: mt8186-corsola-steelix-sku131072 > Config: defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y - Architecture/compiler: arm64/gcc-14 - kernelci_watchdog_reset.wdt-reset.wdt-get-timeout last run: https://d.kernelci.org/test/maestro:6934b7ac1ca5bf9d0fd65f2b history: > ❌ > ✅ ### UNSTABLE TESTS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934b4f81ca5bf9d0fd6480d history: > ✅ > ❌ > ❌ > ✅ > ✅ Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 day, 1 hour

1
0
0 0

[STATUS] stable/linux-5.15.y - 68efe5a6c16a05391e3d96025b41e9bf573f968c

by KernelCI bot

Hello, Status summary for stable/linux-5.15.y Dashboard: https://d.kernelci.org/c/stable/linux-5.15.y/68efe5a6c16a05391e3d96025b41e9… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-5.15.y commit hash: 68efe5a6c16a05391e3d96025b41e9bf573f968c origin: maestro test start time: 2025-12-06 22:05:23.274000+00:00 Builds: 34 ✅ 4 ❌ 0 ⚠️ Boots: 45 ✅ 0 ❌ 0 ⚠️ Tests: 855 ✅ 252 ❌ 887 ⚠️ ### POSSIBLE REGRESSIONS No possible regressions observed. ### FIXED REGRESSIONS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934ae5d1ca5bf9d0fd6352c history: > ❌ > ❌ > ❌ > ✅ > ✅ ### UNSTABLE TESTS No unstable tests observed. This branch has 4 pre-existing build issues. See details in the dashboard. Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 day, 1 hour

1
0
0 0

[STATUS] stable/linux-6.6.y - 5fa4793a2d2d70ad08b85387b41020f1fcc2d19e

by KernelCI bot

Hello, Status summary for stable/linux-6.6.y Dashboard: https://d.kernelci.org/c/stable/linux-6.6.y/5fa4793a2d2d70ad08b85387b41020f… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-6.6.y commit hash: 5fa4793a2d2d70ad08b85387b41020f1fcc2d19e origin: maestro test start time: 2025-12-06 22:05:24.119000+00:00 Builds: 35 ✅ 4 ❌ 0 ⚠️ Boots: 92 ✅ 0 ❌ 0 ⚠️ Tests: 4404 ✅ 350 ❌ 1689 ⚠️ ### POSSIBLE REGRESSIONS No possible regressions observed. ### FIXED REGRESSIONS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934b2071ca5bf9d0fd63f8f history: > ❌ > ❌ > ❌ > ✅ > ✅ ### UNSTABLE TESTS No unstable tests observed. This branch has 4 pre-existing build issues. See details in the dashboard. Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 day, 1 hour

1
0
0 0

[STATUS] stable/linux-6.1.y - 50cbba13faa294918f0e1a9cb2b0aba19f4e6fba

by KernelCI bot

Hello, Status summary for stable/linux-6.1.y Dashboard: https://d.kernelci.org/c/stable/linux-6.1.y/50cbba13faa294918f0e1a9cb2b0aba… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-6.1.y commit hash: 50cbba13faa294918f0e1a9cb2b0aba19f4e6fba origin: maestro test start time: 2025-12-06 22:05:23.711000+00:00 Builds: 35 ✅ 4 ❌ 0 ⚠️ Boots: 47 ✅ 0 ❌ 0 ⚠️ Tests: 2078 ✅ 242 ❌ 1351 ⚠️ ### POSSIBLE REGRESSIONS No possible regressions observed. ### FIXED REGRESSIONS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934b8381ca5bf9d0fd66360 history: > ❌ > ❌ > ❌ > ✅ > ✅ ### UNSTABLE TESTS No unstable tests observed. This branch has 4 pre-existing build issues. See details in the dashboard. Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 day, 1 hour

1
0
0 0

[PATCH v2 1/1] gpiolib: acpi: Add quirk for Dell Precision 7780

by Askar Safin

Dell Precision 7780 often wakes up on its own from suspend. Sometimes wake up happens immediately (i. e. within 7 seconds), sometimes it happens after, say, 30 minutes. Fixes: 1796f808e4bb ("HID: i2c-hid: acpi: Stop setting wakeup_capable") Link: https://lore.kernel.org/linux-i2c/197ae95ffd8.dc819e60457077.76921204886090… Cc: <stable(a)vger.kernel.org> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Askar Safin <safinaskar(a)gmail.com> --- drivers/gpio/gpiolib-acpi-quirks.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/gpio/gpiolib-acpi-quirks.c b/drivers/gpio/gpiolib-acpi-quirks.c index 7b95d1b03361..a0116f004975 100644 --- a/drivers/gpio/gpiolib-acpi-quirks.c +++ b/drivers/gpio/gpiolib-acpi-quirks.c @@ -370,6 +370,28 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] __initconst = { .ignore_wake = "ASCP1A00:00@8", }, }, + { + /* + * Spurious wakeups, likely from touchpad controller + * Dell Precision 7780 + * Found in BIOS 1.24.1 + * + * Found in touchpad firmware, installed by Dell Touchpad Firmware Update Utility version 1160.4196.9, A01 + * ( Dell-Touchpad-Firmware-Update-Utility_VYGNN_WIN64_1160.4196.9_A00.EXE ), + * released on 11 Jul 2024 + * + * https://lore.kernel.org/linux-i2c/197ae95ffd8.dc819e60457077.76921204886090… + */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), + DMI_MATCH(DMI_PRODUCT_FAMILY, "Precision"), + DMI_MATCH(DMI_PRODUCT_NAME, "Precision 7780"), + DMI_MATCH(DMI_BOARD_NAME, "0C6JVW"), + }, + .driver_data = &(struct acpi_gpiolib_dmi_quirk) { + .ignore_wake = "VEN_0488:00@355", + }, + }, {} /* Terminating entry */ }; -- 2.47.3

1 day, 4 hours

3
3
0 0

[PATCH V3] mm/slab: introduce kvfree_rcu_barrier_on_cache() for cache destruction

by Harry Yoo

Currently, kvfree_rcu_barrier() flushes RCU sheaves across all slab caches when a cache is destroyed. This is unnecessary; only the RCU sheaves belonging to the cache being destroyed need to be flushed. As suggested by Vlastimil Babka, introduce a weaker form of kvfree_rcu_barrier() that operates on a specific slab cache. Factor out flush_rcu_sheaves_on_cache() from flush_all_rcu_sheaves() and call it from flush_all_rcu_sheaves() and kvfree_rcu_barrier_on_cache(). Call kvfree_rcu_barrier_on_cache() instead of kvfree_rcu_barrier() on cache destruction. The performance benefit is evaluated on a 12 core 24 threads AMD Ryzen 5900X machine (1 socket), by loading slub_kunit module. Before: Total calls: 19 Average latency (us): 18127 Total time (us): 344414 After: Total calls: 19 Average latency (us): 10066 Total time (us): 191264 Two performance regression have been reported: - stress module loader test's runtime increases by 50-60% (Daniel) - internal graphics test's runtime on Tegra23 increases by 35% (Jon) They are fixed by this change. Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Fixes: ec66e0d59952 ("slab: add sheaf support for batching kfree_rcu() operations") Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/linux-mm/1bda09da-93be-4737-aef0-d47f8c5c9301@suse.… Reported-and-tested-by: Daniel Gomez <da.gomez(a)samsung.com> Closes: https://lore.kernel.org/linux-mm/0406562e-2066-4cf8-9902-b2b0616dd742@kerne… Reported-and-tested-by: Jon Hunter <jonathanh(a)nvidia.com> Closes: https://lore.kernel.org/linux-mm/e988eff6-1287-425e-a06c-805af5bbf262@nvidi… Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- v2 -> v3: - Addressed Suren's comment [1], thanks! [1] https://lore.kernel.org/linux-mm/CAJuCfpE+g65Dm8-r=psDJQf_O1rfBG62DOzx4mE1m… include/linux/slab.h | 7 ++++++ mm/slab.h | 1 + mm/slab_common.c | 52 +++++++++++++++++++++++++++++------------ mm/slub.c | 55 ++++++++++++++++++++++++-------------------- 4 files changed, 75 insertions(+), 40 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index cf443f064a66..2482992248dc 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -1150,10 +1150,17 @@ static inline void kvfree_rcu_barrier(void) rcu_barrier(); } +static inline void kvfree_rcu_barrier_on_cache(struct kmem_cache *s) +{ + rcu_barrier(); +} + static inline void kfree_rcu_scheduler_running(void) { } #else void kvfree_rcu_barrier(void); +void kvfree_rcu_barrier_on_cache(struct kmem_cache *s); + void kfree_rcu_scheduler_running(void); #endif diff --git a/mm/slab.h b/mm/slab.h index f730e012553c..e767aa7e91b0 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -422,6 +422,7 @@ static inline bool is_kmalloc_normal(struct kmem_cache *s) bool __kfree_rcu_sheaf(struct kmem_cache *s, void *obj); void flush_all_rcu_sheaves(void); +void flush_rcu_sheaves_on_cache(struct kmem_cache *s); #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | \ SLAB_CACHE_DMA32 | SLAB_PANIC | \ diff --git a/mm/slab_common.c b/mm/slab_common.c index 84dfff4f7b1f..dd8a49d6f9cc 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -492,7 +492,7 @@ void kmem_cache_destroy(struct kmem_cache *s) return; /* in-flight kfree_rcu()'s may include objects from our cache */ - kvfree_rcu_barrier(); + kvfree_rcu_barrier_on_cache(s); if (IS_ENABLED(CONFIG_SLUB_RCU_DEBUG) && (s->flags & SLAB_TYPESAFE_BY_RCU)) { @@ -2038,25 +2038,13 @@ void kvfree_call_rcu(struct rcu_head *head, void *ptr) } EXPORT_SYMBOL_GPL(kvfree_call_rcu); -/** - * kvfree_rcu_barrier - Wait until all in-flight kvfree_rcu() complete. - * - * Note that a single argument of kvfree_rcu() call has a slow path that - * triggers synchronize_rcu() following by freeing a pointer. It is done - * before the return from the function. Therefore for any single-argument - * call that will result in a kfree() to a cache that is to be destroyed - * during module exit, it is developer's responsibility to ensure that all - * such calls have returned before the call to kmem_cache_destroy(). - */ -void kvfree_rcu_barrier(void) +static inline void __kvfree_rcu_barrier(void) { struct kfree_rcu_cpu_work *krwp; struct kfree_rcu_cpu *krcp; bool queued; int i, cpu; - flush_all_rcu_sheaves(); - /* * Firstly we detach objects and queue them over an RCU-batch * for all CPUs. Finally queued works are flushed for each CPU. @@ -2118,8 +2106,43 @@ void kvfree_rcu_barrier(void) } } } + +/** + * kvfree_rcu_barrier - Wait until all in-flight kvfree_rcu() complete. + * + * Note that a single argument of kvfree_rcu() call has a slow path that + * triggers synchronize_rcu() following by freeing a pointer. It is done + * before the return from the function. Therefore for any single-argument + * call that will result in a kfree() to a cache that is to be destroyed + * during module exit, it is developer's responsibility to ensure that all + * such calls have returned before the call to kmem_cache_destroy(). + */ +void kvfree_rcu_barrier(void) +{ + flush_all_rcu_sheaves(); + __kvfree_rcu_barrier(); +} EXPORT_SYMBOL_GPL(kvfree_rcu_barrier); +/** + * kvfree_rcu_barrier_on_cache - Wait for in-flight kvfree_rcu() calls on a + * specific slab cache. + * @s: slab cache to wait for + * + * See the description of kvfree_rcu_barrier() for details. + */ +void kvfree_rcu_barrier_on_cache(struct kmem_cache *s) +{ + if (s->cpu_sheaves) + flush_rcu_sheaves_on_cache(s); + /* + * TODO: Introduce a version of __kvfree_rcu_barrier() that works + * on a specific slab cache. + */ + __kvfree_rcu_barrier(); +} +EXPORT_SYMBOL_GPL(kvfree_rcu_barrier_on_cache); + static unsigned long kfree_rcu_shrink_count(struct shrinker *shrink, struct shrink_control *sc) { @@ -2215,4 +2238,3 @@ void __init kvfree_rcu_init(void) } #endif /* CONFIG_KVFREE_RCU_BATCHED */ - diff --git a/mm/slub.c b/mm/slub.c index 785e25a14999..7cec2220712b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -4118,42 +4118,47 @@ static void flush_rcu_sheaf(struct work_struct *w) /* needed for kvfree_rcu_barrier() */ -void flush_all_rcu_sheaves(void) +void flush_rcu_sheaves_on_cache(struct kmem_cache *s) { struct slub_flush_work *sfw; - struct kmem_cache *s; unsigned int cpu; - cpus_read_lock(); - mutex_lock(&slab_mutex); + mutex_lock(&flush_lock); - list_for_each_entry(s, &slab_caches, list) { - if (!s->cpu_sheaves) - continue; + for_each_online_cpu(cpu) { + sfw = &per_cpu(slub_flush, cpu); - mutex_lock(&flush_lock); + /* + * we don't check if rcu_free sheaf exists - racing + * __kfree_rcu_sheaf() might have just removed it. + * by executing flush_rcu_sheaf() on the cpu we make + * sure the __kfree_rcu_sheaf() finished its call_rcu() + */ - for_each_online_cpu(cpu) { - sfw = &per_cpu(slub_flush, cpu); + INIT_WORK(&sfw->work, flush_rcu_sheaf); + sfw->s = s; + queue_work_on(cpu, flushwq, &sfw->work); + } - /* - * we don't check if rcu_free sheaf exists - racing - * __kfree_rcu_sheaf() might have just removed it. - * by executing flush_rcu_sheaf() on the cpu we make - * sure the __kfree_rcu_sheaf() finished its call_rcu() - */ + for_each_online_cpu(cpu) { + sfw = &per_cpu(slub_flush, cpu); + flush_work(&sfw->work); + } - INIT_WORK(&sfw->work, flush_rcu_sheaf); - sfw->s = s; - queue_work_on(cpu, flushwq, &sfw->work); - } + mutex_unlock(&flush_lock); +} - for_each_online_cpu(cpu) { - sfw = &per_cpu(slub_flush, cpu); - flush_work(&sfw->work); - } +void flush_all_rcu_sheaves(void) +{ + struct kmem_cache *s; + + cpus_read_lock(); + mutex_lock(&slab_mutex); - mutex_unlock(&flush_lock); + list_for_each_entry(s, &slab_caches, list) { + if (!s->cpu_sheaves) + continue; + flush_rcu_sheaves_on_cache(s); } mutex_unlock(&slab_mutex); -- 2.43.0

1 day, 10 hours

2
1
0 0

[PATCH] ceph: Drop the string reference in __ceph_pool_perm_get()

by Haoxiang Li

After calling ceph_get_string(), ceph_put_string() is required to drop the reference in error paths. Fixes: 779fe0fb8e18 ("ceph: rados pool namespace support") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- fs/ceph/addr.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 322ed268f14a..690a54b4c316 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -2440,13 +2440,13 @@ static int __ceph_pool_perm_get(struct ceph_inode_info *ci, err = ceph_osdc_alloc_messages(rd_req, GFP_NOFS); if (err) - goto out_unlock; + goto put_string; wr_req = ceph_osdc_alloc_request(&fsc->client->osdc, NULL, 1, false, GFP_NOFS); if (!wr_req) { err = -ENOMEM; - goto out_unlock; + goto put_string; } wr_req->r_flags = CEPH_OSD_FLAG_WRITE; @@ -2456,13 +2456,13 @@ static int __ceph_pool_perm_get(struct ceph_inode_info *ci, err = ceph_osdc_alloc_messages(wr_req, GFP_NOFS); if (err) - goto out_unlock; + goto put_string; /* one page should be large enough for STAT data */ pages = ceph_alloc_page_vector(1, GFP_KERNEL); if (IS_ERR(pages)) { err = PTR_ERR(pages); - goto out_unlock; + goto put_string; } osd_req_op_raw_data_in_pages(rd_req, 0, pages, PAGE_SIZE, @@ -2480,7 +2480,7 @@ static int __ceph_pool_perm_get(struct ceph_inode_info *ci, else if (err != -EPERM) { if (err == -EBLOCKLISTED) fsc->blocklisted = true; - goto out_unlock; + goto put_string; } if (err2 == 0 || err2 == -EEXIST) @@ -2489,14 +2489,14 @@ static int __ceph_pool_perm_get(struct ceph_inode_info *ci, if (err2 == -EBLOCKLISTED) fsc->blocklisted = true; err = err2; - goto out_unlock; + goto put_string; } pool_ns_len = pool_ns ? pool_ns->len : 0; perm = kmalloc(struct_size(perm, pool_ns, pool_ns_len + 1), GFP_NOFS); if (!perm) { err = -ENOMEM; - goto out_unlock; + goto put_string; } perm->pool = pool; @@ -2509,6 +2509,8 @@ static int __ceph_pool_perm_get(struct ceph_inode_info *ci, rb_link_node(&perm->node, parent, p); rb_insert_color(&perm->node, &mdsc->pool_perm_tree); err = 0; +put_string: + ceph_put_string(rd_req->r_base_oloc.pool_ns); out_unlock: up_write(&mdsc->pool_perm_rwsem); -- 2.25.1

1 day, 10 hours

2
1
0 0

[PATCH] nfsd: Drop the client reference in client_states_open()

by Haoxiang Li

In error path, call drop_client() to drop the reference obtained by get_nfsdfs_clp(). Fixes: a204f25e372d ("nfsd: create get_nfsdfs_clp helper") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- fs/nfsd/nfs4state.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 8a6960500217..caa0756b6914 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -3097,8 +3097,10 @@ static int client_states_open(struct inode *inode, struct file *file) return -ENXIO; ret = seq_open(file, &states_seq_ops); - if (ret) + if (ret) { + drop_client(clp); return ret; + } s = file->private_data; s->private = clp; return 0; -- 2.25.1

1 day, 11 hours

3
4
0 0

[PATCH] iio: adc: PAC1934: Fix clamped value in pac1934_reg_snapshot

by Thorsten Blum

The local variable 'curr_energy' was never clamped to PAC_193X_MIN_POWER_ACC or PAC_193X_MAX_POWER_ACC because the return value of clamp() was not used. Fix this by assigning the clamped value back to 'curr_energy'. Cc: stable(a)vger.kernel.org Fixes: 0fb528c8255b ("iio: adc: adding support for PAC193x") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- drivers/iio/adc/pac1934.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iio/adc/pac1934.c b/drivers/iio/adc/pac1934.c index 48df16509260..256488d3936b 100644 --- a/drivers/iio/adc/pac1934.c +++ b/drivers/iio/adc/pac1934.c @@ -665,7 +665,8 @@ static int pac1934_reg_snapshot(struct pac1934_chip_info *info, /* add the power_acc field */ curr_energy += inc; - clamp(curr_energy, PAC_193X_MIN_POWER_ACC, PAC_193X_MAX_POWER_ACC); + curr_energy = clamp(curr_energy, PAC_193X_MIN_POWER_ACC, + PAC_193X_MAX_POWER_ACC); reg_data->energy_sec_acc[cnt] = curr_energy; } -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

1 day, 13 hours

3
2
0 0

[PATCH v1 4/4] mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather

by David Hildenbrand (Red Hat)

As reported, ever since commit 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") we can end up in some situations where we perform so many IPI broadcasts when unsharing hugetlb PMD page tables that it severely regresses some workloads. In particular, when we fork()+exit(), or when we munmap() a large area backed by many shared PMD tables, we perform one IPI broadcast per unshared PMD table. There are two optimizations to be had: (1) When we process (unshare) multiple such PMD tables, such as during exit(), it is sufficient to send a single IPI broadcast (as long as we respect locking rules) instead of one per PMD table. Locking prevents that any of these PMD tables could get reuse before we drop the lock. (2) When we are not the last sharer (> 2 users including us), there is no need to send the IPI broadcast. The shared PMD tables cannot become exclusive (fully unshared) before an IPI will be broadcasted by the last sharer. Concurrent GUP-fast could walk into a PMD table just before we unshared it. It could then succeed in grabbing a page from the shared page table even after munmap() etc succeeded (and supressed an IPI). But there is not difference compared to GUP-fast just sleeping for a while after grabbing the page and re-enabling IRQs. Most importantly, GUP-fast will never walk into page tables that are no-longer shared, because the last sharer will issue an IPI broadcast. (if ever required, checking whether the PUD changed in GUP-fast after grabbing the page like we do in the PTE case could handle this) So let's rework PMD sharing TLB flushing + IPI sync to use the mmu_gather infrastructure so we can implement these optimizations and demystify the code at least a bit. Extend the mmu_gather infrastructure to be able to deal with our special hugetlb PMD table sharing implementation. We'll consolidate the handling for (full) unsharing of PMD tables in tlb_unshare_pmd_ptdesc() and tlb_flush_unshared_tables(), and track in "struct mmu_gather" whether we had (full) unsharing of PMD tables. Because locking is very special (concurrent unsharing+reuse must be prevented), we disallow deferring flushing to tlb_finish_mmu() and instead require an explicit earlier call to tlb_flush_unshared_tables(). From hugetlb code, we call huge_pmd_unshare_flush() where we make sure that the expected lock protecting us from concurrent unsharing+reuse is still held. Check with a VM_WARN_ON_ONCE() in tlb_finish_mmu() that tlb_flush_unshared_tables() was properly called earlier. Document it all properly. Notes about tlb_remove_table_sync_one() interaction with unsharing: There are two fairly tricky things: (1) tlb_remove_table_sync_one() is a NOP on architectures without CONFIG_MMU_GATHER_RCU_TABLE_FREE. Here, the assumption is that the previous TLB flush would send an IPI to all relevant CPUs. Careful: some architectures like x86 only send IPIs to all relevant CPUs when tlb->freed_tables is set. The relevant architectures should be selecting MMU_GATHER_RCU_TABLE_FREE, but x86 might not do that in stable kernels and it might have been problematic before this patch. Also, the arch flushing behavior (independent of IPIs) is different when tlb->freed_tables is set. Do we have to enlighten them to also take care of tlb->unshared_tables? So far we didn't care, so hopefully we are fine. Of course, we could be setting tlb->freed_tables as well, but that might then unnecessarily flush too much, because the semantics of tlb->freed_tables are a bit fuzzy. This patch changes nothing in this regard. (2) tlb_remove_table_sync_one() is not a NOP on architectures with CONFIG_MMU_GATHER_RCU_TABLE_FREE that actually don't need a sync. Take x86 as an example: in the common case (!pv, !X86_FEATURE_INVLPGB) we still issue IPIs during TLB flushes and don't actually need the second tlb_remove_table_sync_one(). This optimized can be implemented on top of this, by checking e.g., in tlb_remove_table_sync_one() whether we really need IPIs. But as described in (1), it really must honor tlb->freed_tables then to send IPIs to all relevant CPUs. Further note that the ptdesc_pmd_pts_dec() in huge_pmd_share() is not a concern, as we are holding the i_mmap_lock the whole time, preventing concurrent unsharing. That ptdesc_pmd_pts_dec() usage will be removed separately as a cleanup later. There are plenty more cleanups to be had, but they have to wait until this is fixed. Fixes: 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") Reported-by: Uschakow, Stanislav" <suschako(a)amazon.de> Closes: https://lore.kernel.org/all/4d3878531c76479d9f8ca9789dc6485d@amazon.de/ Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org> --- include/asm-generic/tlb.h | 69 +++++++++++++++++++++- include/linux/hugetlb.h | 19 +++--- mm/hugetlb.c | 121 ++++++++++++++++++++++---------------- mm/mmu_gather.c | 6 ++ mm/mprotect.c | 2 +- mm/rmap.c | 25 +++++--- 6 files changed, 173 insertions(+), 69 deletions(-) diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h index 1fff717cae510..324a21f53b644 100644 --- a/include/asm-generic/tlb.h +++ b/include/asm-generic/tlb.h @@ -364,6 +364,17 @@ struct mmu_gather { unsigned int vma_huge : 1; unsigned int vma_pfn : 1; + /* + * Did we unshare (unmap) any shared page tables? + */ + unsigned int unshared_tables : 1; + + /* + * Did we unshare any page tables such that they are now exclusive + * and could get reused+modified by the new owner? + */ + unsigned int fully_unshared_tables : 1; + unsigned int batch_count; #ifndef CONFIG_MMU_GATHER_NO_GATHER @@ -400,6 +411,7 @@ static inline void __tlb_reset_range(struct mmu_gather *tlb) tlb->cleared_pmds = 0; tlb->cleared_puds = 0; tlb->cleared_p4ds = 0; + tlb->unshared_tables = 0; /* * Do not reset mmu_gather::vma_* fields here, we do not * call into tlb_start_vma() again to set them if there is an @@ -484,7 +496,7 @@ static inline void tlb_flush_mmu_tlbonly(struct mmu_gather *tlb) * these bits. */ if (!(tlb->freed_tables || tlb->cleared_ptes || tlb->cleared_pmds || - tlb->cleared_puds || tlb->cleared_p4ds)) + tlb->cleared_puds || tlb->cleared_p4ds || tlb->unshared_tables)) return; tlb_flush(tlb); @@ -773,6 +785,61 @@ static inline bool huge_pmd_needs_flush(pmd_t oldpmd, pmd_t newpmd) } #endif +#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING +static inline void tlb_unshare_pmd_ptdesc(struct mmu_gather *tlb, struct ptdesc *pt, + unsigned long addr) +{ + /* + * The caller must make sure that concurrent unsharing + exclusive + * reuse is impossible until tlb_flush_unshared_tables() was called. + */ + VM_WARN_ON_ONCE(!ptdesc_pmd_is_shared(pt)); + ptdesc_pmd_pts_dec(pt); + + /* Clearing a PUD pointing at a PMD table with PMD leaves. */ + tlb_flush_pmd_range(tlb, addr & PUD_MASK, PUD_SIZE); + + /* + * If the page table is now exclusively owned, we fully unshared + * a page table. + */ + if (!ptdesc_pmd_is_shared(pt)) + tlb->fully_unshared_tables = true; + tlb->unshared_tables = true; +} + +static inline void tlb_flush_unshared_tables(struct mmu_gather *tlb) +{ + /* + * As soon as the caller drops locks to allow for reuse of + * previously-shared tables, these tables could get modified and + * even reused outside of hugetlb context. So flush the TLB now. + * + * Note that we cannot defer the flush to a later point even if we are + * not the last sharer of the page table. + */ + if (tlb->unshared_tables) + tlb_flush_mmu_tlbonly(tlb); + + /* + * Similarly, we must make sure that concurrent GUP-fast will not + * walk previously-shared page tables that are getting modified+reused + * elsewhere. So broadcast an IPI to wait for any concurrent GUP-fast. + * + * We only perform this when we are the last sharer of a page table, + * as the IPI will reach all CPUs: any GUP-fast. + * + * Note that on configs where tlb_remove_table_sync_one() is a NOP, + * the expectation is that the tlb_flush_mmu_tlbonly() would have issued + * required IPIs already for us. + */ + if (tlb->fully_unshared_tables) { + tlb_remove_table_sync_one(); + tlb->fully_unshared_tables = false; + } +} +#endif /* CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ + #endif /* CONFIG_MMU */ #endif /* _ASM_GENERIC__TLB_H */ diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 03c8725efa289..63b248c6bfd47 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -240,8 +240,9 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); unsigned long hugetlb_mask_last_page(struct hstate *h); -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep); +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep); +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma); void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end); @@ -271,7 +272,7 @@ void hugetlb_vma_unlock_write(struct vm_area_struct *vma); int hugetlb_vma_trylock_write(struct vm_area_struct *vma); void hugetlb_vma_assert_locked(struct vm_area_struct *vma); void hugetlb_vma_lock_release(struct kref *kref); -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags); void hugetlb_unshare_all_pmds(struct vm_area_struct *vma); @@ -300,13 +301,17 @@ static inline struct address_space *hugetlb_folio_mapping_lock_write( return NULL; } -static inline int huge_pmd_unshare(struct mm_struct *mm, - struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +static inline int huge_pmd_unshare(struct mmu_gather *tlb, + struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { return 0; } +static inline void huge_pmd_unshare_flush(struct mmu_gather *tlb, + struct vm_area_struct *vma) +{ +} + static inline void adjust_range_if_pmd_sharing_possible( struct vm_area_struct *vma, unsigned long *start, unsigned long *end) @@ -432,7 +437,7 @@ static inline void move_hugetlb_state(struct folio *old_folio, { } -static inline long hugetlb_change_protection( +static inline long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 3c77cdef12a32..3db94693a06fc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5096,8 +5096,9 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, unsigned long last_addr_mask; pte_t *src_pte, *dst_pte; struct mmu_notifier_range range; - bool shared_pmd = false; + struct mmu_gather tlb; + tlb_gather_mmu(&tlb, vma->vm_mm); mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, old_addr, old_end); adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); @@ -5122,12 +5123,12 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, if (huge_pte_none(huge_ptep_get(mm, old_addr, src_pte))) continue; - if (huge_pmd_unshare(mm, vma, old_addr, src_pte)) { - shared_pmd = true; + if (huge_pmd_unshare(&tlb, vma, old_addr, src_pte)) { old_addr |= last_addr_mask; new_addr |= last_addr_mask; continue; } + tlb_remove_huge_tlb_entry(h, &tlb, src_pte, old_addr); dst_pte = huge_pte_alloc(mm, new_vma, new_addr, sz); if (!dst_pte) @@ -5136,13 +5137,13 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte, sz); } - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, old_end - len, old_end); + tlb_flush_mmu_tlbonly(&tlb); + huge_pmd_unshare_flush(&tlb, vma); + mmu_notifier_invalidate_range_end(&range); i_mmap_unlock_write(mapping); hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); return len + old_addr - old_end; } @@ -5161,7 +5162,6 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long sz = huge_page_size(h); bool adjust_reservation; unsigned long last_addr_mask; - bool force_flush = false; WARN_ON(!is_vm_hugetlb_page(vma)); BUG_ON(start & ~huge_page_mask(h)); @@ -5184,10 +5184,8 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { spin_unlock(ptl); - tlb_flush_pmd_range(tlb, address & PUD_MASK, PUD_SIZE); - force_flush = true; address |= last_addr_mask; continue; } @@ -5303,14 +5301,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, } tlb_end_vma(tlb, vma); - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (force_flush) - tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); } void __hugetlb_zap_begin(struct vm_area_struct *vma, @@ -6399,7 +6390,7 @@ int hugetlb_mfill_atomic_pte(pte_t *dst_pte, } #endif /* CONFIG_USERFAULTFD */ -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) { @@ -6409,7 +6400,6 @@ long hugetlb_change_protection(struct vm_area_struct *vma, pte_t pte; struct hstate *h = hstate_vma(vma); long pages = 0, psize = huge_page_size(h); - bool shared_pmd = false; struct mmu_notifier_range range; unsigned long last_addr_mask; bool uffd_wp = cp_flags & MM_CP_UFFD_WP; @@ -6452,7 +6442,7 @@ long hugetlb_change_protection(struct vm_area_struct *vma, } } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { /* * When uffd-wp is enabled on the vma, unshare * shouldn't happen at all. Warn about it if it @@ -6461,7 +6451,6 @@ long hugetlb_change_protection(struct vm_area_struct *vma, WARN_ON_ONCE(uffd_wp || uffd_wp_resolve); pages++; spin_unlock(ptl); - shared_pmd = true; address |= last_addr_mask; continue; } @@ -6522,22 +6511,16 @@ long hugetlb_change_protection(struct vm_area_struct *vma, pte = huge_pte_clear_uffd_wp(pte); huge_ptep_modify_prot_commit(vma, address, ptep, old_pte, pte); pages++; + tlb_remove_huge_tlb_entry(h, tlb, ptep, address); } next: spin_unlock(ptl); cond_resched(); } - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, start, end); + + tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); /* * No need to call mmu_notifier_arch_invalidate_secondary_tlbs() we are * downgrading page table protection not changing it to point to a new @@ -6904,18 +6887,27 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, return pte; } -/* - * unmap huge page backed by shared pte. +/** + * huge_pmd_unshare - Unmap a pmd table if it is shared by multiple users + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * @addr: the address we are trying to unshare. + * @ptep: pointer into the (pmd) page table. + * + * Called with the page table lock held, the i_mmap_rwsem held in write mode + * and the hugetlb vma lock held in write mode. * - * Called with page table lock held. + * Note: The caller must call huge_pmd_unshare_flush() before dropping the + * i_mmap_rwsem. * - * returns: 1 successfully unmapped a shared pte page - * 0 the underlying pte page is not shared, or it is the last user + * Returns: 1 if it was a shared PMD table and it got unmapped, or 0 if it + * was not a shared PMD table. */ -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { unsigned long sz = huge_page_size(hstate_vma(vma)); + struct mm_struct *mm = vma->vm_mm; pgd_t *pgd = pgd_offset(mm, addr); p4d_t *p4d = p4d_offset(pgd, addr); pud_t *pud = pud_offset(p4d, addr); @@ -6927,18 +6919,36 @@ int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, i_mmap_assert_write_locked(vma->vm_file->f_mapping); hugetlb_vma_assert_locked(vma); pud_clear(pud); - /* - * Once our caller drops the rmap lock, some other process might be - * using this page table as a normal, non-hugetlb page table. - * Wait for pending gup_fast() in other threads to finish before letting - * that happen. - */ - tlb_remove_table_sync_one(); - ptdesc_pmd_pts_dec(virt_to_ptdesc(ptep)); + + tlb_unshare_pmd_ptdesc(tlb, virt_to_ptdesc(ptep), addr); + mm_dec_nr_pmds(mm); return 1; } +/* + * huge_pmd_unshare_flush - Complete a sequence of huge_pmd_unshare() calls + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * + * Perform necessary TLB flushes or IPI broadcasts to synchronize PMD table + * unsharing with concurrent page table walkers (TLB, GUP-fast, etc.). + * + * This function must be called after a sequence of huge_pmd_unshare() + * calls while still holding the i_mmap_rwsem. + */ +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ + /* + * We must synchronize page table unsharing such that nobody will + * try reusing a previously-shared page table while it might still + * be in use by previous sharers (TLB, GUP_fast). + */ + i_mmap_assert_write_locked(vma->vm_file->f_mapping); + + tlb_flush_unshared_tables(tlb); +} + #else /* !CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, @@ -6947,12 +6957,16 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, return NULL; } -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { return 0; } +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ +} + void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end) { @@ -7219,6 +7233,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, unsigned long sz = huge_page_size(h); struct mm_struct *mm = vma->vm_mm; struct mmu_notifier_range range; + struct mmu_gather tlb; unsigned long address; spinlock_t *ptl; pte_t *ptep; @@ -7229,6 +7244,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, if (start >= end) return; + tlb_gather_mmu(&tlb, mm); flush_cache_range(vma, start, end); /* * No need to call adjust_range_if_pmd_sharing_possible(), because @@ -7248,10 +7264,10 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, if (!ptep) continue; ptl = huge_pte_lock(h, mm, ptep); - huge_pmd_unshare(mm, vma, address, ptep); + huge_pmd_unshare(&tlb, vma, address, ptep); spin_unlock(ptl); } - flush_hugetlb_tlb_range(vma, start, end); + huge_pmd_unshare_flush(&tlb, vma); if (take_locks) { i_mmap_unlock_write(vma->vm_file->f_mapping); hugetlb_vma_unlock_write(vma); @@ -7261,6 +7277,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, * Documentation/mm/mmu_notifier.rst. */ mmu_notifier_invalidate_range_end(&range); + tlb_finish_mmu(&tlb); } /* diff --git a/mm/mmu_gather.c b/mm/mmu_gather.c index 247e3f9db6c7a..822a790127375 100644 --- a/mm/mmu_gather.c +++ b/mm/mmu_gather.c @@ -468,6 +468,12 @@ void tlb_gather_mmu_fullmm(struct mmu_gather *tlb, struct mm_struct *mm) */ void tlb_finish_mmu(struct mmu_gather *tlb) { + /* + * We expect an earlier huge_pmd_unshare_flush() call to sort this out, + * due to complicated locking requirements with page table unsharing. + */ + VM_WARN_ON_ONCE(tlb->fully_unshared_tables); + /* * If there are parallel threads are doing PTE changes on same range * under non-exclusive lock (e.g., mmap_lock read-side) but defer TLB diff --git a/mm/mprotect.c b/mm/mprotect.c index 283889e4f1cec..5c330e817129e 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -652,7 +652,7 @@ long change_protection(struct mmu_gather *tlb, #endif if (is_vm_hugetlb_page(vma)) - pages = hugetlb_change_protection(vma, start, end, newprot, + pages = hugetlb_change_protection(tlb, vma, start, end, newprot, cp_flags); else pages = change_protection_range(tlb, vma, start, end, newprot, diff --git a/mm/rmap.c b/mm/rmap.c index 748f48727a162..d6799afe11147 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -76,7 +76,7 @@ #include <linux/mm_inline.h> #include <linux/oom.h> -#include <asm/tlbflush.h> +#include <asm/tlb.h> #define CREATE_TRACE_POINTS #include <trace/events/migrate.h> @@ -2008,13 +2008,17 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, * if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) goto walk_abort; - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { + + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2022,6 +2026,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, goto walk_done; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); if (pte_dirty(pteval)) @@ -2398,17 +2403,20 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma, * fail if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) { page_vma_mapped_walk_done(&pvmw); ret = false; break; } - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { - hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { + hugetlb_vma_unlock_write(vma); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2417,6 +2425,7 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma, break; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } /* Nuke the hugetlb page table entry */ pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); -- 2.52.0

1 day, 14 hours

2
3
0 0

[PATCH] nfs/localio: fix regression due to out-of-order __put_cred

by Trond Myklebust

From: Mike Snitzer <snitzer(a)kernel.org> commit 3af870aedbff10bfed220e280b57a405e972229f upstream. Commit f2060bdc21d7 ("nfs/localio: add refcounting for each iocb IO associated with NFS pgio header") inadvertantly reintroduced the same potential for __put_cred() triggering BUG_ON(cred == current->cred) that commit 992203a1fba5 ("nfs/localio: restore creds before releasing pageio data") fixed. Fix this by saving and restoring the cred around each {read,write}_iter call within the respective for loop of nfs_local_call_{read,write}. Reported-by: Zorro Lang <zlang(a)redhat.com> Fixes: f2060bdc21d7 ("nfs/localio: add refcounting for each iocb IO associated with NFS pgio header") Cc: <stable(a)vger.kernel.org> # 6.18.x Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> --- fs/nfs/localio.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 656976b4f42c..ee635172d68a 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -625,8 +625,6 @@ static void nfs_local_call_read(struct work_struct *work) ssize_t status; int n_iters; - save_cred = override_creds(filp->f_cred); - n_iters = atomic_read(&iocb->n_iters); for (int i = 0; i < n_iters ; i++) { if (iocb->iter_is_dio_aligned[i]) { @@ -639,7 +637,10 @@ static void nfs_local_call_read(struct work_struct *work) } else iocb->kiocb.ki_flags &= ~IOCB_DIRECT; + save_cred = override_creds(filp->f_cred); status = filp->f_op->read_iter(&iocb->kiocb, &iocb->iters[i]); + revert_creds(save_cred); + if (status != -EIOCBQUEUED) { if (unlikely(status >= 0 && status < iocb->iters[i].count)) force_done = true; /* Partial read */ @@ -649,8 +650,6 @@ static void nfs_local_call_read(struct work_struct *work) } } } - - revert_creds(save_cred); } static int @@ -832,7 +831,6 @@ static void nfs_local_call_write(struct work_struct *work) int n_iters; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds(filp->f_cred); file_start_write(filp); n_iters = atomic_read(&iocb->n_iters); @@ -847,7 +845,10 @@ static void nfs_local_call_write(struct work_struct *work) } else iocb->kiocb.ki_flags &= ~IOCB_DIRECT; + save_cred = override_creds(filp->f_cred); status = filp->f_op->write_iter(&iocb->kiocb, &iocb->iters[i]); + revert_creds(save_cred); + if (status != -EIOCBQUEUED) { if (unlikely(status >= 0 && status < iocb->iters[i].count)) force_done = true; /* Partial write */ @@ -859,7 +860,6 @@ static void nfs_local_call_write(struct work_struct *work) } file_end_write(filp); - revert_creds(save_cred); current->flags = old_flags; } -- 2.52.0

1 day, 22 hours

2
2
0 0

Please apply 5b1e38c0792cc7a44997328de37d393f81b2501a to 5.15

by Nathan Chancellor

Hi stable folks, Please apply commit 5b1e38c0792c ("dpaa2-mac: bail if the dpmacs fwnode is not found") to 5.15, where it addresses an instance of -Wsometimes-uninitialized with clang-21 and newer, introduced by commit 3264f599c1a8 ("net: dpaa2-mac: Add ACPI support for DPAA2 MAC driver") in 5.14. drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:54:13: error: variable 'parent' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 54 | } else if (is_acpi_node(fwnode)) { | ^~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:58:29: note: uninitialized use occurs here 58 | fwnode_for_each_child_node(parent, child) { | ^~~~~~ drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:54:9: note: remove the 'if' if its condition is always true 54 | } else if (is_acpi_node(fwnode)) { | ^~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c:43:39: note: initialize the variable 'parent' to silence this warning 43 | struct fwnode_handle *fwnode, *parent, *child = NULL; | ^ | = NULL It applies and builds cleanly for me. If there are any issues, please let me know. Cheers, Nathan

2 days, 2 hours

2
1
0 0

Apply fc7bf4c0d65a342b29fe38c332db3fe900b481b9 to 5.15

by Nathan Chancellor

Hi stable folks, Please apply commit fc7bf4c0d65a ("drm/i915/selftests: Fix inconsistent IS_ERR and PTR_ERR") to 5.15, where it resolves a couple of instances of -Wuninitialized with clang-21 or newer that were introduced by commit cdb35d1ed6d2 ("drm/i915/gem: Migrate to system at dma-buf attach time (v7)") in 5.15. In file included from drivers/gpu/drm/i915/gem/i915_gem_dmabuf.c:329: drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:105:18: error: variable 'dmabuf' is uninitialized when used here [-Werror,-Wuninitialized] 105 | PTR_ERR(dmabuf)); | ^~~~~~ drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:94:24: note: initialize the variable 'dmabuf' to silence this warning 94 | struct dma_buf *dmabuf; | ^ | = NULL drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:161:18: error: variable 'dmabuf' is uninitialized when used here [-Werror,-Wuninitialized] 161 | PTR_ERR(dmabuf)); | ^~~~~~ drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c:149:24: note: initialize the variable 'dmabuf' to silence this warning 149 | struct dma_buf *dmabuf; | ^ | = NULL It applies and builds cleanly for me. If there are any issues, please let me know. Cheers, Nathan

2 days, 2 hours

2
1
0 0

Apply ccc35ff2fd2911986b716a87fe65e03fac2312c9 to 5.15, 6.1, and 6.6

by Nathan Chancellor

Hi stable folks, Please apply commit ccc35ff2fd29 ("leds: spi-byte: Use devm_led_classdev_register_ext()") to 5.15, 6.1, and 6.6. It inadvertently addresses an instance of -Wuninitialized visible with clang-21 and newer: drivers/leds/leds-spi-byte.c:99:26: error: variable 'child' is uninitialized when used here [-Werror,-Wuninitialized] 99 | of_property_read_string(child, "label", &name); | ^~~~~ drivers/leds/leds-spi-byte.c:83:27: note: initialize the variable 'child' to silence this warning 83 | struct device_node *child; | ^ | = NULL It applies cleanly to 6.6. I have attached a backport for 6.1 and 5.15, which can be generated locally with: $ git format-patch -1 --stdout ccc35ff2fd2911986b716a87fe65e03fac2312c9 | sed 's;strscpy;strlcpy;' | patch -p1 This change seems safe to me but if I am missing a massive dependency chain, an alternative would be moving child's initialization up in these stable branches. Cheers, Nathan diff --git a/drivers/leds/leds-spi-byte.c b/drivers/leds/leds-spi-byte.c index 82696e0607a5..7dd876df8b36 100644 --- a/drivers/leds/leds-spi-byte.c +++ b/drivers/leds/leds-spi-byte.c @@ -96,6 +96,7 @@ static int spi_byte_probe(struct spi_device *spi) if (!led) return -ENOMEM; + child = of_get_next_available_child(dev_of_node(dev), NULL); of_property_read_string(child, "label", &name); strlcpy(led->name, name, sizeof(led->name)); led->spi = spi; @@ -106,7 +107,6 @@ static int spi_byte_probe(struct spi_device *spi) led->ldev.max_brightness = led->cdef->max_value - led->cdef->off_value; led->ldev.brightness_set_blocking = spi_byte_brightness_set_blocking; - child = of_get_next_available_child(dev_of_node(dev), NULL); state = of_get_property(child, "default-state", NULL); if (state) { if (!strcmp(state, "on")) {

2 days, 2 hours

2
1
0 0

[PATCH AUTOSEL 6.18-6.1] ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit b39a1833cc4a2755b02603eec3a71a85e9dff926 ] Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: fs/smb/server/mgmt/tree_connect.c | 18 ++++-------------- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/smb2pdu.c | 3 --- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index ecfc575086712..d3483d9c757c7 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -78,7 +78,6 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) tree_conn->t_state = TREE_NEW; status.tree_conn = tree_conn; atomic_set(&tree_conn->refcount, 1); - init_waitqueue_head(&tree_conn->refcount_q); ret = xa_err(xa_store(&sess->tree_conns, tree_conn->id, tree_conn, KSMBD_DEFAULT_GFP)); @@ -100,14 +99,8 @@ ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon) { - /* - * Checking waitqueue to releasing tree connect on - * tree disconnect. waitqueue_active is safe because it - * uses atomic operation for condition. - */ - if (!atomic_dec_return(&tcon->refcount) && - waitqueue_active(&tcon->refcount_q)) - wake_up(&tcon->refcount_q); + if (atomic_dec_and_test(&tcon->refcount)) + kfree(tcon); } int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, @@ -119,14 +112,11 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, xa_erase(&sess->tree_conns, tree_conn->id); write_unlock(&sess->tree_conns_lock); - if (!atomic_dec_and_test(&tree_conn->refcount)) - wait_event(tree_conn->refcount_q, - atomic_read(&tree_conn->refcount) == 0); - ret = ksmbd_ipc_tree_disconnect_request(sess->id, tree_conn->id); ksmbd_release_tree_conn_id(sess, tree_conn->id); ksmbd_share_config_put(tree_conn->share_conf); - kfree(tree_conn); + if (atomic_dec_and_test(&tree_conn->refcount)) + kfree(tree_conn); return ret; } diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index a42cdd0510411..f0023d86716f2 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -33,7 +33,6 @@ struct ksmbd_tree_connect { int maximal_access; bool posix_extensions; atomic_t refcount; - wait_queue_head_t refcount_q; unsigned int t_state; }; diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index a2830ec67e782..dba29881debdc 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2200,7 +2200,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - WARN_ON_ONCE(atomic_dec_and_test(&tcon->refcount)); tcon->t_state = TREE_DISCONNECTED; write_unlock(&sess->tree_conns_lock); @@ -2210,8 +2209,6 @@ int smb2_tree_disconnect(struct ksmbd_work *work) goto err_out; } - work->tcon = NULL; - rsp->StructureSize = cpu_to_le16(4); err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_tree_disconnect_rsp)); -- 2.51.0

2 days, 4 hours

2
28
0 0

Linux 6.17.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.11 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 arch/arm64/boot/dts/freescale/imx8dxl-ss-conn.dtsi | 4 arch/arm64/boot/dts/freescale/imx8dxl-ss-hsio.dtsi | 5 arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 4 arch/arm64/kernel/acpi.c | 10 arch/mips/mm/tlb-r4k.c | 116 ++++--- arch/riscv/boot/dts/allwinner/sun20i-d1s.dtsi | 2 arch/x86/events/core.c | 10 drivers/atm/fore200e.c | 2 drivers/bluetooth/btusb.c | 39 ++ drivers/counter/microchip-tcb-capture.c | 2 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/dc/virtual/virtual_stream_encoder.c | 7 drivers/gpu/drm/bridge/sii902x.c | 20 - drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/i915/display/intel_display.c | 8 drivers/gpu/drm/i915/display/intel_psr.c | 6 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/gpu/drm/xe/xe_gt_clock.c | 7 drivers/gpu/drm/xe/xe_guc_ct.c | 3 drivers/iio/accel/adxl355_core.c | 44 ++ drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/ad4030.c | 2 drivers/iio/adc/ad7124.c | 12 drivers/iio/adc/ad7280a.c | 2 drivers/iio/adc/ad7380.c | 8 drivers/iio/adc/rtq6056.c | 2 drivers/iio/adc/stm32-dfsdm-adc.c | 5 drivers/iio/buffer/industrialio-buffer-dma.c | 6 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 2 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/humidity/hdc3020.c | 73 ++-- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 - drivers/iio/industrialio-buffer.c | 21 + drivers/iio/pressure/bmp280-core.c | 15 drivers/iommu/iommufd/driver.c | 2 drivers/mailbox/mailbox-test.c | 2 drivers/mailbox/mtk-cmdq-mailbox.c | 45 +- drivers/mailbox/pcc.c | 8 drivers/md/dm-verity-fec.c | 6 drivers/mmc/host/sdhci-of-dwcmshc.c | 29 + drivers/most/most_usb.c | 14 drivers/net/can/rcar/rcar_canfd.c | 53 +-- drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 100 +++++- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/microchip/ksz_common.c | 31 - drivers/net/dsa/microchip/ksz_ptp.c | 22 - drivers/net/dsa/sja1105/sja1105_main.c | 7 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 - drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/freescale/fec.h | 1 drivers/net/ethernet/freescale/fec_ptp.c | 64 +++- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 2 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 19 - drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/phy/mxl-gpy.c | 20 - drivers/net/team/team_core.c | 23 - drivers/net/tun_vnet.h | 2 drivers/net/veth.c | 7 drivers/net/virtio_net.c | 3 drivers/net/wwan/mhi_wwan_mbim.c | 2 drivers/nvmem/layouts.c | 2 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/pmdomain/tegra/powergate-bpmp.c | 1 drivers/regulator/rtq2208-regulator.c | 6 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/spi/Kconfig | 4 drivers/spi/spi-amlogic-spifc-a1.c | 4 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-cadence-quadspi.c | 18 - drivers/spi/spi-nxp-fspi.c | 28 + drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/tty/serial/8250/8250.h | 4 drivers/tty/serial/8250/8250_platform.c | 2 drivers/tty/serial/8250/8250_rsa.c | 26 + drivers/tty/serial/8250/Makefile | 2 drivers/tty/serial/amba-pl011.c | 2 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 80 ++--- drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/udc/core.c | 18 + drivers/usb/gadget/udc/renesas_usbf.c | 4 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/host/xhci-dbgcap.h | 1 drivers/usb/host/xhci-dbgtty.c | 23 + drivers/usb/host/xhci-ring.c | 15 drivers/usb/host/xhci.c | 1 drivers/usb/renesas_usbhs/common.c | 14 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 drivers/vhost/net.c | 53 ++- drivers/vhost/vhost.c | 76 +++- drivers/vhost/vhost.h | 10 drivers/video/fbdev/core/fbcon.c | 9 fs/afs/cell.c | 43 -- fs/afs/internal.h | 1 fs/afs/security.c | 49 ++- fs/namespace.c | 7 fs/overlayfs/util.c | 4 fs/smb/client/connect.c | 1 include/linux/iio/buffer-dma.h | 1 include/linux/iio/buffer_impl.h | 2 include/linux/mailbox/mtk-cmdq-mailbox.h | 10 include/linux/usb/gadget.h | 5 include/linux/virtio_net.h | 7 include/net/bluetooth/hci_core.h | 21 - io_uring/net.c | 6 kernel/dma/direct.c | 1 kernel/time/timekeeping.c | 4 kernel/trace/trace.c | 10 mm/huge_memory.c | 22 - mm/memfd.c | 27 + mm/swapfile.c | 4 net/bluetooth/hci_core.c | 89 ++--- net/bluetooth/hci_sock.c | 2 net/bluetooth/iso.c | 30 + net/bluetooth/l2cap_core.c | 23 + net/bluetooth/sco.c | 35 +- net/bluetooth/smp.c | 31 - net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 ++- net/ceph/debugfs.c | 14 net/ceph/messenger_v2.c | 11 net/ceph/osdmap.c | 18 - net/mctp/route.c | 1 net/mptcp/protocol.c | 19 + net/xdp/xsk.c | 160 ++++++---- sound/hda/codecs/cirrus/cs420x.c | 1 sound/usb/quirks.c | 3 159 files changed, 1533 insertions(+), 802 deletions(-) Achim Gratz (1): iio: pressure: bmp280: correct meas_time_us calculation Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (1): USB: storage: Remove subclass and protocol overrides from Novatek quirk Alex Deucher (2): drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Revert "drm/amd/display: Move setup_stream_attribute" Alex Hung (1): drm/amd/display: Check NULL before accessing Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Andrei Vagin (1): fs/namespace: fix reference leak in grab_requested_mnt_ns Andy Shevchenko (1): spi: nxp-fspi: Propagate fwnode in ACPI case as well Anurag Dutta (2): spi: spi-cadence-quadspi: Remove duplicate pm_runtime_put_autosuspend() call spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance Bastien Curutchet (Schneider Electric) (5): net: dsa: microchip: common: Fix checks on irq_find_mapping() net: dsa: microchip: ptp: Fix checks on irq_find_mapping() net: dsa: microchip: Don't free uninitialized ksz_irq net: dsa: microchip: Free previously initialized ports on init failures net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() Biju Das (1): can: rcar_canfd: Fix CAN-FD mode as default ChiYuan Huang (3): iio: adc: rtq6056: Correct the sign bit index regulator: rtq2208: Correct buck group2 phase mapping logic regulator: rtq2208: Correct LDO2 logic judgment bits Chris Lu (1): Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Dan Carpenter (2): platform/x86: intel: punit_ipc: fix memory corruption timekeeping: Fix error code in tk_aux_sysfs_init() Daniel Golle (2): net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting David Howells (2): afs: Fix delayed allocation of a cell's anonymous key afs: Fix uninit var in afs_alloc_anon_key() David Lechner (3): iio: adc: ad7124: fix temperature channel iio: adc: ad7280a: fix ad7280_store_balance_timer() iio: adc: ad7380: fix SPI offload trigger rate Deepanshu Kartikey (2): tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs mm/memfd: fix information leak in hugetlb folios Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Devarsh Thakkar (1): drm/bridge: sii902x: Fix HDMI detection with DRM_BRIDGE_ATTACH_NO_CONNECTOR Dharma Balasubiramani (1): counter: microchip-tcb-capture: Allow shared IRQ for multi-channel TCBs Dimitri Fedrau (2): iio: humditiy: hdc3020: fix units for temperature and humidity measurement iio: humditiy: hdc3020: fix units for thresholds and hysteresis Douglas Anderson (1): Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref Edward Adam Davis (1): Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Fernando Fernandez Mancera (1): xsk: avoid data corruption on cq descriptor number Francesco Lavra (2): spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Frank Li (2): arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos arm64: dts: imx8dxl: Correct pcie-ep interrupt number Greg Kroah-Hartman (1): Linux 6.17.11 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Gustavo A. R. Silva (1): iommufd/driver: Fix counter initialization for counted_by annotation Haibo Chen (1): spi: spi-nxp-fspi: Add OCT-DTR mode support Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang (3): usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors mailbox: mailbox-test: Fix debugfs_create_dir error checking spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Harish Chegondi (1): drm/xe: Fix conversion from clock ticks to milliseconds Heikki Krogerus (2): usb: dwc3: pci: add support for the Intel Nova Lake -S usb: dwc3: pci: Sort out the Intel device IDs Heiner Kallweit (1): r8169: fix RTL8127 hang on suspend/shutdown Horatiu Vultur (1): net: lan966x: Fix the initialization of taprio Ilpo Järvinen (1): serial: 8250: Fix 8250_rsa symbol loop Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Ivan Zhaldak (1): ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (2): mailbox: pcc: don't zero error register drivers/usb/dwc3: fix PCI parent check Jason Wang (1): vhost: rewind next_avail_head while discarding descriptors Jason-JH Lin (1): mailbox: mtk-cmdq: Refine DMA address handling for the command buffer Jens Axboe (1): io_uring/net: ensure vectored buffer node import is tied to notification Jeremy Kerr (1): net: mctp: unconditionally set skb->dev on dst output Jesper Dangaard Brouer (1): veth: reduce XDP no_direct return section to fix race Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jimmy Hu (1): usb: gadget: udc: fix use-after-free in usb_gadget_state_work Jiri Olsa (1): Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Jisheng Zhang (1): mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe Jon Hunter (1): pmdomain: tegra: Add GENPD_FLAG_NO_STAY_ON flag Jon Kohler (1): virtio-net: avoid unnecessary checksum calculation on guest RX Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kuen-Han Tsai (2): usb: gadget: f_eem: Fix memory leak in eem_unwrap usb: udc: Add trace event for usb_gadget_set_state Kuniyuki Iwashima (1): mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Lucas De Marchi (1): drm/xe/guc: Fix stack_depot usage Luiz Augusto von Dentz (2): Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP Bluetooth: SMP: Fix not generating mackey and ltk when repairing Maarten Zanders (1): ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Maciej Fijalkowski (1): xsk: avoid overwriting skb fields for multi-buffer traffic Maciej W. Rozycki (1): MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (4): can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Marcelo Schmitt (1): iio: adc: ad4030: Fix _scale value for common-mode channels Mario Limonciello (AMD) (2): drm/amd/display: Don't change brightness for disabled connectors drm/amd/display: Increase EDID read retries Mario Tesi (1): iio: st_lsm6dsx: Fixed calibrated timestamp calculation Mathias Nyman (2): xhci: fix stale flag preventig URBs after link state error is cleared xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Miaoqian Lin (3): slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Michael Chen (1): drm/amd/amdgpu: reserve vm invalidation engine for uni_mes Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Mohsin Bashir (1): eth: fbnic: Fix counter roll-over issue NeilBrown (1): ovl: fail ovl_lock_rename_workdir() if either target is unhashed Nikola Z. Ivanov (1): team: Move team device type change at the end of team_port_add Nuno Sá (3): iio: buffer-dma: support getting the DMA channel iio: buffer-dmaengine: enable .get_dma_dev() iio: buffer: support getting dma channel from the buffer Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Olivier Moysan (1): iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling Owen Gu (1): usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Paolo Abeni (1): mptcp: clear scheduled subflows on retransmit Pauli Virtanen (1): Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Pranjal Shrivastava (1): dma-direct: Fix missing sg_dma_len assignment in P2PDMA bus mappings Prike Liang (1): drm/amdgpu: attach tlb fence to the PTs update Punit Agrawal (1): Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" René Rebe (1): ALSA: hda/cirrus fix cs420x MacPro 6,1 inverted jack detection Sergey Matyukevich (1): riscv: dts: allwinner: d1: fix vlenb property Seungjin Bae (1): can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Siddharth Vadapalli (1): spi: cadence-quadspi: Fix cqspi_probe() error handling for runtime pm Slark Xiao (1): net: wwan: mhi: Keep modem name match with Foxconn T99W640 Thomas Bogendoerfer (1): MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Thomas Zimmermann (1): drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Valek Andrej (1): iio: accel: fix ADXL355 startup race condition Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: fix crash in process_v2_sparse_read() for encrypted directories Ville Syrjälä (1): drm/i915/psr: Reject async flips when selective fetch is enabled Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Wei Fang (4): net: fec: cancel perout_timer when PEROUT is disabled net: fec: do not update PEROUT if it is enabled net: fec: do not allow enabling PPS and PEROUT simultaneously net: fec: do not register PPS event for PEROUT Wei Yang (1): mm/huge_memory: fix NULL pointer deference when splitting folio Wentao Guan (1): nvmem: layouts: fix nvmem_layout_bus_uevent Xu Yang (1): arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity Youngjun Park (1): mm: swap: remove duplicate nr_swap_pages decrement in get_swap_page_of_type() ziming zhang (2): libceph: prevent potential out-of-bounds writes in handle_auth_session_key() libceph: replace BUG_ON with bounds check for map->max_osd Łukasz Bartosik (1): xhci: dbgtty: fix device unregister

2 days, 5 hours

1
1
0 0

Linux 6.12.61

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.61 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ MAINTAINERS | 5 Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 arch/arm64/boot/dts/freescale/imx8dxl-ss-conn.dtsi | 4 arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 4 arch/arm64/kernel/acpi.c | 10 arch/mips/mm/tlb-r4k.c | 116 arch/x86/events/core.c | 10 arch/x86/kvm/svm/nested.c | 20 arch/x86/kvm/svm/svm.c | 94 arch/x86/kvm/svm/svm.h | 1 drivers/atm/fore200e.c | 2 drivers/bluetooth/btusb.c | 39 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/dc/virtual/virtual_stream_encoder.c | 7 drivers/gpu/drm/drm_fb_helper.c | 6 drivers/gpu/drm/i915/display/intel_dp.c | 5 drivers/gpu/drm/i915/display/intel_fbdev.c | 6 drivers/gpu/drm/radeon/radeon_fbdev.c | 5 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/gpu/drm/xe/xe_gt_clock.c | 7 drivers/iio/accel/adxl355_core.c | 44 drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/ad7280a.c | 2 drivers/iio/adc/rtq6056.c | 2 drivers/iio/adc/stm32-dfsdm-adc.c | 5 drivers/iio/buffer/industrialio-buffer-dma.c | 6 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 2 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/humidity/hdc3020.c | 73 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 drivers/iio/industrialio-buffer.c | 21 drivers/mailbox/mailbox-test.c | 2 drivers/mailbox/mtk-cmdq-mailbox.c | 45 drivers/mailbox/pcc.c | 32 drivers/md/dm-verity-fec.c | 6 drivers/mmc/host/sdhci-of-dwcmshc.c | 29 drivers/most/most_usb.c | 14 drivers/mtd/nand/spi/core.c | 2 drivers/net/can/rcar/rcar_canfd.c | 53 drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 100 drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/microchip/ksz_common.c | 65 drivers/net/dsa/microchip/ksz_common.h | 1 drivers/net/dsa/microchip/ksz_ptp.c | 22 drivers/net/dsa/sja1105/sja1105_main.c | 66 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/freescale/fec.h | 1 drivers/net/ethernet/freescale/fec_ptp.c | 64 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 2 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/phy/mxl-gpy.c | 2 drivers/net/team/team_core.c | 23 drivers/net/veth.c | 64 drivers/net/vrf.c | 4 drivers/net/wireless/ath/ath12k/dp_rx.c | 5 drivers/net/wireless/ath/ath12k/peer.c | 3 drivers/net/wireless/ath/ath12k/peer.h | 2 drivers/net/wwan/mhi_wwan_mbim.c | 2 drivers/nvmem/layouts.c | 2 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/spi/Kconfig | 4 drivers/spi/spi-amlogic-spifc-a1.c | 4 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-mem.c | 37 drivers/spi/spi-nxp-fspi.c | 123 drivers/staging/Kconfig | 2 drivers/staging/Makefile | 1 drivers/staging/rtl8712/Kconfig | 21 drivers/staging/rtl8712/Makefile | 35 drivers/staging/rtl8712/TODO | 13 drivers/staging/rtl8712/basic_types.h | 28 drivers/staging/rtl8712/drv_types.h | 175 drivers/staging/rtl8712/ethernet.h | 21 drivers/staging/rtl8712/hal_init.c | 401 - drivers/staging/rtl8712/ieee80211.c | 415 - drivers/staging/rtl8712/ieee80211.h | 165 drivers/staging/rtl8712/mlme_linux.c | 160 drivers/staging/rtl8712/mlme_osdep.h | 31 drivers/staging/rtl8712/mp_custom_oid.h | 287 - drivers/staging/rtl8712/os_intfs.c | 482 -- drivers/staging/rtl8712/osdep_intf.h | 32 drivers/staging/rtl8712/osdep_service.h | 60 drivers/staging/rtl8712/recv_linux.c | 139 drivers/staging/rtl8712/recv_osdep.h | 39 drivers/staging/rtl8712/rtl8712_bitdef.h | 26 drivers/staging/rtl8712/rtl8712_cmd.c | 409 - drivers/staging/rtl8712/rtl8712_cmd.h | 231 - drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 drivers/staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 drivers/staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 drivers/staging/rtl8712/rtl8712_efuse.c | 563 -- drivers/staging/rtl8712/rtl8712_efuse.h | 44 drivers/staging/rtl8712/rtl8712_event.h | 86 drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 drivers/staging/rtl8712/rtl8712_hal.h | 142 drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 drivers/staging/rtl8712/rtl8712_io.c | 99 drivers/staging/rtl8712/rtl8712_led.c | 1830 -------- drivers/staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 drivers/staging/rtl8712/rtl8712_macsetting_regdef.h | 20 drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 drivers/staging/rtl8712/rtl8712_recv.c | 1075 ---- drivers/staging/rtl8712/rtl8712_recv.h | 145 drivers/staging/rtl8712/rtl8712_regdef.h | 32 drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 drivers/staging/rtl8712/rtl8712_spec.h | 121 drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 drivers/staging/rtl8712/rtl8712_xmit.c | 732 --- drivers/staging/rtl8712/rtl8712_xmit.h | 108 drivers/staging/rtl8712/rtl871x_cmd.c | 750 --- drivers/staging/rtl8712/rtl871x_cmd.h | 750 --- drivers/staging/rtl8712/rtl871x_debug.h | 130 drivers/staging/rtl8712/rtl871x_eeprom.c | 220 drivers/staging/rtl8712/rtl871x_eeprom.h | 88 drivers/staging/rtl8712/rtl871x_event.h | 109 drivers/staging/rtl8712/rtl871x_ht.h | 33 drivers/staging/rtl8712/rtl871x_io.c | 147 drivers/staging/rtl8712/rtl871x_io.h | 236 - drivers/staging/rtl8712/rtl871x_ioctl.h | 94 drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2275 ---------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 -- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 - drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 drivers/staging/rtl8712/rtl871x_led.h | 118 drivers/staging/rtl8712/rtl871x_mlme.c | 1710 ------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 drivers/staging/rtl8712/rtl871x_mp.c | 724 --- drivers/staging/rtl8712/rtl871x_mp.h | 275 - drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 - drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 ---- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 - drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 drivers/staging/rtl8712/rtl871x_recv.c | 671 -- drivers/staging/rtl8712/rtl871x_recv.h | 208 drivers/staging/rtl8712/rtl871x_rf.h | 55 drivers/staging/rtl8712/rtl871x_security.c | 1386 ------ drivers/staging/rtl8712/rtl871x_security.h | 218 drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 - drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 drivers/staging/rtl8712/rtl871x_xmit.c | 1056 ---- drivers/staging/rtl8712/rtl871x_xmit.h | 287 - drivers/staging/rtl8712/sta_info.h | 132 drivers/staging/rtl8712/usb_halinit.c | 307 - drivers/staging/rtl8712/usb_intf.c | 638 -- drivers/staging/rtl8712/usb_ops.c | 195 drivers/staging/rtl8712/usb_ops.h | 38 drivers/staging/rtl8712/usb_ops_linux.c | 508 -- drivers/staging/rtl8712/usb_osintf.h | 35 drivers/staging/rtl8712/wifi.h | 196 drivers/staging/rtl8712/wlan_bssdef.h | 223 drivers/staging/rtl8712/xmit_linux.c | 181 drivers/staging/rtl8712/xmit_osdep.h | 52 drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/tty/serial/amba-pl011.c | 2 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 80 drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/udc/core.c | 18 drivers/usb/gadget/udc/renesas_usbf.c | 4 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/host/xhci-dbgcap.h | 1 drivers/usb/host/xhci-dbgtty.c | 23 drivers/usb/host/xhci-ring.c | 15 drivers/usb/host/xhci.c | 1 drivers/usb/renesas_usbhs/common.c | 14 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 drivers/video/fbdev/core/fbcon.c | 9 fs/namespace.c | 7 fs/nfsd/nfs4state.c | 6 fs/smb/client/connect.c | 1 include/linux/iio/buffer-dma.h | 1 include/linux/iio/buffer_impl.h | 2 include/linux/mailbox/mtk-cmdq-mailbox.h | 10 include/linux/spi/spi-mem.h | 22 include/linux/usb/gadget.h | 5 include/net/bluetooth/hci_core.h | 1 include/net/sch_generic.h | 8 kernel/trace/trace.c | 10 mm/huge_memory.c | 17 mm/memfd.c | 27 net/bluetooth/hci_core.c | 16 net/bluetooth/hci_sock.c | 2 net/bluetooth/smp.c | 31 net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 net/ceph/debugfs.c | 14 net/ceph/messenger_v2.c | 11 net/ceph/osdmap.c | 18 net/mptcp/protocol.c | 19 sound/usb/quirks.c | 3 237 files changed, 1336 insertions(+), 28204 deletions(-) Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (1): USB: storage: Remove subclass and protocol overrides from Novatek quirk Alex Deucher (2): drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Revert "drm/amd/display: Move setup_stream_attribute" Alex Hung (1): drm/amd/display: Check NULL before accessing Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Andrei Vagin (1): fs/namespace: fix reference leak in grab_requested_mnt_ns Andy Shevchenko (1): spi: nxp-fspi: Propagate fwnode in ACPI case as well Bastien Curutchet (Schneider Electric) (5): net: dsa: microchip: common: Fix checks on irq_find_mapping() net: dsa: microchip: ptp: Fix checks on irq_find_mapping() net: dsa: microchip: Don't free uninitialized ksz_irq net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() net: dsa: microchip: Free previously initialized ports on init failures Biju Das (1): can: rcar_canfd: Fix CAN-FD mode as default ChiYuan Huang (1): iio: adc: rtq6056: Correct the sign bit index Chris Lu (1): Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Dan Carpenter (1): platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle (1): net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting David Lechner (1): iio: adc: ad7280a: fix ad7280_store_balance_timer() Deepanshu Kartikey (2): tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs mm/memfd: fix information leak in hugetlb folios Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Dimitri Fedrau (2): iio: humditiy: hdc3020: fix units for temperature and humidity measurement iio: humditiy: hdc3020: fix units for thresholds and hysteresis Douglas Anderson (1): Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref Edward Adam Davis (1): Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Francesco Lavra (2): spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Frank Li (1): arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos Greg Kroah-Hartman (1): Linux 6.12.61 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Haibo Chen (2): spi: spi-nxp-fspi: remove the goto in probe spi: spi-nxp-fspi: Add OCT-DTR mode support Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang (3): usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors mailbox: mailbox-test: Fix debugfs_create_dir error checking spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Harish Chegondi (1): drm/xe: Fix conversion from clock ticks to milliseconds Heikki Krogerus (2): usb: dwc3: pci: add support for the Intel Nova Lake -S usb: dwc3: pci: Sort out the Intel device IDs Horatiu Vultur (1): net: lan966x: Fix the initialization of taprio Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Imre Deak (1): drm/i915/dp: Initialize the source OUI write timestamp always Ivan Zhaldak (1): ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (2): mailbox: pcc: don't zero error register drivers/usb/dwc3: fix PCI parent check Jason-JH Lin (1): mailbox: mtk-cmdq: Refine DMA address handling for the command buffer Jesper Dangaard Brouer (5): net: sched: generalize check for no-queue qdisc on TX queue veth: apply qdisc backpressure on full ptr_ring to reduce TX drops veth: prevent NULL pointer dereference in veth_xdp_rcv veth: more robust handing of race to avoid txq getting stuck veth: reduce XDP no_direct return section to fix race Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jimmy Hu (1): usb: gadget: udc: fix use-after-free in usb_gadget_state_work Jiri Olsa (1): Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Jisheng Zhang (1): mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kuen-Han Tsai (2): usb: gadget: f_eem: Fix memory leak in eem_unwrap usb: udc: Add trace event for usb_gadget_set_state Kuniyuki Iwashima (1): mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Luiz Augusto von Dentz (2): Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP Bluetooth: SMP: Fix not generating mackey and ltk when repairing Maarten Zanders (1): ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Maciej W. Rozycki (1): MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (4): can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Mario Limonciello (AMD) (1): drm/amd/display: Don't change brightness for disabled connectors Mario Tesi (1): iio: st_lsm6dsx: Fixed calibrated timestamp calculation Mathias Nyman (2): xhci: fix stale flag preventig URBs after link state error is cleared xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Miaoqian Lin (3): slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Michael Chen (1): drm/amd/amdgpu: reserve vm invalidation engine for uni_mes Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Miquel Raynal (3): spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency spi: spi-mem: Add a new controller capability spi: nxp-fspi: Support per spi-mem operation frequency switches Mohsin Bashir (1): eth: fbnic: Fix counter roll-over issue NeilBrown (1): nfsd: Replace clamp_t in nfsd4_get_drc_mem() Nikola Z. Ivanov (1): team: Move team device type change at the end of team_port_add Nuno Sá (3): iio: buffer-dma: support getting the DMA channel iio: buffer-dmaengine: enable .get_dma_dev() iio: buffer: support getting dma channel from the buffer Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Olivier Moysan (1): iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling Owen Gu (1): usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Paolo Abeni (1): mptcp: clear scheduled subflows on retransmit Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Philipp Hortmann (1): staging: rtl8712: Remove driver using deprecated API wext Punit Agrawal (1): Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" Russell King (Oracle) (1): net: dsa: sja1105: simplify static configuration reload Sarika Sharma (1): wifi: ath12k: correctly handle mcast packets for clients Seungjin Bae (1): can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Slark Xiao (1): net: wwan: mhi: Keep modem name match with Foxconn T99W640 Sudeep Holla (1): mailbox: pcc: Refactor error handling in irq handler into separate function Thomas Bogendoerfer (1): MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Thomas Weißschuh (1): spi: spi-nxp-fspi: Check return value of devm_mutex_init() Thomas Zimmermann (1): drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Tristram Ha (1): net: dsa: microchip: Do not execute PTP driver code for unsupported switches Tudor Ambarus (1): spi: spi-mem: Allow specifying the byte order in Octal DTR mode Valek Andrej (1): iio: accel: fix ADXL355 startup race condition Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: fix crash in process_v2_sparse_read() for encrypted directories Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Wei Fang (4): net: fec: cancel perout_timer when PEROUT is disabled net: fec: do not update PEROUT if it is enabled net: fec: do not allow enabling PPS and PEROUT simultaneously net: fec: do not register PPS event for PEROUT Wei Yang (1): mm/huge_memory: fix NULL pointer deference when splitting folio Wentao Guan (1): nvmem: layouts: fix nvmem_layout_bus_uevent Xu Yang (1): arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity Yosry Ahmed (4): KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() KVM: nSVM: Fix and simplify LBR virtualization handling with nested KVM: SVM: Fix redundant updates of LBR MSR intercepts ziming zhang (2): libceph: prevent potential out-of-bounds writes in handle_auth_session_key() libceph: replace BUG_ON with bounds check for map->max_osd Łukasz Bartosik (1): xhci: dbgtty: fix device unregister

2 days, 5 hours

1
1
0 0

Linux 6.6.119

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.119 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ MAINTAINERS | 6 Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 arch/mips/mm/tlb-r4k.c | 116 arch/x86/events/core.c | 10 drivers/atm/fore200e.c | 2 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/hid/hid-core.c | 7 drivers/iio/accel/adxl355_core.c | 44 drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/ad7280a.c | 2 drivers/iio/adc/rtq6056.c | 2 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 drivers/mailbox/mailbox-test.c | 2 drivers/mailbox/pcc.c | 32 drivers/md/dm-verity-fec.c | 6 drivers/most/most_usb.c | 14 drivers/mtd/nand/spi/core.c | 2 drivers/net/bonding/bond_main.c | 11 drivers/net/bonding/bond_options.c | 3 drivers/net/can/rcar/rcar_canfd.c | 53 drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 100 drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/microchip/ksz_common.c | 30 drivers/net/dsa/microchip/ksz_ptp.c | 22 drivers/net/dsa/sja1105/sja1105_main.c | 66 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/freescale/fec.h | 1 drivers/net/ethernet/freescale/fec_ptp.c | 64 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/phy/mxl-gpy.c | 2 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/spi/Kconfig | 4 drivers/spi/spi-amlogic-spifc-a1.c | 4 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-mem.c | 37 drivers/spi/spi-nxp-fspi.c | 22 drivers/staging/Kconfig | 2 drivers/staging/Makefile | 1 drivers/staging/rtl8712/Kconfig | 21 drivers/staging/rtl8712/Makefile | 35 drivers/staging/rtl8712/TODO | 13 drivers/staging/rtl8712/basic_types.h | 28 drivers/staging/rtl8712/drv_types.h | 175 - drivers/staging/rtl8712/ethernet.h | 21 drivers/staging/rtl8712/hal_init.c | 401 -- drivers/staging/rtl8712/ieee80211.c | 415 -- drivers/staging/rtl8712/ieee80211.h | 165 drivers/staging/rtl8712/mlme_linux.c | 160 drivers/staging/rtl8712/mlme_osdep.h | 31 drivers/staging/rtl8712/mp_custom_oid.h | 287 - drivers/staging/rtl8712/os_intfs.c | 482 -- drivers/staging/rtl8712/osdep_intf.h | 32 drivers/staging/rtl8712/osdep_service.h | 60 drivers/staging/rtl8712/recv_linux.c | 139 drivers/staging/rtl8712/recv_osdep.h | 39 drivers/staging/rtl8712/rtl8712_bitdef.h | 26 drivers/staging/rtl8712/rtl8712_cmd.c | 409 -- drivers/staging/rtl8712/rtl8712_cmd.h | 231 - drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 drivers/staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 drivers/staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 drivers/staging/rtl8712/rtl8712_efuse.c | 564 --- drivers/staging/rtl8712/rtl8712_efuse.h | 44 drivers/staging/rtl8712/rtl8712_event.h | 86 drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 drivers/staging/rtl8712/rtl8712_hal.h | 142 drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 drivers/staging/rtl8712/rtl8712_io.c | 99 drivers/staging/rtl8712/rtl8712_led.c | 1830 ---------- drivers/staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 drivers/staging/rtl8712/rtl8712_macsetting_regdef.h | 20 drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 drivers/staging/rtl8712/rtl8712_recv.c | 1080 ------ drivers/staging/rtl8712/rtl8712_recv.h | 145 drivers/staging/rtl8712/rtl8712_regdef.h | 32 drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 drivers/staging/rtl8712/rtl8712_spec.h | 121 drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 drivers/staging/rtl8712/rtl8712_xmit.c | 744 ---- drivers/staging/rtl8712/rtl8712_xmit.h | 108 drivers/staging/rtl8712/rtl871x_cmd.c | 796 ---- drivers/staging/rtl8712/rtl871x_cmd.h | 761 ---- drivers/staging/rtl8712/rtl871x_debug.h | 130 drivers/staging/rtl8712/rtl871x_eeprom.c | 220 - drivers/staging/rtl8712/rtl871x_eeprom.h | 88 drivers/staging/rtl8712/rtl871x_event.h | 109 drivers/staging/rtl8712/rtl871x_ht.h | 33 drivers/staging/rtl8712/rtl871x_io.c | 147 drivers/staging/rtl8712/rtl871x_io.h | 236 - drivers/staging/rtl8712/rtl871x_ioctl.h | 94 drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 --- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 -- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 drivers/staging/rtl8712/rtl871x_led.h | 118 drivers/staging/rtl8712/rtl871x_mlme.c | 1710 ---------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 - drivers/staging/rtl8712/rtl871x_mp.c | 724 ---- drivers/staging/rtl8712/rtl871x_mp.h | 275 - drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 ----- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 - drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 ------ drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 - drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 drivers/staging/rtl8712/rtl871x_recv.c | 671 ---- drivers/staging/rtl8712/rtl871x_recv.h | 208 - drivers/staging/rtl8712/rtl871x_rf.h | 55 drivers/staging/rtl8712/rtl871x_security.c | 1386 -------- drivers/staging/rtl8712/rtl871x_security.h | 218 - drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 - drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 drivers/staging/rtl8712/rtl871x_xmit.c | 1059 ------ drivers/staging/rtl8712/rtl871x_xmit.h | 288 - drivers/staging/rtl8712/sta_info.h | 132 drivers/staging/rtl8712/usb_halinit.c | 307 - drivers/staging/rtl8712/usb_intf.c | 638 --- drivers/staging/rtl8712/usb_ops.c | 195 - drivers/staging/rtl8712/usb_ops.h | 38 drivers/staging/rtl8712/usb_ops_linux.c | 515 --- drivers/staging/rtl8712/usb_osintf.h | 35 drivers/staging/rtl8712/wifi.h | 196 - drivers/staging/rtl8712/wlan_bssdef.h | 223 - drivers/staging/rtl8712/xmit_linux.c | 181 - drivers/staging/rtl8712/xmit_osdep.h | 52 drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/tty/serial/amba-pl011.c | 2 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 80 drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/udc/core.c | 18 drivers/usb/gadget/udc/renesas_usbf.c | 4 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/host/xhci-dbgcap.h | 1 drivers/usb/host/xhci-dbgtty.c | 23 drivers/usb/renesas_usbhs/common.c | 14 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 fs/nfsd/nfs4state.c | 6 fs/smb/client/connect.c | 1 fs/smb/server/smb2pdu.c | 4 include/linux/spi/spi-mem.h | 22 include/linux/usb/gadget.h | 5 include/net/bonding.h | 1 net/bluetooth/hci_sock.c | 2 net/bluetooth/smp.c | 31 net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 net/ceph/debugfs.c | 14 net/ceph/messenger_v2.c | 11 net/ceph/osdmap.c | 18 net/mptcp/protocol.c | 48 sound/usb/quirks.c | 3 tools/testing/selftests/net/mptcp/mptcp_join.sh | 14 tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21 196 files changed, 909 insertions(+), 28082 deletions(-) Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (2): USB: storage: Remove subclass and protocol overrides from Novatek quirk HID: core: Harden s32ton() against conversion to 0 bits Alex Deucher (1): drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Alex Hung (1): drm/amd/display: Check NULL before accessing Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Andy Shevchenko (1): spi: nxp-fspi: Propagate fwnode in ACPI case as well Bastien Curutchet (Schneider Electric) (4): net: dsa: microchip: common: Fix checks on irq_find_mapping() net: dsa: microchip: ptp: Fix checks on irq_find_mapping() net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() net: dsa: microchip: Free previously initialized ports on init failures Biju Das (1): can: rcar_canfd: Fix CAN-FD mode as default ChiYuan Huang (1): iio: adc: rtq6056: Correct the sign bit index Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Dan Carpenter (1): platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle (1): net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting David Lechner (1): iio: adc: ad7280a: fix ad7280_store_balance_timer() Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Edward Adam Davis (1): Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Francesco Lavra (2): spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Greg Kroah-Hartman (1): Linux 6.6.119 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Hangbin Liu (1): bonding: return detailed error when loading native XDP fails Haotian Zhang (3): usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors mailbox: mailbox-test: Fix debugfs_create_dir error checking spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Heikki Krogerus (2): usb: dwc3: pci: add support for the Intel Nova Lake -S usb: dwc3: pci: Sort out the Intel device IDs Horatiu Vultur (1): net: lan966x: Fix the initialization of taprio Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Ivan Zhaldak (1): ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (2): mailbox: pcc: don't zero error register drivers/usb/dwc3: fix PCI parent check Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jimmy Hu (1): usb: gadget: udc: fix use-after-free in usb_gadget_state_work Jiri Olsa (1): Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kuen-Han Tsai (2): usb: gadget: f_eem: Fix memory leak in eem_unwrap usb: udc: Add trace event for usb_gadget_set_state Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Luiz Augusto von Dentz (1): Bluetooth: SMP: Fix not generating mackey and ltk when repairing Maarten Zanders (1): ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Maciej W. Rozycki (1): MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (4): can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Mario Tesi (1): iio: st_lsm6dsx: Fixed calibrated timestamp calculation Mathias Nyman (1): xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Matthieu Baerts (NGI0) (1): selftests: mptcp: join: properly kill background tasks Miaoqian Lin (3): slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Miquel Raynal (3): spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency spi: spi-mem: Add a new controller capability spi: nxp-fspi: Support per spi-mem operation frequency switches NeilBrown (1): nfsd: Replace clamp_t in nfsd4_get_drc_mem() Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Owen Gu (1): usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Paolo Abeni (2): mptcp: clear scheduled subflows on retransmit mptcp: fix duplicate reset on fastclose Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Philipp Hortmann (1): staging: rtl8712: Remove driver using deprecated API wext Russell King (Oracle) (1): net: dsa: sja1105: simplify static configuration reload Sean Heelan (1): ksmbd: fix use-after-free in session logoff Seungjin Bae (1): can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Sudeep Holla (1): mailbox: pcc: Refactor error handling in irq handler into separate function Thomas Bogendoerfer (1): MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Tudor Ambarus (1): spi: spi-mem: Allow specifying the byte order in Octal DTR mode Valek Andrej (1): iio: accel: fix ADXL355 startup race condition Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: fix crash in process_v2_sparse_read() for encrypted directories Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Wang Liang (1): bonding: check xdp prog when set bond mode Wei Fang (4): net: fec: cancel perout_timer when PEROUT is disabled net: fec: do not update PEROUT if it is enabled net: fec: do not allow enabling PPS and PEROUT simultaneously net: fec: do not register PPS event for PEROUT luoguangfei (1): net: macb: fix unregister_netdev call order in macb_remove() ziming zhang (2): libceph: prevent potential out-of-bounds writes in handle_auth_session_key() libceph: replace BUG_ON with bounds check for map->max_osd Łukasz Bartosik (1): xhci: dbgtty: fix device unregister

2 days, 5 hours

1
1
0 0

Linux 6.1.159

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.159 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 62 Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 MAINTAINERS | 7 Makefile | 2 arch/alpha/kernel/asm-offsets.c | 1 arch/arc/include/asm/bitops.h | 2 arch/arc/kernel/asm-offsets.c | 1 arch/arm/crypto/Kconfig | 2 arch/arm/kernel/asm-offsets.c | 2 arch/arm/mach-at91/pm_suspend.S | 8 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 15 arch/arm64/boot/dts/nvidia/tegra210.dtsi | 1 arch/arm64/boot/dts/nvidia/tegra234.dtsi | 33 arch/arm64/kernel/asm-offsets.c | 1 arch/arm64/kernel/cacheinfo.c | 11 arch/csky/kernel/asm-offsets.c | 1 arch/hexagon/kernel/asm-offsets.c | 1 arch/loongarch/include/asm/pgtable.h | 11 arch/loongarch/include/uapi/asm/bitsperlong.h | 9 arch/loongarch/kernel/asm-offsets.c | 2 arch/loongarch/kernel/traps.c | 4 arch/loongarch/pci/pci.c | 8 arch/m68k/kernel/asm-offsets.c | 1 arch/microblaze/kernel/asm-offsets.c | 1 arch/mips/boot/dts/lantiq/danube.dtsi | 6 arch/mips/boot/dts/lantiq/danube_easy50712.dts | 4 arch/mips/kernel/asm-offsets.c | 2 arch/mips/lantiq/xway/sysctrl.c | 2 arch/mips/mm/tlb-r4k.c | 116 arch/mips/mti-malta/malta-init.c | 20 arch/nios2/kernel/asm-offsets.c | 1 arch/openrisc/kernel/asm-offsets.c | 1 arch/parisc/kernel/asm-offsets.c | 1 arch/powerpc/kernel/asm-offsets.c | 1 arch/powerpc/kernel/eeh_driver.c | 2 arch/riscv/kernel/asm-offsets.c | 1 arch/riscv/kernel/cacheinfo.c | 42 arch/riscv/kernel/cpu-hotplug.c | 1 arch/s390/include/asm/pci.h | 1 arch/s390/kernel/asm-offsets.c | 1 arch/s390/pci/pci_event.c | 7 arch/s390/pci/pci_irq.c | 9 arch/sh/kernel/asm-offsets.c | 1 arch/sparc/include/asm/elf_64.h | 1 arch/sparc/include/asm/io_64.h | 6 arch/sparc/kernel/asm-offsets.c | 1 arch/sparc/kernel/module.c | 1 arch/um/drivers/ssl.c | 5 arch/um/kernel/asm-offsets.c | 2 arch/x86/entry/vsyscall/vsyscall_64.c | 17 arch/x86/events/core.c | 10 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/fpu/core.c | 3 arch/x86/kernel/kvm.c | 20 arch/x86/kvm/svm/svm.c | 10 arch/x86/net/bpf_jit_comp.c | 2 arch/xtensa/kernel/asm-offsets.c | 1 block/bdev.c | 17 block/blk-zoned.c | 5 block/fops.c | 61 block/ioctl.c | 6 drivers/acpi/acpi_video.c | 4 drivers/acpi/acpica/dsmethod.c | 10 drivers/acpi/cppc_acpi.c | 6 drivers/acpi/numa/srat.c | 2 drivers/acpi/pptt.c | 93 drivers/acpi/prmt.c | 19 drivers/acpi/property.c | 24 drivers/acpi/scan.c | 2 drivers/ata/libata-scsi.c | 12 drivers/atm/fore200e.c | 2 drivers/base/arch_topology.c | 12 drivers/base/cacheinfo.c | 156 drivers/base/power/wakeup.c | 5 drivers/base/regmap/regmap-slimbus.c | 6 drivers/bcma/main.c | 6 drivers/bluetooth/btmtksdio.c | 12 drivers/bluetooth/btusb.c | 30 drivers/bluetooth/hci_bcsp.c | 3 drivers/char/misc.c | 8 drivers/clk/at91/clk-master.c | 3 drivers/clk/at91/clk-sam9x60-pll.c | 75 drivers/clk/ti/clk-33xx.c | 2 drivers/clocksource/timer-vf-pit.c | 22 drivers/cpufreq/longhaul.c | 3 drivers/cpufreq/tegra186-cpufreq.c | 27 drivers/cpuidle/cpuidle.c | 8 drivers/dma/dw-edma/dw-edma-core.c | 22 drivers/dma/mv_xor.c | 4 drivers/dma/sh/shdma-base.c | 25 drivers/dma/sh/shdmac.c | 17 drivers/edac/altera_edac.c | 22 drivers/edac/edac_mc_sysfs.c | 24 drivers/extcon/extcon-adc-jack.c | 2 drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 66 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 19 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/amd/display/include/dal_asic_id.h | 5 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 drivers/gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 drivers/gpu/drm/bridge/display-connector.c | 3 drivers/gpu/drm/drm_gem_atomic_helper.c | 6 drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 drivers/gpu/drm/i915/i915_vma.c | 16 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 drivers/gpu/drm/scheduler/sched_entity.c | 3 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tegra/uapi.c | 7 drivers/gpu/drm/tidss/tidss_crtc.c | 7 drivers/gpu/drm/tidss/tidss_dispc.c | 16 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/gpu/host1x/context.c | 4 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 drivers/hid/hid-core.c | 7 drivers/hid/hid-ids.h | 7 drivers/hid/hid-ntrig.c | 7 drivers/hid/hid-quirks.c | 14 drivers/hwmon/asus-ec-sensors.c | 2 drivers/hwmon/dell-smm-hwmon.c | 7 drivers/hwmon/sbtsi_temp.c | 46 drivers/hwmon/sy7636a-hwmon.c | 1 drivers/i2c/busses/i2c-xgene-slimpro.c | 16 drivers/iio/accel/adxl355_core.c | 44 drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/ad7280a.c | 2 drivers/iio/adc/rtq6056.c | 2 drivers/iio/adc/spear_adc.c | 9 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 drivers/infiniband/hw/hns/hns_roce_qp.c | 2 drivers/infiniband/hw/irdma/pble.c | 2 drivers/infiniband/hw/irdma/verbs.c | 4 drivers/infiniband/hw/irdma/verbs.h | 8 drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/tablet/pegasus_notetaker.c | 9 drivers/iommu/amd/init.c | 28 drivers/iommu/intel/debugfs.c | 10 drivers/iommu/intel/perf.c | 10 drivers/iommu/intel/perf.h | 5 drivers/irqchip/irq-gic-v2m.c | 13 drivers/irqchip/irq-loongson-pch-lpc.c | 9 drivers/irqchip/irq-sifive-plic.c | 6 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 drivers/mailbox/mailbox-test.c | 2 drivers/mailbox/mailbox.c | 96 drivers/mailbox/pcc.c | 246 - drivers/md/dm-verity-fec.c | 6 drivers/media/i2c/Kconfig | 2 drivers/media/i2c/adv7180.c | 48 drivers/media/i2c/ir-kbd-i2c.c | 6 drivers/media/i2c/og01a1b.c | 6 drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 drivers/media/pci/ivtv/ivtv-driver.h | 3 drivers/media/pci/ivtv/ivtv-fileops.c | 18 drivers/media/pci/ivtv/ivtv-irq.c | 4 drivers/media/platform/amphion/vpu_v4l2.c | 7 drivers/media/platform/verisilicon/hantro_drv.c | 2 drivers/media/platform/verisilicon/hantro_v4l2.c | 6 drivers/media/rc/imon.c | 61 drivers/media/rc/redrat3.c | 2 drivers/media/tuners/xc4000.c | 8 drivers/media/tuners/xc5000.c | 12 drivers/memstick/core/memstick.c | 8 drivers/mfd/da9063-i2c.c | 27 drivers/mfd/madera-core.c | 4 drivers/mfd/stmpe-i2c.c | 1 drivers/mfd/stmpe.c | 3 drivers/mmc/host/renesas_sdhi_core.c | 6 drivers/mmc/host/sdhci-msm.c | 15 drivers/mmc/host/sdhci-of-dwcmshc.c | 2 drivers/most/most_usb.c | 14 drivers/mtd/mtdchar.c | 6 drivers/mtd/nand/onenand/onenand_samsung.c | 2 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 64 drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/b53/b53_common.c | 15 drivers/net/dsa/b53/b53_regs.h | 3 drivers/net/dsa/dsa_loop.c | 9 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 drivers/net/dsa/microchip/ksz9477.c | 98 drivers/net/dsa/microchip/ksz9477_reg.h | 3 drivers/net/dsa/microchip/ksz_common.c | 12 drivers/net/dsa/microchip/ksz_common.h | 2 drivers/net/dsa/microchip/lan937x_main.c | 1 drivers/net/dsa/sja1105/sja1105_main.c | 66 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 drivers/net/ethernet/cadence/macb_main.c | 6 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 drivers/net/ethernet/intel/ice/ice_main.c | 2 drivers/net/ethernet/intel/ice/ice_trace.h | 10 drivers/net/ethernet/mellanox/mlx5/core/en.h | 10 drivers/net/ethernet/mellanox/mlx5/core/en/port.c | 72 drivers/net/ethernet/mellanox/mlx5/core/en/port.h | 6 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.c | 282 + drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.h | 7 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 62 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 18 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 12 drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 drivers/net/ethernet/microchip/sparx5/Kconfig | 2 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/realtek/Kconfig | 2 drivers/net/ethernet/realtek/r8169_main.c | 6 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/ethernet/smsc/smsc911x.c | 14 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 drivers/net/ethernet/ti/netcp_core.c | 10 drivers/net/hamradio/6pack.c | 57 drivers/net/mdio/of_mdio.c | 1 drivers/net/phy/dp83867.c | 6 drivers/net/phy/fixed_phy.c | 1 drivers/net/phy/marvell.c | 39 drivers/net/phy/mdio_bus.c | 5 drivers/net/usb/asix_devices.c | 12 drivers/net/usb/qmi_wwan.c | 6 drivers/net/usb/usbnet.c | 2 drivers/net/virtio_net.c | 26 drivers/net/wireless/ath/ath10k/mac.c | 12 drivers/net/wireless/ath/ath10k/wmi.c | 40 drivers/net/wireless/ath/ath11k/hw.c | 1 drivers/net/wireless/ath/ath11k/mac.c | 5 drivers/net/wireless/ath/ath11k/wmi.c | 30 drivers/net/wireless/ath/ath11k/wmi.h | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 2 drivers/ntb/hw/epf/ntb_hw_epf.c | 103 drivers/nvme/host/core.c | 8 drivers/nvme/host/fc.c | 12 drivers/nvme/host/multipath.c | 2 drivers/nvme/target/fc.c | 16 drivers/pci/controller/cadence/pcie-cadence-host.c | 2 drivers/pci/controller/cadence/pcie-cadence.c | 4 drivers/pci/controller/cadence/pcie-cadence.h | 6 drivers/pci/p2pdma.c | 2 drivers/pci/pci-driver.c | 2 drivers/pci/pci.c | 5 drivers/pci/quirks.c | 3 drivers/phy/cadence/cdns-dphy.c | 4 drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 drivers/pinctrl/pinctrl-single.c | 4 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/power/supply/sbs-charger.c | 16 drivers/ptp/ptp_clock.c | 13 drivers/regulator/fixed.c | 1 drivers/remoteproc/qcom_q6v5.c | 5 drivers/rtc/rtc-pcf2127.c | 4 drivers/rtc/rtc-rx8025.c | 2 drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/libfc/fc_encode.h | 2 drivers/scsi/lpfc/lpfc_debugfs.h | 3 drivers/scsi/lpfc/lpfc_els.c | 6 drivers/scsi/lpfc/lpfc_init.c | 7 drivers/scsi/lpfc/lpfc_scsi.c | 14 drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 drivers/scsi/mpt3sas/mpt3sas_transport.c | 3 drivers/scsi/pm8001/pm8001_ctl.c | 24 drivers/scsi/pm8001/pm8001_init.c | 1 drivers/scsi/pm8001/pm8001_sas.c | 4 drivers/scsi/pm8001/pm8001_sas.h | 4 drivers/scsi/sg.c | 10 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/soc/aspeed/aspeed-socinfo.c | 4 drivers/soc/imx/gpc.c | 2 drivers/soc/qcom/smem.c | 2 drivers/soc/samsung/pm_domains.c | 11 drivers/soc/ti/knav_dma.c | 14 drivers/soc/ti/pruss.c | 2 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-loopback-test.c | 12 drivers/spi/spi-rpc-if.c | 2 drivers/spi/spi.c | 10 drivers/staging/Kconfig | 2 drivers/staging/Makefile | 1 drivers/staging/rtl8712/Kconfig | 21 drivers/staging/rtl8712/Makefile | 35 drivers/staging/rtl8712/TODO | 13 drivers/staging/rtl8712/basic_types.h | 28 drivers/staging/rtl8712/drv_types.h | 175 drivers/staging/rtl8712/ethernet.h | 21 drivers/staging/rtl8712/hal_init.c | 401 - drivers/staging/rtl8712/ieee80211.c | 415 - drivers/staging/rtl8712/ieee80211.h | 165 drivers/staging/rtl8712/mlme_linux.c | 160 drivers/staging/rtl8712/mlme_osdep.h | 31 drivers/staging/rtl8712/mp_custom_oid.h | 287 - drivers/staging/rtl8712/os_intfs.c | 465 - drivers/staging/rtl8712/osdep_intf.h | 32 drivers/staging/rtl8712/osdep_service.h | 60 drivers/staging/rtl8712/recv_linux.c | 139 drivers/staging/rtl8712/recv_osdep.h | 39 drivers/staging/rtl8712/rtl8712_bitdef.h | 26 drivers/staging/rtl8712/rtl8712_cmd.c | 409 - drivers/staging/rtl8712/rtl8712_cmd.h | 231 drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 drivers/staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 drivers/staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 drivers/staging/rtl8712/rtl8712_efuse.c | 564 -- drivers/staging/rtl8712/rtl8712_efuse.h | 43 drivers/staging/rtl8712/rtl8712_event.h | 86 drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 drivers/staging/rtl8712/rtl8712_hal.h | 142 drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 drivers/staging/rtl8712/rtl8712_io.c | 99 drivers/staging/rtl8712/rtl8712_led.c | 1830 ------- drivers/staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 drivers/staging/rtl8712/rtl8712_macsetting_regdef.h | 20 drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 drivers/staging/rtl8712/rtl8712_recv.c | 1079 ---- drivers/staging/rtl8712/rtl8712_recv.h | 145 drivers/staging/rtl8712/rtl8712_regdef.h | 32 drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 drivers/staging/rtl8712/rtl8712_spec.h | 121 drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 drivers/staging/rtl8712/rtl8712_xmit.c | 745 --- drivers/staging/rtl8712/rtl8712_xmit.h | 108 drivers/staging/rtl8712/rtl871x_cmd.c | 796 --- drivers/staging/rtl8712/rtl871x_cmd.h | 761 --- drivers/staging/rtl8712/rtl871x_debug.h | 130 drivers/staging/rtl8712/rtl871x_eeprom.c | 220 drivers/staging/rtl8712/rtl871x_eeprom.h | 88 drivers/staging/rtl8712/rtl871x_event.h | 109 drivers/staging/rtl8712/rtl871x_ht.h | 33 drivers/staging/rtl8712/rtl871x_io.c | 147 drivers/staging/rtl8712/rtl871x_io.h | 236 - drivers/staging/rtl8712/rtl871x_ioctl.h | 94 drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 ---------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 -- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 - drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 drivers/staging/rtl8712/rtl871x_led.h | 118 drivers/staging/rtl8712/rtl871x_mlme.c | 1709 ------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 drivers/staging/rtl8712/rtl871x_mp.c | 724 --- drivers/staging/rtl8712/rtl871x_mp.h | 275 - drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 - drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 ---- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 - drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 drivers/staging/rtl8712/rtl871x_recv.c | 669 -- drivers/staging/rtl8712/rtl871x_recv.h | 208 drivers/staging/rtl8712/rtl871x_rf.h | 55 drivers/staging/rtl8712/rtl871x_security.c | 1386 ----- drivers/staging/rtl8712/rtl871x_security.h | 218 drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 - drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 drivers/staging/rtl8712/rtl871x_xmit.c | 1059 ---- drivers/staging/rtl8712/rtl871x_xmit.h | 288 - drivers/staging/rtl8712/sta_info.h | 132 drivers/staging/rtl8712/usb_halinit.c | 307 - drivers/staging/rtl8712/usb_intf.c | 638 -- drivers/staging/rtl8712/usb_ops.c | 195 drivers/staging/rtl8712/usb_ops.h | 38 drivers/staging/rtl8712/usb_ops_linux.c | 515 -- drivers/staging/rtl8712/usb_osintf.h | 35 drivers/staging/rtl8712/wifi.h | 196 drivers/staging/rtl8712/wlan_bssdef.h | 223 drivers/staging/rtl8712/xmit_linux.c | 181 drivers/staging/rtl8712/xmit_osdep.h | 52 drivers/target/loopback/tcm_loop.c | 3 drivers/tee/tee_core.c | 2 drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/thunderbolt/tb.c | 2 drivers/tty/serial/amba-pl011.c | 2 drivers/tty/serial/sc16is7xx.c | 185 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-mediatek.c | 46 drivers/ufs/host/ufshcd-pci.c | 70 drivers/uio/uio_hv_generic.c | 21 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 8 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/function/f_fs.c | 8 drivers/usb/gadget/function/f_hid.c | 4 drivers/usb/gadget/function/f_ncm.c | 3 drivers/usb/gadget/udc/core.c | 18 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/host/xhci-dbgcap.c | 261 + drivers/usb/host/xhci-dbgcap.h | 12 drivers/usb/host/xhci-dbgtty.c | 23 drivers/usb/host/xhci-plat.c | 1 drivers/usb/mon/mon_bin.c | 14 drivers/usb/renesas_usbhs/common.c | 18 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 drivers/vfio/iova_bitmap.c | 5 drivers/vfio/vfio_main.c | 2 drivers/video/backlight/lp855x_bl.c | 2 drivers/video/fbdev/aty/atyfb_base.c | 8 drivers/video/fbdev/core/bitblit.c | 33 drivers/video/fbdev/core/fbcon.c | 19 drivers/video/fbdev/core/fbmem.c | 1 drivers/video/fbdev/pvr2fb.c | 2 drivers/video/fbdev/valkyriefb.c | 2 drivers/watchdog/s3c2410_wdt.c | 10 fs/9p/v9fs.c | 9 fs/btrfs/disk-io.c | 2 fs/btrfs/extent-tree.c | 6 fs/btrfs/file.c | 10 fs/btrfs/scrub.c | 3 fs/btrfs/transaction.c | 2 fs/btrfs/tree-log.c | 3 fs/ceph/file.c | 2 fs/ceph/locks.c | 5 fs/direct-io.c | 10 fs/eventpoll.c | 139 fs/exfat/fatent.c | 11 fs/exfat/super.c | 5 fs/ext4/fast_commit.c | 2 fs/ext4/file.c | 9 fs/ext4/xattr.c | 2 fs/f2fs/file.c | 1 fs/hpfs/namei.c | 18 fs/iomap/direct-io.c | 12 fs/jfs/inode.c | 8 fs/jfs/jfs_txnmgr.c | 9 fs/libfs.c | 42 fs/nfs/file.c | 1 fs/nfs/nfs4client.c | 1 fs/nfs/nfs4proc.c | 15 fs/nfs/nfs4state.c | 3 fs/nfs/write.c | 3 fs/nfsd/nfs4proc.c | 7 fs/nfsd/nfs4state.c | 9 fs/nilfs2/the_nilfs.c | 3 fs/ntfs3/inode.c | 1 fs/open.c | 10 fs/orangefs/xattr.c | 12 fs/proc/generic.c | 12 fs/smb/client/cifsfs.c | 2 fs/smb/client/connect.c | 1 fs/smb/client/smb2inode.c | 2 fs/smb/client/smb2pdu.c | 7 fs/smb/client/transport.c | 10 fs/smb/server/smb2pdu.c | 6 fs/smb/server/transport_tcp.c | 12 include/acpi/pcc.h | 20 include/linux/array_size.h | 13 include/linux/ata.h | 1 include/linux/blk_types.h | 11 include/linux/cacheinfo.h | 11 include/linux/compiler_types.h | 5 include/linux/fbcon.h | 2 include/linux/filter.h | 22 include/linux/fs.h | 7 include/linux/host1x.h | 2 include/linux/kernel.h | 7 include/linux/mailbox_client.h | 1 include/linux/map_benchmark.h | 1 include/linux/mlx5/driver.h | 2 include/linux/mlx5/mlx5_ifc.h | 61 include/linux/pagemap.h | 2 include/linux/pci.h | 2 include/linux/shdma-base.h | 2 include/linux/string.h | 1 include/linux/suspend.h | 4 include/linux/usb/gadget.h | 5 include/net/bluetooth/hci.h | 12 include/net/bluetooth/hci_core.h | 8 include/net/bluetooth/mgmt.h | 2 include/net/cls_cgroup.h | 2 include/net/nfc/nci_core.h | 2 include/net/pkt_sched.h | 25 include/net/tc_act/tc_connmark.h | 10 include/net/tls.h | 6 include/net/xdp.h | 5 include/net/xfrm.h | 3 include/trace/events/irq.h | 47 include/uapi/asm-generic/bitsperlong.h | 13 include/ufs/ufshcd.h | 7 include/ufs/ufshci.h | 4 kernel/bpf/ringbuf.c | 2 kernel/events/callchain.c | 10 kernel/events/uprobes.c | 7 kernel/futex/syscalls.c | 106 kernel/gcov/gcc_4_7.c | 4 kernel/softirq.c | 9 kernel/time/timer.c | 7 kernel/trace/ftrace.c | 2 kernel/trace/trace_events_hist.c | 6 lib/crypto/Makefile | 2 lib/maple_tree.c | 30 mm/filemap.c | 161 mm/mempool.c | 32 mm/page_alloc.c | 2 mm/percpu.c | 8 mm/secretmem.c | 2 mm/truncate.c | 27 net/8021q/vlan.c | 2 net/bluetooth/6lowpan.c | 97 net/bluetooth/hci_event.c | 34 net/bluetooth/hci_sync.c | 17 net/bluetooth/iso.c | 36 net/bluetooth/l2cap_core.c | 1 net/bluetooth/mgmt.c | 7 net/bluetooth/sco.c | 7 net/bluetooth/smp.c | 31 net/bridge/br.c | 5 net/bridge/br_forward.c | 5 net/bridge/br_if.c | 1 net/bridge/br_input.c | 4 net/bridge/br_mst.c | 10 net/bridge/br_private.h | 13 net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 net/ceph/debugfs.c | 14 net/ceph/osdmap.c | 18 net/core/filter.c | 1 net/core/netpoll.c | 7 net/core/page_pool.c | 12 net/core/sock.c | 15 net/dsa/tag_brcm.c | 10 net/ethernet/eth.c | 5 net/hsr/hsr_device.c | 3 net/ipv4/esp4.c | 4 net/ipv4/esp4_offload.c | 6 net/ipv4/netfilter/nf_reject_ipv4.c | 25 net/ipv4/nexthop.c | 6 net/ipv4/route.c | 5 net/ipv4/udp_tunnel_nic.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ah6.c | 50 net/ipv6/esp6.c | 4 net/ipv6/esp6_offload.c | 6 net/ipv6/netfilter/nf_reject_ipv6.c | 30 net/ipv6/raw.c | 2 net/ipv6/udp.c | 2 net/mac80211/iface.c | 14 net/mac80211/mlme.c | 2 net/mac80211/rx.c | 10 net/mptcp/options.c | 54 net/mptcp/pm_netlink.c | 26 net/mptcp/protocol.c | 125 net/mptcp/protocol.h | 5 net/mptcp/subflow.c | 8 net/netfilter/nf_tables_api.c | 15 net/openvswitch/actions.c | 68 net/openvswitch/flow_netlink.c | 64 net/openvswitch/flow_netlink.h | 2 net/rds/rds.h | 2 net/sched/act_bpf.c | 6 net/sched/act_connmark.c | 134 net/sched/act_ife.c | 12 net/sched/cls_bpf.c | 6 net/sched/sch_api.c | 10 net/sched/sch_generic.c | 17 net/sched/sch_hfsc.c | 16 net/sched/sch_qfq.c | 2 net/sctp/diag.c | 21 net/sctp/transport.c | 13 net/smc/smc_clc.c | 1 net/strparser/strparser.c | 2 net/tipc/net.c | 2 net/tls/tls_device.c | 4 net/unix/garbage.c | 14 net/vmw_vsock/af_vsock.c | 40 net/xfrm/espintcp.c | 4 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/drivers/serial-generic.c | 12 sound/pci/hda/patch_realtek.c | 17 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/lpass-va-macro.c | 2 sound/soc/codecs/max98090.c | 6 sound/soc/fsl/fsl_sai.c | 3 sound/soc/intel/avs/pcm.c | 2 sound/soc/meson/aiu-encoder-i2s.c | 9 sound/soc/qcom/qdsp6/q6asm.c | 2 sound/soc/qcom/sc8280xp.c | 3 sound/usb/endpoint.c | 6 sound/usb/mixer.c | 11 sound/usb/mixer_s1810c.c | 28 sound/usb/quirks.c | 3 sound/usb/validate.c | 9 tools/bpf/bpftool/btf_dumper.c | 2 tools/bpf/bpftool/prog.c | 2 tools/include/linux/bitmap.h | 1 tools/include/uapi/asm-generic/bitsperlong.h | 14 tools/include/uapi/asm/bitsperlong.h | 6 tools/lib/bpf/bpf_tracing.h | 2 tools/lib/thermal/Makefile | 9 tools/power/cpupower/lib/cpuidle.c | 5 tools/power/cpupower/lib/cpupower.c | 2 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 30 tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 tools/testing/selftests/bpf/test_xsk.sh | 2 tools/testing/selftests/drivers/net/netdevsim/Makefile | 21 tools/testing/selftests/drivers/net/netdevsim/settings | 1 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/fcnal-test.sh | 432 - tools/testing/selftests/net/forwarding/local_termination.sh | 2 tools/testing/selftests/net/gro.c | 101 tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 65 tools/testing/selftests/net/psock_tpacket.c | 4 tools/testing/selftests/net/traceroute.sh | 13 tools/tracing/latency/latency-collector.c | 2 usr/include/headers_check.pl | 2 678 files changed, 5740 insertions(+), 30290 deletions(-) Aaron Kling (1): cpufreq: tegra186: Initialize all cores to max frequencies Abdun Nihaal (1): isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Abinaya Kalaiselvan (1): wifi: ath11k: Add tx ack signal support for management packets Adam Young (1): mailbox: pcc: Check before sending MCTP PCC response ACK Adrian Hunter (3): scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers scsi: ufs: core: Add a quirk to suppress link_startup_again scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL Akhil P Oommen (1): drm/msm/a6xx: Fix GMU firmware parser Al Viro (4): direct_write_fallback(): on error revert the ->ki_pos update from buffered write allow finish_no_open(file, ERR_PTR(-E...)) sparc64: fix prototypes of reads[bwl]() nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (2): USB: storage: Remove subclass and protocol overrides from Novatek quirk HID: core: Harden s32ton() against conversion to 0 bits Albin Babu Varghese (1): fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Alejandro Colomar (1): kernel.h: Move ARRAY_SIZE() to a separate header Aleksander Jan Bajkowski (5): mips: lantiq: danube: add missing properties to cpu node mips: lantiq: danube: add model to EASY50712 dts mips: lantiq: danube: add missing device_type in pci node mips: lantiq: xway: sysctrl: rename stp clock mips: lantiq: danube: rename stp node on EASY50712 reference board Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alex Deucher (6): Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default" drm/amd/display: add more cyan skillfish devices drm/amd: add more cyan skillfish PCI ids drm/amdgpu: don't enable SMU on cyan skillfish drm/amdgpu: add support for cyan skillfish gpu_info drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Alex Hung (1): drm/amd/display: Check NULL before accessing Alex Mastro (1): vfio: return -ENOTTY for unsupported device feature Alexander Stein (2): mfd: stmpe: Remove IRQ domain upon removal mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Sverdlin (1): selftests: net: local_termination: Wait for interfaces to come up Alexey Klimov (2): regmap: slimbus: fix bus_context pointer in regmap init calls ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Alice Chao (2): scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change scsi: ufs: host: mediatek: Fix invalid access in vccqx handling Alistair Francis (1): nvme: Use non zero KATO for persistent discovery connections Alok Tiwari (2): udp_tunnel: use netdev_warn() instead of netdev_WARN() scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Amber Lin (1): drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Amery Hung (1): bpf: Clear pfmemalloc flag when freeing all fragments Amirreza Zarrabi (1): tee: allow a driver to allocate a tee_device without a pool Andreas Kemnade (1): hwmon: sy7636a: add alias Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Andrii Nakryiko (1): libbpf: Fix powerpc's stack register definition in bpf_tracing.h André Draszik (1): pmdomain: samsung: plug potential memleak during probe Anthony Iliopoulos (1): NFSv4.1: fix mount hang after CREATE_SESSION failure Antonino Maniscalco (1): drm/msm: make sure to not queue up recovery more than once Anubhav Singh (2): selftests/net: fix out-of-order delivery of FIN in gro:tcp test selftests/net: use destination options instead of hop-by-hop Arkadiusz Bokowy (1): Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames Armen Ratner (1): net/mlx5e: Preserve shared buffer capacity during headroom updates Armin Wolf (1): hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Arnd Bergmann (2): mfd: madera: Work around false-positive -Wininitialized warning asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv and loongarch" Arseniy Krasnov (1): Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Ashish Kalra (1): iommu/amd: Skip enabling command/event buffers for kdump Avadhut Naik (1): EDAC/mc_sysfs: Increase legacy channel support to 16 Baochen Qiang (1): Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Bastien Curutchet (Schneider Electric) (1): net: dsa: microchip: common: Fix checks on irq_find_mapping() Ben Copeland (1): hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex Benjamin Berg (1): wifi: mac80211: skip rate verification for not captured PSDUs Biju Das (2): mmc: host: renesas_sdhi: Fix the actual clock spi: rpc-if: Add resume support for RZ/G3E Brahmajit Das (1): net: intel: fm10k: Fix parameter idx set but not used Breno Leitao (1): net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Bui Quang Minh (1): virtio-net: fix received length check in big packets Carolina Jubran (1): net/mlx5e: Don't query FEC statistics when FEC is disabled Celeste Liu (1): can: gs_usb: increase max interface to U8_MAX Cen Zhang (1): Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once Cezary Rojewski (1): ASoC: Intel: avs: Unprepare a stream when XRUN occurs Chandrakanth Patil (1): scsi: mpi3mr: Fix controller init failure on fault during queue creation Chang S. Bae (1): x86/fpu: Ensure XFD state on signal delivery Charalampos Mitrodimas (1): net: ipv6: fix field-spanning memcpy warning in AH output Chelsy Ratnawat (1): media: fix uninitialized symbol warnings Chen Wang (1): PCI: cadence: Check for the existence of cdns_pcie::ops before using it Chen Yufeng (1): usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget Chi Zhang (1): pinctrl: single: fix bias pull up/down handling in pin_config_set Chi Zhiling (1): exfat: limit log print for IO error ChiYuan Huang (1): iio: adc: rtq6056: Correct the sign bit index Chris Lu (1): Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset Christian Bruel (1): irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Christian König (1): drm/amdgpu: reject gang submissions under SRIOV Christoph Hellwig (5): filemap: add a kiocb_invalidate_pages helper filemap: add a kiocb_invalidate_post_direct_write helper filemap: update ki_pos in generic_perform_write fs: factor out a direct_write_fallback helper block: open code __generic_file_write_iter for blkdev writes Christoph Paasch (1): net: When removing nexthops, don't call synchronize_net if it is not necessary Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Chuande Chen (1): hwmon: (sbtsi_temp) AMD CPU extended temperature range support Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Chuck Lever (1): NFSD: Fix crash in nfsd4_read_release() ChunHao Lin (1): r8169: set EEE speed down ratio to 1 Claudia Draghicescu (1): Bluetooth: ISO: Add support for periodic adv reports processing Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Colin Foster (1): smsc911x: add second read of EEPROM mac when possible corruption seen Cryolitia PukNgae (1): ALSA: usb-audio: apply quirk for MOONDROP Quark2 D. Wythe (1): net/smc: fix mismatch between CLC header and proposal Damien Le Moal (2): block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL block: make REQ_OP_ZONE_OPEN a write operation Dan Carpenter (4): mtd: onenand: Pass correct pointer to IRQ handler mtdchar: fix integer overflow in read/write ioctls Input: imx_sc_key - fix memory corruption on unload platform/x86: intel: punit_ipc: fix memory corruption Daniel Lezcano (1): clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Daniel Palmer (2): fbdev: atyfb: Check if pll_ops->init_pll failed eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP Daniel Wagner (2): nvmet-fc: avoid scheduling association deletion twice nvme-fc: use lock accessing port_state and rport state Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting Danil Skrebenkov (1): RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Darrick J. Wong (1): block: fix race between set_blocksize and read paths David Ahern (2): selftests: Disable dad for ipv6 in fcnal-test.sh selftests: Replace sleep with slowwait David Francis (1): drm/amdgpu: Allow kfd CRIU with no buffer objects David Kaplan (1): x86/bugs: Fix reporting of LFENCE retpoline David Lechner (1): iio: adc: ad7280a: fix ad7280_store_balance_timer() David Wei (1): netdevsim: add Makefile for selftests Dennis Beier (1): cpufreq/longhaul: handle NULL policy in longhaul_exit Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Devendra K Verma (1): dmaengine: dw-edma: Set status for callback_result Dmitry Baryshkov (1): drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Dragos Tatulea (2): page_pool: Clamp pool size to max 16K pages net/mlx5e: SHAMPO, Fix skb size check for 64K pages Elliot Berman (2): mailbox: Allow direct registration to a channel mailbox: pcc: Use mbox_bind_client Emanuele Ghidoli (1): net: phy: dp83867: Disable EEE support as not implemented Emil Dahl Juhl (1): tools: lib: thermal: don't preserve owner in install Eric Biggers (1): lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Eric Dumazet (8): net: call cond_resched() less often in __release_sock() ipv6: np->rxpmtu race annotation sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: act_connmark: use RCU in tcf_connmark_dump() net_sched: limit try_bulk_dequeue_skb() batches bpf: Add bpf_prog_run_data_pointers() mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Eric Huang (1): drm/amdkfd: fix vram allocation failure for a special case Ewan D. Milne (1): nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fabien Proriol (1): power: supply: sbs-charger: Support multiple devices Fabio M. De Francesco (1): mm/mempool: replace kmap_atomic() with kmap_local_page() Farhan Ali (1): s390/pci: Restore IRQ unconditionally for the zPCI device Felix Maurer (1): hsr: Fix supervision frame sending on HSRv0 Filipe Manana (3): btrfs: always drop log root tree reference in btrfs_replay_log() btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() btrfs: do not update last_log_commit when logging inode due to a new name Fiona Ebner (1): smb: client: transport: avoid reconnects triggered by pending task work Florian Fuchs (1): fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Florian Westphal (1): netfilter: nf_reject: don't reply to icmp error messages Forest Crossman (1): usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Francesco Lavra (1): iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Francisco Gutierrez (1): scsi: pm80xx: Fix race condition caused by static variables Gal Pressman (4): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps net/mlx5e: Remove mlx5e_dbg() and msglvl support net/mlx5e: Fix potentially misleading debug message Gautham R. Shenoy (3): ACPI: CPPC: Check _CPC validity for only the online CPUs ACPI: CPPC: Perform fast check switch only for online CPUs ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Geert Uytterhoeven (1): kbuild: uapi: Strip comments before size type check Geliang Tang (2): selftests: mptcp: disable add_addr retrans in endpoint_tests mptcp: change 'first' as a parameter Geoffrey McRae (1): drm/amdkfd: return -ENOTTY for unsupported IOCTLs Gerd Bayer (1): s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Gokul Sivakumar (1): wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Greg Kroah-Hartman (1): Linux 6.1.159 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Hangbin Liu (1): net: vlan: sync VLAN features with lower device Hans de Goede (3): ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() spi: Try to get ACPI GPIO IRQ earlier Haotian Zhang (5): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure ASoC: codecs: va-macro: fix resource leak in probe error path platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos mailbox: mailbox-test: Fix debugfs_create_dir error checking Harikrishna Shenoy (1): phy: cadence: cdns-dphy: Enable lower resolutions in dphy Heiner Kallweit (1): net: phy: fixed_phy: let fixed_phy_unregister free the phy_device Horatiu Vultur (1): net: lan966x: Fix the initialization of taprio Hoyoung Seo (1): scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS Huacai Chen (2): LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY LoongArch: Don't panic if no valid cache info for PCI Hugo Villeneuve (4): serial: sc16is7xx: remove unused to_sc16is7xx_port macro serial: sc16is7xx: reorder code to remove prototype declarations serial: sc16is7xx: refactor EFR lock serial: sc16is7xx: remove useless enable of enhanced features Huisong Li (2): mailbox: pcc: Add support for platform notification handling mailbox: pcc: Support shared interrupt for multiple subspaces Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Ian Rogers (1): tools bitmap: Add missing asm-generic/bitsperlong.h include Ido Schimmel (2): bridge: Redirect to backup port when port is administratively down selftests: traceroute: Use require_command() Igor Pylypiv (1): scsi: pm80xx: Set phy->enable_completion only when we Ilan Peer (1): wifi: mac80211: Fix HE capabilities element check Ilia Gavrilov (1): Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Inochi Amaoto (1): irqchip/sifive-plic: Respect mask state when setting affinity Isaac J. Manjarres (1): mm/mm_init: fix hash table order logging in alloc_large_system_hash() Ivan Pravdin (1): Bluetooth: bcsp: receive data only if registered Ivan Zhaldak (1): ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Jacob Moroni (3): RDMA/irdma: Fix SD index calculation RDMA/irdma: Remove unused struct irdma_cq fields RDMA/irdma: Set irdma_cq cq_num field during CQ create Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jakub Kicinski (3): selftests: net: replace sleeps in fcnal-test with waits page_pool: always add GFP_NOWARN for ATOMIC allocations selftests: netdevsim: set test timeout to 10 minutes Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (2): mailbox: pcc: don't zero error register drivers/usb/dwc3: fix PCI parent check Janusz Krzysztofik (1): drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jason Gunthorpe (1): iommufd: Don't overflow during division for dirty tracking Jayesh Choudhary (1): drm/tidss: Set crtc modesetting parameters with adjusted mode Jens Kehne (1): mfd: da9063: Split chip variant reading in two bus transactions Jens Reidel (1): soc: qcom: smem: Fix endian-unaware access of num_entries Jerome Brunet (1): NTB: epf: Allow arbitrary BAR mapping Jesse.Zhang (1): drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Jianbo Liu (1): xfrm: Determine inner GSO type from packet inner protocol Jiayi Li (1): memstick: Add timeout to prevent indefinite waiting Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jijie Shao (1): net: hns3: return error code when function fails Jimmy Hu (1): usb: gadget: udc: fix use-after-free in usb_gadget_state_work Jiri Olsa (2): uprobe: Do not emulate/sstep original instruction when ip is changed Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe Johannes Berg (1): wifi: mac80211: reject address change while connecting John Keeping (1): ALSA: serial-generic: remove shared static buffer John Smith (2): drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland Jonas Gorski (4): net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx net: dsa: b53: fix resetting speed and pause on forced link net: dsa: b53: fix enabling ip multicast net: dsa: b53: stop reading ARL entries if search is done Josh Poimboeuf (1): perf: Have get_perf_callchain() return NULL if crosstask and user are set Joshua Rogers (2): smb: client: validate change notify buffer before copy ksmbd: close accepted socket when per-IP limit rejects connection Joshua Watt (1): NFS4: Fix state renewals missing after boot Josua Mayer (1): rtc: pcf2127: clear minute/second interrupt Julian Sun (1): ext4: increase IO priority of fastcommit Junjie Cao (1): fbdev: bitblit: bound-check glyph index in bit_putcs* Junxian Huang (1): RDMA/hns: Fix wrong WQE data when QP wraps around Juraj Šarinay (1): net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Justin Tee (3): scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup scsi: lpfc: Define size of debugfs entry for xri rebalancing K Prateek Nayak (1): drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug Kai-Heng Feng (2): PM: suspend: Fix pm_suspend_target_state handling for !CONFIG_PM net: aquantia: Add missing descriptor cache invalidation on ATL2 Kailang Yang (1): ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Kalesh AP (1): bnxt_en: Fix a possible memory leak in bnxt_ptp_init Kaushlendra Kumar (3): tools/cpupower: fix error return value in cpupower_write_sysfs() tools/cpupower: Fix incorrect size in cpuidle_state_disable() tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kees Cook (1): arc: Fix __fls() const-foldability via __builtin_clzl() Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kirill A. Shutemov (1): x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Kiryl Shutsemau (1): mm/truncate: unmap large folio on split failure Koakuma (1): sparc/module: Add R_SPARC_UA64 relocation handling Krishna Kurapati (1): usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Krzysztof Kozlowski (5): extcon: adc-jack: Fix wakeup source leaks on device unbind drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL drm/msm/dsi/phy_7nm: Fix missing initial VCO rate extcon: adc-jack: Cleanup wakeup source only if it was enabled dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Kuen-Han Tsai (2): usb: gadget: f_eem: Fix memory leak in eem_unwrap usb: udc: Add trace event for usb_gadget_set_state Kuniyuki Iwashima (3): net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. tipc: Fix use-after-free in tipc_mon_reinit_self(). af_unix: Initialise scc_index in unix_add_edge(). Lance Yang (1): mm/secretmem: fix use-after-free race in fault handler Laurent Pinchart (2): media: pci: ivtv: Don't create fake v4l2_fh media: amphion: Delete v4l2_fh synchronously in .release() Len Brown (2): tools/power x86_energy_perf_policy: Enhance HWP enable tools/power x86_energy_perf_policy: Prefer driver HWP limits Li RongQing (1): x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Lijo Lazar (2): drm/amd/pm: Use cached metrics data on aldebaran drm/amd/pm: Use cached metrics data on arcturus Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Lizhi Xu (1): usbnet: Prevents free active kevent Loic Poulain (2): wifi: ath10k: Fix memory leak on unsupported WMI command wifi: ath10k: Fix connection after GTK rekeying Long Li (1): uio_hv_generic: Set event for all channels on the device Luiz Augusto von Dentz (4): Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 Bluetooth: ISO: Fix another instance of dst_type handling Bluetooth: SCO: Fix UAF on sco_conn_free Bluetooth: SMP: Fix not generating mackey and ltk when repairing Lukas Wunner (1): thunderbolt: Use is_pciehp instead of is_hotplug_bridge Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (2): MIPS: Malta: Fix !EVA SOC-it PCI MMIO MIPS: mm: Prevent a TLB shutdown on initial uniquification Maher Sanalla (6): net/mlx5: Expose shared buffer registers bits and structs net/mlx5e: Add API to query/modify SBPR and SBCM registers net/mlx5e: Update shared buffer along with device buffer changes net/mlx5e: Consider internal buffers size in port buffer calculations net/mlx5: Fix memory leak in error flow of port set buffer net/mlx5e: Do not update SBCM when prio2buffer command is invalid Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (3): can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Marcos Del Sol Vives (1): PCI: Disable MSI on RDC PCI to PCIe bridges Mario Limonciello (2): PCI/PM: Skip resuming to D0 if device is disconnected drm/amd: Fix suspend failure with secure display TA Mario Limonciello (AMD) (2): drm/amd: Avoid evicting resources at S5 HID: amd_sfh: Stop sensor before starting Martin Kaiser (1): maple_tree: fix tracepoint string pointers Masami Ichikawa (1): HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Mathias Nyman (6): xhci: dbc: Provide sysfs option to configure dbc descriptors xhci: dbc: poll at different rate depending on data transfer activity xhci: dbc: Improve performance by removing delay in transfer event polling. xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Matthias Schiffer (1): clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Matthieu Baerts (NGI0) (6): mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported selftests: mptcp: connect: trunc: read all recv data selftests: mptcp: join: rm: set backup flag selftests: mptcp: connect: fix fallback note due to OoO selftests: mptcp: join: endpoints: longer transfer Mehdi Djait (1): media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR Menglong Dong (1): arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Miaoqian Lin (6): net: usb: asix_devices: Check return value of usbnet_get_endpoints fbdev: valkyriefb: Fix reference count leak in valkyriefb_init pmdomain: imx: Fix reference count leak in imx_gpc_remove slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Michael Riesch (1): phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Michal Hocko (1): mm, percpu: do not consider sleepable allocations atomic Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Marshall (1): orangefs: fix xattr related buffer overflow... Mikko Perttunen (1): gpu: host1x: Select context device based on attached IOMMU Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Ming Wang (1): irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller Miroslav Lichvar (1): ptp: Limit time setting of PTP clocks Nai-Chen Cheng (1): selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Nam Cao (1): eventpoll: Replace rwlock with spinlock Namjae Jeon (1): ksmbd: use sock_create_kern interface to create kernel socket Naohiro Aota (1): btrfs: zoned: refine extent allocator hint selection Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug Nathan Chancellor (1): lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC NeilBrown (1): nfsd: Replace clamp_t in nfsd4_get_drc_mem() Nicolas Escande (1): wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Nicolas Ferre (2): ARM: at91: pm: save and restore ACR during PLL disable/enable clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niklas Schnelle (2): powerpc/eeh: Use result of error_detected() in uevent s390/pci: Use pci_uevent_ers() in PCI recovery Niklas Söderlund (4): media: adv7180: Add missing lock in suspend callback media: adv7180: Do not write format to device in set_fmt media: adv7180: Only validate format in querystd net: sh_eth: Disable WoL if system can not suspend Nikolay Aleksandrov (2): net: bridge: fix use-after-free due to MST port state bypass net: bridge: fix MST static key usage Niravkumar L Rabara (3): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Noorain Eqbal (1): bpf: Sync pending IRQ work before freeing ring buffer Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Oleksij Rempel (1): net: dsa: microchip: lan937x: Fix RGMII delay tuning Olga Kornievskaia (2): NFSv4: handle ERR_GRACE on delegation recalls NFSD: free copynotify stateid in nfs4_free_ol_stateid() Ondrej Mosnacek (1): bpf: Do not audit capability check in do_jit() Owen Gu (2): usb: gadget: f_fs: Fix epfile null pointer access after ep enable. usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Pablo Neira Ayuso (1): netfilter: nf_tables: reject duplicate device on updates Pankaj Raghav (1): filemap: cap PTE range to be created to allowed zero fill in folio_map_range() Paolo Abeni (8): mptcp: restore window probe mptcp: drop bogus optimization in __mptcp_check_push() mptcp: fix ack generation for fallback msk mptcp: fix premature close in case of fallback mptcp: avoid unneeded subflow-level drops mptcp: do not fallback when OoO is present mptcp: decouple mptcp fastclose from tcp close mptcp: fix duplicate reset on fastclose Paul Kocialkowski (1): media: verisilicon: Explicitly disable selection api ioctls for decoders Pauli Virtanen (5): Bluetooth: MGMT: cancel mesh send timer when hdev removed Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Pavel Zhigulin (3): net: dsa: hellcreek: fix missing error handling in LED registration net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Pedro Tammela (2): net/sched: act_connmark: transition to percpu stats and rcu net/sched: act_connmark: handle errno on tcf_idr_check_alloc Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Wang (2): scsi: ufs: host: mediatek: Change reset sequence for improved stability scsi: ufs: host: mediatek: Enhance recovery on resume failure Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Petr Machata (1): net: bridge: Install FDB for bridge MAC on VLAN 0 Philipp Hortmann (1): staging: rtl8712: Remove driver using deprecated API wext Philipp Stanner (1): drm/sched: Fix race in drm_sched_entity_select_rq() Pierre Gondois (8): cacheinfo: Use RISC-V's init_cache_level() as generic OF implementation cacheinfo: Return error code in init_of_cache_level() cacheinfo: Check 'cache-unified' property to count cache leaves ACPI: PPTT: Remove acpi_find_cache_levels() ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info() arch_topology: Build cacheinfo from primary CPU cacheinfo: Initialize variables in fetch_cache_info() arm64: tegra: Update cache properties Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Pranav Tyagi (1): futex: Don't leak robust_list pointer on exec race Prateek Agarwal (1): drm/tegra: Add call to put_pid() Qendrim Maxhuni (1): net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Qianfeng Rong (2): scsi: pm8001: Use int instead of u32 to store error codes media: redrat3: use int type to store negative error codes Qingfang Deng (1): 6pack: drop redundant locking and refcounting Qinxin Xia (1): dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Quan Zhou (1): wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device Quanmin Yan (1): fbcon: Set fb_display[i]->mode to NULL when the mode is released Rafael J. Wysocki (1): cpuidle: Fail cpuidle device registration if there is one already Rafał Miłecki (1): bcma: don't register devices disabled in OF Randall P. Embry (2): 9p: fix /sys/fs/9p/caches overwriting itself 9p: sysfs_init: don't hardcode error to ENOMEM Ranganath V N (2): net: sched: act_connmark: initialize struct tc_ife to fix kernel leak net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranjan Kumar (1): scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate Raphael Pinsonneault-Thibeault (2): Bluetooth: hci_event: validate skb length for unknown CC opcode Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Ricardo B. Marlière (2): selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh Richard Gobert (1): selftests/net: fix GRO coalesce test and add ext header coalesce tests Robert Marko (1): net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Rodrigo Gobbi (1): iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Rohan G Thomas (1): net: phy: marvell: Fix 88e1510 downshift counter errata Rosen Penev (1): dmaengine: mv_xor: match alloc_wc and free_wc Roy Vegard Ovesen (2): ALSA: usb-audio: fix control pipe direction ALSA: usb-audio: add mono main switch to Presonus S1824c Russell King (Oracle) (1): net: dsa: sja1105: simplify static configuration reload Ryan Chen (1): soc: aspeed: socinfo: Add AST27xx silicon IDs Ryan Wanner (1): clk: at91: clk-master: Add check for divide by 3 Ryusuke Konishi (1): nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Sabrina Dubroca (1): espintcp: fix skb leaks Sakari Ailus (1): ACPI: property: Return present device nodes only on fwnode interface Saket Dumbre (1): ACPICA: Update dsmethod.c to get rid of unused variable warning Sangwook Shin (1): watchdog: s3c2410_wdt: Fix max_timeout being calculated larger Sarthak Garg (1): mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Sascha Hauer (1): tools: lib: thermal: use pkg-config to locate libnl3 Sathishkumar S (1): drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Scott Mayhew (1): NFS: check if suid/sgid was cleared after a write as needed Sean Heelan (1): ksmbd: fix use-after-free in session logoff Seungjin Bae (2): Input: pegasus-notetaker - fix potential out-of-bounds access can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Seyediman Seyedarab (2): drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Shahar Shitrit (1): net: tls: Cancel RX async resync request on rcd_delta overflow Shang song (Lenovo) (1): ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shaurya Rane (1): jfs: fix uninitialized waitqueue in transaction manager Shawn Lin (1): mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Shengjiu Wang (1): ASoC: fsl_sai: fix bit order for DSD format Shin'ichiro Kawasaki (1): nvme-multipath: fix lockdep WARN due to partition scan work Shuai Xue (1): acpi,srat: Fix incorrect device handle check for Generic Initiator Shuhao Fu (1): smb: client: fix refcount leak in smb2_set_path_attr Srinivas Kandagatla (1): ASoC: qdsp6: q6asm: do not sleep while atomic Srinivasan Shanmugam (1): drm/amdgpu: Fix function header names in amdgpu_connectors.c Stefan Wahren (1): ethernet: Extend device_get_mac_address() to use NVMEM Stefan Wiehler (3): sctp: Hold RCU read lock while iterating over address list sctp: Prevent TOCTOU out-of-bounds write sctp: Hold sock lock while iterating over address list Stephan Gerhold (1): remoteproc: qcom: q6v5: Avoid handling handover twice Steve French (1): cifs: fix typo in enable_gcm_256 module parameter Sudeep Holla (4): pmdomain: arm: scmi: Fix genpd leak on provider registration failure ACPI: PCC: Add PCC shared memory region command and status bitfields mailbox: pcc: Refactor error handling in irq handler into separate function i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros Sumanth Gavini (1): softirq: Add trace points for tasklet entry/exit Sungho Kim (1): PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Svyatoslav Ryhel (1): video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Takashi Iwai (3): ALSA: usb-audio: Add validation of UAC2/UAC3 effect units ALSA: usb-audio: Fix potential overflow of PCM transfer buffer ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Tetsuo Handa (3): media: imon: make send_packet() more robust ntfs3: pretend $Extend records as regular files jfs: Verify inode mode when loading from disk Thomas Andreatta (1): dmaengine: sh: setup_xref error handling Thomas Bogendoerfer (1): MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Thomas Weißschuh (4): spi: loopback-test: Don't use %pK through printk soc: ti: pruss: don't use %pK through printk bpf: Don't use %pK through printk ice: Don't use %pK through printk or tracepoints Thomas Zimmermann (1): drm/sysfb: Do not dereference NULL pointer in plane reset Thorsten Blum (1): btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Théo Lebrun (1): net: macb: avoid dealing with endianness in macb_set_hwaddr() Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Tianyang Zhang (1): LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Tiezhu Yang (2): net: stmmac: Check stmmac_hw_setup() in stmmac_resume() asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch Timur Kristóf (2): drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) drm/amd/pm: Disable MCLK switching on SI at high pixel clocks Tiwei Bie (1): um: Fix help message for ssl-non-raw Tom Stellard (1): bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 Tomeu Vizoso (1): drm/etnaviv: fix flush sequence logic Tomi Valkeinen (1): drm/tidss: Use the crtc_* timings when programming the HW Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Tristram Ha (1): net: dsa: microchip: Fix reserved multicast address table programming Trond Myklebust (1): NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Tvrtko Ursulin (1): drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Uday M Bhat (1): xhci: dbc: Allow users to modify DbC poll interval via sysfs Ujwal Kundur (1): rds: Fix endianness annotation for RDS_MPATH_HASH Umesh Nerlige Ramappa (1): drm/i915: Fix conversion between clock ticks and nanoseconds Uwe Kleine-König (1): usb: renesas_usbhs: Convert to platform remove callback returning void Valek Andrej (1): iio: accel: fix ADXL355 startup race condition Valerio Setti (1): ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: add checking of wait_for_completion_killable() return value Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Vladimir Riabchun (1): ftrace: Fix softlockup in ftrace_module_enable Vladimir Zapolskiy (1): media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer Vlastimil Babka (1): mm/mempool: fix poisoning order>0 pages with HIGHMEM Wake Liu (2): selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 selftests/net: Ensure assert() triggers in psock_tpacket.c Wang Liang (1): selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() William Wu (1): usb: gadget: f_hid: Fix zero length packet transfer Wonkon Kim (1): scsi: ufs: core: Initialize value of an attribute returned by uic cmd Xiang Mei (1): net/sched: sch_qfq: Fix null-deref in agg_dequeue Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yafang Shao (1): net/cls_cgroup: Fix task_get_classid() during qdisc run Yang Wang (1): drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Yicong Yang (1): cacheinfo: Fix LLC is not exported through sysfs Yifan Zha (1): drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Yihang Li (1): ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Yikang Yue (1): fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Yipeng Zou (1): timers: Fix NULL function pointer race in timer_shutdown_sync() Yongpeng Yang (1): exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Yosry Ahmed (1): KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated Yue Haibing (1): ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Yuhao Jiang (1): ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Yuta Hayama (1): rtc: rx8025: fix incorrect register reference Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 ZhangGuoDong (2): smb/server: fix possible memory leak in smb2_read() smb/server: fix possible refcount leak in smb2_sess_setup() Zijun Hu (1): char: misc: Does not request module for miscdevice with dynamic minor Zilin Guan (2): tracing: Fix memory leaks in create_field_var() mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() austinchang (1): btrfs: mark dirty extent range for out of bound prealloc extents chuguangqing (1): fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock luoguangfei (1): net: macb: fix unregister_netdev call order in macb_remove() raub camaioni (1): usb: gadget: f_ncm: Fix MAC assignment NCM ethernet wenglianfa (1): RDMA/hns: Fix the modification of max_send_sge ziming zhang (2): libceph: prevent potential out-of-bounds writes in handle_auth_session_key() libceph: replace BUG_ON with bounds check for map->max_osd Łukasz Bartosik (1): xhci: dbgtty: fix device unregister

2 days, 5 hours

1
1
0 0

Linux 5.15.197

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.197 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 62 Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Documentation/kbuild/makefiles.rst | 29 Documentation/process/howto.rst | 2 Documentation/translations/it_IT/process/howto.rst | 2 Documentation/translations/ja_JP/howto.rst | 2 Documentation/translations/ko_KR/howto.rst | 2 Documentation/translations/zh_CN/process/howto.rst | 2 Documentation/translations/zh_TW/process/howto.rst | 2 MAINTAINERS | 7 Makefile | 8 arch/arc/include/asm/bitops.h | 2 arch/arm/crypto/Kconfig | 2 arch/arm/mach-at91/pm_suspend.S | 8 arch/mips/boot/dts/lantiq/danube.dtsi | 6 arch/mips/lantiq/xway/sysctrl.c | 2 arch/mips/loongson64/Platform | 2 arch/mips/mm/tlb-r4k.c | 100 arch/mips/mti-malta/malta-init.c | 20 arch/parisc/boot/compressed/Makefile | 2 arch/powerpc/kernel/eeh_driver.c | 2 arch/riscv/kernel/cpu-hotplug.c | 1 arch/riscv/mm/ptdump.c | 2 arch/s390/Makefile | 6 arch/s390/purgatory/Makefile | 2 arch/sparc/include/asm/elf_64.h | 1 arch/sparc/kernel/module.c | 1 arch/um/drivers/ssl.c | 5 arch/x86/Makefile | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/entry/vsyscall/vsyscall_64.c | 17 arch/x86/events/core.c | 10 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/resctrl/monitor.c | 10 arch/x86/kernel/kvm.c | 20 arch/x86/net/bpf_jit_comp.c | 2 block/partitions/core.c | 5 drivers/acpi/acpi_video.c | 4 drivers/acpi/acpica/dsmethod.c | 10 drivers/acpi/numa/srat.c | 2 drivers/acpi/prmt.c | 19 drivers/acpi/property.c | 24 drivers/acpi/scan.c | 2 drivers/acpi/video_detect.c | 8 drivers/ata/libata-scsi.c | 8 drivers/atm/fore200e.c | 2 drivers/base/regmap/regmap-slimbus.c | 6 drivers/bluetooth/btusb.c | 13 drivers/bluetooth/hci_bcsp.c | 3 drivers/char/misc.c | 8 drivers/clk/at91/clk-master.c | 3 drivers/clk/ti/clk-33xx.c | 2 drivers/clocksource/timer-vf-pit.c | 22 drivers/cpufreq/longhaul.c | 3 drivers/cpufreq/tegra186-cpufreq.c | 27 drivers/cpuidle/cpuidle.c | 8 drivers/dma/dw-edma/dw-edma-core.c | 22 drivers/dma/mv_xor.c | 4 drivers/dma/sh/shdma-base.c | 25 drivers/dma/sh/shdmac.c | 17 drivers/edac/altera_edac.c | 22 drivers/extcon/extcon-adc-jack.c | 2 drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 19 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn30/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn301/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn302/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn303/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn31/Makefile | 2 drivers/gpu/drm/amd/display/dc/dml/Makefile | 2 drivers/gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 drivers/gpu/drm/bridge/display-connector.c | 3 drivers/gpu/drm/drm_gem_atomic_helper.c | 6 drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 drivers/gpu/drm/i915/i915_vma.c | 16 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 drivers/gpu/drm/scheduler/sched_entity.c | 3 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tidss/tidss_crtc.c | 7 drivers/gpu/drm/tidss/tidss_dispc.c | 16 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/hid/hid-ids.h | 7 drivers/hid/hid-ntrig.c | 7 drivers/hid/hid-quirks.c | 14 drivers/hwmon/dell-smm-hwmon.c | 7 drivers/hwmon/sbtsi_temp.c | 46 drivers/iio/accel/bmc150-accel-core.c | 5 drivers/iio/accel/bmc150-accel.h | 1 drivers/iio/adc/spear_adc.c | 9 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 drivers/infiniband/hw/irdma/pble.c | 2 drivers/infiniband/hw/irdma/verbs.c | 4 drivers/infiniband/hw/irdma/verbs.h | 8 drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/misc/ati_remote2.c | 2 drivers/input/misc/cm109.c | 2 drivers/input/misc/powermate.c | 2 drivers/input/misc/yealink.c | 2 drivers/input/tablet/acecad.c | 2 drivers/input/tablet/pegasus_notetaker.c | 11 drivers/iommu/amd/init.c | 28 drivers/iommu/intel/debugfs.c | 10 drivers/iommu/intel/perf.c | 10 drivers/iommu/intel/perf.h | 5 drivers/irqchip/irq-gic-v2m.c | 13 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 drivers/mailbox/mailbox-test.c | 2 drivers/md/dm-verity-fec.c | 6 drivers/media/i2c/ir-kbd-i2c.c | 6 drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 drivers/media/pci/ivtv/ivtv-driver.h | 3 drivers/media/pci/ivtv/ivtv-fileops.c | 18 drivers/media/pci/ivtv/ivtv-irq.c | 4 drivers/media/rc/imon.c | 61 drivers/media/rc/redrat3.c | 2 drivers/media/tuners/xc4000.c | 8 drivers/media/tuners/xc5000.c | 12 drivers/memstick/core/memstick.c | 8 drivers/mfd/da9063-i2c.c | 27 drivers/mfd/madera-core.c | 4 drivers/mfd/stmpe-i2c.c | 1 drivers/mfd/stmpe.c | 3 drivers/mmc/host/renesas_sdhi_core.c | 6 drivers/mmc/host/sdhci-msm.c | 15 drivers/mmc/host/sdhci-of-dwcmshc.c | 2 drivers/most/most_usb.c | 14 drivers/mtd/nand/onenand/onenand_samsung.c | 2 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 23 drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/b53/b53_common.c | 15 drivers/net/dsa/b53/b53_regs.h | 3 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 drivers/net/dsa/sja1105/sja1105_main.c | 71 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 45 drivers/net/ethernet/cadence/macb_main.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/microchip/sparx5/Kconfig | 2 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/realtek/Kconfig | 2 drivers/net/ethernet/realtek/r8169_main.c | 6 drivers/net/ethernet/renesas/ravb_main.c | 99 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 drivers/net/ethernet/ti/netcp_core.c | 10 drivers/net/phy/dp83867.c | 6 drivers/net/phy/marvell.c | 39 drivers/net/phy/mdio_bus.c | 5 drivers/net/usb/asix_devices.c | 12 drivers/net/usb/qmi_wwan.c | 6 drivers/net/usb/usbnet.c | 2 drivers/net/wireless/ath/ath10k/mac.c | 12 drivers/net/wireless/ath/ath10k/wmi.c | 40 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 drivers/nvme/host/fc.c | 12 drivers/nvme/target/fc.c | 16 drivers/pci/controller/cadence/pcie-cadence-host.c | 2 drivers/pci/controller/cadence/pcie-cadence.c | 4 drivers/pci/controller/cadence/pcie-cadence.h | 6 drivers/pci/p2pdma.c | 2 drivers/pci/quirks.c | 3 drivers/phy/cadence/cdns-dphy.c | 4 drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 drivers/pinctrl/pinctrl-single.c | 4 drivers/platform/x86/intel/punit_ipc.c | 2 drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/power/supply/sbs-charger.c | 16 drivers/ptp/ptp_clock.c | 13 drivers/regulator/fixed.c | 1 drivers/remoteproc/qcom_q6v5.c | 5 drivers/rtc/rtc-pcf2127.c | 4 drivers/rtc/rtc-rx8025.c | 2 drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/libfc/fc_encode.h | 2 drivers/scsi/lpfc/lpfc_debugfs.h | 3 drivers/scsi/lpfc/lpfc_els.c | 6 drivers/scsi/lpfc/lpfc_init.c | 7 drivers/scsi/lpfc/lpfc_scsi.c | 14 drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 drivers/scsi/pm8001/pm8001_ctl.c | 24 drivers/scsi/pm8001/pm8001_init.c | 1 drivers/scsi/pm8001/pm8001_sas.c | 4 drivers/scsi/pm8001/pm8001_sas.h | 4 drivers/scsi/sg.c | 10 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/soc/aspeed/aspeed-socinfo.c | 4 drivers/soc/imx/gpc.c | 2 drivers/soc/qcom/smem.c | 2 drivers/soc/samsung/pm_domains.c | 11 drivers/soc/ti/knav_dma.c | 14 drivers/soc/ti/pruss.c | 2 drivers/spi/spi-bcm63xx.c | 14 drivers/spi/spi-loopback-test.c | 12 drivers/spi/spi.c | 10 drivers/staging/Kconfig | 2 drivers/staging/Makefile | 1 drivers/staging/rtl8712/Kconfig | 21 drivers/staging/rtl8712/Makefile | 35 drivers/staging/rtl8712/TODO | 13 drivers/staging/rtl8712/basic_types.h | 28 drivers/staging/rtl8712/drv_types.h | 176 drivers/staging/rtl8712/ethernet.h | 21 drivers/staging/rtl8712/hal_init.c | 401 - drivers/staging/rtl8712/ieee80211.c | 415 - drivers/staging/rtl8712/ieee80211.h | 165 drivers/staging/rtl8712/mlme_linux.c | 160 drivers/staging/rtl8712/mlme_osdep.h | 31 drivers/staging/rtl8712/mp_custom_oid.h | 287 - drivers/staging/rtl8712/os_intfs.c | 464 - drivers/staging/rtl8712/osdep_intf.h | 32 drivers/staging/rtl8712/osdep_service.h | 61 drivers/staging/rtl8712/recv_linux.c | 139 drivers/staging/rtl8712/recv_osdep.h | 39 drivers/staging/rtl8712/rtl8712_bitdef.h | 26 drivers/staging/rtl8712/rtl8712_cmd.c | 409 - drivers/staging/rtl8712/rtl8712_cmd.h | 231 drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 96 drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 drivers/staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 drivers/staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 drivers/staging/rtl8712/rtl8712_efuse.c | 566 -- drivers/staging/rtl8712/rtl8712_efuse.h | 43 drivers/staging/rtl8712/rtl8712_event.h | 86 drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 drivers/staging/rtl8712/rtl8712_hal.h | 142 drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 drivers/staging/rtl8712/rtl8712_io.c | 99 drivers/staging/rtl8712/rtl8712_led.c | 1830 ------- drivers/staging/rtl8712/rtl8712_macsetting_bitdef.h | 34 drivers/staging/rtl8712/rtl8712_macsetting_regdef.h | 22 drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 44 drivers/staging/rtl8712/rtl8712_recv.c | 1079 ---- drivers/staging/rtl8712/rtl8712_recv.h | 145 drivers/staging/rtl8712/rtl8712_regdef.h | 32 drivers/staging/rtl8712/rtl8712_security_bitdef.h | 35 drivers/staging/rtl8712/rtl8712_spec.h | 124 drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 167 drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 44 drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 50 drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 50 drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 drivers/staging/rtl8712/rtl8712_xmit.c | 745 --- drivers/staging/rtl8712/rtl8712_xmit.h | 108 drivers/staging/rtl8712/rtl871x_cmd.c | 796 --- drivers/staging/rtl8712/rtl871x_cmd.h | 764 --- drivers/staging/rtl8712/rtl871x_debug.h | 130 drivers/staging/rtl8712/rtl871x_eeprom.c | 220 drivers/staging/rtl8712/rtl871x_eeprom.h | 88 drivers/staging/rtl8712/rtl871x_event.h | 109 drivers/staging/rtl8712/rtl871x_ht.h | 33 drivers/staging/rtl8712/rtl871x_io.c | 147 drivers/staging/rtl8712/rtl871x_io.h | 236 - drivers/staging/rtl8712/rtl871x_ioctl.h | 95 drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 ---------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 520 -- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 drivers/staging/rtl8712/rtl871x_ioctl_set.c | 355 - drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 drivers/staging/rtl8712/rtl871x_led.h | 118 drivers/staging/rtl8712/rtl871x_mlme.c | 1749 ------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 drivers/staging/rtl8712/rtl871x_mp.c | 724 --- drivers/staging/rtl8712/rtl871x_mp.h | 275 - drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 329 - drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1037 ---- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 - drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 drivers/staging/rtl8712/rtl871x_recv.c | 670 -- drivers/staging/rtl8712/rtl871x_recv.h | 216 drivers/staging/rtl8712/rtl871x_rf.h | 55 drivers/staging/rtl8712/rtl871x_security.c | 1387 ----- drivers/staging/rtl8712/rtl871x_security.h | 218 drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 - drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 drivers/staging/rtl8712/rtl871x_xmit.c | 1059 ---- drivers/staging/rtl8712/rtl871x_xmit.h | 288 - drivers/staging/rtl8712/sta_info.h | 133 drivers/staging/rtl8712/usb_halinit.c | 307 - drivers/staging/rtl8712/usb_intf.c | 638 -- drivers/staging/rtl8712/usb_ops.c | 195 drivers/staging/rtl8712/usb_ops.h | 38 drivers/staging/rtl8712/usb_ops_linux.c | 508 -- drivers/staging/rtl8712/usb_osintf.h | 35 drivers/staging/rtl8712/wifi.h | 197 drivers/staging/rtl8712/wlan_bssdef.h | 223 drivers/staging/rtl8712/xmit_linux.c | 187 drivers/staging/rtl8712/xmit_osdep.h | 52 drivers/target/loopback/tcm_loop.c | 3 drivers/tee/tee_core.c | 2 drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/thunderbolt/tb.c | 2 drivers/tty/serial/8250/8250_dw.c | 67 drivers/tty/serial/amba-pl011.c | 2 drivers/uio/uio_hv_generic.c | 21 drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 8 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/function/f_fs.c | 8 drivers/usb/gadget/function/f_hid.c | 4 drivers/usb/gadget/function/f_ncm.c | 3 drivers/usb/host/xhci-dbgcap.c | 261 + drivers/usb/host/xhci-dbgcap.h | 12 drivers/usb/host/xhci-dbgtty.c | 17 drivers/usb/host/xhci-plat.c | 1 drivers/usb/mon/mon_bin.c | 14 drivers/usb/renesas_usbhs/common.c | 18 drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 drivers/usb/storage/uas.c | 5 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 drivers/video/backlight/lp855x_bl.c | 2 drivers/video/fbdev/aty/atyfb_base.c | 8 drivers/video/fbdev/core/bitblit.c | 33 drivers/video/fbdev/pvr2fb.c | 2 drivers/video/fbdev/valkyriefb.c | 2 fs/9p/v9fs.c | 9 fs/btrfs/disk-io.c | 2 fs/btrfs/file.c | 10 fs/btrfs/scrub.c | 3 fs/btrfs/transaction.c | 2 fs/btrfs/tree-log.c | 48 fs/ceph/locks.c | 5 fs/cifs/connect.c | 1 fs/exfat/fatent.c | 11 fs/exfat/super.c | 5 fs/ext4/xattr.c | 2 fs/hpfs/namei.c | 18 fs/jfs/inode.c | 8 fs/jfs/jfs_txnmgr.c | 9 fs/nfs/nfs4client.c | 1 fs/nfs/nfs4proc.c | 15 fs/nfs/nfs4state.c | 3 fs/nfs/write.c | 3 fs/nfsd/nfs4proc.c | 7 fs/nfsd/nfs4state.c | 3 fs/ntfs3/inode.c | 1 fs/open.c | 10 fs/orangefs/xattr.c | 12 fs/proc/generic.c | 12 include/linux/array_size.h | 13 include/linux/ata.h | 1 include/linux/blk_types.h | 11 include/linux/compiler_types.h | 5 include/linux/filter.h | 22 include/linux/kernel.h | 7 include/linux/mm.h | 2 include/linux/shdma-base.h | 2 include/linux/string.h | 1 include/linux/usb.h | 16 include/net/act_api.h | 1 include/net/cls_cgroup.h | 2 include/net/nfc/nci_core.h | 2 include/net/pkt_sched.h | 25 include/net/tc_act/tc_connmark.h | 10 include/net/tls.h | 6 kernel/bpf/ringbuf.c | 2 kernel/events/uprobes.c | 7 kernel/gcov/gcc_4_7.c | 4 kernel/trace/trace_events_hist.c | 6 lib/crypto/Makefile | 2 mm/page_alloc.c | 2 mm/secretmem.c | 2 net/8021q/vlan.c | 2 net/bluetooth/6lowpan.c | 97 net/bluetooth/hci_event.c | 21 net/bluetooth/l2cap_core.c | 1 net/bluetooth/sco.c | 7 net/bluetooth/smp.c | 31 net/bridge/br_forward.c | 3 net/ceph/auth_x.c | 2 net/ceph/ceph_common.c | 53 net/ceph/debugfs.c | 14 net/core/netpoll.c | 7 net/core/page_pool.c | 12 net/core/sock.c | 15 net/dsa/tag_brcm.c | 10 net/hsr/hsr_device.c | 3 net/ipv4/netfilter/nf_reject_ipv4.c | 25 net/ipv4/nexthop.c | 6 net/ipv4/route.c | 5 net/ipv4/udp_tunnel_nic.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ah6.c | 50 net/ipv6/netfilter/nf_reject_ipv6.c | 30 net/ipv6/raw.c | 2 net/ipv6/udp.c | 2 net/mac80211/rx.c | 10 net/mptcp/options.c | 57 net/mptcp/pm_netlink.c | 26 net/mptcp/protocol.c | 47 net/mptcp/protocol.h | 1 net/mptcp/subflow.c | 8 net/netfilter/nf_tables_api.c | 15 net/openvswitch/actions.c | 68 net/openvswitch/flow_netlink.c | 64 net/openvswitch/flow_netlink.h | 2 net/rds/rds.h | 2 net/sched/act_bpf.c | 19 net/sched/act_connmark.c | 154 net/sched/act_csum.c | 13 net/sched/act_ct.c | 17 net/sched/act_ctinfo.c | 13 net/sched/act_gact.c | 13 net/sched/act_gate.c | 13 net/sched/act_ife.c | 25 net/sched/act_ipt.c | 31 net/sched/act_mirred.c | 13 net/sched/act_mpls.c | 13 net/sched/act_nat.c | 13 net/sched/act_pedit.c | 13 net/sched/act_police.c | 13 net/sched/act_sample.c | 13 net/sched/act_simple.c | 13 net/sched/act_skbedit.c | 13 net/sched/act_skbmod.c | 13 net/sched/act_tunnel_key.c | 13 net/sched/act_vlan.c | 13 net/sched/cls_bpf.c | 6 net/sched/sch_api.c | 10 net/sched/sch_generic.c | 17 net/sched/sch_hfsc.c | 16 net/sched/sch_qfq.c | 2 net/sctp/diag.c | 21 net/sctp/transport.c | 13 net/smc/smc_clc.c | 1 net/strparser/strparser.c | 2 net/tipc/net.c | 2 net/tls/tls_device.c | 4 net/vmw_vsock/af_vsock.c | 40 scripts/Makefile.compiler | 10 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/pci/hda/patch_realtek.c | 17 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/max98090.c | 6 sound/soc/meson/aiu-encoder-i2s.c | 9 sound/soc/qcom/qdsp6/q6asm.c | 2 sound/usb/endpoint.c | 6 sound/usb/mixer.c | 4 sound/usb/mixer_s1810c.c | 28 sound/usb/validate.c | 9 tools/lib/bpf/bpf_tracing.h | 365 - tools/power/cpupower/lib/cpuidle.c | 5 tools/power/cpupower/lib/cpupower.c | 2 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 30 tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/progs/loop3.c | 4 tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 tools/testing/selftests/drivers/net/netdevsim/Makefile | 21 tools/testing/selftests/drivers/net/netdevsim/settings | 1 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/fcnal-test.sh | 4 tools/testing/selftests/net/gro.c | 101 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 54 tools/testing/selftests/net/psock_tpacket.c | 4 tools/testing/selftests/net/traceroute.sh | 13 tools/tracing/latency/latency-collector.c | 2 518 files changed, 3315 insertions(+), 29492 deletions(-) Aaron Kling (1): cpufreq: tegra186: Initialize all cores to max frequencies Abdun Nihaal (1): isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Akhil P Oommen (1): drm/msm/a6xx: Fix GMU firmware parser Al Viro (2): allow finish_no_open(file, ERR_PTR(-E...)) nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (1): USB: storage: Remove subclass and protocol overrides from Novatek quirk Albin Babu Varghese (1): fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Alejandro Colomar (1): kernel.h: Move ARRAY_SIZE() to a separate header Aleksander Jan Bajkowski (3): mips: lantiq: danube: add missing properties to cpu node mips: lantiq: danube: add missing device_type in pci node mips: lantiq: xway: sysctrl: rename stp clock Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alex Hung (1): drm/amd/display: Check NULL before accessing Alex Lu (1): Bluetooth: Add more enc key size check Alexander Stein (2): mfd: stmpe: Remove IRQ domain upon removal mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexey Dobriyan (1): x86/boot: Compile boot code with -std=gnu11 too Alexey Klimov (1): regmap: slimbus: fix bus_context pointer in regmap init calls Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Alok Tiwari (2): udp_tunnel: use netdev_warn() instead of netdev_WARN() scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Amber Lin (1): drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Amirreza Zarrabi (1): tee: allow a driver to allocate a tee_device without a pool Andrew Lunn (1): net: dsa: sja1105: Convert to mdiobus_c45_read Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Andrii Nakryiko (3): libbpf: Normalize PT_REGS_xxx() macro definitions libbpf: Fix powerpc's stack register definition in bpf_tracing.h selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in loop3 André Draszik (1): pmdomain: samsung: plug potential memleak during probe Andy Shevchenko (1): serial: 8250_dw: Use devm_add_action_or_reset() Anthony Iliopoulos (1): NFSv4.1: fix mount hang after CREATE_SESSION failure Antonino Maniscalco (1): drm/msm: make sure to not queue up recovery more than once Anubhav Singh (2): selftests/net: fix out-of-order delivery of FIN in gro:tcp test selftests/net: use destination options instead of hop-by-hop Armin Wolf (1): hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Arnd Bergmann (1): mfd: madera: Work around false-positive -Wininitialized warning Artem Shimko (1): serial: 8250_dw: handle reset control deassert error Ashish Kalra (1): iommu/amd: Skip enabling command/event buffers for kdump Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Baochen Qiang (1): Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Benjamin Berg (1): wifi: mac80211: skip rate verification for not captured PSDUs Biju Das (2): ravb: Exclude gPTP feature support for RZ/G2L mmc: host: renesas_sdhi: Fix the actual clock Björn Töpel (1): riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h Brahmajit Das (1): net: intel: fm10k: Fix parameter idx set but not used Breno Leitao (1): net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Celeste Liu (1): can: gs_usb: increase max interface to U8_MAX Chandrakanth Patil (1): scsi: mpi3mr: Fix controller init failure on fault during queue creation Charalampos Mitrodimas (1): net: ipv6: fix field-spanning memcpy warning in AH output Chelsy Ratnawat (1): media: fix uninitialized symbol warnings Chen Wang (1): PCI: cadence: Check for the existence of cdns_pcie::ops before using it Chen Yufeng (1): usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget Chi Zhang (1): pinctrl: single: fix bias pull up/down handling in pin_config_set Chi Zhiling (1): exfat: limit log print for IO error Christian Bruel (1): irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Christoph Paasch (1): net: When removing nexthops, don't call synchronize_net if it is not necessary Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Chuande Chen (1): hwmon: (sbtsi_temp) AMD CPU extended temperature range support Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Chuck Lever (1): NFSD: Fix crash in nfsd4_read_release() ChunHao Lin (1): r8169: set EEE speed down ratio to 1 Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind D. Wythe (1): net/smc: fix mismatch between CLC header and proposal Damien Le Moal (2): block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL block: make REQ_OP_ZONE_OPEN a write operation Dan Carpenter (3): mtd: onenand: Pass correct pointer to IRQ handler Input: imx_sc_key - fix memory corruption on unload platform/x86: intel: punit_ipc: fix memory corruption Daniel Lezcano (1): clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Daniel Palmer (2): fbdev: atyfb: Check if pll_ops->init_pll failed eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP Daniel T. Lee (1): libbpf: Fix invalid return address register in s390 Daniel Wagner (2): nvmet-fc: avoid scheduling association deletion twice nvme-fc: use lock accessing port_state and rport state Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting Danil Skrebenkov (1): RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors David Ahern (2): selftests: Disable dad for ipv6 in fcnal-test.sh selftests: Replace sleep with slowwait David Kaplan (1): x86/bugs: Fix reporting of LFENCE retpoline David Wei (1): netdevsim: add Makefile for selftests Dennis Beier (1): cpufreq/longhaul: handle NULL policy in longhaul_exit Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Devendra K Verma (1): dmaengine: dw-edma: Set status for callback_result Dmitry Baryshkov (1): drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Dragos Tatulea (1): page_pool: Clamp pool size to max 16K pages Emanuele Ghidoli (1): net: phy: dp83867: Disable EEE support as not implemented Eric Biggers (1): lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Eric Dumazet (8): net: call cond_resched() less often in __release_sock() ipv6: np->rxpmtu race annotation sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: act_connmark: use RCU in tcf_connmark_dump() net_sched: limit try_bulk_dequeue_skb() batches bpf: Add bpf_prog_run_data_pointers() mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (1): nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fabien Proriol (1): power: supply: sbs-charger: Support multiple devices Felix Maurer (1): hsr: Fix supervision frame sending on HSRv0 Filipe Manana (3): btrfs: always drop log root tree reference in btrfs_replay_log() btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() btrfs: add helper to truncate inode items when logging inode Florian Fuchs (1): fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Florian Westphal (1): netfilter: nf_reject: don't reply to icmp error messages Forest Crossman (1): usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Francesco Lavra (1): iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Francisco Gutierrez (1): scsi: pm80xx: Fix race condition caused by static variables Gal Pressman (2): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Geoffrey McRae (1): drm/amdkfd: return -ENOTTY for unsupported IOCTLs Gokul Sivakumar (1): wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Greg Kroah-Hartman (1): Linux 5.15.197 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Gulam Mohamed (2): Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()" Revert "block: don't add or resize partition on the disk with GENHD_FL_NO_PART" Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Hangbin Liu (1): net: vlan: sync VLAN features with lower device Hans de Goede (3): ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() spi: Try to get ACPI GPIO IRQ earlier Haotian Zhang (4): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos mailbox: mailbox-test: Fix debugfs_create_dir error checking Harikrishna Shenoy (1): phy: cadence: cdns-dphy: Enable lower resolutions in dphy Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Ido Schimmel (2): bridge: Redirect to backup port when port is administratively down selftests: traceroute: Use require_command() Igor Pylypiv (1): scsi: pm80xx: Set phy->enable_completion only when we Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Ilya Leoshkevich (1): libbpf: Fix riscv register names Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Isaac J. Manjarres (1): mm/mm_init: fix hash table order logging in alloc_large_system_hash() Ivan Pravdin (1): Bluetooth: bcsp: receive data only if registered Jacob Moroni (3): RDMA/irdma: Fix SD index calculation RDMA/irdma: Remove unused struct irdma_cq fields RDMA/irdma: Set irdma_cq cq_num field during CQ create Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jakub Kicinski (2): page_pool: always add GFP_NOWARN for ATOMIC allocations selftests: netdevsim: set test timeout to 10 minutes Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jamie Iles (1): drivers/usb/dwc3: fix PCI parent check Janusz Krzysztofik (1): drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jayesh Choudhary (1): drm/tidss: Set crtc modesetting parameters with adjusted mode Jens Kehne (1): mfd: da9063: Split chip variant reading in two bus transactions Jens Reidel (1): soc: qcom: smem: Fix endian-unaware access of num_entries Jiayi Li (1): memstick: Add timeout to prevent indefinite waiting Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jijie Shao (1): net: hns3: return error code when function fails Jiri Olsa (2): uprobe: Do not emulate/sstep original instruction when ip is changed Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe John Smith (2): drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland Jonas Gorski (4): net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx net: dsa: b53: fix resetting speed and pause on forced link net: dsa: b53: fix enabling ip multicast net: dsa: b53: stop reading ARL entries if search is done Josephine Pfeiffer (1): riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Joshua Watt (1): NFS4: Fix state renewals missing after boot Josua Mayer (1): rtc: pcf2127: clear minute/second interrupt Junjie Cao (1): fbdev: bitblit: bound-check glyph index in bit_putcs* Junxian Huang (1): RDMA/hns: Fix wrong WQE data when QP wraps around Juraj Šarinay (1): net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Justin Tee (3): scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup scsi: lpfc: Define size of debugfs entry for xri rebalancing Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Kailang Yang (1): ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Kalesh AP (1): bnxt_en: Fix a possible memory leak in bnxt_ptp_init Kaushlendra Kumar (3): tools/cpupower: fix error return value in cpupower_write_sysfs() tools/cpupower: Fix incorrect size in cpuidle_state_disable() tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kees Cook (1): arc: Fix __fls() const-foldability via __builtin_clzl() Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kirill A. Shutemov (1): x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Koakuma (1): sparc/module: Add R_SPARC_UA64 relocation handling Krishna Kurapati (1): usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Krzysztof Kozlowski (5): extcon: adc-jack: Fix wakeup source leaks on device unbind drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL drm/msm/dsi/phy_7nm: Fix missing initial VCO rate extcon: adc-jack: Cleanup wakeup source only if it was enabled dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Kuen-Han Tsai (1): usb: gadget: f_eem: Fix memory leak in eem_unwrap Kuniyuki Iwashima (2): net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. tipc: Fix use-after-free in tipc_mon_reinit_self(). Lad Prabhakar (1): net: ravb: Enforce descriptor type ordering Lance Yang (1): mm/secretmem: fix use-after-free race in fault handler Laurent Pinchart (1): media: pci: ivtv: Don't create fake v4l2_fh Len Brown (2): tools/power x86_energy_perf_policy: Enhance HWP enable tools/power x86_energy_perf_policy: Prefer driver HWP limits Li RongQing (1): x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Lijo Lazar (2): drm/amd/pm: Use cached metrics data on aldebaran drm/amd/pm: Use cached metrics data on arcturus Linus Walleij (1): iio: accel: bmc150: Fix irq assumption regression Lizhi Xu (1): usbnet: Prevents free active kevent Loic Poulain (2): wifi: ath10k: Fix memory leak on unsupported WMI command wifi: ath10k: Fix connection after GTK rekeying Long Li (1): uio_hv_generic: Set event for all channels on the device Luiz Augusto von Dentz (2): Bluetooth: SCO: Fix UAF on sco_conn_free Bluetooth: SMP: Fix not generating mackey and ltk when repairing Lukas Wunner (1): thunderbolt: Use is_pciehp instead of is_hotplug_bridge Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (2): MIPS: Malta: Fix !EVA SOC-it PCI MMIO MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (1): can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Marcos Del Sol Vives (1): PCI: Disable MSI on RDC PCI to PCIe bridges Mario Limonciello (AMD) (1): ACPI: video: force native for Lenovo 82K8 Masami Ichikawa (1): HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Mathias Nyman (6): xhci: dbc: Provide sysfs option to configure dbc descriptors xhci: dbc: poll at different rate depending on data transfer activity xhci: dbc: Improve performance by removing delay in transfer event polling. xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Matthias Schiffer (1): clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Matthieu Baerts (NGI0) (5): arch: back to -std=gnu89 in < v5.18 Revert "docs/process/howto: Replace C89 with C11" mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR selftests: mptcp: connect: fix fallback note due to OoO selftests: mptcp: join: rm: set backup flag Miaoqian Lin (6): net: usb: asix_devices: Check return value of usbnet_get_endpoints fbdev: valkyriefb: Fix reference count leak in valkyriefb_init pmdomain: imx: Fix reference count leak in imx_gpc_remove slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Michael Riesch (1): phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Marshall (1): orangefs: fix xattr related buffer overflow... Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Miroslav Lichvar (1): ptp: Limit time setting of PTP clocks Nai-Chen Cheng (1): selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug Nathan Chancellor (2): lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC net: qede: Initialize qede_ll_ops with designated initializer Nick Desaulniers (1): Makefile.compiler: replace cc-ifversion with compiler-specific macros Nicolas Ferre (1): ARM: at91: pm: save and restore ACR during PLL disable/enable Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niklas Schnelle (1): powerpc/eeh: Use result of error_detected() in uevent Niklas Söderlund (1): net: sh_eth: Disable WoL if system can not suspend Niravkumar L Rabara (3): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Noorain Eqbal (1): bpf: Sync pending IRQ work before freeing ring buffer Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Olga Kornievskaia (2): NFSv4: handle ERR_GRACE on delegation recalls NFSD: free copynotify stateid in nfs4_free_ol_stateid() Omar Sandoval (1): btrfs: fix crash on racing fsync and size-extending write into prealloc Ondrej Mosnacek (1): bpf: Do not audit capability check in do_jit() Owen Gu (2): usb: gadget: f_fs: Fix epfile null pointer access after ep enable. usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Pablo Neira Ayuso (1): netfilter: nf_tables: reject duplicate device on updates Paolo Abeni (5): mptcp: restore window probe mptcp: fix ack generation for fallback msk mptcp: fix premature close in case of fallback mptcp: do not fallback when OoO is present mptcp: avoid unneeded subflow-level drops Pauli Virtanen (4): Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Pavan Chebbi (1): bnxt_en: PTP: Refactor PTP initialization functions Pavel Zhigulin (2): net: dsa: hellcreek: fix missing error handling in LED registration net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Pedro Tammela (2): net/sched: act_connmark: transition to percpu stats and rcu net/sched: act_connmark: handle errno on tcf_idr_check_alloc Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Philipp Hortmann (1): staging: rtl8712: Remove driver using deprecated API wext Philipp Stanner (1): drm/sched: Fix race in drm_sched_entity_select_rq() Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Qendrim Maxhuni (1): net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Qianfeng Rong (2): scsi: pm8001: Use int instead of u32 to store error codes media: redrat3: use int type to store negative error codes Rafael J. Wysocki (1): cpuidle: Fail cpuidle device registration if there is one already Randall P. Embry (2): 9p: fix /sys/fs/9p/caches overwriting itself 9p: sysfs_init: don't hardcode error to ENOMEM Ranganath V N (2): net: sched: act_connmark: initialize struct tc_ife to fix kernel leak net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Raphael Pinsonneault-Thibeault (1): Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Ricardo B. Marlière (1): selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Richard Gobert (1): selftests/net: fix GRO coalesce test and add ext header coalesce tests Robert Marko (1): net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Rodrigo Gobbi (1): iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Rohan G Thomas (1): net: phy: marvell: Fix 88e1510 downshift counter errata Rosen Penev (1): dmaengine: mv_xor: match alloc_wc and free_wc Roy Vegard Ovesen (2): ALSA: usb-audio: fix control pipe direction ALSA: usb-audio: add mono main switch to Presonus S1824c Russell King (Oracle) (1): net: dsa: sja1105: simplify static configuration reload Ryan Chen (1): soc: aspeed: socinfo: Add AST27xx silicon IDs Ryan Wanner (1): clk: at91: clk-master: Add check for divide by 3 Sakari Ailus (1): ACPI: property: Return present device nodes only on fwnode interface Saket Dumbre (1): ACPICA: Update dsmethod.c to get rid of unused variable warning Sarthak Garg (1): mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Sathishkumar S (1): drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Scott Mayhew (1): NFS: check if suid/sgid was cleared after a write as needed Seungjin Bae (2): Input: pegasus-notetaker - fix potential out-of-bounds access can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Seyediman Seyedarab (2): drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Shahar Shitrit (1): net: tls: Cancel RX async resync request on rcd_delta overflow Shang song (Lenovo) (1): ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shaurya Rane (1): jfs: fix uninitialized waitqueue in transaction manager Shawn Lin (1): mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Shuai Xue (1): acpi,srat: Fix incorrect device handle check for Generic Initiator Srinivas Kandagatla (1): ASoC: qdsp6: q6asm: do not sleep while atomic Stefan Wiehler (3): sctp: Hold RCU read lock while iterating over address list sctp: Prevent TOCTOU out-of-bounds write sctp: Hold sock lock while iterating over address list Stephan Gerhold (1): remoteproc: qcom: q6v5: Avoid handling handover twice Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Sungho Kim (1): PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Svyatoslav Ryhel (1): video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Takashi Iwai (3): ALSA: usb-audio: Add validation of UAC2/UAC3 effect units ALSA: usb-audio: Fix potential overflow of PCM transfer buffer ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Tetsuo Handa (3): media: imon: make send_packet() more robust ntfs3: pretend $Extend records as regular files jfs: Verify inode mode when loading from disk Thomas Andreatta (1): dmaengine: sh: setup_xref error handling Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Thomas Weißschuh (3): spi: loopback-test: Don't use %pK through printk soc: ti: pruss: don't use %pK through printk bpf: Don't use %pK through printk Thomas Zimmermann (1): drm/sysfb: Do not dereference NULL pointer in plane reset Thorsten Blum (1): btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Théo Lebrun (1): net: macb: avoid dealing with endianness in macb_set_hwaddr() Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Tiezhu Yang (1): net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Tiwei Bie (1): um: Fix help message for ssl-non-raw Tomeu Vizoso (1): drm/etnaviv: fix flush sequence logic Tomi Valkeinen (1): drm/tidss: Use the crtc_* timings when programming the HW Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Trond Myklebust (1): NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Tvrtko Ursulin (1): drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Uday M Bhat (1): xhci: dbc: Allow users to modify DbC poll interval via sysfs Ujwal Kundur (1): rds: Fix endianness annotation for RDS_MPATH_HASH Uwe Kleine-König (1): usb: renesas_usbhs: Convert to platform remove callback returning void Valerio Setti (1): ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Viacheslav Dubeyko (1): ceph: add checking of wait_for_completion_killable() return value Vincent Mailhol (2): usb: deprecate the third argument of usb_maxpacket() Input: remove third argument of usb_maxpacket() Vladimir Oltean (1): net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Wake Liu (2): selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 selftests/net: Ensure assert() triggers in psock_tpacket.c Wang Liang (1): selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() William Wu (1): usb: gadget: f_hid: Fix zero length packet transfer Xiang Mei (1): net/sched: sch_qfq: Fix null-deref in agg_dequeue Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yafang Shao (1): net/cls_cgroup: Fix task_get_classid() during qdisc run Yang Wang (1): drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Yikang Yue (1): fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Yixun Lan (1): libbpf, riscv: Use a0 for RC register Yongpeng Yang (1): exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Yue Haibing (1): ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Yuhao Jiang (1): ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Yuta Hayama (1): rtc: rx8025: fix incorrect register reference Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zhengchao Shao (2): net: sched: act: move global static variable net_id to tc_action_ops net: sched: act_connmark: get rid of tcf_connmark_walker and tcf_connmark_search Zijun Hu (1): char: misc: Does not request module for miscdevice with dynamic minor Zilin Guan (2): tracing: Fix memory leaks in create_field_var() mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() austinchang (1): btrfs: mark dirty extent range for out of bound prealloc extents chuguangqing (1): fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock raub camaioni (1): usb: gadget: f_ncm: Fix MAC assignment NCM ethernet ziming zhang (1): libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

2 days, 5 hours

1
1
0 0

Linux 5.10.247

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.247 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 + Documentation/kbuild/makefiles.rst | 29 +- Makefile | 6 arch/arc/include/asm/bitops.h | 2 arch/arm/crypto/Kconfig | 2 arch/arm/mach-at91/pm_suspend.S | 8 arch/mips/boot/dts/lantiq/danube.dtsi | 6 arch/mips/lantiq/xway/sysctrl.c | 2 arch/mips/loongson64/Platform | 2 arch/mips/mm/tlb-r4k.c | 100 ++++--- arch/mips/mti-malta/malta-init.c | 20 - arch/parisc/boot/compressed/Makefile | 2 arch/powerpc/Makefile | 4 arch/powerpc/kernel/eeh_driver.c | 2 arch/riscv/kernel/cpu-hotplug.c | 1 arch/riscv/mm/ptdump.c | 2 arch/s390/Makefile | 6 arch/s390/purgatory/Makefile | 2 arch/sparc/include/asm/elf_64.h | 1 arch/sparc/kernel/module.c | 1 arch/um/drivers/ssl.c | 5 arch/x86/Makefile | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/entry/vsyscall/vsyscall_64.c | 17 + arch/x86/events/core.c | 10 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/resctrl/monitor.c | 10 arch/x86/kernel/kvm.c | 20 - drivers/acpi/acpi_video.c | 4 drivers/acpi/acpica/dsmethod.c | 10 drivers/acpi/numa/srat.c | 2 drivers/acpi/property.c | 24 + drivers/acpi/video_detect.c | 8 drivers/ata/libata-scsi.c | 8 drivers/atm/fore200e.c | 2 drivers/base/devcoredump.c | 138 ++++++---- drivers/base/regmap/regmap-slimbus.c | 6 drivers/bluetooth/btusb.c | 13 drivers/bluetooth/hci_bcsp.c | 3 drivers/char/misc.c | 8 drivers/clocksource/timer-vf-pit.c | 22 - drivers/cpufreq/longhaul.c | 3 drivers/cpuidle/cpuidle.c | 8 drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 drivers/dma/sh/shdma-base.c | 25 + drivers/dma/sh/shdmac.c | 17 - drivers/edac/altera_edac.c | 22 + drivers/extcon/extcon-adc-jack.c | 2 drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/stratix10-svc.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/display/dc/calcs/Makefile | 2 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 drivers/gpu/drm/amd/display/dc/dcn30/Makefile | 2 drivers/gpu/drm/amd/display/dc/dml/Makefile | 2 drivers/gpu/drm/amd/display/dc/dsc/Makefile | 2 drivers/gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 drivers/gpu/drm/bridge/display-connector.c | 3 drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 drivers/gpu/drm/sti/sti_vtg.c | 7 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tidss/tidss_crtc.c | 2 drivers/gpu/drm/tidss/tidss_dispc.c | 16 - drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/hid/hid-ids.h | 7 drivers/hid/hid-ntrig.c | 7 drivers/hid/hid-quirks.c | 14 - drivers/hwmon/dell-smm-hwmon.c | 7 drivers/iio/adc/spear_adc.c | 9 drivers/iio/common/ssp_sensors/ssp_dev.c | 4 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 - drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/misc/ati_remote2.c | 2 drivers/input/misc/cm109.c | 2 drivers/input/misc/powermate.c | 2 drivers/input/misc/yealink.c | 2 drivers/input/tablet/acecad.c | 2 drivers/input/tablet/pegasus_notetaker.c | 11 drivers/iommu/amd/init.c | 28 +- drivers/irqchip/irq-gic-v2m.c | 13 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 - drivers/mailbox/mailbox-test.c | 2 drivers/md/dm-verity-fec.c | 6 drivers/media/i2c/ir-kbd-i2c.c | 6 drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 drivers/media/pci/ivtv/ivtv-driver.h | 3 drivers/media/pci/ivtv/ivtv-fileops.c | 18 - drivers/media/pci/ivtv/ivtv-irq.c | 4 drivers/media/rc/imon.c | 61 ++-- drivers/media/rc/redrat3.c | 2 drivers/media/tuners/xc4000.c | 8 drivers/media/tuners/xc5000.c | 12 drivers/memstick/core/memstick.c | 8 drivers/mfd/da9063-i2c.c | 27 + drivers/mfd/madera-core.c | 4 drivers/mfd/stmpe-i2c.c | 1 drivers/mfd/stmpe.c | 3 drivers/mmc/host/renesas_sdhi_core.c | 6 drivers/mmc/host/sdhci-msm.c | 15 + drivers/most/most_usb.c | 14 - drivers/mtd/nand/onenand/onenand_samsung.c | 2 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/can/sja1000/sja1000.c | 4 drivers/net/can/sun4i_can.c | 4 drivers/net/can/usb/gs_usb.c | 23 - drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 drivers/net/dsa/b53/b53_common.c | 15 - drivers/net/dsa/b53/b53_regs.h | 3 drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 - drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/cadence/macb_main.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 - drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/realtek/Kconfig | 2 drivers/net/ethernet/realtek/r8169_main.c | 6 drivers/net/ethernet/renesas/ravb_main.c | 16 + drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 drivers/net/ethernet/ti/netcp_core.c | 10 drivers/net/phy/dp83867.c | 6 drivers/net/phy/marvell.c | 39 ++ drivers/net/phy/mdio_bus.c | 5 drivers/net/usb/asix_devices.c | 12 drivers/net/usb/qmi_wwan.c | 6 drivers/net/usb/usbnet.c | 2 drivers/net/wireless/ath/ath10k/mac.c | 12 drivers/net/wireless/ath/ath10k/wmi.c | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 -- drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 drivers/nvme/host/fc.c | 12 drivers/pci/controller/cadence/pcie-cadence-host.c | 2 drivers/pci/controller/cadence/pcie-cadence.c | 4 drivers/pci/controller/cadence/pcie-cadence.h | 6 drivers/pci/p2pdma.c | 2 drivers/pci/quirks.c | 1 drivers/phy/cadence/cdns-dphy.c | 4 drivers/pinctrl/pinctrl-single.c | 4 drivers/regulator/fixed.c | 6 drivers/remoteproc/qcom_q6v5.c | 5 drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/lpfc/lpfc_debugfs.h | 3 drivers/scsi/pm8001/pm8001_ctl.c | 24 - drivers/scsi/pm8001/pm8001_init.c | 1 drivers/scsi/pm8001/pm8001_sas.c | 4 drivers/scsi/pm8001/pm8001_sas.h | 4 drivers/scsi/sg.c | 10 drivers/slimbus/qcom-ngd-ctrl.c | 1 drivers/soc/imx/gpc.c | 2 drivers/soc/qcom/smem.c | 2 drivers/soc/ti/knav_dma.c | 14 - drivers/soc/ti/pruss.c | 2 drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-loopback-test.c | 12 drivers/spi/spi.c | 10 drivers/target/loopback/tcm_loop.c | 3 drivers/tee/tee_core.c | 2 drivers/thunderbolt/nhi.c | 2 drivers/thunderbolt/nhi.h | 1 drivers/tty/serial/8250/8250_dw.c | 67 ++-- drivers/tty/serial/amba-pl011.c | 2 drivers/uio/uio_hv_generic.c | 21 + drivers/usb/cdns3/cdns3-pci-wrap.c | 5 drivers/usb/dwc3/ep0.c | 1 drivers/usb/dwc3/gadget.c | 7 drivers/usb/gadget/function/f_eem.c | 7 drivers/usb/gadget/function/f_fs.c | 8 drivers/usb/gadget/function/f_hid.c | 4 drivers/usb/gadget/function/f_ncm.c | 3 drivers/usb/host/xhci-dbgcap.h | 1 drivers/usb/host/xhci-dbgtty.c | 17 + drivers/usb/host/xhci-plat.c | 1 drivers/usb/mon/mon_bin.c | 14 - drivers/usb/renesas_usbhs/common.c | 14 - drivers/usb/serial/ftdi_sio.c | 1 drivers/usb/serial/ftdi_sio_ids.h | 1 drivers/usb/serial/option.c | 10 drivers/usb/storage/sddr55.c | 6 drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 7 drivers/usb/storage/unusual_devs.h | 2 drivers/usb/typec/ucsi/psy.c | 5 drivers/video/backlight/lp855x_bl.c | 2 drivers/video/fbdev/aty/atyfb_base.c | 8 drivers/video/fbdev/core/bitblit.c | 33 ++ drivers/video/fbdev/pvr2fb.c | 2 drivers/video/fbdev/valkyriefb.c | 2 fs/9p/v9fs.c | 9 fs/btrfs/disk-io.c | 2 fs/btrfs/file.c | 10 fs/btrfs/transaction.c | 2 fs/btrfs/tree-log.c | 1 fs/ceph/locks.c | 5 fs/cifs/connect.c | 1 fs/dax.c | 2 fs/exfat/fatent.c | 11 fs/exfat/super.c | 5 fs/ext4/xattr.c | 2 fs/fs-writeback.c | 7 fs/hpfs/namei.c | 18 - fs/jfs/inode.c | 8 fs/jfs/jfs_txnmgr.c | 9 fs/nfs/inode.c | 6 fs/nfs/nfs4client.c | 1 fs/nfs/nfs4proc.c | 7 fs/nfs/nfs4state.c | 3 fs/nfsd/nfs4proc.c | 7 fs/nfsd/nfs4state.c | 3 fs/open.c | 10 fs/orangefs/xattr.c | 12 fs/overlayfs/copy_up.c | 2 fs/proc/generic.c | 12 fs/xfs/xfs_super.c | 33 +- include/linux/ata.h | 1 include/linux/blk_types.h | 11 include/linux/compiler_types.h | 5 include/linux/filter.h | 2 include/linux/mm.h | 2 include/linux/shdma-base.h | 2 include/linux/usb.h | 16 - include/net/cls_cgroup.h | 2 include/net/nfc/nci_core.h | 2 include/net/pkt_sched.h | 25 + include/net/sctp/sctp.h | 3 include/net/tls.h | 6 kernel/bpf/ringbuf.c | 2 kernel/events/uprobes.c | 7 kernel/gcov/gcc_4_7.c | 4 kernel/trace/trace_events_hist.c | 6 kernel/trace/trace_events_synth.c | 3 lib/crypto/Makefile | 2 mm/page_alloc.c | 2 net/8021q/vlan.c | 2 net/bluetooth/6lowpan.c | 97 ++++--- net/bluetooth/hci_event.c | 21 + net/bluetooth/l2cap_core.c | 1 net/bluetooth/sco.c | 7 net/bluetooth/smp.c | 31 -- net/bridge/br_forward.c | 3 net/ceph/ceph_common.c | 53 ++- net/ceph/debugfs.c | 14 - net/core/netpoll.c | 7 net/core/page_pool.c | 6 net/core/sock.c | 15 - net/hsr/hsr_device.c | 3 net/ipv4/fib_frontend.c | 2 net/ipv4/inet_diag.c | 5 net/ipv4/nexthop.c | 6 net/ipv4/raw_diag.c | 7 net/ipv4/route.c | 5 net/ipv4/udp_diag.c | 6 net/ipv4/udp_tunnel_nic.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ah6.c | 50 ++- net/ipv6/raw.c | 2 net/ipv6/udp.c | 2 net/mac80211/rx.c | 10 net/mptcp/mptcp_diag.c | 6 net/mptcp/pm.c | 3 net/mptcp/pm_netlink.c | 20 - net/mptcp/protocol.c | 59 +++- net/mptcp/protocol.h | 1 net/netfilter/nf_tables_api.c | 15 + net/netfilter/nft_set_pipapo.c | 4 net/netfilter/nft_set_pipapo.h | 21 + net/netfilter/nft_set_pipapo_avx2.c | 31 +- net/netlink/af_netlink.c | 2 net/openvswitch/actions.c | 68 ---- net/openvswitch/flow_netlink.c | 64 ---- net/openvswitch/flow_netlink.h | 2 net/rds/rds.h | 2 net/sched/act_ife.c | 12 net/sched/sch_api.c | 10 net/sched/sch_generic.c | 17 - net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 net/sctp/diag.c | 69 ++--- net/sctp/sm_make_chunk.c | 2 net/sctp/socket.c | 24 + net/sctp/transport.c | 13 net/smc/smc_clc.c | 1 net/strparser/strparser.c | 2 net/tipc/net.c | 2 net/tls/tls_device.c | 4 net/unix/diag.c | 6 net/vmw_vsock/af_vsock.c | 40 ++ scripts/Kbuild.include | 10 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/pci/hda/patch_realtek.c | 17 - sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/max98090.c | 6 sound/soc/meson/aiu-encoder-i2s.c | 9 sound/soc/qcom/qdsp6/q6asm.c | 2 sound/usb/endpoint.c | 5 sound/usb/mixer.c | 11 sound/usb/mixer_s1810c.c | 28 +- sound/usb/validate.c | 9 tools/power/cpupower/lib/cpuidle.c | 5 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 30 +- tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 tools/testing/selftests/net/fcnal-test.sh | 4 tools/testing/selftests/net/psock_tpacket.c | 4 tools/testing/selftests/net/traceroute.sh | 13 329 files changed, 2071 insertions(+), 1149 deletions(-) Abdun Nihaal (1): isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Akhil P Oommen (1): drm/msm/a6xx: Fix GMU firmware parser Al Viro (2): allow finish_no_open(file, ERR_PTR(-E...)) nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Alan Borzeszkowski (1): thunderbolt: Add support for Intel Wildcat Lake Alan Stern (1): USB: storage: Remove subclass and protocol overrides from Novatek quirk Albin Babu Varghese (1): fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Aleksander Jan Bajkowski (3): mips: lantiq: danube: add missing properties to cpu node mips: lantiq: danube: add missing device_type in pci node mips: lantiq: xway: sysctrl: rename stp clock Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alex Hung (1): drm/amd/display: Check NULL before accessing Alex Lu (1): Bluetooth: Add more enc key size check Alexander Stein (2): mfd: stmpe: Remove IRQ domain upon removal mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexey Dobriyan (1): x86/boot: Compile boot code with -std=gnu11 too Alexey Klimov (1): regmap: slimbus: fix bus_context pointer in regmap init calls Alexey Kodanev (1): net: sxgbe: fix potential NULL dereference in sxgbe_rx() Alok Tiwari (1): udp_tunnel: use netdev_warn() instead of netdev_WARN() Amber Lin (1): drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Amirreza Zarrabi (1): tee: allow a driver to allocate a tee_device without a pool Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Andy Shevchenko (1): serial: 8250_dw: Use devm_add_action_or_reset() Anthony Iliopoulos (1): NFSv4.1: fix mount hang after CREATE_SESSION failure Armin Wolf (1): hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Arnd Bergmann (1): mfd: madera: Work around false-positive -Wininitialized warning Artem Shimko (1): serial: 8250_dw: handle reset control deassert error Ashish Kalra (1): iommu/amd: Skip enabling command/event buffers for kdump Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Benjamin Berg (1): wifi: mac80211: skip rate verification for not captured PSDUs Biju Das (1): mmc: host: renesas_sdhi: Fix the actual clock Brahmajit Das (1): net: intel: fm10k: Fix parameter idx set but not used Breno Leitao (1): net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Celeste Liu (1): can: gs_usb: increase max interface to U8_MAX Charalampos Mitrodimas (1): net: ipv6: fix field-spanning memcpy warning in AH output Chelsy Ratnawat (1): media: fix uninitialized symbol warnings Chen Wang (1): PCI: cadence: Check for the existence of cdns_pcie::ops before using it Chi Zhang (1): pinctrl: single: fix bias pull up/down handling in pin_config_set Chi Zhiling (1): exfat: limit log print for IO error Chris Morgan (1): regulator: fixed: use dev_err_probe for register Christian Bruel (1): irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Christoph Hellwig (1): fsdax: mark the iomap argument to dax_iomap_sector as const Christoph Paasch (1): net: When removing nexthops, don't call synchronize_net if it is not necessary Christophe JAILLET (1): iio:common:ssp_sensors: Fix an error handling path ssp_probe() Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Chuck Lever (1): NFSD: Fix crash in nfsd4_read_release() ChunHao Lin (1): r8169: set EEE speed down ratio to 1 Claudiu Beznea (1): usb: renesas_usbhs: Fix synchronous external abort on unbind Cryolitia PukNgae (1): ALSA: usb-audio: apply quirk for MOONDROP Quark2 D. Wythe (1): net/smc: fix mismatch between CLC header and proposal Damien Le Moal (2): block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL block: make REQ_OP_ZONE_OPEN a write operation Dan Carpenter (2): mtd: onenand: Pass correct pointer to IRQ handler Input: imx_sc_key - fix memory corruption on unload Daniel Lezcano (1): clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Daniel Palmer (2): fbdev: atyfb: Check if pll_ops->init_pll failed eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP Daniel Wagner (1): nvme-fc: use lock accessing port_state and rport state Danielle Costantino (1): net/mlx5e: Fix validation logic in rate limiting Danil Skrebenkov (1): RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Darrick J. Wong (1): xfs: always warn about deprecated mount options David Ahern (2): selftests: Disable dad for ipv6 in fcnal-test.sh selftests: Replace sleep with slowwait David Kaplan (1): x86/bugs: Fix reporting of LFENCE retpoline Dennis Beier (1): cpufreq/longhaul: handle NULL policy in longhaul_exit Desnes Nunes (1): usb: storage: Fix memory leak in USB bulk transport Devendra K Verma (1): dmaengine: dw-edma: Set status for callback_result Dmitry Baryshkov (1): drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Dragos Tatulea (1): page_pool: Clamp pool size to max 16K pages Emanuele Ghidoli (1): net: phy: dp83867: Disable EEE support as not implemented Eric Biggers (1): lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Eric Dumazet (6): net: call cond_resched() less often in __release_sock() ipv6: np->rxpmtu race annotation sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: limit try_bulk_dequeue_skb() batches mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (1): nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Felix Maurer (1): hsr: Fix supervision frame sending on HSRv0 Filipe Manana (2): btrfs: always drop log root tree reference in btrfs_replay_log() btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Florian Fuchs (1): fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Florian Westphal (2): netfilter: nf_set_pipapo: fix initial map fill netfilter: nf_set_pipapo_avx2: fix initial map fill Forest Crossman (1): usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Francesco Lavra (1): iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Francisco Gutierrez (1): scsi: pm80xx: Fix race condition caused by static variables Gal Pressman (2): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Geoffrey McRae (1): drm/amdkfd: return -ENOTTY for unsupported IOCTLs Gokul Sivakumar (1): wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Greg Kroah-Hartman (1): Linux 5.10.247 Gui-Dong Han (1): atm/fore200e: Fix possible data race in fore200e_open() Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hang Zhou (1): spi: bcm63xx: fix premature CS deassertion on RX-only transactions Hangbin Liu (1): net: vlan: sync VLAN features with lower device Hans de Goede (2): ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() spi: Try to get ACPI GPIO IRQ earlier Haotian Zhang (3): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure mailbox: mailbox-test: Fix debugfs_create_dir error checking Harikrishna Shenoy (1): phy: cadence: cdns-dphy: Enable lower resolutions in dphy Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Ido Schimmel (2): bridge: Redirect to backup port when port is administratively down selftests: traceroute: Use require_command() Igor Pylypiv (1): scsi: pm80xx: Set phy->enable_completion only when we Ilya Dryomov (1): libceph: fix potential use-after-free in have_mon_and_osd_map() Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Isaac J. Manjarres (1): mm/mm_init: fix hash table order logging in alloc_large_system_hash() Ivan Pravdin (1): Bluetooth: bcsp: receive data only if registered Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jameson Thies (1): usb: typec: ucsi: psy: Set max current to zero when disconnected Jens Kehne (1): mfd: da9063: Split chip variant reading in two bus transactions Jens Reidel (1): soc: qcom: smem: Fix endian-unaware access of num_entries Jiayi Li (1): memstick: Add timeout to prevent indefinite waiting Jiayuan Chen (1): mptcp: Fix proto fallback detection with BPF Jiefeng Zhang (1): net: atlantic: fix fragment overflow handling in RX path Jiri Olsa (2): uprobe: Do not emulate/sstep original instruction when ip is changed Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Jiufei Xue (1): fs: writeback: fix use-after-free in __mark_inode_dirty() Johan Hovold (2): most: usb: fix double free on late probe failure drm: sti: fix device leaks at component probe John Smith (2): drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland Jonas Gorski (3): net: dsa: b53: fix resetting speed and pause on forced link net: dsa: b53: fix enabling ip multicast net: dsa: b53: stop reading ARL entries if search is done Josephine Pfeiffer (1): riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Joshua Watt (1): NFS4: Fix state renewals missing after boot Junjie Cao (1): fbdev: bitblit: bound-check glyph index in bit_putcs* Juraj Šarinay (1): net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Justin Tee (1): scsi: lpfc: Define size of debugfs entry for xri rebalancing Kai-Heng Feng (1): net: aquantia: Add missing descriptor cache invalidation on ATL2 Kailang Yang (1): ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Kaushlendra Kumar (2): tools/cpupower: Fix incorrect size in cpuidle_state_disable() tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kees Cook (1): arc: Fix __fls() const-foldability via __builtin_clzl() Khairul Anuar Romli (1): firmware: stratix10-svc: fix bug in saving controller data Kirill A. Shutemov (1): x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Koakuma (1): sparc/module: Add R_SPARC_UA64 relocation handling Krishna Kurapati (1): usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Krzysztof Kozlowski (3): extcon: adc-jack: Fix wakeup source leaks on device unbind extcon: adc-jack: Cleanup wakeup source only if it was enabled dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Kuen-Han Tsai (1): usb: gadget: f_eem: Fix memory leak in eem_unwrap Kuniyuki Iwashima (2): net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. tipc: Fix use-after-free in tipc_mon_reinit_self(). Lad Prabhakar (1): net: ravb: Enforce descriptor type ordering Laurent Pinchart (1): media: pci: ivtv: Don't create fake v4l2_fh Len Brown (2): tools/power x86_energy_perf_policy: Enhance HWP enable tools/power x86_energy_perf_policy: Prefer driver HWP limits Li RongQing (1): x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Lijo Lazar (1): drm/amd/pm: Use cached metrics data on arcturus Lizhi Xu (1): usbnet: Prevents free active kevent Loic Poulain (2): wifi: ath10k: Fix memory leak on unsupported WMI command wifi: ath10k: Fix connection after GTK rekeying Long Li (1): uio_hv_generic: Set event for all channels on the device Lu Wei (1): net: sctp: Fix some typos Luiz Augusto von Dentz (2): Bluetooth: SCO: Fix UAF on sco_conn_free Bluetooth: SMP: Fix not generating mackey and ltk when repairing Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (2): MIPS: Malta: Fix !EVA SOC-it PCI MMIO MIPS: mm: Prevent a TLB shutdown on initial uniquification Manish Nagar (1): usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Marc Kleine-Budde (1): can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Marcos Del Sol Vives (1): PCI: Disable MSI on RDC PCI to PCIe bridges Mario Limonciello (AMD) (1): ACPI: video: force native for Lenovo 82K8 Masami Ichikawa (1): HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Mathias Nyman (1): xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Matthieu Baerts (NGI0) (2): arch: back to -std=gnu89 in < v5.18 tracing: fix declaration-after-statement warning Miaoqian Lin (6): net: usb: asix_devices: Check return value of usbnet_get_endpoints fbdev: valkyriefb: Fix reference count leak in valkyriefb_init pmdomain: imx: Fix reference count leak in imx_gpc_remove slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves serial: amba-pl011: prefer dma_mapping_error() over explicit address checking usb: cdns3: Fix double resource release in cdns3_pci_probe Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Marshall (1): orangefs: fix xattr related buffer overflow... Mikulas Patocka (1): dm-verity: fix unreliable memory allocation Nai-Chen Cheng (1): selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug Nathan Chancellor (2): lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC net: qede: Initialize qede_ll_ops with designated initializer Nick Desaulniers (1): Makefile.compiler: replace cc-ifversion with compiler-specific macros Nicolas Ferre (1): ARM: at91: pm: save and restore ACR during PLL disable/enable Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niklas Schnelle (1): powerpc/eeh: Use result of error_detected() in uevent Niklas Söderlund (1): net: sh_eth: Disable WoL if system can not suspend Niravkumar L Rabara (3): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Noorain Eqbal (1): bpf: Sync pending IRQ work before freeing ring buffer Oleksandr Suvorov (1): USB: serial: ftdi_sio: add support for u-blox EVK-M101 Olga Kornievskaia (2): NFSv4: handle ERR_GRACE on delegation recalls NFSD: free copynotify stateid in nfs4_free_ol_stateid() Owen Gu (2): usb: gadget: f_fs: Fix epfile null pointer access after ep enable. usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Pablo Neira Ayuso (1): netfilter: nf_tables: reject duplicate device on updates Paolo Abeni (2): mptcp: introduce mptcp_schedule_work mptcp: do not fallback when OoO is present Pauli Virtanen (4): Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Paulo Alcantara (1): smb: client: fix memory leak in cifs_construct_tcon() Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Qendrim Maxhuni (1): net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Qianfeng Rong (2): scsi: pm8001: Use int instead of u32 to store error codes media: redrat3: use int type to store negative error codes Rafael J. Wysocki (1): cpuidle: Fail cpuidle device registration if there is one already Randall P. Embry (2): 9p: fix /sys/fs/9p/caches overwriting itself 9p: sysfs_init: don't hardcode error to ENOMEM Ranganath V N (1): net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Raphael Pinsonneault-Thibeault (1): Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Ricardo B. Marlière (1): selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Rodrigo Gobbi (1): iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Rohan G Thomas (1): net: phy: marvell: Fix 88e1510 downshift counter errata Rosen Penev (1): dmaengine: mv_xor: match alloc_wc and free_wc Roy Vegard Ovesen (2): ALSA: usb-audio: fix control pipe direction ALSA: usb-audio: add mono main switch to Presonus S1824c Sakari Ailus (1): ACPI: property: Return present device nodes only on fwnode interface Saket Dumbre (1): ACPICA: Update dsmethod.c to get rid of unused variable warning Sarthak Garg (1): mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Sathishkumar S (1): drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Seungjin Bae (2): Input: pegasus-notetaker - fix potential out-of-bounds access can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Seyediman Seyedarab (1): drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Shahar Shitrit (1): net: tls: Cancel RX async resync request on rcd_delta overflow Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shaurya Rane (1): jfs: fix uninitialized waitqueue in transaction manager Shuai Xue (1): acpi,srat: Fix incorrect device handle check for Generic Initiator Srinivas Kandagatla (1): ASoC: qdsp6: q6asm: do not sleep while atomic Stefan Wiehler (3): sctp: Hold RCU read lock while iterating over address list sctp: Prevent TOCTOU out-of-bounds write sctp: Hold sock lock while iterating over address list Stephan Gerhold (1): remoteproc: qcom: q6v5: Avoid handling handover twice Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Sungho Kim (1): PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Svyatoslav Ryhel (1): video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Takashi Iwai (2): ALSA: usb-audio: Add validation of UAC2/UAC3 effect units ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Tetsuo Handa (2): media: imon: make send_packet() more robust jfs: Verify inode mode when loading from disk Thomas Andreatta (1): dmaengine: sh: setup_xref error handling Thomas Mühlbacher (1): can: sja1000: fix max irq loop handling Thomas Weißschuh (3): spi: loopback-test: Don't use %pK through printk soc: ti: pruss: don't use %pK through printk bpf: Don't use %pK through printk Théo Lebrun (1): net: macb: avoid dealing with endianness in macb_set_hwaddr() Tianchu Chen (1): usb: storage: sddr55: Reject out-of-bound new_pba Tiezhu Yang (1): net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Tiwei Bie (1): um: Fix help message for ssl-non-raw Tomeu Vizoso (1): drm/etnaviv: fix flush sequence logic Tomi Valkeinen (1): drm/tidss: Use the crtc_* timings when programming the HW Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Trond Myklebust (1): Revert "NFS: Don't set NFS_INO_REVAL_PAGECACHE in the inode cache validity" Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Ujwal Kundur (1): rds: Fix endianness annotation for RDS_MPATH_HASH Valerio Setti (1): ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Vanillan Wang (1): USB: serial: option: add support for Rolling RW101R-GL Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Viacheslav Dubeyko (1): ceph: add checking of wait_for_completion_killable() return value Vincent Mailhol (2): usb: deprecate the third argument of usb_maxpacket() Input: remove third argument of usb_maxpacket() Wake Liu (2): selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 selftests/net: Ensure assert() triggers in psock_tpacket.c Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() William Wu (1): usb: gadget: f_hid: Fix zero length packet transfer Xiang Mei (1): net/sched: sch_qfq: Fix null-deref in agg_dequeue Xin Long (1): sctp: hold endpoint before calling cb in sctp_transport_lookup_process Yafang Shao (1): net/cls_cgroup: Fix task_get_classid() during qdisc run Yajun Deng (1): net: Use nlmsg_unicast() instead of netlink_unicast() Yang Wang (1): drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Yikang Yue (1): fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Yongpeng Yang (1): exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Yue Haibing (1): ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Yuhao Jiang (1): ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zijun Hu (1): char: misc: Does not request module for miscdevice with dynamic minor Zilin Guan (2): tracing: Fix memory leaks in create_field_var() mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() austinchang (1): btrfs: mark dirty extent range for out of bound prealloc extents chuguangqing (1): fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock raub camaioni (1): usb: gadget: f_ncm: Fix MAC assignment NCM ethernet

2 days, 5 hours

1
1
0 0

[PATCH] lib/crypto: riscv: Depend on RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS

by Eric Biggers

Replace the RISCV_ISA_V dependency of the RISC-V crypto code with RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS, which implies RISCV_ISA_V as well as vector unaligned accesses being efficient. This is necessary because this code assumes that vector unaligned accesses are supported and are efficient. (It does so to avoid having to use lots of extra vsetvli instructions to switch the element width back and forth between 8 and either 32 or 64.) This was omitted from the code originally just because the RISC-V kernel support for detecting this feature didn't exist yet. Support has now been added, but it's fragmented into per-CPU runtime detection, a command-line parameter, and a kconfig option. The kconfig option is the only reasonable way to do it, though, so let's just rely on that. Fixes: eb24af5d7a05 ("crypto: riscv - add vector crypto accelerated AES-{ECB,CBC,CTR,XTS}") Fixes: bb54668837a0 ("crypto: riscv - add vector crypto accelerated ChaCha20") Fixes: 600a3853dfa0 ("crypto: riscv - add vector crypto accelerated GHASH") Fixes: 8c8e40470ffe ("crypto: riscv - add vector crypto accelerated SHA-{256,224}") Fixes: b3415925a08b ("crypto: riscv - add vector crypto accelerated SHA-{512,384}") Fixes: 563a5255afa2 ("crypto: riscv - add vector crypto accelerated SM3") Fixes: b8d06352bbf3 ("crypto: riscv - add vector crypto accelerated SM4") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- arch/riscv/crypto/Kconfig | 12 ++++++++---- lib/crypto/Kconfig | 9 ++++++--- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/arch/riscv/crypto/Kconfig b/arch/riscv/crypto/Kconfig index a75d6325607b..14c5acb935e9 100644 --- a/arch/riscv/crypto/Kconfig +++ b/arch/riscv/crypto/Kconfig @@ -2,11 +2,12 @@ menu "Accelerated Cryptographic Algorithms for CPU (riscv)" config CRYPTO_AES_RISCV64 tristate "Ciphers: AES, modes: ECB, CBC, CTS, CTR, XTS" - depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO + depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \ + RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS select CRYPTO_ALGAPI select CRYPTO_LIB_AES select CRYPTO_SKCIPHER help Block cipher: AES cipher algorithms @@ -18,21 +19,23 @@ config CRYPTO_AES_RISCV64 - Zvkb vector crypto extension (CTR) - Zvkg vector crypto extension (XTS) config CRYPTO_GHASH_RISCV64 tristate "Hash functions: GHASH" - depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO + depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \ + RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS select CRYPTO_GCM help GCM GHASH function (NIST SP 800-38D) Architecture: riscv64 using: - Zvkg vector crypto extension config CRYPTO_SM3_RISCV64 tristate "Hash functions: SM3 (ShangMi 3)" - depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO + depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \ + RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS select CRYPTO_HASH select CRYPTO_LIB_SM3 help SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012) @@ -40,11 +43,12 @@ config CRYPTO_SM3_RISCV64 - Zvksh vector crypto extension - Zvkb vector crypto extension config CRYPTO_SM4_RISCV64 tristate "Ciphers: SM4 (ShangMi 4)" - depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO + depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \ + RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS select CRYPTO_ALGAPI select CRYPTO_SM4 help SM4 block cipher algorithm (OSCCA GB/T 32907-2016, ISO/IEC 18033-3:2010/Amd 1:2021) diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index a3647352bff6..6871a41e5069 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -59,11 +59,12 @@ config CRYPTO_LIB_CHACHA_ARCH depends on CRYPTO_LIB_CHACHA && !UML && !KMSAN default y if ARM default y if ARM64 && KERNEL_MODE_NEON default y if MIPS && CPU_MIPS32_R2 default y if PPC64 && CPU_LITTLE_ENDIAN && VSX - default y if RISCV && 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO + default y if RISCV && 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \ + RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS default y if S390 default y if X86_64 config CRYPTO_LIB_CURVE25519 tristate @@ -182,11 +183,12 @@ config CRYPTO_LIB_SHA256_ARCH depends on CRYPTO_LIB_SHA256 && !UML default y if ARM && !CPU_V7M default y if ARM64 default y if MIPS && CPU_CAVIUM_OCTEON default y if PPC && SPE - default y if RISCV && 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO + default y if RISCV && 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \ + RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS default y if S390 default y if SPARC64 default y if X86_64 config CRYPTO_LIB_SHA512 @@ -200,11 +202,12 @@ config CRYPTO_LIB_SHA512_ARCH bool depends on CRYPTO_LIB_SHA512 && !UML default y if ARM && !CPU_V7M default y if ARM64 default y if MIPS && CPU_CAVIUM_OCTEON - default y if RISCV && 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO + default y if RISCV && 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \ + RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS default y if S390 default y if SPARC64 default y if X86_64 config CRYPTO_LIB_SHA3 base-commit: 43dfc13ca972988e620a6edb72956981b75ab6b0 -- 2.52.0

2 days, 5 hours

1
0
0 0

+ mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "David Hildenbrand (Red Hat)" <david(a)kernel.org> Subject: mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather Date: Fri, 5 Dec 2025 22:35:58 +0100 As reported, ever since commit 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") we can end up in some situations where we perform so many IPI broadcasts when unsharing hugetlb PMD page tables that it severely regresses some workloads. In particular, when we fork()+exit(), or when we munmap() a large area backed by many shared PMD tables, we perform one IPI broadcast per unshared PMD table. There are two optimizations to be had: (1) When we process (unshare) multiple such PMD tables, such as during exit(), it is sufficient to send a single IPI broadcast (as long as we respect locking rules) instead of one per PMD table. Locking prevents that any of these PMD tables could get reuse before we drop the lock. (2) When we are not the last sharer (> 2 users including us), there is no need to send the IPI broadcast. The shared PMD tables cannot become exclusive (fully unshared) before an IPI will be broadcasted by the last sharer. Concurrent GUP-fast could walk into a PMD table just before we unshared it. It could then succeed in grabbing a page from the shared page table even after munmap() etc succeeded (and supressed an IPI). But there is not difference compared to GUP-fast just sleeping for a while after grabbing the page and re-enabling IRQs. Most importantly, GUP-fast will never walk into page tables that are no-longer shared, because the last sharer will issue an IPI broadcast. (if ever required, checking whether the PUD changed in GUP-fast after grabbing the page like we do in the PTE case could handle this) So let's rework PMD sharing TLB flushing + IPI sync to use the mmu_gather infrastructure so we can implement these optimizations and demystify the code at least a bit. Extend the mmu_gather infrastructure to be able to deal with our special hugetlb PMD table sharing implementation. We'll consolidate the handling for (full) unsharing of PMD tables in tlb_unshare_pmd_ptdesc() and tlb_flush_unshared_tables(), and track in "struct mmu_gather" whether we had (full) unsharing of PMD tables. Because locking is very special (concurrent unsharing+reuse must be prevented), we disallow deferring flushing to tlb_finish_mmu() and instead require an explicit earlier call to tlb_flush_unshared_tables(). From hugetlb code, we call huge_pmd_unshare_flush() where we make sure that the expected lock protecting us from concurrent unsharing+reuse is still held. Check with a VM_WARN_ON_ONCE() in tlb_finish_mmu() that tlb_flush_unshared_tables() was properly called earlier. Document it all properly. Notes about tlb_remove_table_sync_one() interaction with unsharing: There are two fairly tricky things: (1) tlb_remove_table_sync_one() is a NOP on architectures without CONFIG_MMU_GATHER_RCU_TABLE_FREE. Here, the assumption is that the previous TLB flush would send an IPI to all relevant CPUs. Careful: some architectures like x86 only send IPIs to all relevant CPUs when tlb->freed_tables is set. The relevant architectures should be selecting MMU_GATHER_RCU_TABLE_FREE, but x86 might not do that in stable kernels and it might have been problematic before this patch. Also, the arch flushing behavior (independent of IPIs) is different when tlb->freed_tables is set. Do we have to enlighten them to also take care of tlb->unshared_tables? So far we didn't care, so hopefully we are fine. Of course, we could be setting tlb->freed_tables as well, but that might then unnecessarily flush too much, because the semantics of tlb->freed_tables are a bit fuzzy. This patch changes nothing in this regard. (2) tlb_remove_table_sync_one() is not a NOP on architectures with CONFIG_MMU_GATHER_RCU_TABLE_FREE that actually don't need a sync. Take x86 as an example: in the common case (!pv, !X86_FEATURE_INVLPGB) we still issue IPIs during TLB flushes and don't actually need the second tlb_remove_table_sync_one(). This optimized can be implemented on top of this, by checking e.g., in tlb_remove_table_sync_one() whether we really need IPIs. But as described in (1), it really must honor tlb->freed_tables then to send IPIs to all relevant CPUs. Further note that the ptdesc_pmd_pts_dec() in huge_pmd_share() is not a concern, as we are holding the i_mmap_lock the whole time, preventing concurrent unsharing. That ptdesc_pmd_pts_dec() usage will be removed separately as a cleanup later. There are plenty more cleanups to be had, but they have to wait until this is fixed. Link: https://lkml.kernel.org/r/20251205213558.2980480-5-david@kernel.org Fixes: 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org> Reported-by: Uschakow, Stanislav" <suschako(a)amazon.de> Closes: https://lore.kernel.org/all/4d3878531c76479d9f8ca9789dc6485d@amazon.de/ Tested-by: Laurence Oberman <loberman(a)redhat.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Liu Shixin <liushixin2(a)huawei.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Nadav Amit <nadav.amit(a)gmail.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Prakash Sangappa <prakash.sangappa(a)oracle.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Will Deacon <will(a)kernel.org> Cc: Lance Yang <lance.yang(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/asm-generic/tlb.h | 69 ++++++++++++++++++++ include/linux/hugetlb.h | 19 +++-- mm/hugetlb.c | 121 ++++++++++++++++++++---------------- mm/mmu_gather.c | 6 + mm/mprotect.c | 2 mm/rmap.c | 25 +++++-- 6 files changed, 173 insertions(+), 69 deletions(-) --- a/include/asm-generic/tlb.h~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather +++ a/include/asm-generic/tlb.h @@ -364,6 +364,17 @@ struct mmu_gather { unsigned int vma_huge : 1; unsigned int vma_pfn : 1; + /* + * Did we unshare (unmap) any shared page tables? + */ + unsigned int unshared_tables : 1; + + /* + * Did we unshare any page tables such that they are now exclusive + * and could get reused+modified by the new owner? + */ + unsigned int fully_unshared_tables : 1; + unsigned int batch_count; #ifndef CONFIG_MMU_GATHER_NO_GATHER @@ -400,6 +411,7 @@ static inline void __tlb_reset_range(str tlb->cleared_pmds = 0; tlb->cleared_puds = 0; tlb->cleared_p4ds = 0; + tlb->unshared_tables = 0; /* * Do not reset mmu_gather::vma_* fields here, we do not * call into tlb_start_vma() again to set them if there is an @@ -484,7 +496,7 @@ static inline void tlb_flush_mmu_tlbonly * these bits. */ if (!(tlb->freed_tables || tlb->cleared_ptes || tlb->cleared_pmds || - tlb->cleared_puds || tlb->cleared_p4ds)) + tlb->cleared_puds || tlb->cleared_p4ds || tlb->unshared_tables)) return; tlb_flush(tlb); @@ -773,6 +785,61 @@ static inline bool huge_pmd_needs_flush( } #endif +#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING +static inline void tlb_unshare_pmd_ptdesc(struct mmu_gather *tlb, struct ptdesc *pt, + unsigned long addr) +{ + /* + * The caller must make sure that concurrent unsharing + exclusive + * reuse is impossible until tlb_flush_unshared_tables() was called. + */ + VM_WARN_ON_ONCE(!ptdesc_pmd_is_shared(pt)); + ptdesc_pmd_pts_dec(pt); + + /* Clearing a PUD pointing at a PMD table with PMD leaves. */ + tlb_flush_pmd_range(tlb, addr & PUD_MASK, PUD_SIZE); + + /* + * If the page table is now exclusively owned, we fully unshared + * a page table. + */ + if (!ptdesc_pmd_is_shared(pt)) + tlb->fully_unshared_tables = true; + tlb->unshared_tables = true; +} + +static inline void tlb_flush_unshared_tables(struct mmu_gather *tlb) +{ + /* + * As soon as the caller drops locks to allow for reuse of + * previously-shared tables, these tables could get modified and + * even reused outside of hugetlb context. So flush the TLB now. + * + * Note that we cannot defer the flush to a later point even if we are + * not the last sharer of the page table. + */ + if (tlb->unshared_tables) + tlb_flush_mmu_tlbonly(tlb); + + /* + * Similarly, we must make sure that concurrent GUP-fast will not + * walk previously-shared page tables that are getting modified+reused + * elsewhere. So broadcast an IPI to wait for any concurrent GUP-fast. + * + * We only perform this when we are the last sharer of a page table, + * as the IPI will reach all CPUs: any GUP-fast. + * + * Note that on configs where tlb_remove_table_sync_one() is a NOP, + * the expectation is that the tlb_flush_mmu_tlbonly() would have issued + * required IPIs already for us. + */ + if (tlb->fully_unshared_tables) { + tlb_remove_table_sync_one(); + tlb->fully_unshared_tables = false; + } +} +#endif /* CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ + #endif /* CONFIG_MMU */ #endif /* _ASM_GENERIC__TLB_H */ --- a/include/linux/hugetlb.h~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather +++ a/include/linux/hugetlb.h @@ -240,8 +240,9 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); unsigned long hugetlb_mask_last_page(struct hstate *h); -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep); +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep); +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma); void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end); @@ -271,7 +272,7 @@ void hugetlb_vma_unlock_write(struct vm_ int hugetlb_vma_trylock_write(struct vm_area_struct *vma); void hugetlb_vma_assert_locked(struct vm_area_struct *vma); void hugetlb_vma_lock_release(struct kref *kref); -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags); void hugetlb_unshare_all_pmds(struct vm_area_struct *vma); @@ -300,13 +301,17 @@ static inline struct address_space *huge return NULL; } -static inline int huge_pmd_unshare(struct mm_struct *mm, - struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +static inline int huge_pmd_unshare(struct mmu_gather *tlb, + struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { return 0; } +static inline void huge_pmd_unshare_flush(struct mmu_gather *tlb, + struct vm_area_struct *vma) +{ +} + static inline void adjust_range_if_pmd_sharing_possible( struct vm_area_struct *vma, unsigned long *start, unsigned long *end) @@ -432,7 +437,7 @@ static inline void move_hugetlb_state(st { } -static inline long hugetlb_change_protection( +static inline long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) --- a/mm/hugetlb.c~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather +++ a/mm/hugetlb.c @@ -5096,8 +5096,9 @@ int move_hugetlb_page_tables(struct vm_a unsigned long last_addr_mask; pte_t *src_pte, *dst_pte; struct mmu_notifier_range range; - bool shared_pmd = false; + struct mmu_gather tlb; + tlb_gather_mmu(&tlb, vma->vm_mm); mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, old_addr, old_end); adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); @@ -5122,12 +5123,12 @@ int move_hugetlb_page_tables(struct vm_a if (huge_pte_none(huge_ptep_get(mm, old_addr, src_pte))) continue; - if (huge_pmd_unshare(mm, vma, old_addr, src_pte)) { - shared_pmd = true; + if (huge_pmd_unshare(&tlb, vma, old_addr, src_pte)) { old_addr |= last_addr_mask; new_addr |= last_addr_mask; continue; } + tlb_remove_huge_tlb_entry(h, &tlb, src_pte, old_addr); dst_pte = huge_pte_alloc(mm, new_vma, new_addr, sz); if (!dst_pte) @@ -5136,13 +5137,13 @@ int move_hugetlb_page_tables(struct vm_a move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte, sz); } - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, old_end - len, old_end); + tlb_flush_mmu_tlbonly(&tlb); + huge_pmd_unshare_flush(&tlb, vma); + mmu_notifier_invalidate_range_end(&range); i_mmap_unlock_write(mapping); hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); return len + old_addr - old_end; } @@ -5161,7 +5162,6 @@ void __unmap_hugepage_range(struct mmu_g unsigned long sz = huge_page_size(h); bool adjust_reservation; unsigned long last_addr_mask; - bool force_flush = false; WARN_ON(!is_vm_hugetlb_page(vma)); BUG_ON(start & ~huge_page_mask(h)); @@ -5184,10 +5184,8 @@ void __unmap_hugepage_range(struct mmu_g } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { spin_unlock(ptl); - tlb_flush_pmd_range(tlb, address & PUD_MASK, PUD_SIZE); - force_flush = true; address |= last_addr_mask; continue; } @@ -5303,14 +5301,7 @@ void __unmap_hugepage_range(struct mmu_g } tlb_end_vma(tlb, vma); - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (force_flush) - tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); } void __hugetlb_zap_begin(struct vm_area_struct *vma, @@ -6399,7 +6390,7 @@ out_release_nounlock: } #endif /* CONFIG_USERFAULTFD */ -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) { @@ -6409,7 +6400,6 @@ long hugetlb_change_protection(struct vm pte_t pte; struct hstate *h = hstate_vma(vma); long pages = 0, psize = huge_page_size(h); - bool shared_pmd = false; struct mmu_notifier_range range; unsigned long last_addr_mask; bool uffd_wp = cp_flags & MM_CP_UFFD_WP; @@ -6452,7 +6442,7 @@ long hugetlb_change_protection(struct vm } } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { /* * When uffd-wp is enabled on the vma, unshare * shouldn't happen at all. Warn about it if it @@ -6461,7 +6451,6 @@ long hugetlb_change_protection(struct vm WARN_ON_ONCE(uffd_wp || uffd_wp_resolve); pages++; spin_unlock(ptl); - shared_pmd = true; address |= last_addr_mask; continue; } @@ -6522,22 +6511,16 @@ long hugetlb_change_protection(struct vm pte = huge_pte_clear_uffd_wp(pte); huge_ptep_modify_prot_commit(vma, address, ptep, old_pte, pte); pages++; + tlb_remove_huge_tlb_entry(h, tlb, ptep, address); } next: spin_unlock(ptl); cond_resched(); } - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, start, end); + + tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); /* * No need to call mmu_notifier_arch_invalidate_secondary_tlbs() we are * downgrading page table protection not changing it to point to a new @@ -6904,18 +6887,27 @@ out: return pte; } -/* - * unmap huge page backed by shared pte. +/** + * huge_pmd_unshare - Unmap a pmd table if it is shared by multiple users + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * @addr: the address we are trying to unshare. + * @ptep: pointer into the (pmd) page table. + * + * Called with the page table lock held, the i_mmap_rwsem held in write mode + * and the hugetlb vma lock held in write mode. * - * Called with page table lock held. + * Note: The caller must call huge_pmd_unshare_flush() before dropping the + * i_mmap_rwsem. * - * returns: 1 successfully unmapped a shared pte page - * 0 the underlying pte page is not shared, or it is the last user + * Returns: 1 if it was a shared PMD table and it got unmapped, or 0 if it + * was not a shared PMD table. */ -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { unsigned long sz = huge_page_size(hstate_vma(vma)); + struct mm_struct *mm = vma->vm_mm; pgd_t *pgd = pgd_offset(mm, addr); p4d_t *p4d = p4d_offset(pgd, addr); pud_t *pud = pud_offset(p4d, addr); @@ -6927,18 +6919,36 @@ int huge_pmd_unshare(struct mm_struct *m i_mmap_assert_write_locked(vma->vm_file->f_mapping); hugetlb_vma_assert_locked(vma); pud_clear(pud); - /* - * Once our caller drops the rmap lock, some other process might be - * using this page table as a normal, non-hugetlb page table. - * Wait for pending gup_fast() in other threads to finish before letting - * that happen. - */ - tlb_remove_table_sync_one(); - ptdesc_pmd_pts_dec(virt_to_ptdesc(ptep)); + + tlb_unshare_pmd_ptdesc(tlb, virt_to_ptdesc(ptep), addr); + mm_dec_nr_pmds(mm); return 1; } +/* + * huge_pmd_unshare_flush - Complete a sequence of huge_pmd_unshare() calls + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * + * Perform necessary TLB flushes or IPI broadcasts to synchronize PMD table + * unsharing with concurrent page table walkers (TLB, GUP-fast, etc.). + * + * This function must be called after a sequence of huge_pmd_unshare() + * calls while still holding the i_mmap_rwsem. + */ +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ + /* + * We must synchronize page table unsharing such that nobody will + * try reusing a previously-shared page table while it might still + * be in use by previous sharers (TLB, GUP_fast). + */ + i_mmap_assert_write_locked(vma->vm_file->f_mapping); + + tlb_flush_unshared_tables(tlb); +} + #else /* !CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, @@ -6947,12 +6957,16 @@ pte_t *huge_pmd_share(struct mm_struct * return NULL; } -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { return 0; } +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ +} + void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end) { @@ -7219,6 +7233,7 @@ static void hugetlb_unshare_pmds(struct unsigned long sz = huge_page_size(h); struct mm_struct *mm = vma->vm_mm; struct mmu_notifier_range range; + struct mmu_gather tlb; unsigned long address; spinlock_t *ptl; pte_t *ptep; @@ -7229,6 +7244,7 @@ static void hugetlb_unshare_pmds(struct if (start >= end) return; + tlb_gather_mmu(&tlb, mm); flush_cache_range(vma, start, end); /* * No need to call adjust_range_if_pmd_sharing_possible(), because @@ -7248,10 +7264,10 @@ static void hugetlb_unshare_pmds(struct if (!ptep) continue; ptl = huge_pte_lock(h, mm, ptep); - huge_pmd_unshare(mm, vma, address, ptep); + huge_pmd_unshare(&tlb, vma, address, ptep); spin_unlock(ptl); } - flush_hugetlb_tlb_range(vma, start, end); + huge_pmd_unshare_flush(&tlb, vma); if (take_locks) { i_mmap_unlock_write(vma->vm_file->f_mapping); hugetlb_vma_unlock_write(vma); @@ -7261,6 +7277,7 @@ static void hugetlb_unshare_pmds(struct * Documentation/mm/mmu_notifier.rst. */ mmu_notifier_invalidate_range_end(&range); + tlb_finish_mmu(&tlb); } /* --- a/mm/mmu_gather.c~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather +++ a/mm/mmu_gather.c @@ -469,6 +469,12 @@ void tlb_gather_mmu_fullmm(struct mmu_ga void tlb_finish_mmu(struct mmu_gather *tlb) { /* + * We expect an earlier huge_pmd_unshare_flush() call to sort this out, + * due to complicated locking requirements with page table unsharing. + */ + VM_WARN_ON_ONCE(tlb->fully_unshared_tables); + + /* * If there are parallel threads are doing PTE changes on same range * under non-exclusive lock (e.g., mmap_lock read-side) but defer TLB * flush by batching, one thread may end up seeing inconsistent PTEs --- a/mm/mprotect.c~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather +++ a/mm/mprotect.c @@ -652,7 +652,7 @@ long change_protection(struct mmu_gather #endif if (is_vm_hugetlb_page(vma)) - pages = hugetlb_change_protection(vma, start, end, newprot, + pages = hugetlb_change_protection(tlb, vma, start, end, newprot, cp_flags); else pages = change_protection_range(tlb, vma, start, end, newprot, --- a/mm/rmap.c~mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather +++ a/mm/rmap.c @@ -76,7 +76,7 @@ #include <linux/mm_inline.h> #include <linux/oom.h> -#include <asm/tlbflush.h> +#include <asm/tlb.h> #define CREATE_TRACE_POINTS #include <trace/events/migrate.h> @@ -2008,13 +2008,17 @@ static bool try_to_unmap_one(struct foli * if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) goto walk_abort; - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { + + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2022,6 +2026,7 @@ static bool try_to_unmap_one(struct foli goto walk_done; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); if (pte_dirty(pteval)) @@ -2398,17 +2403,20 @@ static bool try_to_migrate_one(struct fo * fail if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) { page_vma_mapped_walk_done(&pvmw); ret = false; break; } - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { - hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { + hugetlb_vma_unlock_write(vma); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2417,6 +2425,7 @@ static bool try_to_migrate_one(struct fo break; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } /* Nuke the hugetlb page table entry */ pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); _ Patches currently in -mm which might be from david(a)kernel.org are mm-hugetlb-fix-hugetlb_pmd_shared.patch mm-hugetlb-fix-two-comments-related-to-huge_pmd_unshare.patch mm-rmap-fix-two-comments-related-to-huge_pmd_unshare.patch mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch

2 days, 6 hours

1
0
0 0

+ mm-hugetlb-fix-hugetlb_pmd_shared.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix hugetlb_pmd_shared() has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-fix-hugetlb_pmd_shared.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "David Hildenbrand (Red Hat)" <david(a)kernel.org> Subject: mm/hugetlb: fix hugetlb_pmd_shared() Date: Fri, 5 Dec 2025 22:35:55 +0100 Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)". One functional fix, one performance regression fix, and two related comment fixes. I cleaned up my prototype I recently shared [1] for the performance fix, deferring most of the cleanups I had in the prototype to a later point. While doing that I identified the other things. The goal of this patch set is to be backported to stable trees "fairly" easily. At least patch #1 and #4. Patch #1 fixes hugetlb_pmd_shared() not detecting any sharing Patch #2 + #3 are simple comment fixes that patch #4 interacts with. Patch #4 is a fix for the reported performance regression due to excessive IPI broadcasts during fork()+exit(). The last patch is all about TLB flushes, IPIs and mmu_gather. Read: complicated I added as much comments + description that I possibly could, and I am hoping for review from Jann. There are plenty of cleanups in the future to be had + one reasonable optimization on x86. But that's all out of scope for this series. This patch (of 4): We switched from (wrongly) using the page count to an independent shared count. Now, shared page tables have a refcount of 1 (excluding speculative references) and instead use ptdesc->pt_share_count to identify sharing. We didn't convert hugetlb_pmd_shared(), so right now, we would never detect a shared PMD table as such, because sharing/unsharing no longer touches the refcount of a PMD table. Page migration, like mbind() or migrate_pages() would allow for migrating folios mapped into such shared PMD tables, even though the folios are not exclusive. In smaps we would account them as "private" although they are "shared", and we would be wrongly setting the PM_MMAP_EXCLUSIVE in the pagemap interface. Fix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared(). Link: https://lkml.kernel.org/r/20251205213558.2980480-1-david@kernel.org Link: https://lkml.kernel.org/r/20251205213558.2980480-2-david@kernel.org Link: https://lore.kernel.org/all/8cab934d-4a56-44aa-b641-bfd7e23bd673@kernel.org/ [1] Fixes: 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count") Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org> Tested-by: Laurence Oberman <loberman(a)redhat.com> Reviewed-by: Rik van Riel <riel(a)surriel.com> Reviewed-by: Lance Yang <lance.yang(a)linux.dev> Cc: Liu Shixin <liushixin2(a)huawei.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Nadav Amit <nadav.amit(a)gmail.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Prakash Sangappa <prakash.sangappa(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Will Deacon <will(a)kernel.org> Cc: Uschakow, Stanislav" <suschako(a)amazon.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/hugetlb.h~mm-hugetlb-fix-hugetlb_pmd_shared +++ a/include/linux/hugetlb.h @@ -1326,7 +1326,7 @@ static inline __init void hugetlb_cma_re #ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING static inline bool hugetlb_pmd_shared(pte_t *pte) { - return page_count(virt_to_page(pte)) > 1; + return ptdesc_pmd_is_shared(virt_to_ptdesc(pte)); } #else static inline bool hugetlb_pmd_shared(pte_t *pte) _ Patches currently in -mm which might be from david(a)kernel.org are mm-hugetlb-fix-hugetlb_pmd_shared.patch mm-hugetlb-fix-two-comments-related-to-huge_pmd_unshare.patch mm-rmap-fix-two-comments-related-to-huge_pmd_unshare.patch mm-hugetlb-fix-excessive-ipi-broadcasts-when-unsharing-pmd-tables-using-mmu_gather.patch

2 days, 6 hours

1
0
0 0

[PATCH 6.1 000/568] 6.1.159-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.159 release. There are 568 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.159-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.159-rc1 Alan Stern <stern(a)rowland.harvard.edu> HID: core: Harden s32ton() against conversion to 0 bits Sudeep Holla <sudeep.holla(a)arm.com> i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we Jimmy Hu <hhhuuu(a)google.com> usb: gadget: udc: fix use-after-free in usb_gadget_state_work Kuen-Han Tsai <khtsai(a)google.com> usb: udc: Add trace event for usb_gadget_set_state Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in session logoff Philipp Hortmann <philipp.g.hortmann(a)gmail.com> staging: rtl8712: Remove driver using deprecated API wext Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer transfer luoguangfei <15388634752(a)163.com> net: macb: fix unregister_netdev call order in macb_remove() ChiYuan Huang <cy_huang(a)richtek.com> iio: adc: rtq6056: Correct the sign bit index Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: renesas_usbhs: Convert to platform remove callback returning void NeilBrown <neil(a)brown.name> nfsd: Replace clamp_t in nfsd4_get_drc_mem() ziming zhang <ezrakiez(a)gmail.com> libceph: replace BUG_ON with bounds check for map->max_osd ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: common: Fix checks on irq_find_mapping() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Ivan Zhaldak <i.v.zhaldak(a)gmail.com> ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification David Lechner <dlechner(a)baylibre.com> iio: adc: ad7280a: fix ad7280_store_balance_timer() Valek Andrej <andrej.v(a)skyrain.eu> iio: accel: fix ADXL355 startup race condition Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Jamie Iles <jamie.iles(a)oss.qualcomm.com> mailbox: pcc: don't zero error register Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Refactor error handling in irq handler into separate function Adam Young <admiyo(a)os.amperecomputing.com> mailbox: pcc: Check before sending MCTP PCC response ACK Sudeep Holla <sudeep.holla(a)arm.com> ACPI: PCC: Add PCC shared memory region command and status bitfields Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Support shared interrupt for multiple subspaces Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Add support for platform notification handling Elliot Berman <quic_eberman(a)quicinc.com> mailbox: pcc: Use mbox_bind_client Elliot Berman <quic_eberman(a)quicinc.com> mailbox: Allow direct registration to a channel Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: sja1105: simplify static configuration reload Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix the initialization of taprio Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Kiryl Shutsemau <kas(a)kernel.org> mm/memory: do not populate page table entries beyond i_size Pankaj Raghav <p.raghav(a)samsung.com> filemap: cap PTE range to be created to allowed zero fill in folio_map_range() Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure André Draszik <andre.draszik(a)linaro.org> pmdomain: samsung: plug potential memleak during probe Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix fallback note due to OoO Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: rm: set backup flag Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Fabio M. De Francesco <fabio.maria.de.francesco(a)linux.intel.com> mm/mempool: replace kmap_atomic() with kmap_local_page() Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Martin Kaiser <martin(a)kaiser.cx> maple_tree: fix tracepoint string pointers Kiryl Shutsemau <kas(a)kernel.org> mm/truncate: unmap large folio on split failure Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Lance Yang <lance.yang(a)linux.dev> mm/secretmem: fix use-after-free race in fault handler Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Alejandro Colomar <alx(a)kernel.org> kernel.h: Move ARRAY_SIZE() to a separate header Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Mikko Perttunen <mperttunen(a)nvidia.com> gpu: host1x: Select context device based on attached IOMMU Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Oleksij Rempel <linux(a)rempel-privat.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Armen Ratner <armeng(a)nvidia.com> net/mlx5e: Preserve shared buffer capacity during headroom updates Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Do not update SBCM when prio2buffer command is invalid Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: handle errno on tcf_idr_check_alloc Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Fix memory leak in error flow of port set buffer Arnd Bergmann <arnd(a)arndb.de> asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv and loongarch" Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Michal Hocko <mhocko(a)suse.com> mm, percpu: do not consider sleepable allocations atomic Nam Cao <namcao(a)linutronix.de> eventpoll: Replace rwlock with spinlock Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Don't overflow during division for dirty tracking Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: core: Add a quirk to suppress link_startup_again Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: fix received length check in big packets Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: trunc: read all recv data Filipe Manana <fdmanana(a)suse.com> btrfs: do not update last_log_commit when logging inode due to a new name Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Shawn Lin <shawn.lin(a)rock-chips.com> mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reject address change while connecting Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Qinxin Xia <xiaqinxin(a)huawei.com> dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Joshua Rogers <linux(a)joshua.hu> ksmbd: close accepted socket when per-IP limit rejects connection Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Tiezhu Yang <yangtiezhu(a)loongson.cn> asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Sabrina Dubroca <sd(a)queasysnail.net> espintcp: fix skb leaks Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Sumanth Gavini <sumanth.gavini(a)yahoo.com> softirq: Add trace points for tasklet entry/exit Eric Dumazet <edumazet(a)google.com> bpf: Add bpf_prog_run_data_pointers() Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: codecs: va-macro: fix resource leak in probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Perform fast check switch only for online CPUs Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Check _CPC validity for only the online CPUs Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix potentially misleading debug message Gal Pressman <gal(a)nvidia.com> net/mlx5e: Remove mlx5e_dbg() and msglvl support Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Consider internal buffers size in port buffer calculations Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Update shared buffer along with device buffer changes Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Add API to query/modify SBPR and SBCM registers Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Expose shared buffer registers bits and structs Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Eric Dumazet <edumazet(a)google.com> net_sched: act_connmark: use RCU in tcf_connmark_dump() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: transition to percpu stats and rcu Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Initialise scc_index in unix_add_edge(). Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Pauli Virtanen <pav(a)iki.fi> Bluetooth: MGMT: cancel mesh send timer when hdev removed Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Alexander Sverdlin <alexander.sverdlin(a)siemens.com> selftests: net: local_termination: Wait for interfaces to come up Nicolas Escande <nico.escande(a)gmail.com> wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Abinaya Kalaiselvan <quic_akalaise(a)quicinc.com> wifi: ath11k: Add tx ack signal support for management packets Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down ZhangGuoDong <zhangguodong(a)kylinos.cn> smb/server: fix possible refcount leak in smb2_sess_setup() ZhangGuoDong <zhangguodong(a)kylinos.cn> smb/server: fix possible memory leak in smb2_read() Scott Mayhew <smayhew(a)redhat.com> NFS: check if suid/sgid was cleared after a write as needed Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Jesse.Zhang <Jesse.Zhang(a)amd.com> drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable MCLK switching on SI at high pixel clocks Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix suspend failure with secure display TA Shuhao Fu <sfual(a)cse.ust.hk> smb: client: fix refcount leak in smb2_set_path_attr Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915: Fix conversion between clock ticks and nanoseconds Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: set test timeout to 10 minutes Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix function header names in amdgpu_connectors.c Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Joshua Rogers <linux(a)joshua.hu> smb: client: validate change notify buffer before copy Yuta Hayama <hayama(a)lineo.co.jp> rtc: rx8025: fix incorrect register reference Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: fix MST static key usage Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: fix use-after-free due to MST port state bypass Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix reserved multicast address table programming Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix skb size check for 64K pages Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix a possible memory leak in bnxt_ptp_init Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Wang Liang <wangliang74(a)huawei.com> selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh David Wei <dw(a)davidwei.uk> netdevsim: add Makefile for selftests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: use destination options instead of hop-by-hop Richard Gobert <richardbgobert(a)gmail.com> selftests/net: fix GRO coalesce test and add ext header coalesce tests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: fix out-of-order delivery of FIN in gro:tcp test Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: hci_event: validate skb length for unknown CC opcode Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Geert Uytterhoeven <geert(a)linux-m68k.org> kbuild: uapi: Strip comments before size type check Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sascha Hauer <s.hauer(a)pengutronix.de> tools: lib: thermal: use pkg-config to locate libnl3 Emil Dahl Juhl <juhl.emildahl(a)gmail.com> tools: lib: thermal: don't preserve owner in install Ian Rogers <irogers(a)google.com> tools bitmap: Add missing asm-generic/bitsperlong.h include Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Hoyoung Seo <hy50.seo(a)samsung.com> scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Initialize all cores to max frequencies Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Jerome Brunet <jbrunet(a)baylibre.com> NTB: epf: Allow arbitrary BAR mapping Matthias Schiffer <matthias.schiffer(a)tq-group.com> clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Nicolas Ferre <nicolas.ferre(a)microchip.com> clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register Ryan Wanner <Ryan.Wanner(a)microchip.com> clk: at91: clk-master: Add check for divide by 3 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Josua Mayer <josua(a)solid-run.com> rtc: pcf2127: clear minute/second interrupt Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: sun6i-rtc: Add A523 specifics Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong WQE data when QP wraps around wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix the modification of max_send_sge Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Set irdma_cq cq_num field during CQ create Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Remove unused struct irdma_cq fields Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Fix SD index calculation Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Fiona Ebner <f.ebner(a)proxmox.com> smb: client: transport: avoid reconnects triggered by pending task work Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use sock_create_kern interface to create kernel socket Vladimir Riabchun <ferr.lambarginio(a)gmail.com> ftrace: Fix softlockup in ftrace_module_enable Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Qingfang Deng <dqfext(a)gmail.com> 6pack: drop redundant locking and refcounting Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Arkadiusz Bokowy <arkadiusz.bokowy(a)gmail.com> Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Don't query FEC statistics when FEC is disabled Julian Sun <sunjunchao(a)bytedance.com> ext4: increase IO priority of fastcommit chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Petr Machata <petrm(a)nvidia.com> net: bridge: Install FDB for bridge MAC on VLAN 0 Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Skip resuming to D0 if device is disconnected Alex Mastro <amastro(a)fb.com> vfio: return -ENOTTY for unsupported device feature Al Viro <viro(a)zeniv.linux.org.uk> sparc64: fix prototypes of reads[bwl]() Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Seyediman Seyedarab <ImanDevel(a)gmail.com> iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Robert Marko <robert.marko(a)sartura.hr> net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Christian König <christian.koenig(a)amd.com> drm/amdgpu: reject gang submissions under SRIOV Stefan Wahren <wahrenst(a)gmx.net> ethernet: Extend device_get_mac_address() to use NVMEM Jakub Kicinski <kuba(a)kernel.org> page_pool: always add GFP_NOWARN for ATOMIC allocations Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Avoid evicting resources at S5 Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl John Keeping <jkeeping(a)inmusicbrands.com> ALSA: serial-generic: remove shared static buffer Quan Zhou <quan.zhou(a)mediatek.com> wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Sangwook Shin <sw617.shin(a)samsung.com> watchdog: s3c2410_wdt: Fix max_timeout being calculated larger Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't reply to icmp error messages Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Jakub Kicinski <kuba(a)kernel.org> selftests: net: replace sleeps in fcnal-test with waits Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Michael Riesch <michael.riesch(a)collabora.com> phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix HE capabilities element check Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ntfs3: pretend $Extend records as regular files Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Enhance recovery on resume failure Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer Antonino Maniscalco <antomani103(a)gmail.com> drm/msm: make sure to not queue up recovery more than once Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish gpu_info Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't enable SMU on cyan skillfish Alex Deucher <alexander.deucher(a)amd.com> drm/amd: add more cyan skillfish PCI ids Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Colin Foster <colin.foster(a)in-advantage.com> smsc911x: add second read of EEPROM mac when possible corruption seen Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Paul Kocialkowski <paulk(a)sys-base.io> media: verisilicon: Explicitly disable selection api ioctls for decoders Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Only validate format in querystd Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Do not write format to device in set_fmt Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Add missing lock in suspend callback Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled David Francis <David.Francis(a)amd.com> drm/amdgpu: Allow kfd CRIU with no buffer objects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy_7nm: Fix missing initial VCO rate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Miroslav Lichvar <mlichvar(a)redhat.com> ptp: Limit time setting of PTP clocks Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: rename stp node on EASY50712 reference board Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add model to EASY50712 dts Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix vram allocation failure for a special case Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: fixed_phy: let fixed_phy_unregister free the phy_device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Fix controller init failure on fault during queue creation Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: host: mediatek: Fix invalid access in vccqx handling Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Change reset sequence for improved stability Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Use pci_uevent_ers() in PCI recovery Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Lukas Wunner <lukas(a)wunner.de> thunderbolt: Use is_pciehp instead of is_hotplug_bridge Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> ice: Don't use %pK through printk or tracepoints Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Mehdi Djait <mehdi.djait(a)linux.intel.com> media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Set crtc modesetting parameters with adjusted mode Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: amphion: Delete v4l2_fh synchronously in .release() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on aldebaran Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: add more cyan skillfish devices Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Ben Copeland <ben.copeland(a)linaro.org> hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Alistair Francis <alistair.francis(a)wdc.com> nvme: Use non zero KATO for persistent discovery connections Amery Hung <ameryhung(a)gmail.com> bpf: Clear pfmemalloc flag when freeing all fragments Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Biju Das <biju.das.jz(a)bp.renesas.com> spi: rpc-if: Add resume support for RZ/G3E Pranav Tyagi <pranav.tyagi03(a)gmail.com> futex: Don't leak robust_list pointer on exec race Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Tom Stellard <tstellar(a)redhat.com> bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: fix error return value in cpupower_write_sysfs() Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Daniel Wagner <wagi(a)kernel.org> nvmet-fc: avoid scheduling association deletion twice Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Svyatoslav Ryhel <clamor95(a)gmail.com> soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups Ming Wang <wangming01(a)loongson.cn> irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller Andreas Kemnade <andreas(a)kemnade.info> hwmon: sy7636a: add alias Fabien Proriol <fabien.proriol(a)viavisolutions.com> power: supply: sbs-charger: Support multiple devices Chuande Chen <chuachen(a)cisco.com> hwmon: (sbtsi_temp) AMD CPU extended temperature range support Hans de Goede <hansg(a)kernel.org> ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] Shang song (Lenovo) <shangsong2(a)foxmail.com> ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Inochi Amaoto <inochiama(a)gmail.com> irqchip/sifive-plic: Respect mask state when setting affinity Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> soc: ti: pruss: don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Ryan Chen <ryan_chen(a)aspeedtech.com> soc: aspeed: socinfo: Add AST27xx silicon IDs Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix race in drm_sched_entity_select_rq() Thomas Zimmermann <tzimmermann(a)suse.de> drm/sysfb: Do not dereference NULL pointer in plane reset Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Darrick J. Wong <djwong(a)kernel.org> block: fix race between set_blocksize and read paths Christoph Hellwig <hch(a)lst.de> block: open code __generic_file_write_iter for blkdev writes Al Viro <viro(a)zeniv.linux.org.uk> direct_write_fallback(): on error revert the ->ki_pos update from buffered write Christoph Hellwig <hch(a)lst.de> fs: factor out a direct_write_fallback helper Christoph Hellwig <hch(a)lst.de> filemap: update ki_pos in generic_perform_write Christoph Hellwig <hch(a)lst.de> filemap: add a kiocb_invalidate_post_direct_write helper Christoph Hellwig <hch(a)lst.de> filemap: add a kiocb_invalidate_pages helper Pierre Gondois <pierre.gondois(a)arm.com> arm64: tegra: Update cache properties K Prateek Nayak <kprateek.nayak(a)amd.com> drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug Yicong Yang <yangyicong(a)hisilicon.com> cacheinfo: Fix LLC is not exported through sysfs Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Initialize variables in fetch_cache_info() Pierre Gondois <pierre.gondois(a)arm.com> arch_topology: Build cacheinfo from primary CPU Pierre Gondois <pierre.gondois(a)arm.com> ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info() Pierre Gondois <pierre.gondois(a)arm.com> ACPI: PPTT: Remove acpi_find_cache_levels() Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Check 'cache-unified' property to count cache leaves Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Return error code in init_of_cache_level() Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Use RISC-V's init_cache_level() as generic OF implementation Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Paolo Abeni <pabeni(a)redhat.com> mptcp: drop bogus optimization in __mptcp_check_push() Geliang Tang <geliang.tang(a)suse.com> mptcp: change 'first' as a parameter Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Farhan Ali <alifm(a)linux.ibm.com> s390/pci: Restore IRQ unconditionally for the zPCI device Alex Deucher <alexander.deucher(a)amd.com> Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default" Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Jijie Shao <shaojijie(a)huawei.com> net: hns3: return error code when function fails Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix another instance of dst_type handling Claudia Draghicescu <claudia.rosu(a)nxp.com> Bluetooth: ISO: Add support for periodic adv reports processing Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset Cen Zhang <zzzccc427(a)163.com> Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix powerpc's stack register definition in bpf_tracing.h Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: fix bit order for DSD format Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Unprepare a stream when XRUN occurs Ondrej Mosnacek <omosnace(a)redhat.com> bpf: Do not audit capability check in do_jit() Wonkon Kim <wkon.kim(a)samsung.com> scsi: ufs: core: Initialize value of an attribute returned by uic cmd Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Ensure XFD state on signal delivery Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Paolo Abeni <pabeni(a)redhat.com> mptcp: restore window probe Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Quanmin Yan <yanquanmin1(a)huawei.com> fbcon: Set fb_display[i]->mode to NULL when the mode is released Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove useless enable of enhanced features Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: refactor EFR lock Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: reorder code to remove prototype declarations Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove unused to_sc16is7xx_port macro Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Uday M Bhat <uday.m.bhat(a)intel.com> xhci: dbc: Allow users to modify DbC poll interval via sysfs Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: poll at different rate depending on data transfer activity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Provide sysfs option to configure dbc descriptors Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: disable add_addr retrans in endpoint_tests Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Menglong Dong <menglong8.dong(a)gmail.com> arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: refine extent allocator hint selection Avadhut Naik <avadhut.naik(a)amd.com> EDAC/mc_sysfs: Increase legacy channel support to 16 David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Have get_perf_callchain() return NULL if crosstask and user are set Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 62 + .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +- .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- MAINTAINERS | 7 +- Makefile | 4 +- arch/alpha/kernel/asm-offsets.c | 1 + arch/arc/include/asm/bitops.h | 2 + arch/arc/kernel/asm-offsets.c | 1 + arch/arm/crypto/Kconfig | 2 +- arch/arm/kernel/asm-offsets.c | 2 + arch/arm/mach-at91/pm_suspend.S | 8 +- arch/arm64/boot/dts/nvidia/tegra194.dtsi | 15 + arch/arm64/boot/dts/nvidia/tegra210.dtsi | 1 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 33 + arch/arm64/kernel/asm-offsets.c | 1 + arch/arm64/kernel/cacheinfo.c | 11 +- arch/csky/kernel/asm-offsets.c | 1 + arch/hexagon/kernel/asm-offsets.c | 1 + arch/loongarch/include/asm/pgtable.h | 11 +- arch/loongarch/include/uapi/asm/bitsperlong.h | 9 - arch/loongarch/kernel/asm-offsets.c | 2 + arch/loongarch/kernel/traps.c | 4 +- arch/loongarch/pci/pci.c | 8 +- arch/m68k/kernel/asm-offsets.c | 1 + arch/microblaze/kernel/asm-offsets.c | 1 + arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/boot/dts/lantiq/danube_easy50712.dts | 4 +- arch/mips/kernel/asm-offsets.c | 2 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/mm/tlb-r4k.c | 118 +- arch/mips/mti-malta/malta-init.c | 20 +- arch/nios2/kernel/asm-offsets.c | 1 + arch/openrisc/kernel/asm-offsets.c | 1 + arch/parisc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/asm-offsets.c | 1 + arch/riscv/kernel/cacheinfo.c | 42 - arch/riscv/kernel/cpu-hotplug.c | 1 + arch/s390/include/asm/pci.h | 1 - arch/s390/kernel/asm-offsets.c | 1 + arch/s390/pci/pci_event.c | 7 +- arch/s390/pci/pci_irq.c | 9 +- arch/sh/kernel/asm-offsets.c | 1 + arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/include/asm/io_64.h | 6 +- arch/sparc/kernel/asm-offsets.c | 1 + arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/um/kernel/asm-offsets.c | 2 + arch/x86/entry/vsyscall/vsyscall_64.c | 17 +- arch/x86/events/core.c | 10 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/fpu/core.c | 3 + arch/x86/kernel/kvm.c | 20 +- arch/x86/kvm/svm/svm.c | 10 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/xtensa/kernel/asm-offsets.c | 1 + block/bdev.c | 17 + block/blk-zoned.c | 5 +- block/fops.c | 61 +- block/ioctl.c | 6 + drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/cppc_acpi.c | 6 +- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/pptt.c | 93 +- drivers/acpi/prmt.c | 19 +- drivers/acpi/property.c | 24 +- drivers/acpi/scan.c | 2 + drivers/ata/libata-scsi.c | 12 +- drivers/atm/fore200e.c | 2 + drivers/base/arch_topology.c | 12 +- drivers/base/cacheinfo.c | 168 +- drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bcma/main.c | 6 + drivers/bluetooth/btmtksdio.c | 12 + drivers/bluetooth/btusb.c | 30 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clk/at91/clk-master.c | 3 + drivers/clk/at91/clk-sam9x60-pll.c | 75 +- drivers/clk/sunxi-ng/ccu-sun6i-rtc.c | 11 + drivers/clk/ti/clk-33xx.c | 2 + drivers/clocksource/timer-vf-pit.c | 22 +- drivers/cpufreq/longhaul.c | 3 + drivers/cpufreq/tegra186-cpufreq.c | 27 +- drivers/cpuidle/cpuidle.c | 8 +- drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +- drivers/dma/sh/shdmac.c | 17 +- drivers/edac/altera_edac.c | 22 +- drivers/edac/edac_mc_sysfs.c | 24 + drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 66 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 19 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/amd/display/include/dal_asic_id.h | 5 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 + .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/drm_gem_atomic_helper.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 +- drivers/gpu/drm/i915/i915_vma.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 + drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 3 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/tidss/tidss_crtc.c | 7 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/gpu/host1x/context.c | 4 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-core.c | 7 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 14 +- drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/hwmon/dell-smm-hwmon.c | 7 + drivers/hwmon/sbtsi_temp.c | 46 +- drivers/hwmon/sy7636a-hwmon.c | 1 + drivers/i2c/busses/i2c-xgene-slimpro.c | 16 +- drivers/iio/accel/adxl355_core.c | 44 +- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/ad7280a.c | 2 +- drivers/iio/adc/rtq6056.c | 2 +- drivers/iio/adc/spear_adc.c | 9 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 2 - drivers/infiniband/hw/irdma/pble.c | 2 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/hw/irdma/verbs.h | 8 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 + drivers/iommu/amd/init.c | 28 +- drivers/iommu/intel/debugfs.c | 10 +- drivers/iommu/intel/perf.c | 10 +- drivers/iommu/intel/perf.h | 5 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/irqchip/irq-loongson-pch-lpc.c | 9 +- drivers/irqchip/irq-sifive-plic.c | 6 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/mailbox/mailbox.c | 96 +- drivers/mailbox/pcc.c | 248 ++- drivers/md/dm-verity-fec.c | 6 +- drivers/media/i2c/Kconfig | 2 +- drivers/media/i2c/adv7180.c | 48 +- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/i2c/og01a1b.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/platform/amphion/vpu_v4l2.c | 7 +- drivers/media/platform/verisilicon/hantro_drv.c | 2 + drivers/media/platform/verisilicon/hantro_v4l2.c | 6 +- drivers/media/rc/imon.c | 61 +- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 + drivers/mmc/host/sdhci-of-dwcmshc.c | 2 +- drivers/most/most_usb.c | 14 +- drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 64 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/b53/b53_common.c | 15 +- drivers/net/dsa/b53/b53_regs.h | 3 +- drivers/net/dsa/dsa_loop.c | 9 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 +- drivers/net/dsa/microchip/ksz9477.c | 98 +- drivers/net/dsa/microchip/ksz9477_reg.h | 3 +- drivers/net/dsa/microchip/ksz_common.c | 12 +- drivers/net/dsa/microchip/ksz_common.h | 2 + drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/dsa/sja1105/sja1105_main.c | 66 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 +- drivers/net/ethernet/cadence/macb_main.c | 6 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_trace.h | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 10 - drivers/net/ethernet/mellanox/mlx5/core/en/port.c | 72 + drivers/net/ethernet/mellanox/mlx5/core/en/port.h | 6 + .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 280 ++- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 62 +- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 18 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 12 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 +- drivers/net/ethernet/microchip/sparx5/Kconfig | 2 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/ethernet/smsc/smsc911x.c | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/hamradio/6pack.c | 57 +- drivers/net/mdio/of_mdio.c | 1 - drivers/net/phy/dp83867.c | 6 + drivers/net/phy/fixed_phy.c | 1 + drivers/net/phy/marvell.c | 39 +- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/virtio_net.c | 26 +- drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 40 +- drivers/net/wireless/ath/ath11k/hw.c | 1 + drivers/net/wireless/ath/ath11k/mac.c | 5 + drivers/net/wireless/ath/ath11k/wmi.c | 30 +- drivers/net/wireless/ath/ath11k/wmi.h | 3 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 2 + drivers/ntb/hw/epf/ntb_hw_epf.c | 103 +- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 12 +- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/fc.c | 16 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/pci-driver.c | 2 +- drivers/pci/pci.c | 5 + drivers/pci/quirks.c | 3 +- drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/power/supply/sbs-charger.c | 16 +- drivers/ptp/ptp_clock.c | 13 +- drivers/regulator/fixed.c | 1 + drivers/remoteproc/qcom_q6v5.c | 5 + drivers/rtc/rtc-pcf2127.c | 4 +- drivers/rtc/rtc-rx8025.c | 2 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/libfc/fc_encode.h | 2 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_els.c | 6 +- drivers/scsi/lpfc/lpfc_init.c | 7 - drivers/scsi/lpfc/lpfc_scsi.c | 14 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 + drivers/scsi/mpt3sas/mpt3sas_transport.c | 3 + drivers/scsi/pm8001/pm8001_ctl.c | 24 +- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/scsi/sg.c | 10 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/soc/aspeed/aspeed-socinfo.c | 4 + drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/samsung/pm_domains.c | 11 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 122 + drivers/soc/ti/knav_dma.c | 14 +- drivers/soc/ti/pruss.c | 2 +- drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi-rpc-if.c | 2 + drivers/spi/spi.c | 10 + drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/rtl8712/Kconfig | 21 - drivers/staging/rtl8712/Makefile | 35 - drivers/staging/rtl8712/TODO | 13 - drivers/staging/rtl8712/basic_types.h | 28 - drivers/staging/rtl8712/drv_types.h | 175 -- drivers/staging/rtl8712/ethernet.h | 21 - drivers/staging/rtl8712/hal_init.c | 401 ---- drivers/staging/rtl8712/ieee80211.c | 415 ---- drivers/staging/rtl8712/ieee80211.h | 165 -- drivers/staging/rtl8712/mlme_linux.c | 160 -- drivers/staging/rtl8712/mlme_osdep.h | 31 - drivers/staging/rtl8712/mp_custom_oid.h | 287 --- drivers/staging/rtl8712/os_intfs.c | 465 ---- drivers/staging/rtl8712/osdep_intf.h | 32 - drivers/staging/rtl8712/osdep_service.h | 60 - drivers/staging/rtl8712/recv_linux.c | 139 -- drivers/staging/rtl8712/recv_osdep.h | 39 - drivers/staging/rtl8712/rtl8712_bitdef.h | 26 - drivers/staging/rtl8712/rtl8712_cmd.c | 409 ---- drivers/staging/rtl8712/rtl8712_cmd.h | 231 -- drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 - drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 - drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 - drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 - .../staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 - .../staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 - drivers/staging/rtl8712/rtl8712_efuse.c | 564 ----- drivers/staging/rtl8712/rtl8712_efuse.h | 43 - drivers/staging/rtl8712/rtl8712_event.h | 86 - drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 -- drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 - drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 - drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 - drivers/staging/rtl8712/rtl8712_hal.h | 142 -- drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 - drivers/staging/rtl8712/rtl8712_io.c | 99 - drivers/staging/rtl8712/rtl8712_led.c | 1830 --------------- .../staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 - .../staging/rtl8712/rtl8712_macsetting_regdef.h | 20 - drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 - drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 - drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 - drivers/staging/rtl8712/rtl8712_recv.c | 1079 --------- drivers/staging/rtl8712/rtl8712_recv.h | 145 -- drivers/staging/rtl8712/rtl8712_regdef.h | 32 - drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 - drivers/staging/rtl8712/rtl8712_spec.h | 121 - drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 -- drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 - drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 - drivers/staging/rtl8712/rtl8712_xmit.c | 745 ------- drivers/staging/rtl8712/rtl8712_xmit.h | 108 - drivers/staging/rtl8712/rtl871x_cmd.c | 796 ------- drivers/staging/rtl8712/rtl871x_cmd.h | 761 ------- drivers/staging/rtl8712/rtl871x_debug.h | 130 -- drivers/staging/rtl8712/rtl871x_eeprom.c | 220 -- drivers/staging/rtl8712/rtl871x_eeprom.h | 88 - drivers/staging/rtl8712/rtl871x_event.h | 109 - drivers/staging/rtl8712/rtl871x_ht.h | 33 - drivers/staging/rtl8712/rtl871x_io.c | 147 -- drivers/staging/rtl8712/rtl871x_io.h | 236 -- drivers/staging/rtl8712/rtl871x_ioctl.h | 94 - drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 ----- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 - drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 --- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 - drivers/staging/rtl8712/rtl871x_led.h | 118 - drivers/staging/rtl8712/rtl871x_mlme.c | 1709 -------------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 -- drivers/staging/rtl8712/rtl871x_mp.c | 724 ------ drivers/staging/rtl8712/rtl871x_mp.h | 275 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 -------- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 --- drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 --------- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 -- drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 - drivers/staging/rtl8712/rtl871x_recv.c | 669 ------ drivers/staging/rtl8712/rtl871x_recv.h | 208 -- drivers/staging/rtl8712/rtl871x_rf.h | 55 - drivers/staging/rtl8712/rtl871x_security.c | 1386 ------------ drivers/staging/rtl8712/rtl871x_security.h | 218 -- drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 --- drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 - drivers/staging/rtl8712/rtl871x_xmit.c | 1059 --------- drivers/staging/rtl8712/rtl871x_xmit.h | 288 --- drivers/staging/rtl8712/sta_info.h | 132 -- drivers/staging/rtl8712/usb_halinit.c | 307 --- drivers/staging/rtl8712/usb_intf.c | 638 ------ drivers/staging/rtl8712/usb_ops.c | 195 -- drivers/staging/rtl8712/usb_ops.h | 38 - drivers/staging/rtl8712/usb_ops_linux.c | 515 ----- drivers/staging/rtl8712/usb_osintf.h | 35 - drivers/staging/rtl8712/wifi.h | 196 -- drivers/staging/rtl8712/wlan_bssdef.h | 223 -- drivers/staging/rtl8712/xmit_linux.c | 181 -- drivers/staging/rtl8712/xmit_osdep.h | 52 - drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/thunderbolt/tb.c | 2 +- drivers/tty/serial/amba-pl011.c | 2 +- drivers/tty/serial/sc16is7xx.c | 185 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-mediatek.c | 46 +- drivers/ufs/host/ufshcd-pci.c | 70 +- drivers/uio/uio_hv_generic.c | 21 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 8 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/gadget/udc/core.c | 18 +- drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/host/xhci-dbgcap.c | 261 ++- drivers/usb/host/xhci-dbgcap.h | 12 +- drivers/usb/host/xhci-dbgtty.c | 23 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 +- drivers/usb/renesas_usbhs/common.c | 18 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/vfio/iova_bitmap.c | 5 +- drivers/vfio/vfio_main.c | 2 +- drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 +- drivers/video/fbdev/core/fbcon.c | 19 + drivers/video/fbdev/core/fbmem.c | 1 + drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + drivers/watchdog/s3c2410_wdt.c | 10 +- fs/9p/v9fs.c | 9 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 6 +- fs/btrfs/file.c | 10 + fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 3 +- fs/ceph/file.c | 2 - fs/ceph/locks.c | 5 +- fs/direct-io.c | 10 +- fs/eventpoll.c | 139 +- fs/exfat/fatent.c | 11 +- fs/exfat/super.c | 5 +- fs/ext4/fast_commit.c | 2 +- fs/ext4/file.c | 9 +- fs/ext4/xattr.c | 2 +- fs/f2fs/file.c | 1 - fs/hpfs/namei.c | 18 +- fs/iomap/direct-io.c | 12 +- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/libfs.c | 42 + fs/nfs/file.c | 1 - fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 15 +- fs/nfs/nfs4state.c | 3 + fs/nfs/write.c | 3 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 9 +- fs/nilfs2/the_nilfs.c | 3 - fs/ntfs3/inode.c | 1 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/connect.c | 1 + fs/smb/client/smb2inode.c | 2 + fs/smb/client/smb2pdu.c | 7 +- fs/smb/client/transport.c | 10 +- fs/smb/server/smb2pdu.c | 6 +- fs/smb/server/transport_tcp.c | 12 +- include/acpi/pcc.h | 20 + include/linux/array_size.h | 13 + include/linux/ata.h | 1 + include/linux/blk_types.h | 11 +- include/linux/cacheinfo.h | 11 +- include/linux/compiler_types.h | 5 +- include/linux/fbcon.h | 2 + include/linux/filter.h | 22 +- include/linux/fs.h | 7 +- include/linux/host1x.h | 2 + include/linux/kernel.h | 7 +- include/linux/mailbox_client.h | 1 + include/linux/map_benchmark.h | 1 + include/linux/mlx5/driver.h | 2 + include/linux/mlx5/mlx5_ifc.h | 61 + include/linux/pagemap.h | 2 + include/linux/pci.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/string.h | 1 + include/linux/usb/gadget.h | 5 + include/net/bluetooth/hci.h | 12 + include/net/bluetooth/hci_core.h | 8 +- include/net/bluetooth/mgmt.h | 2 +- include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +- include/net/tc_act/tc_connmark.h | 10 +- include/net/tls.h | 6 + include/net/xdp.h | 5 + include/net/xfrm.h | 3 +- include/trace/events/irq.h | 47 + include/uapi/asm-generic/bitsperlong.h | 13 +- include/ufs/ufshcd.h | 7 + include/ufs/ufshci.h | 4 +- kernel/bpf/ringbuf.c | 2 + kernel/events/callchain.c | 10 +- kernel/events/uprobes.c | 7 + kernel/futex/syscalls.c | 106 +- kernel/gcov/gcc_4_7.c | 4 +- kernel/softirq.c | 9 +- kernel/time/timer.c | 7 +- kernel/trace/ftrace.c | 2 + kernel/trace/trace_events_hist.c | 6 +- lib/crypto/Makefile | 2 +- lib/maple_tree.c | 30 +- mm/filemap.c | 173 +- mm/memory.c | 24 +- mm/mempool.c | 32 +- mm/page_alloc.c | 2 +- mm/percpu.c | 8 +- mm/secretmem.c | 2 +- mm/truncate.c | 27 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 +- net/bluetooth/hci_event.c | 34 + net/bluetooth/hci_sync.c | 19 +- net/bluetooth/iso.c | 36 +- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/mgmt.c | 7 +- net/bluetooth/sco.c | 7 + net/bluetooth/smp.c | 31 +- net/bridge/br.c | 5 + net/bridge/br_forward.c | 5 +- net/bridge/br_if.c | 1 + net/bridge/br_input.c | 4 +- net/bridge/br_mst.c | 10 +- net/bridge/br_private.h | 13 +- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 +- net/ceph/debugfs.c | 16 +- net/ceph/osdmap.c | 18 +- net/core/filter.c | 1 + net/core/netpoll.c | 7 +- net/core/page_pool.c | 12 +- net/core/sock.c | 15 +- net/dsa/tag_brcm.c | 10 +- net/ethernet/eth.c | 5 +- net/hsr/hsr_device.c | 3 + net/ipv4/esp4.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv4/netfilter/nf_reject_ipv4.c | 25 + net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 +- net/ipv6/esp6.c | 4 +- net/ipv6/esp6_offload.c | 6 +- net/ipv6/netfilter/nf_reject_ipv6.c | 30 + net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/iface.c | 14 +- net/mac80211/mlme.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/options.c | 54 +- net/mptcp/pm_netlink.c | 26 +- net/mptcp/protocol.c | 125 +- net/mptcp/protocol.h | 5 +- net/mptcp/subflow.c | 8 + net/netfilter/nf_tables_api.c | 15 + net/openvswitch/actions.c | 68 +- net/openvswitch/flow_netlink.c | 64 +- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_bpf.c | 6 +- net/sched/act_connmark.c | 134 +- net/sched/act_ife.c | 12 +- net/sched/cls_bpf.c | 6 +- net/sched/sch_api.c | 10 - net/sched/sch_generic.c | 17 +- net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 +- net/sctp/diag.c | 23 +- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/tls/tls_device.c | 4 +- net/unix/garbage.c | 14 +- net/vmw_vsock/af_vsock.c | 40 +- net/xfrm/espintcp.c | 4 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/drivers/serial-generic.c | 12 +- sound/pci/hda/patch_realtek.c | 17 +- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/lpass-va-macro.c | 2 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/fsl/fsl_sai.c | 3 +- sound/soc/intel/avs/pcm.c | 2 + sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/soc/qcom/sc8280xp.c | 3 + sound/usb/endpoint.c | 5 + sound/usb/mixer.c | 11 +- sound/usb/mixer_s1810c.c | 28 +- sound/usb/quirks.c | 3 + sound/usb/validate.c | 9 +- tools/bpf/bpftool/btf_dumper.c | 2 +- tools/bpf/bpftool/prog.c | 2 +- tools/include/linux/bitmap.h | 1 + tools/include/uapi/asm-generic/bitsperlong.h | 14 +- tools/include/uapi/asm/bitsperlong.h | 6 - tools/lib/bpf/bpf_tracing.h | 2 +- tools/lib/thermal/Makefile | 9 +- tools/power/cpupower/lib/cpuidle.c | 5 +- tools/power/cpupower/lib/cpupower.c | 2 +- .../x86_energy_perf_policy.c | 30 +- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/bpf/test_xsk.sh | 2 + .../selftests/drivers/net/netdevsim/Makefile | 21 + .../selftests/drivers/net/netdevsim/settings | 1 + tools/testing/selftests/net/bareudp.sh | 2 +- tools/testing/selftests/net/fcnal-test.sh | 432 ++-- .../selftests/net/forwarding/local_termination.sh | 2 + tools/testing/selftests/net/gro.c | 101 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 65 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- tools/tracing/latency/latency-collector.c | 2 +- usr/include/headers_check.pl | 2 + 679 files changed, 5917 insertions(+), 30300 deletions(-)

2 days, 6 hours

14
587
0 0

[PATCH] gpiolib: acpi: Add quirk for Dell Precision 7780

by Askar Safin

Dell Precision 7780 often wakes up on its own from suspend. Sometimes wake up happens immediately (i. e. within 7 seconds), sometimes it happens after, say, 30 minutes. Fixes: 1796f808e4bb ("HID: i2c-hid: acpi: Stop setting wakeup_capable") Reported-by: Askar Safin <safinaskar(a)zohomail.com> Link: https://lore.kernel.org/linux-i2c/197ae95ffd8.dc819e60457077.76921204886090… Cc: <stable(a)vger.kernel.org> Tested-by: Askar Safin <safinaskar(a)gmail.com> Signed-off-by: Askar Safin <safinaskar(a)gmail.com> --- drivers/gpio/gpiolib-acpi-quirks.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/gpio/gpiolib-acpi-quirks.c b/drivers/gpio/gpiolib-acpi-quirks.c index 7b95d1b03361..a0116f004975 100644 --- a/drivers/gpio/gpiolib-acpi-quirks.c +++ b/drivers/gpio/gpiolib-acpi-quirks.c @@ -370,6 +370,28 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] __initconst = { .ignore_wake = "ASCP1A00:00@8", }, }, + { + /* + * Spurious wakeups, likely from touchpad controller + * Dell Precision 7780 + * Found in BIOS 1.24.1 + * + * Found in touchpad firmware, installed by Dell Touchpad Firmware Update Utility version 1160.4196.9, A01 + * ( Dell-Touchpad-Firmware-Update-Utility_VYGNN_WIN64_1160.4196.9_A00.EXE ), + * released on 11 Jul 2024 + * + * https://lore.kernel.org/linux-i2c/197ae95ffd8.dc819e60457077.76921204886090… + */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), + DMI_MATCH(DMI_PRODUCT_FAMILY, "Precision"), + DMI_MATCH(DMI_PRODUCT_NAME, "Precision 7780"), + DMI_MATCH(DMI_BOARD_NAME, "0C6JVW"), + }, + .driver_data = &(struct acpi_gpiolib_dmi_quirk) { + .ignore_wake = "VEN_0488:00@355", + }, + }, {} /* Terminating entry */ }; base-commit: 7d0a66e4bb9081d75c82ec4957c50034cb0ea449 (v6.18) -- 2.47.3

2 days, 11 hours

3
2
0 0

[PATCH 0/3] platform/x86: alienware-wmi-wmax: Add support for some newly released models

by Kurt Borja

Hi Ilpo, I managed to get my hands on acpidumps for these models so this is verified against those. Thanks for all your latest reviews! Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> --- Kurt Borja (3): platform/x86: alienware-wmi-wmax: Add support for new Area-51 laptops platform/x86: alienware-wmi-wmax: Add AWCC support for Alienware x16 platform/x86: alienware-wmi-wmax: Add support for Alienware 16X Aurora drivers/platform/x86/dell/alienware-wmi-wmax.c | 32 ++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) --- base-commit: 9b9c0adbc3f8a524d291baccc9d0c04097fb4869 change-id: 20251111-area-51-7e6c2501e4eb -- ~ Kurt

2 days, 11 hours

3
7
0 0

IAA Mobility 2025 Leads – Instant Access

by Grace Taylor

Hi, We now have the verified International IAA Mobility 2025 Database with 501,479 attendees and 750 exhibitors. Each contact includes: names, job titles, company details, locations, phone numbers, and verified email addresses — all carefully sourced and checked for accuracy. delivered within 48 hours. Season-End Offer: 30% Discount on All Databases. Reply “Send me the cost” to get pricing and more details. Best regards, Grace Taylor Sr. Marketing Manager P.S. Reply “Unfollow” to opt out.

2 days, 17 hours

1
0
0 0

[PATCH] usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe()

by Haoxiang Li

In error paths, call typec_altmode_put_plug() to drop the device reference obtained by typec_altmode_get_plug(). Fixes: 71ba4fe56656 ("usb: typec: altmodes/displayport: add SOP' support") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- drivers/usb/typec/altmodes/displayport.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c index 1dcb77faf85d..5d02c97e256e 100644 --- a/drivers/usb/typec/altmodes/displayport.c +++ b/drivers/usb/typec/altmodes/displayport.c @@ -764,12 +764,16 @@ int dp_altmode_probe(struct typec_altmode *alt) if (!(DP_CAP_PIN_ASSIGN_DFP_D(port->vdo) & DP_CAP_PIN_ASSIGN_UFP_D(alt->vdo)) && !(DP_CAP_PIN_ASSIGN_UFP_D(port->vdo) & - DP_CAP_PIN_ASSIGN_DFP_D(alt->vdo))) - return -ENODEV; + DP_CAP_PIN_ASSIGN_DFP_D(alt->vdo))) { + typec_altmode_put_plug(plug); + return -ENODEV; + } dp = devm_kzalloc(&alt->dev, sizeof(*dp), GFP_KERNEL); - if (!dp) + if (!dp) { + typec_altmode_put_plug(plug); return -ENOMEM; + } INIT_WORK(&dp->work, dp_altmode_work); mutex_init(&dp->lock); -- 2.25.1

2 days, 20 hours

1
0
0 0

[for-linus][PATCH 02/15] tracing: Fix fixed array of synthetic event

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The commit 4d38328eb442d ("tracing: Fix synth event printk format for str fields") replaced "%.*s" with "%s" but missed removing the number size of the dynamic and static strings. The commit e1a453a57bc7 ("tracing: Do not add length to print format in synthetic events") fixed the dynamic part but did not fix the static part. That is, with the commands: # echo 's:wake_lat char[] wakee; u64 delta;' >> /sys/kernel/tracing/dynamic_events # echo 'hist:keys=pid:ts=common_timestamp.usecs if !(common_flags & 0x18)' > /sys/kernel/tracing/events/sched/sched_waking/trigger # echo 'hist:keys=next_pid:delta=common_timestamp.usecs-$ts:onmatch(sched.sched_waking).trace(wake_lat,next_comm,$delta)' > /sys/kernel/tracing/events/sched/sched_switch/trigger That caused the output of: <idle>-0 [001] d..5. 193.428167: wake_lat: wakee=(efault)sshd-sessiondelta=155 sshd-session-879 [001] d..5. 193.811080: wake_lat: wakee=(efault)kworker/u34:5delta=58 <idle>-0 [002] d..5. 193.811198: wake_lat: wakee=(efault)bashdelta=91 The commit e1a453a57bc7 fixed the part where the synthetic event had "char[] wakee". But if one were to replace that with a static size string: # echo 's:wake_lat char[16] wakee; u64 delta;' >> /sys/kernel/tracing/dynamic_events Where "wakee" is defined as "char[16]" and not "char[]" making it a static size, the code triggered the "(efaul)" again. Remove the added STR_VAR_LEN_MAX size as the string is still going to be nul terminated. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Douglas Raillard <douglas.raillard(a)arm.com> Link: https://patch.msgid.link/20251204151935.5fa30355@gandalf.local.home Fixes: e1a453a57bc7 ("tracing: Do not add length to print format in synthetic events") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_synth.c | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c index 2f19bbe73d27..4554c458b78c 100644 --- a/kernel/trace/trace_events_synth.c +++ b/kernel/trace/trace_events_synth.c @@ -375,7 +375,6 @@ static enum print_line_t print_synth_event(struct trace_iterator *iter, n_u64++; } else { trace_seq_printf(s, print_fmt, se->fields[i]->name, - STR_VAR_LEN_MAX, (char *)&entry->fields[n_u64].as_u64, i == se->n_fields - 1 ? "" : " "); n_u64 += STR_VAR_LEN_MAX / sizeof(u64); -- 2.51.0

3 days, 2 hours

1
0
0 0

[PATCH v3 1/2] drm/xe: Limit num_syncs to prevent oversized allocations

by Shuicheng Lin

The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessively large allocation, leading to kernel warnings from the page allocator as below. Introduce DRM_XE_MAX_SYNCS (set to 1024) and reject any request exceeding this limit. " ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180 mm/page_alloc.c:5124 ... Call Trace: <TASK> alloc_pages_mpol+0xe4/0x330 mm/mempolicy.c:2416 ___kmalloc_large_node+0xd8/0x110 mm/slub.c:4317 __kmalloc_large_node_noprof+0x18/0xe0 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kmalloc_noprof+0x3d4/0x4b0 mm/slub.c:4388 kmalloc_noprof include/linux/slab.h:909 [inline] kmalloc_array_noprof include/linux/slab.h:948 [inline] xe_exec_ioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xe_exec.c:158 drm_ioctl_kernel+0x1f1/0x3e0 drivers/gpu/drm/drm_ioctl.c:797 drm_ioctl+0x5e7/0xc50 drivers/gpu/drm/drm_ioctl.c:894 xe_drm_ioctl+0x10b/0x170 drivers/gpu/drm/xe/xe_device.c:224 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl fs/ioctl.c:584 [inline] __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xbb/0x380 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... " v2: Add "Reported-by" and Cc stable kernels. v3: Change XE_MAX_SYNCS from 64 to 1024. (Matt & Ashutosh) v4: s/XE_MAX_SYNCS/DRM_XE_MAX_SYNCS/ (Matt) v5: Do the check at the top of the exec func. (Matt) Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Reported-by: Koen Koning <koen.koning(a)intel.com> Reported-by: Peter Senna Tschudin <peter.senna(a)linux.intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6450 Cc: <stable(a)vger.kernel.org> # v6.12+ Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: Carl Zhang <carl.zhang(a)intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Ivan Briano <ivan.briano(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 3 ++- drivers/gpu/drm/xe/xe_vm.c | 3 +++ include/uapi/drm/xe_drm.h | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 4d81210e41f5..fd9480031750 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -132,7 +132,8 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) if (XE_IOCTL_DBG(xe, args->extensions) || XE_IOCTL_DBG(xe, args->pad[0] || args->pad[1] || args->pad[2]) || - XE_IOCTL_DBG(xe, args->reserved[0] || args->reserved[1])) + XE_IOCTL_DBG(xe, args->reserved[0] || args->reserved[1]) || + XE_IOCTL_DBG(xe, args->num_syncs > DRM_XE_MAX_SYNCS)) return -EINVAL; q = xe_exec_queue_lookup(xef, args->exec_queue_id); diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index c2012d20faa6..24eced1d970c 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -3341,6 +3341,9 @@ static int vm_bind_ioctl_check_args(struct xe_device *xe, struct xe_vm *vm, if (XE_IOCTL_DBG(xe, args->extensions)) return -EINVAL; + if (XE_IOCTL_DBG(xe, args->num_syncs > DRM_XE_MAX_SYNCS)) + return -EINVAL; + if (args->num_binds > 1) { u64 __user *bind_user = u64_to_user_ptr(args->vector_of_binds); diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h index 876a076fa6c0..f7f3573b8d6f 100644 --- a/include/uapi/drm/xe_drm.h +++ b/include/uapi/drm/xe_drm.h @@ -1484,6 +1484,7 @@ struct drm_xe_exec { /** @exec_queue_id: Exec queue ID for the batch buffer */ __u32 exec_queue_id; +#define DRM_XE_MAX_SYNCS 1024 /** @num_syncs: Amount of struct drm_xe_sync in array. */ __u32 num_syncs; -- 2.50.1

3 days, 3 hours

2
1
0 0

[PATCH v2 1/2] drm/xe: Limit num_syncs to prevent oversized allocations

by Shuicheng Lin

The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessively large allocation, leading to kernel warnings from the page allocator as below. Introduce DRM_XE_MAX_SYNCS (set to 1024) and reject any request exceeding this limit. " ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180 mm/page_alloc.c:5124 ... Call Trace: <TASK> alloc_pages_mpol+0xe4/0x330 mm/mempolicy.c:2416 ___kmalloc_large_node+0xd8/0x110 mm/slub.c:4317 __kmalloc_large_node_noprof+0x18/0xe0 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kmalloc_noprof+0x3d4/0x4b0 mm/slub.c:4388 kmalloc_noprof include/linux/slab.h:909 [inline] kmalloc_array_noprof include/linux/slab.h:948 [inline] xe_exec_ioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xe_exec.c:158 drm_ioctl_kernel+0x1f1/0x3e0 drivers/gpu/drm/drm_ioctl.c:797 drm_ioctl+0x5e7/0xc50 drivers/gpu/drm/drm_ioctl.c:894 xe_drm_ioctl+0x10b/0x170 drivers/gpu/drm/xe/xe_device.c:224 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl fs/ioctl.c:584 [inline] __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xbb/0x380 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... " v2: Add "Reported-by" and Cc stable kernels. v3: Change XE_MAX_SYNCS from 64 to 1024. (Matt & Ashutosh) v4: s/XE_MAX_SYNCS/DRM_XE_MAX_SYNCS/ (Matt) Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Reported-by: Koen Koning <koen.koning(a)intel.com> Reported-by: Peter Senna Tschudin <peter.senna(a)linux.intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6450 Cc: <stable(a)vger.kernel.org> # v6.12+ Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: Carl Zhang <carl.zhang(a)intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Ivan Briano <ivan.briano(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 5 +++++ drivers/gpu/drm/xe/xe_vm.c | 3 +++ include/uapi/drm/xe_drm.h | 1 + 3 files changed, 9 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 4d81210e41f5..0356d40ee8e4 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -162,6 +162,11 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) } if (args->num_syncs) { + if (XE_IOCTL_DBG(xe, args->num_syncs > DRM_XE_MAX_SYNCS)) { + err = -EINVAL; + goto err_exec_queue; + } + syncs = kcalloc(args->num_syncs, sizeof(*syncs), GFP_KERNEL); if (!syncs) { err = -ENOMEM; diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index c2012d20faa6..24eced1d970c 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -3341,6 +3341,9 @@ static int vm_bind_ioctl_check_args(struct xe_device *xe, struct xe_vm *vm, if (XE_IOCTL_DBG(xe, args->extensions)) return -EINVAL; + if (XE_IOCTL_DBG(xe, args->num_syncs > DRM_XE_MAX_SYNCS)) + return -EINVAL; + if (args->num_binds > 1) { u64 __user *bind_user = u64_to_user_ptr(args->vector_of_binds); diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h index 876a076fa6c0..f7f3573b8d6f 100644 --- a/include/uapi/drm/xe_drm.h +++ b/include/uapi/drm/xe_drm.h @@ -1484,6 +1484,7 @@ struct drm_xe_exec { /** @exec_queue_id: Exec queue ID for the batch buffer */ __u32 exec_queue_id; +#define DRM_XE_MAX_SYNCS 1024 /** @num_syncs: Amount of struct drm_xe_sync in array. */ __u32 num_syncs; -- 2.50.1

3 days, 4 hours

2
1
0 0

[PATCH 6.1.y RESEND] KVM: arm64: silence -Wuninitialized-const-pointer warning

by Justin Stitt

A new warning in Clang 22 [1] complains that @clidr passed to get_clidr_el1() is an uninitialized const pointer. get_clidr_el1() doesn't really care since it casts away the const-ness anyways. Silence the warning by initializing the struct. This patch won't apply to anything past v6.1 as this code section was reworked in Commit 7af0c2534f4c ("KVM: arm64: Normalize cache configuration"). There is no upstream equivalent so this patch only needs to be applied (stable only) to 6.1. Cc: stable(a)vger.kernel.org Fixes: 7c8c5e6a9101e ("arm64: KVM: system register handling") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Signed-off-by: Justin Stitt <justinstitt(a)google.com> --- Resending this with Nathan's RB tag, an updated commit log and better recipients from checkpatch.pl. I've also sent a similar patch resend for 5.15 --- arch/arm64/kvm/sys_regs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index f4a7c5abcbca..d7ebd7387221 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2948,7 +2948,7 @@ int kvm_sys_reg_table_init(void) { bool valid = true; unsigned int i; - struct sys_reg_desc clidr; + struct sys_reg_desc clidr = {0}; /* Make sure tables are unique and in order. */ valid &= check_sysreg_table(sys_reg_descs, ARRAY_SIZE(sys_reg_descs), false); --- base-commit: 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 change-id: 20250724-b4-clidr-unint-const-ptr-7edb960bc3bd Best regards, -- Justin Stitt <justinstitt(a)google.com>

3 days, 4 hours

2
3
0 0

[PATCH 6.1.y RESEND v2] KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning

by Justin Stitt

A new warning in Clang 22 [1] complains that @clidr passed to get_clidr_el1() is an uninitialized const pointer. get_clidr_el1() doesn't really care since it casts away the const-ness anyways -- it is a false positive. This patch isn't needed for anything past 6.1 as this code section was reworked in Commit 7af0c2534f4c ("KVM: arm64: Normalize cache configuration") which incidentally removed the aforementioned warning. Since there is no upstream equivalent, this patch just needs to be applied to 6.1. Disable this warning for sys_regs.o instead of backporting the patches from 6.2+ that modified this code area. Cc: stable(a)vger.kernel.org Fixes: 7c8c5e6a9101e ("arm64: KVM: system register handling") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> --- Changes in v2: - disable warning for TU instead of initialising the struct - update commit message - Link to v1: https://lore.kernel.org/all/20250724-b4-clidr-unint-const-ptr-v1-1-67c4d620… - Link to v1 resend (sent wrong diff, thanks Nathan): https://lore.kernel.org/all/20251204-b4-clidr-unint-const-ptr-v1-1-95161315… --- arch/arm64/kvm/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile index 5e33c2d4645a..5fdb5331bfad 100644 --- a/arch/arm64/kvm/Makefile +++ b/arch/arm64/kvm/Makefile @@ -24,6 +24,9 @@ kvm-y += arm.o mmu.o mmio.o psci.o hypercalls.o pvtime.o \ kvm-$(CONFIG_HW_PERF_EVENTS) += pmu-emul.o pmu.o +# Work around a false positive Clang 22 -Wuninitialized-const-pointer warning +CFLAGS_sys_regs.o := $(call cc-disable-warning, uninitialized-const-pointer) + always-y := hyp_constants.h hyp-constants.s define rule_gen_hyp_constants --- base-commit: 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 change-id: 20250728-stable-disable-unit-ptr-warn-281fee82539c Best regards, -- Justin Stitt <justinstitt(a)google.com>

3 days, 4 hours

1
0
0 0

[PATCH] ARM: dts: integrator: Fix DMA ranges mismatch warning on IM-PD1

by Kuan-Wei Chiu

When compiling the device tree for the Integrator/AP with IM-PD1, the following warning is observed regarding the display controller node: arch/arm/boot/dts/arm/integratorap-im-pd1.dts:251.3-14: Warning (dma_ranges_format): /bus@c0000000/bus@c0000000/display@1000000:dma-ranges: empty "dma-ranges" property but its #address-cells (2) differs from /bus@c0000000/bus@c0000000 (1) The display node specifies an empty "dma-ranges" property, intended to describe a 1:1 identity mapping. However, the node lacks explicit "#address-cells" and "#size-cells" properties. In this case, the device tree compiler defaults the address cells to 2 (64-bit), which conflicts with the parent bus configuration (32-bit, 1 cell). Fix this by explicitly defining "#address-cells" and "#size-cells" as 1. This matches the 32-bit architecture of the Integrator platform and ensures the address translation range is correctly parsed by the compiler. Fixes: 7bea67a99430 ("ARM: dts: integrator: Fix DMA ranges") Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- arch/arm/boot/dts/arm/integratorap-im-pd1.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/boot/dts/arm/integratorap-im-pd1.dts b/arch/arm/boot/dts/arm/integratorap-im-pd1.dts index db13e09f2fab..6d90d9a42dc9 100644 --- a/arch/arm/boot/dts/arm/integratorap-im-pd1.dts +++ b/arch/arm/boot/dts/arm/integratorap-im-pd1.dts @@ -248,6 +248,8 @@ display@1000000 { /* 640x480 16bpp @ 25.175MHz is 36827428 bytes/s */ max-memory-bandwidth = <40000000>; memory-region = <&impd1_ram>; + #address-cells = <1>; + #size-cells = <1>; dma-ranges; port@0 { -- 2.52.0.177.g9f829587af-goog

3 days, 4 hours

2
1
0 0

[PATCH] drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb

by Lyude Paul

Since we recently started warning about uses of this function after the atomic check phase completes, we've started getting warnings about this in nouveau. It appears a misplaced drm_atomic_get_crtc_state() call has been hiding in our .prepare_fb callback for a while. So, fix this by adding a new nv50_head_atom_get_new() function and use that in our .prepare_fb callback instead. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: 1590700d94ac ("drm/nouveau/kms/nv50-: split each resource type into their own source files") Cc: <stable(a)vger.kernel.org> # v4.18+ Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 +++++++++++++ drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/atom.h b/drivers/gpu/drm/nouveau/dispnv50/atom.h index 93f8f4f645784..85b7cf70d13c4 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/atom.h +++ b/drivers/gpu/drm/nouveau/dispnv50/atom.h @@ -152,8 +152,21 @@ static inline struct nv50_head_atom * nv50_head_atom_get(struct drm_atomic_state *state, struct drm_crtc *crtc) { struct drm_crtc_state *statec = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(statec)) return (void *)statec; + + return nv50_head_atom(statec); +} + +static inline struct nv50_head_atom * +nv50_head_atom_get_new(struct drm_atomic_state *state, struct drm_crtc *crtc) +{ + struct drm_crtc_state *statec = drm_atomic_get_new_crtc_state(state, crtc); + + if (IS_ERR(statec)) + return (void*)statec; + return nv50_head_atom(statec); } diff --git a/drivers/gpu/drm/nouveau/dispnv50/wndw.c b/drivers/gpu/drm/nouveau/dispnv50/wndw.c index ef9e410babbfb..9a2c20fce0f3e 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/wndw.c +++ b/drivers/gpu/drm/nouveau/dispnv50/wndw.c @@ -583,7 +583,7 @@ nv50_wndw_prepare_fb(struct drm_plane *plane, struct drm_plane_state *state) asyw->image.offset[0] = nvbo->offset; if (wndw->func->prepare) { - asyh = nv50_head_atom_get(asyw->state.state, asyw->state.crtc); + asyh = nv50_head_atom_get_new(asyw->state.state, asyw->state.crtc); if (IS_ERR(asyh)) return PTR_ERR(asyh); -- 2.52.0

3 days, 6 hours

1
0
0 0

[PATCH 1/3] drm/xe/exec: Limit num_syncs to prevent oversized allocations

by Shuicheng Lin

The exec ioctl allows userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessively large allocation, leading to kernel warnings from the page allocator as below. Introduce XE_MAX_SYNCS (set to 1024) and reject any request exceeding this limit. " ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180 mm/page_alloc.c:5124 ... Call Trace: <TASK> alloc_pages_mpol+0xe4/0x330 mm/mempolicy.c:2416 ___kmalloc_large_node+0xd8/0x110 mm/slub.c:4317 __kmalloc_large_node_noprof+0x18/0xe0 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kmalloc_noprof+0x3d4/0x4b0 mm/slub.c:4388 kmalloc_noprof include/linux/slab.h:909 [inline] kmalloc_array_noprof include/linux/slab.h:948 [inline] xe_exec_ioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xe_exec.c:158 drm_ioctl_kernel+0x1f1/0x3e0 drivers/gpu/drm/drm_ioctl.c:797 drm_ioctl+0x5e7/0xc50 drivers/gpu/drm/drm_ioctl.c:894 xe_drm_ioctl+0x10b/0x170 drivers/gpu/drm/xe/xe_device.c:224 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl fs/ioctl.c:584 [inline] __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xbb/0x380 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... " v2: Add "Reported-by" and Cc stable kernels. v3: Change XE_MAX_SYNCS from 64 to 1024. (Matt & Ashutosh) Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6450 Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Reported-by: Koen Koning <koen.koning(a)intel.com> Reported-by: Peter Senna Tschudin <peter.senna(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.12+ Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: Carl Zhang <carl.zhang(a)intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Ivan Briano <ivan.briano(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 5 +++++ include/uapi/drm/xe_drm.h | 1 + 2 files changed, 6 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 4d81210e41f5..fdc7d410defa 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -162,6 +162,11 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) } if (args->num_syncs) { + if (XE_IOCTL_DBG(xe, args->num_syncs > XE_MAX_SYNCS)) { + err = -EINVAL; + goto err_exec_queue; + } + syncs = kcalloc(args->num_syncs, sizeof(*syncs), GFP_KERNEL); if (!syncs) { err = -ENOMEM; diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h index 876a076fa6c0..ae040989fca8 100644 --- a/include/uapi/drm/xe_drm.h +++ b/include/uapi/drm/xe_drm.h @@ -1237,6 +1237,7 @@ struct drm_xe_vm_bind { /** @pad2: MBZ */ __u32 pad2; +#define XE_MAX_SYNCS 1024 /** @num_syncs: amount of syncs to wait on */ __u32 num_syncs; -- 2.50.1

3 days, 6 hours

2
1
0 0

[PATCH 1/2] gpio: rockchip: Call pinctrl for gpio config

by Matthijs Kooijman

Pinctrl is responsible for bias settings and possibly other pin config, so call gpiochip_generic_config to apply such config values. This might also include settings that pinctrl does not support, but then it can return ENOTSUPP as appropriate. This makes sure any bias and other pin config set by userspace (via gpiod) actually takes effect. Cc: stable(a)vger.kernel.org Signed-off-by: Matthijs Kooijman <matthijs(a)stdin.nl> --- drivers/gpio/gpio-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-rockchip.c b/drivers/gpio/gpio-rockchip.c index 47174eb3ba76f..106f7f734b4ff 100644 --- a/drivers/gpio/gpio-rockchip.c +++ b/drivers/gpio/gpio-rockchip.c @@ -303,7 +303,7 @@ static int rockchip_gpio_set_config(struct gpio_chip *gc, unsigned int offset, */ return -ENOTSUPP; default: - return -ENOTSUPP; + return gpiochip_generic_config(gc, offset, config); } } -- 2.48.1

3 days, 7 hours

1
0
0 0

[PATCH 2/3] drm/xe/vm: Limit num_syncs to prevent oversized allocations

by Shuicheng Lin

The VM_BIND ioctl did not validate args->num_syncs, allowing userspace to pass excessively large values that could lead to oversized allocations or other unexpected behavior. Add a check to ensure num_syncs does not exceed XE_MAX_SYNCS, returning -EINVAL when the limit is violated. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> # v6.12+ Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: Carl Zhang <carl.zhang(a)intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Ivan Briano <ivan.briano(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> --- drivers/gpu/drm/xe/xe_vm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index c2012d20faa6..2ada14ed1f3c 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -3341,6 +3341,9 @@ static int vm_bind_ioctl_check_args(struct xe_device *xe, struct xe_vm *vm, if (XE_IOCTL_DBG(xe, args->extensions)) return -EINVAL; + if (XE_IOCTL_DBG(xe, args->num_syncs > XE_MAX_SYNCS)) + return -EINVAL; + if (args->num_binds > 1) { u64 __user *bind_user = u64_to_user_ptr(args->vector_of_binds); -- 2.50.1

3 days, 8 hours

1
0
0 0

[PATCH net 0/4] mptcp: misc fixes for v6.19-rc1

by Matthieu Baerts (NGI0)

Here are various unrelated fixes: - Patches 1-2: ignore unknown in-kernel PM endpoint flags instead of pretending they are supported. A fix for v5.7. - Patch 3: avoid potential unnecessary rtx timer expiration. A fix for v5.15. - Patch 4: avoid a deadlock on fallback in case of SKB creation failure while re-injecting. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (2): mptcp: pm: ignore unknown endpoint flags selftests: mptcp: pm: ensure unknown flags are ignored Paolo Abeni (2): mptcp: schedule rtx timer only after pushing data mptcp: avoid deadlock on fallback while reinjecting include/uapi/linux/mptcp.h | 1 + net/mptcp/pm_netlink.c | 3 ++- net/mptcp/protocol.c | 22 ++++++++++++++-------- tools/testing/selftests/net/mptcp/pm_netlink.sh | 4 ++++ tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 11 +++++++++++ 5 files changed, 32 insertions(+), 9 deletions(-) --- base-commit: 0373d5c387f24de749cc22e694a14b3a7c7eb515 change-id: 20251205-net-mptcp-misc-fixes-6-19-rc1-5174bd3df981 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

3 days, 8 hours

1
4
0 0

[PATCH 5.15 000/387] 5.15.197-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.197 release. There are 387 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 06 Dec 2025 16:37:24 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.197-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.197-rc2 Daniel T. Lee <danieltimlee(a)gmail.com> libbpf: Fix invalid return address register in s390 Yixun Lan <dlan(a)gentoo.org> libbpf, riscv: Use a0 for RC register Ilya Leoshkevich <iii(a)linux.ibm.com> libbpf: Fix riscv register names Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in loop3 Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we Alex Lu <alex_lu(a)realsil.com.cn> Bluetooth: Add more enc key size check Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: renesas_usbhs: Convert to platform remove callback returning void Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: rm: set backup flag Philipp Hortmann <philipp.g.hortmann(a)gmail.com> staging: rtl8712: Remove driver using deprecated API wext ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: sja1105: simplify static configuration reload Andrew Lunn <andrew(a)lunn.ch> net: dsa: sja1105: Convert to mdiobus_c45_read Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Gulam Mohamed <gulam.mohamed(a)oracle.com> Revert "block: don't add or resize partition on the disk with GENHD_FL_NO_PART" Gulam Mohamed <gulam.mohamed(a)oracle.com> Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()" Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix fallback note due to OoO André Draszik <andre.draszik(a)linaro.org> pmdomain: samsung: plug potential memleak during probe Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Shawn Lin <shawn.lin(a)rock-chips.com> mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Omar Sandoval <osandov(a)fb.com> btrfs: fix crash on racing fsync and size-extending write into prealloc Filipe Manana <fdmanana(a)suse.com> btrfs: add helper to truncate inode items when logging inode Nick Desaulniers <ndesaulniers(a)google.com> Makefile.compiler: replace cc-ifversion with compiler-specific macros Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Lance Yang <lance.yang(a)linux.dev> mm/secretmem: fix use-after-free race in fault handler Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Alejandro Colomar <alx(a)kernel.org> kernel.h: Move ARRAY_SIZE() to a separate header Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: handle errno on tcf_idr_check_alloc Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Eric Dumazet <edumazet(a)google.com> bpf: Add bpf_prog_run_data_pointers() Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Eric Dumazet <edumazet(a)google.com> net_sched: act_connmark: use RCU in tcf_connmark_dump() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: transition to percpu stats and rcu Zhengchao Shao <shaozhengchao(a)huawei.com> net: sched: act_connmark: get rid of tcf_connmark_walker and tcf_connmark_search Zhengchao Shao <shaozhengchao(a)huawei.com> net: sched: act: move global static variable net_id to tc_action_ops Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Scott Mayhew <smayhew(a)redhat.com> NFS: check if suid/sgid was cleared after a write as needed Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: set test timeout to 10 minutes Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Yuta Hayama <hayama(a)lineo.co.jp> rtc: rx8025: fix incorrect register reference Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix a possible memory leak in bnxt_ptp_init Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: PTP: Refactor PTP initialization functions Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Wang Liang <wangliang74(a)huawei.com> selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh David Wei <dw(a)davidwei.uk> netdevsim: add Makefile for selftests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: use destination options instead of hop-by-hop Richard Gobert <richardbgobert(a)gmail.com> selftests/net: fix GRO coalesce test and add ext header coalesce tests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: fix out-of-order delivery of FIN in gro:tcp test Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx Josephine Pfeiffer <hi(a)josie.lol> riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Initialize all cores to max frequencies Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Matthias Schiffer <matthias.schiffer(a)tq-group.com> clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Ryan Wanner <Ryan.Wanner(a)microchip.com> clk: at91: clk-master: Add check for divide by 3 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Josua Mayer <josua(a)solid-run.com> rtc: pcf2127: clear minute/second interrupt Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong WQE data when QP wraps around Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Set irdma_cq cq_num field during CQ create Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Remove unused struct irdma_cq fields Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Fix SD index calculation Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Seyediman Seyedarab <ImanDevel(a)gmail.com> iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Robert Marko <robert.marko(a)sartura.hr> net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Jakub Kicinski <kuba(a)kernel.org> page_pool: always add GFP_NOWARN for ATOMIC allocations Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't reply to icmp error messages Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Michael Riesch <michael.riesch(a)collabora.com> phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ntfs3: pretend $Extend records as regular files Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata Antonino Maniscalco <antomani103(a)gmail.com> drm/msm: make sure to not queue up recovery more than once Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy_7nm: Fix missing initial VCO rate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Miroslav Lichvar <mlichvar(a)redhat.com> ptp: Limit time setting of PTP clocks Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Fix controller init failure on fault during queue creation Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Lukas Wunner <lukas(a)wunner.de> thunderbolt: Use is_pciehp instead of is_hotplug_bridge Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Set crtc modesetting parameters with adjusted mode Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on aldebaran Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: fix error return value in cpupower_write_sysfs() Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Daniel Wagner <wagi(a)kernel.org> nvmet-fc: avoid scheduling association deletion twice Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Fabien Proriol <fabien.proriol(a)viavisolutions.com> power: supply: sbs-charger: Support multiple devices Chuande Chen <chuachen(a)cisco.com> hwmon: (sbtsi_temp) AMD CPU extended temperature range support Hans de Goede <hansg(a)kernel.org> ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] Shang song (Lenovo) <shangsong2(a)foxmail.com> ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> soc: ti: pruss: don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Ryan Chen <ryan_chen(a)aspeedtech.com> soc: aspeed: socinfo: Add AST27xx silicon IDs Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Thomas Zimmermann <tzimmermann(a)suse.de> drm/sysfb: Do not dereference NULL pointer in plane reset Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix race in drm_sched_entity_select_rq() Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Revert "docs/process/howto: Replace C89 with C11" Matthieu Baerts (NGI0) <matttbe(a)kernel.org> arch: back to -std=gnu89 in < v5.18 Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Uday M Bhat <uday.m.bhat(a)intel.com> xhci: dbc: Allow users to modify DbC poll interval via sysfs Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: poll at different rate depending on data transfer activity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Provide sysfs option to configure dbc descriptors Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Biju Das <biju.das.jz(a)bp.renesas.com> ravb: Exclude gPTP feature support for RZ/G2L Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Jijie Shao <shaojijie(a)huawei.com> net: hns3: return error code when function fails Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix powerpc's stack register definition in bpf_tracing.h Andrii Nakryiko <andrii(a)kernel.org> libbpf: Normalize PT_REGS_xxx() macro definitions Björn Töpel <bjorn(a)kernel.org> riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h Ondrej Mosnacek <omosnace(a)redhat.com> bpf: Do not audit capability check in do_jit() Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Paolo Abeni <pabeni(a)redhat.com> mptcp: restore window probe Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 62 + .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +- .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- Documentation/kbuild/makefiles.rst | 29 +- Documentation/process/howto.rst | 2 +- Documentation/translations/it_IT/process/howto.rst | 2 +- Documentation/translations/ja_JP/howto.rst | 2 +- Documentation/translations/ko_KR/howto.rst | 2 +- Documentation/translations/zh_CN/process/howto.rst | 2 +- Documentation/translations/zh_TW/process/howto.rst | 2 +- MAINTAINERS | 7 +- Makefile | 10 +- arch/arc/include/asm/bitops.h | 2 + arch/arm/crypto/Kconfig | 2 +- arch/arm/mach-at91/pm_suspend.S | 8 +- arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/loongson64/Platform | 2 +- arch/mips/mm/tlb-r4k.c | 102 +- arch/mips/mti-malta/malta-init.c | 20 +- arch/parisc/boot/compressed/Makefile | 2 +- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/cpu-hotplug.c | 1 + arch/riscv/mm/ptdump.c | 2 +- arch/s390/Makefile | 6 +- arch/s390/purgatory/Makefile | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 17 +- arch/x86/events/core.c | 10 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- arch/x86/kernel/kvm.c | 20 +- arch/x86/net/bpf_jit_comp.c | 2 +- block/partitions/core.c | 5 - drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/prmt.c | 19 +- drivers/acpi/property.c | 24 +- drivers/acpi/scan.c | 2 + drivers/acpi/video_detect.c | 8 + drivers/ata/libata-scsi.c | 8 + drivers/atm/fore200e.c | 2 + drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clk/at91/clk-master.c | 3 + drivers/clk/ti/clk-33xx.c | 2 + drivers/clocksource/timer-vf-pit.c | 22 +- drivers/cpufreq/longhaul.c | 3 + drivers/cpufreq/tegra186-cpufreq.c | 27 +- drivers/cpuidle/cpuidle.c | 8 +- drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +- drivers/dma/sh/shdmac.c | 17 +- drivers/edac/altera_edac.c | 22 +- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 19 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn30/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn301/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn302/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn303/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn31/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 2 +- .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/drm_gem_atomic_helper.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/i915/i915_vma.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 + drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 3 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tidss/tidss_crtc.c | 7 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 14 +- drivers/hwmon/dell-smm-hwmon.c | 7 + drivers/hwmon/sbtsi_temp.c | 46 +- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/spear_adc.c | 9 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 +- drivers/infiniband/hw/irdma/pble.c | 2 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/hw/irdma/verbs.h | 8 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/iommu/amd/init.c | 28 +- drivers/iommu/intel/debugfs.c | 10 +- drivers/iommu/intel/perf.c | 10 +- drivers/iommu/intel/perf.h | 5 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/md/dm-verity-fec.c | 6 +- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 + drivers/mmc/host/sdhci-of-dwcmshc.c | 2 +- drivers/most/most_usb.c | 14 +- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 23 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/b53/b53_common.c | 15 +- drivers/net/dsa/b53/b53_regs.h | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 +- drivers/net/dsa/sja1105/sja1105_main.c | 71 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 45 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 +- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/microchip/sparx5/Kconfig | 2 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/ravb_main.c | 101 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/marvell.c | 39 +- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 40 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/nvme/host/fc.c | 12 +- drivers/nvme/target/fc.c | 16 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 3 +- drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/power/supply/sbs-charger.c | 16 +- drivers/ptp/ptp_clock.c | 13 +- drivers/regulator/fixed.c | 1 + drivers/remoteproc/qcom_q6v5.c | 5 + drivers/rtc/rtc-pcf2127.c | 4 +- drivers/rtc/rtc-rx8025.c | 2 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/libfc/fc_encode.h | 2 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_els.c | 6 +- drivers/scsi/lpfc/lpfc_init.c | 7 - drivers/scsi/lpfc/lpfc_scsi.c | 14 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 + drivers/scsi/pm8001/pm8001_ctl.c | 24 +- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/scsi/sg.c | 10 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/soc/aspeed/aspeed-socinfo.c | 4 + drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/samsung/pm_domains.c | 11 +- drivers/soc/ti/knav_dma.c | 14 +- drivers/soc/ti/pruss.c | 2 +- drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 + drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/rtl8712/Kconfig | 21 - drivers/staging/rtl8712/Makefile | 35 - drivers/staging/rtl8712/TODO | 13 - drivers/staging/rtl8712/basic_types.h | 28 - drivers/staging/rtl8712/drv_types.h | 176 -- drivers/staging/rtl8712/ethernet.h | 21 - drivers/staging/rtl8712/hal_init.c | 401 ---- drivers/staging/rtl8712/ieee80211.c | 415 ---- drivers/staging/rtl8712/ieee80211.h | 165 -- drivers/staging/rtl8712/mlme_linux.c | 160 -- drivers/staging/rtl8712/mlme_osdep.h | 31 - drivers/staging/rtl8712/mp_custom_oid.h | 287 --- drivers/staging/rtl8712/os_intfs.c | 464 ---- drivers/staging/rtl8712/osdep_intf.h | 32 - drivers/staging/rtl8712/osdep_service.h | 61 - drivers/staging/rtl8712/recv_linux.c | 139 -- drivers/staging/rtl8712/recv_osdep.h | 39 - drivers/staging/rtl8712/rtl8712_bitdef.h | 26 - drivers/staging/rtl8712/rtl8712_cmd.c | 409 ---- drivers/staging/rtl8712/rtl8712_cmd.h | 231 -- drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 96 - drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 - drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 - drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 - .../staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 - .../staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 - drivers/staging/rtl8712/rtl8712_efuse.c | 566 ----- drivers/staging/rtl8712/rtl8712_efuse.h | 43 - drivers/staging/rtl8712/rtl8712_event.h | 86 - drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 -- drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 - drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 - drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 - drivers/staging/rtl8712/rtl8712_hal.h | 142 -- drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 - drivers/staging/rtl8712/rtl8712_io.c | 99 - drivers/staging/rtl8712/rtl8712_led.c | 1830 --------------- .../staging/rtl8712/rtl8712_macsetting_bitdef.h | 34 - .../staging/rtl8712/rtl8712_macsetting_regdef.h | 22 - drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 - drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 - drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 44 - drivers/staging/rtl8712/rtl8712_recv.c | 1079 --------- drivers/staging/rtl8712/rtl8712_recv.h | 145 -- drivers/staging/rtl8712/rtl8712_regdef.h | 32 - drivers/staging/rtl8712/rtl8712_security_bitdef.h | 35 - drivers/staging/rtl8712/rtl8712_spec.h | 124 -- drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 167 -- drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 44 - drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 50 - drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 50 - drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 - drivers/staging/rtl8712/rtl8712_xmit.c | 745 ------- drivers/staging/rtl8712/rtl8712_xmit.h | 108 - drivers/staging/rtl8712/rtl871x_cmd.c | 796 ------- drivers/staging/rtl8712/rtl871x_cmd.h | 764 ------- drivers/staging/rtl8712/rtl871x_debug.h | 130 -- drivers/staging/rtl8712/rtl871x_eeprom.c | 220 -- drivers/staging/rtl8712/rtl871x_eeprom.h | 88 - drivers/staging/rtl8712/rtl871x_event.h | 109 - drivers/staging/rtl8712/rtl871x_ht.h | 33 - drivers/staging/rtl8712/rtl871x_io.c | 147 -- drivers/staging/rtl8712/rtl871x_io.h | 236 -- drivers/staging/rtl8712/rtl871x_ioctl.h | 95 - drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 520 ----- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 - drivers/staging/rtl8712/rtl871x_ioctl_set.c | 355 --- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 - drivers/staging/rtl8712/rtl871x_led.h | 118 - drivers/staging/rtl8712/rtl871x_mlme.c | 1749 --------------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 -- drivers/staging/rtl8712/rtl871x_mp.c | 724 ------ drivers/staging/rtl8712/rtl871x_mp.h | 275 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 -------- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 329 --- drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1037 --------- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 -- drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 - drivers/staging/rtl8712/rtl871x_recv.c | 670 ------ drivers/staging/rtl8712/rtl871x_recv.h | 216 -- drivers/staging/rtl8712/rtl871x_rf.h | 55 - drivers/staging/rtl8712/rtl871x_security.c | 1387 ------------ drivers/staging/rtl8712/rtl871x_security.h | 218 -- drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 --- drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 - drivers/staging/rtl8712/rtl871x_xmit.c | 1059 --------- drivers/staging/rtl8712/rtl871x_xmit.h | 288 --- drivers/staging/rtl8712/sta_info.h | 133 -- drivers/staging/rtl8712/usb_halinit.c | 307 --- drivers/staging/rtl8712/usb_intf.c | 638 ------ drivers/staging/rtl8712/usb_ops.c | 195 -- drivers/staging/rtl8712/usb_ops.h | 38 - drivers/staging/rtl8712/usb_ops_linux.c | 508 ----- drivers/staging/rtl8712/usb_osintf.h | 35 - drivers/staging/rtl8712/wifi.h | 197 -- drivers/staging/rtl8712/wlan_bssdef.h | 223 -- drivers/staging/rtl8712/xmit_linux.c | 187 -- drivers/staging/rtl8712/xmit_osdep.h | 52 - drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/thunderbolt/tb.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 67 +- drivers/tty/serial/amba-pl011.c | 2 +- drivers/uio/uio_hv_generic.c | 21 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 8 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 261 ++- drivers/usb/host/xhci-dbgcap.h | 12 +- drivers/usb/host/xhci-dbgtty.c | 17 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 +- drivers/usb/renesas_usbhs/common.c | 18 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 +- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/file.c | 10 + fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 48 +- fs/ceph/locks.c | 5 +- fs/cifs/connect.c | 1 + fs/exfat/fatent.c | 11 +- fs/exfat/super.c | 5 +- fs/ext4/xattr.c | 2 +- fs/hpfs/namei.c | 18 +- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 15 +- fs/nfs/nfs4state.c | 3 + fs/nfs/write.c | 3 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 3 +- fs/ntfs3/inode.c | 1 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- include/linux/array_size.h | 13 + include/linux/ata.h | 1 + include/linux/blk_types.h | 11 +- include/linux/compiler_types.h | 5 +- include/linux/filter.h | 22 +- include/linux/kernel.h | 7 +- include/linux/mm.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/string.h | 1 + include/linux/usb.h | 16 +- include/net/act_api.h | 1 + include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +- include/net/tc_act/tc_connmark.h | 10 +- include/net/tls.h | 6 + kernel/bpf/ringbuf.c | 2 + kernel/events/uprobes.c | 7 + kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- lib/crypto/Makefile | 2 +- mm/page_alloc.c | 2 +- mm/secretmem.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 +- net/bluetooth/hci_event.c | 21 +- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 + net/bluetooth/smp.c | 31 +- net/bridge/br_forward.c | 3 +- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 +- net/ceph/debugfs.c | 16 +- net/core/netpoll.c | 7 +- net/core/page_pool.c | 12 +- net/core/sock.c | 15 +- net/dsa/tag_brcm.c | 10 +- net/hsr/hsr_device.c | 3 + net/ipv4/netfilter/nf_reject_ipv4.c | 25 + net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 +- net/ipv6/netfilter/nf_reject_ipv6.c | 30 + net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/options.c | 57 +- net/mptcp/pm_netlink.c | 26 +- net/mptcp/protocol.c | 47 +- net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 8 + net/netfilter/nf_tables_api.c | 15 + net/openvswitch/actions.c | 68 +- net/openvswitch/flow_netlink.c | 64 +- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_bpf.c | 19 +- net/sched/act_connmark.c | 154 +- net/sched/act_csum.c | 13 +- net/sched/act_ct.c | 17 +- net/sched/act_ctinfo.c | 13 +- net/sched/act_gact.c | 13 +- net/sched/act_gate.c | 13 +- net/sched/act_ife.c | 25 +- net/sched/act_ipt.c | 31 +- net/sched/act_mirred.c | 13 +- net/sched/act_mpls.c | 13 +- net/sched/act_nat.c | 13 +- net/sched/act_pedit.c | 13 +- net/sched/act_police.c | 13 +- net/sched/act_sample.c | 13 +- net/sched/act_simple.c | 13 +- net/sched/act_skbedit.c | 13 +- net/sched/act_skbmod.c | 13 +- net/sched/act_tunnel_key.c | 13 +- net/sched/act_vlan.c | 13 +- net/sched/cls_bpf.c | 6 +- net/sched/sch_api.c | 10 - net/sched/sch_generic.c | 17 +- net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 +- net/sctp/diag.c | 23 +- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/tls/tls_device.c | 4 +- net/vmw_vsock/af_vsock.c | 40 +- scripts/Makefile.compiler | 10 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/pci/hda/patch_realtek.c | 17 +- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/endpoint.c | 6 + sound/usb/mixer.c | 4 +- sound/usb/mixer_s1810c.c | 28 +- sound/usb/validate.c | 9 +- tools/lib/bpf/bpf_tracing.h | 357 ++- tools/power/cpupower/lib/cpuidle.c | 5 +- tools/power/cpupower/lib/cpupower.c | 2 +- .../x86_energy_perf_policy.c | 30 +- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/progs/loop3.c | 4 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- .../selftests/drivers/net/netdevsim/Makefile | 21 + .../selftests/drivers/net/netdevsim/settings | 1 + tools/testing/selftests/net/bareudp.sh | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/gro.c | 101 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 54 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- tools/tracing/latency/latency-collector.c | 2 +- 518 files changed, 3319 insertions(+), 29496 deletions(-)

3 days, 9 hours

8
10
0 0

[6.12.60 lts] [amdgpu]: regression: broken multi-monitor USB4 dock on Ryzen 7840U

by Péter Bohner

upgrading from 6.12.59 to 6.12.60 broke my USB4 (Dynabook Thunderbolt 4 Dock)'s video output with my Framework 13 (AMD Ryzen 7840U / Radeom 780M igpu) . With two monitors plugged in, only one of them works, the other (always the one on the 'video 2' output) remains blank (but receives signal). relevant dmesg [note: tainted by ZFS] (full output at: https://gist.github.com/x-zvf/128d45d028230438b8777c40759fa997): [drm:amdgpu_dm_process_dmub_aux_transfer_sync [amdgpu]] *ERROR* wait_for_completion_timeout timeout! ------------[ cut here ]------------ WARNING: CPU: 15 PID: 3064 at drivers/gpu/drm/amd/amdgpu/../display/dc/link/hwss/link_hwss_dpia.c:49 update_dpia_stream_allocation_table+0xf2/0x100 [amdgpu] Modules linked in: hid_logitech_hidpp hid_logitech_dj snd_seq_midi snd_seq_midi_event uvcvideo videobuf2_vmalloc uvc videobuf2_memops snd_usb_audio videobuf2_v4l2 videobuf2_common snd_usbmidi_lib snd_ump videodev snd_rawmidi mc cdc_ether usbnet mii uas usb_storage ccm snd_seq_dummy rfcomm snd_hrtimer snd_seq snd_seq_device tun ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_multiport xt_cgroup xt_mark xt_owner xt_tcpudp ip6table_raw iptable_raw ip6table_mangle iptable_mangle ip6table_nat iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc32c_generic ip6table_filter ip6_tables iptable_filter uhid cmac algif_hash algif_skcipher af_alg bnep vfat fat amd_atl intel_rapl_msr intel_rapl_common snd_sof_amd_acp70 snd_sof_amd_acp63 snd_soc_acpi_amd_match snd_sof_amd_vangogh snd_sof_amd_rembrandt snd_sof_amd_renoir snd_sof_amd_acp snd_sof_pci snd_sof_xtensa_dsp snd_sof mt7921e snd_sof_utils mt7921_common snd_pci_ps mt792x_lib snd_hda_codec_realtek snd_amd_sdw_acpi soundwire_amd kvm_amd mt76_connac_lib snd_hda_codec_generic soundwire_generic_allocation snd_hda_scodec_component snd_hda_codec_hdmi mousedev mt76 soundwire_bus snd_hda_intel kvm snd_soc_core snd_intel_dspcfg irqbypass snd_intel_sdw_acpi mac80211 snd_compress ac97_bus crct10dif_pclmul hid_sensor_als snd_pcm_dmaengine snd_hda_codec crc32_pclmul hid_sensor_trigger crc32c_intel snd_rpl_pci_acp6x industrialio_triggered_buffer snd_acp_pci polyval_clmulni kfifo_buf snd_hda_core snd_acp_legacy_common polyval_generic libarc4 hid_sensor_iio_common industrialio ghash_clmulni_intel leds_cros_ec cros_ec_sysfs cros_ec_hwmon cros_kbd_led_backlight cros_charge_control led_class_multicolor gpio_cros_ec cros_ec_chardev cros_ec_debugfs sha512_ssse3 snd_hwdep snd_pci_acp6x hid_multitouch joydev spd5118 hid_sensor_hub cros_ec_dev sha256_ssse3 snd_pcm btusb cfg80211 sha1_ssse3 btrtl aesni_intel snd_pci_acp5x btintel snd_timer snd_rn_pci_acp3x sp5100_tco gf128mul ucsi_acpi crypto_simd btbcm snd_acp_config snd amd_pmf typec_ucsi cryptd snd_soc_acpi i2c_piix4 btmtk bluetooth rapl wmi_bmof pcspkr typec k10temp thunderbolt amdtee soundcore ccp snd_pci_acp3x i2c_smbus rfkill roles cros_ec_lpcs i2c_hid_acpi amd_sfh cros_ec platform_profile i2c_hid tee amd_pmc mac_hid i2c_dev crypto_user dm_mod loop nfnetlink bpf_preload ip_tables x_tables hid_generic usbhid amdgpu zfs(POE) crc16 amdxcp spl(OE) i2c_algo_bit drm_ttm_helper ttm serio_raw drm_exec atkbd gpu_sched libps2 vivaldi_fmap drm_suballoc_helper nvme drm_buddy i8042 drm_display_helper nvme_core video serio cec nvme_auth wmi CPU: 15 UID: 1000 PID: 3064 Comm: kwin_wayland Tainted: P OE 6.12.60-1-lts #1 9b11292f14ae477e878a6bb6a5b5efc27ccf021d Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.16 07/25/2025 RIP: 0010:update_dpia_stream_allocation_table+0xf2/0x100 [amdgpu] Code: d0 0f 1f 00 48 8b 44 24 08 65 48 2b 04 25 28 00 00 00 75 1a 48 83 c4 10 5b 5d 41 5c 41 5d e9 10 ec e3 d9 31 db e9 6f ff ff ff <0f> 0b eb 8a e8 05 09 c3 d9 0f 1f 44 00 00 90 90 90 90 90 90 90 90 RSP: 0018:ffffd26fe3473248 EFLAGS: 00010282 RAX: 00000000ffffffff RBX: 0000000000000025 RCX: 0000000000001140 RDX: 00000000ffffffff RSI: ffffd26fe34731f0 RDI: ffff8bb78c7bb608 RBP: ffff8bb7982c3b88 R08: 00000000ffffffff R09: 0000000000001100 R10: ffffd27000ef9900 R11: ffff8bb78c7bb400 R12: ffff8bb7982ed600 R13: ffff8bb7982c3800 R14: ffff8bb984e402a8 R15: ffff8bb7982c38c8 FS: 000073883c086b80(0000) GS:ffff8bc51e180000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00002020005ba004 CR3: 000000014396e000 CR4: 0000000000f50ef0 PKRU: 55555554 Call Trace: <TASK> ? link_set_dpms_on+0x7a5/0xc70 [amdgpu d75f7e51e39957084964278ab74da83065554c01] link_set_dpms_on+0x806/0xc70 [amdgpu d75f7e51e39957084964278ab74da83065554c01] dce110_apply_single_controller_ctx_to_hw+0x300/0x480 [amdgpu d75f7e51e39957084964278ab74da83065554c01] dce110_apply_ctx_to_hw+0x24c/0x2e0 [amdgpu d75f7e51e39957084964278ab74da83065554c01] ? dcn10_setup_stereo+0x160/0x170 [amdgpu d75f7e51e39957084964278ab74da83065554c01] dc_commit_state_no_check+0x63d/0xeb0 [amdgpu d75f7e51e39957084964278ab74da83065554c01] dc_commit_streams+0x296/0x490 [amdgpu d75f7e51e39957084964278ab74da83065554c01] ? srso_alias_return_thunk+0x5/0xfbef5 ? schedule_timeout+0x133/0x170 amdgpu_dm_atomic_commit_tail+0x6a1/0x3a10 [amdgpu d75f7e51e39957084964278ab74da83065554c01] ? srso_alias_return_thunk+0x5/0xfbef5 ? psi_task_switch+0x113/0x2a0 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? schedule+0x27/0xf0 ? srso_alias_return_thunk+0x5/0xfbef5 ? schedule_timeout+0x133/0x170 ? srso_alias_return_thunk+0x5/0xfbef5 ? dma_fence_default_wait+0x8b/0x230 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? wait_for_completion_timeout+0x12e/0x180 commit_tail+0xae/0x140 drm_atomic_helper_commit+0x13c/0x180 drm_atomic_commit+0xa6/0xe0 ? __pfx___drm_printfn_info+0x10/0x10 drm_mode_atomic_ioctl+0xa60/0xcd0 ? sock_poll+0x51/0x110 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 drm_ioctl_kernel+0xad/0x100 drm_ioctl+0x286/0x500 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 amdgpu_drm_ioctl+0x4a/0x80 [amdgpu d75f7e51e39957084964278ab74da83065554c01] __x64_sys_ioctl+0x91/0xd0 do_syscall_64+0x7b/0x190 ? srso_alias_return_thunk+0x5/0xfbef5 ? __x64_sys_ppoll+0xf8/0x180 ? srso_alias_return_thunk+0x5/0xfbef5 ? syscall_exit_to_user_mode+0x37/0x1c0 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x87/0x190 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x87/0x190 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x87/0x190 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x87/0x190 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x87/0x190 ? srso_alias_return_thunk+0x5/0xfbef5 ? irqentry_exit_to_user_mode+0x2c/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x738842d9b70d Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 RSP: 002b:00007ffe3c7ed230 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000634abd49c210 RCX: 0000738842d9b70d RDX: 00007ffe3c7ed320 RSI: 00000000c03864bc RDI: 0000000000000013 RBP: 00007ffe3c7ed280 R08: 0000634abc4049bc R09: 0000634abce43e80 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3c7ed320 R13: 00000000c03864bc R14: 0000000000000013 R15: 0000634abc404840 </TASK> ---[ end trace 0000000000000000 ]--- regards, ~ Peter

3 days, 9 hours

2
1
0 0

[PATCH 6.1 000/567] 6.1.159-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.159 release. There are 567 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 06 Dec 2025 16:37:18 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.159-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.159-rc2 Alan Stern <stern(a)rowland.harvard.edu> HID: core: Harden s32ton() against conversion to 0 bits Sudeep Holla <sudeep.holla(a)arm.com> i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we Jimmy Hu <hhhuuu(a)google.com> usb: gadget: udc: fix use-after-free in usb_gadget_state_work Kuen-Han Tsai <khtsai(a)google.com> usb: udc: Add trace event for usb_gadget_set_state Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in session logoff Philipp Hortmann <philipp.g.hortmann(a)gmail.com> staging: rtl8712: Remove driver using deprecated API wext Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer transfer luoguangfei <15388634752(a)163.com> net: macb: fix unregister_netdev call order in macb_remove() ChiYuan Huang <cy_huang(a)richtek.com> iio: adc: rtq6056: Correct the sign bit index Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: renesas_usbhs: Convert to platform remove callback returning void NeilBrown <neil(a)brown.name> nfsd: Replace clamp_t in nfsd4_get_drc_mem() ziming zhang <ezrakiez(a)gmail.com> libceph: replace BUG_ON with bounds check for map->max_osd ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: common: Fix checks on irq_find_mapping() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Ivan Zhaldak <i.v.zhaldak(a)gmail.com> ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification David Lechner <dlechner(a)baylibre.com> iio: adc: ad7280a: fix ad7280_store_balance_timer() Valek Andrej <andrej.v(a)skyrain.eu> iio: accel: fix ADXL355 startup race condition Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Jamie Iles <jamie.iles(a)oss.qualcomm.com> mailbox: pcc: don't zero error register Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Refactor error handling in irq handler into separate function Adam Young <admiyo(a)os.amperecomputing.com> mailbox: pcc: Check before sending MCTP PCC response ACK Sudeep Holla <sudeep.holla(a)arm.com> ACPI: PCC: Add PCC shared memory region command and status bitfields Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Support shared interrupt for multiple subspaces Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Add support for platform notification handling Elliot Berman <quic_eberman(a)quicinc.com> mailbox: pcc: Use mbox_bind_client Elliot Berman <quic_eberman(a)quicinc.com> mailbox: Allow direct registration to a channel Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: sja1105: simplify static configuration reload Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix the initialization of taprio Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Pankaj Raghav <p.raghav(a)samsung.com> filemap: cap PTE range to be created to allowed zero fill in folio_map_range() Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure André Draszik <andre.draszik(a)linaro.org> pmdomain: samsung: plug potential memleak during probe Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix fallback note due to OoO Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: rm: set backup flag Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Fabio M. De Francesco <fabio.maria.de.francesco(a)linux.intel.com> mm/mempool: replace kmap_atomic() with kmap_local_page() Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Martin Kaiser <martin(a)kaiser.cx> maple_tree: fix tracepoint string pointers Kiryl Shutsemau <kas(a)kernel.org> mm/truncate: unmap large folio on split failure Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Lance Yang <lance.yang(a)linux.dev> mm/secretmem: fix use-after-free race in fault handler Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Alejandro Colomar <alx(a)kernel.org> kernel.h: Move ARRAY_SIZE() to a separate header Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Mikko Perttunen <mperttunen(a)nvidia.com> gpu: host1x: Select context device based on attached IOMMU Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Oleksij Rempel <linux(a)rempel-privat.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Armen Ratner <armeng(a)nvidia.com> net/mlx5e: Preserve shared buffer capacity during headroom updates Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Do not update SBCM when prio2buffer command is invalid Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: handle errno on tcf_idr_check_alloc Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Fix memory leak in error flow of port set buffer Arnd Bergmann <arnd(a)arndb.de> asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv and loongarch" Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Michal Hocko <mhocko(a)suse.com> mm, percpu: do not consider sleepable allocations atomic Nam Cao <namcao(a)linutronix.de> eventpoll: Replace rwlock with spinlock Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Don't overflow during division for dirty tracking Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: core: Add a quirk to suppress link_startup_again Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: fix received length check in big packets Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: trunc: read all recv data Filipe Manana <fdmanana(a)suse.com> btrfs: do not update last_log_commit when logging inode due to a new name Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Shawn Lin <shawn.lin(a)rock-chips.com> mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reject address change while connecting Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Qinxin Xia <xiaqinxin(a)huawei.com> dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Joshua Rogers <linux(a)joshua.hu> ksmbd: close accepted socket when per-IP limit rejects connection Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Tiezhu Yang <yangtiezhu(a)loongson.cn> asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Sabrina Dubroca <sd(a)queasysnail.net> espintcp: fix skb leaks Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Sumanth Gavini <sumanth.gavini(a)yahoo.com> softirq: Add trace points for tasklet entry/exit Eric Dumazet <edumazet(a)google.com> bpf: Add bpf_prog_run_data_pointers() Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: codecs: va-macro: fix resource leak in probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Perform fast check switch only for online CPUs Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Check _CPC validity for only the online CPUs Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix potentially misleading debug message Gal Pressman <gal(a)nvidia.com> net/mlx5e: Remove mlx5e_dbg() and msglvl support Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Consider internal buffers size in port buffer calculations Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Update shared buffer along with device buffer changes Maher Sanalla <msanalla(a)nvidia.com> net/mlx5e: Add API to query/modify SBPR and SBCM registers Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Expose shared buffer registers bits and structs Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Eric Dumazet <edumazet(a)google.com> net_sched: act_connmark: use RCU in tcf_connmark_dump() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: transition to percpu stats and rcu Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Initialise scc_index in unix_add_edge(). Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Pauli Virtanen <pav(a)iki.fi> Bluetooth: MGMT: cancel mesh send timer when hdev removed Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Alexander Sverdlin <alexander.sverdlin(a)siemens.com> selftests: net: local_termination: Wait for interfaces to come up Nicolas Escande <nico.escande(a)gmail.com> wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Abinaya Kalaiselvan <quic_akalaise(a)quicinc.com> wifi: ath11k: Add tx ack signal support for management packets Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down ZhangGuoDong <zhangguodong(a)kylinos.cn> smb/server: fix possible refcount leak in smb2_sess_setup() ZhangGuoDong <zhangguodong(a)kylinos.cn> smb/server: fix possible memory leak in smb2_read() Scott Mayhew <smayhew(a)redhat.com> NFS: check if suid/sgid was cleared after a write as needed Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Jesse.Zhang <Jesse.Zhang(a)amd.com> drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable MCLK switching on SI at high pixel clocks Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix suspend failure with secure display TA Shuhao Fu <sfual(a)cse.ust.hk> smb: client: fix refcount leak in smb2_set_path_attr Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915: Fix conversion between clock ticks and nanoseconds Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: set test timeout to 10 minutes Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix function header names in amdgpu_connectors.c Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Kai-Heng Feng <kai.heng.feng(a)canonical.com> PM: suspend: Fix pm_suspend_target_state handling for !CONFIG_PM Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Joshua Rogers <linux(a)joshua.hu> smb: client: validate change notify buffer before copy Yuta Hayama <hayama(a)lineo.co.jp> rtc: rx8025: fix incorrect register reference Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: fix MST static key usage Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: fix use-after-free due to MST port state bypass Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix reserved multicast address table programming Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix skb size check for 64K pages Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix a possible memory leak in bnxt_ptp_init Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Wang Liang <wangliang74(a)huawei.com> selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh David Wei <dw(a)davidwei.uk> netdevsim: add Makefile for selftests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: use destination options instead of hop-by-hop Richard Gobert <richardbgobert(a)gmail.com> selftests/net: fix GRO coalesce test and add ext header coalesce tests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: fix out-of-order delivery of FIN in gro:tcp test Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: hci_event: validate skb length for unknown CC opcode Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Geert Uytterhoeven <geert(a)linux-m68k.org> kbuild: uapi: Strip comments before size type check Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sascha Hauer <s.hauer(a)pengutronix.de> tools: lib: thermal: use pkg-config to locate libnl3 Emil Dahl Juhl <juhl.emildahl(a)gmail.com> tools: lib: thermal: don't preserve owner in install Ian Rogers <irogers(a)google.com> tools bitmap: Add missing asm-generic/bitsperlong.h include Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Hoyoung Seo <hy50.seo(a)samsung.com> scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Initialize all cores to max frequencies Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Jerome Brunet <jbrunet(a)baylibre.com> NTB: epf: Allow arbitrary BAR mapping Matthias Schiffer <matthias.schiffer(a)tq-group.com> clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Nicolas Ferre <nicolas.ferre(a)microchip.com> clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register Ryan Wanner <Ryan.Wanner(a)microchip.com> clk: at91: clk-master: Add check for divide by 3 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Josua Mayer <josua(a)solid-run.com> rtc: pcf2127: clear minute/second interrupt Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong WQE data when QP wraps around wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix the modification of max_send_sge Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Set irdma_cq cq_num field during CQ create Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Remove unused struct irdma_cq fields Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Fix SD index calculation Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Fiona Ebner <f.ebner(a)proxmox.com> smb: client: transport: avoid reconnects triggered by pending task work Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use sock_create_kern interface to create kernel socket Vladimir Riabchun <ferr.lambarginio(a)gmail.com> ftrace: Fix softlockup in ftrace_module_enable Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Qingfang Deng <dqfext(a)gmail.com> 6pack: drop redundant locking and refcounting Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Arkadiusz Bokowy <arkadiusz.bokowy(a)gmail.com> Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Don't query FEC statistics when FEC is disabled Julian Sun <sunjunchao(a)bytedance.com> ext4: increase IO priority of fastcommit chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Petr Machata <petrm(a)nvidia.com> net: bridge: Install FDB for bridge MAC on VLAN 0 Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Skip resuming to D0 if device is disconnected Alex Mastro <amastro(a)fb.com> vfio: return -ENOTTY for unsupported device feature Al Viro <viro(a)zeniv.linux.org.uk> sparc64: fix prototypes of reads[bwl]() Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Seyediman Seyedarab <ImanDevel(a)gmail.com> iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Robert Marko <robert.marko(a)sartura.hr> net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Christian König <christian.koenig(a)amd.com> drm/amdgpu: reject gang submissions under SRIOV Stefan Wahren <wahrenst(a)gmx.net> ethernet: Extend device_get_mac_address() to use NVMEM Jakub Kicinski <kuba(a)kernel.org> page_pool: always add GFP_NOWARN for ATOMIC allocations Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Avoid evicting resources at S5 Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl John Keeping <jkeeping(a)inmusicbrands.com> ALSA: serial-generic: remove shared static buffer Quan Zhou <quan.zhou(a)mediatek.com> wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Sangwook Shin <sw617.shin(a)samsung.com> watchdog: s3c2410_wdt: Fix max_timeout being calculated larger Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't reply to icmp error messages Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Jakub Kicinski <kuba(a)kernel.org> selftests: net: replace sleeps in fcnal-test with waits Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Michael Riesch <michael.riesch(a)collabora.com> phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix HE capabilities element check Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ntfs3: pretend $Extend records as regular files Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Enhance recovery on resume failure Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer Antonino Maniscalco <antomani103(a)gmail.com> drm/msm: make sure to not queue up recovery more than once Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish gpu_info Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't enable SMU on cyan skillfish Alex Deucher <alexander.deucher(a)amd.com> drm/amd: add more cyan skillfish PCI ids Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Colin Foster <colin.foster(a)in-advantage.com> smsc911x: add second read of EEPROM mac when possible corruption seen Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Paul Kocialkowski <paulk(a)sys-base.io> media: verisilicon: Explicitly disable selection api ioctls for decoders Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Only validate format in querystd Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Do not write format to device in set_fmt Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Add missing lock in suspend callback Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled David Francis <David.Francis(a)amd.com> drm/amdgpu: Allow kfd CRIU with no buffer objects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy_7nm: Fix missing initial VCO rate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Miroslav Lichvar <mlichvar(a)redhat.com> ptp: Limit time setting of PTP clocks Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: rename stp node on EASY50712 reference board Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add model to EASY50712 dts Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix vram allocation failure for a special case Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: fixed_phy: let fixed_phy_unregister free the phy_device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Fix controller init failure on fault during queue creation Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: host: mediatek: Fix invalid access in vccqx handling Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Change reset sequence for improved stability Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Use pci_uevent_ers() in PCI recovery Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Lukas Wunner <lukas(a)wunner.de> thunderbolt: Use is_pciehp instead of is_hotplug_bridge Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> ice: Don't use %pK through printk or tracepoints Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Mehdi Djait <mehdi.djait(a)linux.intel.com> media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Set crtc modesetting parameters with adjusted mode Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: amphion: Delete v4l2_fh synchronously in .release() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on aldebaran Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: add more cyan skillfish devices Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Ben Copeland <ben.copeland(a)linaro.org> hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Alistair Francis <alistair.francis(a)wdc.com> nvme: Use non zero KATO for persistent discovery connections Amery Hung <ameryhung(a)gmail.com> bpf: Clear pfmemalloc flag when freeing all fragments Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Biju Das <biju.das.jz(a)bp.renesas.com> spi: rpc-if: Add resume support for RZ/G3E Pranav Tyagi <pranav.tyagi03(a)gmail.com> futex: Don't leak robust_list pointer on exec race Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Tom Stellard <tstellar(a)redhat.com> bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: fix error return value in cpupower_write_sysfs() Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Daniel Wagner <wagi(a)kernel.org> nvmet-fc: avoid scheduling association deletion twice Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Ming Wang <wangming01(a)loongson.cn> irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller Andreas Kemnade <andreas(a)kemnade.info> hwmon: sy7636a: add alias Fabien Proriol <fabien.proriol(a)viavisolutions.com> power: supply: sbs-charger: Support multiple devices Chuande Chen <chuachen(a)cisco.com> hwmon: (sbtsi_temp) AMD CPU extended temperature range support Hans de Goede <hansg(a)kernel.org> ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] Shang song (Lenovo) <shangsong2(a)foxmail.com> ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Inochi Amaoto <inochiama(a)gmail.com> irqchip/sifive-plic: Respect mask state when setting affinity Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> soc: ti: pruss: don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Ryan Chen <ryan_chen(a)aspeedtech.com> soc: aspeed: socinfo: Add AST27xx silicon IDs Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix race in drm_sched_entity_select_rq() Thomas Zimmermann <tzimmermann(a)suse.de> drm/sysfb: Do not dereference NULL pointer in plane reset Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Darrick J. Wong <djwong(a)kernel.org> block: fix race between set_blocksize and read paths Christoph Hellwig <hch(a)lst.de> block: open code __generic_file_write_iter for blkdev writes Al Viro <viro(a)zeniv.linux.org.uk> direct_write_fallback(): on error revert the ->ki_pos update from buffered write Christoph Hellwig <hch(a)lst.de> fs: factor out a direct_write_fallback helper Christoph Hellwig <hch(a)lst.de> filemap: update ki_pos in generic_perform_write Christoph Hellwig <hch(a)lst.de> filemap: add a kiocb_invalidate_post_direct_write helper Christoph Hellwig <hch(a)lst.de> filemap: add a kiocb_invalidate_pages helper Pierre Gondois <pierre.gondois(a)arm.com> arm64: tegra: Update cache properties K Prateek Nayak <kprateek.nayak(a)amd.com> drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug Yicong Yang <yangyicong(a)hisilicon.com> cacheinfo: Fix LLC is not exported through sysfs Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Initialize variables in fetch_cache_info() Pierre Gondois <pierre.gondois(a)arm.com> arch_topology: Build cacheinfo from primary CPU Pierre Gondois <pierre.gondois(a)arm.com> ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info() Pierre Gondois <pierre.gondois(a)arm.com> ACPI: PPTT: Remove acpi_find_cache_levels() Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Check 'cache-unified' property to count cache leaves Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Return error code in init_of_cache_level() Pierre Gondois <pierre.gondois(a)arm.com> cacheinfo: Use RISC-V's init_cache_level() as generic OF implementation Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Paolo Abeni <pabeni(a)redhat.com> mptcp: drop bogus optimization in __mptcp_check_push() Geliang Tang <geliang.tang(a)suse.com> mptcp: change 'first' as a parameter Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Farhan Ali <alifm(a)linux.ibm.com> s390/pci: Restore IRQ unconditionally for the zPCI device Alex Deucher <alexander.deucher(a)amd.com> Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default" Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Jijie Shao <shaojijie(a)huawei.com> net: hns3: return error code when function fails Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix another instance of dst_type handling Claudia Draghicescu <claudia.rosu(a)nxp.com> Bluetooth: ISO: Add support for periodic adv reports processing Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset Cen Zhang <zzzccc427(a)163.com> Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix powerpc's stack register definition in bpf_tracing.h Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: fix bit order for DSD format Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Unprepare a stream when XRUN occurs Ondrej Mosnacek <omosnace(a)redhat.com> bpf: Do not audit capability check in do_jit() Wonkon Kim <wkon.kim(a)samsung.com> scsi: ufs: core: Initialize value of an attribute returned by uic cmd Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Ensure XFD state on signal delivery Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Paolo Abeni <pabeni(a)redhat.com> mptcp: restore window probe Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Quanmin Yan <yanquanmin1(a)huawei.com> fbcon: Set fb_display[i]->mode to NULL when the mode is released Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove useless enable of enhanced features Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: refactor EFR lock Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: reorder code to remove prototype declarations Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove unused to_sc16is7xx_port macro Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Uday M Bhat <uday.m.bhat(a)intel.com> xhci: dbc: Allow users to modify DbC poll interval via sysfs Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: poll at different rate depending on data transfer activity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Provide sysfs option to configure dbc descriptors Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: disable add_addr retrans in endpoint_tests Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Menglong Dong <menglong8.dong(a)gmail.com> arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: refine extent allocator hint selection Avadhut Naik <avadhut.naik(a)amd.com> EDAC/mc_sysfs: Increase legacy channel support to 16 David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> perf: Have get_perf_callchain() return NULL if crosstask and user are set Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 62 + .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +- .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- MAINTAINERS | 7 +- Makefile | 4 +- arch/alpha/kernel/asm-offsets.c | 1 + arch/arc/include/asm/bitops.h | 2 + arch/arc/kernel/asm-offsets.c | 1 + arch/arm/crypto/Kconfig | 2 +- arch/arm/kernel/asm-offsets.c | 2 + arch/arm/mach-at91/pm_suspend.S | 8 +- arch/arm64/boot/dts/nvidia/tegra194.dtsi | 15 + arch/arm64/boot/dts/nvidia/tegra210.dtsi | 1 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 33 + arch/arm64/kernel/asm-offsets.c | 1 + arch/arm64/kernel/cacheinfo.c | 11 +- arch/csky/kernel/asm-offsets.c | 1 + arch/hexagon/kernel/asm-offsets.c | 1 + arch/loongarch/include/asm/pgtable.h | 11 +- arch/loongarch/include/uapi/asm/bitsperlong.h | 9 - arch/loongarch/kernel/asm-offsets.c | 2 + arch/loongarch/kernel/traps.c | 4 +- arch/loongarch/pci/pci.c | 8 +- arch/m68k/kernel/asm-offsets.c | 1 + arch/microblaze/kernel/asm-offsets.c | 1 + arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/boot/dts/lantiq/danube_easy50712.dts | 4 +- arch/mips/kernel/asm-offsets.c | 2 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/mm/tlb-r4k.c | 118 +- arch/mips/mti-malta/malta-init.c | 20 +- arch/nios2/kernel/asm-offsets.c | 1 + arch/openrisc/kernel/asm-offsets.c | 1 + arch/parisc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/asm-offsets.c | 1 + arch/riscv/kernel/cacheinfo.c | 42 - arch/riscv/kernel/cpu-hotplug.c | 1 + arch/s390/include/asm/pci.h | 1 - arch/s390/kernel/asm-offsets.c | 1 + arch/s390/pci/pci_event.c | 7 +- arch/s390/pci/pci_irq.c | 9 +- arch/sh/kernel/asm-offsets.c | 1 + arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/include/asm/io_64.h | 6 +- arch/sparc/kernel/asm-offsets.c | 1 + arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/um/kernel/asm-offsets.c | 2 + arch/x86/entry/vsyscall/vsyscall_64.c | 17 +- arch/x86/events/core.c | 10 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/fpu/core.c | 3 + arch/x86/kernel/kvm.c | 20 +- arch/x86/kvm/svm/svm.c | 10 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/xtensa/kernel/asm-offsets.c | 1 + block/bdev.c | 17 + block/blk-zoned.c | 5 +- block/fops.c | 61 +- block/ioctl.c | 6 + drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/cppc_acpi.c | 6 +- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/pptt.c | 93 +- drivers/acpi/prmt.c | 19 +- drivers/acpi/property.c | 24 +- drivers/acpi/scan.c | 2 + drivers/ata/libata-scsi.c | 12 +- drivers/atm/fore200e.c | 2 + drivers/base/arch_topology.c | 12 +- drivers/base/cacheinfo.c | 168 +- drivers/base/power/wakeup.c | 5 - drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bcma/main.c | 6 + drivers/bluetooth/btmtksdio.c | 12 + drivers/bluetooth/btusb.c | 30 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clk/at91/clk-master.c | 3 + drivers/clk/at91/clk-sam9x60-pll.c | 75 +- drivers/clk/ti/clk-33xx.c | 2 + drivers/clocksource/timer-vf-pit.c | 22 +- drivers/cpufreq/longhaul.c | 3 + drivers/cpufreq/tegra186-cpufreq.c | 27 +- drivers/cpuidle/cpuidle.c | 8 +- drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +- drivers/dma/sh/shdmac.c | 17 +- drivers/edac/altera_edac.c | 22 +- drivers/edac/edac_mc_sysfs.c | 24 + drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 66 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 19 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/amd/display/include/dal_asic_id.h | 5 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 + .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/drm_gem_atomic_helper.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 +- drivers/gpu/drm/i915/i915_vma.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 + drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 3 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/tidss/tidss_crtc.c | 7 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/gpu/host1x/context.c | 4 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-core.c | 7 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 14 +- drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/hwmon/dell-smm-hwmon.c | 7 + drivers/hwmon/sbtsi_temp.c | 46 +- drivers/hwmon/sy7636a-hwmon.c | 1 + drivers/i2c/busses/i2c-xgene-slimpro.c | 16 +- drivers/iio/accel/adxl355_core.c | 44 +- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/ad7280a.c | 2 +- drivers/iio/adc/rtq6056.c | 2 +- drivers/iio/adc/spear_adc.c | 9 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 2 - drivers/infiniband/hw/irdma/pble.c | 2 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/hw/irdma/verbs.h | 8 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 + drivers/iommu/amd/init.c | 28 +- drivers/iommu/intel/debugfs.c | 10 +- drivers/iommu/intel/perf.c | 10 +- drivers/iommu/intel/perf.h | 5 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/irqchip/irq-loongson-pch-lpc.c | 9 +- drivers/irqchip/irq-sifive-plic.c | 6 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/mailbox/mailbox.c | 96 +- drivers/mailbox/pcc.c | 248 ++- drivers/md/dm-verity-fec.c | 6 +- drivers/media/i2c/Kconfig | 2 +- drivers/media/i2c/adv7180.c | 48 +- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/i2c/og01a1b.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/platform/amphion/vpu_v4l2.c | 7 +- drivers/media/platform/verisilicon/hantro_drv.c | 2 + drivers/media/platform/verisilicon/hantro_v4l2.c | 6 +- drivers/media/rc/imon.c | 61 +- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 + drivers/mmc/host/sdhci-of-dwcmshc.c | 2 +- drivers/most/most_usb.c | 14 +- drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 64 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/b53/b53_common.c | 15 +- drivers/net/dsa/b53/b53_regs.h | 3 +- drivers/net/dsa/dsa_loop.c | 9 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 +- drivers/net/dsa/microchip/ksz9477.c | 98 +- drivers/net/dsa/microchip/ksz9477_reg.h | 3 +- drivers/net/dsa/microchip/ksz_common.c | 12 +- drivers/net/dsa/microchip/ksz_common.h | 2 + drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/dsa/sja1105/sja1105_main.c | 66 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 +- drivers/net/ethernet/cadence/macb_main.c | 6 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_trace.h | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 10 - drivers/net/ethernet/mellanox/mlx5/core/en/port.c | 72 + drivers/net/ethernet/mellanox/mlx5/core/en/port.h | 6 + .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 280 ++- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 62 +- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 18 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 12 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 +- drivers/net/ethernet/microchip/sparx5/Kconfig | 2 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/ethernet/smsc/smsc911x.c | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/hamradio/6pack.c | 57 +- drivers/net/mdio/of_mdio.c | 1 - drivers/net/phy/dp83867.c | 6 + drivers/net/phy/fixed_phy.c | 1 + drivers/net/phy/marvell.c | 39 +- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/virtio_net.c | 26 +- drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 40 +- drivers/net/wireless/ath/ath11k/hw.c | 1 + drivers/net/wireless/ath/ath11k/mac.c | 5 + drivers/net/wireless/ath/ath11k/wmi.c | 30 +- drivers/net/wireless/ath/ath11k/wmi.h | 3 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 2 + drivers/ntb/hw/epf/ntb_hw_epf.c | 103 +- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 12 +- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/fc.c | 16 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/pci-driver.c | 2 +- drivers/pci/pci.c | 5 + drivers/pci/quirks.c | 3 +- drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/power/supply/sbs-charger.c | 16 +- drivers/ptp/ptp_clock.c | 13 +- drivers/regulator/fixed.c | 1 + drivers/remoteproc/qcom_q6v5.c | 5 + drivers/rtc/rtc-pcf2127.c | 4 +- drivers/rtc/rtc-rx8025.c | 2 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/libfc/fc_encode.h | 2 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_els.c | 6 +- drivers/scsi/lpfc/lpfc_init.c | 7 - drivers/scsi/lpfc/lpfc_scsi.c | 14 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 + drivers/scsi/mpt3sas/mpt3sas_transport.c | 3 + drivers/scsi/pm8001/pm8001_ctl.c | 24 +- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/scsi/sg.c | 10 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/soc/aspeed/aspeed-socinfo.c | 4 + drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/samsung/pm_domains.c | 11 +- drivers/soc/ti/knav_dma.c | 14 +- drivers/soc/ti/pruss.c | 2 +- drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi-rpc-if.c | 2 + drivers/spi/spi.c | 10 + drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/rtl8712/Kconfig | 21 - drivers/staging/rtl8712/Makefile | 35 - drivers/staging/rtl8712/TODO | 13 - drivers/staging/rtl8712/basic_types.h | 28 - drivers/staging/rtl8712/drv_types.h | 175 -- drivers/staging/rtl8712/ethernet.h | 21 - drivers/staging/rtl8712/hal_init.c | 401 ---- drivers/staging/rtl8712/ieee80211.c | 415 ---- drivers/staging/rtl8712/ieee80211.h | 165 -- drivers/staging/rtl8712/mlme_linux.c | 160 -- drivers/staging/rtl8712/mlme_osdep.h | 31 - drivers/staging/rtl8712/mp_custom_oid.h | 287 --- drivers/staging/rtl8712/os_intfs.c | 465 ---- drivers/staging/rtl8712/osdep_intf.h | 32 - drivers/staging/rtl8712/osdep_service.h | 60 - drivers/staging/rtl8712/recv_linux.c | 139 -- drivers/staging/rtl8712/recv_osdep.h | 39 - drivers/staging/rtl8712/rtl8712_bitdef.h | 26 - drivers/staging/rtl8712/rtl8712_cmd.c | 409 ---- drivers/staging/rtl8712/rtl8712_cmd.h | 231 -- drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 - drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 - drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 - drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 - .../staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 - .../staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 - drivers/staging/rtl8712/rtl8712_efuse.c | 564 ----- drivers/staging/rtl8712/rtl8712_efuse.h | 43 - drivers/staging/rtl8712/rtl8712_event.h | 86 - drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 -- drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 - drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 - drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 - drivers/staging/rtl8712/rtl8712_hal.h | 142 -- drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 - drivers/staging/rtl8712/rtl8712_io.c | 99 - drivers/staging/rtl8712/rtl8712_led.c | 1830 --------------- .../staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 - .../staging/rtl8712/rtl8712_macsetting_regdef.h | 20 - drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 - drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 - drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 - drivers/staging/rtl8712/rtl8712_recv.c | 1079 --------- drivers/staging/rtl8712/rtl8712_recv.h | 145 -- drivers/staging/rtl8712/rtl8712_regdef.h | 32 - drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 - drivers/staging/rtl8712/rtl8712_spec.h | 121 - drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 -- drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 - drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 - drivers/staging/rtl8712/rtl8712_xmit.c | 745 ------- drivers/staging/rtl8712/rtl8712_xmit.h | 108 - drivers/staging/rtl8712/rtl871x_cmd.c | 796 ------- drivers/staging/rtl8712/rtl871x_cmd.h | 761 ------- drivers/staging/rtl8712/rtl871x_debug.h | 130 -- drivers/staging/rtl8712/rtl871x_eeprom.c | 220 -- drivers/staging/rtl8712/rtl871x_eeprom.h | 88 - drivers/staging/rtl8712/rtl871x_event.h | 109 - drivers/staging/rtl8712/rtl871x_ht.h | 33 - drivers/staging/rtl8712/rtl871x_io.c | 147 -- drivers/staging/rtl8712/rtl871x_io.h | 236 -- drivers/staging/rtl8712/rtl871x_ioctl.h | 94 - drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 ----- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 - drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 --- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 - drivers/staging/rtl8712/rtl871x_led.h | 118 - drivers/staging/rtl8712/rtl871x_mlme.c | 1709 -------------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 -- drivers/staging/rtl8712/rtl871x_mp.c | 724 ------ drivers/staging/rtl8712/rtl871x_mp.h | 275 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 -------- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 --- drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 --------- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 -- drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 - drivers/staging/rtl8712/rtl871x_recv.c | 669 ------ drivers/staging/rtl8712/rtl871x_recv.h | 208 -- drivers/staging/rtl8712/rtl871x_rf.h | 55 - drivers/staging/rtl8712/rtl871x_security.c | 1386 ------------ drivers/staging/rtl8712/rtl871x_security.h | 218 -- drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 --- drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 - drivers/staging/rtl8712/rtl871x_xmit.c | 1059 --------- drivers/staging/rtl8712/rtl871x_xmit.h | 288 --- drivers/staging/rtl8712/sta_info.h | 132 -- drivers/staging/rtl8712/usb_halinit.c | 307 --- drivers/staging/rtl8712/usb_intf.c | 638 ------ drivers/staging/rtl8712/usb_ops.c | 195 -- drivers/staging/rtl8712/usb_ops.h | 38 - drivers/staging/rtl8712/usb_ops_linux.c | 515 ----- drivers/staging/rtl8712/usb_osintf.h | 35 - drivers/staging/rtl8712/wifi.h | 196 -- drivers/staging/rtl8712/wlan_bssdef.h | 223 -- drivers/staging/rtl8712/xmit_linux.c | 181 -- drivers/staging/rtl8712/xmit_osdep.h | 52 - drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/thunderbolt/tb.c | 2 +- drivers/tty/serial/amba-pl011.c | 2 +- drivers/tty/serial/sc16is7xx.c | 185 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-mediatek.c | 46 +- drivers/ufs/host/ufshcd-pci.c | 70 +- drivers/uio/uio_hv_generic.c | 21 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 8 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/gadget/udc/core.c | 18 +- drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/host/xhci-dbgcap.c | 261 ++- drivers/usb/host/xhci-dbgcap.h | 12 +- drivers/usb/host/xhci-dbgtty.c | 23 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 +- drivers/usb/renesas_usbhs/common.c | 18 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/vfio/iova_bitmap.c | 5 +- drivers/vfio/vfio_main.c | 2 +- drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 +- drivers/video/fbdev/core/fbcon.c | 19 + drivers/video/fbdev/core/fbmem.c | 1 + drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + drivers/watchdog/s3c2410_wdt.c | 10 +- fs/9p/v9fs.c | 9 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 6 +- fs/btrfs/file.c | 10 + fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 3 +- fs/ceph/file.c | 2 - fs/ceph/locks.c | 5 +- fs/direct-io.c | 10 +- fs/eventpoll.c | 139 +- fs/exfat/fatent.c | 11 +- fs/exfat/super.c | 5 +- fs/ext4/fast_commit.c | 2 +- fs/ext4/file.c | 9 +- fs/ext4/xattr.c | 2 +- fs/f2fs/file.c | 1 - fs/hpfs/namei.c | 18 +- fs/iomap/direct-io.c | 12 +- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/libfs.c | 42 + fs/nfs/file.c | 1 - fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 15 +- fs/nfs/nfs4state.c | 3 + fs/nfs/write.c | 3 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 9 +- fs/nilfs2/the_nilfs.c | 3 - fs/ntfs3/inode.c | 1 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/connect.c | 1 + fs/smb/client/smb2inode.c | 2 + fs/smb/client/smb2pdu.c | 7 +- fs/smb/client/transport.c | 10 +- fs/smb/server/smb2pdu.c | 6 +- fs/smb/server/transport_tcp.c | 12 +- include/acpi/pcc.h | 20 + include/linux/array_size.h | 13 + include/linux/ata.h | 1 + include/linux/blk_types.h | 11 +- include/linux/cacheinfo.h | 11 +- include/linux/compiler_types.h | 5 +- include/linux/fbcon.h | 2 + include/linux/filter.h | 22 +- include/linux/fs.h | 7 +- include/linux/host1x.h | 2 + include/linux/kernel.h | 7 +- include/linux/mailbox_client.h | 1 + include/linux/map_benchmark.h | 1 + include/linux/mlx5/driver.h | 2 + include/linux/mlx5/mlx5_ifc.h | 61 + include/linux/pagemap.h | 2 + include/linux/pci.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/string.h | 1 + include/linux/suspend.h | 4 +- include/linux/usb/gadget.h | 5 + include/net/bluetooth/hci.h | 12 + include/net/bluetooth/hci_core.h | 8 +- include/net/bluetooth/mgmt.h | 2 +- include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +- include/net/tc_act/tc_connmark.h | 10 +- include/net/tls.h | 6 + include/net/xdp.h | 5 + include/net/xfrm.h | 3 +- include/trace/events/irq.h | 47 + include/uapi/asm-generic/bitsperlong.h | 13 +- include/ufs/ufshcd.h | 7 + include/ufs/ufshci.h | 4 +- kernel/bpf/ringbuf.c | 2 + kernel/events/callchain.c | 10 +- kernel/events/uprobes.c | 7 + kernel/futex/syscalls.c | 106 +- kernel/gcov/gcc_4_7.c | 4 +- kernel/softirq.c | 9 +- kernel/time/timer.c | 7 +- kernel/trace/ftrace.c | 2 + kernel/trace/trace_events_hist.c | 6 +- lib/crypto/Makefile | 2 +- lib/maple_tree.c | 30 +- mm/filemap.c | 161 +- mm/mempool.c | 32 +- mm/page_alloc.c | 2 +- mm/percpu.c | 8 +- mm/secretmem.c | 2 +- mm/truncate.c | 27 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 +- net/bluetooth/hci_event.c | 34 + net/bluetooth/hci_sync.c | 19 +- net/bluetooth/iso.c | 36 +- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/mgmt.c | 7 +- net/bluetooth/sco.c | 7 + net/bluetooth/smp.c | 31 +- net/bridge/br.c | 5 + net/bridge/br_forward.c | 5 +- net/bridge/br_if.c | 1 + net/bridge/br_input.c | 4 +- net/bridge/br_mst.c | 10 +- net/bridge/br_private.h | 13 +- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 +- net/ceph/debugfs.c | 16 +- net/ceph/osdmap.c | 18 +- net/core/filter.c | 1 + net/core/netpoll.c | 7 +- net/core/page_pool.c | 12 +- net/core/sock.c | 15 +- net/dsa/tag_brcm.c | 10 +- net/ethernet/eth.c | 5 +- net/hsr/hsr_device.c | 3 + net/ipv4/esp4.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv4/netfilter/nf_reject_ipv4.c | 25 + net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 +- net/ipv6/esp6.c | 4 +- net/ipv6/esp6_offload.c | 6 +- net/ipv6/netfilter/nf_reject_ipv6.c | 30 + net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/iface.c | 14 +- net/mac80211/mlme.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/options.c | 54 +- net/mptcp/pm_netlink.c | 26 +- net/mptcp/protocol.c | 125 +- net/mptcp/protocol.h | 5 +- net/mptcp/subflow.c | 8 + net/netfilter/nf_tables_api.c | 15 + net/openvswitch/actions.c | 68 +- net/openvswitch/flow_netlink.c | 64 +- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_bpf.c | 6 +- net/sched/act_connmark.c | 134 +- net/sched/act_ife.c | 12 +- net/sched/cls_bpf.c | 6 +- net/sched/sch_api.c | 10 - net/sched/sch_generic.c | 17 +- net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 +- net/sctp/diag.c | 23 +- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/tls/tls_device.c | 4 +- net/unix/garbage.c | 14 +- net/vmw_vsock/af_vsock.c | 40 +- net/xfrm/espintcp.c | 4 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/drivers/serial-generic.c | 12 +- sound/pci/hda/patch_realtek.c | 17 +- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/lpass-va-macro.c | 2 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/fsl/fsl_sai.c | 3 +- sound/soc/intel/avs/pcm.c | 2 + sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/soc/qcom/sc8280xp.c | 3 + sound/usb/endpoint.c | 6 + sound/usb/mixer.c | 11 +- sound/usb/mixer_s1810c.c | 28 +- sound/usb/quirks.c | 3 + sound/usb/validate.c | 9 +- tools/bpf/bpftool/btf_dumper.c | 2 +- tools/bpf/bpftool/prog.c | 2 +- tools/include/linux/bitmap.h | 1 + tools/include/uapi/asm-generic/bitsperlong.h | 14 +- tools/include/uapi/asm/bitsperlong.h | 6 - tools/lib/bpf/bpf_tracing.h | 2 +- tools/lib/thermal/Makefile | 9 +- tools/power/cpupower/lib/cpuidle.c | 5 +- tools/power/cpupower/lib/cpupower.c | 2 +- .../x86_energy_perf_policy.c | 30 +- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/bpf/test_xsk.sh | 2 + .../selftests/drivers/net/netdevsim/Makefile | 21 + .../selftests/drivers/net/netdevsim/settings | 1 + tools/testing/selftests/net/bareudp.sh | 2 +- tools/testing/selftests/net/fcnal-test.sh | 432 ++-- .../selftests/net/forwarding/local_termination.sh | 2 + tools/testing/selftests/net/gro.c | 101 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 65 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- tools/tracing/latency/latency-collector.c | 2 +- usr/include/headers_check.pl | 2 + 678 files changed, 5754 insertions(+), 30304 deletions(-)

3 days, 9 hours

10
9
0 0

[PATCH 5.10 000/295] 5.10.247-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.247 release. There are 295 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 06 Dec 2025 16:37:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.247-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.247-rc2 Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo: fix initial map fill Alex Lu <alex_lu(a)realsil.com.cn> Bluetooth: Add more enc key size check Jiufei Xue <jiufei.xue(a)samsung.com> fs: writeback: fix use-after-free in __mark_inode_dirty() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Paolo Abeni <pabeni(a)redhat.com> mptcp: introduce mptcp_schedule_work Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "NFS: Don't set NFS_INO_REVAL_PAGECACHE in the inode cache validity" Nick Desaulniers <ndesaulniers(a)google.com> Makefile.compiler: replace cc-ifversion with compiler-specific macros Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Christoph Hellwig <hch(a)lst.de> fsdax: mark the iomap argument to dax_iomap_sector as const Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Chris Morgan <macromorgan(a)hotmail.com> regulator: fixed: use dev_err_probe for register Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Xin Long <lucien.xin(a)gmail.com> sctp: hold endpoint before calling cb in sctp_transport_lookup_process Yajun Deng <yajun.deng(a)linux.dev> net: Use nlmsg_unicast() instead of netlink_unicast() Lu Wei <luwei32(a)huawei.com> net: sctp: Fix some typos Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Josephine Pfeiffer <hi(a)josie.lol> riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> soc: ti: pruss: don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tracing: fix declaration-after-statement warning Matthieu Baerts (NGI0) <matttbe(a)kernel.org> arch: back to -std=gnu89 in < v5.18 Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 ++-- Documentation/kbuild/makefiles.rst | 29 +++-- Makefile | 8 +- arch/arc/include/asm/bitops.h | 2 + arch/arm/crypto/Kconfig | 2 +- arch/arm/mach-at91/pm_suspend.S | 8 +- arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/loongson64/Platform | 2 +- arch/mips/mm/tlb-r4k.c | 102 +++++++++------ arch/mips/mti-malta/malta-init.c | 20 +-- arch/parisc/boot/compressed/Makefile | 2 +- arch/powerpc/Makefile | 4 +- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/cpu-hotplug.c | 1 + arch/riscv/mm/ptdump.c | 2 +- arch/s390/Makefile | 6 +- arch/s390/purgatory/Makefile | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 17 ++- arch/x86/events/core.c | 10 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- arch/x86/kernel/kvm.c | 20 +-- drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/property.c | 24 +++- drivers/acpi/video_detect.c | 8 ++ drivers/ata/libata-scsi.c | 8 ++ drivers/atm/fore200e.c | 2 + drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clocksource/timer-vf-pit.c | 22 ++-- drivers/cpufreq/longhaul.c | 3 + drivers/cpuidle/cpuidle.c | 8 +- drivers/dma/dw-edma/dw-edma-core.c | 22 ++++ drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +++- drivers/dma/sh/shdmac.c | 17 ++- drivers/edac/altera_edac.c | 22 +++- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/dc/calcs/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn30/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dsc/Makefile | 2 +- .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tidss/tidss_crtc.c | 2 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +-- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 14 ++- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/iio/adc/spear_adc.c | 9 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 ++-- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/iommu/amd/init.c | 28 +++-- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 ++- drivers/mailbox/mailbox-test.c | 2 +- drivers/md/dm-verity-fec.c | 6 +- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +-- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +++++---- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +++- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 +++ drivers/most/most_usb.c | 14 +-- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 23 ++-- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/b53/b53_common.c | 15 ++- drivers/net/dsa/b53/b53_regs.h | 3 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 ++++ .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +-- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 ++- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/ravb_main.c | 16 ++- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/marvell.c | 39 +++++- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 1 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 ++--- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/nvme/host/fc.c | 12 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 1 + drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/regulator/fixed.c | 6 +- drivers/remoteproc/qcom_q6v5.c | 5 + drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/pm8001/pm8001_ctl.c | 24 ++-- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/scsi/sg.c | 10 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/soc/ti/pruss.c | 2 +- drivers/spi/spi-bcm63xx.c | 14 +++ drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 ++ drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/tty/serial/8250/8250_dw.c | 67 +++++----- drivers/tty/serial/amba-pl011.c | 2 +- drivers/uio/uio_hv_generic.c | 21 +++- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 ++ drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-dbgcap.h | 1 + drivers/usb/host/xhci-dbgtty.c | 17 ++- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 ++- drivers/usb/renesas_usbhs/common.c | 14 +-- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 +++ drivers/usb/storage/uas.c | 7 +- drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 ++++- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/file.c | 10 ++ fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 1 - fs/ceph/locks.c | 5 +- fs/cifs/connect.c | 1 + fs/dax.c | 2 +- fs/exfat/fatent.c | 11 +- fs/exfat/super.c | 5 +- fs/ext4/xattr.c | 2 +- fs/fs-writeback.c | 7 +- fs/hpfs/namei.c | 18 ++- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/inode.c | 6 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 7 +- fs/nfs/nfs4state.c | 3 + fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 3 +- fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/overlayfs/copy_up.c | 2 +- fs/proc/generic.c | 12 +- fs/xfs/xfs_super.c | 33 +++-- include/linux/ata.h | 1 + include/linux/blk_types.h | 11 +- include/linux/compiler_types.h | 5 +- include/linux/filter.h | 2 +- include/linux/mm.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/usb.h | 16 +-- include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +++- include/net/sctp/sctp.h | 3 +- include/net/tls.h | 6 + kernel/bpf/ringbuf.c | 2 + kernel/events/uprobes.c | 7 ++ kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- kernel/trace/trace_events_synth.c | 3 +- lib/crypto/Makefile | 2 +- mm/page_alloc.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 ++++++++++----- net/bluetooth/hci_event.c | 21 +++- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 ++ net/bluetooth/smp.c | 31 ++--- net/bridge/br_forward.c | 3 +- net/ceph/ceph_common.c | 53 ++++---- net/ceph/debugfs.c | 16 ++- net/core/netpoll.c | 7 +- net/core/page_pool.c | 6 +- net/core/sock.c | 15 ++- net/hsr/hsr_device.c | 3 + net/ipv4/fib_frontend.c | 2 +- net/ipv4/inet_diag.c | 5 +- net/ipv4/nexthop.c | 6 + net/ipv4/raw_diag.c | 7 +- net/ipv4/route.c | 5 + net/ipv4/udp_diag.c | 6 +- net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 +++++--- net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/mptcp_diag.c | 6 +- net/mptcp/pm.c | 3 +- net/mptcp/pm_netlink.c | 20 +-- net/mptcp/protocol.c | 59 ++++++--- net/mptcp/protocol.h | 1 + net/netfilter/nf_tables_api.c | 15 +++ net/netfilter/nft_set_pipapo.c | 4 +- net/netfilter/nft_set_pipapo.h | 21 ++++ net/netfilter/nft_set_pipapo_avx2.c | 31 ++++- net/netlink/af_netlink.c | 2 +- net/openvswitch/actions.c | 68 +--------- net/openvswitch/flow_netlink.c | 64 ++-------- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_ife.c | 12 +- net/sched/sch_api.c | 10 -- net/sched/sch_generic.c | 17 +-- net/sched/sch_hfsc.c | 16 --- net/sched/sch_qfq.c | 2 +- net/sctp/diag.c | 73 ++++++----- net/sctp/sm_make_chunk.c | 2 +- net/sctp/socket.c | 24 ++-- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/tls/tls_device.c | 4 +- net/unix/diag.c | 6 +- net/vmw_vsock/af_vsock.c | 40 ++++-- scripts/Kbuild.include | 10 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/pci/hda/patch_realtek.c | 17 +-- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/endpoint.c | 5 + sound/usb/mixer.c | 11 +- sound/usb/mixer_s1810c.c | 28 ++++- sound/usb/validate.c | 9 +- tools/power/cpupower/lib/cpuidle.c | 5 +- .../x86_energy_perf_policy.c | 30 +++-- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- 329 files changed, 2079 insertions(+), 1157 deletions(-)

3 days, 10 hours

6
5
0 0

[PATCH 1/2] x86/amd_node: fix integer divide by zero during init

by Steven Noonan

On a Xen dom0 boot, this feature does not behave, and we end up calculating: num_roots = 1 num_nodes = 2 roots_per_node = 0 This causes a divide-by-zero in the modulus inside the loop. This change adds a couple of guards for invalid states where we might get a divide-by-zero. Signed-off-by: Steven Noonan <steven(a)uplinklabs.net> Signed-off-by: Ariadne Conill <ariadne(a)ariadne.space> CC: Yazen Ghannam <yazen.ghannam(a)amd.com> CC: x86(a)vger.kernel.org CC: stable(a)vger.kernel.org --- arch/x86/kernel/amd_node.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kernel/amd_node.c b/arch/x86/kernel/amd_node.c index 3d0a4768d603c..cdc6ba224d4ad 100644 --- a/arch/x86/kernel/amd_node.c +++ b/arch/x86/kernel/amd_node.c @@ -282,6 +282,17 @@ static int __init amd_smn_init(void) return -ENODEV; num_nodes = amd_num_nodes(); + + if (!num_nodes) + return -ENODEV; + + /* Possibly a virtualized environment (e.g. Xen) where we wi ll get + * roots_per_node=0 if the number of roots is fewer than number of + * nodes + */ + if (num_roots < num_nodes) + return -ENODEV; + amd_roots = kcalloc(num_nodes, sizeof(*amd_roots), GFP_KERNEL); if (!amd_roots) return -ENOMEM; -- 2.51.2

3 days, 11 hours

3
7
0 0

[PATCH v4 3/3] kasan: Unpoison vms[area] addresses with a common tag

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Use the new vmalloc flag that disables random tag assignment in __kasan_unpoison_vmalloc() - pass the same random tag to all the vm_structs by tagging the pointers before they go inside __kasan_unpoison_vmalloc(). Assigning a common tag resolves the pcpu chunk address mismatch. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- Changelog v4: - Add WARN_ON_ONCE() if the new flag is already set in the helper. (Andrey) - Remove pr_warn() since the comment should be enough. (Andrey) Changelog v3: - Redo the patch by using a flag instead of a new argument in __kasan_unpoison_vmalloc() (Andrey Konovalov) Changelog v2: - Revise the whole patch to match the fixed refactorization from the first patch. Changelog v1: - Rewrite the patch message to point at the user impact of the issue. - Move helper to common.c so it can be compiled in all KASAN modes. mm/kasan/common.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 1ed6289d471a..589be3d86735 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -591,11 +591,26 @@ void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, unsigned long size; void *addr; int area; + u8 tag; + + /* + * If KASAN_VMALLOC_KEEP_TAG was set at this point, all vms[] pointers + * would be unpoisoned with the KASAN_TAG_KERNEL which would disable + * KASAN checks down the line. + */ + if (WARN_ON_ONCE(flags & KASAN_VMALLOC_KEEP_TAG)) + return; + + size = vms[0]->size; + addr = vms[0]->addr; + vms[0]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + tag = get_tag(vms[0]->addr); - for (area = 0 ; area < nr_vms ; area++) { + for (area = 1 ; area < nr_vms ; area++) { size = vms[area]->size; - addr = vms[area]->addr; - vms[area]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + addr = set_tag(vms[area]->addr, tag); + vms[area]->addr = + __kasan_unpoison_vmalloc(addr, size, flags | KASAN_VMALLOC_KEEP_TAG); } } #endif -- 2.52.0

3 days, 12 hours

1
0
0 0

[PATCH v4 2/3] kasan: Refactor pcpu kasan vmalloc unpoison

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Refactor code by reusing __kasan_unpoison_vmalloc in a new helper in preparation for the actual fix. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- Changelog v1: (after splitting of from the KASAN series) - Rewrite first paragraph of the patch message to point at the user impact of the issue. - Move helper to common.c so it can be compiled in all KASAN modes. Changelog v2: - Redo the whole patch so it's an actual refactor. Changelog v3: - Redo the patch after applying Andrey's comments to align the code more with what's already in include/linux/kasan.h include/linux/kasan.h | 15 +++++++++++++++ mm/kasan/common.c | 17 +++++++++++++++++ mm/vmalloc.c | 4 +--- 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 6d7972bb390c..cde493cb7702 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -615,6 +615,16 @@ static __always_inline void kasan_poison_vmalloc(const void *start, __kasan_poison_vmalloc(start, size); } +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags); +static __always_inline void +kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ + if (kasan_enabled()) + __kasan_unpoison_vmap_areas(vms, nr_vms, flags); +} + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -639,6 +649,11 @@ static inline void *kasan_unpoison_vmalloc(const void *start, static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } +static __always_inline void +kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ diff --git a/mm/kasan/common.c b/mm/kasan/common.c index d4c14359feaf..1ed6289d471a 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -28,6 +28,7 @@ #include <linux/string.h> #include <linux/types.h> #include <linux/bug.h> +#include <linux/vmalloc.h> #include "kasan.h" #include "../slab.h" @@ -582,3 +583,19 @@ bool __kasan_check_byte(const void *address, unsigned long ip) } return true; } + +#ifdef CONFIG_KASAN_VMALLOC +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ + unsigned long size; + void *addr; + int area; + + for (area = 0 ; area < nr_vms ; area++) { + size = vms[area]->size; + addr = vms[area]->addr; + vms[area]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + } +} +#endif diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 22a73a087135..33e705ccafba 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4872,9 +4872,7 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, * With hardware tag-based KASAN, marking is skipped for * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). */ - for (area = 0; area < nr_vms; area++) - vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, - vms[area]->size, KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vmap_areas(vms, nr_vms, KASAN_VMALLOC_PROT_NORMAL); kfree(vas); return vms; -- 2.52.0

3 days, 12 hours

1
0
0 0

[PATCH v4 1/3] mm/kasan: Fix incorrect unpoisoning in vrealloc for KASAN

by Maciej Wieczor-Retman

From: Jiayuan Chen <jiayuan.chen(a)linux.dev> Syzkaller reported a memory out-of-bounds bug [1]. This patch fixes two issues: 1. In vrealloc the KASAN_VMALLOC_VM_ALLOC flag is missing when unpoisoning the extended region. This flag is required to correctly associate the allocation with KASAN's vmalloc tracking. Note: In contrast, vzalloc (via __vmalloc_node_range_noprof) explicitly sets KASAN_VMALLOC_VM_ALLOC and calls kasan_unpoison_vmalloc() with it. vrealloc must behave consistently — especially when reusing existing vmalloc regions — to ensure KASAN can track allocations correctly. 2. When vrealloc reuses an existing vmalloc region (without allocating new pages) KASAN generates a new tag, which breaks tag-based memory access tracking. Introduce KASAN_VMALLOC_KEEP_TAG, a new KASAN flag that allows reusing the tag already attached to the pointer, ensuring consistent tag behavior during reallocation. Pass KASAN_VMALLOC_KEEP_TAG and KASAN_VMALLOC_VM_ALLOC to the kasan_unpoison_vmalloc inside vrealloc_node_align_noprof(). [1]: https://syzkaller.appspot.com/bug?extid=997752115a851cb0cf36 Fixes: a0309faf1cb0 ("mm: vmalloc: support more granular vrealloc() sizing") Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+997752115a851cb0cf36(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68e243a2.050a0220.1696c6.007d.GAE@google.com/T/ Signed-off-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Co-developed-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- include/linux/kasan.h | 1 + mm/kasan/hw_tags.c | 2 +- mm/kasan/shadow.c | 4 +++- mm/vmalloc.c | 4 +++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index d12e1a5f5a9a..6d7972bb390c 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -28,6 +28,7 @@ typedef unsigned int __bitwise kasan_vmalloc_flags_t; #define KASAN_VMALLOC_INIT ((__force kasan_vmalloc_flags_t)0x01u) #define KASAN_VMALLOC_VM_ALLOC ((__force kasan_vmalloc_flags_t)0x02u) #define KASAN_VMALLOC_PROT_NORMAL ((__force kasan_vmalloc_flags_t)0x04u) +#define KASAN_VMALLOC_KEEP_TAG ((__force kasan_vmalloc_flags_t)0x08u) #define KASAN_VMALLOC_PAGE_RANGE 0x1 /* Apply exsiting page range */ #define KASAN_VMALLOC_TLB_FLUSH 0x2 /* TLB flush */ diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 1c373cc4b3fa..cbef5e450954 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -361,7 +361,7 @@ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, return (void *)start; } - tag = kasan_random_tag(); + tag = (flags & KASAN_VMALLOC_KEEP_TAG) ? get_tag(start) : kasan_random_tag(); start = set_tag(start, tag); /* Unpoison and initialize memory up to size. */ diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 5d2a876035d6..5e47ae7fdd59 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -648,7 +648,9 @@ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, !(flags & KASAN_VMALLOC_PROT_NORMAL)) return (void *)start; - start = set_tag(start, kasan_random_tag()); + if (unlikely(!(flags & KASAN_VMALLOC_KEEP_TAG))) + start = set_tag(start, kasan_random_tag()); + kasan_unpoison(start, size, false); return (void *)start; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 798b2ed21e46..22a73a087135 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4176,7 +4176,9 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align */ if (size <= alloced_size) { kasan_unpoison_vmalloc(p + old_size, size - old_size, - KASAN_VMALLOC_PROT_NORMAL); + KASAN_VMALLOC_PROT_NORMAL | + KASAN_VMALLOC_VM_ALLOC | + KASAN_VMALLOC_KEEP_TAG); /* * No need to zero memory here, as unused memory will have * already been zeroed at initial allocation time or during -- 2.52.0

3 days, 12 hours

1
0
0 0

[PATCH 01/12] drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl

by Tvrtko Ursulin

Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: a292fdecd728 ("drm/amdgpu: Implement userqueue signal/wait IOCTL") Cc: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c index eba9fb359047..13c5d4462be6 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c @@ -865,6 +865,7 @@ int amdgpu_userq_wait_ioctl(struct drm_device *dev, void *data, dma_fence_unwrap_for_each(f, &iter, fence) { if (WARN_ON_ONCE(num_fences >= wait_info->num_fences)) { r = -EINVAL; + dma_fence_put(fence); goto free_fences; } @@ -889,6 +890,7 @@ int amdgpu_userq_wait_ioctl(struct drm_device *dev, void *data, if (WARN_ON_ONCE(num_fences >= wait_info->num_fences)) { r = -EINVAL; + dma_fence_put(fence); goto free_fences; } -- 2.51.1

3 days, 12 hours

2
2
0 0

[PATCH] ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()

by Denis Arefev

The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also returns NULL, but this value is then dereferenced without checking,so add a check to prevent a crash. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 7b2f3eb492da ("ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems") Cc: stable(a)vger.kernel.org Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/hda/codecs/side-codecs/cs35l41_hda.c b/sound/hda/codecs/side-codecs/cs35l41_hda.c index c0f2a3ff77a1..21e00055c0c4 100644 --- a/sound/hda/codecs/side-codecs/cs35l41_hda.c +++ b/sound/hda/codecs/side-codecs/cs35l41_hda.c @@ -1901,6 +1901,8 @@ static int cs35l41_hda_read_acpi(struct cs35l41_hda *cs35l41, const char *hid, i cs35l41->dacpi = adev; physdev = get_device(acpi_get_first_physical_node(adev)); + if (!physdev) + return -ENODEV; sub = acpi_get_subsystem_id(ACPI_HANDLE(physdev)); if (IS_ERR(sub)) -- 2.43.0

3 days, 13 hours

3
2
0 0

[PATCH v3 3/3] kasan: Unpoison vms[area] addresses with a common tag

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Use the new vmalloc flag that disables random tag assignment in __kasan_unpoison_vmalloc() - pass the same random tag to all the vm_structs by tagging the pointers before they go inside __kasan_unpoison_vmalloc(). Assigning a common tag resolves the pcpu chunk address mismatch. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> --- Changelog v3: - Redo the patch by using a flag instead of a new argument in __kasan_unpoison_vmalloc() (Andrey Konovalov) Changelog v2: - Revise the whole patch to match the fixed refactorization from the first patch. Changelog v1: - Rewrite the patch message to point at the user impact of the issue. - Move helper to common.c so it can be compiled in all KASAN modes. mm/kasan/common.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 1ed6289d471a..496bb2c56911 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -591,11 +591,28 @@ void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, unsigned long size; void *addr; int area; + u8 tag; + + /* + * If KASAN_VMALLOC_KEEP_TAG was set at this point, all vms[] pointers + * would be unpoisoned with the KASAN_TAG_KERNEL which would disable + * KASAN checks down the line. + */ + if (flags & KASAN_VMALLOC_KEEP_TAG) { + pr_warn("KASAN_VMALLOC_KEEP_TAG flag shouldn't be already set!\n"); + return; + } + + size = vms[0]->size; + addr = vms[0]->addr; + vms[0]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + tag = get_tag(vms[0]->addr); - for (area = 0 ; area < nr_vms ; area++) { + for (area = 1 ; area < nr_vms ; area++) { size = vms[area]->size; - addr = vms[area]->addr; - vms[area]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + addr = set_tag(vms[area]->addr, tag); + vms[area]->addr = + __kasan_unpoison_vmalloc(addr, size, flags | KASAN_VMALLOC_KEEP_TAG); } } #endif -- 2.52.0

3 days, 13 hours

4
5
0 0

[PATCH] spi: cadence-quadspi: Fix clock enable underflows due to runtime PM

by Mark Brown

The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 ("spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance") made the fact that when we do a pm_runtime_disable() in the error paths of probe() we can trigger a runtime disable which in turn results in duplicate clock disables. Early on in the probe function we do a pm_runtime_get_noresume() since the probe function leaves the device in a powered up state but in the error path we can't assume that PM is enabled so we also manually disable everything, including clocks. This means that when runtime PM is active both it and the probe function release the same reference to the main clock for the IP, triggering warnings from the clock subsystem: [ 8.693719] clk:75:7 already disabled [ 8.693791] WARNING: CPU: 1 PID: 185 at /usr/src/kernel/drivers/clk/clk.c:1188 clk_core_disable+0xa0/0xb ... [ 8.694261] clk_core_disable+0xa0/0xb4 (P) [ 8.694272] clk_disable+0x38/0x60 [ 8.694283] cqspi_probe+0x7c8/0xc5c [spi_cadence_quadspi] [ 8.694309] platform_probe+0x5c/0xa4 Avoid this confused ownership by moving the pm_runtime_get_noresume() to after the last point at which the probe() function can fail. Reported-by: Francesco Dolcini <francesco(a)dolcini.it> Closes: https://lore.kernel.org/r/20251201072844.GA6785@francesco-nb Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-cadence-quadspi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index af6d050da1c8..0833b6f666d0 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1985,7 +1985,6 @@ static int cqspi_probe(struct platform_device *pdev) pm_runtime_enable(dev); pm_runtime_set_autosuspend_delay(dev, CQSPI_AUTOSUSPEND_TIMEOUT); pm_runtime_use_autosuspend(dev); - pm_runtime_get_noresume(dev); } ret = cqspi_setup_flash(cqspi); @@ -2012,6 +2011,7 @@ static int cqspi_probe(struct platform_device *pdev) } if (!(ddata && (ddata->quirks & CQSPI_DISABLE_RUNTIME_PM))) { + pm_runtime_get_noresume(dev); pm_runtime_mark_last_busy(dev); pm_runtime_put_autosuspend(dev); } --- base-commit: 7d0a66e4bb9081d75c82ec4957c50034cb0ea449 change-id: 20251202-spi-cadence-qspi-runtime-pm-imbalance-657740cf7eae Best regards, -- Mark Brown <broonie(a)kernel.org>

3 days, 14 hours

5
11
0 0

[PATCH 2/2] drm: xlnx: zynqmp_kms: set preferred_depth to 16 bpp

by Mikko Rapeli

Xorg fails to start with defaults on AMD KV260, /var/log/Xorg.0.log: [ 23.491] (II) Loading /usr/lib/xorg/modules/drivers/fbdev_drv.so [ 23.491] (II) Module fbdev: vendor="X.Org Foundation" [ 23.491] compiled for 1.21.1.18, module version = 0.5.1 [ 23.491] Module class: X.Org Video Driver [ 23.491] ABI class: X.Org Video Driver, version 25.2 [ 23.491] (II) modesetting: Driver for Modesetting Kernel Drivers: kms [ 23.491] (II) FBDEV: driver for framebuffer: fbdev [ 23.510] (II) modeset(0): using drv /dev/dri/card1 [ 23.511] (WW) Falling back to old probe method for fbdev [ 23.511] (II) Loading sub module "fbdevhw" [ 23.511] (II) LoadModule: "fbdevhw" [ 23.511] (II) Loading /usr/lib/xorg/modules/libfbdevhw.so [ 23.511] (II) Module fbdevhw: vendor="X.Org Foundation" [ 23.511] compiled for 1.21.1.18, module version = 0.0.2 [ 23.511] ABI class: X.Org Video Driver, version 25.2 [ 23.512] (II) modeset(0): Creating default Display subsection in Screen section "Default Screen Section" for depth/fbbpp 24/32 [ 23.512] (==) modeset(0): Depth 24, (==) framebuffer bpp 32 [ 23.512] (==) modeset(0): RGB weight 888 [ 23.512] (==) modeset(0): Default visual is TrueColor ... [ 23.911] (II) Loading sub module "fb" [ 23.911] (II) LoadModule: "fb" [ 23.911] (II) Module "fb" already built-in [ 23.911] (II) UnloadModule: "fbdev" [ 23.911] (II) Unloading fbdev [ 23.912] (II) UnloadSubModule: "fbdevhw" [ 23.912] (II) Unloading fbdevhw [ 24.238] (==) modeset(0): Backing store enabled [ 24.238] (==) modeset(0): Silken mouse enabled [ 24.249] (II) modeset(0): Initializing kms color map for depth 24, 8 bpc. [ 24.250] (==) modeset(0): DPMS enabled [ 24.250] (II) modeset(0): [DRI2] Setup complete [ 24.250] (II) modeset(0): [DRI2] DRI driver: kms_swrast [ 24.250] (II) modeset(0): [DRI2] VDPAU driver: kms_swrast ... [ 24.770] (II) modeset(0): Disabling kernel dirty updates, not required. [ 24.770] (EE) modeset(0): failed to set mode: Invalid argument xorg tries to use 24 and 32 bpp which pass on the fb API but which don't actually work on AMD KV260 when Xorg starts. As a workaround Xorg config can set color depth to 16 using /etc/X11/xorg.conf snippet: Section "Screen" Identifier "Default Screen" Monitor "Configured Monitor" Device "Configured Video Device" DefaultDepth 16 EndSection But this is cumbersome on images meant for multiple different arm64 devices and boards. So instead set 16 bpp as preferred depth in zynqmp_kms fb driver which is used by Xorg in the logic to find out a working depth. Now Xorg startup and bpp query using fb API works and HDMI display shows graphics. /var/log/Xorg.0.log shows: [ 23.219] (II) LoadModule: "fbdev" [ 23.219] (II) Loading /usr/lib/xorg/modules/drivers/fbdev_drv.so [ 23.219] (II) Module fbdev: vendor="X.Org Foundation" [ 23.219] compiled for 1.21.1.18, module version = 0.5.1 [ 23.219] Module class: X.Org Video Driver [ 23.219] ABI class: X.Org Video Driver, version 25.2 [ 23.219] (II) modesetting: Driver for Modesetting Kernel Drivers: kms [ 23.219] (II) FBDEV: driver for framebuffer: fbdev [ 23.238] (II) modeset(0): using drv /dev/dri/card1 [ 23.238] (WW) Falling back to old probe method for fbdev [ 23.238] (II) Loading sub module "fbdevhw" [ 23.238] (II) LoadModule: "fbdevhw" [ 23.239] (II) Loading /usr/lib/xorg/modules/libfbdevhw.so [ 23.239] (II) Module fbdevhw: vendor="X.Org Foundation" [ 23.239] compiled for 1.21.1.18, module version = 0.0.2 [ 23.239] ABI class: X.Org Video Driver, version 25.2 [ 23.240] (II) modeset(0): Creating default Display subsection in Screen section "Default Screen Section" for depth/fbbpp 16/16 [ 23.240] (==) modeset(0): Depth 16, (==) framebuffer bpp 16 [ 23.240] (==) modeset(0): RGB weight 565 [ 23.240] (==) modeset(0): Default visual is TrueColor ... [ 24.015] (==) modeset(0): Backing store enabled [ 24.015] (==) modeset(0): Silken mouse enabled [ 24.027] (II) modeset(0): Initializing kms color map for depth 16, 6 bpc. [ 24.028] (==) modeset(0): DPMS enabled [ 24.028] (II) modeset(0): [DRI2] Setup complete [ 24.028] (II) modeset(0): [DRI2] DRI driver: kms_swrast [ 24.028] (II) modeset(0): [DRI2] VDPAU driver: kms_swrast Cc: Bill Mills <bill.mills(a)linaro.org> Cc: Ilias Apalodimas <ilias.apalodimas(a)linaro.org> Cc: Anatoliy Klymenko <anatoliy.klymenko(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mikko Rapeli <mikko.rapeli(a)linaro.org> --- drivers/gpu/drm/xlnx/zynqmp_kms.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/xlnx/zynqmp_kms.c b/drivers/gpu/drm/xlnx/zynqmp_kms.c index ccc35cacd10cb..a42192c827af0 100644 --- a/drivers/gpu/drm/xlnx/zynqmp_kms.c +++ b/drivers/gpu/drm/xlnx/zynqmp_kms.c @@ -506,6 +506,7 @@ int zynqmp_dpsub_drm_init(struct zynqmp_dpsub *dpsub) drm->mode_config.min_height = 0; drm->mode_config.max_width = ZYNQMP_DISP_MAX_WIDTH; drm->mode_config.max_height = ZYNQMP_DISP_MAX_HEIGHT; + drm->mode_config.preferred_depth = 16; ret = drm_vblank_init(drm, 1); if (ret) -- 2.34.1

3 days, 14 hours

1
0
0 0

[PATCH 1/2] drm: xlnx: zynqmp_kms: Init fbdev with 16 bit color

by Mikko Rapeli

From: Anatoliy Klymenko <anatoliy.klymenko(a)amd.com> Use RG16 buffer format for fbdev emulation. Fbdev backend is being used by Mali 400 userspace driver which expects 16 bit RGB pixel color format. This change should not affect console or other fbdev applications as we still have plenty of colors left. Cc: Bill Mills <bill.mills(a)linaro.org> Cc: Ilias Apalodimas <ilias.apalodimas(a)linaro.org> Cc: stable(a)vger.kernel.org Signed-off-by: Anatoliy Klymenko <anatoliy.klymenko(a)amd.com> Signed-off-by: Mikko Rapeli <mikko.rapeli(a)linaro.org> --- drivers/gpu/drm/xlnx/zynqmp_kms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xlnx/zynqmp_kms.c b/drivers/gpu/drm/xlnx/zynqmp_kms.c index 2bee0a2275ede..ccc35cacd10cb 100644 --- a/drivers/gpu/drm/xlnx/zynqmp_kms.c +++ b/drivers/gpu/drm/xlnx/zynqmp_kms.c @@ -525,7 +525,7 @@ int zynqmp_dpsub_drm_init(struct zynqmp_dpsub *dpsub) goto err_poll_fini; /* Initialize fbdev generic emulation. */ - drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB888); + drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB565); return 0; -- 2.34.1

3 days, 14 hours

1
0
0 0

[PATCH 6.12 000/132] 6.12.61-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.61 release. There are 132 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.61-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.61-rc1 Thomas Weißschuh <linux(a)weissschuh.net> spi: spi-nxp-fspi: Check return value of devm_mutex_init() Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Initialize the source OUI write timestamp always Punit Agrawal <punit.agrawal(a)oss.qualcomm.com> Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: correctly handle mcast packets for clients Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Free previously initialized ports on init failures Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Do not execute PTP driver code for unsupported switches Thomas Zimmermann <tzimmermann(a)suse.de> drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Fix redundant updates of LBR MSR intercepts Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Fix and simplify LBR virtualization handling with nested Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() Wei Yang <richard.weiyang(a)gmail.com> mm/huge_memory: fix NULL pointer deference when splitting folio Jimmy Hu <hhhuuu(a)google.com> usb: gadget: udc: fix use-after-free in usb_gadget_state_work Kuen-Han Tsai <khtsai(a)google.com> usb: udc: Add trace event for usb_gadget_set_state Biju Das <biju.das.jz(a)bp.renesas.com> can: rcar_canfd: Fix CAN-FD mode as default Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected NeilBrown <neil(a)brown.name> nfsd: Replace clamp_t in nfsd4_get_drc_mem() Philipp Hortmann <philipp.g.hortmann(a)gmail.com> staging: rtl8712: Remove driver using deprecated API wext ziming zhang <ezrakiez(a)gmail.com> libceph: replace BUG_ON with bounds check for map->max_osd ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Don't free uninitialized ksz_irq Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: ptp: Fix checks on irq_find_mapping() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: common: Fix checks on irq_find_mapping() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Don't change brightness for disabled connectors Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Michael Chen <michael.chen(a)amd.com> drm/amd/amdgpu: reserve vm invalidation engine for uni_mes Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: attach tlb fence to the PTs update Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix stale flag preventig URBs after link state error is cleared Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Sort out the Intel device IDs Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Nova Lake -S Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Paolo Abeni <pabeni(a)redhat.com> mptcp: clear scheduled subflows on retransmit Jisheng Zhang <jszhang(a)kernel.org> mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level Deepanshu Kartikey <kartikey406(a)gmail.com> mm/memfd: fix information leak in hugetlb folios Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Wentao Guan <guanwentao(a)uniontech.com> nvmem: layouts: fix nvmem_layout_bus_uevent Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: fix crash in process_v2_sparse_read() for encrypted directories Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Douglas Anderson <dianders(a)chromium.org> Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Maarten Zanders <maarten(a)zanders.be> ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Xu Yang <xu.yang_2(a)nxp.com> arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos Ivan Zhaldak <i.v.zhaldak(a)gmail.com> ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Deepanshu Kartikey <kartikey406(a)gmail.com> tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification ChiYuan Huang <cy_huang(a)richtek.com> iio: adc: rtq6056: Correct the sign bit index David Lechner <dlechner(a)baylibre.com> iio: adc: ad7280a: fix ad7280_store_balance_timer() Valek Andrej <andrej.v(a)skyrain.eu> iio: accel: fix ADXL355 startup race condition Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Olivier Moysan <olivier.moysan(a)foss.st.com> iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> iio: humditiy: hdc3020: fix units for thresholds and hysteresis Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> iio: humditiy: hdc3020: fix units for temperature and humidity measurement Nuno Sá <nuno.sa(a)analog.com> iio: buffer: support getting dma channel from the buffer Nuno Sá <nuno.sa(a)analog.com> iio: buffer-dmaengine: enable .get_dma_dev() Nuno Sá <nuno.sa(a)analog.com> iio: buffer-dma: support getting the DMA channel Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/display: Move setup_stream_attribute" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: nxp-fspi: Propagate fwnode in ACPI case as well Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: Add OCT-DTR mode support Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: remove the goto in probe Miquel Raynal <miquel.raynal(a)bootlin.com> spi: nxp-fspi: Support per spi-mem operation frequency switches Miquel Raynal <miquel.raynal(a)bootlin.com> spi: spi-mem: Add a new controller capability Miquel Raynal <miquel.raynal(a)bootlin.com> spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: spi-mem: Allow specifying the byte order in Octal DTR mode Haotian Zhang <vulab(a)iscas.ac.cn> spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Francesco Lavra <flavra(a)baylibre.com> spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA Andrei Vagin <avagin(a)google.com> fs/namespace: fix reference leak in grab_requested_mnt_ns Jamie Iles <jamie.iles(a)oss.qualcomm.com> mailbox: pcc: don't zero error register Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Refactor error handling in irq handler into separate function Jason-JH Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Refine DMA address handling for the command buffer Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Haotian Zhang <vulab(a)iscas.ac.cn> usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors Mario Tesi <martepisa(a)gmail.com> iio: st_lsm6dsx: Fixed calibrated timestamp calculation Wei Fang <wei.fang(a)nxp.com> net: fec: do not register PPS event for PEROUT Wei Fang <wei.fang(a)nxp.com> net: fec: do not allow enabling PPS and PEROUT simultaneously Wei Fang <wei.fang(a)nxp.com> net: fec: do not update PEROUT if it is enabled Wei Fang <wei.fang(a)nxp.com> net: fec: cancel perout_timer when PEROUT is disabled Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Mohsin Bashir <mohsin.bashr(a)gmail.com> eth: fbnic: Fix counter roll-over issue Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: sja1105: simplify static configuration reload Slark Xiao <slark_xiao(a)163.com> net: wwan: mhi: Keep modem name match with Foxconn T99W640 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Nikola Z. Ivanov <zlatistiv(a)gmail.com> team: Move team device type change at the end of team_port_add Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Harish Chegondi <harish.chegondi(a)intel.com> drm/xe: Fix conversion from clock ticks to milliseconds Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix the initialization of taprio Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle <daniel(a)makrotopia.org> net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Jesper Dangaard Brouer <hawk(a)kernel.org> veth: reduce XDP no_direct return section to fix race Jesper Dangaard Brouer <hawk(a)kernel.org> veth: more robust handing of race to avoid txq getting stuck Jesper Dangaard Brouer <hawk(a)kernel.org> veth: prevent NULL pointer dereference in veth_xdp_rcv Jesper Dangaard Brouer <hawk(a)kernel.org> veth: apply qdisc backpressure on full ptr_ring to reduce TX drops Jesper Dangaard Brouer <hawk(a)kernel.org> net: sched: generalize check for no-queue qdisc on TX queue Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Edward Adam Davis <eadavis(a)qq.com> Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers ------------- Diffstat: MAINTAINERS | 5 - Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8dxl-ss-conn.dtsi | 4 +- arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 4 +- arch/arm64/kernel/acpi.c | 10 +- arch/mips/mm/tlb-r4k.c | 118 +- arch/x86/events/core.c | 10 +- arch/x86/kvm/svm/nested.c | 20 +- arch/x86/kvm/svm/svm.c | 98 +- arch/x86/kvm/svm/svm.h | 1 + drivers/atm/fore200e.c | 2 + drivers/bluetooth/btusb.c | 39 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 + drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 1 - .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 - .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 2 - drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 + .../display/dc/virtual/virtual_stream_encoder.c | 7 - drivers/gpu/drm/drm_fb_helper.c | 6 - drivers/gpu/drm/i915/display/intel_dp.c | 5 +- drivers/gpu/drm/i915/display/intel_fbdev.c | 6 - drivers/gpu/drm/radeon/radeon_fbdev.c | 5 - drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/xe/xe_gt_clock.c | 7 +- drivers/iio/accel/adxl355_core.c | 44 +- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/ad7280a.c | 2 +- drivers/iio/adc/rtq6056.c | 2 +- drivers/iio/adc/stm32-dfsdm-adc.c | 5 +- drivers/iio/buffer/industrialio-buffer-dma.c | 6 + drivers/iio/buffer/industrialio-buffer-dmaengine.c | 2 + drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/humidity/hdc3020.c | 73 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 +- drivers/iio/industrialio-buffer.c | 21 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/mailbox/mtk-cmdq-mailbox.c | 45 +- drivers/mailbox/pcc.c | 32 +- drivers/md/dm-verity-fec.c | 6 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 29 +- drivers/most/most_usb.c | 14 +- drivers/mtd/nand/spi/core.c | 2 + drivers/net/can/rcar/rcar_canfd.c | 53 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 102 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/microchip/ksz_common.c | 65 +- drivers/net/dsa/microchip/ksz_common.h | 1 + drivers/net/dsa/microchip/ksz_ptp.c | 22 +- drivers/net/dsa/sja1105/sja1105_main.c | 66 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/freescale/fec.h | 1 + drivers/net/ethernet/freescale/fec_ptp.c | 64 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 +- drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 2 +- .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 +- drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/phy/mxl-gpy.c | 2 +- drivers/net/team/team_core.c | 23 +- drivers/net/veth.c | 64 +- drivers/net/vrf.c | 4 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 5 + drivers/net/wireless/ath/ath12k/peer.c | 3 + drivers/net/wireless/ath/ath12k/peer.h | 2 + drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/nvmem/layouts.c | 2 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/spi/Kconfig | 4 +- drivers/spi/spi-amlogic-spifc-a1.c | 4 +- drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-mem.c | 37 + drivers/spi/spi-nxp-fspi.c | 123 +- drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/rtl8712/Kconfig | 21 - drivers/staging/rtl8712/Makefile | 35 - drivers/staging/rtl8712/TODO | 13 - drivers/staging/rtl8712/basic_types.h | 28 - drivers/staging/rtl8712/drv_types.h | 175 -- drivers/staging/rtl8712/ethernet.h | 21 - drivers/staging/rtl8712/hal_init.c | 401 ---- drivers/staging/rtl8712/ieee80211.c | 415 ---- drivers/staging/rtl8712/ieee80211.h | 165 -- drivers/staging/rtl8712/mlme_linux.c | 160 -- drivers/staging/rtl8712/mlme_osdep.h | 31 - drivers/staging/rtl8712/mp_custom_oid.h | 287 --- drivers/staging/rtl8712/os_intfs.c | 482 ----- drivers/staging/rtl8712/osdep_intf.h | 32 - drivers/staging/rtl8712/osdep_service.h | 60 - drivers/staging/rtl8712/recv_linux.c | 139 -- drivers/staging/rtl8712/recv_osdep.h | 39 - drivers/staging/rtl8712/rtl8712_bitdef.h | 26 - drivers/staging/rtl8712/rtl8712_cmd.c | 409 ---- drivers/staging/rtl8712/rtl8712_cmd.h | 231 -- drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 - drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 - drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 - drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 - .../staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 - .../staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 - drivers/staging/rtl8712/rtl8712_efuse.c | 563 ----- drivers/staging/rtl8712/rtl8712_efuse.h | 44 - drivers/staging/rtl8712/rtl8712_event.h | 86 - drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 -- drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 - drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 - drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 - drivers/staging/rtl8712/rtl8712_hal.h | 142 -- drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 - drivers/staging/rtl8712/rtl8712_io.c | 99 - drivers/staging/rtl8712/rtl8712_led.c | 1830 ---------------- .../staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 - .../staging/rtl8712/rtl8712_macsetting_regdef.h | 20 - drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 - drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 - drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 - drivers/staging/rtl8712/rtl8712_recv.c | 1075 --------- drivers/staging/rtl8712/rtl8712_recv.h | 145 -- drivers/staging/rtl8712/rtl8712_regdef.h | 32 - drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 - drivers/staging/rtl8712/rtl8712_spec.h | 121 -- drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 -- drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 - drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 - drivers/staging/rtl8712/rtl8712_xmit.c | 732 ------- drivers/staging/rtl8712/rtl8712_xmit.h | 108 - drivers/staging/rtl8712/rtl871x_cmd.c | 750 ------- drivers/staging/rtl8712/rtl871x_cmd.h | 750 ------- drivers/staging/rtl8712/rtl871x_debug.h | 130 -- drivers/staging/rtl8712/rtl871x_eeprom.c | 220 -- drivers/staging/rtl8712/rtl871x_eeprom.h | 88 - drivers/staging/rtl8712/rtl871x_event.h | 109 - drivers/staging/rtl8712/rtl871x_ht.h | 33 - drivers/staging/rtl8712/rtl871x_io.c | 147 -- drivers/staging/rtl8712/rtl871x_io.h | 236 -- drivers/staging/rtl8712/rtl871x_ioctl.h | 94 - drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2275 -------------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 ----- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 - drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 --- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 - drivers/staging/rtl8712/rtl871x_led.h | 118 - drivers/staging/rtl8712/rtl871x_mlme.c | 1710 --------------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 -- drivers/staging/rtl8712/rtl871x_mp.c | 724 ------- drivers/staging/rtl8712/rtl871x_mp.h | 275 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 -------- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 --- drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 --------- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 -- drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 - drivers/staging/rtl8712/rtl871x_recv.c | 671 ------ drivers/staging/rtl8712/rtl871x_recv.h | 208 -- drivers/staging/rtl8712/rtl871x_rf.h | 55 - drivers/staging/rtl8712/rtl871x_security.c | 1386 ------------ drivers/staging/rtl8712/rtl871x_security.h | 218 -- drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 --- drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 - drivers/staging/rtl8712/rtl871x_xmit.c | 1056 --------- drivers/staging/rtl8712/rtl871x_xmit.h | 287 --- drivers/staging/rtl8712/sta_info.h | 132 -- drivers/staging/rtl8712/usb_halinit.c | 307 --- drivers/staging/rtl8712/usb_intf.c | 638 ------ drivers/staging/rtl8712/usb_ops.c | 195 -- drivers/staging/rtl8712/usb_ops.h | 38 - drivers/staging/rtl8712/usb_ops_linux.c | 508 ----- drivers/staging/rtl8712/usb_osintf.h | 35 - drivers/staging/rtl8712/wifi.h | 196 -- drivers/staging/rtl8712/wlan_bssdef.h | 223 -- drivers/staging/rtl8712/xmit_linux.c | 181 -- drivers/staging/rtl8712/xmit_osdep.h | 52 - drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/tty/serial/amba-pl011.c | 2 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 82 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/udc/core.c | 18 +- drivers/usb/gadget/udc/renesas_usbf.c | 4 +- drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/host/xhci-dbgcap.h | 1 + drivers/usb/host/xhci-dbgtty.c | 23 +- drivers/usb/host/xhci-ring.c | 15 +- drivers/usb/host/xhci.c | 1 + drivers/usb/renesas_usbhs/common.c | 14 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/video/fbdev/core/fbcon.c | 9 + fs/namespace.c | 7 +- fs/nfsd/nfs4state.c | 6 +- fs/smb/client/connect.c | 1 + include/linux/iio/buffer-dma.h | 1 + include/linux/iio/buffer_impl.h | 2 + include/linux/mailbox/mtk-cmdq-mailbox.h | 10 + include/linux/spi/spi-mem.h | 22 +- include/linux/usb/gadget.h | 5 + include/net/bluetooth/hci_core.h | 1 - include/net/sch_generic.h | 8 + kernel/trace/trace.c | 10 + mm/huge_memory.c | 17 +- mm/memfd.c | 27 + net/bluetooth/hci_core.c | 16 +- net/bluetooth/hci_sock.c | 2 + net/bluetooth/smp.c | 31 +- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 +- net/ceph/debugfs.c | 16 +- net/ceph/messenger_v2.c | 11 +- net/ceph/osdmap.c | 18 +- net/mptcp/protocol.c | 19 +- sound/usb/quirks.c | 3 + 238 files changed, 1344 insertions(+), 28212 deletions(-)

3 days, 15 hours

18
150
0 0

[PATCH 6.6 00/93] 6.6.119-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.119 release. There are 93 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.119-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.119-rc1 Alan Stern <stern(a)rowland.harvard.edu> HID: core: Harden s32ton() against conversion to 0 bits Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Free previously initialized ports on init failures Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() Sean Heelan <seanheelan(a)gmail.com> ksmbd: fix use-after-free in session logoff Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: properly kill background tasks Philipp Hortmann <philipp.g.hortmann(a)gmail.com> staging: rtl8712: Remove driver using deprecated API wext luoguangfei <15388634752(a)163.com> net: macb: fix unregister_netdev call order in macb_remove() ChiYuan Huang <cy_huang(a)richtek.com> iio: adc: rtq6056: Correct the sign bit index Biju Das <biju.das.jz(a)bp.renesas.com> can: rcar_canfd: Fix CAN-FD mode as default Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Jimmy Hu <hhhuuu(a)google.com> usb: gadget: udc: fix use-after-free in usb_gadget_state_work Kuen-Han Tsai <khtsai(a)google.com> usb: udc: Add trace event for usb_gadget_set_state NeilBrown <neil(a)brown.name> nfsd: Replace clamp_t in nfsd4_get_drc_mem() Wang Liang <wangliang74(a)huawei.com> bonding: check xdp prog when set bond mode Hangbin Liu <liuhangbin(a)gmail.com> bonding: return detailed error when loading native XDP fails ziming zhang <ezrakiez(a)gmail.com> libceph: replace BUG_ON with bounds check for map->max_osd ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: ptp: Fix checks on irq_find_mapping() Bastien Curutchet (Schneider Electric) <bastien.curutchet(a)bootlin.com> net: dsa: microchip: common: Fix checks on irq_find_mapping() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Sort out the Intel device IDs Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Nova Lake -S Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Paolo Abeni <pabeni(a)redhat.com> mptcp: clear scheduled subflows on retransmit Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: fix crash in process_v2_sparse_read() for encrypted directories Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Maarten Zanders <maarten(a)zanders.be> ARM: dts: nxp: imx6ul: correct SAI3 interrupt line Ivan Zhaldak <i.v.zhaldak(a)gmail.com> ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification David Lechner <dlechner(a)baylibre.com> iio: adc: ad7280a: fix ad7280_store_balance_timer() Valek Andrej <andrej.v(a)skyrain.eu> iio: accel: fix ADXL355 startup race condition Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: nxp-fspi: Propagate fwnode in ACPI case as well Miquel Raynal <miquel.raynal(a)bootlin.com> spi: nxp-fspi: Support per spi-mem operation frequency switches Miquel Raynal <miquel.raynal(a)bootlin.com> spi: spi-mem: Add a new controller capability Miquel Raynal <miquel.raynal(a)bootlin.com> spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: spi-mem: Allow specifying the byte order in Octal DTR mode Haotian Zhang <vulab(a)iscas.ac.cn> spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors Francesco Lavra <flavra(a)baylibre.com> spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA Jamie Iles <jamie.iles(a)oss.qualcomm.com> mailbox: pcc: don't zero error register Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Refactor error handling in irq handler into separate function Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Haotian Zhang <vulab(a)iscas.ac.cn> usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors Mario Tesi <martepisa(a)gmail.com> iio: st_lsm6dsx: Fixed calibrated timestamp calculation Wei Fang <wei.fang(a)nxp.com> net: fec: do not register PPS event for PEROUT Wei Fang <wei.fang(a)nxp.com> net: fec: do not allow enabling PPS and PEROUT simultaneously Wei Fang <wei.fang(a)nxp.com> net: fec: do not update PEROUT if it is enabled Wei Fang <wei.fang(a)nxp.com> net: fec: cancel perout_timer when PEROUT is disabled Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: sja1105: simplify static configuration reload Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix cyan_skillfish2 gpu info fw handling Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix the initialization of taprio Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Daniel Golle <daniel(a)makrotopia.org> net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Edward Adam Davis <eadavis(a)qq.com> Bluetooth: hci_sock: Prevent race in socket write iter and sock bind Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers ------------- Diffstat: MAINTAINERS | 6 - Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx6ul.dtsi | 2 +- arch/mips/mm/tlb-r4k.c | 118 +- arch/x86/events/core.c | 10 +- drivers/atm/fore200e.c | 2 + drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/hid/hid-core.c | 7 +- drivers/iio/accel/adxl355_core.c | 44 +- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/ad7280a.c | 2 +- drivers/iio/adc/rtq6056.c | 2 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 40 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 19 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/mailbox/pcc.c | 32 +- drivers/md/dm-verity-fec.c | 6 +- drivers/most/most_usb.c | 14 +- drivers/mtd/nand/spi/core.c | 2 + drivers/net/bonding/bond_main.c | 11 +- drivers/net/bonding/bond_options.c | 3 + drivers/net/can/rcar/rcar_canfd.c | 53 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 102 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/microchip/ksz_common.c | 30 +- drivers/net/dsa/microchip/ksz_ptp.c | 22 +- drivers/net/dsa/sja1105/sja1105_main.c | 66 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/freescale/fec.h | 1 + drivers/net/ethernet/freescale/fec_ptp.c | 64 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 +- .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 5 +- drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/phy/mxl-gpy.c | 2 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/spi/Kconfig | 4 +- drivers/spi/spi-amlogic-spifc-a1.c | 4 +- drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-mem.c | 37 + drivers/spi/spi-nxp-fspi.c | 22 +- drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/rtl8712/Kconfig | 21 - drivers/staging/rtl8712/Makefile | 35 - drivers/staging/rtl8712/TODO | 13 - drivers/staging/rtl8712/basic_types.h | 28 - drivers/staging/rtl8712/drv_types.h | 175 -- drivers/staging/rtl8712/ethernet.h | 21 - drivers/staging/rtl8712/hal_init.c | 401 ---- drivers/staging/rtl8712/ieee80211.c | 415 ---- drivers/staging/rtl8712/ieee80211.h | 165 -- drivers/staging/rtl8712/mlme_linux.c | 160 -- drivers/staging/rtl8712/mlme_osdep.h | 31 - drivers/staging/rtl8712/mp_custom_oid.h | 287 --- drivers/staging/rtl8712/os_intfs.c | 482 ---- drivers/staging/rtl8712/osdep_intf.h | 32 - drivers/staging/rtl8712/osdep_service.h | 60 - drivers/staging/rtl8712/recv_linux.c | 139 -- drivers/staging/rtl8712/recv_osdep.h | 39 - drivers/staging/rtl8712/rtl8712_bitdef.h | 26 - drivers/staging/rtl8712/rtl8712_cmd.c | 409 ---- drivers/staging/rtl8712/rtl8712_cmd.h | 231 -- drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 95 - drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 - drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 - drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 - .../staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 - .../staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 - drivers/staging/rtl8712/rtl8712_efuse.c | 564 ----- drivers/staging/rtl8712/rtl8712_efuse.h | 44 - drivers/staging/rtl8712/rtl8712_event.h | 86 - drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 -- drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 - drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 - drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 - drivers/staging/rtl8712/rtl8712_hal.h | 142 -- drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 - drivers/staging/rtl8712/rtl8712_io.c | 99 - drivers/staging/rtl8712/rtl8712_led.c | 1830 --------------- .../staging/rtl8712/rtl8712_macsetting_bitdef.h | 31 - .../staging/rtl8712/rtl8712_macsetting_regdef.h | 20 - drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 - drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 - drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 43 - drivers/staging/rtl8712/rtl8712_recv.c | 1080 --------- drivers/staging/rtl8712/rtl8712_recv.h | 145 -- drivers/staging/rtl8712/rtl8712_regdef.h | 32 - drivers/staging/rtl8712/rtl8712_security_bitdef.h | 34 - drivers/staging/rtl8712/rtl8712_spec.h | 121 - drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 163 -- drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 42 - drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 49 - drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 - drivers/staging/rtl8712/rtl8712_xmit.c | 744 ------- drivers/staging/rtl8712/rtl8712_xmit.h | 108 - drivers/staging/rtl8712/rtl871x_cmd.c | 796 ------- drivers/staging/rtl8712/rtl871x_cmd.h | 761 ------- drivers/staging/rtl8712/rtl871x_debug.h | 130 -- drivers/staging/rtl8712/rtl871x_eeprom.c | 220 -- drivers/staging/rtl8712/rtl871x_eeprom.h | 88 - drivers/staging/rtl8712/rtl871x_event.h | 109 - drivers/staging/rtl8712/rtl871x_ht.h | 33 - drivers/staging/rtl8712/rtl871x_io.c | 147 -- drivers/staging/rtl8712/rtl871x_io.h | 236 -- drivers/staging/rtl8712/rtl871x_ioctl.h | 94 - drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 519 ----- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 - drivers/staging/rtl8712/rtl871x_ioctl_set.c | 354 --- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 - drivers/staging/rtl8712/rtl871x_led.h | 118 - drivers/staging/rtl8712/rtl871x_mlme.c | 1710 -------------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 -- drivers/staging/rtl8712/rtl871x_mp.c | 724 ------ drivers/staging/rtl8712/rtl871x_mp.h | 275 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 -------- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 328 --- drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1034 --------- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 -- drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 - drivers/staging/rtl8712/rtl871x_recv.c | 671 ------ drivers/staging/rtl8712/rtl871x_recv.h | 208 -- drivers/staging/rtl8712/rtl871x_rf.h | 55 - drivers/staging/rtl8712/rtl871x_security.c | 1386 ------------ drivers/staging/rtl8712/rtl871x_security.h | 218 -- drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 --- drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 - drivers/staging/rtl8712/rtl871x_xmit.c | 1059 --------- drivers/staging/rtl8712/rtl871x_xmit.h | 288 --- drivers/staging/rtl8712/sta_info.h | 132 -- drivers/staging/rtl8712/usb_halinit.c | 307 --- drivers/staging/rtl8712/usb_intf.c | 638 ------ drivers/staging/rtl8712/usb_ops.c | 195 -- drivers/staging/rtl8712/usb_ops.h | 38 - drivers/staging/rtl8712/usb_ops_linux.c | 515 ----- drivers/staging/rtl8712/usb_osintf.h | 35 - drivers/staging/rtl8712/wifi.h | 196 -- drivers/staging/rtl8712/wlan_bssdef.h | 223 -- drivers/staging/rtl8712/xmit_linux.c | 181 -- drivers/staging/rtl8712/xmit_osdep.h | 52 - drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/tty/serial/amba-pl011.c | 2 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 82 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/udc/core.c | 18 +- drivers/usb/gadget/udc/renesas_usbf.c | 4 +- drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/host/xhci-dbgcap.h | 1 + drivers/usb/host/xhci-dbgtty.c | 23 +- drivers/usb/renesas_usbhs/common.c | 14 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + fs/nfsd/nfs4state.c | 6 +- fs/smb/client/connect.c | 1 + fs/smb/server/smb2pdu.c | 4 - include/linux/spi/spi-mem.h | 22 +- include/linux/usb/gadget.h | 5 + include/net/bonding.h | 1 + net/bluetooth/hci_sock.c | 2 + net/bluetooth/smp.c | 31 +- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 +- net/ceph/debugfs.c | 16 +- net/ceph/messenger_v2.c | 11 +- net/ceph/osdmap.c | 18 +- net/mptcp/protocol.c | 48 +- sound/usb/quirks.c | 3 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 14 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21 + 196 files changed, 914 insertions(+), 28087 deletions(-)

3 days, 16 hours

11
103
0 0

[PATCH v6] usb: typec: ucsi: Get connector status after enable notifications

by Hsin-Te Yuan

Originally, the notification for connector change will be enabled after the first read of the connector status. Therefore, if the event happens during this window, it will be missing and make the status unsynced. Get the connector status only after enabling the notification for connector change to ensure the status is synced. Fixes: c1b0bc2dabfa ("usb: typec: Add support for UCSI interface") Cc: stable(a)vger.kernel.org # v4.13+ Signed-off-by: Hsin-Te Yuan <yuanhsinte(a)chromium.org> --- Changes in v6: - Free the locks in error path. - Link to v5: https://lore.kernel.org/r/20251205-ucsi-v5-1-488eb89bc9b8@chromium.org Changes in v5: - Hold the lock of each connector during the initialization to avoid race condition between initialization and other event handler - Add Fixes tag - Link to v4: https://lore.kernel.org/r/20251125-ucsi-v4-1-8c94568ddaa5@chromium.org Changes in v4: - Handle a single connector in ucsi_init_port() and call it in a loop - Link to v3: https://lore.kernel.org/r/20251121-ucsi-v3-1-b1047ca371b8@chromium.org Changes in v3: - Seperate the status checking part into a new function called ucsi_init_port() and call it after enabling the notifications - Link to v2: https://lore.kernel.org/r/20251118-ucsi-v2-1-d314d50333e2@chromium.org Changes in v2: - Remove unnecessary braces. - Link to v1: https://lore.kernel.org/r/20251117-ucsi-v1-1-1dcbc5ea642b@chromium.org --- drivers/usb/typec/ucsi/ucsi.c | 131 +++++++++++++++++++++++------------------- 1 file changed, 73 insertions(+), 58 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 3f568f790f39b0271667e80816270274b8dd3008..3a0471fa4cc980c0512bc71776e3984e6cd2cdb7 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1560,11 +1560,70 @@ static struct fwnode_handle *ucsi_find_fwnode(struct ucsi_connector *con) return NULL; } +static void ucsi_init_port(struct ucsi *ucsi, struct ucsi_connector *con) +{ + enum usb_role u_role = USB_ROLE_NONE; + int ret; + + /* Get the status */ + ret = ucsi_get_connector_status(con, false); + if (ret) { + dev_err(ucsi->dev, "con%d: failed to get status\n", con->num); + return; + } + + if (ucsi->ops->connector_status) + ucsi->ops->connector_status(con); + + switch (UCSI_CONSTAT(con, PARTNER_TYPE)) { + case UCSI_CONSTAT_PARTNER_TYPE_UFP: + case UCSI_CONSTAT_PARTNER_TYPE_CABLE_AND_UFP: + u_role = USB_ROLE_HOST; + fallthrough; + case UCSI_CONSTAT_PARTNER_TYPE_CABLE: + typec_set_data_role(con->port, TYPEC_HOST); + break; + case UCSI_CONSTAT_PARTNER_TYPE_DFP: + u_role = USB_ROLE_DEVICE; + typec_set_data_role(con->port, TYPEC_DEVICE); + break; + default: + break; + } + + /* Check if there is already something connected */ + if (UCSI_CONSTAT(con, CONNECTED)) { + typec_set_pwr_role(con->port, UCSI_CONSTAT(con, PWR_DIR)); + ucsi_register_partner(con); + ucsi_pwr_opmode_change(con); + ucsi_port_psy_changed(con); + if (con->ucsi->cap.features & UCSI_CAP_GET_PD_MESSAGE) + ucsi_get_partner_identity(con); + if (con->ucsi->cap.features & UCSI_CAP_CABLE_DETAILS) + ucsi_check_cable(con); + } + + /* Only notify USB controller if partner supports USB data */ + if (!(UCSI_CONSTAT(con, PARTNER_FLAG_USB))) + u_role = USB_ROLE_NONE; + + ret = usb_role_switch_set_role(con->usb_role_sw, u_role); + if (ret) + dev_err(ucsi->dev, "con:%d: failed to set usb role:%d\n", + con->num, u_role); + + if (con->partner && UCSI_CONSTAT(con, PWR_OPMODE) == UCSI_CONSTAT_PWR_OPMODE_PD) { + ucsi_register_device_pdos(con); + ucsi_get_src_pdos(con); + ucsi_check_altmodes(con); + ucsi_check_connector_capability(con); + } +} + static int ucsi_register_port(struct ucsi *ucsi, struct ucsi_connector *con) { struct typec_capability *cap = &con->typec_cap; enum typec_accessory *accessory = cap->accessory; - enum usb_role u_role = USB_ROLE_NONE; u64 command; char *name; int ret; @@ -1659,62 +1718,6 @@ static int ucsi_register_port(struct ucsi *ucsi, struct ucsi_connector *con) goto out; } - /* Get the status */ - ret = ucsi_get_connector_status(con, false); - if (ret) { - dev_err(ucsi->dev, "con%d: failed to get status\n", con->num); - goto out; - } - - if (ucsi->ops->connector_status) - ucsi->ops->connector_status(con); - - switch (UCSI_CONSTAT(con, PARTNER_TYPE)) { - case UCSI_CONSTAT_PARTNER_TYPE_UFP: - case UCSI_CONSTAT_PARTNER_TYPE_CABLE_AND_UFP: - u_role = USB_ROLE_HOST; - fallthrough; - case UCSI_CONSTAT_PARTNER_TYPE_CABLE: - typec_set_data_role(con->port, TYPEC_HOST); - break; - case UCSI_CONSTAT_PARTNER_TYPE_DFP: - u_role = USB_ROLE_DEVICE; - typec_set_data_role(con->port, TYPEC_DEVICE); - break; - default: - break; - } - - /* Check if there is already something connected */ - if (UCSI_CONSTAT(con, CONNECTED)) { - typec_set_pwr_role(con->port, UCSI_CONSTAT(con, PWR_DIR)); - ucsi_register_partner(con); - ucsi_pwr_opmode_change(con); - ucsi_port_psy_changed(con); - if (con->ucsi->cap.features & UCSI_CAP_GET_PD_MESSAGE) - ucsi_get_partner_identity(con); - if (con->ucsi->cap.features & UCSI_CAP_CABLE_DETAILS) - ucsi_check_cable(con); - } - - /* Only notify USB controller if partner supports USB data */ - if (!(UCSI_CONSTAT(con, PARTNER_FLAG_USB))) - u_role = USB_ROLE_NONE; - - ret = usb_role_switch_set_role(con->usb_role_sw, u_role); - if (ret) { - dev_err(ucsi->dev, "con:%d: failed to set usb role:%d\n", - con->num, u_role); - ret = 0; - } - - if (con->partner && UCSI_CONSTAT(con, PWR_OPMODE) == UCSI_CONSTAT_PWR_OPMODE_PD) { - ucsi_register_device_pdos(con); - ucsi_get_src_pdos(con); - ucsi_check_altmodes(con); - ucsi_check_connector_capability(con); - } - trace_ucsi_register_port(con->num, con); out: @@ -1823,16 +1826,28 @@ static int ucsi_init(struct ucsi *ucsi) goto err_unregister; } + /* Delay other interactions with each connector until ucsi_init_port is done */ + for (i = 0; i < ucsi->cap.num_connectors; i++) + mutex_lock(&connector[i].lock); + /* Enable all supported notifications */ ntfy = ucsi_get_supported_notifications(ucsi); command = UCSI_SET_NOTIFICATION_ENABLE | ntfy; ret = ucsi_send_command(ucsi, command, NULL, 0); - if (ret < 0) + if (ret < 0) { + for (i = 0; i < ucsi->cap.num_connectors; i++) + mutex_unlock(&connector[i].lock); goto err_unregister; + } ucsi->connector = connector; ucsi->ntfy = ntfy; + for (i = 0; i < ucsi->cap.num_connectors; i++) { + ucsi_init_port(ucsi, &connector[i]); + mutex_unlock(&connector[i].lock); + } + mutex_lock(&ucsi->ppm_lock); ret = ucsi->ops->read_cci(ucsi, &cci); mutex_unlock(&ucsi->ppm_lock); --- base-commit: 2061f18ad76ecaddf8ed17df81b8611ea88dbddd change-id: 20251117-ucsi-c2dfe8c006d7 Best regards, -- Hsin-Te Yuan <yuanhsinte(a)chromium.org>

3 days, 16 hours

2
1
0 0

[PATCH] drm/bridge: ti-sn65dsi83: ignore PLL_UNLOCK errors

by Luca Ceresoli

On hardware based on Toradex Verdin AM62 the recovery mechanism added by commit ad5c6ecef27e ("drm: bridge: ti-sn65dsi83: Add error recovery mechanism") has been reported [0] to make the display turn on and off and and the kernel logging "Unexpected link status 0x01". According to the report, the error recovery mechanism is triggered by the PLL_UNLOCK error going active. Analysis suggested the board is unable to provide the correct DSI clock neede by the SN65DSI84, to which the TI SN65DSI84 reacts by raising the PLL_UNLOCK, while the display still works apparently without issues. On other hardware, where all the clocks are within the components specifications, the PLL_UNLOCK bit does not trigger while the display is in normal use. It can trigger for e.g. electromagnetic interference, which is a transient event and exactly the reason why the error recovery mechanism has been implemented. Idelly the PLL_UNLOCK bit could be ignored when working out of specification, but this requires to detect in software whether it triggers because the device is working out of specification but visually correctly for the user or for good reasons (e.g. EMI, or even because working out of specifications but compromising the visual output). The ongoing analysis as of this writing [1][2] has not yet found a way for the driver to discriminate among the two cases. So as a temporary measure mask the PLL_UNLOCK error bit unconditionally. [0] https://lore.kernel.org/r/bhkn6hley4xrol5o3ytn343h4unkwsr26p6s6ltcwexnrsjsd… [1] https://lore.kernel.org/all/b71e941c-fc8a-4ac1-9407-0fe7df73b412@gmail.com/ [2] https://lore.kernel.org/all/20251125103900.31750-1-francesco@dolcini.it/ Closes: https://lore.kernel.org/r/bhkn6hley4xrol5o3ytn343h4unkwsr26p6s6ltcwexnrsjsd… Cc: stable(a)vger.kernel.org # 6.15+ Co-developed-by: Hervé Codina <herve.codina(a)bootlin.com> Signed-off-by: Hervé Codina <herve.codina(a)bootlin.com> Signed-off-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> --- Francesco, Emanuele, João: can you please apply this patch and report whether the display on the affected boards gets back to working as before? Cc: João Paulo Gonçalves <jpaulo.silvagoncalves(a)gmail.com> Cc: Francesco Dolcini <francesco(a)dolcini.it> Cc: Emanuele Ghidoli <ghidoliemanuele(a)gmail.com> --- drivers/gpu/drm/bridge/ti-sn65dsi83.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c index 033c44326552..fffb47b62f43 100644 --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c @@ -429,7 +429,14 @@ static void sn65dsi83_handle_errors(struct sn65dsi83 *ctx) */ ret = regmap_read(ctx->regmap, REG_IRQ_STAT, &irq_stat); - if (ret || irq_stat) { + + /* + * Some hardware (Toradex Verdin AM62) is known to report the + * PLL_UNLOCK error interrupt while working without visible + * problems. In lack of a reliable way to discriminate such cases + * from user-visible PLL_UNLOCK cases, ignore that bit entirely. + */ + if (ret || irq_stat & ~REG_IRQ_STAT_CHA_PLL_UNLOCK) { /* * IRQ acknowledged is not always possible (the bridge can be in * a state where it doesn't answer anymore). To prevent an @@ -654,7 +661,7 @@ static void sn65dsi83_atomic_enable(struct drm_bridge *bridge, if (ctx->irq) { /* Enable irq to detect errors */ regmap_write(ctx->regmap, REG_IRQ_GLOBAL, REG_IRQ_GLOBAL_IRQ_EN); - regmap_write(ctx->regmap, REG_IRQ_EN, 0xff); + regmap_write(ctx->regmap, REG_IRQ_EN, 0xff & ~REG_IRQ_EN_CHA_PLL_UNLOCK_EN); } else { /* Use the polling task */ sn65dsi83_monitor_start(ctx); --- base-commit: c884ee70b15a8d63184d7c1e02eba99676a6fcf7 change-id: 20251126-drm-ti-sn65dsi83-ignore-pll-unlock-4a28aa29eb5c Best regards, -- Luca Ceresoli <luca.ceresoli(a)bootlin.com>

3 days, 18 hours

3
4
0 0

[PATCH v3] gpio: regmap: Fix memleak in gpio_remap_register

by Wentao Guan

We should call gpiochip_remove(chip) to free the resource alloced by gpiochip_add_data(chip, gpio) after the err path. Fixes: 553b75d4bfe9 ("gpio: regmap: Allow to allocate regmap-irq device") Fixes: ae495810cffe ("gpio: regmap: add the .fixed_direction_output configuration parameter") CC: stable(a)vger.kernel.org Co-developed-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> --- changelog in v3: Add dependency fixes tag which suggested by Andy Shevchenko. changelog in v2: 1. format commit message. 2. rebase to mainline now. --- --- drivers/gpio/gpio-regmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-regmap.c b/drivers/gpio/gpio-regmap.c index f4267af00027e..c64805dcb9f88 100644 --- a/drivers/gpio/gpio-regmap.c +++ b/drivers/gpio/gpio-regmap.c @@ -328,7 +328,7 @@ struct gpio_regmap *gpio_regmap_register(const struct gpio_regmap_config *config config->regmap_irq_line, config->regmap_irq_flags, 0, config->regmap_irq_chip, &gpio->irq_chip_data); if (ret) - goto err_free_bitmap; + goto err_remove_gpiochip; irq_domain = regmap_irq_get_domain(gpio->irq_chip_data); } else -- 2.20.1

3 days, 19 hours

3
2
0 0

[PATCH v3 2/3] kasan: Refactor pcpu kasan vmalloc unpoison

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Refactor code by reusing __kasan_unpoison_vmalloc in a new helper in preparation for the actual fix. Changelog v1 (after splitting of from the KASAN series): - Rewrite first paragraph of the patch message to point at the user impact of the issue. - Move helper to common.c so it can be compiled in all KASAN modes. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> --- Changelog v3: - Redo the patch after applying Andrey's comments to align the code more with what's already in include/linux/kasan.h Changelog v2: - Redo the whole patch so it's an actual refactor. include/linux/kasan.h | 15 +++++++++++++++ mm/kasan/common.c | 17 +++++++++++++++++ mm/vmalloc.c | 4 +--- 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 6d7972bb390c..cde493cb7702 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -615,6 +615,16 @@ static __always_inline void kasan_poison_vmalloc(const void *start, __kasan_poison_vmalloc(start, size); } +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags); +static __always_inline void +kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ + if (kasan_enabled()) + __kasan_unpoison_vmap_areas(vms, nr_vms, flags); +} + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -639,6 +649,11 @@ static inline void *kasan_unpoison_vmalloc(const void *start, static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } +static __always_inline void +kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ diff --git a/mm/kasan/common.c b/mm/kasan/common.c index d4c14359feaf..1ed6289d471a 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -28,6 +28,7 @@ #include <linux/string.h> #include <linux/types.h> #include <linux/bug.h> +#include <linux/vmalloc.h> #include "kasan.h" #include "../slab.h" @@ -582,3 +583,19 @@ bool __kasan_check_byte(const void *address, unsigned long ip) } return true; } + +#ifdef CONFIG_KASAN_VMALLOC +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ + unsigned long size; + void *addr; + int area; + + for (area = 0 ; area < nr_vms ; area++) { + size = vms[area]->size; + addr = vms[area]->addr; + vms[area]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + } +} +#endif diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 22a73a087135..33e705ccafba 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4872,9 +4872,7 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, * With hardware tag-based KASAN, marking is skipped for * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). */ - for (area = 0; area < nr_vms; area++) - vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, - vms[area]->size, KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vmap_areas(vms, nr_vms, KASAN_VMALLOC_PROT_NORMAL); kfree(vas); return vms; -- 2.52.0

3 days, 19 hours

3
2
0 0

6.17.9 / 6.18 AMDGPU DMCUB Error

by Neil Gammie

Hello all, please forgive me if this issue is already known, but I couldn't find any reference to it with regard to the 6.17.9 kernel. Anyway, when updating from 6.17.8 to 6.17.9, the following error is raised on every boot: Dec 04 14:44:20 P14s kernel: amdgpu: Topology: Add dGPU node [0x1638:0x1002] Dec 04 14:44:20 P14s kernel: kfd kfd: amdgpu: added device 1002:1638 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: SE 1, SH per SE 1, CU per SH 8, active_cu_number 8 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring gfx uses VM inv eng 0 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.0.0 uses VM inv eng 1 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.1.0 uses VM inv eng 4 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.2.0 uses VM inv eng 5 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.3.0 uses VM inv eng 6 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.0.1 uses VM inv eng 7 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.1.1 uses VM inv eng 8 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.2.1 uses VM inv eng 9 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring comp_1.3.1 uses VM inv eng 10 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring kiq_0.2.1.0 uses VM inv eng 11 on hub 0 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring sdma0 uses VM inv eng 0 on hub 8 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring vcn_dec uses VM inv eng 1 on hub 8 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring vcn_enc0 uses VM inv eng 4 on hub 8 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring vcn_enc1 uses VM inv eng 5 on hub 8 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: ring jpeg_dec uses VM inv eng 6 on hub 8 Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: Runtime PM not available Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: amdgpu: [drm] Using custom brightness curve Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: [drm] Registered 4 planes with drm panic Dec 04 14:44:20 P14s kernel: [drm] Initialized amdgpu 3.64.0 for 0000:07:00.0 on minor 1 Dec 04 14:44:20 P14s kernel: fbcon: amdgpudrmfb (fb0) is primary device Dec 04 14:44:20 P14s kernel: amdgpu 0000:07:00.0: [drm] *ERROR* dc_dmub_srv_log_diagnostic_data: DMCUB error - collecting diagnostic data Dec 04 14:44:21 P14s kernel: amdgpu 0000:07:00.0: [drm] fb0: amdgpudrmfb frame buffer device Setup is as follows: Hardware: ThinkPad P14s Gen 2 AMD Processor: AMD Ryzen™ 7 PRO 5850U OS: Arch Linux AMD Firmware: linux-firmware-amdgpu 20251125 Running a bisection gives the following: git bisect start # status: waiting for both good and bad commits # good: [8ac42a63c561a8b4cccfe84ed8b97bb057e6ffae] Linux 6.17.8 git bisect good 8ac42a63c561a8b4cccfe84ed8b97bb057e6ffae # status: waiting for bad commit, 1 good commit known # bad: [1bfd0faa78d09eb41b81b002e0292db0f3e75de0] Linux 6.17.9 git bisect bad 1bfd0faa78d09eb41b81b002e0292db0f3e75de0 # bad: [92ef36a75fbb56a02a16b141fe684f64fb2b1cb9] lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN git bisect bad 92ef36a75fbb56a02a16b141fe684f64fb2b1cb9 # bad: [aaba523dd7b6106526c24b1fd9b5fc35e5aaa88d] sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto git bisect bad aaba523dd7b6106526c24b1fd9b5fc35e5aaa88d # bad: [b3b288206a1ea7e21472f8d1c7834ebface9bb33] drm/amdkfd: fix suspend/resume all calls in mes based eviction path git bisect bad b3b288206a1ea7e21472f8d1c7834ebface9bb33 # good: [ac486718d6cc96e07bc67094221e682ba5ea6f76] drm/amd/pm: Use pm_display_cfg in legacy DPM (v2) git bisect good ac486718d6cc96e07bc67094221e682ba5ea6f76 # bad: [1009f007b3afba93082599e263b3807d05177d53] RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors git bisect bad 1009f007b3afba93082599e263b3807d05177d53 # bad: [ccd8af579101ca68f1fba8c9e055554202381cab] drm/amd: Disable ASPM on SI git bisect bad ccd8af579101ca68f1fba8c9e055554202381cab # bad: [e95425b6df29cc88fac7d0d77aa38a5a131dbf45] drm/amd/pm: Disable MCLK switching on SI at high pixel clocks git bisect bad e95425b6df29cc88fac7d0d77aa38a5a131dbf45 # bad: [5ee434b55134c24df7ad426d40fe28c6542fab4d] drm/amd/display: Disable fastboot on DCE 6 too git bisect bad 5ee434b55134c24df7ad426d40fe28c6542fab4d # first bad commit: [5ee434b55134c24df7ad426d40fe28c6542fab4d] drm/amd/display: Disable fastboot on DCE 6 too The error still occurs in 6.18, but reverting the above bad commit removes it. Although an error is reported, the system still boots to the graphical interface and appears to function normally, although I have neither benchmarked graphics performance or used the system for an extended period after the error has been flagged. Yours faithfully, Neil Gammie

3 days, 19 hours

1
0
0 0

[PATCH 6.1.y] ksmbd: fix out-of-bounds in parse_sec_desc()

by Rajani Kantha

From: Namjae Jeon <linkinjeon(a)kernel.org> commit d6e13e19063db24f94b690159d0633aaf72a0f03 upstream. If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd struct size. If it is smaller, It could cause slab-out-of-bounds. And when validating sid, It need to check it included subauth array size. Cc: stable(a)vger.kernel.org Reported-by: Norbert Szetei <norbert(a)doyensec.com> Tested-by: Norbert Szetei <norbert(a)doyensec.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Rajani Kantha <681739313(a)139.com> --- fs/smb/server/smbacl.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/fs/smb/server/smbacl.c b/fs/smb/server/smbacl.c index 90c5e3edbf46..5c05f0e8b6ea 100644 --- a/fs/smb/server/smbacl.c +++ b/fs/smb/server/smbacl.c @@ -815,6 +815,13 @@ static int parse_sid(struct smb_sid *psid, char *end_of_acl) return -EINVAL; } + if (!psid->num_subauth) + return 0; + + if (psid->num_subauth > SID_MAX_SUB_AUTHORITIES || + end_of_acl < (char *)psid + 8 + sizeof(__le32) * psid->num_subauth) + return -EINVAL; + return 0; } @@ -856,6 +863,9 @@ int parse_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd, pntsd->type = cpu_to_le16(DACL_PRESENT); if (pntsd->osidoffset) { + if (le32_to_cpu(pntsd->osidoffset) < sizeof(struct smb_ntsd)) + return -EINVAL; + rc = parse_sid(owner_sid_ptr, end_of_acl); if (rc) { pr_err("%s: Error %d parsing Owner SID\n", __func__, rc); @@ -871,6 +881,9 @@ int parse_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd, } if (pntsd->gsidoffset) { + if (le32_to_cpu(pntsd->gsidoffset) < sizeof(struct smb_ntsd)) + return -EINVAL; + rc = parse_sid(group_sid_ptr, end_of_acl); if (rc) { pr_err("%s: Error %d mapping Owner SID to gid\n", @@ -892,6 +905,9 @@ int parse_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd, pntsd->type |= cpu_to_le16(DACL_PROTECTED); if (dacloffset) { + if (dacloffset < sizeof(struct smb_ntsd)) + return -EINVAL; + parse_dacl(user_ns, dacl_ptr, end_of_acl, owner_sid_ptr, group_sid_ptr, fattr); } -- 2.17.1

3 days, 20 hours

1
0
0 0

[PATCH 6.1] net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()

by Chen Yu

From: Vladimir Oltean <vladimir.oltean(a)nxp.com> [ Upstream commit 5f2b28b79d2d1946ee36ad8b3dc0066f73c90481 ] There are actually 2 problems: - deleting the last element doesn't require the memmove of elements [i + 1, end) over it. Actually, element i+1 is out of bounds. - The memmove itself should move size - i - 1 elements, because the last element is out of bounds. The out-of-bounds element still remains out of bounds after being accessed, so the problem is only that we touch it, not that it becomes in active use. But I suppose it can lead to issues if the out-of-bounds element is part of an unmapped page. Fixes: 6666cebc5e30 ("net: dsa: sja1105: Add support for VLAN operations") Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20250318115716.2124395-4-vladimir.oltean@nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Chen Yu <xnguchen(a)sina.cn> --- drivers/net/dsa/sja1105/sja1105_static_config.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/sja1105/sja1105_static_config.c b/drivers/net/dsa/sja1105/sja1105_static_config.c index baba204ad62f..2ac91fe2a79b 100644 --- a/drivers/net/dsa/sja1105/sja1105_static_config.c +++ b/drivers/net/dsa/sja1105/sja1105_static_config.c @@ -1921,8 +1921,10 @@ int sja1105_table_delete_entry(struct sja1105_table *table, int i) if (i > table->entry_count) return -ERANGE; - memmove(entries + i * entry_size, entries + (i + 1) * entry_size, - (table->entry_count - i) * entry_size); + if (i + 1 < table->entry_count) { + memmove(entries + i * entry_size, entries + (i + 1) * entry_size, + (table->entry_count - i - 1) * entry_size); + } table->entry_count--; -- 2.17.1

3 days, 21 hours

1
0
0 0

[PATCH v2 1/3] dm-pcache: advance slot index before writing slot

by Dongsheng Yang

In dm-pcache, in order to ensure crash-consistency, a dual-copy scheme is used to alternately update metadata, and there is a slot index that records the current slot. However, in the write path the current implementation writes directly to the current slot indexed by slot index, and then advances the slot — which ends up overwriting the existing slot, violating the crash-consistency guarantee. This patch fixes that behavior, preventing metadata from being overwritten incorrectly. In addition, this patch add a missing pmem_wmb() after memcpy_flushcache(). Signed-off-by: Dongsheng Yang <dongsheng.yang(a)linux.dev> Reviewed-by: Zheng Gu <cengku(a)gmail.com> Cc: stable(a)vger.kernel.org # 6.18 --- drivers/md/dm-pcache/cache.c | 8 ++++---- drivers/md/dm-pcache/cache_segment.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/md/dm-pcache/cache.c b/drivers/md/dm-pcache/cache.c index 698697a7a73c..d4385d76ac36 100644 --- a/drivers/md/dm-pcache/cache.c +++ b/drivers/md/dm-pcache/cache.c @@ -21,10 +21,10 @@ static void cache_info_write(struct pcache_cache *cache) cache_info->header.crc = pcache_meta_crc(&cache_info->header, sizeof(struct pcache_cache_info)); + cache->info_index = (cache->info_index + 1) % PCACHE_META_INDEX_MAX; memcpy_flushcache(get_cache_info_addr(cache), cache_info, sizeof(struct pcache_cache_info)); - - cache->info_index = (cache->info_index + 1) % PCACHE_META_INDEX_MAX; + pmem_wmb(); } static void cache_info_init_default(struct pcache_cache *cache); @@ -93,10 +93,10 @@ void cache_pos_encode(struct pcache_cache *cache, pos_onmedia.header.seq = seq; pos_onmedia.header.crc = cache_pos_onmedia_crc(&pos_onmedia); + *index = (*index + 1) % PCACHE_META_INDEX_MAX; + memcpy_flushcache(pos_onmedia_addr, &pos_onmedia, sizeof(struct pcache_cache_pos_onmedia)); pmem_wmb(); - - *index = (*index + 1) % PCACHE_META_INDEX_MAX; } int cache_pos_decode(struct pcache_cache *cache, diff --git a/drivers/md/dm-pcache/cache_segment.c b/drivers/md/dm-pcache/cache_segment.c index f0b58980806e..ae57cc261422 100644 --- a/drivers/md/dm-pcache/cache_segment.c +++ b/drivers/md/dm-pcache/cache_segment.c @@ -26,11 +26,11 @@ static void cache_seg_info_write(struct pcache_cache_segment *cache_seg) seg_info->header.seq++; seg_info->header.crc = pcache_meta_crc(&seg_info->header, sizeof(struct pcache_segment_info)); + cache_seg->info_index = (cache_seg->info_index + 1) % PCACHE_META_INDEX_MAX; + seg_info_addr = get_seg_info_addr(cache_seg); memcpy_flushcache(seg_info_addr, seg_info, sizeof(struct pcache_segment_info)); pmem_wmb(); - - cache_seg->info_index = (cache_seg->info_index + 1) % PCACHE_META_INDEX_MAX; mutex_unlock(&cache_seg->info_lock); } @@ -129,10 +129,10 @@ static void cache_seg_ctrl_write(struct pcache_cache_segment *cache_seg) cache_seg_gen.header.crc = pcache_meta_crc(&cache_seg_gen.header, sizeof(struct pcache_cache_seg_gen)); + cache_seg->gen_index = (cache_seg->gen_index + 1) % PCACHE_META_INDEX_MAX; + memcpy_flushcache(get_cache_seg_gen_addr(cache_seg), &cache_seg_gen, sizeof(struct pcache_cache_seg_gen)); pmem_wmb(); - - cache_seg->gen_index = (cache_seg->gen_index + 1) % PCACHE_META_INDEX_MAX; } static void cache_seg_ctrl_init(struct pcache_cache_segment *cache_seg) -- 2.43.0

3 days, 21 hours

1
2
0 0

[PATCH AUTOSEL 6.18-6.17] crypto: ccp - Add support for PCI device 0x115A

by Sasha Levin

From: "Mario Limonciello (AMD)" <superm1(a)kernel.org> [ Upstream commit 9fc6290117259a8dbf8247cb54559df62fd1550f ] PCI device 0x115A is similar to pspv5, except it doesn't have platform access mailbox support. Signed-off-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Acked-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## Comprehensive Analysis ### 1. COMMIT MESSAGE ANALYSIS **Subject:** `crypto: ccp - Add support for PCI device 0x115A` **Key Information:** - PCI device 0x115A is a new AMD security processor variant - The commit message states it's "similar to pspv5, except it doesn't have platform access mailbox support" - Signed off by Mario Limonciello (AMD engineer) and Tom Lendacky (AMD) - Merged by Herbert Xu (crypto maintainer) **Tags Present:** - `Signed-off-by`: 3 (proper sign-off chain) - `Acked-by`: Tom Lendacky (driver maintainer acknowledgment) - **NO** `Cc: stable(a)vger.kernel.org` tag - **NO** `Fixes:` tag (this is expected - it's not fixing a bug, it's enabling hardware) ### 2. CODE CHANGE ANALYSIS The commit adds: **A) New `pspv7` structure (~10 lines):** ```c static const struct psp_vdata pspv7 = { .tee = &teev2, .cmdresp_reg = 0x10944, .cmdbuff_addr_lo_reg = 0x10948, .cmdbuff_addr_hi_reg = 0x1094c, .bootloader_info_reg = 0x109ec, .feature_reg = 0x109fc, .inten_reg = 0x10510, .intsts_reg = 0x10514, }; ``` This is **identical to pspv5** except it omits the `.platform_access = &pa_v2` field. This is the explicit difference mentioned in the commit message. **B) New `dev_vdata[9]` entry (~6 lines):** ```c { /* 9 */ .bar = 2, #ifdef CONFIG_CRYPTO_DEV_SP_PSP .psp_vdata = &pspv7, #endif }, ``` **C) New PCI device ID entry (1 line):** ```c { PCI_VDEVICE(AMD, 0x115A), (kernel_ulong_t)&dev_vdata[9] }, ``` ### 3. CLASSIFICATION **This is a NEW DEVICE ID addition** - one of the explicitly allowed exceptions for stable kernel backports. The commit: - Does NOT add new features or APIs - Does NOT change existing behavior - Only enables existing PSP driver functionality on new hardware - Uses established patterns already in the driver ### 4. SCOPE AND RISK ASSESSMENT **Change size:** ~17 lines total - Small, contained data-only change - No logic changes whatsoever - Follows identical patterns used by existing pspv1-pspv6 structures **Risk assessment: VERY LOW** - The driver already handles NULL `platform_access` - verified in `psp- dev.c`: ```c if (psp->vdata->platform_access) { ret = platform_access_dev_init(psp); ... } ``` - Several existing structures (pspv1, pspv4, pspv6) already omit `platform_access` - The `teev2` structure referenced already exists since v6.5 - All register offsets are identical to pspv5 ### 5. USER IMPACT **Who is affected:** - Users with AMD PCI device 0x115A (new AMD security processor variant) - Without this patch, this hardware is completely non-functional **Severity:** HIGH for affected users - enables critical security hardware (TPM-like functionality) ### 6. STABILITY INDICATORS **Positive signals:** - Acked by Tom Lendacky (the original driver author and AMD maintainer) - Follows exact same pattern as 10+ previous device ID additions in this driver - Same author (Mario Limonciello) has successfully added similar devices before (0x17E0, 0x156E, etc.) ### 7. DEPENDENCY CHECK **Required in stable tree:** - `teev2` structure - added in v6.5 (commit 4aa0931be8f0a) - Verified present in v6.6 and later **Recent related commits:** - 52e8ae868a824: "Add missing bootloader info reg for pspv5" (May 2025) - 72942d6538564: "Add missing tee info reg for teev2" (May 2025) The pspv7 structure in this commit already includes the `bootloader_info_reg` correctly, so it was created after these fixes. ### 8. COMPARISON WITH SIMILAR COMMITS This commit follows the exact same pattern as: - `bb4185e595e47`: "Add support for PCI device 0x156E" - Added pspv6 + dev_vdata[8] + PCI ID - `4aa0931be8f0a`: "Add support for PCI device 0x17E0" - Added pspv5/teev2 + dev_vdata[7] + PCI ID - `6cb345939b8cc`: "Add support for PCI device 0x1134" - Added PCI ID only - `63935e2ee1f2a`: "Add support for PCI device 0x17D8" - Added PCI ID only These similar device ID additions are routinely considered for stable trees. --- ## Final Assessment **Should this be backported?** **YES**, for the following reasons: 1. **Falls under the NEW DEVICE ID exception** - explicitly allowed per stable kernel rules for enabling real hardware 2. **Trivial, data-only change** - ~17 lines, no logic changes 3. **Uses existing, proven infrastructure** - teev2 exists, NULL platform_access handling exists 4. **Follows established patterns** - identical to 10+ previous similar commits in this driver 5. **Zero risk of regression** - only affects users with the specific 0x115A device 6. **Enables real hardware** - without this, users with this AMD security processor cannot use it at all 7. **Properly reviewed** - Acked by AMD maintainer, merged by crypto subsystem maintainer **Concerns:** - Requires stable tree to have v6.6+ (for teev2 structure) - May need the bootloader_info_reg fixes backported first for consistency (commits 52e8ae868a824 and 72942d6538564) The change is obviously correct, well-tested (used same patterns as existing code), and enables hardware support that users need. This is exactly the type of device ID addition that stable trees accept. **YES** drivers/crypto/ccp/sp-pci.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c index e7bb803912a6d..8891ceee1d7d0 100644 --- a/drivers/crypto/ccp/sp-pci.c +++ b/drivers/crypto/ccp/sp-pci.c @@ -459,6 +459,17 @@ static const struct psp_vdata pspv6 = { .intsts_reg = 0x10514, /* P2CMSG_INTSTS */ }; +static const struct psp_vdata pspv7 = { + .tee = &teev2, + .cmdresp_reg = 0x10944, /* C2PMSG_17 */ + .cmdbuff_addr_lo_reg = 0x10948, /* C2PMSG_18 */ + .cmdbuff_addr_hi_reg = 0x1094c, /* C2PMSG_19 */ + .bootloader_info_reg = 0x109ec, /* C2PMSG_59 */ + .feature_reg = 0x109fc, /* C2PMSG_63 */ + .inten_reg = 0x10510, /* P2CMSG_INTEN */ + .intsts_reg = 0x10514, /* P2CMSG_INTSTS */ +}; + #endif static const struct sp_dev_vdata dev_vdata[] = { @@ -525,6 +536,13 @@ static const struct sp_dev_vdata dev_vdata[] = { .psp_vdata = &pspv6, #endif }, + { /* 9 */ + .bar = 2, +#ifdef CONFIG_CRYPTO_DEV_SP_PSP + .psp_vdata = &pspv7, +#endif + }, + }; static const struct pci_device_id sp_pci_table[] = { { PCI_VDEVICE(AMD, 0x1537), (kernel_ulong_t)&dev_vdata[0] }, @@ -539,6 +557,7 @@ static const struct pci_device_id sp_pci_table[] = { { PCI_VDEVICE(AMD, 0x17E0), (kernel_ulong_t)&dev_vdata[7] }, { PCI_VDEVICE(AMD, 0x156E), (kernel_ulong_t)&dev_vdata[8] }, { PCI_VDEVICE(AMD, 0x17D8), (kernel_ulong_t)&dev_vdata[8] }, + { PCI_VDEVICE(AMD, 0x115A), (kernel_ulong_t)&dev_vdata[9] }, /* Last entry must be zero */ { 0, } }; -- 2.51.0

3 days, 23 hours

1
2
0 0

[PATCH] hwmon: (dell-smm): Fix off-by-one error in dell_smm_is_visible()

by Armin Wolf

The documentation states that on machines supporting only global fan mode control, the pwmX_enable attributes should only be created for the first fan channel (pwm1_enable, aka channel 0). Fix the off-by-one error caused by the fact that fan channels have a zero-based index. Cc: stable(a)vger.kernel.org Fixes: 1c1658058c99 ("hwmon: (dell-smm) Add support for automatic fan mode") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> --- drivers/hwmon/dell-smm-hwmon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c index 683baf361c4c..a34753fc2973 100644 --- a/drivers/hwmon/dell-smm-hwmon.c +++ b/drivers/hwmon/dell-smm-hwmon.c @@ -861,9 +861,9 @@ static umode_t dell_smm_is_visible(const void *drvdata, enum hwmon_sensor_types if (auto_fan) { /* * The setting affects all fans, so only create a - * single attribute. + * single attribute for the first fan channel. */ - if (channel != 1) + if (channel != 0) return 0; /* -- 2.39.5

3 days, 23 hours

2
1
0 0

[PATCH] hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

by Gui-Dong Han

The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors. Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions. Additionally, in store_fan_div, move the calculation of the minimum limit inside the update lock. This ensures that the read-modify-write sequence operates on consistent data. Adhere to the principle of minimal changes by only converting macros that evaluate arguments multiple times and are used in lockless contexts. Link: https://lore.kernel.org/all/CALbr=LYJ_ehtp53HXEVkSpYoub+XYSTU8Rg=o1xxMJ8=5z… Fixes: 9873964d6eb2 ("[PATCH] HWMON: w83791d: New hardware monitoring driver for the Winbond W83791D") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)gmail.com> --- Based on the discussion in the link, I will submit a series of patches to address TOCTOU issues in the hwmon subsystem by converting macros to functions or adjusting locking where appropriate. --- drivers/hwmon/w83791d.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/hwmon/w83791d.c b/drivers/hwmon/w83791d.c index ace854b370a0..996e36951f9d 100644 --- a/drivers/hwmon/w83791d.c +++ b/drivers/hwmon/w83791d.c @@ -218,9 +218,14 @@ static u8 fan_to_reg(long rpm, int div) return clamp_val((1350000 + rpm * div / 2) / (rpm * div), 1, 254); } -#define FAN_FROM_REG(val, div) ((val) == 0 ? -1 : \ - ((val) == 255 ? 0 : \ - 1350000 / ((val) * (div)))) +static int fan_from_reg(int val, int div) +{ + if (val == 0) + return -1; + if (val == 255) + return 0; + return 1350000 / (val * div); +} /* for temp1 which is 8-bit resolution, LSB = 1 degree Celsius */ #define TEMP1_FROM_REG(val) ((val) * 1000) @@ -521,7 +526,7 @@ static ssize_t show_##reg(struct device *dev, struct device_attribute *attr, \ struct w83791d_data *data = w83791d_update_device(dev); \ int nr = sensor_attr->index; \ return sprintf(buf, "%d\n", \ - FAN_FROM_REG(data->reg[nr], DIV_FROM_REG(data->fan_div[nr]))); \ + fan_from_reg(data->reg[nr], DIV_FROM_REG(data->fan_div[nr]))); \ } show_fan_reg(fan); @@ -585,10 +590,10 @@ static ssize_t store_fan_div(struct device *dev, struct device_attribute *attr, if (err) return err; + mutex_lock(&data->update_lock); /* Save fan_min */ - min = FAN_FROM_REG(data->fan_min[nr], DIV_FROM_REG(data->fan_div[nr])); + min = fan_from_reg(data->fan_min[nr], DIV_FROM_REG(data->fan_div[nr])); - mutex_lock(&data->update_lock); data->fan_div[nr] = div_to_reg(nr, val); switch (nr) { -- 2.43.0

3 days, 23 hours

2
1
0 0

[PATCH AUTOSEL 6.18-5.10] ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only

by Sasha Levin

From: Sakari Ailus <sakari.ailus(a)linux.intel.com> [ Upstream commit 5d010473cdeaabf6a2d3a9e2aed2186c1b73c213 ] Calling fwnode_get_next_child_node() in ACPI implementation of the fwnode property API is somewhat problematic as the latter is used in the impelementation of the former. Instead of using fwnode_get_next_child_node() in acpi_graph_get_next_endpoint(), call acpi_get_next_subnode() directly instead. Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Jonathan Cameron <jonathan.cameron(a)huawei.com> Link: https://patch.msgid.link/20251001104320.1272752-3-sakari.ailus@linux.intel.… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## Analysis ### 1. COMMIT MESSAGE ANALYSIS The commit message states: - Problem: `acpi_graph_get_next_endpoint()` calls `fwnode_get_next_child_node()`, which dispatches back to ACPI code, creating unnecessary indirection. - Solution: Call `acpi_get_next_subnode()` directly instead. No "Cc: stable(a)vger.kernel.org" tag, no "Fixes:" tag, no explicit bug report link. The message says "somewhat problematic," indicating an architectural issue rather than a critical bug. ### 2. CODE CHANGE ANALYSIS The diff shows 4 replacements in `acpi_graph_get_next_endpoint()`: - Line 1475: `fwnode_get_next_child_node(fwnode, port)` → `acpi_get_next_subnode(fwnode, port)` - Line 1493: `fwnode_get_next_child_node(port, prev)` → `acpi_get_next_subnode(port, prev)` - Line 1495: `fwnode_get_next_child_node(fwnode, port)` → `acpi_get_next_subnode(fwnode, port)` - Line 1499: `fwnode_get_next_child_node(port, NULL)` → `acpi_get_next_subnode(port, NULL)` Call chain: 1. `fwnode_get_next_child_node()` dispatches via `fwnode_call_ptr_op()` to the fwnode-specific implementation. 2. For ACPI fwnodes, it calls `acpi_get_next_present_subnode()` (registered at line 1747). 3. `acpi_get_next_present_subnode()` filters non-present device nodes and calls `acpi_get_next_subnode()`. Why the change is safe: - Graph endpoints are ACPI data nodes (checked by `is_acpi_graph_node()` at line 1448: `is_acpi_data_node(fwnode)`). - `acpi_get_next_present_subnode()` only filters non-present device nodes (lines 1407-1408), not data nodes. - Therefore, for graph endpoints, `acpi_get_next_subnode()` and `fwnode_get_next_child_node()` behave the same. ### 3. CLASSIFICATION This is a bug fix addressing an architectural issue: - Removes unnecessary indirection in ACPI-specific code. - Avoids a circular dependency pattern (ACPI → generic → ACPI). - Functionally equivalent for graph endpoints. Not a feature addition, not a new API, not a refactor. ### 4. SCOPE AND RISK ASSESSMENT - Scope: 4 lines changed in one function in one file. - Risk: Very low — same behavior for graph endpoints, cleaner architecture. - Complexity: Low — direct function call replacement. ### 5. USER IMPACT - Who is affected: Users of ACPI graph endpoints (e.g., camera/media drivers, device tree-like ACPI usage). - Severity: Low — architectural improvement, not a visible bug fix. - Likelihood: The "somewhat problematic" wording suggests no immediate user-visible issue. ### 6. STABILITY INDICATORS - Reviewed-by: Laurent Pinchart, Jonathan Cameron - Signed-off-by: Rafael J. Wysocki (ACPI maintainer) - No "Tested-by:" tags - Commit date: October 1, 2025 (recent) ### 7. DEPENDENCY CHECK - `acpi_get_next_subnode()` exists in the same file and has been present for years. - No external dependencies introduced. - Should apply cleanly to stable trees that have this code. ### 8. HISTORICAL CONTEXT Related commits: - `79389a83bc388`: Introduced `acpi_graph_get_next_endpoint()` with `fwnode_get_next_child_node()` calls. - `48698e6cf44c3`: Introduced `acpi_get_next_present_subnode()` to filter non-present devices. - `5d010473cdeaa` (this commit): Removes the indirection. The pattern existed since the function was introduced; this commit cleans it up. ### 9. STABLE KERNEL CRITERIA EVALUATION - Obviously correct: Yes — direct call instead of indirection. - Fixes a real bug: Yes — architectural issue that could cause problems. - Important issue: Moderate — architectural improvement, not a critical bug. - Small and contained: Yes — 4 lines, single function. - No new features: Yes — same behavior, cleaner code. - Applies cleanly: Yes — should apply without conflicts. ### 10. RISK VS BENEFIT Benefits: - Removes unnecessary indirection. - Avoids circular dependency pattern. - Improves code clarity. - No functional change for graph endpoints. Risks: - Very low — functionally equivalent change. - No new code paths or logic changes. ### 11. CONCERNS AND CONSIDERATIONS - No "Cc: stable" tag, but that alone doesn't disqualify. - Recent commit (Oct 2025) — hasn't been in mainline long. - No explicit bug report or user complaint mentioned. - Architectural improvement rather than a critical fix. ### CONCLUSION This is a small, correct fix that removes unnecessary indirection in ACPI code. It fixes an architectural issue and is functionally equivalent for graph endpoints. It meets stable kernel criteria: correct, fixes a real issue, small scope, no new features, and should apply cleanly. However, it's an architectural improvement rather than a critical bug fix, and there's no explicit stable tag or user-visible bug report. The "somewhat problematic" wording suggests it may not cause immediate visible problems. Given the conservative nature of stable trees and the lack of evidence of user-visible impact, this is borderline but leans toward acceptable for stable backporting due to its correctness, small scope, and architectural benefit. **YES** drivers/acpi/property.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/property.c b/drivers/acpi/property.c index 43d5e457814e1..76158b1399029 100644 --- a/drivers/acpi/property.c +++ b/drivers/acpi/property.c @@ -1472,7 +1472,7 @@ static struct fwnode_handle *acpi_graph_get_next_endpoint( if (!prev) { do { - port = fwnode_get_next_child_node(fwnode, port); + port = acpi_get_next_subnode(fwnode, port); /* * The names of the port nodes begin with "port@" * followed by the number of the port node and they also @@ -1490,13 +1490,13 @@ static struct fwnode_handle *acpi_graph_get_next_endpoint( if (!port) return NULL; - endpoint = fwnode_get_next_child_node(port, prev); + endpoint = acpi_get_next_subnode(port, prev); while (!endpoint) { - port = fwnode_get_next_child_node(fwnode, port); + port = acpi_get_next_subnode(fwnode, port); if (!port) break; if (is_acpi_graph_node(port, "port")) - endpoint = fwnode_get_next_child_node(port, NULL); + endpoint = acpi_get_next_subnode(port, NULL); } /* -- 2.51.0

3 days, 23 hours

1
6
0 0

[PATCH net] net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write

by Thorsten Blum

The local variable 'val' was never clamped to -75000 or 180000 because the return value of clamp_val() was not used. Fix this by assigning the clamped value back to 'val', and use clamp() instead of clamp_val(). Cc: stable(a)vger.kernel.org Fixes: a557a92e6881 ("net: phy: marvell-88q2xxx: add support for temperature sensor") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- drivers/net/phy/marvell-88q2xxx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/phy/marvell-88q2xxx.c b/drivers/net/phy/marvell-88q2xxx.c index f3d83b04c953..201dee1a1698 100644 --- a/drivers/net/phy/marvell-88q2xxx.c +++ b/drivers/net/phy/marvell-88q2xxx.c @@ -698,7 +698,7 @@ static int mv88q2xxx_hwmon_write(struct device *dev, switch (attr) { case hwmon_temp_max: - clamp_val(val, -75000, 180000); + val = clamp(val, -75000, 180000); val = (val / 1000) + 75; val = FIELD_PREP(MDIO_MMD_PCS_MV_TEMP_SENSOR3_INT_THRESH_MASK, val); -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

4 days

4
3
0 0

[PATCH 1/1] phy: tegra: xusb: Fix UTMI AO sleepwalk trigger programming sequence

by Wayne Chang

From: Haotien Hsu <haotienh(a)nvidia.com> The UTMIP sleepwalk programming sequence requires asserting both LINEVAL_WALK_EN and WAKE_WALK_EN when enabling the sleepwalk logic. However, the current code mistakenly cleared WAKE_WALK_EN, which prevents the sleepwalk trigger from operating correctly. Fix this by asserting WAKE_WALK_EN together with LINEVAL_WALK_EN. Fixes: 1f9cab6cc20c ("phy: tegra: xusb: Add wake/sleepwalk for Tegra186") Cc: stable(a)vger.kernel.org Signed-off-by: Haotien Hsu <haotienh(a)nvidia.com> Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- drivers/phy/tegra/xusb-tegra186.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index e818f6c3980e..b2a76710c0c4 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -401,8 +401,7 @@ static int tegra186_utmi_enable_phy_sleepwalk(struct tegra_xusb_lane *lane, /* enable the trigger of the sleepwalk logic */ value = ao_readl(priv, XUSB_AO_UTMIP_SLEEPWALK_CFG(index)); - value |= LINEVAL_WALK_EN; - value &= ~WAKE_WALK_EN; + value |= LINEVAL_WALK_EN | WAKE_WALK_EN; ao_writel(priv, value, XUSB_AO_UTMIP_SLEEPWALK_CFG(index)); /* reset the walk pointer and clear the alarm of the sleepwalk logic, -- 2.25.1

4 days

2
2
0 0

[PATCH RESEND] drm: mipi-dsi: Fix an API misuse in mipi_dsi_device_register_full()

by Haoxiang Li

mipi_dsi_device_alloc() calls device_initialize() to initialize value "&dsi->dev". Thus "dsi" should be freed using put_device() in error handling path. Fixes: 068a00233969 ("drm: Add MIPI DSI bus support") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> --- drivers/gpu/drm/drm_mipi_dsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_mipi_dsi.c b/drivers/gpu/drm/drm_mipi_dsi.c index a712e177b350..e47950009126 100644 --- a/drivers/gpu/drm/drm_mipi_dsi.c +++ b/drivers/gpu/drm/drm_mipi_dsi.c @@ -233,7 +233,7 @@ mipi_dsi_device_register_full(struct mipi_dsi_host *host, ret = mipi_dsi_device_add(dsi); if (ret) { dev_err(host->dev, "failed to add DSI device %d\n", ret); - kfree(dsi); + put_device(&dsi->dev); return ERR_PTR(ret); } -- 2.25.1

4 days

1
0
0 0

[PATCH 6.6] net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()

by Chen Yu

From: Vladimir Oltean <vladimir.oltean(a)nxp.com> [ Upstream commit 5f2b28b79d2d1946ee36ad8b3dc0066f73c90481 ] There are actually 2 problems: - deleting the last element doesn't require the memmove of elements [i + 1, end) over it. Actually, element i+1 is out of bounds. - The memmove itself should move size - i - 1 elements, because the last element is out of bounds. The out-of-bounds element still remains out of bounds after being accessed, so the problem is only that we touch it, not that it becomes in active use. But I suppose it can lead to issues if the out-of-bounds element is part of an unmapped page. Fixes: 6666cebc5e30 ("net: dsa: sja1105: Add support for VLAN operations") Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/20250318115716.2124395-4-vladimir.oltean@nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Chen Yu <xnguchen(a)sina.cn> --- drivers/net/dsa/sja1105/sja1105_static_config.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/sja1105/sja1105_static_config.c b/drivers/net/dsa/sja1105/sja1105_static_config.c index baba204ad62f..2ac91fe2a79b 100644 --- a/drivers/net/dsa/sja1105/sja1105_static_config.c +++ b/drivers/net/dsa/sja1105/sja1105_static_config.c @@ -1921,8 +1921,10 @@ int sja1105_table_delete_entry(struct sja1105_table *table, int i) if (i > table->entry_count) return -ERANGE; - memmove(entries + i * entry_size, entries + (i + 1) * entry_size, - (table->entry_count - i) * entry_size); + if (i + 1 < table->entry_count) { + memmove(entries + i * entry_size, entries + (i + 1) * entry_size, + (table->entry_count - i - 1) * entry_size); + } table->entry_count--; -- 2.17.1

4 days

1
0
0 0

[GIT PULL] virtio,vhost: fixes, cleanups

by Michael S. Tsirkin

get_user/put_user change didn't spend time in next and seems a bit too risky to rush. I'm keeping it in my tree and we'll get it in the next cycle. The following changes since commit ac3fd01e4c1efce8f2c054cdeb2ddd2fc0fb150d: Linux 6.18-rc7 (2025-11-23 14:53:16 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus for you to fetch changes up to 205dd7a5d6ad6f4c8e8fcd3c3b95a7c0e7067fee: virtio_pci: drop kernel.h (2025-11-30 18:02:43 -0500) ---------------------------------------------------------------- virtio,vhost: fixes, cleanups Just a bunch of fixes and cleanups, mostly very simple. Several features are merged through net-next this time around. Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> ---------------------------------------------------------------- Alok Tiwari (3): virtio_vdpa: fix misleading return in void function vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues vdpa/pds: use %pe for ERR_PTR() in event handler registration Kriish Sharma (1): virtio: fix kernel-doc for mapping/free_coherent functions Marco Crivellari (2): virtio_balloon: add WQ_PERCPU to alloc_workqueue users vduse: add WQ_PERCPU to alloc_workqueue users Miaoqian Lin (1): virtio: vdpa: Fix reference count leak in octep_sriov_enable() Michael S. Tsirkin (11): virtio: fix typo in virtio_device_ready() comment virtio: fix whitespace in virtio_config_ops virtio: fix grammar in virtio_queue_info docs virtio: fix grammar in virtio_map_ops docs virtio: standardize Returns documentation style virtio: fix virtqueue_set_affinity() docs virtio: fix map ops comment virtio: clean up features qword/dword terms vhost/test: add test specific macro for features vhost: switch to arrays of feature bits virtio_pci: drop kernel.h Mike Christie (1): vhost: Fix kthread worker cgroup failure handling drivers/vdpa/mlx5/net/mlx5_vnet.c | 2 +- drivers/vdpa/octeon_ep/octep_vdpa_main.c | 1 + drivers/vdpa/pds/vdpa_dev.c | 2 +- drivers/vdpa/vdpa_user/vduse_dev.c | 3 ++- drivers/vhost/net.c | 29 +++++++++++----------- drivers/vhost/scsi.c | 9 ++++--- drivers/vhost/test.c | 10 ++++++-- drivers/vhost/vhost.c | 4 ++- drivers/vhost/vhost.h | 42 ++++++++++++++++++++++++++------ drivers/vhost/vsock.c | 10 +++++--- drivers/virtio/virtio.c | 12 ++++----- drivers/virtio/virtio_balloon.c | 3 ++- drivers/virtio/virtio_debug.c | 10 ++++---- drivers/virtio/virtio_pci_modern_dev.c | 6 ++--- drivers/virtio/virtio_ring.c | 7 +++--- drivers/virtio/virtio_vdpa.c | 2 +- include/linux/virtio.h | 2 +- include/linux/virtio_config.h | 24 +++++++++--------- include/linux/virtio_features.h | 29 +++++++++++----------- include/linux/virtio_pci_modern.h | 8 +++--- include/uapi/linux/virtio_pci.h | 2 +- 21 files changed, 131 insertions(+), 86 deletions(-)

4 days

2
1
0 0

[PATCH v2 1/9] crypto: virtio: Add spinlock protection with virtqueue notification

by Bibo Mao

When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well. Fixes: fed93fb62e05 ("crypto: virtio - Handle dataq logic with tasklet") Cc: stable(a)vger.kernel.org Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- drivers/crypto/virtio/virtio_crypto_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index 3d241446099c..ccc6b5c1b24b 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -75,15 +75,20 @@ static void virtcrypto_done_task(unsigned long data) struct data_queue *data_vq = (struct data_queue *)data; struct virtqueue *vq = data_vq->vq; struct virtio_crypto_request *vc_req; + unsigned long flags; unsigned int len; + spin_lock_irqsave(&data_vq->lock, flags); do { virtqueue_disable_cb(vq); while ((vc_req = virtqueue_get_buf(vq, &len)) != NULL) { + spin_unlock_irqrestore(&data_vq->lock, flags); if (vc_req->alg_cb) vc_req->alg_cb(vc_req, len); + spin_lock_irqsave(&data_vq->lock, flags); } } while (!virtqueue_enable_cb(vq)); + spin_unlock_irqrestore(&data_vq->lock, flags); } static void virtcrypto_dataq_callback(struct virtqueue *vq) -- 2.39.3

4 days, 1 hour

2
2
0 0

[PATCH v2] usb: dwc3: gadget: Prevent EPs resource conflict during StartTransfer

by Selvarasu Ganesan

The below “No resource for ep” warning appears when a StartTransfer command is issued for bulk or interrupt endpoints in `dwc3_gadget_ep_enable` while a previous StartTransfer on the same endpoint is still in progress. The gadget functions drivers can invoke `usb_ep_enable` (which triggers a new StartTransfer command) before the earlier transfer has completed. Because the previous StartTransfer is still active, `dwc3_gadget_ep_disable` can skip the required `EndTransfer` due to `DWC3_EP_DELAY_STOP`, leading to the endpoint resources are busy for previous StartTransfer and warning ("No resource for ep") from dwc3 driver. To resolve this, a check is added to `dwc3_gadget_ep_enable` that checks the `DWC3_EP_TRANSFER_STARTED` flag before issuing a new StartTransfer. By preventing a second StartTransfer on an already busy endpoint, the resource conflict is eliminated, the warning disappears, and potential kernel panics caused by `panic_on_warn` are avoided. ------------[ cut here ]------------ dwc3 13200000.dwc3: No resource for ep1out WARNING: CPU: 0 PID: 700 at drivers/usb/dwc3/gadget.c:398 dwc3_send_gadget_ep_cmd+0x2f8/0x76c Call trace: dwc3_send_gadget_ep_cmd+0x2f8/0x76c __dwc3_gadget_ep_enable+0x490/0x7c0 dwc3_gadget_ep_enable+0x6c/0xe4 usb_ep_enable+0x5c/0x15c mp_eth_stop+0xd4/0x11c __dev_close_many+0x160/0x1c8 __dev_change_flags+0xfc/0x220 dev_change_flags+0x24/0x70 devinet_ioctl+0x434/0x524 inet_ioctl+0xa8/0x224 sock_do_ioctl+0x74/0x128 sock_ioctl+0x3bc/0x468 __arm64_sys_ioctl+0xa8/0xe4 invoke_syscall+0x58/0x10c el0_svc_common+0xa8/0xdc do_el0_svc+0x1c/0x28 el0_svc+0x38/0x88 el0t_64_sync_handler+0x70/0xbc el0t_64_sync+0x1a8/0x1ac Fixes: a97ea994605e ("usb: dwc3: gadget: offset Start Transfer latency for bulk EPs") Cc: stable(a)vger.kernel.org Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- Changes in v2: - Removed change-id. - Updated commit message. Link to v1: https://lore.kernel.org/linux-usb/20251117152812.622-1-selvarasu.g@samsung.… --- drivers/usb/dwc3/gadget.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 1f67fb6aead5..8d3caa71ea12 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -963,8 +963,9 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, unsigned int action) * Issue StartTransfer here with no-op TRB so we can always rely on No * Response Update Transfer command. */ - if (usb_endpoint_xfer_bulk(desc) || - usb_endpoint_xfer_int(desc)) { + if ((usb_endpoint_xfer_bulk(desc) || + usb_endpoint_xfer_int(desc)) && + !(dep->flags & DWC3_EP_TRANSFER_STARTED)) { struct dwc3_gadget_ep_cmd_params params; struct dwc3_trb *trb; dma_addr_t trb_dma; -- 2.34.1

4 days, 2 hours

3
16
0 0

[PATCH V2] mm/slab: introduce kvfree_rcu_barrier_on_cache() for cache destruction

by Harry Yoo

Currently, kvfree_rcu_barrier() flushes RCU sheaves across all slab caches when a cache is destroyed. This is unnecessary; only the RCU sheaves belonging to the cache being destroyed need to be flushed. As suggested by Vlastimil Babka, introduce a weaker form of kvfree_rcu_barrier() that operates on a specific slab cache. Factor out flush_rcu_sheaves_on_cache() from flush_all_rcu_sheaves() and call it from flush_all_rcu_sheaves() and kvfree_rcu_barrier_on_cache(). Call kvfree_rcu_barrier_on_cache() instead of kvfree_rcu_barrier() on cache destruction. The performance benefit is evaluated on a 12 core 24 threads AMD Ryzen 5900X machine (1 socket), by loading slub_kunit module. Before: Total calls: 19 Average latency (us): 18127 Total time (us): 344414 After: Total calls: 19 Average latency (us): 10066 Total time (us): 191264 Two performance regression have been reported: - stress module loader test's runtime increases by 50-60% (Daniel) - internal graphics test's runtime on Tegra23 increases by 35% (Jon) They are fixed by this change. Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Fixes: ec66e0d59952 ("slab: add sheaf support for batching kfree_rcu() operations") Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/linux-mm/1bda09da-93be-4737-aef0-d47f8c5c9301@suse.… Reported-and-tested-by: Daniel Gomez <da.gomez(a)samsung.com> Closes: https://lore.kernel.org/linux-mm/0406562e-2066-4cf8-9902-b2b0616dd742@kerne… Reported-and-tested-by: Jon Hunter <jonathanh(a)nvidia.com> Closes: https://lore.kernel.org/linux-mm/e988eff6-1287-425e-a06c-805af5bbf262@nvidi… Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- No code change, added proper tags and updated changelog. include/linux/slab.h | 5 ++++ mm/slab.h | 1 + mm/slab_common.c | 52 +++++++++++++++++++++++++++++------------ mm/slub.c | 55 ++++++++++++++++++++++++-------------------- 4 files changed, 73 insertions(+), 40 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index cf443f064a66..937c93d44e8c 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -1149,6 +1149,10 @@ static inline void kvfree_rcu_barrier(void) { rcu_barrier(); } +static inline void kvfree_rcu_barrier_on_cache(struct kmem_cache *s) +{ + rcu_barrier(); +} static inline void kfree_rcu_scheduler_running(void) { } #else @@ -1156,6 +1160,7 @@ void kvfree_rcu_barrier(void); void kfree_rcu_scheduler_running(void); #endif +void kvfree_rcu_barrier_on_cache(struct kmem_cache *s); /** * kmalloc_size_roundup - Report allocation bucket size for the given size diff --git a/mm/slab.h b/mm/slab.h index f730e012553c..e767aa7e91b0 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -422,6 +422,7 @@ static inline bool is_kmalloc_normal(struct kmem_cache *s) bool __kfree_rcu_sheaf(struct kmem_cache *s, void *obj); void flush_all_rcu_sheaves(void); +void flush_rcu_sheaves_on_cache(struct kmem_cache *s); #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | \ SLAB_CACHE_DMA32 | SLAB_PANIC | \ diff --git a/mm/slab_common.c b/mm/slab_common.c index 84dfff4f7b1f..dd8a49d6f9cc 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -492,7 +492,7 @@ void kmem_cache_destroy(struct kmem_cache *s) return; /* in-flight kfree_rcu()'s may include objects from our cache */ - kvfree_rcu_barrier(); + kvfree_rcu_barrier_on_cache(s); if (IS_ENABLED(CONFIG_SLUB_RCU_DEBUG) && (s->flags & SLAB_TYPESAFE_BY_RCU)) { @@ -2038,25 +2038,13 @@ void kvfree_call_rcu(struct rcu_head *head, void *ptr) } EXPORT_SYMBOL_GPL(kvfree_call_rcu); -/** - * kvfree_rcu_barrier - Wait until all in-flight kvfree_rcu() complete. - * - * Note that a single argument of kvfree_rcu() call has a slow path that - * triggers synchronize_rcu() following by freeing a pointer. It is done - * before the return from the function. Therefore for any single-argument - * call that will result in a kfree() to a cache that is to be destroyed - * during module exit, it is developer's responsibility to ensure that all - * such calls have returned before the call to kmem_cache_destroy(). - */ -void kvfree_rcu_barrier(void) +static inline void __kvfree_rcu_barrier(void) { struct kfree_rcu_cpu_work *krwp; struct kfree_rcu_cpu *krcp; bool queued; int i, cpu; - flush_all_rcu_sheaves(); - /* * Firstly we detach objects and queue them over an RCU-batch * for all CPUs. Finally queued works are flushed for each CPU. @@ -2118,8 +2106,43 @@ void kvfree_rcu_barrier(void) } } } + +/** + * kvfree_rcu_barrier - Wait until all in-flight kvfree_rcu() complete. + * + * Note that a single argument of kvfree_rcu() call has a slow path that + * triggers synchronize_rcu() following by freeing a pointer. It is done + * before the return from the function. Therefore for any single-argument + * call that will result in a kfree() to a cache that is to be destroyed + * during module exit, it is developer's responsibility to ensure that all + * such calls have returned before the call to kmem_cache_destroy(). + */ +void kvfree_rcu_barrier(void) +{ + flush_all_rcu_sheaves(); + __kvfree_rcu_barrier(); +} EXPORT_SYMBOL_GPL(kvfree_rcu_barrier); +/** + * kvfree_rcu_barrier_on_cache - Wait for in-flight kvfree_rcu() calls on a + * specific slab cache. + * @s: slab cache to wait for + * + * See the description of kvfree_rcu_barrier() for details. + */ +void kvfree_rcu_barrier_on_cache(struct kmem_cache *s) +{ + if (s->cpu_sheaves) + flush_rcu_sheaves_on_cache(s); + /* + * TODO: Introduce a version of __kvfree_rcu_barrier() that works + * on a specific slab cache. + */ + __kvfree_rcu_barrier(); +} +EXPORT_SYMBOL_GPL(kvfree_rcu_barrier_on_cache); + static unsigned long kfree_rcu_shrink_count(struct shrinker *shrink, struct shrink_control *sc) { @@ -2215,4 +2238,3 @@ void __init kvfree_rcu_init(void) } #endif /* CONFIG_KVFREE_RCU_BATCHED */ - diff --git a/mm/slub.c b/mm/slub.c index 785e25a14999..7cec2220712b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -4118,42 +4118,47 @@ static void flush_rcu_sheaf(struct work_struct *w) /* needed for kvfree_rcu_barrier() */ -void flush_all_rcu_sheaves(void) +void flush_rcu_sheaves_on_cache(struct kmem_cache *s) { struct slub_flush_work *sfw; - struct kmem_cache *s; unsigned int cpu; - cpus_read_lock(); - mutex_lock(&slab_mutex); + mutex_lock(&flush_lock); - list_for_each_entry(s, &slab_caches, list) { - if (!s->cpu_sheaves) - continue; + for_each_online_cpu(cpu) { + sfw = &per_cpu(slub_flush, cpu); - mutex_lock(&flush_lock); + /* + * we don't check if rcu_free sheaf exists - racing + * __kfree_rcu_sheaf() might have just removed it. + * by executing flush_rcu_sheaf() on the cpu we make + * sure the __kfree_rcu_sheaf() finished its call_rcu() + */ - for_each_online_cpu(cpu) { - sfw = &per_cpu(slub_flush, cpu); + INIT_WORK(&sfw->work, flush_rcu_sheaf); + sfw->s = s; + queue_work_on(cpu, flushwq, &sfw->work); + } - /* - * we don't check if rcu_free sheaf exists - racing - * __kfree_rcu_sheaf() might have just removed it. - * by executing flush_rcu_sheaf() on the cpu we make - * sure the __kfree_rcu_sheaf() finished its call_rcu() - */ + for_each_online_cpu(cpu) { + sfw = &per_cpu(slub_flush, cpu); + flush_work(&sfw->work); + } - INIT_WORK(&sfw->work, flush_rcu_sheaf); - sfw->s = s; - queue_work_on(cpu, flushwq, &sfw->work); - } + mutex_unlock(&flush_lock); +} - for_each_online_cpu(cpu) { - sfw = &per_cpu(slub_flush, cpu); - flush_work(&sfw->work); - } +void flush_all_rcu_sheaves(void) +{ + struct kmem_cache *s; + + cpus_read_lock(); + mutex_lock(&slab_mutex); - mutex_unlock(&flush_lock); + list_for_each_entry(s, &slab_caches, list) { + if (!s->cpu_sheaves) + continue; + flush_rcu_sheaves_on_cache(s); } mutex_unlock(&slab_mutex); -- 2.43.0

4 days, 2 hours

3
5
0 0

Re: [6.19 PATCH] nfs/localio: fix regression due to out-of-order __put_cred [was: Re: linux-next: manual merge of the nfs tree with Linus' tree]

by kernel test robot

Hi, Thanks for your patch. FYI: kernel test robot notices the stable kernel rule is not satisfied. The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opt… Rule: add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area to have the patch automatically included in the stable tree. Subject: [6.19 PATCH] nfs/localio: fix regression due to out-of-order __put_cred [was: Re: linux-next: manual merge of the nfs tree with Linus' tree] Link: https://lore.kernel.org/stable/aTIwhhOF847CcQGl%40kernel.org -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

4 days, 2 hours

1
0
0 0

[PATCH AUTOSEL 6.18-5.10] x86/ptrace: Always inline trivial accessors

by Sasha Levin

From: Peter Zijlstra <peterz(a)infradead.org> [ Upstream commit 1fe4002cf7f23d70c79bda429ca2a9423ebcfdfa ] A KASAN build bloats these single load/store helpers such that it fails to inline them: vmlinux.o: error: objtool: irqentry_exit+0x5e8: call to instruction_pointer_set() with UACCESS enabled Make sure the compiler isn't allowed to do stupid. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://patch.msgid.link/20251031105435.GU4068168@noisy.programming.kicks-a… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## Comprehensive Analysis: x86/ptrace: Always inline trivial accessors ### 1. COMMIT MESSAGE ANALYSIS **Subject:** `x86/ptrace: Always inline trivial accessors` **Key points from the commit message:** - A **KASAN build** bloats these single load/store helpers such that they fail to inline - The result is an **objtool ERROR**: `vmlinux.o: error: objtool: irqentry_exit+0x5e8: call to instruction_pointer_set() with UACCESS enabled` - The commit ensures "the compiler isn't allowed to do stupid" **Author:** Peter Zijlstra (Intel) - a highly respected kernel developer and maintainer **Committer:** Ingo Molnar - x86 subsystem maintainer **Missing tags:** - No `Cc: stable(a)vger.kernel.org` tag - No `Fixes:` tag ### 2. CODE CHANGE ANALYSIS The diff changes 8 trivial accessor functions from `static inline` to `static __always_inline`: | Function | Purpose | Complexity | |----------|---------|------------| | `regs_return_value()` | Returns `regs->ax` | 1 line | | `regs_set_return_value()` | Sets `regs->ax = rc` | 1 line | | `kernel_stack_pointer()` | Returns `regs->sp` | 1 line | | `instruction_pointer()` | Returns `regs->ip` | 1 line | | `instruction_pointer_set()` | Sets `regs->ip = val` | 1 line | | `frame_pointer()` | Returns `regs->bp` | 1 line | | `user_stack_pointer()` | Returns `regs->sp` | 1 line | | `user_stack_pointer_set()` | Sets `regs->sp = val` | 1 line | **Technical mechanism of the bug:** 1. KASAN adds memory sanitization instrumentation to functions 2. Even trivial one-liner functions get bloated with KASAN checks 3. The compiler decides the bloated functions are "too big" to inline 4. These functions get called from `irqentry_exit()` in contexts where UACCESS is enabled (SMAP disabled via STAC) 5. Objtool validates that no unexpected function calls happen with UACCESS enabled (security/correctness requirement) 6. Result: **BUILD FAILURE** (error, not warning) **Why `__always_inline` fixes it:** ```c #define __always_inline inline __attribute__((__always_inline__)) ``` This compiler attribute forces inlining regardless of any optimization settings or instrumentation, ensuring these trivial accessors always become inline code rather than function calls. ### 3. CLASSIFICATION - **Category:** BUILD FIX - **Type:** Fixes compilation error with KASAN on x86 - **Not a feature:** Simply enforces behavior that was intended (functions should always inline) - **Not a quirk/device ID/DT:** N/A ### 4. SCOPE AND RISK ASSESSMENT **Scope:** - 1 file changed: `arch/x86/include/asm/ptrace.h` - 10 insertions, 10 deletions (only adding `__always_` prefix) - Changes are purely compile-time **Risk: VERY LOW** - Zero runtime functional change when compiler already inlines - Only forces the compiler to do what it was supposed to do - Same pattern already successfully applied to other functions in the same file: - `user_mode()` - already `__always_inline` - `v8086_mode()` - commit b008893b08dcc - `ip_within_syscall_gap()` - commit c6b01dace2cd7 - `regs_irqs_disabled()` - already `__always_inline` ### 5. USER IMPACT **Who is affected:** - Anyone building x86 kernels with `CONFIG_KASAN=y` - KASAN is used for memory debugging, commonly in development and CI systems - Enterprise distributions often enable KASAN in debug/test builds **Severity:** HIGH (build failure = kernel cannot be compiled) ### 6. STABILITY INDICATORS - **Reviewed-by:** None explicit, but committed through tip tree - **Tested-by:** None explicit, but the error message shows it was reproduced - **Author credibility:** Peter Zijlstra is a top kernel maintainer - **Committer credibility:** Ingo Molnar is the x86 maintainer ### 7. DEPENDENCY CHECK **Dependencies:** NONE - This is a standalone fix - Does not depend on any other commits - The affected code exists unchanged in all stable kernels (5.10, 5.15, 6.1, 6.6) **Backport applicability verified:** ``` v5.10: static inline void instruction_pointer_set(...) ✓ v5.15: static inline void instruction_pointer_set(...) ✓ v6.1: static inline void instruction_pointer_set(...) ✓ v6.6: static inline void instruction_pointer_set(...) ✓ ``` The patch should apply cleanly to all stable trees. ### 8. HISTORICAL CONTEXT Similar fixes have been applied to this same file and other kernel files: | Commit | Description | Pattern | |--------|-------------|---------| | c6b01dace2cd7 | x86: Always inline ip_within_syscall_gap() | Same | | b008893b08dcc | x86/ptrace: Always inline v8086_mode() | Same | | cb0ca08b326aa | kcov: mark in_softirq_really() as __always_inline | Same (backported to stable) | The KASAN + objtool UACCESS validation issue is a known pattern that has been addressed multiple times with `__always_inline`. ### SUMMARY **Strong YES signals:** - ✅ Fixes a build failure (compilation error, not warning) - ✅ Small, surgical fix with clear scope (only adds `__always_inline`) - ✅ Obviously correct - trivial accessors should always inline - ✅ Zero functional/runtime change - ✅ No dependencies, applies cleanly to all stable trees - ✅ Well-established fix pattern used elsewhere in kernel - ✅ Authored by highly trusted maintainer (Peter Zijlstra) - ✅ Committed through the proper channel (tip tree via Ingo Molnar) **Weak NO signals:** - ⚠️ No explicit `Cc: stable` tag - ⚠️ No `Fixes:` tag The absence of stable tags is not disqualifying for build fixes. The stable kernel rules explicitly state that "build fixes that prevent compilation" are acceptable. This is a clear-cut build fix that prevents KASAN-enabled x86 kernels from compiling. ### CONCLUSION This commit **should be backported** to stable kernel trees. It's a textbook example of a build fix: - Small, contained, obviously correct - Fixes a real build failure affecting KASAN users - Zero risk of regression (only forces intended behavior) - No dependencies, clean backport - Follows established patterns from similar successful fixes **YES** arch/x86/include/asm/ptrace.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h index 50f75467f73d0..b5dec859bc75a 100644 --- a/arch/x86/include/asm/ptrace.h +++ b/arch/x86/include/asm/ptrace.h @@ -187,12 +187,12 @@ convert_ip_to_linear(struct task_struct *child, struct pt_regs *regs); extern void send_sigtrap(struct pt_regs *regs, int error_code, int si_code); -static inline unsigned long regs_return_value(struct pt_regs *regs) +static __always_inline unsigned long regs_return_value(struct pt_regs *regs) { return regs->ax; } -static inline void regs_set_return_value(struct pt_regs *regs, unsigned long rc) +static __always_inline void regs_set_return_value(struct pt_regs *regs, unsigned long rc) { regs->ax = rc; } @@ -277,34 +277,34 @@ static __always_inline bool ip_within_syscall_gap(struct pt_regs *regs) } #endif -static inline unsigned long kernel_stack_pointer(struct pt_regs *regs) +static __always_inline unsigned long kernel_stack_pointer(struct pt_regs *regs) { return regs->sp; } -static inline unsigned long instruction_pointer(struct pt_regs *regs) +static __always_inline unsigned long instruction_pointer(struct pt_regs *regs) { return regs->ip; } -static inline void instruction_pointer_set(struct pt_regs *regs, - unsigned long val) +static __always_inline +void instruction_pointer_set(struct pt_regs *regs, unsigned long val) { regs->ip = val; } -static inline unsigned long frame_pointer(struct pt_regs *regs) +static __always_inline unsigned long frame_pointer(struct pt_regs *regs) { return regs->bp; } -static inline unsigned long user_stack_pointer(struct pt_regs *regs) +static __always_inline unsigned long user_stack_pointer(struct pt_regs *regs) { return regs->sp; } -static inline void user_stack_pointer_set(struct pt_regs *regs, - unsigned long val) +static __always_inline +void user_stack_pointer_set(struct pt_regs *regs, unsigned long val) { regs->sp = val; } -- 2.51.0

4 days, 2 hours

1
0
0 0

[PATCH v2] spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

by Mark Brown

The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 ("spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance") made the fact that when we do a pm_runtime_disable() in the error paths of probe() we can trigger a runtime disable which in turn results in duplicate clock disables. This is particularly likely to happen when there is missing or broken DT description for the flashes attached to the controller. Early on in the probe function we do a pm_runtime_get_noresume() since the probe function leaves the device in a powered up state but in the error path we can't assume that PM is enabled so we also manually disable everything, including clocks. This means that when runtime PM is active both it and the probe function release the same reference to the main clock for the IP, triggering warnings from the clock subsystem: [ 8.693719] clk:75:7 already disabled [ 8.693791] WARNING: CPU: 1 PID: 185 at /usr/src/kernel/drivers/clk/clk.c:1188 clk_core_disable+0xa0/0xb ... [ 8.694261] clk_core_disable+0xa0/0xb4 (P) [ 8.694272] clk_disable+0x38/0x60 [ 8.694283] cqspi_probe+0x7c8/0xc5c [spi_cadence_quadspi] [ 8.694309] platform_probe+0x5c/0xa4 Dealing with this issue properly is complicated by the fact that we don't know if runtime PM is active so can't tell if it will disable the clocks or not. We can, however, sidestep the issue for the flash descriptions by moving their parsing to when we parse the controller properties which also save us doing a bunch of setup which can never be used so let's do that. Reported-by: Francesco Dolcini <francesco(a)dolcini.it> Closes: https://lore.kernel.org/r/20251201072844.GA6785@francesco-nb Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- Changes in v2: - Switch to moving the DT parsing earlier so we avoid triggering the clock referencing problems. - Link to v1: https://patch.msgid.link/20251202-spi-cadence-qspi-runtime-pm-imbalance-v1-… --- drivers/spi/spi-cadence-quadspi.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index af6d050da1c8..bdbeef05cd72 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1845,6 +1845,12 @@ static int cqspi_probe(struct platform_device *pdev) return -ENODEV; } + ret = cqspi_setup_flash(cqspi); + if (ret) { + dev_err(dev, "failed to setup flash parameters %d\n", ret); + return ret; + } + /* Obtain QSPI clock. */ cqspi->clk = devm_clk_get(dev, NULL); if (IS_ERR(cqspi->clk)) { @@ -1988,12 +1994,6 @@ static int cqspi_probe(struct platform_device *pdev) pm_runtime_get_noresume(dev); } - ret = cqspi_setup_flash(cqspi); - if (ret) { - dev_err(dev, "failed to setup flash parameters %d\n", ret); - goto probe_setup_failed; - } - host->num_chipselect = cqspi->num_chipselect; if (ddata && (ddata->quirks & CQSPI_SUPPORT_DEVICE_RESET)) --- base-commit: cebdea5fc60642a39a76c237257a7e6662336006 change-id: 20251202-spi-cadence-qspi-runtime-pm-imbalance-657740cf7eae Best regards, -- Mark Brown <broonie(a)kernel.org>

4 days, 3 hours

2
3
0 0

[PATCH v2] drm/nouveau/gsp: Allocate fwsec-sb at boot

by Lyude Paul

At the moment - the memory allocation for fwsec-sb is created as-needed and is released after being used. Typically this is at some point well after driver load, which can cause runtime suspend/resume to initially work on driver load but then later fail on a machine that has been running for long enough with sufficiently high enough memory pressure: kworker/7:1: page allocation failure: order:5, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 7 UID: 0 PID: 875159 Comm: kworker/7:1 Not tainted 6.17.8-300.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: SLIMBOOK Executive/Executive, BIOS N.1.10GRU06 02/02/2024 Workqueue: pm pm_runtime_work Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 warn_alloc+0x163/0x190 ? __alloc_pages_direct_compact+0x1b3/0x220 __alloc_pages_slowpath.constprop.0+0x57a/0xb10 __alloc_frozen_pages_noprof+0x334/0x350 __alloc_pages_noprof+0xe/0x20 __dma_direct_alloc_pages.isra.0+0x1eb/0x330 dma_direct_alloc_pages+0x3c/0x190 dma_alloc_pages+0x29/0x130 nvkm_firmware_ctor+0x1ae/0x280 [nouveau] nvkm_falcon_fw_ctor+0x3e/0x60 [nouveau] nvkm_gsp_fwsec+0x10e/0x2c0 [nouveau] ? sysvec_apic_timer_interrupt+0xe/0x90 nvkm_gsp_fwsec_sb+0x27/0x70 [nouveau] tu102_gsp_fini+0x65/0x110 [nouveau] ? ktime_get+0x3c/0xf0 nvkm_subdev_fini+0x67/0xc0 [nouveau] nvkm_device_fini+0x94/0x140 [nouveau] nvkm_udevice_fini+0x50/0x70 [nouveau] nvkm_object_fini+0xb1/0x140 [nouveau] nvkm_object_fini+0x70/0x140 [nouveau] ? __pfx_pci_pm_runtime_suspend+0x10/0x10 nouveau_do_suspend+0xe4/0x170 [nouveau] nouveau_pmops_runtime_suspend+0x3e/0xb0 [nouveau] pci_pm_runtime_suspend+0x67/0x1a0 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 __rpm_callback+0x45/0x1f0 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_callback+0x6d/0x80 rpm_suspend+0xe5/0x5e0 ? finish_task_switch.isra.0+0x99/0x2c0 pm_runtime_work+0x98/0xb0 process_one_work+0x18f/0x350 worker_thread+0x25a/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xf9/0x240 ? __pfx_kthread+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0xf1/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> The reason this happens is because the fwsec-sb firmware image only supports being booted from a contiguous coherent sysmem allocation. If a system runs into enough memory fragmentation from memory pressure, such as what can happen on systems with low amounts of memory, this can lead to a situation where it later becomes impossible to find space for a large enough contiguous allocation to hold fwsec-sb. This causes us to fail to boot the firmware image, causing the GPU to fail booting and causing the driver to fail. Since this firmware can't use non-contiguous allocations, the best solution to avoid this issue is to simply allocate the memory for fwsec-sb during initial driver-load, and reuse the memory allocation when fwsec-sb needs to be used. We then release the memory allocations on driver unload. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: 594766ca3e53 ("drm/nouveau/gsp: move booter handling to GPU-specific code") Cc: <stable(a)vger.kernel.org> # v6.16+ --- V2: * I realized we don't need to keep fwsec-frts allocated since we only use it at the start, just fwsec-sb. Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- .../gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 ++ .../gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 61 +++++++++++++------ .../gpu/drm/nouveau/nvkm/subdev/gsp/priv.h | 3 + .../drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c | 10 ++- 4 files changed, 58 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h index 226c7ec56b8ed..b8b97e10ae83e 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h @@ -73,6 +73,10 @@ struct nvkm_gsp { const struct firmware *bl; const struct firmware *rm; + + struct { + struct nvkm_falcon_fw sb; + } falcon; } fws; struct nvkm_firmware fw; diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c index 5b721bd9d7994..5037602466604 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c @@ -259,18 +259,16 @@ nvkm_gsp_fwsec_v3(struct nvkm_gsp *gsp, const char *name, } static int -nvkm_gsp_fwsec(struct nvkm_gsp *gsp, const char *name, u32 init_cmd) +nvkm_gsp_fwsec_init(struct nvkm_gsp *gsp, struct nvkm_falcon_fw *fw, const char *name, u32 init_cmd) { struct nvkm_subdev *subdev = &gsp->subdev; struct nvkm_device *device = subdev->device; struct nvkm_bios *bios = device->bios; const union nvfw_falcon_ucode_desc *desc; struct nvbios_pmuE flcn_ucode; - u8 idx, ver, hdr; u32 data; u16 size, vers; - struct nvkm_falcon_fw fw = {}; - u32 mbox0 = 0; + u8 idx, ver, hdr; int ret; /* Lookup in VBIOS. */ @@ -291,8 +289,8 @@ nvkm_gsp_fwsec(struct nvkm_gsp *gsp, const char *name, u32 init_cmd) vers = (desc->v2.Hdr & 0x0000ff00) >> 8; switch (vers) { - case 2: ret = nvkm_gsp_fwsec_v2(gsp, name, &desc->v2, size, init_cmd, &fw); break; - case 3: ret = nvkm_gsp_fwsec_v3(gsp, name, &desc->v3, size, init_cmd, &fw); break; + case 2: ret = nvkm_gsp_fwsec_v2(gsp, name, &desc->v2, size, init_cmd, fw); break; + case 3: ret = nvkm_gsp_fwsec_v3(gsp, name, &desc->v3, size, init_cmd, fw); break; default: nvkm_error(subdev, "%s(v%d): version unknown\n", name, vers); return -EINVAL; @@ -303,15 +301,19 @@ nvkm_gsp_fwsec(struct nvkm_gsp *gsp, const char *name, u32 init_cmd) return ret; } - /* Boot. */ - ret = nvkm_falcon_fw_boot(&fw, subdev, true, &mbox0, NULL, 0, 0); - nvkm_falcon_fw_dtor(&fw); - if (ret) - return ret; - return 0; } +static int +nvkm_gsp_fwsec_boot(struct nvkm_gsp *gsp, struct nvkm_falcon_fw *fw) +{ + struct nvkm_subdev *subdev = &gsp->subdev; + u32 mbox0 = 0; + + /* Boot */ + return nvkm_falcon_fw_boot(fw, subdev, true, &mbox0, NULL, 0, 0); +} + int nvkm_gsp_fwsec_sb(struct nvkm_gsp *gsp) { @@ -320,7 +322,7 @@ nvkm_gsp_fwsec_sb(struct nvkm_gsp *gsp) int ret; u32 err; - ret = nvkm_gsp_fwsec(gsp, "fwsec-sb", NVFW_FALCON_APPIF_DMEMMAPPER_CMD_SB); + ret = nvkm_gsp_fwsec_boot(gsp, &gsp->fws.falcon.sb); if (ret) return ret; @@ -334,27 +336,48 @@ nvkm_gsp_fwsec_sb(struct nvkm_gsp *gsp) return 0; } +int +nvkm_gsp_fwsec_sb_ctor(struct nvkm_gsp *gsp) +{ + return nvkm_gsp_fwsec_init(gsp, &gsp->fws.falcon.sb, "fwsec-sb", + NVFW_FALCON_APPIF_DMEMMAPPER_CMD_SB); +} + +void +nvkm_gsp_fwsec_sb_dtor(struct nvkm_gsp *gsp) +{ + nvkm_falcon_fw_dtor(&gsp->fws.falcon.sb); +} + int nvkm_gsp_fwsec_frts(struct nvkm_gsp *gsp) { struct nvkm_subdev *subdev = &gsp->subdev; struct nvkm_device *device = subdev->device; + struct nvkm_falcon_fw fw = {}; int ret; u32 err, wpr2_lo, wpr2_hi; - ret = nvkm_gsp_fwsec(gsp, "fwsec-frts", NVFW_FALCON_APPIF_DMEMMAPPER_CMD_FRTS); + ret = nvkm_gsp_fwsec_init(gsp, &fw, "fwsec-frts", NVFW_FALCON_APPIF_DMEMMAPPER_CMD_FRTS); if (ret) return ret; + ret = nvkm_gsp_fwsec_boot(gsp, &fw); + if (ret) + goto fwsec_dtor; + /* Verify. */ err = nvkm_rd32(device, 0x001400 + (0xe * 4)) >> 16; if (err) { nvkm_error(subdev, "fwsec-frts: 0x%04x\n", err); - return -EIO; + ret = -EIO; + } else { + wpr2_lo = nvkm_rd32(device, 0x1fa824); + wpr2_hi = nvkm_rd32(device, 0x1fa828); + nvkm_debug(subdev, "fwsec-frts: WPR2 @ %08x - %08x\n", wpr2_lo, wpr2_hi); } - wpr2_lo = nvkm_rd32(device, 0x1fa824); - wpr2_hi = nvkm_rd32(device, 0x1fa828); - nvkm_debug(subdev, "fwsec-frts: WPR2 @ %08x - %08x\n", wpr2_lo, wpr2_hi); - return 0; +fwsec_dtor: + nvkm_falcon_fw_dtor(&fw); + return ret; } diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/priv.h b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/priv.h index c3494b7ac572b..86bdd203bc107 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/priv.h +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/priv.h @@ -6,7 +6,10 @@ enum nvkm_acr_lsf_id; int nvkm_gsp_fwsec_frts(struct nvkm_gsp *); + +int nvkm_gsp_fwsec_sb_ctor(struct nvkm_gsp *); int nvkm_gsp_fwsec_sb(struct nvkm_gsp *); +void nvkm_gsp_fwsec_sb_dtor(struct nvkm_gsp *); struct nvkm_gsp_fwif { int version; diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c index 32e6a065d6d7a..2a7e80c6d70f3 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c @@ -1817,12 +1817,16 @@ r535_gsp_rm_boot_ctor(struct nvkm_gsp *gsp) RM_RISCV_UCODE_DESC *desc; int ret; + ret = nvkm_gsp_fwsec_sb_ctor(gsp); + if (ret) + return ret; + hdr = nvfw_bin_hdr(&gsp->subdev, fw->data); desc = (void *)fw->data + hdr->header_offset; ret = nvkm_gsp_mem_ctor(gsp, hdr->data_size, &gsp->boot.fw); if (ret) - return ret; + goto dtor_fwsec; memcpy(gsp->boot.fw.data, fw->data + hdr->data_offset, hdr->data_size); @@ -1831,6 +1835,9 @@ r535_gsp_rm_boot_ctor(struct nvkm_gsp *gsp) gsp->boot.manifest_offset = desc->manifestOffset; gsp->boot.app_version = desc->appVersion; return 0; +dtor_fwsec: + nvkm_gsp_fwsec_sb_dtor(gsp); + return ret; } static const struct nvkm_firmware_func @@ -2101,6 +2108,7 @@ r535_gsp_dtor(struct nvkm_gsp *gsp) mutex_destroy(&gsp->cmdq.mutex); nvkm_gsp_dtor_fws(gsp); + nvkm_gsp_fwsec_sb_dtor(gsp); nvkm_gsp_mem_dtor(&gsp->rmargs); nvkm_gsp_mem_dtor(&gsp->wpr_meta); base-commit: 62433efe0b06042d8016ba0713d801165a939229 -- 2.52.0

4 days, 4 hours

2
1
0 0

+ kasan-unpoison-vms-addresses-with-a-common-tag.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: unpoison vms[area] addresses with a common tag has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-unpoison-vms-addresses-with-a-common-tag.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Subject: kasan: unpoison vms[area] addresses with a common tag Date: Thu, 04 Dec 2025 19:00:11 +0000 A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Use the new vmalloc flag that disables random tag assignment in __kasan_unpoison_vmalloc() - pass the same random tag to all the vm_structs by tagging the pointers before they go inside __kasan_unpoison_vmalloc(). Assigning a common tag resolves the pcpu chunk address mismatch. Link: https://lkml.kernel.org/r/873821114a9f722ffb5d6702b94782e902883fdf.17648745… Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Jiayuan Chen <jiayuan.chen(a)linux.dev> Cc: Kees Cook <kees(a)kernel.org> Cc: Marco Elver <elver(a)google.com> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> [6.1+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/common.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) --- a/mm/kasan/common.c~kasan-unpoison-vms-addresses-with-a-common-tag +++ a/mm/kasan/common.c @@ -591,11 +591,28 @@ void __kasan_unpoison_vmap_areas(struct unsigned long size; void *addr; int area; + u8 tag; - for (area = 0 ; area < nr_vms ; area++) { + /* + * If KASAN_VMALLOC_KEEP_TAG was set at this point, all vms[] pointers + * would be unpoisoned with the KASAN_TAG_KERNEL which would disable + * KASAN checks down the line. + */ + if (flags & KASAN_VMALLOC_KEEP_TAG) { + pr_warn("KASAN_VMALLOC_KEEP_TAG flag shouldn't be already set!\n"); + return; + } + + size = vms[0]->size; + addr = vms[0]->addr; + vms[0]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + tag = get_tag(vms[0]->addr); + + for (area = 1 ; area < nr_vms ; area++) { size = vms[area]->size; - addr = vms[area]->addr; - vms[area]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + addr = set_tag(vms[area]->addr, tag); + vms[area]->addr = + __kasan_unpoison_vmalloc(addr, size, flags | KASAN_VMALLOC_KEEP_TAG); } } #endif _ Patches currently in -mm which might be from maciej.wieczor-retman(a)intel.com are kasan-refactor-pcpu-kasan-vmalloc-unpoison.patch kasan-unpoison-vms-addresses-with-a-common-tag.patch

4 days, 5 hours

1
0
0 0

+ kasan-refactor-pcpu-kasan-vmalloc-unpoison.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: refactor pcpu kasan vmalloc unpoison has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-refactor-pcpu-kasan-vmalloc-unpoison.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Subject: kasan: refactor pcpu kasan vmalloc unpoison Date: Thu, 04 Dec 2025 19:00:04 +0000 A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Refactor code by reusing __kasan_unpoison_vmalloc in a new helper in preparation for the actual fix. Link: https://lkml.kernel.org/r/eb61d93b907e262eefcaa130261a08bcb6c5ce51.17648745… Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Jiayuan Chen <jiayuan.chen(a)linux.dev> Cc: Kees Cook <kees(a)kernel.org> Cc: Marco Elver <elver(a)google.com> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> [6.1+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 15 +++++++++++++++ mm/kasan/common.c | 17 +++++++++++++++++ mm/vmalloc.c | 4 +--- 3 files changed, 33 insertions(+), 3 deletions(-) --- a/include/linux/kasan.h~kasan-refactor-pcpu-kasan-vmalloc-unpoison +++ a/include/linux/kasan.h @@ -615,6 +615,16 @@ static __always_inline void kasan_poison __kasan_poison_vmalloc(start, size); } +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags); +static __always_inline void +kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ + if (kasan_enabled()) + __kasan_unpoison_vmap_areas(vms, nr_vms, flags); +} + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -639,6 +649,11 @@ static inline void *kasan_unpoison_vmall static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } +static __always_inline void +kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ --- a/mm/kasan/common.c~kasan-refactor-pcpu-kasan-vmalloc-unpoison +++ a/mm/kasan/common.c @@ -28,6 +28,7 @@ #include <linux/string.h> #include <linux/types.h> #include <linux/bug.h> +#include <linux/vmalloc.h> #include "kasan.h" #include "../slab.h" @@ -582,3 +583,19 @@ bool __kasan_check_byte(const void *addr } return true; } + +#ifdef CONFIG_KASAN_VMALLOC +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ + unsigned long size; + void *addr; + int area; + + for (area = 0 ; area < nr_vms ; area++) { + size = vms[area]->size; + addr = vms[area]->addr; + vms[area]->addr = __kasan_unpoison_vmalloc(addr, size, flags); + } +} +#endif --- a/mm/vmalloc.c~kasan-refactor-pcpu-kasan-vmalloc-unpoison +++ a/mm/vmalloc.c @@ -4872,9 +4872,7 @@ retry: * With hardware tag-based KASAN, marking is skipped for * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). */ - for (area = 0; area < nr_vms; area++) - vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, - vms[area]->size, KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vmap_areas(vms, nr_vms, KASAN_VMALLOC_PROT_NORMAL); kfree(vas); return vms; _ Patches currently in -mm which might be from maciej.wieczor-retman(a)intel.com are kasan-refactor-pcpu-kasan-vmalloc-unpoison.patch kasan-unpoison-vms-addresses-with-a-common-tag.patch

4 days, 5 hours

1
0
0 0

+ mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jiayuan Chen <jiayuan.chen(a)linux.dev> Subject: mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN Date: Thu, 04 Dec 2025 18:59:55 +0000 Patch series "kasan: vmalloc: Fixes for the percpu allocator and vrealloc", v3. Patches fix two issues related to KASAN and vmalloc. The first one, a KASAN tag mismatch, possibly resulting in a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. Initially it was only noticed on x86 [1] but later a similar issue was also reported on arm64 [2]. Specifically the problem is related to how vm_structs interact with pcpu_chunks - both when they are allocated, assigned and when pcpu_chunk addresses are derived. When vm_structs are allocated they are unpoisoned, each with a different random tag, if vmalloc support is enabled along the KASAN mode. Later when first pcpu chunk is allocated it gets its 'base_addr' field set to the first allocated vm_struct. With that it inherits that vm_struct's tag. When pcpu_chunk addresses are later derived (by pcpu_chunk_addr(), for example in pcpu_alloc_noprof()) the base_addr field is used and offsets are added to it. If the initial conditions are satisfied then some of the offsets will point into memory allocated with a different vm_struct. So while the lower bits will get accurately derived the tag bits in the top of the pointer won't match the shadow memory contents. The solution (proposed at v2 of the x86 KASAN series [3]) is to unpoison the vm_structs with the same tag when allocating them for the per cpu allocator (in pcpu_get_vm_areas()). The second one reported by syzkaller [4] is related to vrealloc and happens because of random tag generation when unpoisoning memory without allocating new pages. This breaks shadow memory tracking and needs to reuse the existing tag instead of generating a new one. At the same time an inconsistency in used flags is corrected. This patch (of 3): Syzkaller reported a memory out-of-bounds bug [4]. This patch fixes two issues: 1. In vrealloc the KASAN_VMALLOC_VM_ALLOC flag is missing when unpoisoning the extended region. This flag is required to correctly associate the allocation with KASAN's vmalloc tracking. Note: In contrast, vzalloc (via __vmalloc_node_range_noprof) explicitly sets KASAN_VMALLOC_VM_ALLOC and calls kasan_unpoison_vmalloc() with it. vrealloc must behave consistently -- especially when reusing existing vmalloc regions -- to ensure KASAN can track allocations correctly. 2. When vrealloc reuses an existing vmalloc region (without allocating new pages) KASAN generates a new tag, which breaks tag-based memory access tracking. Introduce KASAN_VMALLOC_KEEP_TAG, a new KASAN flag that allows reusing the tag already attached to the pointer, ensuring consistent tag behavior during reallocation. Pass KASAN_VMALLOC_KEEP_TAG and KASAN_VMALLOC_VM_ALLOC to the kasan_unpoison_vmalloc inside vrealloc_node_align_noprof(). Link: https://lkml.kernel.org/r/38dece0a4074c43e48150d1e242f8242c73bf1a5.17648745… Link: https://lore.kernel.org/all/e7e04692866d02e6d3b32bb43b998e5d17092ba4.173868… [1] Link: https://lore.kernel.org/all/aMUrW1Znp1GEj7St@MiWiFi-R3L-srv/ [2] Link: https://lore.kernel.org/all/CAPAsAGxDRv_uFeMYu9TwhBVWHCCtkSxoWY4xmFB_vowMbi… [3] Link: https://syzkaller.appspot.com/bug?extid=3D997752115a851cb0cf36 [4] Signed-off-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Co-developed-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Fixes: a0309faf1cb0 ("mm: vmalloc: support more granular vrealloc() sizing" ) Reported-by: syzbot+997752115a851cb0cf36(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68e243a2.050a0220.1696c6.007d.GAE@google.com/T/ Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: Marco Elver <elver(a)google.com> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 1 + mm/kasan/hw_tags.c | 2 +- mm/kasan/shadow.c | 4 +++- mm/vmalloc.c | 4 +++- 4 files changed, 8 insertions(+), 3 deletions(-) --- a/include/linux/kasan.h~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/include/linux/kasan.h @@ -28,6 +28,7 @@ typedef unsigned int __bitwise kasan_vma #define KASAN_VMALLOC_INIT ((__force kasan_vmalloc_flags_t)0x01u) #define KASAN_VMALLOC_VM_ALLOC ((__force kasan_vmalloc_flags_t)0x02u) #define KASAN_VMALLOC_PROT_NORMAL ((__force kasan_vmalloc_flags_t)0x04u) +#define KASAN_VMALLOC_KEEP_TAG ((__force kasan_vmalloc_flags_t)0x08u) #define KASAN_VMALLOC_PAGE_RANGE 0x1 /* Apply exsiting page range */ #define KASAN_VMALLOC_TLB_FLUSH 0x2 /* TLB flush */ --- a/mm/kasan/hw_tags.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/kasan/hw_tags.c @@ -361,7 +361,7 @@ void *__kasan_unpoison_vmalloc(const voi return (void *)start; } - tag = kasan_random_tag(); + tag = (flags & KASAN_VMALLOC_KEEP_TAG) ? get_tag(start) : kasan_random_tag(); start = set_tag(start, tag); /* Unpoison and initialize memory up to size. */ --- a/mm/kasan/shadow.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/kasan/shadow.c @@ -648,7 +648,9 @@ void *__kasan_unpoison_vmalloc(const voi !(flags & KASAN_VMALLOC_PROT_NORMAL)) return (void *)start; - start = set_tag(start, kasan_random_tag()); + if (unlikely(!(flags & KASAN_VMALLOC_KEEP_TAG))) + start = set_tag(start, kasan_random_tag()); + kasan_unpoison(start, size, false); return (void *)start; } --- a/mm/vmalloc.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/vmalloc.c @@ -4176,7 +4176,9 @@ void *vrealloc_node_align_noprof(const v */ if (size <= alloced_size) { kasan_unpoison_vmalloc(p + old_size, size - old_size, - KASAN_VMALLOC_PROT_NORMAL); + KASAN_VMALLOC_PROT_NORMAL | + KASAN_VMALLOC_VM_ALLOC | + KASAN_VMALLOC_KEEP_TAG); /* * No need to zero memory here, as unused memory will have * already been zeroed at initial allocation time or during _ Patches currently in -mm which might be from jiayuan.chen(a)linux.dev are mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch

4 days, 5 hours

1
0
0 0

+ revert-mm-fix-max_folio_order-on-powerpc-configs-with-hugetlb.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "mm: fix MAX_FOLIO_ORDER on powerpc configs with hugetlb" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-mm-fix-max_folio_order-on-powerpc-configs-with-hugetlb.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Shuah Khan <skhan(a)linuxfoundation.org> Subject: Revert "mm: fix MAX_FOLIO_ORDER on powerpc configs with hugetlb" Date: Wed, 3 Dec 2025 19:33:56 -0700 This reverts commit 39231e8d6ba7f794b566fd91ebd88c0834a23b98. Enabling HAVE_GIGANTIC_FOLIOS broke kernel build and git clone on two systems. git fetch-pack fails when cloning large repos and make hangs or errors out of Makefile.build with Error: 139. These failures are random with git clone failing after fetching 1% of the objects, and make hangs while compiling random files. Below is is one of the git clone failures: git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux_6.19 Cloning into 'linux_6.19'... remote: Enumerating objects: 11173575, done. remote: Counting objects: 100% (785/785), done. remote: Compressing objects: 100% (373/373), done. remote: Total 11173575 (delta 534), reused 505 (delta 411), pack-reused 11172790 (from 1) Receiving objects: 100% (11173575/11173575), 3.00 GiB | 7.08 MiB/s, done. Resolving deltas: 100% (9195212/9195212), done. fatal: did not receive expected object 0002003e951b5057c16de5a39140abcbf6e44e50 fatal: fetch-pack: invalid index-pack output (akpm: reverting this probably just hides a bug, but let's do that for now while the bug is being worked on). Link: https://lkml.kernel.org/r/20251204023358.54107-1-skhan@linuxfoundation.org Fixes: 39231e8d6ba7 ("mm: fix MAX_FOLIO_ORDER on powerpc configs with hugetlb") Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Madhavan Srinivasan <maddy(a)linux.ibm.com> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/powerpc/Kconfig | 1 - arch/powerpc/platforms/Kconfig.cputype | 1 + include/linux/mm.h | 13 +++---------- mm/Kconfig | 7 ------- 4 files changed, 4 insertions(+), 18 deletions(-) --- a/arch/powerpc/Kconfig~revert-mm-fix-max_folio_order-on-powerpc-configs-with-hugetlb +++ a/arch/powerpc/Kconfig @@ -137,7 +137,6 @@ config PPC select ARCH_HAS_DMA_OPS if PPC64 select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_GCOV_PROFILE_ALL - select ARCH_HAS_GIGANTIC_PAGE if ARCH_SUPPORTS_HUGETLBFS select ARCH_HAS_KCOV select ARCH_HAS_KERNEL_FPU_SUPPORT if PPC64 && PPC_FPU select ARCH_HAS_MEMBARRIER_CALLBACKS --- a/arch/powerpc/platforms/Kconfig.cputype~revert-mm-fix-max_folio_order-on-powerpc-configs-with-hugetlb +++ a/arch/powerpc/platforms/Kconfig.cputype @@ -423,6 +423,7 @@ config PPC_64S_HASH_MMU config PPC_RADIX_MMU bool "Radix MMU Support" depends on PPC_BOOK3S_64 + select ARCH_HAS_GIGANTIC_PAGE default y help Enable support for the Power ISA 3.0 Radix style MMU. Currently this --- a/include/linux/mm.h~revert-mm-fix-max_folio_order-on-powerpc-configs-with-hugetlb +++ a/include/linux/mm.h @@ -2074,7 +2074,7 @@ static inline unsigned long folio_nr_pag return folio_large_nr_pages(folio); } -#if !defined(CONFIG_HAVE_GIGANTIC_FOLIOS) +#if !defined(CONFIG_ARCH_HAS_GIGANTIC_PAGE) /* * We don't expect any folios that exceed buddy sizes (and consequently * memory sections). @@ -2087,17 +2087,10 @@ static inline unsigned long folio_nr_pag * pages are guaranteed to be contiguous. */ #define MAX_FOLIO_ORDER PFN_SECTION_SHIFT -#elif defined(CONFIG_HUGETLB_PAGE) -/* - * There is no real limit on the folio size. We limit them to the maximum we - * currently expect (see CONFIG_HAVE_GIGANTIC_FOLIOS): with hugetlb, we expect - * no folios larger than 16 GiB on 64bit and 1 GiB on 32bit. - */ -#define MAX_FOLIO_ORDER get_order(IS_ENABLED(CONFIG_64BIT) ? SZ_16G : SZ_1G) #else /* - * Without hugetlb, gigantic folios that are bigger than a single PUD are - * currently impossible. + * There is no real limit on the folio size. We limit them to the maximum we + * currently expect (e.g., hugetlb, dax). */ #define MAX_FOLIO_ORDER PUD_ORDER #endif --- a/mm/Kconfig~revert-mm-fix-max_folio_order-on-powerpc-configs-with-hugetlb +++ a/mm/Kconfig @@ -908,13 +908,6 @@ config PAGE_MAPCOUNT config PGTABLE_HAS_HUGE_LEAVES def_bool TRANSPARENT_HUGEPAGE || HUGETLB_PAGE -# -# We can end up creating gigantic folio. -# -config HAVE_GIGANTIC_FOLIOS - def_bool (HUGETLB_PAGE && ARCH_HAS_GIGANTIC_PAGE) || \ - (ZONE_DEVICE && HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD) - # TODO: Allow to be enabled without THP config ARCH_SUPPORTS_HUGE_PFNMAP def_bool n _ Patches currently in -mm which might be from skhan(a)linuxfoundation.org are revert-mm-fix-max_folio_order-on-powerpc-configs-with-hugetlb.patch

4 days, 5 hours

1
0
0 0

[PATCH v1 3/3] io_uring/rsrc: fix lost entries after cloned range

by Joanne Koong

When cloning with node replacements (IORING_REGISTER_DST_REPLACE), destination entries after the cloned range are not copied over. Add logic to copy them over to the new destination table. Fixes: c1329532d5aa ("io_uring/rsrc: allow cloning with node replacements") Cc: stable(a)vger.kernel.org Signed-off-by: Joanne Koong <joannelkoong(a)gmail.com> --- io_uring/rsrc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c index 04f56212398a..a63474b331bf 100644 --- a/io_uring/rsrc.c +++ b/io_uring/rsrc.c @@ -1205,7 +1205,7 @@ static int io_clone_buffers(struct io_ring_ctx *ctx, struct io_ring_ctx *src_ctx if (ret) return ret; - /* Fill entries in data from dst that won't overlap with src */ + /* Copy original dst nodes from before the cloned range */ for (i = 0; i < min(arg->dst_off, ctx->buf_table.nr); i++) { struct io_rsrc_node *node = ctx->buf_table.nodes[i]; @@ -1238,6 +1238,16 @@ static int io_clone_buffers(struct io_ring_ctx *ctx, struct io_ring_ctx *src_ctx i++; } + /* Copy original dst nodes from after the cloned range */ + for (i = nbufs; i < ctx->buf_table.nr; i++) { + struct io_rsrc_node *node = ctx->buf_table.nodes[i]; + + if (node) { + data.nodes[i] = node; + node->refs++; + } + } + /* * If asked for replace, put the old table. data->nodes[] holds both * old and new nodes at this point. -- 2.47.3

4 days, 5 hours

1
0
0 0

[PATCH 5.10 000/300] 5.10.247-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.247 release. There are 300 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.247-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.247-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo: fix initial map fill Alex Lu <alex_lu(a)realsil.com.cn> Bluetooth: Add more enc key size check Jiufei Xue <jiufei.xue(a)samsung.com> fs: writeback: fix use-after-free in __mark_inode_dirty() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Fabio M. De Francesco <fabio.maria.de.francesco(a)linux.intel.com> mm/mempool: replace kmap_atomic() with kmap_local_page() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Paolo Abeni <pabeni(a)redhat.com> mptcp: introduce mptcp_schedule_work Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "NFS: Don't set NFS_INO_REVAL_PAGECACHE in the inode cache validity" Nick Desaulniers <ndesaulniers(a)google.com> Makefile.compiler: replace cc-ifversion with compiler-specific macros Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Christoph Hellwig <hch(a)lst.de> fsdax: mark the iomap argument to dax_iomap_sector as const Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Chris Morgan <macromorgan(a)hotmail.com> regulator: fixed: use dev_err_probe for register Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Xin Long <lucien.xin(a)gmail.com> sctp: hold endpoint before calling cb in sctp_transport_lookup_process Yajun Deng <yajun.deng(a)linux.dev> net: Use nlmsg_unicast() instead of netlink_unicast() Lu Wei <luwei32(a)huawei.com> net: sctp: Fix some typos Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Josephine Pfeiffer <hi(a)josie.lol> riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Ian Rogers <irogers(a)google.com> tools bitmap: Add missing asm-generic/bitsperlong.h include Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Svyatoslav Ryhel <clamor95(a)gmail.com> soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> soc: ti: pruss: don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tracing: fix declaration-after-statement warning Matthieu Baerts (NGI0) <matttbe(a)kernel.org> arch: back to -std=gnu89 in < v5.18 Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 ++-- Documentation/kbuild/makefiles.rst | 29 +++-- Makefile | 8 +- arch/arc/include/asm/bitops.h | 2 + arch/arm/crypto/Kconfig | 2 +- arch/arm/mach-at91/pm_suspend.S | 8 +- arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/loongson64/Platform | 2 +- arch/mips/mm/tlb-r4k.c | 118 ++++++++++++------ arch/mips/mti-malta/malta-init.c | 20 +-- arch/parisc/boot/compressed/Makefile | 2 +- arch/powerpc/Makefile | 4 +- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/cpu-hotplug.c | 1 + arch/riscv/mm/ptdump.c | 2 +- arch/s390/Makefile | 6 +- arch/s390/purgatory/Makefile | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 17 ++- arch/x86/events/core.c | 10 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- arch/x86/kernel/kvm.c | 20 +-- drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/property.c | 24 +++- drivers/acpi/video_detect.c | 8 ++ drivers/ata/libata-scsi.c | 8 ++ drivers/atm/fore200e.c | 2 + drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clocksource/timer-vf-pit.c | 22 ++-- drivers/cpufreq/longhaul.c | 3 + drivers/cpuidle/cpuidle.c | 8 +- drivers/dma/dw-edma/dw-edma-core.c | 22 ++++ drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +++- drivers/dma/sh/shdmac.c | 17 ++- drivers/edac/altera_edac.c | 22 +++- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/dc/calcs/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn30/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dsc/Makefile | 2 +- .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tidss/tidss_crtc.c | 2 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +-- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 14 ++- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/iio/adc/spear_adc.c | 9 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 ++-- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/iommu/amd/init.c | 28 +++-- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 ++- drivers/mailbox/mailbox-test.c | 2 +- drivers/md/dm-verity-fec.c | 6 +- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +-- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +++++---- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +++- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 +++ drivers/most/most_usb.c | 14 +-- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 23 ++-- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/b53/b53_common.c | 15 ++- drivers/net/dsa/b53/b53_regs.h | 3 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 ++++ .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +-- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 ++- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/ravb_main.c | 16 ++- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/marvell.c | 39 +++++- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 1 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 ++--- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/nvme/host/fc.c | 12 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 1 + drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/regulator/fixed.c | 6 +- drivers/remoteproc/qcom_q6v5.c | 5 + drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/pm8001/pm8001_ctl.c | 24 ++-- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/scsi/sg.c | 10 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 122 ++++++++++++++++++ drivers/soc/ti/knav_dma.c | 14 +-- drivers/soc/ti/pruss.c | 2 +- drivers/spi/spi-bcm63xx.c | 14 +++ drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 ++ drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/tty/serial/8250/8250_dw.c | 67 +++++----- drivers/tty/serial/amba-pl011.c | 2 +- drivers/uio/uio_hv_generic.c | 21 +++- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 ++ drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-dbgcap.h | 1 + drivers/usb/host/xhci-dbgtty.c | 17 ++- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 ++- drivers/usb/renesas_usbhs/common.c | 14 +-- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 +++ drivers/usb/storage/uas.c | 7 +- drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 ++++- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/file.c | 10 ++ fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 1 - fs/ceph/locks.c | 5 +- fs/cifs/connect.c | 1 + fs/dax.c | 2 +- fs/exfat/fatent.c | 11 +- fs/exfat/super.c | 5 +- fs/ext4/xattr.c | 2 +- fs/fs-writeback.c | 7 +- fs/hpfs/namei.c | 18 ++- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/inode.c | 6 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 7 +- fs/nfs/nfs4state.c | 3 + fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 3 +- fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/overlayfs/copy_up.c | 2 +- fs/proc/generic.c | 12 +- fs/xfs/xfs_super.c | 33 +++-- include/linux/ata.h | 1 + include/linux/blk_types.h | 11 +- include/linux/compiler_types.h | 5 +- include/linux/filter.h | 2 +- include/linux/mm.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/usb.h | 16 +-- include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +++- include/net/sctp/sctp.h | 3 +- include/net/tls.h | 6 + kernel/bpf/ringbuf.c | 2 + kernel/events/uprobes.c | 7 ++ kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- kernel/trace/trace_events_synth.c | 3 +- lib/crypto/Makefile | 2 +- mm/mempool.c | 32 ++++- mm/page_alloc.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 ++++++++++----- net/bluetooth/hci_event.c | 21 +++- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 ++ net/bluetooth/smp.c | 31 ++--- net/bridge/br_forward.c | 3 +- net/ceph/ceph_common.c | 53 ++++---- net/ceph/debugfs.c | 16 ++- net/core/netpoll.c | 7 +- net/core/page_pool.c | 6 +- net/core/sock.c | 15 ++- net/hsr/hsr_device.c | 3 + net/ipv4/fib_frontend.c | 2 +- net/ipv4/inet_diag.c | 5 +- net/ipv4/nexthop.c | 6 + net/ipv4/raw_diag.c | 7 +- net/ipv4/route.c | 5 + net/ipv4/udp_diag.c | 6 +- net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 +++++--- net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/mptcp_diag.c | 6 +- net/mptcp/pm.c | 3 +- net/mptcp/pm_netlink.c | 20 +-- net/mptcp/protocol.c | 59 ++++++--- net/mptcp/protocol.h | 1 + net/netfilter/nf_tables_api.c | 15 +++ net/netfilter/nft_set_pipapo.c | 4 +- net/netfilter/nft_set_pipapo.h | 21 ++++ net/netfilter/nft_set_pipapo_avx2.c | 31 ++++- net/netlink/af_netlink.c | 2 +- net/openvswitch/actions.c | 68 +--------- net/openvswitch/flow_netlink.c | 64 ++-------- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_ife.c | 12 +- net/sched/sch_api.c | 10 -- net/sched/sch_generic.c | 17 +-- net/sched/sch_hfsc.c | 16 --- net/sched/sch_qfq.c | 2 +- net/sctp/diag.c | 73 ++++++----- net/sctp/sm_make_chunk.c | 2 +- net/sctp/socket.c | 24 ++-- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/tls/tls_device.c | 4 +- net/unix/diag.c | 6 +- net/vmw_vsock/af_vsock.c | 40 ++++-- scripts/Kbuild.include | 10 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/pci/hda/patch_realtek.c | 17 +-- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/endpoint.c | 5 + sound/usb/mixer.c | 11 +- sound/usb/mixer_s1810c.c | 28 ++++- sound/usb/validate.c | 9 +- tools/include/linux/bitmap.h | 1 + tools/power/cpupower/lib/cpuidle.c | 5 +- .../x86_energy_perf_policy.c | 30 +++-- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- 332 files changed, 2243 insertions(+), 1164 deletions(-)

4 days, 5 hours

9
310
0 0

[PATCH 5.15.y RESEND] KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning

by Justin Stitt

A new warning in Clang 22 [1] complains that @clidr passed to get_clidr_el1() is an uninitialized const pointer. get_clidr_el1() doesn't really care since it casts away the const-ness anyways -- it is a false positive. | ../arch/arm64/kvm/sys_regs.c:2838:23: warning: variable 'clidr' is uninitialized when passed as a const pointer argument here [-Wuninitialized-const-pointer] | 2838 | get_clidr_el1(NULL, &clidr); /* Ugly... */ | | ^~~~~ This patch isn't needed for anything past 6.1 as this code section was reworked in Commit 7af0c2534f4c ("KVM: arm64: Normalize cache configuration"). Since there is no upstream equivalent, this patch just needs to be applied to 5.15. Disable this warning for sys_regs.o with an iron fist as it doesn't make sense to waste maintainer's time or potentially break builds by backporting large changelists from 6.2+. Cc: stable(a)vger.kernel.org Fixes: 7c8c5e6a9101e ("arm64: KVM: system register handling") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> --- Resending this with Nathan's RB tag, an updated commit log and better recipients from checkpatch.pl. I'm also sending a similar patch resend for 6.1. --- arch/arm64/kvm/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile index 989bb5dad2c8..109cca425d3e 100644 --- a/arch/arm64/kvm/Makefile +++ b/arch/arm64/kvm/Makefile @@ -25,3 +25,6 @@ kvm-y := $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o $(KVM)/eventfd.o \ vgic/vgic-its.o vgic/vgic-debug.o kvm-$(CONFIG_HW_PERF_EVENTS) += pmu-emul.o + +# Work around a false positive Clang 22 -Wuninitialized-const-pointer warning +CFLAGS_sys_regs.o := $(call cc-disable-warning, uninitialized-const-pointer) --- base-commit: 8bb7eca972ad531c9b149c0a51ab43a417385813 change-id: 20250728-b4-stable-disable-uninit-ptr-warn-5-15-c0c9db3df206 Best regards, -- Justin Stitt <justinstitt(a)google.com>

4 days, 6 hours

1
0
0 0

Optimiza tu reclutamiento con PsicoSmart

by Valeria Pérez

Mejora tus contrataciones con PsicoSmart body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Evalúa talento de forma objetiva y mejora tus contrataciones con PsicoSmart. Hola, , ¿Te ha pasado que un candidato luce perfecto en entrevista, pero en el trabajo no encaja como esperabas? En selección, confiar solo en la percepción puede llevar a decisiones costosas. Por eso quiero presentarte PsicoSmart, una herramienta creada para que los equipos de Recursos Humanos tomen decisiones más objetivas y acertadas. Con PsicoSmart puedes: Aplicar 31 pruebas psicométricas que evalúan liderazgo, honestidad, comunicación e inteligencia. Validar conocimientos técnicos con más de 2,500 exámenes especializados. Supervisar la identidad de quien responde mediante captura fotográfica automática durante la evaluación. Gestionar todo desde una sola plataforma, accesible desde cualquier dispositivo. Si estás buscando mejorar tus contrataciones, podría ser una muy buena opción. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, -------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewiswqruseup">click aquí</a>

4 days, 7 hours

1
0
0 0

[PATCH v4 2/4] tpm2-sessions: Fix tpm2_read_public range checks

by Jarkko Sakkinen

tpm2_read_public() has some rudimentary range checks but the function does not ensure that the response buffer has enough bytes for the full TPMT_HA payload. Re-implement the function with necessary checks and validation, and return name and name size for all handle types back to the caller. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: d0a25bb961e6 ("tpm: Add HMAC session name/handle append") Reviewed-by: Jonathan McDowell <noodles(a)meta.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v3: - Rename 'rc2' as 'name_size_alg'. - It makes a lot of sense to add additional robustness in name handling to tpm2_read_public. Thus also process handles whose handle name is the handle itself, and return name size back to the caller. v3: - No changes. v2: - Made the fix localized instead of spread all over the place. --- drivers/char/tpm/tpm2-cmd.c | 3 + drivers/char/tpm/tpm2-sessions.c | 94 +++++++++++++++++--------------- 2 files changed, 53 insertions(+), 44 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index be4a9c7f2e1a..34e3599f094f 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -11,8 +11,11 @@ * used by the kernel internally. */ +#include "linux/dev_printk.h" +#include "linux/tpm.h" #include "tpm.h" #include <crypto/hash_info.h> +#include <linux/unaligned.h> static bool disable_pcr_integrity; module_param(disable_pcr_integrity, bool, 0444); diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 385014dbca39..3f389e2f6f58 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -163,53 +163,61 @@ static int name_size(const u8 *name) } } -static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) +static int tpm2_read_public(struct tpm_chip *chip, u32 handle, void *name) { - struct tpm_header *head = (struct tpm_header *)buf->data; + u32 mso = tpm2_handle_mso(handle); off_t offset = TPM_HEADER_SIZE; - u32 tot_len = be32_to_cpu(head->length); - int ret; - u32 val; - - /* we're starting after the header so adjust the length */ - tot_len -= TPM_HEADER_SIZE; - - /* skip public */ - val = tpm_buf_read_u16(buf, &offset); - if (val > tot_len) - return -EINVAL; - offset += val; - /* name */ - val = tpm_buf_read_u16(buf, &offset); - ret = name_size(&buf->data[offset]); - if (ret < 0) - return ret; - - if (val != ret) - return -EINVAL; - - memcpy(name, &buf->data[offset], val); - /* forget the rest */ - return 0; -} - -static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) -{ + int rc, name_size_alg; struct tpm_buf buf; - int rc; + + if (mso != TPM2_MSO_PERSISTENT && mso != TPM2_MSO_VOLATILE && + mso != TPM2_MSO_NVRAM) { + memcpy(name, &handle, sizeof(u32)); + return sizeof(u32); + } rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); if (rc) return rc; tpm_buf_append_u32(&buf, handle); - rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); - if (rc == TPM2_RC_SUCCESS) - rc = tpm2_parse_read_public(name, &buf); - tpm_buf_destroy(&buf); + rc = tpm_transmit_cmd(chip, &buf, 0, "TPM2_ReadPublic"); + if (rc) { + tpm_buf_destroy(&buf); + return tpm_ret_to_err(rc); + } - return rc; + /* Skip TPMT_PUBLIC: */ + offset += tpm_buf_read_u16(&buf, &offset); + + /* + * Ensure space for the length field of TPM2B_NAME and hashAlg field of + * TPMT_HA (the extra four bytes). + */ + if (offset + 4 > tpm_buf_length(&buf)) { + tpm_buf_destroy(&buf); + return -EIO; + } + + rc = tpm_buf_read_u16(&buf, &offset); + name_size_alg = name_size(&buf.data[offset]); + + if (name_size_alg < 0) + return name_size_alg; + + if (rc != name_size_alg) { + tpm_buf_destroy(&buf); + return -EIO; + } + + if (offset + rc > tpm_buf_length(&buf)) { + tpm_buf_destroy(&buf); + return -EIO; + } + + memcpy(name, &buf.data[offset], rc); + return name_size_alg; } #endif /* CONFIG_TCG_TPM2_HMAC */ @@ -243,6 +251,7 @@ int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, #ifdef CONFIG_TCG_TPM2_HMAC enum tpm2_mso_type mso = tpm2_handle_mso(handle); struct tpm2_auth *auth; + u16 name_size_alg; int slot; int ret; #endif @@ -273,8 +282,10 @@ int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, mso == TPM2_MSO_NVRAM) { if (!name) { ret = tpm2_read_public(chip, handle, auth->name[slot]); - if (ret) + if (ret < 0) goto err; + + name_size_alg = ret; } } else { if (name) { @@ -286,13 +297,8 @@ int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, } auth->name_h[slot] = handle; - if (name) { - ret = name_size(name); - if (ret < 0) - goto err; - - memcpy(auth->name[slot], name, ret); - } + if (name) + memcpy(auth->name[slot], name, name_size_alg); #endif return 0; -- 2.52.0

4 days, 7 hours

1
0
0 0

[PATCH v4 1/4] tpm2-sessions: Fix out of range indexing in name_size

by Jarkko Sakkinen

'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst. Address the issue by only processing known values and returning -EINVAL for unrecognized values. Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traffic. End also the authorization session on failure in both of the functions, as the session state would be then by definition corrupted. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Reviewed-by: Jonathan McDowell <noodles(a)meta.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v4: - Removed spurious empty line. v3: - Fix pr_warn() format string in name_size(). - Fix !CONFIG_TPM2_HMAC compilation. v2: - Wrote a better short summary. - Addressed remarks in https://lore.kernel.org/linux-integrity/aS8TIeviaippVAha@earth.li/ - Use -EIO consistently in tpm2_fill_hmac_session. These are not input value errors. They could only spun from malformed (kernel) state. - name_size did not have a proper default-case. Reorganize the fallback into that. --- drivers/char/tpm/tpm2-cmd.c | 23 +++- drivers/char/tpm/tpm2-sessions.c | 132 +++++++++++++++------- include/linux/tpm.h | 13 ++- security/keys/trusted-keys/trusted_tpm2.c | 29 ++++- 4 files changed, 142 insertions(+), 55 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index dd502322f499..be4a9c7f2e1a 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -199,7 +199,11 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, } if (!disable_pcr_integrity) { - tpm_buf_append_name(chip, &buf, pcr_idx, NULL); + rc = tpm_buf_append_name(chip, &buf, pcr_idx, NULL); + if (rc) { + tpm_buf_destroy(&buf); + return rc; + } tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0); } else { tpm_buf_append_handle(chip, &buf, pcr_idx); @@ -214,8 +218,14 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, chip->allocated_banks[i].digest_size); } - if (!disable_pcr_integrity) - tpm_buf_fill_hmac_session(chip, &buf); + if (!disable_pcr_integrity) { + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) { + tpm_buf_destroy(&buf); + return rc; + } + } + rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value"); if (!disable_pcr_integrity) rc = tpm_buf_check_hmac_response(chip, &buf, rc); @@ -273,7 +283,12 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max) | TPM2_SA_CONTINUE_SESSION, NULL, 0); tpm_buf_append_u16(&buf, num_bytes); - tpm_buf_fill_hmac_session(chip, &buf); + err = tpm_buf_fill_hmac_session(chip, &buf); + if (err) { + tpm_buf_destroy(&buf); + return err; + } + err = tpm_transmit_cmd(chip, &buf, offsetof(struct tpm2_get_random_out, buffer), diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 6d03c224e6b2..385014dbca39 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -144,16 +144,23 @@ struct tpm2_auth { /* * Name Size based on TPM algorithm (assumes no hash bigger than 255) */ -static u8 name_size(const u8 *name) +static int name_size(const u8 *name) { - static u8 size_map[] = { - [TPM_ALG_SHA1] = SHA1_DIGEST_SIZE, - [TPM_ALG_SHA256] = SHA256_DIGEST_SIZE, - [TPM_ALG_SHA384] = SHA384_DIGEST_SIZE, - [TPM_ALG_SHA512] = SHA512_DIGEST_SIZE, - }; - u16 alg = get_unaligned_be16(name); - return size_map[alg] + 2; + u16 hash_alg = get_unaligned_be16(name); + + switch (hash_alg) { + case TPM_ALG_SHA1: + return SHA1_DIGEST_SIZE + 2; + case TPM_ALG_SHA256: + return SHA256_DIGEST_SIZE + 2; + case TPM_ALG_SHA384: + return SHA384_DIGEST_SIZE + 2; + case TPM_ALG_SHA512: + return SHA512_DIGEST_SIZE + 2; + default: + pr_warn("tpm: unsupported name algorithm: 0x%04x\n", hash_alg); + return -EINVAL; + } } static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) @@ -161,6 +168,7 @@ static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) struct tpm_header *head = (struct tpm_header *)buf->data; off_t offset = TPM_HEADER_SIZE; u32 tot_len = be32_to_cpu(head->length); + int ret; u32 val; /* we're starting after the header so adjust the length */ @@ -173,8 +181,13 @@ static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) offset += val; /* name */ val = tpm_buf_read_u16(buf, &offset); - if (val != name_size(&buf->data[offset])) + ret = name_size(&buf->data[offset]); + if (ret < 0) + return ret; + + if (val != ret) return -EINVAL; + memcpy(name, &buf->data[offset], val); /* forget the rest */ return 0; @@ -221,46 +234,72 @@ static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) * As with most tpm_buf operations, success is assumed because failure * will be caused by an incorrect programming model and indicated by a * kernel message. + * + * Ends the authorization session on failure. */ -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name) +int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name) { #ifdef CONFIG_TCG_TPM2_HMAC enum tpm2_mso_type mso = tpm2_handle_mso(handle); struct tpm2_auth *auth; int slot; + int ret; #endif if (!tpm2_chip_auth(chip)) { tpm_buf_append_handle(chip, buf, handle); - return; + return 0; } #ifdef CONFIG_TCG_TPM2_HMAC slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; if (slot >= AUTH_MAX_NAMES) { - dev_err(&chip->dev, "TPM: too many handles\n"); - return; + dev_err(&chip->dev, "too many handles\n"); + ret = -EIO; + goto err; } auth = chip->auth; - WARN(auth->session != tpm_buf_length(buf), - "name added in wrong place\n"); + if (auth->session != tpm_buf_length(buf)) { + dev_err(&chip->dev, "session state malformed"); + ret = -EIO; + goto err; + } tpm_buf_append_u32(buf, handle); auth->session += 4; if (mso == TPM2_MSO_PERSISTENT || mso == TPM2_MSO_VOLATILE || mso == TPM2_MSO_NVRAM) { - if (!name) - tpm2_read_public(chip, handle, auth->name[slot]); + if (!name) { + ret = tpm2_read_public(chip, handle, auth->name[slot]); + if (ret) + goto err; + } } else { - if (name) - dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); + if (name) { + dev_err(&chip->dev, "handle 0x%08x does not use a name\n", + handle); + ret = -EIO; + goto err; + } } auth->name_h[slot] = handle; - if (name) - memcpy(auth->name[slot], name, name_size(name)); + if (name) { + ret = name_size(name); + if (ret < 0) + goto err; + + memcpy(auth->name[slot], name, ret); + } +#endif + return 0; + +#ifdef CONFIG_TCG_TPM2_HMAC +err: + tpm2_end_auth_session(chip); + return tpm_ret_to_err(ret); #endif } EXPORT_SYMBOL_GPL(tpm_buf_append_name); @@ -533,11 +572,9 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip, * encryption key and encrypts the first parameter of the command * buffer with it. * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. + * Ends the authorization session on failure. */ -void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) +int tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) { u32 cc, handles, val; struct tpm2_auth *auth = chip->auth; @@ -549,9 +586,12 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u8 cphash[SHA256_DIGEST_SIZE]; struct sha256_ctx sctx; struct hmac_sha256_ctx hctx; + int ret; - if (!auth) - return; + if (!auth) { + ret = -EIO; + goto err; + } /* save the command code in BE format */ auth->ordinal = head->ordinal; @@ -560,9 +600,11 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) i = tpm2_find_cc(chip, cc); if (i < 0) { - dev_err(&chip->dev, "Command 0x%x not found in TPM\n", cc); - return; + dev_err(&chip->dev, "command 0x%08x not found\n", cc); + ret = -EIO; + goto err; } + attrs = chip->cc_attrs_tbl[i]; handles = (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0); @@ -576,9 +618,9 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u32 handle = tpm_buf_read_u32(buf, &offset_s); if (auth->name_h[i] != handle) { - dev_err(&chip->dev, "TPM: handle %d wrong for name\n", - i); - return; + dev_err(&chip->dev, "invalid handle 0x%08x\n", handle); + ret = -EIO; + goto err; } } /* point offset_s to the start of the sessions */ @@ -609,12 +651,14 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) offset_s += len; } if (offset_s != offset_p) { - dev_err(&chip->dev, "TPM session length is incorrect\n"); - return; + dev_err(&chip->dev, "session length is incorrect\n"); + ret = -EIO; + goto err; } if (!hmac) { - dev_err(&chip->dev, "TPM could not find HMAC session\n"); - return; + dev_err(&chip->dev, "could not find HMAC session\n"); + ret = -EIO; + goto err; } /* encrypt before HMAC */ @@ -646,8 +690,11 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) if (mso == TPM2_MSO_PERSISTENT || mso == TPM2_MSO_VOLATILE || mso == TPM2_MSO_NVRAM) { - sha256_update(&sctx, auth->name[i], - name_size(auth->name[i])); + ret = name_size(auth->name[i]); + if (ret < 0) + goto err; + + sha256_update(&sctx, auth->name[i], ret); } else { __be32 h = cpu_to_be32(auth->name_h[i]); @@ -668,6 +715,11 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) hmac_sha256_update(&hctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); hmac_sha256_update(&hctx, &auth->attrs, 1); hmac_sha256_final(&hctx, hmac); + return 0; + +err: + tpm2_end_auth_session(chip); + return ret; } EXPORT_SYMBOL(tpm_buf_fill_hmac_session); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 3d8f7d1ce2b8..aa816b144ab3 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -529,8 +529,8 @@ static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) #endif } -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name); +int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -563,7 +563,7 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, #ifdef CONFIG_TCG_TPM2_HMAC int tpm2_start_auth_session(struct tpm_chip *chip); -void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); +int tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); void tpm2_end_auth_session(struct tpm_chip *chip); @@ -577,10 +577,13 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, - struct tpm_buf *buf) + +static inline int tpm_buf_fill_hmac_session(struct tpm_chip *chip, + struct tpm_buf *buf) { + return 0; } + static inline int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 8bc6efa8accb..5b205279584b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -268,7 +268,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, goto out_put; } - tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + if (rc) + goto out; + tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT, options->keyauth, TPM_DIGEST_SIZE); @@ -316,7 +319,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, goto out; } - tpm_buf_fill_hmac_session(chip, &buf); + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) + goto out; + rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data"); rc = tpm_buf_check_hmac_response(chip, &buf, rc); if (rc) @@ -427,7 +433,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip, return rc; } - tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + if (rc) + goto out; + tpm_buf_append_hmac_session(chip, &buf, 0, options->keyauth, TPM_DIGEST_SIZE); @@ -439,7 +448,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip, goto out; } - tpm_buf_fill_hmac_session(chip, &buf); + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) + goto out; + rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob"); rc = tpm_buf_check_hmac_response(chip, &buf, rc); if (!rc) @@ -484,7 +496,9 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, return rc; } - tpm_buf_append_name(chip, &buf, blob_handle, NULL); + rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + if (rc) + goto out; if (!options->policyhandle) { tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, @@ -509,7 +523,10 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, NULL, 0); } - tpm_buf_fill_hmac_session(chip, &buf); + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) + goto out; + rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing"); rc = tpm_buf_check_hmac_response(chip, &buf, rc); -- 2.52.0

4 days, 7 hours

1
0
0 0

[PATCH v3 2/4] tpm2-sessions: Fix tpm2_read_public range checks

by Jarkko Sakkinen

'tpm2_read_public' has some rudimentary range checks but the function does not ensure that the response buffer has enough bytes for the full TPMT_HA payload. Re-implement the function with necessary checks and validation. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: d0a25bb961e6 ("tpm: Add HMAC session name/handle append") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> v2: - Made the fix localized instead of spread all over the place. --- drivers/char/tpm/tpm2-cmd.c | 3 ++ drivers/char/tpm/tpm2-sessions.c | 77 +++++++++++++++++--------------- 2 files changed, 44 insertions(+), 36 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index be4a9c7f2e1a..34e3599f094f 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -11,8 +11,11 @@ * used by the kernel internally. */ +#include "linux/dev_printk.h" +#include "linux/tpm.h" #include "tpm.h" #include <crypto/hash_info.h> +#include <linux/unaligned.h> static bool disable_pcr_integrity; module_param(disable_pcr_integrity, bool, 0444); diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index a265e9752a5e..e9f439be3916 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -163,54 +163,59 @@ static int name_size(const u8 *name) } } -static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) +static int tpm2_read_public(struct tpm_chip *chip, u32 handle, void *name) { - struct tpm_header *head = (struct tpm_header *)buf->data; + u32 mso = tpm2_handle_mso(handle); off_t offset = TPM_HEADER_SIZE; - u32 tot_len = be32_to_cpu(head->length); - int ret; - u32 val; - - /* we're starting after the header so adjust the length */ - tot_len -= TPM_HEADER_SIZE; - - /* skip public */ - val = tpm_buf_read_u16(buf, &offset); - if (val > tot_len) - return -EINVAL; - offset += val; - /* name */ - - val = tpm_buf_read_u16(buf, &offset); - ret = name_size(&buf->data[offset]); - if (ret < 0) - return ret; + struct tpm_buf buf; + int rc, rc2; - if (val != ret) + if (mso != TPM2_MSO_PERSISTENT && mso != TPM2_MSO_VOLATILE && + mso != TPM2_MSO_NVRAM) return -EINVAL; - memcpy(name, &buf->data[offset], val); - /* forget the rest */ - return 0; -} - -static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) -{ - struct tpm_buf buf; - int rc; - rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); if (rc) return rc; tpm_buf_append_u32(&buf, handle); - rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); - if (rc == TPM2_RC_SUCCESS) - rc = tpm2_parse_read_public(name, &buf); - tpm_buf_destroy(&buf); + rc = tpm_transmit_cmd(chip, &buf, 0, "TPM2_ReadPublic"); + if (rc) { + tpm_buf_destroy(&buf); + return tpm_ret_to_err(rc); + } - return rc; + /* Skip TPMT_PUBLIC: */ + offset += tpm_buf_read_u16(&buf, &offset); + + /* + * Ensure space for the length field of TPM2B_NAME and hashAlg field of + * TPMT_HA (the extra four bytes). + */ + if (offset + 4 > tpm_buf_length(&buf)) { + tpm_buf_destroy(&buf); + return -EIO; + } + + rc = tpm_buf_read_u16(&buf, &offset); + rc2 = name_size(&buf.data[offset]); + + if (rc2 < 0) + return rc2; + + if (rc != rc2) { + tpm_buf_destroy(&buf); + return -EIO; + } + + if (offset + rc > tpm_buf_length(&buf)) { + tpm_buf_destroy(&buf); + return -EIO; + } + + memcpy(name, &buf.data[offset], rc); + return 0; } #endif /* CONFIG_TCG_TPM2_HMAC */ -- 2.52.0

4 days, 8 hours

2
2
0 0

[PATCH v3 1/4] tpm2-sessions: fix out of range indexing in name_size

by Jarkko Sakkinen

'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst. Address the issue by only processing known values and returning -EINVAL for unrecognized values. Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traffic. End also the authorization session on failure in both of the functions, as the session state would be then by definition corrupted. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> v3: - Fix pr_warn() format string in name_size(). - Fix !CONFIG_TPM2_HMAC compilation. v2: - Wrote a better short summary. - Addressed remarks in https://lore.kernel.org/linux-integrity/aS8TIeviaippVAha@earth.li/ - Use -EIO consistently in tpm2_fill_hmac_session. These are not input value errors. They could only spun from malformed (kernel) state. - name_size did not have a proper default-case. Reorganize the fallback into that. --- drivers/char/tpm/tpm2-cmd.c | 23 +++- drivers/char/tpm/tpm2-sessions.c | 133 +++++++++++++++------- include/linux/tpm.h | 13 ++- security/keys/trusted-keys/trusted_tpm2.c | 29 ++++- 4 files changed, 143 insertions(+), 55 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index dd502322f499..be4a9c7f2e1a 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -199,7 +199,11 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, } if (!disable_pcr_integrity) { - tpm_buf_append_name(chip, &buf, pcr_idx, NULL); + rc = tpm_buf_append_name(chip, &buf, pcr_idx, NULL); + if (rc) { + tpm_buf_destroy(&buf); + return rc; + } tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0); } else { tpm_buf_append_handle(chip, &buf, pcr_idx); @@ -214,8 +218,14 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, chip->allocated_banks[i].digest_size); } - if (!disable_pcr_integrity) - tpm_buf_fill_hmac_session(chip, &buf); + if (!disable_pcr_integrity) { + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) { + tpm_buf_destroy(&buf); + return rc; + } + } + rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value"); if (!disable_pcr_integrity) rc = tpm_buf_check_hmac_response(chip, &buf, rc); @@ -273,7 +283,12 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max) | TPM2_SA_CONTINUE_SESSION, NULL, 0); tpm_buf_append_u16(&buf, num_bytes); - tpm_buf_fill_hmac_session(chip, &buf); + err = tpm_buf_fill_hmac_session(chip, &buf); + if (err) { + tpm_buf_destroy(&buf); + return err; + } + err = tpm_transmit_cmd(chip, &buf, offsetof(struct tpm2_get_random_out, buffer), diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 6d03c224e6b2..a265e9752a5e 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -144,16 +144,23 @@ struct tpm2_auth { /* * Name Size based on TPM algorithm (assumes no hash bigger than 255) */ -static u8 name_size(const u8 *name) +static int name_size(const u8 *name) { - static u8 size_map[] = { - [TPM_ALG_SHA1] = SHA1_DIGEST_SIZE, - [TPM_ALG_SHA256] = SHA256_DIGEST_SIZE, - [TPM_ALG_SHA384] = SHA384_DIGEST_SIZE, - [TPM_ALG_SHA512] = SHA512_DIGEST_SIZE, - }; - u16 alg = get_unaligned_be16(name); - return size_map[alg] + 2; + u16 hash_alg = get_unaligned_be16(name); + + switch (hash_alg) { + case TPM_ALG_SHA1: + return SHA1_DIGEST_SIZE + 2; + case TPM_ALG_SHA256: + return SHA256_DIGEST_SIZE + 2; + case TPM_ALG_SHA384: + return SHA384_DIGEST_SIZE + 2; + case TPM_ALG_SHA512: + return SHA512_DIGEST_SIZE + 2; + default: + pr_warn("tpm: unsupported name algorithm: 0x%04x\n", hash_alg); + return -EINVAL; + } } static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) @@ -161,6 +168,7 @@ static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) struct tpm_header *head = (struct tpm_header *)buf->data; off_t offset = TPM_HEADER_SIZE; u32 tot_len = be32_to_cpu(head->length); + int ret; u32 val; /* we're starting after the header so adjust the length */ @@ -172,9 +180,15 @@ static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) return -EINVAL; offset += val; /* name */ + val = tpm_buf_read_u16(buf, &offset); - if (val != name_size(&buf->data[offset])) + ret = name_size(&buf->data[offset]); + if (ret < 0) + return ret; + + if (val != ret) return -EINVAL; + memcpy(name, &buf->data[offset], val); /* forget the rest */ return 0; @@ -221,46 +235,72 @@ static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) * As with most tpm_buf operations, success is assumed because failure * will be caused by an incorrect programming model and indicated by a * kernel message. + * + * Ends the authorization session on failure. */ -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name) +int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name) { #ifdef CONFIG_TCG_TPM2_HMAC enum tpm2_mso_type mso = tpm2_handle_mso(handle); struct tpm2_auth *auth; int slot; + int ret; #endif if (!tpm2_chip_auth(chip)) { tpm_buf_append_handle(chip, buf, handle); - return; + return 0; } #ifdef CONFIG_TCG_TPM2_HMAC slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; if (slot >= AUTH_MAX_NAMES) { - dev_err(&chip->dev, "TPM: too many handles\n"); - return; + dev_err(&chip->dev, "too many handles\n"); + ret = -EIO; + goto err; } auth = chip->auth; - WARN(auth->session != tpm_buf_length(buf), - "name added in wrong place\n"); + if (auth->session != tpm_buf_length(buf)) { + dev_err(&chip->dev, "session state malformed"); + ret = -EIO; + goto err; + } tpm_buf_append_u32(buf, handle); auth->session += 4; if (mso == TPM2_MSO_PERSISTENT || mso == TPM2_MSO_VOLATILE || mso == TPM2_MSO_NVRAM) { - if (!name) - tpm2_read_public(chip, handle, auth->name[slot]); + if (!name) { + ret = tpm2_read_public(chip, handle, auth->name[slot]); + if (ret) + goto err; + } } else { - if (name) - dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); + if (name) { + dev_err(&chip->dev, "handle 0x%08x does not use a name\n", + handle); + ret = -EIO; + goto err; + } } auth->name_h[slot] = handle; - if (name) - memcpy(auth->name[slot], name, name_size(name)); + if (name) { + ret = name_size(name); + if (ret < 0) + goto err; + + memcpy(auth->name[slot], name, ret); + } +#endif + return 0; + +#ifdef CONFIG_TCG_TPM2_HMAC +err: + tpm2_end_auth_session(chip); + return tpm_ret_to_err(ret); #endif } EXPORT_SYMBOL_GPL(tpm_buf_append_name); @@ -533,11 +573,9 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip, * encryption key and encrypts the first parameter of the command * buffer with it. * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. + * Ends the authorization session on failure. */ -void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) +int tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) { u32 cc, handles, val; struct tpm2_auth *auth = chip->auth; @@ -549,9 +587,12 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u8 cphash[SHA256_DIGEST_SIZE]; struct sha256_ctx sctx; struct hmac_sha256_ctx hctx; + int ret; - if (!auth) - return; + if (!auth) { + ret = -EIO; + goto err; + } /* save the command code in BE format */ auth->ordinal = head->ordinal; @@ -560,9 +601,11 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) i = tpm2_find_cc(chip, cc); if (i < 0) { - dev_err(&chip->dev, "Command 0x%x not found in TPM\n", cc); - return; + dev_err(&chip->dev, "command 0x%08x not found\n", cc); + ret = -EIO; + goto err; } + attrs = chip->cc_attrs_tbl[i]; handles = (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0); @@ -576,9 +619,9 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u32 handle = tpm_buf_read_u32(buf, &offset_s); if (auth->name_h[i] != handle) { - dev_err(&chip->dev, "TPM: handle %d wrong for name\n", - i); - return; + dev_err(&chip->dev, "invalid handle 0x%08x\n", handle); + ret = -EIO; + goto err; } } /* point offset_s to the start of the sessions */ @@ -609,12 +652,14 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) offset_s += len; } if (offset_s != offset_p) { - dev_err(&chip->dev, "TPM session length is incorrect\n"); - return; + dev_err(&chip->dev, "session length is incorrect\n"); + ret = -EIO; + goto err; } if (!hmac) { - dev_err(&chip->dev, "TPM could not find HMAC session\n"); - return; + dev_err(&chip->dev, "could not find HMAC session\n"); + ret = -EIO; + goto err; } /* encrypt before HMAC */ @@ -646,8 +691,11 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) if (mso == TPM2_MSO_PERSISTENT || mso == TPM2_MSO_VOLATILE || mso == TPM2_MSO_NVRAM) { - sha256_update(&sctx, auth->name[i], - name_size(auth->name[i])); + ret = name_size(auth->name[i]); + if (ret < 0) + goto err; + + sha256_update(&sctx, auth->name[i], ret); } else { __be32 h = cpu_to_be32(auth->name_h[i]); @@ -668,6 +716,11 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) hmac_sha256_update(&hctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); hmac_sha256_update(&hctx, &auth->attrs, 1); hmac_sha256_final(&hctx, hmac); + return 0; + +err: + tpm2_end_auth_session(chip); + return ret; } EXPORT_SYMBOL(tpm_buf_fill_hmac_session); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 3d8f7d1ce2b8..aa816b144ab3 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -529,8 +529,8 @@ static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) #endif } -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name); +int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -563,7 +563,7 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, #ifdef CONFIG_TCG_TPM2_HMAC int tpm2_start_auth_session(struct tpm_chip *chip); -void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); +int tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); void tpm2_end_auth_session(struct tpm_chip *chip); @@ -577,10 +577,13 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, - struct tpm_buf *buf) + +static inline int tpm_buf_fill_hmac_session(struct tpm_chip *chip, + struct tpm_buf *buf) { + return 0; } + static inline int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 8bc6efa8accb..5b205279584b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -268,7 +268,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, goto out_put; } - tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + if (rc) + goto out; + tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT, options->keyauth, TPM_DIGEST_SIZE); @@ -316,7 +319,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, goto out; } - tpm_buf_fill_hmac_session(chip, &buf); + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) + goto out; + rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data"); rc = tpm_buf_check_hmac_response(chip, &buf, rc); if (rc) @@ -427,7 +433,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip, return rc; } - tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + if (rc) + goto out; + tpm_buf_append_hmac_session(chip, &buf, 0, options->keyauth, TPM_DIGEST_SIZE); @@ -439,7 +448,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip, goto out; } - tpm_buf_fill_hmac_session(chip, &buf); + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) + goto out; + rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob"); rc = tpm_buf_check_hmac_response(chip, &buf, rc); if (!rc) @@ -484,7 +496,9 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, return rc; } - tpm_buf_append_name(chip, &buf, blob_handle, NULL); + rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); + if (rc) + goto out; if (!options->policyhandle) { tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, @@ -509,7 +523,10 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, NULL, 0); } - tpm_buf_fill_hmac_session(chip, &buf); + rc = tpm_buf_fill_hmac_session(chip, &buf); + if (rc) + goto out; + rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing"); rc = tpm_buf_check_hmac_response(chip, &buf, rc); -- 2.52.0

4 days, 8 hours

2
2
0 0

[PATCH v1 0/2] mm: skip wait in wait_sb_inodes() for hangable-writeback mappings

by Joanne Koong

As reported by Athul upstream in [1], there is a userspace regression caused by commit 0c58a97f919c ("fuse: remove tmp folio for writebacks and internal rb tree") where if there is a bug in a fuse server that causes the server to never complete writeback, it will make wait_sb_inodes() wait forever, causing sync paths to hang. This is a resubmission of this patch [2] that was dropped from the original series due to a buggy/malicious server still being able to hold up sync() / the system in other ways if they wanted to, but the wait_sb_inodes() path is particularly common and easier to hit for malfunctioning servers. Thanks, Joanne [1] https://lore.kernel.org/regressions/CAJnrk1ZjQ8W8NzojsvJPRXiv9TuYPNdj8Ye7=C… [2] https://lore.kernel.org/linux-fsdevel/20241122232359.429647-4-joannelkoong@… Joanne Koong (2): mm: rename AS_WRITEBACK_MAY_DEADLOCK_ON_RECLAIM to AS_WRITEBACK_MAY_HANG fs/writeback: skip inodes with potential writeback hang in wait_sb_inodes() fs/fs-writeback.c | 3 +++ fs/fuse/file.c | 2 +- include/linux/pagemap.h | 10 +++++----- mm/vmscan.c | 3 +-- 4 files changed, 10 insertions(+), 8 deletions(-) -- 2.47.3

4 days, 9 hours

4
16
0 0

[PATCH 5.15 000/392] 5.15.197-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.197 release. There are 392 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.197-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.197-rc1 Daniel T. Lee <danieltimlee(a)gmail.com> libbpf: Fix invalid return address register in s390 Yixun Lan <dlan(a)gentoo.org> libbpf, riscv: Use a0 for RC register Ilya Leoshkevich <iii(a)linux.ibm.com> libbpf: Fix riscv register names Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in loop3 Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we Alex Lu <alex_lu(a)realsil.com.cn> Bluetooth: Add more enc key size check Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: renesas_usbhs: Convert to platform remove callback returning void Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: rm: set backup flag Philipp Hortmann <philipp.g.hortmann(a)gmail.com> staging: rtl8712: Remove driver using deprecated API wext ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: sja1105: simplify static configuration reload Andrew Lunn <andrew(a)lunn.ch> net: dsa: sja1105: Convert to mdiobus_c45_read Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Gulam Mohamed <gulam.mohamed(a)oracle.com> Revert "block: don't add or resize partition on the disk with GENHD_FL_NO_PART" Gulam Mohamed <gulam.mohamed(a)oracle.com> Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()" Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Fabio M. De Francesco <fabio.maria.de.francesco(a)linux.intel.com> mm/mempool: replace kmap_atomic() with kmap_local_page() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix fallback note due to OoO André Draszik <andre.draszik(a)linaro.org> pmdomain: samsung: plug potential memleak during probe Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Shawn Lin <shawn.lin(a)rock-chips.com> mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Omar Sandoval <osandov(a)fb.com> btrfs: fix crash on racing fsync and size-extending write into prealloc Filipe Manana <fdmanana(a)suse.com> btrfs: add helper to truncate inode items when logging inode Nick Desaulniers <ndesaulniers(a)google.com> Makefile.compiler: replace cc-ifversion with compiler-specific macros Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Lance Yang <lance.yang(a)linux.dev> mm/secretmem: fix use-after-free race in fault handler Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Alejandro Colomar <alx(a)kernel.org> kernel.h: Move ARRAY_SIZE() to a separate header Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: handle errno on tcf_idr_check_alloc Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Eric Dumazet <edumazet(a)google.com> bpf: Add bpf_prog_run_data_pointers() Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Eric Dumazet <edumazet(a)google.com> net_sched: act_connmark: use RCU in tcf_connmark_dump() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: transition to percpu stats and rcu Zhengchao Shao <shaozhengchao(a)huawei.com> net: sched: act_connmark: get rid of tcf_connmark_walker and tcf_connmark_search Zhengchao Shao <shaozhengchao(a)huawei.com> net: sched: act: move global static variable net_id to tc_action_ops Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Scott Mayhew <smayhew(a)redhat.com> NFS: check if suid/sgid was cleared after a write as needed Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: set test timeout to 10 minutes Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Yuta Hayama <hayama(a)lineo.co.jp> rtc: rx8025: fix incorrect register reference Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix a possible memory leak in bnxt_ptp_init Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: PTP: Refactor PTP initialization functions Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Wang Liang <wangliang74(a)huawei.com> selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh David Wei <dw(a)davidwei.uk> netdevsim: add Makefile for selftests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: use destination options instead of hop-by-hop Richard Gobert <richardbgobert(a)gmail.com> selftests/net: fix GRO coalesce test and add ext header coalesce tests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: fix out-of-order delivery of FIN in gro:tcp test Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx Josephine Pfeiffer <hi(a)josie.lol> riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Ian Rogers <irogers(a)google.com> tools bitmap: Add missing asm-generic/bitsperlong.h include Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Initialize all cores to max frequencies Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Matthias Schiffer <matthias.schiffer(a)tq-group.com> clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Ryan Wanner <Ryan.Wanner(a)microchip.com> clk: at91: clk-master: Add check for divide by 3 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Josua Mayer <josua(a)solid-run.com> rtc: pcf2127: clear minute/second interrupt Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong WQE data when QP wraps around Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Set irdma_cq cq_num field during CQ create Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Remove unused struct irdma_cq fields Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Fix SD index calculation Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Seyediman Seyedarab <ImanDevel(a)gmail.com> iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Robert Marko <robert.marko(a)sartura.hr> net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Jakub Kicinski <kuba(a)kernel.org> page_pool: always add GFP_NOWARN for ATOMIC allocations Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't reply to icmp error messages Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Michael Riesch <michael.riesch(a)collabora.com> phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ntfs3: pretend $Extend records as regular files Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata Antonino Maniscalco <antomani103(a)gmail.com> drm/msm: make sure to not queue up recovery more than once Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Alex Deucher <alexander.deucher(a)amd.com> drm/amd: add more cyan skillfish PCI ids Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy_7nm: Fix missing initial VCO rate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Miroslav Lichvar <mlichvar(a)redhat.com> ptp: Limit time setting of PTP clocks Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Fix controller init failure on fault during queue creation Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Lukas Wunner <lukas(a)wunner.de> thunderbolt: Use is_pciehp instead of is_hotplug_bridge Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Set crtc modesetting parameters with adjusted mode Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on aldebaran Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: fix error return value in cpupower_write_sysfs() Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Daniel Wagner <wagi(a)kernel.org> nvmet-fc: avoid scheduling association deletion twice Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Svyatoslav Ryhel <clamor95(a)gmail.com> soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups Fabien Proriol <fabien.proriol(a)viavisolutions.com> power: supply: sbs-charger: Support multiple devices Chuande Chen <chuachen(a)cisco.com> hwmon: (sbtsi_temp) AMD CPU extended temperature range support Hans de Goede <hansg(a)kernel.org> ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] Shang song (Lenovo) <shangsong2(a)foxmail.com> ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> soc: ti: pruss: don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Ryan Chen <ryan_chen(a)aspeedtech.com> soc: aspeed: socinfo: Add AST27xx silicon IDs Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Thomas Zimmermann <tzimmermann(a)suse.de> drm/sysfb: Do not dereference NULL pointer in plane reset Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix race in drm_sched_entity_select_rq() Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Revert "docs/process/howto: Replace C89 with C11" Matthieu Baerts (NGI0) <matttbe(a)kernel.org> arch: back to -std=gnu89 in < v5.18 Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Uday M Bhat <uday.m.bhat(a)intel.com> xhci: dbc: Allow users to modify DbC poll interval via sysfs Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: poll at different rate depending on data transfer activity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Provide sysfs option to configure dbc descriptors Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Biju Das <biju.das.jz(a)bp.renesas.com> ravb: Exclude gPTP feature support for RZ/G2L Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Jijie Shao <shaojijie(a)huawei.com> net: hns3: return error code when function fails Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix powerpc's stack register definition in bpf_tracing.h Andrii Nakryiko <andrii(a)kernel.org> libbpf: Normalize PT_REGS_xxx() macro definitions Björn Töpel <bjorn(a)kernel.org> riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h Ondrej Mosnacek <omosnace(a)redhat.com> bpf: Do not audit capability check in do_jit() Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Paolo Abeni <pabeni(a)redhat.com> mptcp: restore window probe Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 62 + .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +- .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- Documentation/kbuild/makefiles.rst | 29 +- Documentation/process/howto.rst | 2 +- Documentation/translations/it_IT/process/howto.rst | 2 +- Documentation/translations/ja_JP/howto.rst | 2 +- Documentation/translations/ko_KR/howto.rst | 2 +- Documentation/translations/zh_CN/process/howto.rst | 2 +- Documentation/translations/zh_TW/process/howto.rst | 2 +- MAINTAINERS | 7 +- Makefile | 10 +- arch/arc/include/asm/bitops.h | 2 + arch/arm/crypto/Kconfig | 2 +- arch/arm/mach-at91/pm_suspend.S | 8 +- arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/loongson64/Platform | 2 +- arch/mips/mm/tlb-r4k.c | 118 +- arch/mips/mti-malta/malta-init.c | 20 +- arch/parisc/boot/compressed/Makefile | 2 +- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/cpu-hotplug.c | 1 + arch/riscv/mm/ptdump.c | 2 +- arch/s390/Makefile | 6 +- arch/s390/purgatory/Makefile | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 17 +- arch/x86/events/core.c | 10 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- arch/x86/kernel/kvm.c | 20 +- arch/x86/net/bpf_jit_comp.c | 2 +- block/partitions/core.c | 5 - drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/prmt.c | 19 +- drivers/acpi/property.c | 24 +- drivers/acpi/scan.c | 2 + drivers/acpi/video_detect.c | 8 + drivers/ata/libata-scsi.c | 8 + drivers/atm/fore200e.c | 2 + drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clk/at91/clk-master.c | 3 + drivers/clk/ti/clk-33xx.c | 2 + drivers/clocksource/timer-vf-pit.c | 22 +- drivers/cpufreq/longhaul.c | 3 + drivers/cpufreq/tegra186-cpufreq.c | 27 +- drivers/cpuidle/cpuidle.c | 8 +- drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +- drivers/dma/sh/shdmac.c | 17 +- drivers/edac/altera_edac.c | 22 +- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 19 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn30/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn301/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn302/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn303/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn31/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 2 +- .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/drm_gem_atomic_helper.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/i915/i915_vma.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 + drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 3 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tidss/tidss_crtc.c | 7 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 14 +- drivers/hwmon/dell-smm-hwmon.c | 7 + drivers/hwmon/sbtsi_temp.c | 46 +- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/spear_adc.c | 9 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 +- drivers/infiniband/hw/irdma/pble.c | 2 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/hw/irdma/verbs.h | 8 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/iommu/amd/init.c | 28 +- drivers/iommu/intel/debugfs.c | 10 +- drivers/iommu/intel/perf.c | 10 +- drivers/iommu/intel/perf.h | 5 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/md/dm-verity-fec.c | 6 +- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 + drivers/mmc/host/sdhci-of-dwcmshc.c | 2 +- drivers/most/most_usb.c | 14 +- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 23 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/b53/b53_common.c | 15 +- drivers/net/dsa/b53/b53_regs.h | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 +- drivers/net/dsa/sja1105/sja1105_main.c | 71 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 45 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 +- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/microchip/sparx5/Kconfig | 2 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/ravb_main.c | 101 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/marvell.c | 39 +- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 40 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/nvme/host/fc.c | 12 +- drivers/nvme/target/fc.c | 16 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 3 +- drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/power/supply/sbs-charger.c | 16 +- drivers/ptp/ptp_clock.c | 13 +- drivers/regulator/fixed.c | 1 + drivers/remoteproc/qcom_q6v5.c | 5 + drivers/rtc/rtc-pcf2127.c | 4 +- drivers/rtc/rtc-rx8025.c | 2 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/libfc/fc_encode.h | 2 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_els.c | 6 +- drivers/scsi/lpfc/lpfc_init.c | 7 - drivers/scsi/lpfc/lpfc_scsi.c | 14 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 + drivers/scsi/pm8001/pm8001_ctl.c | 24 +- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/scsi/sg.c | 10 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/soc/aspeed/aspeed-socinfo.c | 4 + drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/samsung/pm_domains.c | 11 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 122 + drivers/soc/ti/knav_dma.c | 14 +- drivers/soc/ti/pruss.c | 2 +- drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 + drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/rtl8712/Kconfig | 21 - drivers/staging/rtl8712/Makefile | 35 - drivers/staging/rtl8712/TODO | 13 - drivers/staging/rtl8712/basic_types.h | 28 - drivers/staging/rtl8712/drv_types.h | 176 -- drivers/staging/rtl8712/ethernet.h | 21 - drivers/staging/rtl8712/hal_init.c | 401 ---- drivers/staging/rtl8712/ieee80211.c | 415 ---- drivers/staging/rtl8712/ieee80211.h | 165 -- drivers/staging/rtl8712/mlme_linux.c | 160 -- drivers/staging/rtl8712/mlme_osdep.h | 31 - drivers/staging/rtl8712/mp_custom_oid.h | 287 --- drivers/staging/rtl8712/os_intfs.c | 464 ---- drivers/staging/rtl8712/osdep_intf.h | 32 - drivers/staging/rtl8712/osdep_service.h | 61 - drivers/staging/rtl8712/recv_linux.c | 139 -- drivers/staging/rtl8712/recv_osdep.h | 39 - drivers/staging/rtl8712/rtl8712_bitdef.h | 26 - drivers/staging/rtl8712/rtl8712_cmd.c | 409 ---- drivers/staging/rtl8712/rtl8712_cmd.h | 231 -- drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 96 - drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 - drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 - drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 - .../staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 - .../staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 - drivers/staging/rtl8712/rtl8712_efuse.c | 566 ----- drivers/staging/rtl8712/rtl8712_efuse.h | 43 - drivers/staging/rtl8712/rtl8712_event.h | 86 - drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 -- drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 - drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 - drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 - drivers/staging/rtl8712/rtl8712_hal.h | 142 -- drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 - drivers/staging/rtl8712/rtl8712_io.c | 99 - drivers/staging/rtl8712/rtl8712_led.c | 1830 --------------- .../staging/rtl8712/rtl8712_macsetting_bitdef.h | 34 - .../staging/rtl8712/rtl8712_macsetting_regdef.h | 22 - drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 - drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 - drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 44 - drivers/staging/rtl8712/rtl8712_recv.c | 1079 --------- drivers/staging/rtl8712/rtl8712_recv.h | 145 -- drivers/staging/rtl8712/rtl8712_regdef.h | 32 - drivers/staging/rtl8712/rtl8712_security_bitdef.h | 35 - drivers/staging/rtl8712/rtl8712_spec.h | 124 -- drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 167 -- drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 44 - drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 50 - drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 50 - drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 - drivers/staging/rtl8712/rtl8712_xmit.c | 745 ------- drivers/staging/rtl8712/rtl8712_xmit.h | 108 - drivers/staging/rtl8712/rtl871x_cmd.c | 796 ------- drivers/staging/rtl8712/rtl871x_cmd.h | 764 ------- drivers/staging/rtl8712/rtl871x_debug.h | 130 -- drivers/staging/rtl8712/rtl871x_eeprom.c | 220 -- drivers/staging/rtl8712/rtl871x_eeprom.h | 88 - drivers/staging/rtl8712/rtl871x_event.h | 109 - drivers/staging/rtl8712/rtl871x_ht.h | 33 - drivers/staging/rtl8712/rtl871x_io.c | 147 -- drivers/staging/rtl8712/rtl871x_io.h | 236 -- drivers/staging/rtl8712/rtl871x_ioctl.h | 95 - drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 520 ----- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 - drivers/staging/rtl8712/rtl871x_ioctl_set.c | 355 --- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 - drivers/staging/rtl8712/rtl871x_led.h | 118 - drivers/staging/rtl8712/rtl871x_mlme.c | 1749 --------------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 -- drivers/staging/rtl8712/rtl871x_mp.c | 724 ------ drivers/staging/rtl8712/rtl871x_mp.h | 275 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 -------- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 329 --- drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1037 --------- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 -- drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 - drivers/staging/rtl8712/rtl871x_recv.c | 670 ------ drivers/staging/rtl8712/rtl871x_recv.h | 216 -- drivers/staging/rtl8712/rtl871x_rf.h | 55 - drivers/staging/rtl8712/rtl871x_security.c | 1387 ------------ drivers/staging/rtl8712/rtl871x_security.h | 218 -- drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 --- drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 - drivers/staging/rtl8712/rtl871x_xmit.c | 1059 --------- drivers/staging/rtl8712/rtl871x_xmit.h | 288 --- drivers/staging/rtl8712/sta_info.h | 133 -- drivers/staging/rtl8712/usb_halinit.c | 307 --- drivers/staging/rtl8712/usb_intf.c | 638 ------ drivers/staging/rtl8712/usb_ops.c | 195 -- drivers/staging/rtl8712/usb_ops.h | 38 - drivers/staging/rtl8712/usb_ops_linux.c | 508 ----- drivers/staging/rtl8712/usb_osintf.h | 35 - drivers/staging/rtl8712/wifi.h | 197 -- drivers/staging/rtl8712/wlan_bssdef.h | 223 -- drivers/staging/rtl8712/xmit_linux.c | 187 -- drivers/staging/rtl8712/xmit_osdep.h | 52 - drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/thunderbolt/tb.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 67 +- drivers/tty/serial/amba-pl011.c | 2 +- drivers/uio/uio_hv_generic.c | 21 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 8 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 261 ++- drivers/usb/host/xhci-dbgcap.h | 12 +- drivers/usb/host/xhci-dbgtty.c | 17 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 +- drivers/usb/renesas_usbhs/common.c | 18 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 +- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/file.c | 10 + fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 48 +- fs/ceph/locks.c | 5 +- fs/cifs/connect.c | 1 + fs/exfat/fatent.c | 11 +- fs/exfat/super.c | 5 +- fs/ext4/xattr.c | 2 +- fs/hpfs/namei.c | 18 +- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 15 +- fs/nfs/nfs4state.c | 3 + fs/nfs/write.c | 3 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 3 +- fs/ntfs3/inode.c | 1 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- include/linux/array_size.h | 13 + include/linux/ata.h | 1 + include/linux/blk_types.h | 11 +- include/linux/compiler_types.h | 5 +- include/linux/filter.h | 22 +- include/linux/kernel.h | 7 +- include/linux/mm.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/string.h | 1 + include/linux/usb.h | 16 +- include/net/act_api.h | 1 + include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +- include/net/tc_act/tc_connmark.h | 10 +- include/net/tls.h | 6 + kernel/bpf/ringbuf.c | 2 + kernel/events/uprobes.c | 7 + kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- lib/crypto/Makefile | 2 +- mm/mempool.c | 32 +- mm/page_alloc.c | 2 +- mm/secretmem.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 +- net/bluetooth/hci_event.c | 21 +- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 + net/bluetooth/smp.c | 31 +- net/bridge/br_forward.c | 3 +- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 +- net/ceph/debugfs.c | 16 +- net/core/netpoll.c | 7 +- net/core/page_pool.c | 12 +- net/core/sock.c | 15 +- net/dsa/tag_brcm.c | 10 +- net/hsr/hsr_device.c | 3 + net/ipv4/netfilter/nf_reject_ipv4.c | 25 + net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 +- net/ipv6/netfilter/nf_reject_ipv6.c | 30 + net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/options.c | 57 +- net/mptcp/pm_netlink.c | 26 +- net/mptcp/protocol.c | 47 +- net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 8 + net/netfilter/nf_tables_api.c | 15 + net/openvswitch/actions.c | 68 +- net/openvswitch/flow_netlink.c | 64 +- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_bpf.c | 19 +- net/sched/act_connmark.c | 154 +- net/sched/act_csum.c | 13 +- net/sched/act_ct.c | 17 +- net/sched/act_ctinfo.c | 13 +- net/sched/act_gact.c | 13 +- net/sched/act_gate.c | 13 +- net/sched/act_ife.c | 25 +- net/sched/act_ipt.c | 31 +- net/sched/act_mirred.c | 13 +- net/sched/act_mpls.c | 13 +- net/sched/act_nat.c | 13 +- net/sched/act_pedit.c | 13 +- net/sched/act_police.c | 13 +- net/sched/act_sample.c | 13 +- net/sched/act_simple.c | 13 +- net/sched/act_skbedit.c | 13 +- net/sched/act_skbmod.c | 13 +- net/sched/act_tunnel_key.c | 13 +- net/sched/act_vlan.c | 13 +- net/sched/cls_bpf.c | 6 +- net/sched/sch_api.c | 10 - net/sched/sch_generic.c | 17 +- net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 +- net/sctp/diag.c | 23 +- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/tls/tls_device.c | 4 +- net/vmw_vsock/af_vsock.c | 40 +- scripts/Makefile.compiler | 10 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/pci/hda/patch_realtek.c | 17 +- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/endpoint.c | 5 + sound/usb/mixer.c | 4 +- sound/usb/mixer_s1810c.c | 28 +- sound/usb/validate.c | 9 +- tools/include/linux/bitmap.h | 1 + tools/lib/bpf/bpf_tracing.h | 357 ++- tools/power/cpupower/lib/cpuidle.c | 5 +- tools/power/cpupower/lib/cpupower.c | 2 +- .../x86_energy_perf_policy.c | 30 +- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/progs/loop3.c | 4 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- .../selftests/drivers/net/netdevsim/Makefile | 21 + .../selftests/drivers/net/netdevsim/settings | 1 + tools/testing/selftests/net/bareudp.sh | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/gro.c | 101 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 54 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- tools/tracing/latency/latency-collector.c | 2 +- 522 files changed, 3487 insertions(+), 29503 deletions(-)

4 days, 10 hours

12
410
0 0

Mini GPS Tracker with SOS & Voice Call

by GPS Tracker

4 days, 11 hours

1
0
0 0

[PATCH 5.15.y] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS

by Rajani Kantha

From: Sean Christopherson <seanjc(a)google.com> commit 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 upstream. Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU. I.e. trying to precisely use kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause problems. Acquiring SRCU isn't all that expensive, so for simplicity, grab it unconditionally for KVM_SET_VCPU_EVENTS. ============================= WARNING: suspicious RCU usage 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted ----------------------------- include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by repro/1071: #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] stack backtrace: CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x13f/0x1a0 kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] load_vmcs12_host_state+0x432/0xb40 [kvm_intel] vmx_leave_nested+0x30/0x40 [kvm_intel] kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] ? mark_held_locks+0x49/0x70 ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] ? kvm_vcpu_ioctl+0x497/0x970 [kvm] kvm_vcpu_ioctl+0x497/0x970 [kvm] ? lock_acquire+0xba/0x2d0 ? find_held_lock+0x2b/0x80 ? do_user_addr_fault+0x40c/0x6f0 ? lock_release+0xb7/0x270 __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x6c/0x170 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7ff11eb1b539 </TASK> Fixes: f7e570780efc ("KVM: x86: Forcibly leave nested virt when SMM state is toggled") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240723232055.3643811-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> [ Based on kernel 5.15 available functions, using srcu_read_lock/srcu_read_unlock instead of kvm_vcpu_srcu_read_lock/kvm_vcpu_srcu_read_unlock ] Signed-off-by: Rajani Kantha <681739313(a)139.com> --- arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 648f80f73e66..785cd9b4283a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5294,7 +5294,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp, if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events))) break; + vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu); r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events); + srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx); break; } case KVM_GET_DEBUGREGS: { -- 2.17.1

4 days, 12 hours

2
1
0 0

+ mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jiayuan Chen <jiayuan.chen(a)linux.dev> Subject: mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN Date: Fri, 28 Nov 2025 19:15:14 +0800 Syzkaller reported a memory out-of-bounds bug [1]. This patch fixes two issues: 1. In vrealloc, we were missing the KASAN_VMALLOC_VM_ALLOC flag when unpoisoning the extended region. This flag is required to correctly associate the allocation with KASAN's vmalloc tracking. Note: In contrast, vzalloc (via __vmalloc_node_range_noprof) explicitly sets KASAN_VMALLOC_VM_ALLOC and calls kasan_unpoison_vmalloc() with it. vrealloc must behave consistently �� especially when reusing existing vmalloc regions �� to ensure KASAN can track allocations correctly. 2. When vrealloc reuses an existing vmalloc region (without allocating new pages), KASAN previously generated a new tag, which broke tag-based memory access tracking. We now add a 'reuse_tag' parameter to __kasan_unpoison_vmalloc() to preserve the original tag in such cases. A new helper kasan_unpoison_vralloc() is introduced to handle this reuse scenario, ensuring consistent tag behavior during reallocation. Link: https://lkml.kernel.org/r/20251128111516.244497-1-jiayuan.chen@linux.dev Link: https://syzkaller.appspot.com/bug?extid=997752115a851cb0cf36 [1] Fixes: a0309faf1cb0 ("mm: vmalloc: support more granular vrealloc() sizing") Signed-off-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Reported-by: syzbot+997752115a851cb0cf36(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68e243a2.050a0220.1696c6.007d.GAE@google.com/T/ Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 21 +++++++++++++++++++-- mm/kasan/hw_tags.c | 4 ++-- mm/kasan/shadow.c | 6 ++++-- mm/vmalloc.c | 4 ++-- 4 files changed, 27 insertions(+), 8 deletions(-) --- a/include/linux/kasan.h~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/include/linux/kasan.h @@ -596,13 +596,23 @@ static inline void kasan_release_vmalloc #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags); + kasan_vmalloc_flags_t flags, bool reuse_tag); + +static __always_inline void *kasan_unpoison_vrealloc(const void *start, + unsigned long size, + kasan_vmalloc_flags_t flags) +{ + if (kasan_enabled()) + return __kasan_unpoison_vmalloc(start, size, flags, true); + return (void *)start; +} + static __always_inline void *kasan_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) { if (kasan_enabled()) - return __kasan_unpoison_vmalloc(start, size, flags); + return __kasan_unpoison_vmalloc(start, size, flags, false); return (void *)start; } @@ -629,6 +639,13 @@ static inline void kasan_release_vmalloc unsigned long free_region_end, unsigned long flags) { } +static inline void *kasan_unpoison_vrealloc(const void *start, + unsigned long size, + kasan_vmalloc_flags_t flags) +{ + return (void *)start; +} + static inline void *kasan_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) --- a/mm/kasan/hw_tags.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/kasan/hw_tags.c @@ -317,7 +317,7 @@ static void init_vmalloc_pages(const voi } void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, bool reuse_tag) { u8 tag; unsigned long redzone_start, redzone_size; @@ -361,7 +361,7 @@ void *__kasan_unpoison_vmalloc(const voi return (void *)start; } - tag = kasan_random_tag(); + tag = reuse_tag ? get_tag(start) : kasan_random_tag(); start = set_tag(start, tag); /* Unpoison and initialize memory up to size. */ --- a/mm/kasan/shadow.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/kasan/shadow.c @@ -625,7 +625,7 @@ void kasan_release_vmalloc(unsigned long } void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, bool reuse_tag) { /* * Software KASAN modes unpoison both VM_ALLOC and non-VM_ALLOC @@ -648,7 +648,9 @@ void *__kasan_unpoison_vmalloc(const voi !(flags & KASAN_VMALLOC_PROT_NORMAL)) return (void *)start; - start = set_tag(start, kasan_random_tag()); + if (!reuse_tag) + start = set_tag(start, kasan_random_tag()); + kasan_unpoison(start, size, false); return (void *)start; } --- a/mm/vmalloc.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/vmalloc.c @@ -4175,8 +4175,8 @@ void *vrealloc_node_align_noprof(const v * We already have the bytes available in the allocation; use them. */ if (size <= alloced_size) { - kasan_unpoison_vmalloc(p + old_size, size - old_size, - KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vrealloc(p, size, + KASAN_VMALLOC_PROT_NORMAL | KASAN_VMALLOC_VM_ALLOC); /* * No need to zero memory here, as unused memory will have * already been zeroed at initial allocation time or during _ Patches currently in -mm which might be from jiayuan.chen(a)linux.dev are mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch mm-vmscan-skip-increasing-kswapd_failures-when-reclaim-was-boosted.patch

4 days, 12 hours

3
3
0 0

[PATCH v3] net/handshake: restore destructor on submit failure

by caoping

handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path. Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Reviewed-by: Chuck Lever <chuck.lever(a)oracle.com> Cc: stable(a)vger.kernel.org Signed-off-by: caoping <caoping(a)cmss.chinamobile.com> --- net/handshake/request.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/handshake/request.c b/net/handshake/request.c index 274d2c89b6b2..89435ed755cd 100644 --- a/net/handshake/request.c +++ b/net/handshake/request.c @@ -276,6 +276,8 @@ int handshake_req_submit(struct socket *sock, struct handshake_req *req, out_unlock: spin_unlock(&hn->hn_lock); out_err: + /* Restore original destructor so socket teardown still runs on failure */ + req->hr_sk->sk_destruct = req->hr_odestruct; trace_handshake_submit_err(net, req, req->hr_sk, ret); handshake_req_destroy(req); return ret; base-commit: 4a26e7032d7d57c998598c08a034872d6f0d3945 -- 2.47.3

4 days, 13 hours

2
1
0 0

[PATCH] usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()

by Haoxiang Li

usbhsp_get_pipe() set pipe's flags to IS_USED. In error paths, usbhsp_put_pipe() is required to clear pipe's flags to prevent pipe exhaustion. Fixes: f1407d5c6624 ("usb: renesas_usbhs: Add Renesas USBHS common code") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/usb/renesas_usbhs/pipe.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/renesas_usbhs/pipe.c b/drivers/usb/renesas_usbhs/pipe.c index 75fff2e4cbc6..56fc3ff5016f 100644 --- a/drivers/usb/renesas_usbhs/pipe.c +++ b/drivers/usb/renesas_usbhs/pipe.c @@ -713,11 +713,13 @@ struct usbhs_pipe *usbhs_pipe_malloc(struct usbhs_priv *priv, /* make sure pipe is not busy */ ret = usbhsp_pipe_barrier(pipe); if (ret < 0) { + usbhsp_put_pipe(pipe); dev_err(dev, "pipe setup failed %d\n", usbhs_pipe_number(pipe)); return NULL; } if (usbhsp_setup_pipecfg(pipe, is_host, dir_in, &pipecfg)) { + usbhsp_put_pipe(pipe); dev_err(dev, "can't setup pipe\n"); return NULL; } -- 2.25.1

4 days, 14 hours

1
0
0 0

[PATCH 0/2] PCI: dwc: Fix missing iATU setup when ECAM is enabled

by Krishna Chaitanya Chundru

When ECAM is enabled, the driver skipped calling dw_pcie_iatu_setup() before configuring ECAM iATU entries. This left IO and MEM outbound windows unprogrammed, resulting in broken IO transactions. Additionally, dw_pcie_config_ecam_iatu() was only called during host initialization, so ECAM-related iATU entries were not restored after suspend/resume, leading to failures in configuration space access. To resolve these issues, the ECAM iATU configuration is moved into dw_pcie_setup_rc(). At the same time, dw_pcie_iatu_setup() is invoked when ECAM is enabled. Signed-off-by: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> --- Krishna Chaitanya Chundru (2): PCI: dwc: Correct iATU index increment for MSG TLP region PCI: dwc: Fix missing iATU setup when ECAM is enabled drivers/pci/controller/dwc/pcie-designware-host.c | 37 ++++++++++++++--------- drivers/pci/controller/dwc/pcie-designware.c | 3 ++ drivers/pci/controller/dwc/pcie-designware.h | 2 +- 3 files changed, 26 insertions(+), 16 deletions(-) --- base-commit: 3f9f0252130e7dd60d41be0802bf58f6471c691d change-id: 20251203-ecam_io_fix-6e060fecd3b8 Best regards, -- Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com>

4 days, 14 hours

3
3
0 0

[PATCH] drm/i915/dmc: fix an unlikely NULL pointer deference at probe

by Jani Nikula

intel_dmc_update_dc6_allowed_count() oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intel_power_domains_init_hw() -> {skl,bxt,icl}_display_core_init() -> gen9_set_dc_state() -> intel_dmc_update_dc6_allowed_count(), as intel_power_domains_init_hw() is called *before* intel_dmc_init(). However, gen9_set_dc_state() calls intel_dmc_update_dc6_allowed_count() conditionally, depending on the current and target DC states. At probe, the target is disabled, but if DC6 is enabled, the function is called, and an oops follows. Apparently it's quite unlikely that DC6 is enabled at probe, as we haven't seen this failure mode before. Add NULL checks and switch the dmc->display references to just display. Fixes: 88c1f9a4d36d ("drm/i915/dmc: Create debugfs entry for dc6 counter") Cc: Mohammed Thasleem <mohammed.thasleem(a)intel.com> Cc: Imre Deak <imre.deak(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.16+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- Rare case, but this may also throw off the rc6 counting in debugfs when it does happen. --- drivers/gpu/drm/i915/display/intel_dmc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_dmc.c b/drivers/gpu/drm/i915/display/intel_dmc.c index 2fb6fec6dc99..169bbbc91f6d 100644 --- a/drivers/gpu/drm/i915/display/intel_dmc.c +++ b/drivers/gpu/drm/i915/display/intel_dmc.c @@ -1570,10 +1570,10 @@ void intel_dmc_update_dc6_allowed_count(struct intel_display *display, struct intel_dmc *dmc = display_to_dmc(display); u32 dc5_cur_count; - if (DISPLAY_VER(dmc->display) < 14) + if (!dmc || DISPLAY_VER(display) < 14) return; - dc5_cur_count = intel_de_read(dmc->display, DG1_DMC_DEBUG_DC5_COUNT); + dc5_cur_count = intel_de_read(display, DG1_DMC_DEBUG_DC5_COUNT); if (!start_tracking) dmc->dc6_allowed.count += dc5_cur_count - dmc->dc6_allowed.dc5_start; @@ -1587,7 +1587,7 @@ static bool intel_dmc_get_dc6_allowed_count(struct intel_display *display, u32 * struct intel_dmc *dmc = display_to_dmc(display); bool dc6_enabled; - if (DISPLAY_VER(display) < 14) + if (!dmc || DISPLAY_VER(display) < 14) return false; mutex_lock(&power_domains->lock); -- 2.47.3

4 days, 14 hours

2
6
0 0

[PATCH 5.10.y] HID: core: Harden s32ton() against conversion to 0 bits

by jetlan9＠163.com

From: Alan Stern <stern(a)rowland.harvard.edu> [ Upstream commit a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd ] Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.… Tested-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Fixes: dde5845a529f ("[PATCH] Generic HID layer - code split") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harva… Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> [ s32ton() was moved by c653ffc28340 ("HID: stop exporting hid_snto32()"). Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/hid/hid-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 89aa7a0e51de..e789452181fe 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1349,7 +1349,12 @@ EXPORT_SYMBOL_GPL(hid_snto32); static u32 s32ton(__s32 value, unsigned n) { - s32 a = value >> (n - 1); + s32 a; + + if (!value || !n) + return 0; + + a = value >> (n - 1); if (a && a != -1) return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1; return value & ((1 << n) - 1); -- 2.43.0

4 days, 14 hours

1
0
0 0

[PATCH 5.15.y] HID: core: Harden s32ton() against conversion to 0 bits

by jetlan9＠163.com

From: Alan Stern <stern(a)rowland.harvard.edu> [ Upstream commit a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd ] Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.… Tested-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Fixes: dde5845a529f ("[PATCH] Generic HID layer - code split") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harva… Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> [ s32ton() was moved by c653ffc28340 ("HID: stop exporting hid_snto32()"). Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/hid/hid-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index a6c2c55daebb..d49a8c458206 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1349,7 +1349,12 @@ EXPORT_SYMBOL_GPL(hid_snto32); static u32 s32ton(__s32 value, unsigned n) { - s32 a = value >> (n - 1); + s32 a; + + if (!value || !n) + return 0; + + a = value >> (n - 1); if (a && a != -1) return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1; return value & ((1 << n) - 1); -- 2.43.0

4 days, 14 hours

1
0
0 0

[PATCH v3 1/2] hfs: ensure sb->s_fs_info is always cleaned up

by Mehdi Ben Hadj Khelifa

When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock has been allocated by sget_fc(), but before hfs_fill_super() takes ownership of the filesystem-specific s_fs_info data it was leaked. Fix this by freeing sb->s_fs_info in hfs_kill_super(). Cc: stable(a)vger.kernel.org Fixes: ffcd06b6d13b ("hfs: convert hfs to use the new mount api") Reported-by: syzbot+ad45f827c88778ff7df6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=ad45f827c88778ff7df6 Tested-by: Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa(a)gmail.com> --- fs/hfs/mdb.c | 35 ++++++++++++++--------------------- fs/hfs/super.c | 10 +++++++++- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c index 53f3fae60217..f28cd24dee84 100644 --- a/fs/hfs/mdb.c +++ b/fs/hfs/mdb.c @@ -92,7 +92,7 @@ int hfs_mdb_get(struct super_block *sb) /* See if this is an HFS filesystem */ bh = sb_bread512(sb, part_start + HFS_MDB_BLK, mdb); if (!bh) - goto out; + return -EIO; if (mdb->drSigWord == cpu_to_be16(HFS_SUPER_MAGIC)) break; @@ -102,13 +102,14 @@ int hfs_mdb_get(struct super_block *sb) * (should do this only for cdrom/loop though) */ if (hfs_part_find(sb, &part_start, &part_size)) - goto out; + return -EIO; } HFS_SB(sb)->alloc_blksz = size = be32_to_cpu(mdb->drAlBlkSiz); if (!size || (size & (HFS_SECTOR_SIZE - 1))) { pr_err("bad allocation block size %d\n", size); - goto out_bh; + brelse(bh); + return -EIO; } size = min(HFS_SB(sb)->alloc_blksz, (u32)PAGE_SIZE); @@ -125,14 +126,16 @@ int hfs_mdb_get(struct super_block *sb) brelse(bh); if (!sb_set_blocksize(sb, size)) { pr_err("unable to set blocksize to %u\n", size); - goto out; + return -EIO; } bh = sb_bread512(sb, part_start + HFS_MDB_BLK, mdb); if (!bh) - goto out; - if (mdb->drSigWord != cpu_to_be16(HFS_SUPER_MAGIC)) - goto out_bh; + return -EIO; + if (mdb->drSigWord != cpu_to_be16(HFS_SUPER_MAGIC)) { + brelse(bh); + return -EIO; + } HFS_SB(sb)->mdb_bh = bh; HFS_SB(sb)->mdb = mdb; @@ -174,7 +177,7 @@ int hfs_mdb_get(struct super_block *sb) HFS_SB(sb)->bitmap = kzalloc(8192, GFP_KERNEL); if (!HFS_SB(sb)->bitmap) - goto out; + return -EIO; /* read in the bitmap */ block = be16_to_cpu(mdb->drVBMSt) + part_start; @@ -185,7 +188,7 @@ int hfs_mdb_get(struct super_block *sb) bh = sb_bread(sb, off >> sb->s_blocksize_bits); if (!bh) { pr_err("unable to read volume bitmap\n"); - goto out; + return -EIO; } off2 = off & (sb->s_blocksize - 1); len = min((int)sb->s_blocksize - off2, size); @@ -199,12 +202,12 @@ int hfs_mdb_get(struct super_block *sb) HFS_SB(sb)->ext_tree = hfs_btree_open(sb, HFS_EXT_CNID, hfs_ext_keycmp); if (!HFS_SB(sb)->ext_tree) { pr_err("unable to open extent tree\n"); - goto out; + return -EIO; } HFS_SB(sb)->cat_tree = hfs_btree_open(sb, HFS_CAT_CNID, hfs_cat_keycmp); if (!HFS_SB(sb)->cat_tree) { pr_err("unable to open catalog tree\n"); - goto out; + return -EIO; } attrib = mdb->drAtrb; @@ -229,12 +232,6 @@ int hfs_mdb_get(struct super_block *sb) } return 0; - -out_bh: - brelse(bh); -out: - hfs_mdb_put(sb); - return -EIO; } /* @@ -359,8 +356,6 @@ void hfs_mdb_close(struct super_block *sb) * Release the resources associated with the in-core MDB. */ void hfs_mdb_put(struct super_block *sb) { - if (!HFS_SB(sb)) - return; /* free the B-trees */ hfs_btree_close(HFS_SB(sb)->ext_tree); hfs_btree_close(HFS_SB(sb)->cat_tree); @@ -373,6 +368,4 @@ void hfs_mdb_put(struct super_block *sb) unload_nls(HFS_SB(sb)->nls_disk); kfree(HFS_SB(sb)->bitmap); - kfree(HFS_SB(sb)); - sb->s_fs_info = NULL; } diff --git a/fs/hfs/super.c b/fs/hfs/super.c index 47f50fa555a4..df289cbdd4e8 100644 --- a/fs/hfs/super.c +++ b/fs/hfs/super.c @@ -431,10 +431,18 @@ static int hfs_init_fs_context(struct fs_context *fc) return 0; } +static void hfs_kill_super(struct super_block *sb) +{ + struct hfs_sb_info *hsb = HFS_SB(sb); + + kill_block_super(sb); + kfree(hsb); +} + static struct file_system_type hfs_fs_type = { .owner = THIS_MODULE, .name = "hfs", - .kill_sb = kill_block_super, + .kill_sb = hfs_kill_super, .fs_flags = FS_REQUIRES_DEV, .init_fs_context = hfs_init_fs_context, }; -- 2.52.0

4 days, 15 hours

2
4
0 0

Loan and Investment offer/ Account Reprofilling

by Gerald Johnson

4 days, 15 hours

1
0
0 0

[PATCH] soc: mediatek: SVS: Fix a reference leak bug in svs_add_device_link()

by Haoxiang Li

svs_get_subsys_device() increases the reference count of the returned device, if error happens, put_device() is required to drop the device reference. Fixes: 681a02e95000 ("soc: mediatek: SVS: introduce MTK SVS engine") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/soc/mediatek/mtk-svs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/soc/mediatek/mtk-svs.c b/drivers/soc/mediatek/mtk-svs.c index f45537546553..c8f15bb139c6 100644 --- a/drivers/soc/mediatek/mtk-svs.c +++ b/drivers/soc/mediatek/mtk-svs.c @@ -2155,12 +2155,15 @@ static struct device *svs_add_device_link(struct svs_platform *svsp, sup_link = device_link_add(svsp->dev, dev, DL_FLAG_AUTOREMOVE_CONSUMER); if (!sup_link) { + put_device(dev); dev_err(svsp->dev, "sup_link is NULL\n"); return ERR_PTR(-EINVAL); } - if (sup_link->supplier->links.status != DL_DEV_DRIVER_BOUND) + if (sup_link->supplier->links.status != DL_DEV_DRIVER_BOUND) { + put_device(dev); return ERR_PTR(-EPROBE_DEFER); + } return dev; } -- 2.25.1

4 days, 16 hours

1
0
0 0

[PATCH iwl-net v1] ixgbevf: fix link setup issue

by Jedrzej Jagielski

It may happen that VF spawned for E610 adapter has problem with setting link up. This happens when ixgbevf supporting mailbox API 1.6 coopearates with PF driver which doesn't support this version of API, and hence doesn't support new approach for getting PF link data. In that case VF asks PF to provide link data but as PF doesn't support it, returns -EOPNOTSUPP what leads to early bail from link configuration sequence. Avoid such situation by using legacy VFLINKS approach whenever negotiated API version is less than 1.6. Fixes: 53f0eb62b4d2 ("ixgbevf: fix getting link speed data for E610 devices") Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> --- drivers/net/ethernet/intel/ixgbevf/vf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c b/drivers/net/ethernet/intel/ixgbevf/vf.c index 29c5ce967938..8af88f615776 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.c +++ b/drivers/net/ethernet/intel/ixgbevf/vf.c @@ -846,7 +846,8 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, if (!mac->get_link_status) goto out; - if (hw->mac.type == ixgbe_mac_e610_vf) { + if (hw->mac.type == ixgbe_mac_e610_vf && + hw->api_version >= ixgbe_mbox_api_16) { ret_val = ixgbevf_get_pf_link_state(hw, speed, link_up); if (ret_val) goto out; -- 2.31.1

4 days, 16 hours

2
1
0 0

[PATCH] MIPS: Fix a reference leak bug in ip22_check_gio()

by Haoxiang Li

If gio_device_register fails, gio_dev_put() is required to drop the gio_dev device reference. Fixes: e84de0c61905 ("MIPS: GIO bus support for SGI IP22/28") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- arch/mips/sgi-ip22/ip22-gio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/mips/sgi-ip22/ip22-gio.c b/arch/mips/sgi-ip22/ip22-gio.c index 5893ea4e382c..19b70928d6dc 100644 --- a/arch/mips/sgi-ip22/ip22-gio.c +++ b/arch/mips/sgi-ip22/ip22-gio.c @@ -372,7 +372,8 @@ static void ip22_check_gio(int slotno, unsigned long addr, int irq) gio_dev->resource.flags = IORESOURCE_MEM; gio_dev->irq = irq; dev_set_name(&gio_dev->dev, "%d", slotno); - gio_device_register(gio_dev); + if (gio_device_register(gio_dev)) + gio_dev_put(gio_dev); } else printk(KERN_INFO "GIO: slot %d : Empty\n", slotno); } -- 2.25.1

4 days, 16 hours

1
0
0 0

[PATCH v2] drm/xe/exec: Validate num_syncs to prevent oversized allocations

by Shuicheng Lin

The exec ioctl allows userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessively large allocation, leading to kernel warnings from the page allocator as below. Introduce XE_EXEC_MAX_SYNCS (set to 64) and reject any request exceeding this limit. " ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180 mm/page_alloc.c:5124 ... Call Trace: <TASK> alloc_pages_mpol+0xe4/0x330 mm/mempolicy.c:2416 ___kmalloc_large_node+0xd8/0x110 mm/slub.c:4317 __kmalloc_large_node_noprof+0x18/0xe0 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kmalloc_noprof+0x3d4/0x4b0 mm/slub.c:4388 kmalloc_noprof include/linux/slab.h:909 [inline] kmalloc_array_noprof include/linux/slab.h:948 [inline] xe_exec_ioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xe_exec.c:158 drm_ioctl_kernel+0x1f1/0x3e0 drivers/gpu/drm/drm_ioctl.c:797 drm_ioctl+0x5e7/0xc50 drivers/gpu/drm/drm_ioctl.c:894 xe_drm_ioctl+0x10b/0x170 drivers/gpu/drm/xe/xe_device.c:224 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl fs/ioctl.c:584 [inline] __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xbb/0x380 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... " v2: Add "Reported-by" and Cc stable kernels. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6450 Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Reported-by: Koen Koning <koen.koning(a)intel.com> Reported-by: Peter Senna Tschudin <peter.senna(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Cc: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 5 +++++ include/uapi/drm/xe_drm.h | 1 + 2 files changed, 6 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 4d81210e41f5..01c56fd95d5b 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -162,6 +162,11 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) } if (args->num_syncs) { + if (XE_IOCTL_DBG(xe, args->num_syncs > XE_EXEC_MAX_SYNCS)) { + err = -EINVAL; + goto err_exec_queue; + } + syncs = kcalloc(args->num_syncs, sizeof(*syncs), GFP_KERNEL); if (!syncs) { err = -ENOMEM; diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h index 47853659a705..1901ca26621a 100644 --- a/include/uapi/drm/xe_drm.h +++ b/include/uapi/drm/xe_drm.h @@ -1463,6 +1463,7 @@ struct drm_xe_exec { /** @exec_queue_id: Exec queue ID for the batch buffer */ __u32 exec_queue_id; +#define XE_EXEC_MAX_SYNCS 64 /** @num_syncs: Amount of struct drm_xe_sync in array. */ __u32 num_syncs; -- 2.49.0

4 days, 17 hours

3
2
0 0

[PATCH] powerpc: cell: Fix a reference leak bug in create_spu()

by Haoxiang Li

spu_create_dev() calls device_register(), if it fails, put_device() is required to drop the device reference. Fixes: 8a25a2fd126c ("cpu: convert 'cpu' and 'machinecheck' sysdev_class to a regular subsystem") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- arch/powerpc/platforms/cell/spu_base.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/cell/spu_base.c b/arch/powerpc/platforms/cell/spu_base.c index 2c07387201d0..18145142d3ac 100644 --- a/arch/powerpc/platforms/cell/spu_base.c +++ b/arch/powerpc/platforms/cell/spu_base.c @@ -581,8 +581,10 @@ static int __init create_spu(void *data) goto out_destroy; ret = spu_create_dev(spu); - if (ret) + if (ret) { + put_device(&spu->dev); goto out_free_irqs; + } mutex_lock(&cbe_spu_info[spu->node].list_mutex); list_add(&spu->cbe_list, &cbe_spu_info[spu->node].spus); -- 2.25.1

4 days, 17 hours

1
0
0 0

[PATCH net v3] net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()

by Shaurya Rane

prp_get_untagged_frame() calls __pskb_copy() to create frame->skb_std but doesn't check if the allocation failed. If __pskb_copy() returns NULL, skb_clone() is called with a NULL pointer, causing a crash: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 0 UID: 0 PID: 5625 Comm: syz.1.18 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:skb_clone+0xd7/0x3a0 net/core/skbuff.c:2041 Code: 03 42 80 3c 20 00 74 08 4c 89 f7 e8 23 29 05 f9 49 83 3e 00 0f 85 a0 01 00 00 e8 94 dd 9d f8 48 8d 6b 7e 49 89 ee 49 c1 ee 03 <43> 0f b6 04 26 84 c0 0f 85 d1 01 00 00 44 0f b6 7d 00 41 83 e7 0c RSP: 0018:ffffc9000d00f200 EFLAGS: 00010207 RAX: ffffffff892235a1 RBX: 0000000000000000 RCX: ffff88803372a480 RDX: 0000000000000000 RSI: 0000000000000820 RDI: 0000000000000000 RBP: 000000000000007e R08: ffffffff8f7d0f77 R09: 1ffffffff1efa1ee R10: dffffc0000000000 R11: fffffbfff1efa1ef R12: dffffc0000000000 R13: 0000000000000820 R14: 000000000000000f R15: ffff88805144cc00 FS: 0000555557f6d500(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555581d35808 CR3: 000000005040e000 CR4: 0000000000352ef0 Call Trace: <TASK> hsr_forward_do net/hsr/hsr_forward.c:-1 [inline] hsr_forward_skb+0x1013/0x2860 net/hsr/hsr_forward.c:741 hsr_handle_frame+0x6ce/0xa70 net/hsr/hsr_slave.c:84 __netif_receive_skb_core+0x10b9/0x4380 net/core/dev.c:5966 __netif_receive_skb_one_core net/core/dev.c:6077 [inline] __netif_receive_skb+0x72/0x380 net/core/dev.c:6192 netif_receive_skb_internal net/core/dev.c:6278 [inline] netif_receive_skb+0x1cb/0x790 net/core/dev.c:6337 tun_rx_batched+0x1b9/0x730 drivers/net/tun.c:1485 tun_get_user+0x2b65/0x3e90 drivers/net/tun.c:1953 tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1999 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0449f8e1ff Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 RSP: 002b:00007ffd7ad94c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f044a1e5fa0 RCX: 00007f0449f8e1ff RDX: 000000000000003e RSI: 0000200000000500 RDI: 00000000000000c8 RBP: 00007ffd7ad94d20 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001 R13: 00007f044a1e5fa0 R14: 00007f044a1e5fa0 R15: 0000000000000003 </TASK> Add a NULL check immediately after __pskb_copy() to handle allocation failures gracefully. Reported-by: syzbot+2fa344348a579b779e05(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2fa344348a579b779e05 Fixes: f266a683a480 ("net/hsr: Better frame dispatch") Cc: stable(a)vger.kernel.org Signed-off-by: Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> --- v3: - Keep only prp_get_untagged_frame() fix as the other two NETIF_F_HW_HSR_TAG_INS checks are not needed for this bug - Move NULL check immediately after __pskb_copy() call v2: - Add stack trace to commit message - Target net tree with [PATCH net] - Add Cc: stable(a)vger.kernel.org --- net/hsr/hsr_forward.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/hsr/hsr_forward.c b/net/hsr/hsr_forward.c index 339f0d220212..aefc9b6936ba 100644 --- a/net/hsr/hsr_forward.c +++ b/net/hsr/hsr_forward.c @@ -205,6 +205,8 @@ struct sk_buff *prp_get_untagged_frame(struct hsr_frame_info *frame, __pskb_copy(frame->skb_prp, skb_headroom(frame->skb_prp), GFP_ATOMIC); + if (!frame->skb_std) + return NULL; } else { /* Unexpected */ WARN_ONCE(1, "%s:%d: Unexpected frame received (port_src %s)\n", -- 2.34.1

4 days, 17 hours

4
3
0 0

kernel crash when use zstd compress 256gb qemu raw image file

by 罗勇刚(Yonggang Luo)

Dec 04 03:29:28 32core systemd-modules-load[916]: Failed to find module 'vendor-reset' Dec 04 03:29:28 32core systemd-udevd[938]: Using default interface naming scheme 'v257'. Dec 04 03:29:28 32core lvm[908]: 5 logical volume(s) in volume group "pve" monitored Dec 04 03:29:28 32core systemd-modules-load[916]: Inserted module 'vhost_net' Dec 04 03:29:28 32core systemd[1]: Starting systemd-journal-flush.service - Flush Journal to Persistent Storage... Dec 04 03:29:28 32core kernel: input: Generic USB Audio Consumer Control as /devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:08.0/0000:48:00.3/usb9/9-5/9-5:1.7/0003:26CE:0A01.0006/input/input10 Dec 04 03:29:28 32core kernel: input: Generic USB Audio as /devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:08.0/0000:48:00.3/usb9/9-5/9-5:1.7/0003:26CE:0A01.0006/input/input11 Dec 04 03:29:28 32core kernel: hid-generic 0003:26CE:0A01.0006: input,hiddev2,hidraw5: USB HID v1.11 Device [Generic USB Audio] on usb-0000:48:00.3-5/input7 Dec 04 03:29:28 32core (udev-worker)[954]: lo: Invalid network interface name, ignoring: Dec 04 03:29:28 32core systemd[1]: Found device dev-pve-swap.device - /dev/pve/swap. Dec 04 03:29:28 32core lvm[1079]: PV /dev/nvme2n1p3 online, VG pve is complete. Dec 04 03:29:28 32core lvm[1079]: VG pve finished Dec 04 03:29:29 32core kernel: mc: Linux media interface: v0.10 Dec 04 03:29:29 32core kernel: input: PC Speaker as /devices/platform/pcspkr/input/input12 Dec 04 03:29:29 32core kernel: RAPL PMU: API unit is 2^-32 Joules, 2 fixed counters, 163840 ms ovfl timer Dec 04 03:29:29 32core kernel: RAPL PMU: hw unit of domain package 2^-16 Joules Dec 04 03:29:29 32core kernel: RAPL PMU: hw unit of domain core 2^-16 Joules Dec 04 03:29:29 32core kernel: ee1004 1-0051: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ccp 0000:22:00.1: enabling device (0000 -> 0002) Dec 04 03:29:29 32core kernel: ccp 0000:22:00.1: ccp enabled Dec 04 03:29:29 32core kernel: ccp 0000:22:00.1: psp enabled Dec 04 03:29:29 32core kernel: ee1004 1-0053: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ee1004 1-0055: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ee1004 1-0057: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core kernel: ee1004 3-0057: Failed to select page 0 (-6) Dec 04 03:29:29 32core kernel: ee1004 3-0057: 512 byte EE1004-compliant SPD EEPROM, read-only Dec 04 03:29:29 32core systemd[1]: Activating swap dev-pve-swap.swap - /dev/pve/swap... Dec 04 03:29:29 32core systemd[1]: Finished systemd-udev-trigger.service - Coldplug All udev Devices. Dec 04 03:29:29 32core systemd-journald[915]: Time spent on flushing to /var/log/journal/9b05606f693a449bb4ef49b502ff7c47 is 14.486ms for 1566 entries. Dec 04 03:29:29 32core systemd-journald[915]: System Journal (/var/log/journal/9b05606f693a449bb4ef49b502ff7c47) is 3.1G, max 4G, 907.3M free. Dec 04 03:29:29 32core systemd-journald[915]: Received client request to flush runtime journal. Dec 04 03:29:29 32core systemd-journald[915]: File /var/log/journal/9b05606f693a449bb4ef49b502ff7c47/system.journal corrupted or uncleanly shut down, renaming and replacing. Dec 04 03:29:29 32core kernel: Adding 8388604k swap on /dev/mapper/pve-swap. Priority:-2 extents:1 across:8388604k SS Dec 04 03:29:29 32core systemd[1]: Activated swap dev-pve-swap.swap - /dev/pve/swap. Dec 04 03:29:29 32core systemd[1]: Found device dev-disk-by\x2duuid-9EA6\x2dDCA3.device - THNSN51T02DU7 TOSHIBA 2. Dec 04 03:29:29 32core systemd[1]: Found device dev-disk-by\x2duuid-c1ab544a\x2d4190\x2d426a\x2d8cdd\x2d8d6af66f97fa.device - Asgard AN2TNVMe M.2/80 1. Dec 04 03:29:29 32core systemd[1]: Reached target swap.target - Swaps. Dec 04 03:29:29 32core systemd-fsck[1210]: fsck.fat 4.2 (2021-01-31) Dec 04 03:29:29 32core systemd-fsck[1210]: There are differences between boot sector and its backup. Dec 04 03:29:29 32core systemd-fsck[1210]: This is mostly harmless. Differences: (offset:original/backup) Dec 04 03:29:29 32core systemd-fsck[1210]: 65:01/00 Dec 04 03:29:29 32core systemd-fsck[1210]: Not automatically fixing this. Dec 04 03:29:29 32core systemd-fsck[1210]: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt. Dec 04 03:29:29 32core systemd-fsck[1210]: Automatically removing dirty bit. Dec 04 03:29:29 32core systemd-fsck[1210]: *** Filesystem was changed *** Dec 04 03:29:29 32core systemd-fsck[1210]: Writing changes. Dec 04 03:29:29 32core systemd-fsck[1210]: /dev/nvme2n1p2: 5 files, 88/130812 clusters Dec 04 03:29:29 32core systemd[1]: Reached target tpm2.target - Trusted Platform Module. Dec 04 03:29:29 32core systemd[1]: Listening on systemd-rfkill.socket - Load/Save RF Kill Switch Status /dev/rfkill Watch. Dec 04 03:29:29 32core systemd[1]: Starting ifupdown2-pre.service - Helper to synchronize boot up for ifupdown... Dec 04 03:29:29 32core systemd[1]: Starting systemd-fsck(a)dev-disk-by\x2duuid-9EA6\x2dDCA3.service - File System Check on /dev/disk/by-uuid/9EA6-DCA3... Dec 04 03:29:29 32core systemd[1]: Starting systemd-udev-settle.service - Wait for udev To Complete Device Initialization... Dec 04 03:29:29 32core udevadm[1208]: systemd-udev-settle.service is deprecated. Please fix zfs-import-scan.service, zfs-import-cache.service not to pull it in. Dec 04 03:29:29 32core systemd[1]: Finished systemd-fsck(a)dev-disk-by\x2duuid-9EA6\x2dDCA3.service - File System Check on /dev/disk/by-uuid/9EA6-DCA3. Dec 04 03:29:29 32core systemd[1]: Finished systemd-journal-flush.service - Flush Journal to Persistent Storage. Dec 04 03:29:29 32core kernel: kvm_amd: TSC scaling supported Dec 04 03:29:29 32core kernel: kvm_amd: Nested Virtualization enabled Dec 04 03:29:29 32core kernel: kvm_amd: Nested Paging enabled Dec 04 03:29:29 32core kernel: kvm_amd: LBR virtualization supported Dec 04 03:29:29 32core kernel: kvm_amd: SEV disabled (ASIDs 1 - 509) Dec 04 03:29:29 32core kernel: kvm_amd: SEV-ES disabled (ASIDs 0 - 0) Dec 04 03:29:29 32core kernel: kvm_amd: Virtual VMLOAD VMSAVE supported Dec 04 03:29:29 32core kernel: kvm_amd: Virtual GIF supported Dec 04 03:29:29 32core kernel: snd_hda_intel 0000:01:00.1: Force to non-snoop mode Dec 04 03:29:29 32core kernel: snd_hda_intel 0000:22:00.4: enabling device (0000 -> 0002) Dec 04 03:29:29 32core kernel: snd_hda_intel 0000:22:00.4: no codecs found! Dec 04 03:29:29 32core kernel: ZFS: Loaded module v2.3.4-pve1, ZFS pool version 5000, ZFS filesystem version 5 Dec 04 03:29:29 32core systemd-modules-load[916]: Inserted module 'zfs' Dec 04 03:29:29 32core systemd[1]: Finished systemd-modules-load.service - Load Kernel Modules. Dec 04 03:29:29 32core kernel: [drm] radeon kernel modesetting enabled. Dec 04 03:29:29 32core systemd[1]: Starting systemd-sysctl.service - Apply Kernel Variables... Dec 04 03:29:29 32core kernel: MCE: In-kernel MCE decoding enabled. Dec 04 03:29:29 32core systemd[1]: Reached target sound.target - Sound Card. Dec 04 03:29:29 32core kernel: input: HDA ATI HDMI HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:01.1/0000:01:00.1/sound/card1/input13 Dec 04 03:29:29 32core kernel: Console: switching to colour dummy device 80x25 Dec 04 03:29:29 32core systemd[1]: Finished systemd-sysctl.service - Apply Kernel Variables. Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: vgaarb: deactivate vga console Dec 04 03:29:29 32core kernel: [drm] initializing kernel modesetting (OLAND 0x1002:0x6613 0x1002:0x2B0A 0x81). Dec 04 03:29:29 32core kernel: ATOM BIOS: C57701 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: VRAM: 1024M 0x0000000000000000 - 0x000000003FFFFFFF (1024M used) Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: GTT: 2048M 0x0000000040000000 - 0x00000000BFFFFFFF Dec 04 03:29:29 32core kernel: [drm] Detected VRAM RAM=1024M, BAR=256M Dec 04 03:29:29 32core kernel: [drm] RAM width 128bits DDR Dec 04 03:29:29 32core kernel: [drm] radeon: 1024M of VRAM memory ready Dec 04 03:29:29 32core kernel: [drm] radeon: 2048M of GTT memory ready. Dec 04 03:29:29 32core kernel: [drm] Loading oland Microcode Dec 04 03:29:29 32core kernel: [drm] Internal thermal controller with fan control Dec 04 03:29:29 32core kernel: [drm] radeon: dpm initialized Dec 04 03:29:29 32core kernel: [drm] GART: num cpu pages 524288, num gpu pages 524288 Dec 04 03:29:29 32core kernel: intel_rapl_common: Found RAPL domain package Dec 04 03:29:29 32core kernel: intel_rapl_common: Found RAPL domain core Dec 04 03:29:29 32core kernel: amd_atl: AMD Address Translation Library initialized Dec 04 03:29:29 32core kernel: [drm] PCIE GART of 2048M enabled (table at 0x0000000000165000). Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: WB enabled Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 0 uses gpu addr 0x0000000040000c00 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 1 uses gpu addr 0x0000000040000c04 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 2 uses gpu addr 0x0000000040000c08 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 3 uses gpu addr 0x0000000040000c0c Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 4 uses gpu addr 0x0000000040000c10 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: fence driver on ring 5 uses gpu addr 0x0000000000075a18 Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: radeon: MSI limited to 32-bit Dec 04 03:29:29 32core kernel: radeon 0000:01:00.0: radeon: using MSI. Dec 04 03:29:29 32core kernel: [drm] radeon: irq initialized. Dec 04 03:29:29 32core systemd[1]: Mounting boot-efi.mount - /boot/efi... Dec 04 03:29:29 32core systemd[1]: Mounting mnt-pve-asgard\x2d2tb.mount - Mount storage 'asgard-2tb' under /mnt/pve... Dec 04 03:29:29 32core systemd[1]: tmp.mount: Directory /tmp to mount over is not empty, mounting anyway. Dec 04 03:29:29 32core systemd[1]: Mounting tmp.mount - Temporary Directory /tmp... Dec 04 03:29:29 32core kernel: [drm] ring test on 0 succeeded in 1 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 1 succeeded in 1 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 2 succeeded in 1 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 3 succeeded in 3 usecs Dec 04 03:29:29 32core kernel: [drm] ring test on 4 succeeded in 3 usecs Dec 04 03:29:30 32core kernel: [drm] ring test on 5 succeeded in 1 usecs Dec 04 03:29:30 32core kernel: [drm] UVD initialized successfully. Dec 04 03:29:30 32core kernel: snd_hda_intel 0000:01:00.1: bound 0000:01:00.0 (ops radeon_audio_component_bind_ops [radeon]) Dec 04 03:29:30 32core kernel: [drm] ib test on ring 0 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 1 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 2 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 3 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 4 succeeded in 0 usecs Dec 04 03:29:30 32core kernel: [drm] ib test on ring 5 succeeded Dec 04 03:29:30 32core kernel: [drm] Radeon Display Connectors Dec 04 03:29:30 32core kernel: [drm] Connector 0: Dec 04 03:29:30 32core kernel: [drm] HDMI-A-1 Dec 04 03:29:30 32core kernel: [drm] HPD1 Dec 04 03:29:30 32core kernel: [drm] DDC: 0x6540 0x6540 0x6544 0x6544 0x6548 0x6548 0x654c 0x654c Dec 04 03:29:30 32core kernel: [drm] Encoders: Dec 04 03:29:30 32core kernel: [drm] DFP1: INTERNAL_UNIPHY Dec 04 03:29:30 32core kernel: [drm] Connector 1: Dec 04 03:29:30 32core kernel: [drm] DVI-D-1 Dec 04 03:29:30 32core kernel: [drm] HPD2 Dec 04 03:29:30 32core kernel: [drm] DDC: 0x6530 0x6530 0x6534 0x6534 0x6538 0x6538 0x653c 0x653c Dec 04 03:29:30 32core kernel: [drm] Encoders: Dec 04 03:29:30 32core kernel: [drm] DFP2: INTERNAL_UNIPHY Dec 04 03:29:30 32core kernel: [drm] Connector 2: Dec 04 03:29:30 32core kernel: [drm] VGA-1 Dec 04 03:29:30 32core kernel: [drm] DDC: 0x65c0 0x65c0 0x65c4 0x65c4 0x65c8 0x65c8 0x65cc 0x65cc Dec 04 03:29:30 32core kernel: [drm] Encoders: Dec 04 03:29:30 32core kernel: [drm] CRT1: INTERNAL_KLDSCP_DAC1 Dec 04 03:29:30 32core kernel: [drm] Initialized radeon 2.51.0 for 0000:01:00.0 on minor 0 Dec 04 03:29:30 32core kernel: [drm] fb mappable at 0xD0571000 Dec 04 03:29:30 32core kernel: [drm] vram apper at 0xD0000000 Dec 04 03:29:30 32core kernel: [drm] size 35389440 Dec 04 03:29:30 32core kernel: [drm] fb depth is 24 Dec 04 03:29:30 32core kernel: [drm] pitch is 16384 Dec 04 03:29:30 32core kernel: fbcon: radeondrmfb (fb0) is primary device Dec 04 03:29:30 32core kernel: Console: switching to colour frame buffer device 256x67 Dec 04 03:29:30 32core kernel: radeon 0000:01:00.0: [drm] fb0: radeondrmfb frame buffer device Dec 04 03:29:31 32core systemd[1]: Mounted tmp.mount - Temporary Directory /tmp. Dec 04 03:29:31 32core systemd[1]: Mounted boot-efi.mount - /boot/efi. Dec 04 03:29:31 32core kernel: EXT4-fs (nvme1n1p1): recovery complete Dec 04 03:29:31 32core kernel: EXT4-fs (nvme1n1p1): mounted filesystem c1ab544a-4190-426a-8cdd-8d6af66f97fa r/w with ordered data mode. Quota mode: none. Dec 04 03:29:31 32core systemd[1]: Mounted mnt-pve-asgard\x2d2tb.mount - Mount storage 'asgard-2tb' under /mnt/pve. Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: enabling device (0000 -> 0003) Dec 04 03:29:32 32core kernel: [drm] initializing kernel modesetting (RV380 0x1002:0x5B64 0x1002:0x0102 0x80). Dec 04 03:29:32 32core kernel: [drm] amdgpu kernel modesetting enabled. Dec 04 03:29:32 32core kernel: amdgpu: Virtual CRAT table created for CPU Dec 04 03:29:32 32core kernel: amdgpu: Topology: Add CPU node Dec 04 03:29:32 32core kernel: [drm] GPU not posted. posting now... Dec 04 03:29:32 32core kernel: [drm] Generation 2 PCI interface, using max accessible memory Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: VRAM: 128M 0x00000000B0000000 - 0x00000000B7FFFFFF (128M used) Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: GTT: 2048M 0x0000000030000000 - 0x00000000AFFFFFFF Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gpu_reset' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_fence_info' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] Detected VRAM RAM=128M, BAR=128M Dec 04 03:29:32 32core kernel: [drm] RAM width 128bits DDR Dec 04 03:29:32 32core kernel: [drm] radeon: 128M of VRAM memory ready Dec 04 03:29:32 32core kernel: [drm] radeon: 2048M of GTT memory ready. Dec 04 03:29:32 32core kernel: debugfs: 'radeon_vram' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gtt' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'ttm_page_pool' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_vram_mm' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gtt_mm' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] GART: num cpu pages 524288, num gpu pages 524288 Dec 04 03:29:32 32core kernel: [drm] radeon: 1 quad pipes, 1 Z pipes initialized Dec 04 03:29:32 32core kernel: [drm] PCIE GART of 2048M enabled (table at 0x00000000B0040000). Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: WB enabled Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: fence driver on ring 0 uses gpu addr 0x0000000030000000 Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: radeon: MSI limited to 32-bit Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: radeon: using MSI. Dec 04 03:29:32 32core kernel: [drm] radeon: irq initialized. Dec 04 03:29:32 32core kernel: [drm] Loading R300 Microcode Dec 04 03:29:32 32core kernel: debugfs: 'radeon_ring_gfx' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] radeon: ring at 0x0000000030001000 Dec 04 03:29:32 32core kernel: [drm] ring test succeeded in 1 usecs Dec 04 03:29:32 32core kernel: debugfs: 'radeon_sa_info' already exists in '/' Dec 04 03:29:32 32core kernel: debugfs: 'radeon_gem_info' already exists in '/' Dec 04 03:29:32 32core kernel: [drm] ib test succeeded in 0 usecs Dec 04 03:29:32 32core kernel: [drm] Radeon Display Connectors Dec 04 03:29:32 32core kernel: [drm] Connector 0: Dec 04 03:29:32 32core kernel: [drm] VGA-2 Dec 04 03:29:32 32core kernel: [drm] DDC: 0x60 0x60 0x60 0x60 0x60 0x60 0x60 0x60 Dec 04 03:29:32 32core kernel: [drm] Encoders: Dec 04 03:29:32 32core kernel: [drm] CRT1: INTERNAL_DAC1 Dec 04 03:29:32 32core kernel: [drm] Connector 1: Dec 04 03:29:32 32core kernel: [drm] DVI-I-1 Dec 04 03:29:32 32core kernel: [drm] HPD1 Dec 04 03:29:32 32core kernel: [drm] DDC: 0x64 0x64 0x64 0x64 0x64 0x64 0x64 0x64 Dec 04 03:29:32 32core kernel: [drm] Encoders: Dec 04 03:29:32 32core kernel: [drm] CRT2: INTERNAL_DAC2 Dec 04 03:29:32 32core kernel: [drm] DFP1: INTERNAL_TMDS1 Dec 04 03:29:32 32core kernel: [drm] Initialized radeon 2.51.0 for 0000:4d:00.0 on minor 1 Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: [drm] Cannot find any crtc or sizes Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: [drm] Cannot find any crtc or sizes Dec 04 03:29:32 32core kernel: radeon 0000:4d:00.0: [drm] Cannot find any crtc or sizes Dec 04 03:29:32 32core kernel: usbcore: registered new interface driver snd-usb-audio Dec 04 03:29:32 32core kernel: Bluetooth: Core ver 2.22 Dec 04 03:29:32 32core kernel: cfg80211: Loading compiled-in X.509 certificates for regulatory database Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'benh(a)debian.org: 577e021cb980e0e820821ba7b54b4961b8b4fadf' Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'romain.perier(a)gmail.com: 3abbc6ec146e09d1b6016ab9d6cf71dd233f0328' Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' Dec 04 03:29:32 32core kernel: Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600' Dec 04 03:29:32 32core kernel: faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 Dec 04 03:29:32 32core kernel: cfg80211: failed to load regulatory.db Dec 04 03:29:32 32core kernel: NET: Registered PF_BLUETOOTH protocol family Dec 04 03:29:32 32core kernel: Bluetooth: HCI device and connection manager initialized Dec 04 03:29:32 32core kernel: Bluetooth: HCI socket layer initialized Dec 04 03:29:32 32core kernel: Bluetooth: L2CAP socket layer initialized Dec 04 03:29:32 32core kernel: Bluetooth: SCO socket layer initialized Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: enabling device (0000 -> 0002) Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: Detected crf-id 0x3617, cnv-id 0x100530 wfpm id 0x80000000 Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: PCI dev 2723/0084, rev=0x340, rfid=0x10a100 Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: Detected Intel(R) Wi-Fi 6 AX200 160MHz Dec 04 03:29:32 32core kernel: usbcore: registered new interface driver btusb Dec 04 03:29:32 32core systemd[1]: Starting systemd-rfkill.service - Load/Save RF Kill Switch Status... Dec 04 03:29:32 32core systemd[1]: Reached target bluetooth.target - Bluetooth Support. Dec 04 03:29:32 32core kernel: iwlwifi 0000:46:00.0: loaded firmware version 77.6eaf654b.0 cc-a0-77.ucode op_mode iwlmvm Dec 04 03:29:32 32core systemd[1]: Started systemd-rfkill.service - Load/Save RF Kill Switch Status. Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Found device firmware: intel/ibt-20-1-3.sfi Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Boot Address: 0x24800 Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Firmware Version: 193-33.24 Dec 04 03:29:32 32core kernel: Bluetooth: hci0: Firmware already loaded Dec 04 03:29:32 32core kernel: Bluetooth: hci0: HCI LE Coded PHY feature bit is set, but its usage is not supported. Dec 04 03:29:32 32core systemd[1]: Finished systemd-udev-settle.service - Wait for udev To Complete Device Initialization. Dec 04 03:29:32 32core systemd[1]: zfs-import-cache.service - Import ZFS pools by cache file was skipped because of an unmet condition check (ConditionFileNotEmpty=/etc/zfs/zpool.cache). Dec 04 03:29:32 32core systemd[1]: Starting zfs-import-scan.service - Import ZFS pools by device scanning... Dec 04 03:29:32 32core systemd[1]: Finished ifupdown2-pre.service - Helper to synchronize boot up for ifupdown. Dec 04 03:29:33 32core zpool[1304]: no pools available to import Dec 04 03:29:33 32core systemd[1]: Finished zfs-import-scan.service - Import ZFS pools by device scanning. Dec 04 03:29:33 32core systemd[1]: Reached target zfs-import.target - ZFS pool import target. Dec 04 03:29:33 32core systemd[1]: Starting zfs-mount.service - Mount ZFS filesystems... Dec 04 03:29:33 32core systemd[1]: Starting zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev... Dec 04 03:29:33 32core zvol_wait[1370]: No zvols found, nothing to do. Dec 04 03:29:33 32core systemd[1]: Finished zfs-mount.service - Mount ZFS filesystems. Dec 04 03:29:33 32core systemd[1]: Finished zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev. Dec 04 03:29:33 32core systemd[1]: Reached target local-fs.target - Local File Systems. Dec 04 03:29:33 32core systemd[1]: Reached target zfs-volumes.target - ZFS volumes are ready. Dec 04 03:29:33 32core systemd[1]: Listening on systemd-sysext.socket - System Extension Image Management. Dec 04 03:29:33 32core kernel: iwlwifi 0000:46:00.0: Detected RF HR B3, rfid=0x10a100 Dec 04 03:29:33 32core systemd[1]: Starting apparmor.service - Load AppArmor profiles... Dec 04 03:29:33 32core systemd[1]: Starting console-setup.service - Set console font and keymap... Dec 04 03:29:33 32core systemd[1]: Starting networking.service - Network initialization... Dec 04 03:29:33 32core systemd[1]: Starting pvebanner.service - Proxmox VE Login Banner... Dec 04 03:29:33 32core systemd[1]: Starting pvefw-logger.service - Proxmox VE firewall logger... Dec 04 03:29:33 32core systemd[1]: Starting pvenetcommit.service - Commit Proxmox VE network changes... Dec 04 03:29:33 32core systemd[1]: Starting systemd-binfmt.service - Set Up Additional Binary Formats... Dec 04 03:29:33 32core systemd[1]: Starting systemd-tmpfiles-setup.service - Create System Files and Directories... Dec 04 03:29:33 32core systemd[1]: Finished console-setup.service - Set console font and keymap. Dec 04 03:29:33 32core apparmor.systemd[1377]: Restarting AppArmor Dec 04 03:29:33 32core apparmor.systemd[1377]: Reloading AppArmor profiles Dec 04 03:29:33 32core networking[1379]: networking: Configuring network interfaces Dec 04 03:29:33 32core systemd[1]: proc-sys-fs-binfmt_misc.automount: Got automount request for /proc/sys/fs/binfmt_misc, triggered by 1385 (systemd-binfmt) Dec 04 03:29:33 32core systemd[1]: Mounting proc-sys-fs-binfmt_misc.mount - Arbitrary Executable File Formats File System... Dec 04 03:29:33 32core systemd-tmpfiles[1387]: /usr/lib/tmpfiles.d/legacy.conf:14: Duplicate line for path "/run/lock", ignoring. Dec 04 03:29:33 32core pvefw-logger[1405]: starting pvefw logger Dec 04 03:29:33 32core systemd[1]: Finished pvenetcommit.service - Commit Proxmox VE network changes. Dec 04 03:29:33 32core systemd[1]: Started pvefw-logger.service - Proxmox VE firewall logger. Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="linux-sandbox" pid=1440 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="QtWebEngineProcess" pid=1410 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="1password" pid=1407 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.086:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="chromium" pid=1420 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="balena-etcher" pid=1412 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lc-compliance" pid=1438 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="github-desktop" pid=1433 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="vscode" pid=1421 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="ch-checkns" pid=1417 comm="apparmor_parser" Dec 04 03:29:33 32core kernel: audit: type=1400 audit(1764790173.087:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="loupe" pid=1441 comm="apparmor_parser" Dec 04 03:29:33 32core systemd[1]: Mounted proc-sys-fs-binfmt_misc.mount - Arbitrary Executable File Formats File System. Dec 04 03:29:33 32core systemd[1]: Finished systemd-binfmt.service - Set Up Additional Binary Formats. Dec 04 03:29:33 32core systemd[1]: Finished systemd-tmpfiles-setup.service - Create System Files and Directories. Dec 04 03:29:33 32core systemd[1]: Mounting run-rpc_pipefs.mount - RPC Pipe File System... Dec 04 03:29:33 32core systemd[1]: ldconfig.service - Rebuild Dynamic Linker Cache was skipped because no trigger condition checks were met. Dec 04 03:29:33 32core systemd[1]: Starting rpcbind.service - RPC bind portmap service... Dec 04 03:29:33 32core systemd[1]: systemd-firstboot.service - First Boot Wizard was skipped because of an unmet condition check (ConditionFirstBoot=yes). Dec 04 03:29:33 32core systemd[1]: first-boot-complete.target - First Boot Complete was skipped because of an unmet condition check (ConditionFirstBoot=yes). Dec 04 03:29:33 32core systemd[1]: systemd-journal-catalog-update.service - Rebuild Journal Catalog was skipped because of an unmet condition check (ConditionNeedsUpdate=/var). Dec 04 03:29:33 32core systemd[1]: systemd-machine-id-commit.service - Save Transient machine-id to Disk was skipped because of an unmet condition check (ConditionPathIsMountPoint=/etc/machine-id). Dec 04 03:29:33 32core systemd[1]: systemd-update-done.service - Update is Completed was skipped because no trigger condition checks were met. Dec 04 03:29:33 32core systemd[1]: Finished apparmor.service - Load AppArmor profiles. Dec 04 03:29:33 32core systemd[1]: Reached target sysinit.target - System Initialization. Dec 04 03:29:33 32core systemd[1]: Started apt-daily.timer - Daily apt download activities. Dec 04 03:29:33 32core systemd[1]: Started apt-daily-upgrade.timer - Daily apt upgrade and clean activities. Dec 04 03:29:33 32core systemd[1]: Started dpkg-db-backup.timer - Daily dpkg database backup timer. Dec 04 03:29:33 32core systemd[1]: Started e2scrub_all.timer - Periodic ext4 Online Metadata Check for All Filesystems. Dec 04 03:29:33 32core systemd[1]: Started fstrim.timer - Discard unused filesystem blocks once a week. Dec 04 03:29:33 32core systemd[1]: Started fwupd-refresh.timer - Refresh fwupd metadata regularly. Dec 04 03:29:33 32core systemd[1]: Started logrotate.timer - Daily rotation of log files. Dec 04 03:29:33 32core systemd[1]: Started man-db.timer - Daily man-db regeneration. Dec 04 03:29:33 32core systemd[1]: Started pve-daily-update.timer - Daily PVE download activities. Dec 04 03:29:33 32core systemd[1]: Started systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories. Dec 04 03:29:33 32core systemd[1]: Started xfs_scrub_all.timer - Periodic XFS Online Metadata Check for All Filesystems. Dec 04 03:29:33 32core systemd[1]: Reached target timers.target - Timer Units. Dec 04 03:29:33 32core systemd[1]: Listening on dbus.socket - D-Bus System Message Bus Socket. Dec 04 03:29:33 32core systemd[1]: Listening on iscsid.socket - Open-iSCSI iscsid Socket. Dec 04 03:29:33 32core systemd[1]: Listening on netavark-dhcp-proxy.socket - Netavark DHCP proxy socket. Dec 04 03:29:33 32core systemd[1]: Listening on rrdcached.socket - sockets activating rrdcached. Dec 04 03:29:33 32core systemd[1]: Listening on sshd-unix-local.socket - OpenSSH Server Socket (systemd-ssh-generator, AF_UNIX Local). Dec 04 03:29:33 32core systemd[1]: Listening on systemd-hostnamed.socket - Hostname Service Socket. Dec 04 03:29:33 32core systemd[1]: Reached target sockets.target - Socket Units. Dec 04 03:29:33 32core systemd[1]: systemd-pcrphase-sysinit.service - TPM PCR Barrier (Initialization) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). Dec 04 03:29:33 32core systemd[1]: Reached target basic.target - Basic System. Dec 04 03:29:33 32core systemd[1]: System is tainted: unmerged-bin Dec 04 03:29:33 32core kernel: iwlwifi 0000:46:00.0: base HW address: 50:e0:85:f3:21:e5 Dec 04 03:29:33 32core systemd[1]: Starting chrony.service - chrony, an NTP client/server... Dec 04 03:29:33 32core systemd[1]: Starting dbus.service - D-Bus System Message Bus... Dec 04 03:29:33 32core systemd[1]: Starting e2scrub_reap.service - Remove Stale Online ext4 Metadata Check Snapshots... Dec 04 03:29:33 32core systemd[1]: getty-static.service - getty on tty2-tty6 if dbus and logind are not available was skipped because of an unmet condition check (ConditionPathExists=!/usr/bin/dbus-daemon). Dec 04 03:29:33 32core systemd[1]: Starting grub-common.service - Record successful boot for GRUB... Dec 04 03:29:33 32core systemd[1]: Starting hardinfo2.service - Hardinfo2 support for root access... Dec 04 03:29:33 32core systemd[1]: Starting ksmtuned.service - Kernel Samepage Merging (KSM) Tuning Daemon... Dec 04 03:29:33 32core systemd[1]: Starting lm-sensors.service - Initialize hardware monitoring sensors... Dec 04 03:29:33 32core systemd[1]: Starting lxcfs.service - FUSE filesystem for LXC... Dec 04 03:29:33 32core systemd[1]: Starting netavark-dhcp-proxy.service - Netavark DHCP proxy service... Dec 04 03:29:33 32core systemd[1]: Starting polkit.service - Authorization Manager... Dec 04 03:29:33 32core systemd[1]: proxmox-boot-cleanup.service - Clean up bootloader next-boot setting was skipped because of an unmet condition check (ConditionPathExists=/etc/kernel/next-boot-pin). Dec 04 03:29:33 32core systemd[1]: Starting pve-lxc-syscalld.service - Proxmox VE LXC Syscall Daemon... Dec 04 03:29:33 32core systemd[1]: Starting pve-query-machine-capabilities.service - PVE Query Machine Capabilities... Dec 04 03:29:33 32core systemd[1]: Starting qmeventd.service - PVE Qemu Event Daemon... Dec 04 03:29:33 32core systemd[1]: Started rrdcached.service - Data caching daemon for rrdtool. Dec 04 03:29:33 32core systemd[1]: Starting rsyslog.service - System Logging Service... Dec 04 03:29:33 32core systemd[1]: Starting smartmontools.service - Self Monitoring and Reporting Technology (SMART) Daemon... Dec 04 03:29:33 32core systemd[1]: sshd-keygen.service - Generate sshd host keys on first boot was skipped because of an unmet condition check (ConditionFirstBoot=yes). Dec 04 03:29:33 32core query-machine-capabilities[1543]: AuthenticAMD Dec 04 03:29:33 32core systemd[1]: Starting systemd-logind.service - User Login Management... Dec 04 03:29:33 32core systemd[1]: Starting udisks2.service - Disk Manager... Dec 04 03:29:33 32core systemd[1]: Started watchdog-mux.service - Proxmox VE watchdog multiplexer. Dec 04 03:29:33 32core systemd[1]: Starting zfs-share.service - ZFS file system shares... Dec 04 03:29:33 32core systemd[1]: Started zfs-zed.service - ZFS Event Daemon (zed). Dec 04 03:29:33 32core systemd[1]: Started netavark-dhcp-proxy.service - Netavark DHCP proxy service. Dec 04 03:29:33 32core systemd[1]: Started rpcbind.service - RPC bind portmap service. Dec 04 03:29:33 32core systemd[1]: Started pve-lxc-syscalld.service - Proxmox VE LXC Syscall Daemon. Dec 04 03:29:33 32core systemd[1]: e2scrub_reap.service: Deactivated successfully. Dec 04 03:29:33 32core systemd[1]: Finished e2scrub_reap.service - Remove Stale Online ext4 Metadata Check Snapshots. Dec 04 03:29:33 32core systemd[1]: Started ksmtuned.service - Kernel Samepage Merging (KSM) Tuning Daemon. Dec 04 03:29:33 32core systemd[1]: Started lxcfs.service - FUSE filesystem for LXC. Dec 04 03:29:33 32core systemd[1]: Finished pve-query-machine-capabilities.service - PVE Query Machine Capabilities. Dec 04 03:29:33 32core systemd[1]: Started qmeventd.service - PVE Qemu Event Daemon. Dec 04 03:29:33 32core systemd[1]: Finished zfs-share.service - ZFS file system shares. Dec 04 03:29:33 32core zed[1582]: ZFS Event Daemon 2.3.4-pve1 (PID 1582) Dec 04 03:29:33 32core systemd[1]: Reached target rpcbind.target - RPC Port Mapper. Dec 04 03:29:33 32core systemd[1]: Reached target zfs.target - ZFS startup target. Dec 04 03:29:33 32core kernel: iwlwifi 0000:46:00.0 wlp70s0: renamed from wlan0 Dec 04 03:29:33 32core zed[1582]: Processing events since eid=0 Dec 04 03:29:33 32core udisksd[1558]: udisks daemon version 2.10.1 starting Dec 04 03:29:33 32core lxcfs[1636]: Starting LXCFS at /usr/bin/lxcfs Dec 04 03:29:33 32core watchdog-mux[1559]: Watchdog driver 'Software Watchdog', version 0 Dec 04 03:29:33 32core kernel: softdog: initialized. soft_noboot=0 soft_margin=60 sec soft_panic=0 (nowayout=0) Dec 04 03:29:33 32core kernel: softdog: soft_reboot_cmd=<not set> soft_active_on_boot=0 Dec 04 03:29:33 32core smartd[1551]: smartd 7.4 2024-10-15 r5620 [x86_64-linux-6.17.2-2-pve] (local build) Dec 04 03:29:33 32core smartd[1551]: Opened configuration file /etc/smartd.conf Dec 04 03:29:33 32core smartd[1551]: Drive: DEVICESCAN, implied '-a' Directive on line 18 of file /etc/smartd.conf Dec 04 03:29:33 32core smartd[1551]: Configuration file /etc/smartd.conf was parsed, found DEVICESCAN, scanning devices Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], opened Dec 04 03:29:33 32core lxcfs[1636]: Using runtime path /run Dec 04 03:29:33 32core lxcfs[1636]: Running lxcfslib_init to reload liblxcfs Dec 04 03:29:33 32core lxcfs[1636]: mount namespace: 7 Dec 04 03:29:33 32core lxcfs[1636]: hierarchies: Dec 04 03:29:33 32core lxcfs[1636]: 0: fd: 8: cpuset,cpu,io,memory,hugetlb,pids,rdma,misc,dmem Dec 04 03:29:33 32core lxcfs[1636]: Kernel supports pidfds Dec 04 03:29:33 32core lxcfs[1636]: Kernel supports swap accounting Dec 04 03:29:33 32core lxcfs[1636]: api_extensions: Dec 04 03:29:33 32core lxcfs[1636]: - cgroups Dec 04 03:29:33 32core lxcfs[1636]: - sys_cpu_online Dec 04 03:29:33 32core lxcfs[1636]: - proc_cpuinfo Dec 04 03:29:33 32core lxcfs[1636]: - proc_diskstats Dec 04 03:29:33 32core lxcfs[1636]: - proc_loadavg Dec 04 03:29:33 32core lxcfs[1636]: - proc_meminfo Dec 04 03:29:33 32core lxcfs[1636]: - proc_stat Dec 04 03:29:33 32core lxcfs[1636]: - proc_swaps Dec 04 03:29:33 32core lxcfs[1636]: - proc_uptime Dec 04 03:29:33 32core lxcfs[1636]: - proc_slabinfo Dec 04 03:29:33 32core lxcfs[1636]: - shared_pidns Dec 04 03:29:33 32core lxcfs[1636]: - cpuview_daemon Dec 04 03:29:33 32core lxcfs[1636]: - loadavg_daemon Dec 04 03:29:33 32core lxcfs[1636]: - pidfds Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], WDC WD10JMVW-11S5XS0, S/N:WD-WXC1EC2KL905, WWN:5-0014ee-6ade71d74, FW:01.01A01, 1.00 TB Dec 04 03:29:33 32core dbus-daemon[1527]: [system] AppArmor D-Bus mediation is enabled Dec 04 03:29:33 32core systemd[1]: Started dbus.service - D-Bus System Message Bus. Dec 04 03:29:33 32core kernel: RPC: Registered named UNIX socket transport module. Dec 04 03:29:33 32core kernel: RPC: Registered udp transport module. Dec 04 03:29:33 32core kernel: RPC: Registered tcp transport module. Dec 04 03:29:33 32core kernel: RPC: Registered tcp-with-tls transport module. Dec 04 03:29:33 32core kernel: RPC: Registered tcp NFSv4.1 backchannel transport module. Dec 04 03:29:33 32core systemd[1]: Mounted run-rpc_pipefs.mount - RPC Pipe File System. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], found in smartd database 7.3/5528: Western Digital Elements / My Passport (USB, AF) Dec 04 03:29:33 32core systemd[1]: grub-common.service: Deactivated successfully. Dec 04 03:29:33 32core systemd[1]: Finished grub-common.service - Record successful boot for GRUB. Dec 04 03:29:33 32core systemd[1]: Reached target rpc_pipefs.target. Dec 04 03:29:33 32core systemd[1]: Starting nfs-blkmap.service - pNFS block layout mapping daemon... Dec 04 03:29:33 32core systemd[1]: rpc-gssd.service - RPC security service for NFS client and server was skipped because of an unmet condition check (ConditionPathExists=/etc/krb5.keytab). Dec 04 03:29:33 32core addgroup[1542]: The group `hardinfo2' already exists. Dec 04 03:29:33 32core systemd[1]: Reached target nfs-client.target - NFS client services. Dec 04 03:29:33 32core blkmapd[1691]: open pipe file /run/rpc_pipefs/nfs/blocklayout failed: No such file or directory Dec 04 03:29:33 32core systemd[1]: Started nfs-blkmap.service - pNFS block layout mapping daemon. Dec 04 03:29:33 32core systemd-logind[1555]: New seat seat0. Dec 04 03:29:33 32core dbus-daemon[1527]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.0' (uid=0 pid=1558 comm="/usr/libexec/udisks2/udisksd" label="unconfined") Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event1 (Power Button) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event0 (Power Button) Dec 04 03:29:33 32core chronyd[1703]: chronyd version 4.6.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event3 (Logitech USB Receiver) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event5 (Logitech USB Receiver Consumer Control) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event6 (Logitech USB Receiver System Control) Dec 04 03:29:33 32core systemd-logind[1555]: Watching system buttons on /dev/input/event9 (Generic USB Audio Consumer Control) Dec 04 03:29:33 32core chronyd[1703]: Loaded 0 symmetric keys Dec 04 03:29:33 32core systemd[1]: Started systemd-logind.service - User Login Management. Dec 04 03:29:33 32core chronyd[1703]: Using leap second list /usr/share/zoneinfo/leap-seconds.list Dec 04 03:29:33 32core chronyd[1703]: Frequency -27.572 +/- 2.569 ppm read from /var/lib/chrony/chrony.drift Dec 04 03:29:33 32core chronyd[1703]: Loaded seccomp filter (level 1) Dec 04 03:29:33 32core systemd[1]: Started chrony.service - chrony, an NTP client/server. Dec 04 03:29:33 32core rsyslogd[1550]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2504.0] Dec 04 03:29:33 32core rsyslogd[1550]: [origin software="rsyslogd" swVersion="8.2504.0" x-pid="1550" x-info="https://www.rsyslog.com"] start Dec 04 03:29:33 32core systemd[1]: Started rsyslog.service - System Logging Service. Dec 04 03:29:33 32core polkitd[1538]: Started polkitd version 126 Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /etc/polkit-1/rules.d Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /run/polkit-1/rules.d Dec 04 03:29:33 32core polkitd[1538]: Error opening rules directory: Error opening directory “/run/polkit-1/rules.d”: No such file or directory (g-file-error-quark, 4) Dec 04 03:29:33 32core systemd[1]: hardinfo2.service: Deactivated successfully. Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /usr/local/share/polkit-1/rules.d Dec 04 03:29:33 32core polkitd[1538]: Error opening rules directory: Error opening directory “/usr/local/share/polkit-1/rules.d”: No such file or directory (g-file-error-quark, 4) Dec 04 03:29:33 32core polkitd[1538]: Loading rules from directory /usr/share/polkit-1/rules.d Dec 04 03:29:33 32core systemd[1]: Finished hardinfo2.service - Hardinfo2 support for root access. Dec 04 03:29:33 32core polkitd[1538]: Finished loading, compiling and executing 4 rules Dec 04 03:29:33 32core systemd[1]: Started polkit.service - Authorization Manager. Dec 04 03:29:33 32core dbus-daemon[1527]: [system] Successfully activated service 'org.freedesktop.PolicyKit1' Dec 04 03:29:33 32core polkitd[1538]: Acquired the name org.freedesktop.PolicyKit1 on the system bus Dec 04 03:29:33 32core systemd[1]: Starting ModemManager.service - Modem Manager... Dec 04 03:29:33 32core kernel: nvme nvme0: using unchecked data buffer Dec 04 03:29:33 32core sensors[1674]: iwlwifi_1-virtual-0 Dec 04 03:29:33 32core sensors[1674]: Adapter: Virtual device Dec 04 03:29:33 32core sensors[1674]: temp1: N/A Dec 04 03:29:33 32core sensors[1674]: k10temp-pci-00c3 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Tctl: +58.4°C Dec 04 03:29:33 32core sensors[1674]: Tccd1: +46.0°C Dec 04 03:29:33 32core sensors[1674]: Tccd3: +44.2°C Dec 04 03:29:33 32core sensors[1674]: Tccd5: +59.0°C Dec 04 03:29:33 32core sensors[1674]: Tccd7: +48.2°C Dec 04 03:29:33 32core sensors[1674]: nvme-pci-4b00 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Composite: +45.9°C (low = -0.1°C, high = +74.8°C) Dec 04 03:29:33 32core sensors[1674]: (crit = +79.8°C) Dec 04 03:29:33 32core sensors[1674]: nvme-pci-4300 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Composite: +28.9°C (low = -20.1°C, high = +74.8°C) Dec 04 03:29:33 32core sensors[1674]: (crit = +79.8°C) Dec 04 03:29:33 32core sensors[1674]: radeon-pci-0100 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: temp1: +34.0°C (crit = +120.0°C, hyst = +90.0°C) Dec 04 03:29:33 32core sensors[1674]: pwm1: 36% Dec 04 03:29:33 32core sensors[1674]: freq1: 300 MHz Dec 04 03:29:33 32core sensors[1674]: enp69s0-pci-4500 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: PHY Temperature: +51.3°C Dec 04 03:29:33 32core sensors[1674]: MAC Temperature: +51.9°C Dec 04 03:29:33 32core sensors[1674]: nvme-pci-4c00 Dec 04 03:29:33 32core sensors[1674]: Adapter: PCI adapter Dec 04 03:29:33 32core sensors[1674]: Composite: +54.9°C (low = -20.1°C, high = +84.8°C) Dec 04 03:29:33 32core sensors[1674]: (crit = +81.8°C) Dec 04 03:29:33 32core sensors[1674]: Sensor 1: +54.9°C (low = -20.1°C, high = +84.8°C) Dec 04 03:29:33 32core systemd[1]: Finished lm-sensors.service - Initialize hardware monitoring sensors. Dec 04 03:29:33 32core udisksd[1558]: Error probing device: Error sending ATA command IDENTIFY DEVICE to '/dev/sda': Unexpected sense data returned: 0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ (g-io-error-quark, 0) Dec 04 03:29:33 32core ModemManager[1735]: <msg> ModemManager (version 1.24.0) starting in system bus... Dec 04 03:29:33 32core systemd[1]: Finished pvebanner.service - Proxmox VE Login Banner. Dec 04 03:29:33 32core kernel: NET: Registered PF_QIPCRTR protocol family Dec 04 03:29:33 32core systemd[1]: Started ModemManager.service - Modem Manager. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], not capable of SMART Health Status check Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], no ATA CHECK POWER STATUS support, ignoring -n Directive Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], state read from /var/lib/smartmontools/smartd.WDC_WD10JMVW_11S5XS0-WD_WXC1EC2KL905.ata.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, opened Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, PNY CS2130 4TB SSD, S/N:PNY21122103150100005, FW:CS213530, 4.00 TB Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, state read from /var/lib/smartmontools/smartd.PNY_CS2130_4TB_SSD-PNY21122103150100005.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, opened Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, Asgard AN2TNVMe M.2/80, S/N:100000000074, FW:FWSS0104 Dec 04 03:29:33 32core systemd[1]: Started udisks2.service - Disk Manager. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, state read from /var/lib/smartmontools/smartd.Asgard_AN2TNVMe_M_2_80-100000000074.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, opened Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, THNSN51T02DU7 TOSHIBA, S/N:76IS1009TTQV, FW:57HA4103 Dec 04 03:29:33 32core udisksd[1558]: Acquired the name org.freedesktop.UDisks2 on the system message bus Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, is SMART capable. Adding to "monitor" list. Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, state read from /var/lib/smartmontools/smartd.THNSN51T02DU7_TOSHIBA-76IS1009TTQV.nvme.state Dec 04 03:29:33 32core smartd[1551]: Monitoring 1 ATA/SATA, 0 SCSI/SAS and 3 NVMe devices Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], SMART Prefailure Attribute: 3 Spin_Up_Time changed from 188 to 187 Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, NVMe error count increased from 853 to 856 (0 new, 1 ignored, 2 unknown) Dec 04 03:29:33 32core smartd[1551]: Device: /dev/sda [SAT], state written to /var/lib/smartmontools/smartd.WDC_WD10JMVW_11S5XS0-WD_WXC1EC2KL905.ata.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme0, state written to /var/lib/smartmontools/smartd.PNY_CS2130_4TB_SSD-PNY21122103150100005.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme1, state written to /var/lib/smartmontools/smartd.Asgard_AN2TNVMe_M_2_80-100000000074.nvme.state Dec 04 03:29:33 32core smartd[1551]: Device: /dev/nvme2, state written to /var/lib/smartmontools/smartd.THNSN51T02DU7_TOSHIBA-76IS1009TTQV.nvme.state Dec 04 03:29:33 32core systemd[1]: Started smartmontools.service - Self Monitoring and Reporting Technology (SMART) Daemon. Dec 04 03:29:33 32core networking[1757]: error: vmbr0: bridge port enp68s0 does not exist Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: error: vmbr0: bridge port enp68s0 does not exist Dec 04 03:29:33 32core networking[1757]: error: vmbr0: bridge port enp70s0 does not exist Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: error: vmbr0: bridge port enp70s0 does not exist Dec 04 03:29:33 32core networking[1757]: error: vmbr0: bridge port enp72s0 does not exist Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: error: vmbr0: bridge port enp72s0 does not exist Dec 04 03:29:33 32core kernel: vmbr0: port 1(enp69s0) entered blocking state Dec 04 03:29:33 32core kernel: vmbr0: port 1(enp69s0) entered disabled state Dec 04 03:29:33 32core kernel: atlantic 0000:45:00.0 enp69s0: entered allmulticast mode Dec 04 03:29:33 32core kernel: atlantic 0000:45:00.0 enp69s0: entered promiscuous mode Dec 04 03:29:33 32core kernel: vmbr0: port 2(enp71s0) entered blocking state Dec 04 03:29:33 32core kernel: vmbr0: port 2(enp71s0) entered disabled state Dec 04 03:29:33 32core kernel: r8169 0000:47:00.0 enp71s0: entered allmulticast mode Dec 04 03:29:33 32core kernel: r8169 0000:47:00.0 enp71s0: entered promiscuous mode Dec 04 03:29:33 32core networking[1757]: warning: vmbr0: apply bridge ports settings: bridge configuration failed (missing ports) Dec 04 03:29:33 32core /usr/sbin/ifup[1757]: warning: vmbr0: apply bridge ports settings: bridge configuration failed (missing ports) Dec 04 03:29:34 32core kernel: Realtek Internal NBASE-T PHY r8169-0-4700:00: attached PHY driver (mii_bus:phy_addr=r8169-0-4700:00, irq=MAC) Dec 04 03:29:34 32core kernel: r8169 0000:47:00.0 enp71s0: Link is Down Dec 04 03:29:34 32core kernel: vmbr0: port 2(enp71s0) entered blocking state Dec 04 03:29:34 32core kernel: vmbr0: port 2(enp71s0) entered forwarding state Dec 04 03:29:34 32core networking[1757]: error: >>> Full logs available in: /var/log/ifupdown2/network_config_ifupdown2_282_Dec-04-2025_03:29:33.465229 <<< Dec 04 03:29:34 32core /usr/sbin/ifup[1757]: >>> Full logs available in: /var/log/ifupdown2/network_config_ifupdown2_282_Dec-04-2025_03:29:33.465229 <<< Dec 04 03:29:34 32core systemd[1]: Finished networking.service - Network initialization. Dec 04 03:29:34 32core systemd[1]: Reached target network.target - Network. Dec 04 03:29:34 32core systemd[1]: Reached target network-online.target - Network is Online. Dec 04 03:29:34 32core systemd[1]: Starting iscsid.service - iSCSI initiator daemon (iscsid)... Dec 04 03:29:34 32core systemd[1]: Started lxc-monitord.service - LXC Container Monitoring Daemon. Dec 04 03:29:34 32core systemd[1]: Starting lxc-net.service - LXC network bridge setup... Dec 04 03:29:34 32core systemd[1]: Starting postfix.service - Postfix Mail Transport Agent (main/default instance)... Dec 04 03:29:34 32core systemd[1]: Starting pve-cluster.service - The Proxmox VE cluster filesystem... Dec 04 03:29:34 32core kernel: vmbr0: port 2(enp71s0) entered disabled state Dec 04 03:29:34 32core systemd[1]: Starting rbdmap.service - Map RBD devices... Dec 04 03:29:34 32core systemd[1]: Starting rpc-statd-notify.service - Notify NFS peers of a restart... Dec 04 03:29:34 32core systemd[1]: rsync.service - fast remote file copy program daemon was skipped because of an unmet condition check (ConditionPathExists=/etc/rsyncd.conf). Dec 04 03:29:34 32core systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 04 03:29:34 32core sm-notify[1838]: Version 2.8.3 starting Dec 04 03:29:34 32core systemd[1]: Finished rbdmap.service - Map RBD devices. Dec 04 03:29:34 32core systemd[1]: Started rpc-statd-notify.service - Notify NFS peers of a restart. Dec 04 03:29:34 32core pmxcfs[1832]: [main] notice: resolved node name '32core' to '192.168.199.12' for default node IP address Dec 04 03:29:34 32core pmxcfs[1832]: [main] notice: resolved node name '32core' to '192.168.199.12' for default node IP address Dec 04 03:29:34 32core postfix[1831]: postfix: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1831]: postfix: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1831]: postfix: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core postfix[1831]: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1831]: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1831]: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core iscsid[1840]: iSCSI logger with pid=1846 started! Dec 04 03:29:34 32core systemd[1]: Started iscsid.service - iSCSI initiator daemon (iscsid). Dec 04 03:29:34 32core systemd[1]: open-iscsi.service - Login to default iSCSI targets was skipped because no trigger condition checks were met. Dec 04 03:29:34 32core systemd[1]: Reached target remote-fs-pre.target - Preparation for Remote File Systems. Dec 04 03:29:34 32core systemd[1]: Reached target remote-fs.target - Remote File Systems. Dec 04 03:29:34 32core systemd[1]: Reached target pve-storage.target - PVE Storage Target. Dec 04 03:29:34 32core systemd[1]: Starting blk-availability.service - Availability of block devices... Dec 04 03:29:34 32core systemd[1]: systemd-pcrphase.service - TPM PCR Barrier (User) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). Dec 04 03:29:34 32core systemd[1]: Starting systemd-user-sessions.service - Permit User Sessions... Dec 04 03:29:34 32core systemd[1]: Finished lxc-net.service - LXC network bridge setup. Dec 04 03:29:34 32core systemd[1]: Finished blk-availability.service - Availability of block devices. Dec 04 03:29:34 32core kernel: Loading iSCSI transport class v2.0-870. Dec 04 03:29:34 32core systemd[1]: Starting lxc.service - LXC Container Initialization and Autoboot Code... Dec 04 03:29:34 32core systemd[1]: Finished systemd-user-sessions.service - Permit User Sessions. Dec 04 03:29:34 32core systemd[1]: Started getty(a)tty1.service - Getty on tty1. Dec 04 03:29:34 32core systemd[1]: Reached target getty.target - Login Prompts. Dec 04 03:29:34 32core sshd[1855]: Server listening on 0.0.0.0 port 22. Dec 04 03:29:34 32core sshd[1855]: Server listening on :: port 22. Dec 04 03:29:34 32core systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 04 03:29:34 32core systemd[1]: Finished lxc.service - LXC Container Initialization and Autoboot Code. Dec 04 03:29:34 32core postfix[1986]: postfix: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1986]: postfix: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1986]: postfix: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core postfix[1986]: Postfix is using backwards-compatible default settings Dec 04 03:29:34 32core postfix[1986]: See https://www.postfix.org/COMPATIBILITY_README.html for details Dec 04 03:29:34 32core postfix[1986]: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload" Dec 04 03:29:34 32core postfix/master[1994]: daemon started -- version 3.10.5, configuration /etc/postfix Dec 04 03:29:34 32core systemd[1]: Started postfix.service - Postfix Mail Transport Agent (main/default instance). Dec 04 03:29:35 32core iscsid[1846]: iSCSI daemon with pid=1847 started! Dec 04 03:29:35 32core systemd[1]: Started pve-cluster.service - The Proxmox VE cluster filesystem. Dec 04 03:29:35 32core systemd[1]: corosync.service - Corosync Cluster Engine was skipped because of an unmet condition check (ConditionPathExists=/etc/corosync/corosync.conf). Dec 04 03:29:35 32core systemd[1]: Started cron.service - Regular background program processing daemon. Dec 04 03:29:35 32core systemd[1]: Starting pve-firewall-commit.service - Commit Proxmox VE Firewall changes... Dec 04 03:29:35 32core systemd[1]: Starting pve-firewall.service - Proxmox VE firewall... Dec 04 03:29:35 32core systemd[1]: Starting pve-sdn-commit.service - Commit Proxmox VE SDN changes... Dec 04 03:29:35 32core systemd[1]: Starting pvedaemon.service - PVE API Daemon... Dec 04 03:29:35 32core systemd[1]: Starting pvestatd.service - PVE Status Daemon... Dec 04 03:29:35 32core cron[2002]: (CRON) INFO (pidfile fd = 3) Dec 04 03:29:35 32core cron[2002]: (CRON) INFO (Running @reboot jobs) Dec 04 03:29:35 32core systemd[1]: Finished pve-firewall-commit.service - Commit Proxmox VE Firewall changes. Dec 04 03:29:35 32core pve-sdn-commit[2005]: No changes to SDN configuration detected, skipping reload Dec 04 03:29:35 32core systemd[1]: Finished pve-sdn-commit.service - Commit Proxmox VE SDN changes. Dec 04 03:29:36 32core pve-firewall[2018]: starting server Dec 04 03:29:36 32core pvestatd[2020]: starting server Dec 04 03:29:36 32core systemd[1]: Started pve-firewall.service - Proxmox VE firewall. Dec 04 03:29:36 32core systemd[1]: Started pvestatd.service - PVE Status Daemon. Dec 04 03:29:36 32core pvedaemon[2046]: starting server Dec 04 03:29:36 32core pvedaemon[2046]: starting 3 worker(s) Dec 04 03:29:36 32core pvedaemon[2046]: worker 2047 started Dec 04 03:29:36 32core pvedaemon[2046]: worker 2048 started Dec 04 03:29:36 32core pvedaemon[2046]: worker 2049 started Dec 04 03:29:36 32core systemd[1]: Started pvedaemon.service - PVE API Daemon. Dec 04 03:29:36 32core systemd[1]: Starting pve-ha-crm.service - PVE Cluster HA Resource Manager Daemon... Dec 04 03:29:36 32core systemd[1]: Starting pveproxy.service - PVE API Proxy Server... Dec 04 03:29:37 32core pve-ha-crm[2056]: starting server Dec 04 03:29:37 32core pve-ha-crm[2056]: status change startup => wait_for_quorum Dec 04 03:29:37 32core systemd[1]: Started pve-ha-crm.service - PVE Cluster HA Resource Manager Daemon. Dec 04 03:29:37 32core ModemManager[1735]: <msg> [base-manager] couldn't check support for device '/sys/devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:03.0/0000:45:00.0': not supported by any plugin Dec 04 03:29:37 32core ModemManager[1735]: <msg> [base-manager] couldn't check support for device '/sys/devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:04.0/0000:46:00.0': not supported by any plugin Dec 04 03:29:37 32core ModemManager[1735]: <msg> [base-manager] couldn't check support for device '/sys/devices/pci0000:40/0000:40:01.1/0000:41:00.0/0000:42:05.0/0000:47:00.0': not supported by any plugin Dec 04 03:29:37 32core pveproxy[2058]: starting server Dec 04 03:29:37 32core pveproxy[2058]: starting 3 worker(s) Dec 04 03:29:37 32core pveproxy[2058]: worker 2059 started Dec 04 03:29:37 32core pveproxy[2058]: worker 2060 started Dec 04 03:29:37 32core pveproxy[2058]: worker 2061 started Dec 04 03:29:37 32core systemd[1]: Started pveproxy.service - PVE API Proxy Server. Dec 04 03:29:37 32core systemd[1]: Starting pve-ha-lrm.service - PVE Local HA Resource Manager Daemon... Dec 04 03:29:37 32core systemd[1]: Starting spiceproxy.service - PVE SPICE Proxy Server... Dec 04 03:29:37 32core spiceproxy[2067]: starting server Dec 04 03:29:37 32core spiceproxy[2067]: starting 1 worker(s) Dec 04 03:29:37 32core spiceproxy[2067]: worker 2068 started Dec 04 03:29:37 32core systemd[1]: Started spiceproxy.service - PVE SPICE Proxy Server. Dec 04 03:29:38 32core pve-ha-lrm[2070]: starting server Dec 04 03:29:38 32core pve-ha-lrm[2070]: status change startup => wait_for_agent_lock Dec 04 03:29:38 32core systemd[1]: Started pve-ha-lrm.service - PVE Local HA Resource Manager Daemon. Dec 04 03:29:38 32core systemd[1]: Starting pve-guests.service - PVE guests... Dec 04 03:29:38 32core systemd[1]: systemd-rfkill.service: Deactivated successfully. Dec 04 03:29:38 32core pve-guests[2075]: <root@pam> starting task UPID:32core:0000081C:000005D6:69308FA2:startall::root@pam: Dec 04 03:29:38 32core pve-guests[2075]: <root@pam> end task UPID:32core:0000081C:000005D6:69308FA2:startall::root@pam: OK Dec 04 03:29:38 32core systemd[1]: Finished pve-guests.service - PVE guests. Dec 04 03:29:38 32core systemd[1]: Starting pvescheduler.service - Proxmox VE scheduler... Dec 04 03:29:39 32core kernel: atlantic 0000:45:00.0 enp69s0: atlantic: link change old 0 new 10000 Dec 04 03:29:39 32core kernel: vmbr0: port 1(enp69s0) entered blocking state Dec 04 03:29:39 32core kernel: vmbr0: port 1(enp69s0) entered forwarding state Dec 04 03:29:39 32core pvescheduler[2079]: starting server Dec 04 03:29:39 32core systemd[1]: Started pvescheduler.service - Proxmox VE scheduler. Dec 04 03:29:39 32core systemd[1]: Reached target multi-user.target - Multi-User System. Dec 04 03:29:39 32core systemd[1]: Reached target graphical.target - Graphical Interface. Dec 04 03:29:39 32core systemd[1]: Startup finished in 40.684s (firmware) + 6.890s (loader) + 4.456s (kernel) + 11.103s (userspace) = 1min 3.135s. Dec 04 03:30:03 32core netavark[1535]: timeout met: exiting after 30 secs of inactivity Dec 04 03:30:03 32core systemd[1]: netavark-dhcp-proxy.service: Deactivated successfully. Dec 04 03:30:07 32core pvedaemon[2047]: <root@pam> successful auth for user 'root@pam' Dec 04 03:30:17 32core chronyd[1703]: Selected source 15.204.87.223 (2.debian.pool.ntp.org) Dec 04 03:30:17 32core chronyd[1703]: System clock TAI offset set to 37 seconds Dec 04 03:30:17 32core sshd-session[2221]: Accepted password for root from 192.168.199.2 port 6648 ssh2 Dec 04 03:30:17 32core sshd-session[2221]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0) Dec 04 03:30:17 32core systemd[1]: Created slice user-0.slice - User Slice of UID 0. Dec 04 03:30:17 32core systemd[1]: Starting user-runtime-dir(a)0.service - User Runtime Directory /run/user/0... Dec 04 03:30:17 32core systemd-logind[1555]: New session 1 of user root. Dec 04 03:30:17 32core systemd[1]: Finished user-runtime-dir(a)0.service - User Runtime Directory /run/user/0. Dec 04 03:30:17 32core systemd[1]: Starting user(a)0.service - User Manager for UID 0... Dec 04 03:30:17 32core (systemd)[2227]: pam_unix(systemd-user:session): session opened for user root(uid=0) by root(uid=0) Dec 04 03:30:17 32core systemd-logind[1555]: New session 2 of user root. Dec 04 03:30:17 32core systemd[2227]: Queued start job for default target default.target. Dec 04 03:30:17 32core systemd[2227]: Created slice app.slice - User Application Slice. Dec 04 03:30:17 32core systemd[2227]: Reached target paths.target - Paths. Dec 04 03:30:17 32core systemd[2227]: Reached target timers.target - Timers. Dec 04 03:30:17 32core systemd[2227]: Starting dbus.socket - D-Bus User Message Bus Socket... Dec 04 03:30:17 32core systemd[2227]: Listening on dirmngr.socket - GnuPG network certificate management daemon. Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent-browser.socket - GnuPG cryptographic agent and passphrase cache (access for web browsers). Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent-extra.socket - GnuPG cryptographic agent and passphrase cache (restricted). Dec 04 03:30:17 32core systemd[2227]: Starting gpg-agent-ssh.socket - GnuPG cryptographic agent (ssh-agent emulation)... Dec 04 03:30:17 32core systemd[2227]: Starting gpg-agent.socket - GnuPG cryptographic agent and passphrase cache... Dec 04 03:30:17 32core systemd[2227]: Listening on keyboxd.socket - GnuPG public key management service. Dec 04 03:30:17 32core systemd[2227]: Starting ssh-agent.socket - OpenSSH Agent socket... Dec 04 03:30:17 32core systemd[2227]: Listening on dbus.socket - D-Bus User Message Bus Socket. Dec 04 03:30:17 32core systemd[2227]: Listening on ssh-agent.socket - OpenSSH Agent socket. Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent-ssh.socket - GnuPG cryptographic agent (ssh-agent emulation). Dec 04 03:30:17 32core systemd[2227]: Listening on gpg-agent.socket - GnuPG cryptographic agent and passphrase cache. Dec 04 03:30:17 32core systemd[2227]: Reached target sockets.target - Sockets. Dec 04 03:30:17 32core systemd[2227]: Reached target basic.target - Basic System. Dec 04 03:30:17 32core systemd[2227]: Reached target default.target - Main User Target. Dec 04 03:30:17 32core systemd[2227]: Startup finished in 272ms. Dec 04 03:30:17 32core systemd[1]: Started user(a)0.service - User Manager for UID 0. Dec 04 03:30:18 32core systemd[1]: Started session-1.scope - Session 1 of User root. Dec 04 03:30:19 32core chronyd[1703]: Selected source 12.205.28.193 (2.debian.pool.ntp.org) Dec 04 03:30:26 32core kernel: NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 Dec 04 03:31:57 32core kernel: BUG: kernel NULL pointer dereference, address: 0000000000000008 Dec 04 03:31:57 32core kernel: #PF: supervisor write access in kernel mode Dec 04 03:31:57 32core kernel: #PF: error_code(0x0002) - not-present page Dec 04 03:31:57 32core kernel: PGD 0 P4D 0 Dec 04 03:31:57 32core kernel: Oops: Oops: 0002 [#1] SMP NOPTI Dec 04 03:31:57 32core kernel: CPU: 50 UID: 0 PID: 2365 Comm: zstd Tainted: P O 6.17.2-2-pve #1 PREEMPT(voluntary) Dec 04 03:31:57 32core kernel: Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE Dec 04 03:31:57 32core kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./TRX40 Creator, BIOS P1.88C 12/23/2024 Dec 04 03:31:57 32core kernel: RIP: 0010:list_lru_del+0xc0/0x180 Dec 04 03:31:57 32core kernel: Code: 00 00 00 00 00 00 00 80 48 39 c2 74 64 e8 58 62 db ff 49 8b 55 00 49 39 d5 0f 84 9c 00 00 00 49 8b 4d 00 49 8b 55 08 4c 89 e7 <48> 89 51 08 48 89 0a 4d 89 6d 00 4d 89 6d 08 49 83 6f 10 01 e8 f7 Dec 04 03:31:57 32core kernel: RSP: 0018:ffffd3ed589ef600 EFLAGS: 00010086 Dec 04 03:31:57 32core kernel: RAX: 0000000000000000 RBX: ffffffff997f07e0 RCX: 0000000000000000 Dec 04 03:31:57 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: RBP: ffffd3ed589ef640 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:31:57 32core kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: R13: ffff8b61a34319e8 R14: ffff8b43dfcfabc0 R15: ffff8b43c3fa30d0 Dec 04 03:31:57 32core kernel: FS: 00007ea767a956c0(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:31:57 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:31:57 32core kernel: CR2: 0000000000000008 CR3: 000000014b096000 CR4: 0000000000350ef0 Dec 04 03:31:57 32core kernel: Call Trace: Dec 04 03:31:57 32core kernel: <TASK> Dec 04 03:31:57 32core kernel: list_lru_del_obj+0x7f/0xe0 Dec 04 03:31:57 32core kernel: workingset_update_node+0x61/0xb0 Dec 04 03:31:57 32core kernel: xas_store+0x25f/0x6d0 Dec 04 03:31:57 32core kernel: __filemap_add_folio+0x234/0x510 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? __pfx_workingset_update_node+0x10/0x10 Dec 04 03:31:57 32core kernel: filemap_add_folio+0x99/0xf0 Dec 04 03:31:57 32core kernel: page_cache_ra_order+0x205/0x3b0 Dec 04 03:31:57 32core kernel: page_cache_async_ra+0x19f/0x1f0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? filemap_get_read_batch+0x15b/0x2e0 Dec 04 03:31:57 32core kernel: filemap_readahead.isra.0+0x73/0xb0 Dec 04 03:31:57 32core kernel: filemap_get_pages+0x40f/0x740 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? sched_clock_noinstr+0x9/0x10 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: filemap_read+0x114/0x4a0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: generic_file_read_iter+0xbb/0x110 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? apparmor_file_permission+0x1f/0x30 Dec 04 03:31:57 32core kernel: ext4_file_read_iter+0x60/0x200 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: vfs_read+0x274/0x390 Dec 04 03:31:57 32core kernel: ksys_read+0x6f/0xf0 Dec 04 03:31:57 32core kernel: __x64_sys_read+0x19/0x30 Dec 04 03:31:57 32core kernel: x64_sys_call+0x1e95/0x2330 Dec 04 03:31:57 32core kernel: do_syscall_64+0x80/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? ksys_read+0xd9/0xf0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? __x64_sys_read+0x19/0x30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? x64_sys_call+0x1e95/0x2330 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? ext4_file_read_iter+0x60/0x200 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? vfs_read+0x274/0x390 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? ksys_read+0xd9/0xf0 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? __x64_sys_read+0x19/0x30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? x64_sys_call+0x1e95/0x2330 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:31:57 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:31:57 32core kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Dec 04 03:31:57 32core kernel: RIP: 0033:0x7ea7684929ee Dec 04 03:31:57 32core kernel: Code: 08 0f 85 f5 4b ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 Dec 04 03:31:57 32core kernel: RSP: 002b:00007ea767a94d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 Dec 04 03:31:57 32core kernel: RAX: ffffffffffffffda RBX: 00007ea767a956c0 RCX: 00007ea7684929ee Dec 04 03:31:57 32core kernel: RDX: 0000000000020000 RSI: 00007ea76716c010 RDI: 0000000000000003 Dec 04 03:31:57 32core kernel: RBP: 00007ea7685ddfd0 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:31:57 32core kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 00007ea76716c010 Dec 04 03:31:57 32core kernel: R13: 0000000000020000 R14: 00007ea7685dde80 R15: 0000000000020000 Dec 04 03:31:57 32core kernel: </TASK> Dec 04 03:31:57 32core kernel: Modules linked in: ebtable_filter ebtables ip_set ip6table_raw iptable_raw ip6table_filter ip6_tables iptable_filter scsi_transport_iscsi nf_tables qrtr bonding tls at24 spd5118 softdog sunrpc binfmt_misc nfnetlink_log iwlmvm mac80211 libarc4 btusb btrtl btintel btbcm btmtk iwlwifi bluetooth input_leds cfg80211 amd_atl intel_rapl_msr intel_rapl_common sch_fq_codel amdgpu amdxcp snd_hda_codec_atihdmi edac_mce_amd drm_panel_backlight_quirks snd_hda_codec_hdmi snd_hda_intel gpu_sched radeon snd_hda_codec drm_buddy snd_usb_audio kvm_amd snd_hda_core drm_ttm_helper snd_usbmidi_lib ttm drm_exec snd_intel_dspcfg snd_ump drm_suballoc_helper snd_intel_sdw_acpi snd_rawmidi snd_hwdep kvm snd_seq_device drm_display_helper snd_pcm cec polyval_clmulni snd_timer rc_core ghash_clmulni_intel snd aesni_intel joydev i2c_algo_bit rapl wmi_bmof pcspkr ccp mxm_wmi ee1004 video k10temp soundcore mac_hid mc zfs(PO) spl(O) vhost_net vhost vhost_iotlb tap nct6683 lm83 vfio_pci vfio_pci_core irqbypass vfio_iommu_type1 vfio iommufd Dec 04 03:31:57 32core kernel: msr efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq hid_multitouch uas usb_storage usbkbd usbmouse hid_generic usbhid hid dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio nvme atlantic r8169 nvme_core xhci_pci ahci nvme_keyring libahci macsec realtek nvme_auth xhci_hcd i2c_piix4 i2c_smbus wmi Dec 04 03:31:57 32core kernel: CR2: 0000000000000008 Dec 04 03:31:57 32core kernel: ---[ end trace 0000000000000000 ]--- Dec 04 03:31:57 32core kernel: RIP: 0010:list_lru_del+0xc0/0x180 Dec 04 03:31:57 32core kernel: Code: 00 00 00 00 00 00 00 80 48 39 c2 74 64 e8 58 62 db ff 49 8b 55 00 49 39 d5 0f 84 9c 00 00 00 49 8b 4d 00 49 8b 55 08 4c 89 e7 <48> 89 51 08 48 89 0a 4d 89 6d 00 4d 89 6d 08 49 83 6f 10 01 e8 f7 Dec 04 03:31:57 32core kernel: RSP: 0018:ffffd3ed589ef600 EFLAGS: 00010086 Dec 04 03:31:57 32core kernel: RAX: 0000000000000000 RBX: ffffffff997f07e0 RCX: 0000000000000000 Dec 04 03:31:57 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: RBP: ffffd3ed589ef640 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:31:57 32core kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b43c3fa30e8 Dec 04 03:31:57 32core kernel: R13: ffff8b61a34319e8 R14: ffff8b43dfcfabc0 R15: ffff8b43c3fa30d0 Dec 04 03:31:57 32core kernel: FS: 00007ea767a956c0(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:31:57 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:31:57 32core kernel: CR2: 0000000000000008 CR3: 000000014b096000 CR4: 0000000000350ef0 Dec 04 03:31:57 32core kernel: note: zstd[2365] exited with irqs disabled Dec 04 03:31:57 32core kernel: note: zstd[2365] exited with preempt_count 2 Dec 04 03:32:33 32core kernel: Oops: general protection fault, probably for non-canonical address 0x9a3ae555524f6ec2: 0000 [#2] SMP NOPTI Dec 04 03:32:33 32core kernel: CPU: 50 UID: 0 PID: 1547 Comm: ksmtuned Tainted: P D O 6.17.2-2-pve #1 PREEMPT(voluntary) Dec 04 03:32:33 32core kernel: Tainted: [P]=PROPRIETARY_MODULE, [D]=DIE, [O]=OOT_MODULE Dec 04 03:32:33 32core kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./TRX40 Creator, BIOS P1.88C 12/23/2024 Dec 04 03:32:33 32core kernel: RIP: 0010:kmem_cache_alloc_noprof+0x203/0x3e0 Dec 04 03:32:33 32core kernel: Code: 84 ce fe ff ff 48 85 db 0f 84 c5 fe ff ff 48 8b 03 48 c1 e8 36 41 39 c2 0f 85 b5 fe ff ff 41 8b 44 24 28 49 8b 34 24 48 01 f8 <48> 8b 18 48 89 c1 49 33 9c 24 b8 00 00 00 48 89 f8 48 0f c9 48 31 Dec 04 03:32:33 32core kernel: RSP: 0018:ffffd3ed42de3990 EFLAGS: 00010282 Dec 04 03:32:33 32core kernel: RAX: 9a3ae555524f6ec2 RBX: fffffc073b8d0c00 RCX: 0000000000000000 Dec 04 03:32:33 32core kernel: RDX: 0000000033e52032 RSI: ffffffff996b42d0 RDI: 9a3ae555524f6c82 Dec 04 03:32:33 32core kernel: RBP: ffffd3ed42de39d8 R08: 0000000000000028 R09: 0000000000000000 Dec 04 03:32:33 32core kernel: R10: 00000000ffffffff R11: 00000000003fffff R12: ffff8b43c0055e00 Dec 04 03:32:33 32core kernel: R13: 0000000000002820 R14: 0000000000000240 R15: ffffffff97cac677 Dec 04 03:32:33 32core kernel: FS: 000074d3ea109740(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:32:33 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:32:33 32core kernel: CR2: 000074d3ea2f57b0 CR3: 00000001112c5000 CR4: 0000000000350ef0 Dec 04 03:32:33 32core kernel: Call Trace: Dec 04 03:32:33 32core kernel: <TASK> Dec 04 03:32:33 32core kernel: radix_tree_node_alloc.constprop.0+0xb7/0x100 Dec 04 03:32:33 32core kernel: idr_get_free+0x26d/0x330 Dec 04 03:32:33 32core kernel: idr_alloc_u32+0x7d/0xf0 Dec 04 03:32:33 32core kernel: idr_alloc_cyclic+0x57/0xc0 Dec 04 03:32:33 32core kernel: alloc_pid+0x1b8/0x410 Dec 04 03:32:33 32core kernel: copy_process+0x1298/0x1ca0 Dec 04 03:32:33 32core kernel: kernel_clone+0xb6/0x4b0 Dec 04 03:32:33 32core kernel: __do_sys_clone+0x68/0xa0 Dec 04 03:32:33 32core kernel: __x64_sys_clone+0x25/0x40 Dec 04 03:32:33 32core kernel: x64_sys_call+0x1b4d/0x2330 Dec 04 03:32:33 32core kernel: do_syscall_64+0x80/0xa30 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? __handle_mm_fault+0xadb/0xfd0 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? count_memcg_events+0xd7/0x1a0 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? __set_task_blocked+0x29/0x80 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? _copy_to_user+0x31/0x60 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? __x64_sys_rt_sigprocmask+0xee/0x160 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? x64_sys_call+0x178d/0x2330 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? x64_sys_call+0x178d/0x2330 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? do_syscall_64+0xb8/0xa30 Dec 04 03:32:33 32core kernel: ? irqentry_exit+0x43/0x50 Dec 04 03:32:33 32core kernel: ? srso_return_thunk+0x5/0x5f Dec 04 03:32:33 32core kernel: ? exc_page_fault+0x90/0x1b0 Dec 04 03:32:33 32core kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Dec 04 03:32:33 32core kernel: RIP: 0033:0x74d3ea1e9202 Dec 04 03:32:33 32core kernel: Code: 89 e7 e8 71 3b f6 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 89 c5 85 c0 75 31 64 48 8b 04 25 10 00 00 Dec 04 03:32:33 32core kernel: RSP: 002b:00007ffd24e48590 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 Dec 04 03:32:33 32core kernel: RAX: ffffffffffffffda RBX: 00007ffd24e48590 RCX: 000074d3ea1e9202 Dec 04 03:32:33 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 Dec 04 03:32:33 32core kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:32:33 32core kernel: R10: 000074d3ea109a10 R11: 0000000000000246 R12: 00007ffd24e48700 Dec 04 03:32:33 32core kernel: R13: 0000000000000000 R14: 0000000000000000 R15: 00000000ffffffff Dec 04 03:32:33 32core kernel: </TASK> Dec 04 03:32:33 32core kernel: Modules linked in: ebtable_filter ebtables ip_set ip6table_raw iptable_raw ip6table_filter ip6_tables iptable_filter scsi_transport_iscsi nf_tables qrtr bonding tls at24 spd5118 softdog sunrpc binfmt_misc nfnetlink_log iwlmvm mac80211 libarc4 btusb btrtl btintel btbcm btmtk iwlwifi bluetooth input_leds cfg80211 amd_atl intel_rapl_msr intel_rapl_common sch_fq_codel amdgpu amdxcp snd_hda_codec_atihdmi edac_mce_amd drm_panel_backlight_quirks snd_hda_codec_hdmi snd_hda_intel gpu_sched radeon snd_hda_codec drm_buddy snd_usb_audio kvm_amd snd_hda_core drm_ttm_helper snd_usbmidi_lib ttm drm_exec snd_intel_dspcfg snd_ump drm_suballoc_helper snd_intel_sdw_acpi snd_rawmidi snd_hwdep kvm snd_seq_device drm_display_helper snd_pcm cec polyval_clmulni snd_timer rc_core ghash_clmulni_intel snd aesni_intel joydev i2c_algo_bit rapl wmi_bmof pcspkr ccp mxm_wmi ee1004 video k10temp soundcore mac_hid mc zfs(PO) spl(O) vhost_net vhost vhost_iotlb tap nct6683 lm83 vfio_pci vfio_pci_core irqbypass vfio_iommu_type1 vfio iommufd Dec 04 03:32:33 32core kernel: msr efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq hid_multitouch uas usb_storage usbkbd usbmouse hid_generic usbhid hid dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio nvme atlantic r8169 nvme_core xhci_pci ahci nvme_keyring libahci macsec realtek nvme_auth xhci_hcd i2c_piix4 i2c_smbus wmi Dec 04 03:32:33 32core kernel: ---[ end trace 0000000000000000 ]--- Dec 04 03:32:33 32core kernel: RIP: 0010:list_lru_del+0xc0/0x180 Dec 04 03:32:33 32core kernel: Code: 00 00 00 00 00 00 00 80 48 39 c2 74 64 e8 58 62 db ff 49 8b 55 00 49 39 d5 0f 84 9c 00 00 00 49 8b 4d 00 49 8b 55 08 4c 89 e7 <48> 89 51 08 48 89 0a 4d 89 6d 00 4d 89 6d 08 49 83 6f 10 01 e8 f7 Dec 04 03:32:33 32core kernel: RSP: 0018:ffffd3ed589ef600 EFLAGS: 00010086 Dec 04 03:32:33 32core kernel: RAX: 0000000000000000 RBX: ffffffff997f07e0 RCX: 0000000000000000 Dec 04 03:32:33 32core kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b43c3fa30e8 Dec 04 03:32:33 32core kernel: RBP: ffffd3ed589ef640 R08: 0000000000000000 R09: 0000000000000000 Dec 04 03:32:33 32core kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b43c3fa30e8 Dec 04 03:32:33 32core kernel: R13: ffff8b61a34319e8 R14: ffff8b43dfcfabc0 R15: ffff8b43c3fa30d0 Dec 04 03:32:33 32core kernel: FS: 000074d3ea109740(0000) GS:ffff8b6325286000(0000) knlGS:0000000000000000 Dec 04 03:32:33 32core kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 04 03:32:33 32core kernel: CR2: 000074d3ea2f57b0 CR3: 00000001112c5000 CR4: 0000000000350ef0 Dec 04 03:32:33 32core kernel: note: ksmtuned[1547] exited with preempt_count 2 Dec 04 03:32:33 32core systemd[1]: ksmtuned.service: Main process exited, code=killed, status=11/SEGV Dec 04 03:32:33 32core systemd[1]: ksmtuned.service: Failed with result 'signal'. Dec 04 03:33:00 32core kernel: watchdog: BUG: soft lockup - CPU#17 stuck for 23s! [pve-firewall:2018] -- 此致礼罗勇刚 Yours sincerely, Yonggang Luo

4 days, 17 hours

2
2
0 0

[PATCH v2 0/2] netrom: fix deadlock and refcount leak in nr_rt_device_down

by Junjie Cao

Hi, syzbot reported a circular locking dependency in the NET/ROM routing code involving nr_neigh_list_lock, nr_node_list_lock and nr_node->node_lock when nr_rt_device_down() interacts with the ioctl path. This series fixes that deadlock and also addresses a long-standing reference count leak found while auditing the same code. Patch 1/2 refactors nr_rt_device_down() to avoid nested locking between nr_neigh_list_lock and nr_node_list_lock by doing two separate passes over nodes and neighbours, and adjusts nr_rt_free() to follow the same lock ordering. Patch 2/2 fixes a per-route reference count leak by dropping nr_neigh->count and calling nr_neigh_put() when removing routes from nr_rt_device_down(), mirroring the behaviour of nr_dec_obs()/nr_del_node(). [1] https://syzkaller.appspot.com/bug?extid=14afda08dc3484d5db82 Thanks, Junjie

4 days, 18 hours

1
2
0 0

[PATCH v2] net/handshake: restore destructor on submit failure

by caoping

handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path. Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Signed-off-by: caoping <caoping(a)cmss.chinamobile.com> --- net/handshake/request.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/handshake/request.c b/net/handshake/request.c index 274d2c89b6b2..89435ed755cd 100644 --- a/net/handshake/request.c +++ b/net/handshake/request.c @@ -276,6 +276,8 @@ int handshake_req_submit(struct socket *sock, struct handshake_req *req, out_unlock: spin_unlock(&hn->hn_lock); out_err: + /* Restore original destructor so socket teardown still runs on failure */ + req->hr_sk->sk_destruct = req->hr_odestruct; trace_handshake_submit_err(net, req, req->hr_sk, ret); handshake_req_destroy(req); return ret; base-commit: 4a26e7032d7d57c998598c08a034872d6f0d3945 -- 2.47.3

4 days, 18 hours

2
1
0 0

[PATCH v2 2/2] kasan: Unpoison vms[area] addresses with a common tag

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Use the modified __kasan_unpoison_vmalloc() to pass the tag of the first vm_struct's address when vm_structs are unpoisoned in pcpu_get_vm_areas(). Assigning a common tag resolves the pcpu chunk address mismatch. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> --- Changelog v2: - Revise the whole patch to match the fixed refactorization from the first patch. Changelog v1: - Rewrite the patch message to point at the user impact of the issue. - Move helper to common.c so it can be compiled in all KASAN modes. mm/kasan/common.c | 3 ++- mm/kasan/hw_tags.c | 12 ++++++++---- mm/kasan/shadow.c | 15 +++++++++++---- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 7884ea7d13f9..e5a867a5670b 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -591,11 +591,12 @@ void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, unsigned long size; void *addr; int area; + u8 tag = get_tag(vms[0]->addr); for (area = 0 ; area < nr_vms ; area++) { size = vms[area]->size; addr = vms[area]->addr; - vms[area]->addr = __kasan_unpoison_vmap_areas(addr, size, flags); + vms[area]->addr = __kasan_unpoison_vmap_areas(addr, size, flags, tag); } } #endif diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 4b7936a2bd6f..2a02b898b9d8 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -317,7 +317,7 @@ static void init_vmalloc_pages(const void *start, unsigned long size) } static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, int unpoison_tag) { u8 tag; unsigned long redzone_start, redzone_size; @@ -361,7 +361,11 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, return (void *)start; } - tag = kasan_random_tag(); + if (unpoison_tag < 0) + tag = kasan_random_tag(); + else + tag = unpoison_tag; + start = set_tag(start, tag); /* Unpoison and initialize memory up to size. */ @@ -390,7 +394,7 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, void *__kasan_random_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) { - return __kasan_unpoison_vmalloc(start, size, flags); + return __kasan_unpoison_vmalloc(start, size, flags, -1); } void __kasan_poison_vmalloc(const void *start, unsigned long size) @@ -405,7 +409,7 @@ void __kasan_poison_vmalloc(const void *start, unsigned long size) void *__kasan_unpoison_vmap_areas(void *addr, unsigned long size, kasan_vmalloc_flags_t flags, u8 tag) { - return __kasan_unpoison_vmalloc(addr, size, flags); + return __kasan_unpoison_vmalloc(addr, size, flags, tag); } #endif diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 0a8d8bf6e9cf..7a66ffc1d5b3 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -625,8 +625,10 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, } static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, int unpoison_tag) { + u8 tag; + /* * Software KASAN modes unpoison both VM_ALLOC and non-VM_ALLOC * mappings, so the KASAN_VMALLOC_VM_ALLOC flag is ignored. @@ -648,7 +650,12 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, !(flags & KASAN_VMALLOC_PROT_NORMAL)) return (void *)start; - start = set_tag(start, kasan_random_tag()); + if (unpoison_tag < 0) + tag = kasan_random_tag(); + else + tag = unpoison_tag; + + start = set_tag(start, tag); kasan_unpoison(start, size, false); return (void *)start; } @@ -656,13 +663,13 @@ static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, void *__kasan_random_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) { - return __kasan_unpoison_vmalloc(start, size, flags); + return __kasan_unpoison_vmalloc(start, size, flags, -1); } void *__kasan_unpoison_vmap_areas(void *addr, unsigned long size, kasan_vmalloc_flags_t flags, u8 tag) { - return __kasan_unpoison_vmalloc(addr, size, flags); + return __kasan_unpoison_vmalloc(addr, size, flags, tag); } /* -- 2.52.0

4 days, 19 hours

3
4
0 0

[PATCH 6.1] fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF

by Chen Yu

From: Baokun Li <libaokun1(a)huawei.com> commit 72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f upstream. The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. If timer_reduce() is called before removing the fscache module, the fscache_cookie_lru_timer will be added to the timer list of the current cpu. Afterwards, a use-after-free will be triggered in the softIRQ after removing the fscache module, as follows: ================================================================== BUG: unable to handle page fault for address: fffffbfff803c9e9 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855 Tainted: [W]=WARN RIP: 0010:__run_timer_base.part.0+0x254/0x8a0 Call Trace: <IRQ> tmigr_handle_remote_up+0x627/0x810 __walk_groups.isra.0+0x47/0x140 tmigr_handle_remote+0x1fa/0x2f0 handle_softirqs+0x180/0x590 irq_exit_rcu+0x84/0xb0 sysvec_apic_timer_interrupt+0x6e/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 default_idle_call+0x38/0x60 do_idle+0x2b5/0x300 cpu_startup_entry+0x54/0x60 start_secondary+0x20d/0x280 common_startup_64+0x13e/0x148 </TASK> Modules linked in: [last unloaded: netfs] ================================================================== Therefore delete fscache_cookie_lru_timer when removing the fscahe module. Fixes: 12bb21a29c19 ("fscache: Implement cookie user counting and resource pinning") Cc: stable(a)kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Link: https://lore.kernel.org/r/20240826112056.2458299-1-libaokun@huaweicloud.com Acked-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Christian Brauner <brauner(a)kernel.org> [ Changed the file path due to missing commit:47757ea83a54 ("netfs, fscache: Move fs/fscache/* into fs/netfs/") ] Signed-off-by: Chen Yu <xnguchen(a)sina.cn> --- fs/fscache/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/fscache/main.c b/fs/fscache/main.c index dad85fd84f6f..7a60cd96e87e 100644 --- a/fs/fscache/main.c +++ b/fs/fscache/main.c @@ -114,6 +114,7 @@ static void __exit fscache_exit(void) kmem_cache_destroy(fscache_cookie_jar); fscache_proc_cleanup(); + timer_shutdown_sync(&fscache_cookie_lru_timer); destroy_workqueue(fscache_wq); pr_notice("Unloaded\n"); } -- 2.17.1

4 days, 20 hours

1
0
0 0

[PATCH net v3 1/1] atm: mpoa: Fix UAF on qos_head list in procfs

by Minseong Kim

The global QoS list 'qos_head' in net/atm/mpc.c is accessed from the /proc/net/atm/mpc procfs interface without proper synchronization. The read-side seq_file show path (mpc_show() -> atm_mpoa_disp_qos()) walks qos_head without any lock, while the write-side path (proc_mpc_write() -> parse_qos() -> atm_mpoa_delete_qos()) can unlink and kfree() entries immediately. Concurrent read/write therefore leads to a use-after-free. Fix this by serializing all qos_head list operations with a mutex. A mutex is used because seq_printf() may sleep. To avoid returning an unprotected pointer (and the resulting lifetime race), replace atm_mpoa_search_qos() with atm_mpoa_get_qos(), which copies the QoS under lock. Also add atm_mpoa_delete_qos_by_ip() so search+unlink+free is atomic under the same lock, preventing concurrent double-free/UAF scenarios. KASAN report: [ 15.911538] BUG: KASAN: slab-use-after-free in atm_mpoa_disp_qos+0x202/0x380 [ 15.911988] Read of size 8 at addr ffff888007517380 by task mpoa_uaf_poc/89 [ 15.912123] [ 15.912717] CPU: 0 UID: 0 PID: 89 Comm: mpoa_uaf_poc Not tainted 6.17.8 #1 PREEMPT(voluntary) [ 15.912950] Hardware name: QEMU Ubuntu 25.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.913110] Call Trace: [ 15.913167] <TASK> [ 15.913247] dump_stack_lvl+0x4e/0x70 [ 15.913343] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913364] print_report+0x174/0x4f6 [ 15.913386] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 15.913412] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913430] kasan_report+0xce/0x100 [ 15.913453] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913475] atm_mpoa_disp_qos+0x202/0x380 [ 15.913496] mpc_show+0x575/0x700 [ 15.913515] ? kasan_save_track+0x14/0x30 [ 15.913532] ? __pfx_mpc_show+0x10/0x10 [ 15.913550] ? __pfx_mutex_lock+0x10/0x10 [ 15.913565] ? seq_read_iter+0x697/0x1110 [ 15.913584] seq_read_iter+0x2bc/0x1110 [ 15.913607] seq_read+0x267/0x3d0 [ 15.913623] ? __pfx_seq_read+0x10/0x10 [ 15.913650] proc_reg_read+0x1ab/0x270 [ 15.913669] vfs_read+0x175/0xa10 [ 15.913687] ? do_sys_openat2+0x103/0x170 [ 15.913701] ? kmem_cache_free+0xc4/0x360 [ 15.913718] ? getname_flags.part.0+0xf3/0x470 [ 15.913734] ? __pfx_vfs_read+0x10/0x10 [ 15.913751] ? mutex_lock+0x81/0xe0 [ 15.913766] ? __pfx_mutex_lock+0x10/0x10 [ 15.913782] ? __rseq_handle_notify_resume+0x4c4/0xac0 [ 15.913802] ? fdget_pos+0x24d/0x4b0 [ 15.913829] ksys_read+0xf7/0x1c0 [ 15.913850] ? __pfx_ksys_read+0x10/0x10 [ 15.913877] do_syscall_64+0xa4/0x290 [ 15.913917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.913981] RIP: 0033:0x45c982 [ 15.914171] Code: 08 0f 85 71 ea ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 55 48 89 e5 [ 15.914239] RSP: 002b:00007f4b2b2cb0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 15.914315] RAX: ffffffffffffffda RBX: 00007f4b2b2cc6c0 RCX: 000000000045c982 [ 15.914352] RDX: 0000000000000fff RSI: 00007f4b2b2cb220 RDI: 0000000000000014 [ 15.914382] RBP: 00007f4b2b2cb100 R08: 0000000000000000 R09: 0000000000000000 [ 15.914413] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 15.914445] R13: ffffffffffffffd0 R14: 0000000000000000 R15: 00007ffd386450c0 [ 15.914483] </TASK> [ 15.914533] [ 15.916812] Allocated by task 78: [ 15.916975] kasan_save_stack+0x30/0x50 [ 15.917047] kasan_save_track+0x14/0x30 [ 15.917105] __kasan_kmalloc+0x8f/0xa0 [ 15.917162] atm_mpoa_add_qos+0x1bb/0x3c0 [ 15.917220] parse_qos.cold+0x73/0x7d [ 15.917276] proc_mpc_write+0xf4/0x150 [ 15.917331] proc_reg_write+0x1ab/0x270 [ 15.917379] vfs_write+0x1ce/0xd30 [ 15.917431] ksys_write+0xf7/0x1c0 [ 15.917476] do_syscall_64+0xa4/0x290 [ 15.917523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.917586] [ 15.917628] Freed by task 78: [ 15.917665] kasan_save_stack+0x30/0x50 [ 15.917714] kasan_save_track+0x14/0x30 [ 15.917762] kasan_save_free_info+0x3b/0x70 [ 15.917811] __kasan_slab_free+0x3e/0x50 [ 15.918058] kfree+0x121/0x340 [ 15.918135] atm_mpoa_delete_qos+0xad/0xd0 [ 15.918196] parse_qos+0x1e5/0x1f0 [ 15.918339] proc_mpc_write+0xf4/0x150 [ 15.918438] proc_reg_write+0x1ab/0x270 [ 15.918494] vfs_write+0x1ce/0xd30 [ 15.918538] ksys_write+0xf7/0x1c0 [ 15.918589] do_syscall_64+0xa4/0x290 [ 15.918634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.918694] [ 15.918751] The buggy address belongs to the object at ffff888007517380 [ 15.918751] which belongs to the cache kmalloc-96 of size 96 [ 15.918911] The buggy address is located 0 bytes inside of [ 15.918911] freed 96-byte region [ffff888007517380, ffff8880075173e0) [ 15.919027] [ 15.919101] The buggy address belongs to the physical page: [ 15.919416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888007517300 pfn:0x7517 [ 15.919679] anon flags: 0x100000000000000(node=0|zone=1) [ 15.920064] page_type: f5(slab) [ 15.920361] raw: 0100000000000000 ffff888006c41280 0000000000000000 dead000000000001 [ 15.920460] raw: ffff888007517300 0000000080200007 00000000f5000000 0000000000000000 [ 15.920577] page dumped because: kasan: bad access detected [ 15.920634] [ 15.920663] Memory state around the buggy address: [ 15.920860] ffff888007517280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.920944] ffff888007517300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921017] >ffff888007517380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921088] ^ [ 15.921163] ffff888007517400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921222] ffff888007517480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Closes: https://lore.kernel.org/netdev/CAKrymDR1X3XTX_1ZW3XXXnuYH+kzsnv7Av5uivzR1st… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- net/atm/mpc.c | 184 ++++++++++++++++++++++++++++++++---------- net/atm/mpc.h | 3 +- net/atm/mpoa_caches.c | 17 ++-- net/atm/mpoa_proc.c | 2 +- 4 files changed, 149 insertions(+), 57 deletions(-) diff --git a/net/atm/mpc.c b/net/atm/mpc.c index f6b447bba329..650081dd82d1 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -9,6 +9,7 @@ #include <linux/bitops.h> #include <linux/capability.h> #include <linux/seq_file.h> +#include <linux/mutex.h> /* We are an ethernet device */ #include <linux/if_ether.h> @@ -122,6 +123,7 @@ static struct notifier_block mpoa_notifier = { struct mpoa_client *mpcs = NULL; /* FIXME */ static struct atm_mpoa_qos *qos_head = NULL; +static DEFINE_MUTEX(qos_mutex); /* Protect qos_head list */ static DEFINE_TIMER(mpc_timer, mpc_cache_check); @@ -172,67 +174,63 @@ static struct mpoa_client *find_mpc_by_lec(struct net_device *dev) */ /* - * Overwrites the old entry or makes a new one. + * Search for a QoS entry. Caller must hold qos_mutex. + * Returns pointer to entry if found, NULL otherwise. */ -struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) +static struct atm_mpoa_qos *__atm_mpoa_search_qos(__be32 dst_ip) { - struct atm_mpoa_qos *entry; - - entry = atm_mpoa_search_qos(dst_ip); - if (entry != NULL) { - entry->qos = *qos; - return entry; - } + struct atm_mpoa_qos *qos = qos_head; - entry = kmalloc(sizeof(struct atm_mpoa_qos), GFP_KERNEL); - if (entry == NULL) { - pr_info("mpoa: out of memory\n"); - return entry; + while (qos) { + if (qos->ipaddr == dst_ip) + return qos; + qos = qos->next; } - - entry->ipaddr = dst_ip; - entry->qos = *qos; - - entry->next = qos_head; - qos_head = entry; - - return entry; + return NULL; } -struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) +/* + * Get a QoS entry by copying its value. + * Caller gets a COPY of qos under lock. + * Returns true if found and copied, false if not found. + * This avoids lifetime issues with the returned pointer. + */ +bool atm_mpoa_get_qos(__be32 dst_ip, struct atm_qos *out) { - struct atm_mpoa_qos *qos; + struct atm_mpoa_qos *q; - qos = qos_head; - while (qos) { - if (qos->ipaddr == dst_ip) - break; - qos = qos->next; - } + if (!out) + return false; - return qos; + mutex_lock(&qos_mutex); + q = __atm_mpoa_search_qos(dst_ip); + if (q) + *out = q->qos; + mutex_unlock(&qos_mutex); + + return q; } /* - * Returns 0 for failure + * Delete a QoS entry from the list. Caller must hold qos_mutex. + * Returns 1 if found and deleted, 0 if not found. */ -int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) +static int __atm_mpoa_delete_qos_locked(struct atm_mpoa_qos *entry) { struct atm_mpoa_qos *curr; - if (entry == NULL) + if (!entry) return 0; + if (entry == qos_head) { - qos_head = qos_head->next; - kfree(entry); + qos_head = entry->next; return 1; } curr = qos_head; - while (curr != NULL) { + while (curr) { if (curr->next == entry) { curr->next = entry->next; - kfree(entry); return 1; } curr = curr->next; @@ -241,15 +239,107 @@ int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) return 0; } +/* + * Delete a QoS entry by IP address. + * This is atomic: search+unlink+free happens entirely under lock, + * avoiding the double-free issue with atm_mpoa_delete_qos(atm_mpoa_search_qos(ipaddr)). + */ +int atm_mpoa_delete_qos_by_ip(__be32 dst_ip) +{ + struct atm_mpoa_qos *entry; + int ret = 0; + + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + ret = __atm_mpoa_delete_qos_locked(entry); + if (ret) + kfree(entry); + } + mutex_unlock(&qos_mutex); + + return ret; +} + +/* + * Overwrites the old entry or makes a new one. + */ +struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) +{ + struct atm_mpoa_qos *entry; + struct atm_mpoa_qos *new; + + /* Fast path: update existing entry */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + return entry; + } + mutex_unlock(&qos_mutex); + + /* Allocate outside lock */ + new = kmalloc(sizeof(*new), GFP_KERNEL); + if (!new) + return NULL; + + new->ipaddr = dst_ip; + new->qos = *qos; + + /* Re-check under lock to avoid duplicates */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + kfree(new); + return entry; + } + + new->next = qos_head; + qos_head = new; + mutex_unlock(&qos_mutex); + + return new; +} + +/* + * Delete a QoS entry by pointer. + * WARNING: This function is unsafe if called with an entry pointer + * obtained outside of qos_mutex protection. The entry may have been + * freed by another thread between the time the pointer was obtained + * and when this function is called. + * Use atm_mpoa_delete_qos_by_ip() instead for safe deletion by IP address. + * Returns 0 for failure, 1 for success + */ +int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) +{ + int ret; + + if (!entry) + return 0; + + mutex_lock(&qos_mutex); + ret = __atm_mpoa_delete_qos_locked(entry); + if (ret) + kfree(entry); + mutex_unlock(&qos_mutex); + + return ret; +} + /* this is buggered - we need locking for qos_head */ void atm_mpoa_disp_qos(struct seq_file *m) { struct atm_mpoa_qos *qos; - qos = qos_head; seq_printf(m, "QoS entries for shortcuts:\n"); - seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n" + " RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + mutex_lock(&qos_mutex); + qos = qos_head; while (qos != NULL) { seq_printf(m, "%pI4\n %-7d %-7d %-7d %-7d %-7d\n %-7d %-7d %-7d %-7d %-7d\n", &qos->ipaddr, @@ -265,6 +355,7 @@ void atm_mpoa_disp_qos(struct seq_file *m) qos->qos.rxtp.max_sdu); qos = qos->next; } + mutex_unlock(&qos_mutex); } static struct net_device *find_lec_by_itfnum(int itf) @@ -1118,13 +1209,16 @@ static void check_qos_and_open_shortcut(struct k_message *msg, in_cache_entry *entry) { __be32 dst_ip = msg->content.in_info.in_dst_ip; - struct atm_mpoa_qos *qos = atm_mpoa_search_qos(dst_ip); + struct atm_qos tmp_qos; + bool has_qos; eg_cache_entry *eg_entry = client->eg_ops->get_by_src_ip(dst_ip, client); + has_qos = atm_mpoa_get_qos(dst_ip, &tmp_qos); + if (eg_entry && eg_entry->shortcut) { if (eg_entry->shortcut->qos.txtp.traffic_class & msg->qos.txtp.traffic_class & - (qos ? qos->qos.txtp.traffic_class : ATM_UBR | ATM_CBR)) { + (has_qos ? tmp_qos.txtp.traffic_class : ATM_UBR | ATM_CBR)) { if (eg_entry->shortcut->qos.txtp.traffic_class == ATM_UBR) entry->shortcut = eg_entry->shortcut; else if (eg_entry->shortcut->qos.txtp.max_pcr > 0) @@ -1142,9 +1236,9 @@ static void check_qos_and_open_shortcut(struct k_message *msg, /* No luck in the egress cache we must open an ingress SVC */ msg->type = OPEN_INGRESS_SVC; - if (qos && - (qos->qos.txtp.traffic_class == msg->qos.txtp.traffic_class)) { - msg->qos = qos->qos; + if (has_qos && + tmp_qos.txtp.traffic_class == msg->qos.txtp.traffic_class) { + msg->qos = tmp_qos; pr_info("(%s) trying to get a CBR shortcut\n", client->dev->name); } else @@ -1521,8 +1615,10 @@ static void __exit atm_mpoa_cleanup(void) mpc = tmp; } + mutex_lock(&qos_mutex); qos = qos_head; qos_head = NULL; + mutex_unlock(&qos_mutex); while (qos != NULL) { nextqos = qos->next; dprintk("freeing qos entry %p\n", qos); diff --git a/net/atm/mpc.h b/net/atm/mpc.h index 454abd07651a..0536946989ad 100644 --- a/net/atm/mpc.h +++ b/net/atm/mpc.h @@ -47,8 +47,9 @@ struct atm_mpoa_qos { /* MPOA QoS operations */ struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos); -struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip); +bool atm_mpoa_get_qos(__be32 dst_ip, struct atm_qos *out); int atm_mpoa_delete_qos(struct atm_mpoa_qos *qos); +int atm_mpoa_delete_qos_by_ip(__be32 dst_ip); /* Display QoS entries. This is for the procfs */ struct seq_file; diff --git a/net/atm/mpoa_caches.c b/net/atm/mpoa_caches.c index f7a2f0e41105..30c5b10ee562 100644 --- a/net/atm/mpoa_caches.c +++ b/net/atm/mpoa_caches.c @@ -132,7 +132,6 @@ static in_cache_entry *in_cache_add_entry(__be32 dst_ip, static int cache_hit(in_cache_entry *entry, struct mpoa_client *mpc) { - struct atm_mpoa_qos *qos; struct k_message msg; entry->count++; @@ -144,9 +143,8 @@ static int cache_hit(in_cache_entry *entry, struct mpoa_client *mpc) msg.type = SND_MPOA_RES_RQST; msg.content.in_info = entry->ctrl_info; memcpy(msg.MPS_ctrl, mpc->mps_ctrl_addr, ATM_ESA_LEN); - qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip); - if (qos != NULL) - msg.qos = qos->qos; + if (!atm_mpoa_get_qos(entry->ctrl_info.in_dst_ip, &msg.qos)) + memset(&msg.qos, 0, sizeof(msg.qos)); msg_to_mpoad(&msg, mpc); entry->reply_wait = ktime_get_seconds(); entry->entry_state = INGRESS_RESOLVING; @@ -167,9 +165,8 @@ static int cache_hit(in_cache_entry *entry, struct mpoa_client *mpc) msg.type = SND_MPOA_RES_RQST; memcpy(msg.MPS_ctrl, mpc->mps_ctrl_addr, ATM_ESA_LEN); msg.content.in_info = entry->ctrl_info; - qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip); - if (qos != NULL) - msg.qos = qos->qos; + if (!atm_mpoa_get_qos(entry->ctrl_info.in_dst_ip, &msg.qos)) + memset(&msg.qos, 0, sizeof(msg.qos)); msg_to_mpoad(&msg, mpc); entry->reply_wait = ktime_get_seconds(); } @@ -249,7 +246,6 @@ static void clear_count_and_expired(struct mpoa_client *client) static void check_resolving_entries(struct mpoa_client *client) { - struct atm_mpoa_qos *qos; in_cache_entry *entry; time64_t now; struct k_message msg; @@ -283,9 +279,8 @@ static void check_resolving_entries(struct mpoa_client *client) msg.type = SND_MPOA_RES_RTRY; memcpy(msg.MPS_ctrl, client->mps_ctrl_addr, ATM_ESA_LEN); msg.content.in_info = entry->ctrl_info; - qos = atm_mpoa_search_qos(entry->ctrl_info.in_dst_ip); - if (qos != NULL) - msg.qos = qos->qos; + if (!atm_mpoa_get_qos(entry->ctrl_info.in_dst_ip, &msg.qos)) + memset(&msg.qos, 0, sizeof(msg.qos)); msg_to_mpoad(&msg, client); entry->reply_wait = ktime_get_seconds(); } diff --git a/net/atm/mpoa_proc.c b/net/atm/mpoa_proc.c index aaf64b953915..600075c6022e 100644 --- a/net/atm/mpoa_proc.c +++ b/net/atm/mpoa_proc.c @@ -254,7 +254,7 @@ static int parse_qos(const char *buff) if (sscanf(buff, "del %hhu.%hhu.%hhu.%hhu", ip, ip+1, ip+2, ip+3) == 4) { ipaddr = *(__be32 *)ip; - return atm_mpoa_delete_qos(atm_mpoa_search_qos(ipaddr)); + return atm_mpoa_delete_qos_by_ip(ipaddr); } if (sscanf(buff, "add %hhu.%hhu.%hhu.%hhu tx=%d,%d rx=tx", -- 2.39.5 (Apple Git-154)

4 days, 21 hours

1
0
0 0

[PATCH v6.12 0/4] sched: The newidle balance regression

by Ajay Kaher

This series is to backport following patches for v6.12: link: https://lore.kernel.org/lkml/20251107160645.929564468@infradead.org/ Peter Zijlstra (3): sched/fair: Revert max_newidle_lb_cost bump sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 74 +++++++++++++++++++++++----------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 +++ 6 files changed, 75 insertions(+), 23 deletions(-) -- 2.40.4

4 days, 22 hours

2
7
0 0

[PATCH net v2 1/1] atm: mpoa: Fix UAF on qos_head list in procfs

by Minseong Kim

The global QoS list 'qos_head' in net/atm/mpc.c is accessed from the /proc/net/atm/mpc procfs interface without proper synchronization. The read-side seq_file show path (mpc_show() -> atm_mpoa_disp_qos()) walks qos_head without any lock, while the write-side path (proc_mpc_write() -> parse_qos() -> atm_mpoa_delete_qos()) can unlink and kfree() entries immediately. Concurrent read/write therefore leads to a use-after-free. This risk is already called out in-tree: /* this is buggered - we need locking for qos_head */ Fix this by adding a mutex to protect all qos_head list operations. A mutex is used (instead of a spinlock) because atm_mpoa_disp_qos() invokes seq_printf(), which may sleep. KASAN report: ================================================================== [ 15.911538] BUG: KASAN: slab-use-after-free in atm_mpoa_disp_qos+0x202/0x380 [ 15.911988] Read of size 8 at addr ffff888007517380 by task mpoa_uaf_poc/89 [ 15.912123] [ 15.912717] CPU: 0 UID: 0 PID: 89 Comm: mpoa_uaf_poc Not tainted 6.17.8 #1 PREEMPT(voluntary) [ 15.912950] Hardware name: QEMU Ubuntu 25.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.913110] Call Trace: [ 15.913167] <TASK> [ 15.913247] dump_stack_lvl+0x4e/0x70 [ 15.913343] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913364] print_report+0x174/0x4f6 [ 15.913386] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 15.913412] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913430] kasan_report+0xce/0x100 [ 15.913453] ? atm_mpoa_disp_qos+0x202/0x380 [ 15.913475] atm_mpoa_disp_qos+0x202/0x380 [ 15.913496] mpc_show+0x575/0x700 [ 15.913515] ? kasan_save_track+0x14/0x30 [ 15.913532] ? __pfx_mpc_show+0x10/0x10 [ 15.913550] ? __pfx_mutex_lock+0x10/0x10 [ 15.913565] ? seq_read_iter+0x697/0x1110 [ 15.913584] seq_read_iter+0x2bc/0x1110 [ 15.913607] seq_read+0x267/0x3d0 [ 15.913623] ? __pfx_seq_read+0x10/0x10 [ 15.913650] proc_reg_read+0x1ab/0x270 [ 15.913669] vfs_read+0x175/0xa10 [ 15.913687] ? do_sys_openat2+0x103/0x170 [ 15.913701] ? kmem_cache_free+0xc4/0x360 [ 15.913718] ? getname_flags.part.0+0xf3/0x470 [ 15.913734] ? __pfx_vfs_read+0x10/0x10 [ 15.913751] ? mutex_lock+0x81/0xe0 [ 15.913766] ? __pfx_mutex_lock+0x10/0x10 [ 15.913782] ? __rseq_handle_notify_resume+0x4c4/0xac0 [ 15.913802] ? fdget_pos+0x24d/0x4b0 [ 15.913829] ksys_read+0xf7/0x1c0 [ 15.913850] ? __pfx_ksys_read+0x10/0x10 [ 15.913877] do_syscall_64+0xa4/0x290 [ 15.913917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.913981] RIP: 0033:0x45c982 [ 15.914171] Code: 08 0f 85 71 ea ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 55 48 89 e5 [ 15.914239] RSP: 002b:00007f4b2b2cb0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 15.914315] RAX: ffffffffffffffda RBX: 00007f4b2b2cc6c0 RCX: 000000000045c982 [ 15.914352] RDX: 0000000000000fff RSI: 00007f4b2b2cb220 RDI: 0000000000000014 [ 15.914382] RBP: 00007f4b2b2cb100 R08: 0000000000000000 R09: 0000000000000000 [ 15.914413] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 15.914445] R13: ffffffffffffffd0 R14: 0000000000000000 R15: 00007ffd386450c0 [ 15.914483] </TASK> [ 15.914533] [ 15.916812] Allocated by task 78: [ 15.916975] kasan_save_stack+0x30/0x50 [ 15.917047] kasan_save_track+0x14/0x30 [ 15.917105] __kasan_kmalloc+0x8f/0xa0 [ 15.917162] atm_mpoa_add_qos+0x1bb/0x3c0 [ 15.917220] parse_qos.cold+0x73/0x7d [ 15.917276] proc_mpc_write+0xf4/0x150 [ 15.917331] proc_reg_write+0x1ab/0x270 [ 15.917379] vfs_write+0x1ce/0xd30 [ 15.917431] ksys_write+0xf7/0x1c0 [ 15.917476] do_syscall_64+0xa4/0x290 [ 15.917523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.917586] [ 15.917628] Freed by task 78: [ 15.917665] kasan_save_stack+0x30/0x50 [ 15.917714] kasan_save_track+0x14/0x30 [ 15.917762] kasan_save_free_info+0x3b/0x70 [ 15.917811] __kasan_slab_free+0x3e/0x50 [ 15.918058] kfree+0x121/0x340 [ 15.918135] atm_mpoa_delete_qos+0xad/0xd0 [ 15.918196] parse_qos+0x1e5/0x1f0 [ 15.918339] proc_mpc_write+0xf4/0x150 [ 15.918438] proc_reg_write+0x1ab/0x270 [ 15.918494] vfs_write+0x1ce/0xd30 [ 15.918538] ksys_write+0xf7/0x1c0 [ 15.918589] do_syscall_64+0xa4/0x290 [ 15.918634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 15.918694] [ 15.918751] The buggy address belongs to the object at ffff888007517380 [ 15.918751] which belongs to the cache kmalloc-96 of size 96 [ 15.918911] The buggy address is located 0 bytes inside of [ 15.918911] freed 96-byte region [ffff888007517380, ffff8880075173e0) [ 15.919027] [ 15.919101] The buggy address belongs to the physical page: [ 15.919416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888007517300 pfn:0x7517 [ 15.919679] anon flags: 0x100000000000000(node=0|zone=1) [ 15.920064] page_type: f5(slab) [ 15.920361] raw: 0100000000000000 ffff888006c41280 0000000000000000 dead000000000001 [ 15.920460] raw: ffff888007517300 0000000080200007 00000000f5000000 0000000000000000 [ 15.920577] page dumped because: kasan: bad access detected [ 15.920634] [ 15.920663] Memory state around the buggy address: [ 15.920860] ffff888007517280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.920944] ffff888007517300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921017] >ffff888007517380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921088] ^ [ 15.921163] ffff888007517400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921222] ffff888007517480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 15.921313] ================================================================== Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Closes: https://lore.kernel.org/netdev/CAKrymDR1X3XTX_1ZW3XXXnuYH+kzsnv7Av5uivzR1st… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- net/atm/mpc.c | 117 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 85 insertions(+), 32 deletions(-) diff --git a/net/atm/mpc.c b/net/atm/mpc.c index f6b447bba329..c268b5f4a266 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -9,6 +9,7 @@ #include <linux/bitops.h> #include <linux/capability.h> #include <linux/seq_file.h> +#include <linux/mutex.h> /* We are an ethernet device */ #include <linux/if_ether.h> @@ -122,6 +123,7 @@ static struct notifier_block mpoa_notifier = { struct mpoa_client *mpcs = NULL; /* FIXME */ static struct atm_mpoa_qos *qos_head = NULL; +static DEFINE_MUTEX(qos_mutex); /* Protect qos_head list */ static DEFINE_TIMER(mpc_timer, mpc_cache_check); @@ -171,74 +173,120 @@ static struct mpoa_client *find_mpc_by_lec(struct net_device *dev) * Functions for managing QoS list */ +/* + * Search for a QoS entry. Caller must hold qos_mutex. + * Returns pointer to entry if found, NULL otherwise. + */ +static struct atm_mpoa_qos *__atm_mpoa_search_qos(__be32 dst_ip) +{ + struct atm_mpoa_qos *qos = qos_head; + + while (qos) { + if (qos->ipaddr == dst_ip) + return qos; + qos = qos->next; + } + return NULL; +} + +/* + * Search for a QoS entry. + * WARNING: The returned pointer is not protected. The caller must ensure + * that the entry is not freed while using it, or hold qos_mutex during use. + */ +struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) +{ + struct atm_mpoa_qos *qos; + + mutex_lock(&qos_mutex); + qos = __atm_mpoa_search_qos(dst_ip); + mutex_unlock(&qos_mutex); + + return qos; +} + /* * Overwrites the old entry or makes a new one. */ struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) { struct atm_mpoa_qos *entry; + struct atm_mpoa_qos *new; - entry = atm_mpoa_search_qos(dst_ip); - if (entry != NULL) { + /* Fast path: update existing entry */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { entry->qos = *qos; + mutex_unlock(&qos_mutex); return entry; } + mutex_unlock(&qos_mutex); - entry = kmalloc(sizeof(struct atm_mpoa_qos), GFP_KERNEL); - if (entry == NULL) { + /* Allocate outside lock */ + new = kmalloc(sizeof(*new), GFP_KERNEL); + if (!new) { pr_info("mpoa: out of memory\n"); - return entry; + return NULL; } - entry->ipaddr = dst_ip; - entry->qos = *qos; + new->ipaddr = dst_ip; + new->qos = *qos; - entry->next = qos_head; - qos_head = entry; - - return entry; -} - -struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) -{ - struct atm_mpoa_qos *qos; - - qos = qos_head; - while (qos) { - if (qos->ipaddr == dst_ip) - break; - qos = qos->next; + /* Re-check under lock to avoid duplicates */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + kfree(new); + return entry; } - return qos; + new->next = qos_head; + qos_head = new; + mutex_unlock(&qos_mutex); + + return new; } /* - * Returns 0 for failure + * Returns 0 for failure, 1 for success */ int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) { struct atm_mpoa_qos *curr; + int ret = 0; if (entry == NULL) return 0; + + mutex_lock(&qos_mutex); + if (entry == qos_head) { qos_head = qos_head->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = qos_head; - while (curr != NULL) { + while (curr) { if (curr->next == entry) { curr->next = entry->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = curr->next; } - return 0; +out: + mutex_unlock(&qos_mutex); + return ret; + +out_free: + mutex_unlock(&qos_mutex); + kfree(entry); + return ret; } /* this is buggered - we need locking for qos_head */ @@ -246,10 +294,12 @@ void atm_mpoa_disp_qos(struct seq_file *m) { struct atm_mpoa_qos *qos; - qos = qos_head; seq_printf(m, "QoS entries for shortcuts:\n"); - seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n" + " RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + mutex_lock(&qos_mutex); + qos = qos_head; while (qos != NULL) { seq_printf(m, "%pI4\n %-7d %-7d %-7d %-7d %-7d\n %-7d %-7d %-7d %-7d %-7d\n", &qos->ipaddr, @@ -265,6 +315,7 @@ void atm_mpoa_disp_qos(struct seq_file *m) qos->qos.rxtp.max_sdu); qos = qos->next; } + mutex_unlock(&qos_mutex); } static struct net_device *find_lec_by_itfnum(int itf) @@ -1521,8 +1572,10 @@ static void __exit atm_mpoa_cleanup(void) mpc = tmp; } + mutex_lock(&qos_mutex); qos = qos_head; qos_head = NULL; + mutex_unlock(&qos_mutex); while (qos != NULL) { nextqos = qos->next; dprintk("freeing qos entry %p\n", qos); -- 2.39.5 (Apple Git-154)

4 days, 22 hours

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) variable 'val' is uninitialized when passed as a const pointer arg...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- variable 'val' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] in drivers/staging/rtl8712/rtl8712_cmd.o (drivers/staging/rtl8712/rtl8712_cmd.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:5b83acc62508c670164c5fceb3079a2d7d74e154 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: d5dc97879a97b328a89ec092271faa3db9f2bff3 - tags: v6.12.59 Log excerpt: ===================================================== drivers/staging/rtl8712/rtl8712_cmd.c:148:28: error: variable 'val' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 148 | memcpy(pcmd->rsp, (u8 *)&val, pcmd->rspsz); | ^~~ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig on (arm64): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm64-allmodconfig-6924331af5b87… - dashboard: https://d.kernelci.org/build/maestro:6924331af5b8743b1f5e538f ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-arm-allmodconfig-69243317f5b8743… - dashboard: https://d.kernelci.org/build/maestro:69243317f5b8743b1f5e538c ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-i386-allmodconfig-69243353f5b874… - dashboard: https://d.kernelci.org/build/maestro:69243353f5b8743b1f5e53bf ## x86_64_defconfig+allmodconfig on (x86_64): - compiler: clang-21 - config: https://files.kernelci.org/kbuild-clang-21-x86-allmodconfig-69243323f5b8743… - dashboard: https://d.kernelci.org/build/maestro:69243323f5b8743b1f5e5395 #kernelci issue maestro:5b83acc62508c670164c5fceb3079a2d7d74e154 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

5 days, 1 hour

4
7
0 0

[PATCH AUTOSEL 6.18-6.6] iomap: adjust read range correctly for non-block-aligned positions

by Sasha Levin

From: Joanne Koong <joannelkoong(a)gmail.com> [ Upstream commit 7aa6bc3e8766990824f66ca76c19596ce10daf3e ] iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in the syzbot generated case for erofs. This causes too many bytes to be skipped for uptodate blocks, which results in returning the incorrect position and length to read in. If all the blocks are uptodate, this underflows length and returns a position beyond the folio. Fix the calculation to also take into account the block offset when calculating how many bytes can be skipped for uptodate blocks. Signed-off-by: Joanne Koong <joannelkoong(a)gmail.com> Tested-by: syzbot(a)syzkaller.appspotmail.com Reviewed-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: Now I have all the information needed for a comprehensive analysis. Let me compile my findings. --- ## COMPREHENSIVE ANALYSIS: iomap_adjust_read_range() Bug Fix ### 1. COMMIT MESSAGE ANALYSIS **Subject:** `iomap: adjust read range correctly for non-block-aligned positions` **Key Points from Message:** - The function `iomap_adjust_read_range()` **assumes block-aligned positions**, but this assumption is violated - Bug was discovered via **syzbot testing with erofs** filesystem - Causes "too many bytes to be skipped for uptodate blocks" - Results in **incorrect position and length to read** - If all blocks are uptodate: **underflows length** and **returns position beyond the folio** **Tags Analysis:** - ✅ `Tested-by: syzbot(a)syzkaller.appspotmail.com` - Automated testing confirmed - ✅ `Reviewed-by: Brian Foster <bfoster(a)redhat.com>` - Red Hat filesystem expert - ✅ `Reviewed-by: Christoph Hellwig <hch(a)lst.de>` - Major iomap author - ✅ `Signed-off-by: Christian Brauner <brauner(a)kernel.org>` - VFS maintainer - ❌ **No `Cc: stable(a)vger.kernel.org`** tag - ❌ **No `Fixes:` tag** pointing to original buggy commit ### 2. CODE CHANGE ANALYSIS **Bug Location:** `fs/iomap/buffered-io.c`, function `iomap_adjust_read_range()` **The Buggy Code (lines 246-253 before fix):** ```c for (i = first; i <= last; i++) { if (!ifs_block_is_uptodate(ifs, i)) break; *pos += block_size; // Bug: assumes pos is block-aligned poff += block_size; plen -= block_size; first++; } ``` **Technical Root Cause:** When `*pos` has a sub-block offset (e.g., `pos = 512` in a 1024-byte block): - `first = poff >> block_bits` computes the block index correctly (block 0) - But the loop skips a full `block_size` per block, ignoring the offset **Example demonstrating the bug:** - Block size: 1024 bytes - Position: 512 (half-way into block 0) - Block 0 is uptodate **Old buggy calculation:** - Skip full 1024 bytes → `pos = 1536`, overshoots by 512 bytes - `plen -= 1024` → underflows if `plen < 1024` **Fixed calculation:** ```c blocks_skipped = i - first; if (blocks_skipped) { unsigned long block_offset = *pos & (block_size - 1); // = 512 unsigned bytes_skipped = (blocks_skipped << block_bits) - block_offset; // = 1024 - 512 = 512 *pos += bytes_skipped; // Correct: pos = 1024 poff += bytes_skipped; plen -= bytes_skipped; } ``` **Consequences of the Bug:** 1. **Integer underflow**: `plen` becomes huge (wraps around as unsigned) 2. **Position beyond folio**: `*pos` can point past the folio boundary 3. **Incorrect read ranges**: Wrong data read, potential corruption 4. **Potential crashes**: Invalid memory access from bad ranges ### 3. CLASSIFICATION - **Type:** BUG FIX (arithmetic/logic error causing incorrect calculations) - **NOT:** Feature addition, cleanup, or optimization - **Severity:** HIGH - affects filesystem data integrity - **Scope:** Core iomap buffered I/O infrastructure ### 4. SCOPE AND RISK ASSESSMENT **Change Size:** - 13 insertions, 6 deletions - Single file: `fs/iomap/buffered-io.c` - Localized to one function **Risk Level:** LOW - Fix is mathematically straightforward - Does not change control flow significantly - Well-reviewed by iomap experts - Tested by syzbot **Affected Subsystem:** `fs/iomap/` - mature, widely-used infrastructure **Affected Filesystems:** Multiple major filesystems use iomap: - **XFS** - Primary enterprise Linux filesystem - **GFS2** - Cluster filesystem - **erofs** - Read-only filesystem (Android) - **zonefs** - Zoned storage filesystem - **fuse** - User-space filesystems ### 5. USER IMPACT **Who is affected?** - ALL users of XFS, GFS2, erofs, zonefs, and fuse filesystems - Particularly affects systems with: - Block sizes smaller than page size - Partial folio reads/writes at non-block-aligned offsets **How severe?** - Can cause **incorrect data reads** - Potential **data corruption** in read paths - Possible **kernel crashes** from invalid memory access - **Data integrity** issues for critical filesystems **Triggered by:** syzbot (automated fuzzing) - confirms this is a real triggerable bug ### 6. STABILITY INDICATORS - ✅ `Tested-by: syzbot` - Confirmed fix works - ✅ Two expert reviewers (Brian Foster, Christoph Hellwig) - ✅ Merged by VFS maintainer (Christian Brauner) - ⚠️ Relatively new commit (September 2025) ### 7. DEPENDENCY CHECK **Bug Origin:** Commit `9dc55f1389f95` ("iomap: add support for sub- pagesize buffered I/O without buffer heads") from **v4.19-rc1** (2018) **Dependencies for backport:** - The fix is self-contained - May need minor adaptation for older kernels: - v5.x: Uses `struct iomap_page` and pages (not folios) - v6.x: Uses `struct iomap_folio_state` and folios - Core logic remains the same across versions **Related commits:** - `8e3c15ee0d292` - Minor loop syntax change (`for` → `while`), NOT a dependency - `9d875e0eef8ec` - Related fix for unaligned END offsets (separate issue) ### 8. HISTORICAL CONTEXT The bug has existed for **~6 years** (since v4.19). It was latent because: - Most callers pass block-aligned positions - erofs triggered an edge case with non-aligned positions - syzbot's extensive testing exposed it The original code assumed callers would always pass block-aligned positions, which is a reasonable assumption violated in specific edge cases. --- ## BACKPORT RECOMMENDATION ### Arguments FOR backporting: 1. **Fixes a real bug** discovered by automated testing (syzbot) 2. **Affects critical filesystems** (XFS, GFS2) used in production 3. **Small, surgical fix** - 13 lines added, 6 removed 4. **Low regression risk** - mathematically correct fix 5. **Expert-reviewed** by iomap maintainers 6. **Bug existed since v4.19** - all stable trees are affected 7. **Can cause data integrity issues** - serious for a filesystem bug ### Arguments AGAINST backporting: 1. **No `Cc: stable` tag** - maintainers didn't explicitly request backport 2. **No `Fixes:` tag** - doesn't identify the buggy commit 3. **Relatively new commit** - hasn't had extensive mainline testing yet 4. **Needs adaptation** for older kernels (page vs folio APIs) ### Conclusion: Despite the missing stable tags, this commit should be backported because: - It fixes a **real, triggerable bug** found by syzbot - The bug can cause **incorrect data reads and potential corruption** - It affects **major filesystems** (XFS, GFS2) used in production environments - The fix is **small, contained, and well-reviewed** - The **risk of NOT fixing** (data corruption) outweighs the risk of the fix (minimal) The absence of `Cc: stable` may be an oversight, as this clearly meets stable criteria. **YES** fs/iomap/buffered-io.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index 8b847a1e27f13..1c95a0a7b302d 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -240,17 +240,24 @@ static void iomap_adjust_read_range(struct inode *inode, struct folio *folio, * to avoid reading in already uptodate ranges. */ if (ifs) { - unsigned int i; + unsigned int i, blocks_skipped; /* move forward for each leading block marked uptodate */ - for (i = first; i <= last; i++) { + for (i = first; i <= last; i++) if (!ifs_block_is_uptodate(ifs, i)) break; - *pos += block_size; - poff += block_size; - plen -= block_size; - first++; + + blocks_skipped = i - first; + if (blocks_skipped) { + unsigned long block_offset = *pos & (block_size - 1); + unsigned bytes_skipped = + (blocks_skipped << block_bits) - block_offset; + + *pos += bytes_skipped; + poff += bytes_skipped; + plen -= bytes_skipped; } + first = i; /* truncate len if we find any trailing uptodate block(s) */ while (++i <= last) { -- 2.51.0

5 days, 4 hours

2
1
0 0

[PATCH] cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB1

by David Howells

If a DIO read or an unbuffered read request extends beyond the EOF, the server will return a short read and a status code indicating that EOF was hit, which gets translated to -ENODATA. Note that the client does not cap the request at i_size, but asks for the amount requested in case there's a race on the server with a third party. Now, on the client side, the request will get split into multiple subrequests if rsize is smaller than the full request size. A subrequest that starts before or at the EOF and returns short data up to the EOF will be correctly handled, with the NETFS_SREQ_HIT_EOF flag being set, indicating to netfslib that we can't read more. If a subrequest, however, starts after the EOF and not at it, HIT_EOF will not be flagged, its error will be set to -ENODATA and it will be abandoned. This will cause the request as a whole to fail with -ENODATA. Fix this by setting NETFS_SREQ_HIT_EOF on any subrequest that lies beyond the EOF marker. This can be reproduced by mounting with "cache=none,sign,vers=1.0" and doing a read of a file that's significantly bigger than the size of the file (e.g. attempting to read 64KiB from a 16KiB file). Fixes: a68c74865f51 ("cifs: Fix SMB1 readv/writev callback in the same way as SMB2/3") Signed-off-by: David Howells <dhowells(a)redhat.com> cc: Steve French <sfrench(a)samba.org> cc: Paulo Alcantara <pc(a)manguebit.org> cc: Shyam Prasad N <sprasad(a)microsoft.com> cc: linux-cifs(a)vger.kernel.org cc: netfs(a)lists.linux.dev cc: linux-fsdevel(a)vger.kernel.org --- fs/smb/client/cifssmb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c index 645831708e1b..1871d2c1a8e0 100644 --- a/fs/smb/client/cifssmb.c +++ b/fs/smb/client/cifssmb.c @@ -1395,7 +1395,7 @@ cifs_readv_callback(struct mid_q_entry *mid) } else { size_t trans = rdata->subreq.transferred + rdata->got_bytes; if (trans < rdata->subreq.len && - rdata->subreq.start + trans == ictx->remote_i_size) { + rdata->subreq.start + trans >= ictx->remote_i_size) { rdata->result = 0; __set_bit(NETFS_SREQ_HIT_EOF, &rdata->subreq.flags); } else if (rdata->got_bytes > 0) {

5 days, 4 hours

4
8
0 0

[PATCH v4] dmaengine: fsl-edma: Fix clk leak on alloc_chan_resources failure

by Zhen Ni

When fsl_edma_alloc_chan_resources() fails after clk_prepare_enable(), the error paths only free IRQs and destroy the TCD pool, but forget to call clk_disable_unprepare(). This causes the channel clock to remain enabled, leaking power and resources. Fix it by disabling the channel clock in the error unwind path. Fixes: d8d4355861d8 ("dmaengine: fsl-edma: add i.MX8ULP edma support") Cc: stable(a)vger.kernel.org Suggested-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Zhen Ni <zhen.ni(a)easystack.cn> --- Changes in v2: - Remove FSL_EDMA_DRV_HAS_CHCLK check Changes in v3: - Remove cleanup Changes in v4: - Re-send as a new thread --- drivers/dma/fsl-edma-common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/dma/fsl-edma-common.c b/drivers/dma/fsl-edma-common.c index 4976d7dde080..11655dcc4d6c 100644 --- a/drivers/dma/fsl-edma-common.c +++ b/drivers/dma/fsl-edma-common.c @@ -852,6 +852,7 @@ int fsl_edma_alloc_chan_resources(struct dma_chan *chan) free_irq(fsl_chan->txirq, fsl_chan); err_txirq: dma_pool_destroy(fsl_chan->tcd_pool); + clk_disable_unprepare(fsl_chan->clk); return ret; } -- 2.20.1

5 days, 5 hours

2
2
0 0

[PATCH AUTOSEL 6.18-6.1] perf/x86/amd: Check event before enable to avoid GPF

by Sasha Levin

From: George Kennedy <george.kennedy(a)oracle.com> [ Upstream commit 866cf36bfee4fba6a492d2dcc5133f857e3446b0 ] On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86_pmu_stop(). Check event for NULL in amd_pmu_enable_all() before enable to avoid a GPF. This appears to be an AMD only issue. Syzkaller reported a GPF in amd_pmu_enable_all. INFO: NMI handler (perf_event_nmi_handler) took too long to run: 13.143 msecs Oops: general protection fault, probably for non-canonical address 0xdffffc0000000034: 0000 PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000001a0-0x00000000000001a7] CPU: 0 UID: 0 PID: 328415 Comm: repro_36674776 Not tainted 6.12.0-rc1-syzk RIP: 0010:x86_pmu_enable_event (arch/x86/events/perf_event.h:1195 arch/x86/events/core.c:1430) RSP: 0018:ffff888118009d60 EFLAGS: 00010012 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000034 RSI: 0000000000000000 RDI: 00000000000001a0 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 R13: ffff88811802a440 R14: ffff88811802a240 R15: ffff8881132d8601 FS: 00007f097dfaa700(0000) GS:ffff888118000000(0000) GS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c0 CR3: 0000000103d56000 CR4: 00000000000006f0 Call Trace: <IRQ> amd_pmu_enable_all (arch/x86/events/amd/core.c:760 (discriminator 2)) x86_pmu_enable (arch/x86/events/core.c:1360) event_sched_out (kernel/events/core.c:1191 kernel/events/core.c:1186 kernel/events/core.c:2346) __perf_remove_from_context (kernel/events/core.c:2435) event_function (kernel/events/core.c:259) remote_function (kernel/events/core.c:92 (discriminator 1) kernel/events/core.c:72 (discriminator 1)) __flush_smp_call_function_queue (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/csd.h:64 kernel/smp.c:135 kernel/smp.c:540) __sysvec_call_function_single (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./arch/x86/include/asm/trace/irq_vectors.h:99 arch/x86/kernel/smp.c:272) sysvec_call_function_single (arch/x86/kernel/smp.c:266 (discriminator 47) arch/x86/kernel/smp.c:266 (discriminator 47)) </IRQ> Reported-by: syzkaller <syzkaller(a)googlegroups.com> Signed-off-by: George Kennedy <george.kennedy(a)oracle.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: Now I have a complete understanding of this commit. Let me provide a comprehensive analysis. --- ## COMPREHENSIVE ANALYSIS: perf/x86/amd: Check event before enable to avoid GPF ### 1. COMMIT MESSAGE ANALYSIS **Subject:** "perf/x86/amd: Check event before enable to avoid GPF" **Key indicators in the commit message:** - **"GPF" (General Protection Fault)**: A serious kernel crash/oops - critical bug - **"race condition"**: Real bug, not theoretical - found and triggered - **"Syzkaller reported"**: Kernel fuzzer found a reproducible issue - **"Reported-by: syzkaller"**: Confirms the bug is triggerable - **"Signed-off-by: Peter Zijlstra (Intel)"**: Reviewed and signed by top perf maintainer **Missing tags:** - No "Fixes:" tag pointing to the original buggy commit - No "Cc: stable(a)vger.kernel.org" tag ### 2. CODE CHANGE ANALYSIS **The Bug Mechanism:** The race condition occurs between two code paths: **Path 1 - Normal enable path:** ```c // In amd_pmu_enable_all() for_each_set_bit(idx, x86_pmu.cntr_mask, X86_PMC_IDX_MAX) { if (!test_bit(idx, cpuc->active_mask)) // Check 1 continue; amd_pmu_enable_event(cpuc->events[idx]); // Dereference } ``` **Path 2 - NMI throttle path:** ```c // In x86_pmu_stop() called from NMI->throttle if (test_bit(hwc->idx, cpuc->active_mask)) { __clear_bit(hwc->idx, cpuc->active_mask); // Clear bit cpuc->events[hwc->idx] = NULL; // Set to NULL ... } ``` **The Race:** 1. CPU executes `amd_pmu_enable_all()` during an IPI (`remote_function`/`event_function`) 2. Code passes `test_bit(idx, cpuc->active_mask)` check ✓ 3. **NMI fires** before `cpuc->events[idx]` is read 4. NMI handler throttles an event → calls `x86_pmu_stop()` 5. `x86_pmu_stop()` clears `active_mask` bit AND sets `cpuc->events[idx] = NULL` 6. NMI returns 7. Original code tries to dereference `cpuc->events[idx]` → **NULL pointer dereference → GPF** **The Fix:** ```c // After the fix if (!test_bit(idx, cpuc->active_mask)) continue; /* FIXME: cpuc->events[idx] can become NULL in a subtle race - condition with NMI->throttle->x86_pmu_stop(). */ if (cpuc->events[idx]) amd_pmu_enable_event(cpuc->events[idx]); ``` The fix adds a simple NULL check before dereferencing the pointer. The "FIXME" comment acknowledges this is a workaround for a deeper architectural issue in the event lifecycle, but is correct and safe. ### 3. CLASSIFICATION | Criterion | Assessment | |-----------|------------| | Type | **Bug fix** - NULL pointer dereference causing kernel crash | | Severity | **High** - Causes kernel oops/GPF | | Category | Not a new feature, device ID, quirk, or DT update | | Security | Not explicitly a CVE, but denial-of-service via crash | ### 4. SCOPE AND RISK ASSESSMENT **Change Statistics:** - **Lines changed:** 6 added, 1 removed (+5 net) - **Files affected:** 1 (`arch/x86/events/amd/core.c`) - **Functions modified:** 1 (`amd_pmu_enable_all()`) **Risk Assessment:** - **Very Low Risk**: Adding a NULL check is the most conservative possible fix - **No behavior change**: If event is valid, same behavior; if NULL, safely skipped - **Cannot cause regressions**: A NULL check cannot break working code - **Isolated to AMD**: Only affects AMD PMU code path, not Intel or other architectures **Affected Subsystem:** - `arch/x86/events/amd/` - AMD Performance Monitoring Unit (PMU) - Mature subsystem, present since v5.19 ### 5. USER IMPACT **Who is affected:** - All AMD CPU users running performance monitoring (`perf`) - Enterprise users, cloud providers with AMD servers - Developers using perf for profiling **Severity:** - **Kernel crash (oops)** - System becomes unstable or halts - Reproducible via syzkaller, meaning users can hit this in real workloads **Trigger conditions:** - Using perf events on AMD CPUs - High frequency of events causing throttling - SMP systems with IPI-based event functions ### 6. STABILITY INDICATORS | Indicator | Status | |-----------|--------| | Tested by syzkaller | Yes (reported and reproduced) | | Maintainer sign-off | Peter Zijlstra (top perf maintainer) | | Tested-by tag | Not present | | Time in mainline | In v6.18-rc1/v6.18 | ### 7. DEPENDENCY CHECK **Dependencies:** None - The fix is self-contained - Does not require any other patches - The affected function `amd_pmu_enable_all()` exists in all kernels since v5.19 **Original buggy commit:** - `ada543459cab7f` "perf/x86/amd: Add AMD Fam19h Branch Sampling support" (March 2022) - Present in v5.19 and later - All stable trees from 5.19+ are affected **Backport feasibility:** - Clean apply expected - the code structure is unchanged - The `for_each_set_bit` macro and surrounding code are stable - Minor adjustment may be needed for `x86_pmu.cntr_mask` vs older API ### 8. HISTORICAL CONTEXT The original bug was introduced in commit `ada543459cab7f` dated April 2022 (v5.19-rc1), when the `amd_pmu_enable_all()` function was added as part of AMD Branch Sampling support. The race condition has been latent since then, only now caught by syzkaller fuzzing. ### 9. SUMMARY | Criterion | Verdict | |-----------|---------| | Fixes real bug | ✅ Yes - NULL pointer dereference crash | | Affects users | ✅ Yes - Any AMD perf user | | Small and contained | ✅ Yes - 6 lines, 1 file | | Obviously correct | ✅ Yes - Simple NULL check | | No new features | ✅ Yes - Pure bug fix | | Low regression risk | ✅ Yes - Cannot break anything | | No dependencies | ✅ Yes - Self-contained | | Maintainer approved | ✅ Yes - Peter Zijlstra signed | ### CONCLUSION This commit **should be backported** to stable kernel trees. It fixes a real, reproducible kernel crash (GPF/oops) caused by a NULL pointer dereference in AMD PMU code. The fix is minimal (6 lines), obviously correct (simple NULL check), and carries essentially zero regression risk. The bug affects all AMD users running perf since kernel v5.19. The lack of explicit `Cc: stable(a)vger.kernel.org` and `Fixes:` tags appears to be an oversight given the clear bug-fix nature of this commit. The fix meets all stable kernel criteria: 1. Obviously correct and tested (syzkaller) 2. Fixes a real bug that affects users (kernel crash) 3. Fixes an important issue (system crash) 4. Small and contained (6 lines in 1 file) 5. Does not introduce new features **YES** arch/x86/events/amd/core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index b20661b8621d1..8868f5f5379ba 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -763,7 +763,12 @@ static void amd_pmu_enable_all(int added) if (!test_bit(idx, cpuc->active_mask)) continue; - amd_pmu_enable_event(cpuc->events[idx]); + /* + * FIXME: cpuc->events[idx] can become NULL in a subtle race + * condition with NMI->throttle->x86_pmu_stop(). + */ + if (cpuc->events[idx]) + amd_pmu_enable_event(cpuc->events[idx]); } } -- 2.51.0

5 days, 7 hours

1
3
0 0

Bug: Performance regression in 1013af4f585f: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

by Uschakow, Stanislav

Hello. We have observed a huge latency increase using `fork()` after ingesting the CVE-2025-38085 fix which leads to the commit `1013af4f585f: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race`. On large machines with 1.5TB of memory with 196 cores, we identified mmapping of 1.2TB of shared memory and forking itself dozens or hundreds of times we see a increase of execution times of a factor of 4. The reproducer is at the end of the email. Comparing the a kernel without this patch with a kernel with this patch applied when spawning 1000 children we see those execution times: Patched kernel: $ time make stress ... real 0m11.275s user 0m0.177s sys 0m23.905s Original kernel : $ time make stress ...real 0m2.475s user 0m1.398s sys 0m2.501s The patch in question: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… My observation/assumption is: each child touches 100 random pages and despawns on each despawn `huge_pmd_unshare()` is called each call to `huge_pmd_unshare()` syncrhonizes all threads using `tlb_remove_table_sync_one()` leading to the regression I'm happy to provide more information. Thank you Stanislav Uschakow === Reproducer === Setup: #!/bin/bash echo "Setting up hugepages for reproduction..." # hugepages (1.2TB / 2MB = 614400 pages) REQUIRED_PAGES=614400 # Check current hugepage allocation CURRENT_PAGES=$(cat /proc/sys/vm/nr_hugepages) echo "Current hugepages: $CURRENT_PAGES" if [ "$CURRENT_PAGES" -lt "$REQUIRED_PAGES" ]; then echo "Allocating $REQUIRED_PAGES hugepages..." echo $REQUIRED_PAGES | sudo tee /proc/sys/vm/nr_hugepages ALLOCATED=$(cat /proc/sys/vm/nr_hugepages) echo "Allocated hugepages: $ALLOCATED" if [ "$ALLOCATED" -lt "$REQUIRED_PAGES" ]; then echo "Warning: Could not allocate all required hugepages" echo "Available: $ALLOCATED, Required: $REQUIRED_PAGES" fi fi echo never | sudo tee /sys/kernel/mm/transparent_hugepage/enabled echo -e "\nHugepage information:" cat /proc/meminfo | grep -i huge echo -e "\nSetup complete. You can now run the reproduction test." Makefile: CXX = gcc CXXFLAGS = -O2 -Wall TARGET = hugepage_repro SOURCE = hugepage_repro.c $(TARGET): $(SOURCE) $(CXX) $(CXXFLAGS) -o $(TARGET) $(SOURCE) clean: rm -f $(TARGET) setup: chmod +x setup_hugepages.sh ./setup_hugepages.sh test: $(TARGET) ./$(TARGET) 20 3 stress: $(TARGET) ./$(TARGET) 1000 1 .PHONY: clean setup test stress hugepage_repro.c: #include <sys/mman.h> #include <sys/wait.h> #include <unistd.h> #include <stdlib.h> #include <string.h> #include <time.h> #include <stdio.h> #define HUGEPAGE_SIZE (2 * 1024 * 1024) // 2MB #define TOTAL_SIZE (1200ULL * 1024 * 1024 * 1024) // 1.2TB #define NUM_HUGEPAGES (TOTAL_SIZE / HUGEPAGE_SIZE) void* create_hugepage_mapping() { void* addr = mmap(NULL, TOTAL_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB, -1, 0); if (addr == MAP_FAILED) { perror("mmap hugepages failed"); exit(1); } return addr; } void touch_random_pages(void* addr, int num_touches) { char* base = (char*)addr; for (int i = 0; i < num_touches; ++i) { size_t offset = (rand() % NUM_HUGEPAGES) * HUGEPAGE_SIZE; volatile char val = base[offset]; (void)val; } } void child_process(void* shared_mem, int child_id) { struct timespec start, end; clock_gettime(CLOCK_MONOTONIC, &start); touch_random_pages(shared_mem, 100); clock_gettime(CLOCK_MONOTONIC, &end); long duration = (end.tv_sec - start.tv_sec) * 1000000 + (end.tv_nsec - start.tv_nsec) / 1000; printf("Child %d completed in %ld μs\n", child_id, duration); } int main(int argc, char* argv[]) { int num_processes = argc > 1 ? atoi(argv[1]) : 50; int iterations = argc > 2 ? atoi(argv[2]) : 5; printf("Creating %lluGB hugepage mapping...\n", TOTAL_SIZE / (1024*1024*1024)); void* shared_mem = create_hugepage_mapping(); for (int iter = 0; iter < iterations; ++iter) { printf("\nIteration %d: Forking %d processes\n", iter + 1, num_processes); pid_t children[num_processes]; struct timespec iter_start, iter_end; clock_gettime(CLOCK_MONOTONIC, &iter_start); for (int i = 0; i < num_processes; ++i) { pid_t pid = fork(); if (pid == 0) { child_process(shared_mem, i); exit(0); } else if (pid > 0) { children[i] = pid; } } for (int i = 0; i < num_processes; ++i) { waitpid(children[i], NULL, 0); } clock_gettime(CLOCK_MONOTONIC, &iter_end); long iter_duration = (iter_end.tv_sec - iter_start.tv_sec) * 1000 + (iter_end.tv_nsec - iter_start.tv_nsec) / 1000000; printf("Iteration completed in %ld ms\n", iter_duration); } munmap(shared_mem, TOTAL_SIZE); return 0; } Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

5 days, 7 hours

6
34
0 0

FAILED: patch "[PATCH] KVM: nSVM: Fix and simplify LBR virtualization handling with" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8a4821412cf2c1429fffa07c012dd150f2edf78c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112059-labrador-contently-dd98@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8a4821412cf2c1429fffa07c012dd150f2edf78c Mon Sep 17 00:00:00 2001 From: Yosry Ahmed <yosry.ahmed(a)linux.dev> Date: Sat, 8 Nov 2025 00:45:21 +0000 Subject: [PATCH] KVM: nSVM: Fix and simplify LBR virtualization handling with nested The current scheme for handling LBRV when nested is used is very complicated, especially when L1 does not enable LBRV (i.e. does not set LBR_CTL_ENABLE_MASK). To avoid copying LBRs between VMCB01 and VMCB02 on every nested transition, the current implementation switches between using VMCB01 or VMCB02 as the source of truth for the LBRs while L2 is running. If L2 enables LBR, VMCB02 is used as the source of truth. When L2 disables LBR, the LBRs are copied to VMCB01 and VMCB01 is used as the source of truth. This introduces significant complexity, and incorrect behavior in some cases. For example, on a nested #VMEXIT, the LBRs are only copied from VMCB02 to VMCB01 if LBRV is enabled in VMCB01. This is because L2's writes to MSR_IA32_DEBUGCTLMSR to enable LBR are intercepted and propagated to VMCB01 instead of VMCB02. However, LBRV is only enabled in VMCB02 when L2 is running. This means that if L2 enables LBR and exits to L1, the LBRs will not be propagated from VMCB02 to VMCB01, because LBRV is disabled in VMCB01. There is no meaningful difference in CPUID rate in L2 when copying LBRs on every nested transition vs. the current approach, so do the simple and correct thing and always copy LBRs between VMCB01 and VMCB02 on nested transitions (when LBRV is disabled by L1). Drop the conditional LBRs copying in __svm_{enable/disable}_lbrv() as it is now unnecessary. VMCB02 becomes the only source of truth for LBRs when L2 is running, regardless of LBRV being enabled by L1, drop svm_get_lbr_vmcb() and use svm->vmcb directly in its place. Fixes: 1d5a1b5860ed ("KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running") Cc: stable(a)vger.kernel.org Signed-off-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> Link: https://patch.msgid.link/20251108004524.1600006-4-yosry.ahmed@linux.dev Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index a6443feab252..da6e80b3ac35 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -677,11 +677,10 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 */ svm_copy_lbrs(vmcb02, vmcb12); vmcb02->save.dbgctl &= ~DEBUGCTL_RESERVED_BITS; - svm_update_lbrv(&svm->vcpu); - - } else if (unlikely(vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK)) { + } else { svm_copy_lbrs(vmcb02, vmcb01); } + svm_update_lbrv(&svm->vcpu); } static inline bool is_evtinj_soft(u32 evtinj) @@ -833,11 +832,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, svm->soft_int_next_rip = vmcb12_rip; } - vmcb02->control.virt_ext = vmcb01->control.virt_ext & - LBR_CTL_ENABLE_MASK; - if (guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV)) - vmcb02->control.virt_ext |= - (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK); + /* LBR_CTL_ENABLE_MASK is controlled by svm_update_lbrv() */ if (!nested_vmcb_needs_vls_intercept(svm)) vmcb02->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; @@ -1189,13 +1184,12 @@ int nested_svm_vmexit(struct vcpu_svm *svm) kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); if (unlikely(guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV) && - (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { + (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) svm_copy_lbrs(vmcb12, vmcb02); - svm_update_lbrv(vcpu); - } else if (unlikely(vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK)) { + else svm_copy_lbrs(vmcb01, vmcb02); - svm_update_lbrv(vcpu); - } + + svm_update_lbrv(vcpu); if (vnmi) { if (vmcb02->control.int_ctl & V_NMI_BLOCKING_MASK) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 53201f13a43c..10c21e4c5406 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -808,13 +808,7 @@ void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb) static void __svm_enable_lbrv(struct kvm_vcpu *vcpu) { - struct vcpu_svm *svm = to_svm(vcpu); - - svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK; - - /* Move the LBR msrs to the vmcb02 so that the guest can see them. */ - if (is_guest_mode(vcpu)) - svm_copy_lbrs(svm->vmcb, svm->vmcb01.ptr); + to_svm(vcpu)->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK; } void svm_enable_lbrv(struct kvm_vcpu *vcpu) @@ -825,35 +819,15 @@ void svm_enable_lbrv(struct kvm_vcpu *vcpu) static void __svm_disable_lbrv(struct kvm_vcpu *vcpu) { - struct vcpu_svm *svm = to_svm(vcpu); - KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm); - svm->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK; - - /* - * Move the LBR msrs back to the vmcb01 to avoid copying them - * on nested guest entries. - */ - if (is_guest_mode(vcpu)) - svm_copy_lbrs(svm->vmcb01.ptr, svm->vmcb); -} - -static struct vmcb *svm_get_lbr_vmcb(struct vcpu_svm *svm) -{ - /* - * If LBR virtualization is disabled, the LBR MSRs are always kept in - * vmcb01. If LBR virtualization is enabled and L1 is running VMs of - * its own, the MSRs are moved between vmcb01 and vmcb02 as needed. - */ - return svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK ? svm->vmcb : - svm->vmcb01.ptr; + to_svm(vcpu)->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK; } void svm_update_lbrv(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); bool current_enable_lbrv = svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK; - bool enable_lbrv = (svm_get_lbr_vmcb(svm)->save.dbgctl & DEBUGCTLMSR_LBR) || + bool enable_lbrv = (svm->vmcb->save.dbgctl & DEBUGCTLMSR_LBR) || (is_guest_mode(vcpu) && guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV) && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK)); @@ -2733,19 +2707,19 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = svm->tsc_aux; break; case MSR_IA32_DEBUGCTLMSR: - msr_info->data = svm_get_lbr_vmcb(svm)->save.dbgctl; + msr_info->data = svm->vmcb->save.dbgctl; break; case MSR_IA32_LASTBRANCHFROMIP: - msr_info->data = svm_get_lbr_vmcb(svm)->save.br_from; + msr_info->data = svm->vmcb->save.br_from; break; case MSR_IA32_LASTBRANCHTOIP: - msr_info->data = svm_get_lbr_vmcb(svm)->save.br_to; + msr_info->data = svm->vmcb->save.br_to; break; case MSR_IA32_LASTINTFROMIP: - msr_info->data = svm_get_lbr_vmcb(svm)->save.last_excp_from; + msr_info->data = svm->vmcb->save.last_excp_from; break; case MSR_IA32_LASTINTTOIP: - msr_info->data = svm_get_lbr_vmcb(svm)->save.last_excp_to; + msr_info->data = svm->vmcb->save.last_excp_to; break; case MSR_VM_HSAVE_PA: msr_info->data = svm->nested.hsave_msr; @@ -3013,10 +2987,10 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) if (data & DEBUGCTL_RESERVED_BITS) return 1; - if (svm_get_lbr_vmcb(svm)->save.dbgctl == data) + if (svm->vmcb->save.dbgctl == data) break; - svm_get_lbr_vmcb(svm)->save.dbgctl = data; + svm->vmcb->save.dbgctl = data; vmcb_mark_dirty(svm->vmcb, VMCB_LBR); svm_update_lbrv(vcpu); break;

5 days, 8 hours

2
4
0 0

[to-be-updated] mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN has been removed from the -mm tree. Its filename was mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Jiayuan Chen <jiayuan.chen(a)linux.dev> Subject: mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN Date: Fri, 28 Nov 2025 19:15:14 +0800 Syzkaller reported a memory out-of-bounds bug [1]. This patch fixes two issues: 1. In vrealloc, we were missing the KASAN_VMALLOC_VM_ALLOC flag when unpoisoning the extended region. This flag is required to correctly associate the allocation with KASAN's vmalloc tracking. Note: In contrast, vzalloc (via __vmalloc_node_range_noprof) explicitly sets KASAN_VMALLOC_VM_ALLOC and calls kasan_unpoison_vmalloc() with it. vrealloc must behave consistently �� especially when reusing existing vmalloc regions �� to ensure KASAN can track allocations correctly. 2. When vrealloc reuses an existing vmalloc region (without allocating new pages), KASAN previously generated a new tag, which broke tag-based memory access tracking. We now add a 'reuse_tag' parameter to __kasan_unpoison_vmalloc() to preserve the original tag in such cases. A new helper kasan_unpoison_vralloc() is introduced to handle this reuse scenario, ensuring consistent tag behavior during reallocation. Link: https://lkml.kernel.org/r/20251128111516.244497-1-jiayuan.chen@linux.dev Link: https://syzkaller.appspot.com/bug?extid=997752115a851cb0cf36 [1] Fixes: a0309faf1cb0 ("mm: vmalloc: support more granular vrealloc() sizing") Signed-off-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Reported-by: syzbot+997752115a851cb0cf36(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68e243a2.050a0220.1696c6.007d.GAE@google.com/T/ Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 21 +++++++++++++++++++-- mm/kasan/hw_tags.c | 4 ++-- mm/kasan/shadow.c | 6 ++++-- mm/vmalloc.c | 4 ++-- 4 files changed, 27 insertions(+), 8 deletions(-) --- a/include/linux/kasan.h~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/include/linux/kasan.h @@ -596,13 +596,23 @@ static inline void kasan_release_vmalloc #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags); + kasan_vmalloc_flags_t flags, bool reuse_tag); + +static __always_inline void *kasan_unpoison_vrealloc(const void *start, + unsigned long size, + kasan_vmalloc_flags_t flags) +{ + if (kasan_enabled()) + return __kasan_unpoison_vmalloc(start, size, flags, true); + return (void *)start; +} + static __always_inline void *kasan_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) { if (kasan_enabled()) - return __kasan_unpoison_vmalloc(start, size, flags); + return __kasan_unpoison_vmalloc(start, size, flags, false); return (void *)start; } @@ -629,6 +639,13 @@ static inline void kasan_release_vmalloc unsigned long free_region_end, unsigned long flags) { } +static inline void *kasan_unpoison_vrealloc(const void *start, + unsigned long size, + kasan_vmalloc_flags_t flags) +{ + return (void *)start; +} + static inline void *kasan_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) --- a/mm/kasan/hw_tags.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/kasan/hw_tags.c @@ -317,7 +317,7 @@ static void init_vmalloc_pages(const voi } void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, bool reuse_tag) { u8 tag; unsigned long redzone_start, redzone_size; @@ -361,7 +361,7 @@ void *__kasan_unpoison_vmalloc(const voi return (void *)start; } - tag = kasan_random_tag(); + tag = reuse_tag ? get_tag(start) : kasan_random_tag(); start = set_tag(start, tag); /* Unpoison and initialize memory up to size. */ --- a/mm/kasan/shadow.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/kasan/shadow.c @@ -625,7 +625,7 @@ void kasan_release_vmalloc(unsigned long } void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) + kasan_vmalloc_flags_t flags, bool reuse_tag) { /* * Software KASAN modes unpoison both VM_ALLOC and non-VM_ALLOC @@ -648,7 +648,9 @@ void *__kasan_unpoison_vmalloc(const voi !(flags & KASAN_VMALLOC_PROT_NORMAL)) return (void *)start; - start = set_tag(start, kasan_random_tag()); + if (!reuse_tag) + start = set_tag(start, kasan_random_tag()); + kasan_unpoison(start, size, false); return (void *)start; } --- a/mm/vmalloc.c~mm-kasan-fix-incorrect-unpoisoning-in-vrealloc-for-kasan +++ a/mm/vmalloc.c @@ -4175,8 +4175,8 @@ void *vrealloc_node_align_noprof(const v * We already have the bytes available in the allocation; use them. */ if (size <= alloced_size) { - kasan_unpoison_vmalloc(p + old_size, size - old_size, - KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vrealloc(p, size, + KASAN_VMALLOC_PROT_NORMAL | KASAN_VMALLOC_VM_ALLOC); /* * No need to zero memory here, as unused memory will have * already been zeroed at initial allocation time or during _ Patches currently in -mm which might be from jiayuan.chen(a)linux.dev are

5 days, 10 hours

1
0
0 0

[report] Performance regressions introduced via "cpuidle: menu: Remove iowait influence" on 6.12.y

by ALOK TIWARI

Hi, I’m reporting a performance regression of up to 6% sequential I/O vdbench regression observed on 6.12.y kernel. While running performance benchmarks on v6.12.60 kernel the sequential I/O vdbench metrics are showing a 5-6% performance regression when compared to v6.12.48 Bisect root cause commit ======================== - commit b39b62075ab4 ("cpuidle: menu: Remove iowait influence") Things work fine again when the previously removed performance-multiplier code is added back. Test details ============ The system is connected to a number of disks in disk array using multipathing and directio configuration in the vdbench profile. wd=wd1,sd=sd*,rdpct=0,seekpct=sequential,xfersize=128k rd=128k64T,wd=wd1,iorate=max,elapsed=600,interval=1,warmup=300,threads=64 Thanks, Alok

5 days, 10 hours

1
0
0 0

[PATCH 6.1] softirq: Add trace points for tasklet entry/exit

by Sumanth Gavini

commit f4bf3ca2e5cba655824b6e0893a98dfb33ed24e5 upstream. Tasklets are supposed to finish their work quickly and should not block the current running process, but it is not guaranteed that they do so. Currently softirq_entry/exit can be used to analyse the total tasklets execution time, but that's not helpful to track individual tasklets execution time. That makes it hard to identify tasklet functions, which take more time than expected. Add tasklet_entry/exit trace point support to track individual tasklet execution. Trivial usage example: # echo 1 > /sys/kernel/debug/tracing/events/irq/tasklet_entry/enable # echo 1 > /sys/kernel/debug/tracing/events/irq/tasklet_exit/enable # cat /sys/kernel/debug/tracing/trace # tracer: nop # # entries-in-buffer/entries-written: 4/4 #P:4 # # _-----=> irqs-off/BH-disabled # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / _-=> migrate-disable # |||| / delay # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | <idle>-0 [003] ..s1. 314.011428: tasklet_entry: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func <idle>-0 [003] ..s1. 314.011432: tasklet_exit: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func <idle>-0 [003] ..s1. 314.017369: tasklet_entry: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func <idle>-0 [003] ..s1. 314.017371: tasklet_exit: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func Signed-off-by: Lingutla Chandrasekhar <clingutla(a)codeaurora.org> Signed-off-by: J. Avila <elavila(a)google.com> Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Link: https://lore.kernel.org/r/20230407230526.1685443-1-jstultz@google.com [elavila: Port to android-mainline] [jstultz: Rebased to upstream, cut unused trace points, added comments for the tracepoints, reworded commit] Signed-off-by: Sumanth Gavini <sumanth.gavini(a)yahoo.com> --- include/trace/events/irq.h | 47 ++++++++++++++++++++++++++++++++++++++ kernel/softirq.c | 9 ++++++-- 2 files changed, 54 insertions(+), 2 deletions(-) diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h index eeceafaaea4c..a07b4607b663 100644 --- a/include/trace/events/irq.h +++ b/include/trace/events/irq.h @@ -160,6 +160,53 @@ DEFINE_EVENT(softirq, softirq_raise, TP_ARGS(vec_nr) ); +DECLARE_EVENT_CLASS(tasklet, + + TP_PROTO(struct tasklet_struct *t, void *func), + + TP_ARGS(t, func), + + TP_STRUCT__entry( + __field( void *, tasklet) + __field( void *, func) + ), + + TP_fast_assign( + __entry->tasklet = t; + __entry->func = func; + ), + + TP_printk("tasklet=%ps function=%ps", __entry->tasklet, __entry->func) +); + +/** + * tasklet_entry - called immediately before the tasklet is run + * @t: tasklet pointer + * @func: tasklet callback or function being run + * + * Used to find individual tasklet execution time + */ +DEFINE_EVENT(tasklet, tasklet_entry, + + TP_PROTO(struct tasklet_struct *t, void *func), + + TP_ARGS(t, func) +); + +/** + * tasklet_exit - called immediately after the tasklet is run + * @t: tasklet pointer + * @func: tasklet callback or function being run + * + * Used to find individual tasklet execution time + */ +DEFINE_EVENT(tasklet, tasklet_exit, + + TP_PROTO(struct tasklet_struct *t, void *func), + + TP_ARGS(t, func) +); + #endif /* _TRACE_IRQ_H */ /* This part must be outside protection */ diff --git a/kernel/softirq.c b/kernel/softirq.c index 9ab5ca399a99..fadc6bbda27b 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -822,10 +822,15 @@ static void tasklet_action_common(struct softirq_action *a, if (tasklet_trylock(t)) { if (!atomic_read(&t->count)) { if (tasklet_clear_sched(t)) { - if (t->use_callback) + if (t->use_callback) { + trace_tasklet_entry(t, t->callback); t->callback(t); - else + trace_tasklet_exit(t, t->callback); + } else { + trace_tasklet_entry(t, t->func); t->func(t->data); + trace_tasklet_exit(t, t->func); + } } tasklet_unlock(t); continue; -- 2.43.0

5 days, 10 hours

6
11
0 0

[PATCH v2] gpio: regmap: Fix memleak in gpio_remap_register

by Wentao Guan

We should call gpiochip_remove(chip) to free the resource alloced by gpiochip_add_data(chip, gpio) after the err path. Fixes: 553b75d4bfe9 ("gpio: regmap: Allow to allocate regmap-irq device") CC: stable(a)vger.kernel.org Co-developed-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> --- changelog in v2: 1. format commit message. 2. rebase to mainline now. --- --- drivers/gpio/gpio-regmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-regmap.c b/drivers/gpio/gpio-regmap.c index f4267af00027e..c64805dcb9f88 100644 --- a/drivers/gpio/gpio-regmap.c +++ b/drivers/gpio/gpio-regmap.c @@ -328,7 +328,7 @@ struct gpio_regmap *gpio_regmap_register(const struct gpio_regmap_config *config config->regmap_irq_line, config->regmap_irq_flags, 0, config->regmap_irq_chip, &gpio->irq_chip_data); if (ret) - goto err_free_bitmap; + goto err_remove_gpiochip; irq_domain = regmap_irq_get_domain(gpio->irq_chip_data); } else base-commit: 3f9f0252130e7dd60d41be0802bf58f6471c691d -- 2.20.1

5 days, 10 hours

2
3
0 0

FAILED: patch "[PATCH] drm, fbcon, vga_switcheroo: Avoid race condition in fbcon" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x eb76d0f5553575599561010f24c277cc5b31d003 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120119-edgy-recycled-bcfe@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From eb76d0f5553575599561010f24c277cc5b31d003 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Wed, 5 Nov 2025 17:14:49 +0100 Subject: [PATCH] drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB access in fbcon_remap_all(). Without holding the console lock the call races with switching outputs. VGA switcheroo calls fbcon_remap_all() when switching clients. The fbcon function uses struct fb_info.node, which is set by register_framebuffer(). As the fb-helper code currently sets up VGA switcheroo before registering the framebuffer, the value of node is -1 and therefore not a legal value. For example, fbcon uses the value within set_con2fb_map() [1] as an index into an array. Moving vga_switcheroo_client_fb_set() after register_framebuffer() can result in VGA switching that does not switch fbcon correctly. Therefore move vga_switcheroo_client_fb_set() under fbcon_fb_registered(), which already holds the console lock. Fbdev calls fbcon_fb_registered() from within register_framebuffer(). Serializes the helper with VGA switcheroo's call to fbcon_remap_all(). Although vga_switcheroo_client_fb_set() takes an instance of struct fb_info as parameter, it really only needs the contained fbcon state. Moving the call to fbcon initialization is therefore cleaner than before. Only amdgpu, i915, nouveau and radeon support vga_switcheroo. For all other drivers, this change does nothing. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://elixir.bootlin.com/linux/v6.17/source/drivers/video/fbdev/core/fbco… # [1] Fixes: 6a9ee8af344e ("vga_switcheroo: initial implementation (v15)") Acked-by: Javier Martinez Canillas <javierm(a)redhat.com> Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: dri-devel(a)lists.freedesktop.org Cc: nouveau(a)lists.freedesktop.org Cc: amd-gfx(a)lists.freedesktop.org Cc: linux-fbdev(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v2.6.34+ Link: https://patch.msgid.link/20251105161549.98836-1-tzimmermann@suse.de diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 11a5b60cb9ce..0b3ee008523d 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -31,9 +31,7 @@ #include <linux/console.h> #include <linux/export.h> -#include <linux/pci.h> #include <linux/sysrq.h> -#include <linux/vga_switcheroo.h> #include <drm/drm_atomic.h> #include <drm/drm_drv.h> @@ -566,11 +564,6 @@ EXPORT_SYMBOL(drm_fb_helper_release_info); */ void drm_fb_helper_unregister_info(struct drm_fb_helper *fb_helper) { - struct fb_info *info = fb_helper->info; - struct device *dev = info->device; - - if (dev_is_pci(dev)) - vga_switcheroo_client_fb_set(to_pci_dev(dev), NULL); unregister_framebuffer(fb_helper->info); } EXPORT_SYMBOL(drm_fb_helper_unregister_info); @@ -1632,7 +1625,6 @@ static int drm_fb_helper_single_fb_probe(struct drm_fb_helper *fb_helper) struct drm_client_dev *client = &fb_helper->client; struct drm_device *dev = fb_helper->dev; struct drm_fb_helper_surface_size sizes; - struct fb_info *info; int ret; if (drm_WARN_ON(dev, !dev->driver->fbdev_probe)) @@ -1653,12 +1645,6 @@ static int drm_fb_helper_single_fb_probe(struct drm_fb_helper *fb_helper) strcpy(fb_helper->fb->comm, "[fbcon]"); - info = fb_helper->info; - - /* Set the fb info for vgaswitcheroo clients. Does nothing otherwise. */ - if (dev_is_pci(info->device)) - vga_switcheroo_client_fb_set(to_pci_dev(info->device), info); - return 0; } diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index 9bd3c3814b5c..e7e07eb2142e 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -66,6 +66,7 @@ #include <linux/string.h> #include <linux/kd.h> #include <linux/panic.h> +#include <linux/pci.h> #include <linux/printk.h> #include <linux/slab.h> #include <linux/fb.h> @@ -78,6 +79,7 @@ #include <linux/interrupt.h> #include <linux/crc32.h> /* For counting font checksums */ #include <linux/uaccess.h> +#include <linux/vga_switcheroo.h> #include <asm/irq.h> #include "fbcon.h" @@ -2899,6 +2901,9 @@ void fbcon_fb_unregistered(struct fb_info *info) console_lock(); + if (info->device && dev_is_pci(info->device)) + vga_switcheroo_client_fb_set(to_pci_dev(info->device), NULL); + fbcon_registered_fb[info->node] = NULL; fbcon_num_registered_fb--; @@ -3032,6 +3037,10 @@ static int do_fb_registered(struct fb_info *info) } } + /* Set the fb info for vga_switcheroo clients. Does nothing otherwise. */ + if (info->device && dev_is_pci(info->device)) + vga_switcheroo_client_fb_set(to_pci_dev(info->device), info); + return ret; }

5 days, 10 hours

4
5
0 0

LDI Show 2025 Data

by Rachel Porter

Hi, Ahead of LDI Show 2025 (Dec 3–9, Las Vegas), we have access to a verified audience of 16,594 and a strong exhibitor roster of 312 top suppliers and vendors. This includes lighting & audio equipment manufacturers, staging/rigging vendors, media-server / projection / video providers, production houses, rental companies, sound & lighting engineers, stage managers ,other live-event technology stakeholders and many. If interested, reply “Send Pricing” to receive the details. Best regards, Rachel Porter Head of Client Relations To opt-out, reply “Not Interested”.

5 days, 10 hours

1
0
0 0

[PATCH] perf build: build BPF skeletons with fPIC

by Jon Kohler

Fix Makefile.perf to ensure that bpf skeletons are built with fPIC. When building with BUILD_BPF_SKEL=1, bpf_skel's was not getting built with fPIC, seeing compilation failures like: /usr/bin/ld: /builddir/.../tools/perf/util/bpf_skel/.tmp/bootstrap/main.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a PIE object; recompile with -fPIE Bisected down to 6.18 commit a39516805992 ("tools build: Don't assume libtracefs-devel is always available"). Fixes: a39516805992 ("tools build: Don't assume libtracefs-devel is always available") Cc: stable(a)vger.kernel.org Signed-off-by: Jon Kohler <jon(a)nutanix.com> --- tools/perf/Makefile.perf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf index 02f87c49801f..4557c2e89e88 100644 --- a/tools/perf/Makefile.perf +++ b/tools/perf/Makefile.perf @@ -1211,7 +1211,7 @@ endif $(BPFTOOL): | $(SKEL_TMP_OUT) $(Q)CFLAGS= $(MAKE) -C ../bpf/bpftool \ - OUTPUT=$(SKEL_TMP_OUT)/ bootstrap + EXTRA_CFLAGS="-fPIC" OUTPUT=$(SKEL_TMP_OUT)/ bootstrap # Paths to search for a kernel to generate vmlinux.h from. VMLINUX_BTF_ELF_PATHS ?= $(if $(O),$(O)/vmlinux) \ -- 2.43.0

5 days, 10 hours

2
2
0 0

[PATCH v2 1/2] kasan: Refactor pcpu kasan vmalloc unpoison

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> A KASAN tag mismatch, possibly causing a kernel panic, can be observed on systems with a tag-based KASAN enabled and with multiple NUMA nodes. It was reported on arm64 and reproduced on x86. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Refactor code by reusing __kasan_unpoison_vmalloc in a new helper in preparation for the actual fix. Changelog v1 (after splitting of from the KASAN series): - Rewrite first paragraph of the patch message to point at the user impact of the issue. - Move helper to common.c so it can be compiled in all KASAN modes. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> --- Changelog v2: - Redo the whole patch so it's an actual refactor. include/linux/kasan.h | 16 +++++++++++++--- mm/kasan/common.c | 17 +++++++++++++++++ mm/kasan/hw_tags.c | 15 +++++++++++++-- mm/kasan/shadow.c | 16 ++++++++++++++-- mm/vmalloc.c | 4 +--- 5 files changed, 58 insertions(+), 10 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index d12e1a5f5a9a..4a3d3dba9764 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -595,14 +595,14 @@ static inline void kasan_release_vmalloc(unsigned long start, #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ -void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags); +void *__kasan_random_unpoison_vmalloc(const void *start, unsigned long size, + kasan_vmalloc_flags_t flags); static __always_inline void *kasan_unpoison_vmalloc(const void *start, unsigned long size, kasan_vmalloc_flags_t flags) { if (kasan_enabled()) - return __kasan_unpoison_vmalloc(start, size, flags); + return __kasan_random_unpoison_vmalloc(start, size, flags); return (void *)start; } @@ -614,6 +614,11 @@ static __always_inline void kasan_poison_vmalloc(const void *start, __kasan_poison_vmalloc(start, size); } +void *__kasan_unpoison_vmap_areas(void *addr, unsigned long size, + kasan_vmalloc_flags_t flags, u8 tag); +void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags); + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -638,6 +643,11 @@ static inline void *kasan_unpoison_vmalloc(const void *start, static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } +static __always_inline void +kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ diff --git a/mm/kasan/common.c b/mm/kasan/common.c index d4c14359feaf..7884ea7d13f9 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -28,6 +28,7 @@ #include <linux/string.h> #include <linux/types.h> #include <linux/bug.h> +#include <linux/vmalloc.h> #include "kasan.h" #include "../slab.h" @@ -582,3 +583,19 @@ bool __kasan_check_byte(const void *address, unsigned long ip) } return true; } + +#ifdef CONFIG_KASAN_VMALLOC +void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, + kasan_vmalloc_flags_t flags) +{ + unsigned long size; + void *addr; + int area; + + for (area = 0 ; area < nr_vms ; area++) { + size = vms[area]->size; + addr = vms[area]->addr; + vms[area]->addr = __kasan_unpoison_vmap_areas(addr, size, flags); + } +} +#endif diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 1c373cc4b3fa..4b7936a2bd6f 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -316,8 +316,8 @@ static void init_vmalloc_pages(const void *start, unsigned long size) } } -void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) +static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, + kasan_vmalloc_flags_t flags) { u8 tag; unsigned long redzone_start, redzone_size; @@ -387,6 +387,12 @@ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, return (void *)start; } +void *__kasan_random_unpoison_vmalloc(const void *start, unsigned long size, + kasan_vmalloc_flags_t flags) +{ + return __kasan_unpoison_vmalloc(start, size, flags); +} + void __kasan_poison_vmalloc(const void *start, unsigned long size) { /* @@ -396,6 +402,11 @@ void __kasan_poison_vmalloc(const void *start, unsigned long size) */ } +void *__kasan_unpoison_vmap_areas(void *addr, unsigned long size, + kasan_vmalloc_flags_t flags, u8 tag) +{ + return __kasan_unpoison_vmalloc(addr, size, flags); +} #endif void kasan_enable_hw_tags(void) diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 5d2a876035d6..0a8d8bf6e9cf 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -624,8 +624,8 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, } } -void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, - kasan_vmalloc_flags_t flags) +static void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, + kasan_vmalloc_flags_t flags) { /* * Software KASAN modes unpoison both VM_ALLOC and non-VM_ALLOC @@ -653,6 +653,18 @@ void *__kasan_unpoison_vmalloc(const void *start, unsigned long size, return (void *)start; } +void *__kasan_random_unpoison_vmalloc(const void *start, unsigned long size, + kasan_vmalloc_flags_t flags) +{ + return __kasan_unpoison_vmalloc(start, size, flags); +} + +void *__kasan_unpoison_vmap_areas(void *addr, unsigned long size, + kasan_vmalloc_flags_t flags, u8 tag) +{ + return __kasan_unpoison_vmalloc(addr, size, flags); +} + /* * Poison the shadow for a vmalloc region. Called as part of the * freeing process at the time the region is freed. diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 798b2ed21e46..32ecdb8cd4b8 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4870,9 +4870,7 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, * With hardware tag-based KASAN, marking is skipped for * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). */ - for (area = 0; area < nr_vms; area++) - vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, - vms[area]->size, KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vmap_areas(vms, nr_vms, KASAN_VMALLOC_PROT_NORMAL); kfree(vas); return vms; -- 2.52.0

5 days, 10 hours

3
2
0 0

[PATCH] comedi: Fix getting range information for subdevices 16 to 255

by Ian Abbott

The `COMEDI_RANGEINFO` ioctl does not work properly for subdevice indices above 15. Currently, the only in-tree COMEDI drivers that support more than 16 subdevices are the "8255" driver and the "comedi_bond" driver. Making the ioctl work for subdevice indices up to 255 is achievable. It needs minor changes to the handling of the `COMEDI_RANGEINFO` and `COMEDI_CHANINFO` ioctls that should be mostly harmless to user-space, apart from making them less broken. Details follow... The `COMEDI_RANGEINFO` ioctl command gets the list of supported ranges (usually with units of volts or milliamps) for a COMEDI subdevice or channel. (Only some subdevices have per-channel range tables, indicated by the `SDF_RANGETYPE` flag in the subdevice information.) It uses a `range_type` value and a user-space pointer, both supplied by user-space, but the `range_type` value should match what was obtained using the `COMEDI_CHANINFO` ioctl (if the subdevice has per-channel range tables) or `COMEDI_SUBDINFO` ioctl (if the subdevice uses a single range table for all channels). Bits 15 to 0 of the `range_type` value contain the length of the range table, which is the only part that user-space should care about (so it can use a suitably sized buffer to fetch the range table). Bits 23 to 16 store the channel index, which is assumed to be no more than 255 if the subdevice has per-channel range tables, and is set to 0 if the subdevice has a single range table. For `range_type` values produced by the `COMEDI_SUBDINFO` ioctl, bits 31 to 24 contain the subdevice index, which is assumed to be no more than 255. But for `range_type` values produced by the `COMEDI_CHANINFO` ioctl, bits 27 to 24 contain the subdevice index, which is assumed to be no more than 15, and bits 31 to 28 contain the COMEDI device's minor device number for some unknown reason lost in the mists of time. The `COMEDI_RANGEINFO` ioctl extract the length from bits 15 to 0 of the user-supplied `range_type` value, extracts the channel index from bits 23 to 16 (only used if the subdevice has per-channel range tables), extracts the subdevice index from bits 27 to 24, and ignores bits 31 to 28. So for subdevice indices 16 to 255, the `COMEDI_SUBDINFO` or `COMEDI_CHANINFO` ioctl will report a `range_type` value that doesn't work with the `COMEDI_RANGEINFO` ioctl. It will either get the range table for the subdevice index modulo 16, or will fail with `-EINVAL`. To fix this, always use bits 31 to 24 of the `range_type` value to hold the subdevice index (assumed to be no more than 255). This affects the `COMEDI_CHANINFO` and `COMEDI_RANGEINFO` ioctls. There should not be anything in user-space that depends on the old, broken usage, although it may now see different values in bits 31 to 28 of the `range_type` values reported by the `COMEDI_CHANINFO` ioctl for subdevices that have per-channel subdevices. User-space should not be trying to decode bits 31 to 16 of the `range_type` values anyway. Fixes: ed9eccbe8970 ("Staging: add comedi core") Cc: <stable(a)vger.kernel.org> #5.17+ Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- Backports needed for kernels prior to 5.17 due to .c and .h files moving to different parts of the tree. --- drivers/comedi/comedi_fops.c | 2 +- drivers/comedi/range.c | 2 +- include/uapi/linux/comedi.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c index 657c98cd723e..2c3eb9e89571 100644 --- a/drivers/comedi/comedi_fops.c +++ b/drivers/comedi/comedi_fops.c @@ -1155,7 +1155,7 @@ static int do_chaninfo_ioctl(struct comedi_device *dev, for (i = 0; i < s->n_chan; i++) { int x; - x = (dev->minor << 28) | (it->subdev << 24) | (i << 16) | + x = (it->subdev << 24) | (i << 16) | (s->range_table_list[i]->length); if (put_user(x, it->rangelist + i)) return -EFAULT; diff --git a/drivers/comedi/range.c b/drivers/comedi/range.c index 8f43cf88d784..5b8f662365e3 100644 --- a/drivers/comedi/range.c +++ b/drivers/comedi/range.c @@ -52,7 +52,7 @@ int do_rangeinfo_ioctl(struct comedi_device *dev, const struct comedi_lrange *lr; struct comedi_subdevice *s; - subd = (it->range_type >> 24) & 0xf; + subd = (it->range_type >> 24) & 0xff; chan = (it->range_type >> 16) & 0xff; if (!dev->attached) diff --git a/include/uapi/linux/comedi.h b/include/uapi/linux/comedi.h index 7314e5ee0a1e..798ec9a39e12 100644 --- a/include/uapi/linux/comedi.h +++ b/include/uapi/linux/comedi.h @@ -640,7 +640,7 @@ struct comedi_chaninfo { /** * struct comedi_rangeinfo - used to retrieve the range table for a channel - * @range_type: Encodes subdevice index (bits 27:24), channel index + * @range_type: Encodes subdevice index (bits 31:24), channel index * (bits 23:16) and range table length (bits 15:0). * @range_ptr: Pointer to array of @struct comedi_krange to be filled * in with the range table for the channel or subdevice. -- 2.51.0

5 days, 11 hours

1
0
0 0

Live Design 2025:Contacts

by Melissa Underwood

Hi, As you have been an exhibitor at Live Design International 2025 We have the final updated attendee list of verified contacts 15,805 of people including last-minute registers and walk-ins to the show, and all are confirmed Opt-in and Verified contacts Post Thanksgiving Day Special : 20% reduction on our compliant contact data. If you'd like more details, just let me know or reply "Send me pricing." Best regards, Melissa Underwood Sr. Marketing Manager If you prefer not to receive updates, reply "Not Interested."

5 days, 11 hours

1
0
0 0

[PATCH v3] KVM: x86: Add x2APIC "features" to control EOI broadcast suppression

by Khushit Shah

Add two flags for KVM_CAP_X2APIC_API to allow userspace to control support for Suppress EOI Broadcasts, which KVM completely mishandles. When x2APIC support was first added, KVM incorrectly advertised and "enabled" Suppress EOI Broadcast, without fully supporting the I/O APIC side of the equation, i.e. without adding directed EOI to KVM's in-kernel I/O APIC. That flaw was carried over to split IRQCHIP support, i.e. KVM advertised support for Suppress EOI Broadcasts irrespective of whether or not the userspace I/O APIC implementation supported directed EOIs. Even worse, KVM didn't actually suppress EOI broadcasts, i.e. userspace VMMs without support for directed EOI came to rely on the "spurious" broadcasts. KVM "fixed" the in-kernel I/O APIC implementation by completely disabling support for Suppress EOI Broadcasts in commit 0bcc3fb95b97 ("KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use"), but didn't do anything to remedy userspace I/O APIC implementations. KVM's bogus handling of Suppress EOI Broadcast is problematic when the guest relies on interrupts being masked in the I/O APIC until well after the initial local APIC EOI. E.g. Windows with Credential Guard enabled handles interrupts in the following order: 1. Interrupt for L2 arrives. 2. L1 APIC EOIs the interrupt. 3. L1 resumes L2 and injects the interrupt. 4. L2 EOIs after servicing. 5. L1 performs the I/O APIC EOI. Because KVM EOIs the I/O APIC at step #2, the guest can get an interrupt storm, e.g. if the IRQ line is still asserted and userspace reacts to the EOI by re-injecting the IRQ, because the guest doesn't de-assert the line until step #4, and doesn't expect the interrupt to be re-enabled until step #5. Unfortunately, simply "fixing" the bug isn't an option, as KVM has no way of knowing if the userspace I/O APIC supports directed EOIs, i.e. suppressing EOI broadcasts would result in interrupts being stuck masked in the userspace I/O APIC due to step #5 being ignored by userspace. And fully disabling support for Suppress EOI Broadcast is also undesirable, as picking up the fix would require a guest reboot, *and* more importantly would change the virtual CPU model exposed to the guest without any buy-in from userspace. Add two flags to allow userspace to choose exactly how to solve the immediate issue, and in the long term to allow userspace to control the virtual CPU model that is exposed to the guest (KVM should never have enabled support for Suppress EOI Broadcast without a userspace opt-in). Note, Suppress EOI Broadcasts is defined only in Intel's SDM, not in AMD's APM. But the bit is writable on some AMD CPUs, e.g. Turin, and KVM's ABI is to support Directed EOI (KVM's name) irrespective of guest CPU vendor. Fixes: 7543a635aa09 ("KVM: x86: Add KVM exit for IOAPIC EOIs") Closes: https://lore.kernel.org/kvm/7D497EF1-607D-4D37-98E7-DAF95F099342@nutanix.com Cc: stable(a)vger.kernel.org Co-developed-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Khushit Shah <khushit.shah(a)nutanix.com> --- v3: - Resend with correct patch contents; v2 mail formatting was broken. No functional changes beyond the naming and grammar feedback from v1. Testing: I ran the tests with QEMU 9.1 and a 6.12 kernel with the patch applied. - With an unmodified QEMU build, KVM's LAPIC SEOIB behavior remains unchanged. - Invoking the x2APIC API with KVM_X2APIC_API_DISABLE_IGNORE_SUPPRESS_EOI_BROADCAST_QUIRK correctly suppresses LAPIC -> IOAPIC EOI broadcasts (verified via KVM tracepoints). - Invoking the x2APIC API with KVM_X2APIC_API_DISABLE_SUPPRESS_EOI_BROADCAST results in SEOIB not being advertised to the guest, as expected (confirmed by checking the LAPIC LVR value inside the guest). I'll send the corresponding QEMU-side patch shortly. --- Documentation/virt/kvm/api.rst | 14 ++++++++++++-- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/include/uapi/asm/kvm.h | 6 ++++-- arch/x86/kvm/lapic.c | 13 +++++++++++++ arch/x86/kvm/x86.c | 12 +++++++++--- 5 files changed, 40 insertions(+), 7 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 57061fa29e6a..4141d2bd8156 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7800,8 +7800,10 @@ Will return -EBUSY if a VCPU has already been created. Valid feature flags in args[0] are:: - #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) - #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) + #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) + #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) + #define KVM_X2APIC_API_DISABLE_IGNORE_SUPPRESS_EOI_BROADCAST_QUIRK (1ULL << 2) + #define KVM_X2APIC_API_DISABLE_SUPPRESS_EOI_BROADCAST (1ULL << 3) Enabling KVM_X2APIC_API_USE_32BIT_IDS changes the behavior of KVM_SET_GSI_ROUTING, KVM_SIGNAL_MSI, KVM_SET_LAPIC, and KVM_GET_LAPIC, @@ -7814,6 +7816,14 @@ as a broadcast even in x2APIC mode in order to support physical x2APIC without interrupt remapping. This is undesirable in logical mode, where 0xff represents CPUs 0-7 in cluster 0. +Setting KVM_X2APIC_API_DISABLE_IGNORE_SUPPRESS_EOI_BROADCAST_QUIRK overrides +KVM's quirky behavior of not actually suppressing EOI broadcasts for split IRQ +chips when support for Suppress EOI Broadcasts is advertised to the guest. + +Setting KVM_X2APIC_API_DISABLE_SUPPRESS_EOI_BROADCAST disables support for +Suppress EOI Broadcasts entirely, i.e. instructs KVM to NOT advertise support +to the guest and thus disallow enabling EOI broadcast suppression in SPIV. + 7.8 KVM_CAP_S390_USER_INSTR0 ---------------------------- diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 48598d017d6f..f6fdc0842c05 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1480,6 +1480,8 @@ struct kvm_arch { bool x2apic_format; bool x2apic_broadcast_quirk_disabled; + bool disable_ignore_suppress_eoi_broadcast_quirk; + bool x2apic_disable_suppress_eoi_broadcast; bool has_mapped_host_mmio; bool guest_can_read_msr_platform_info; diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index d420c9c066d4..7255385b6d80 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -913,8 +913,10 @@ struct kvm_sev_snp_launch_finish { __u64 pad1[4]; }; -#define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) -#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) +#define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) +#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) +#define KVM_X2APIC_API_DISABLE_IGNORE_SUPPRESS_EOI_BROADCAST_QUIRK (1ULL << 2) +#define KVM_X2APIC_API_DISABLE_SUPPRESS_EOI_BROADCAST (1ULL << 3) struct kvm_hyperv_eventfd { __u32 conn_id; diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 0ae7f913d782..cf8a2162872b 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -562,6 +562,7 @@ void kvm_apic_set_version(struct kvm_vcpu *vcpu) * IOAPIC. */ if (guest_cpu_cap_has(vcpu, X86_FEATURE_X2APIC) && + !vcpu->kvm->arch.x2apic_disable_suppress_eoi_broadcast && !ioapic_in_kernel(vcpu->kvm)) v |= APIC_LVR_DIRECTED_EOI; kvm_lapic_set_reg(apic, APIC_LVR, v); @@ -1517,6 +1518,18 @@ static void kvm_ioapic_send_eoi(struct kvm_lapic *apic, int vector) /* Request a KVM exit to inform the userspace IOAPIC. */ if (irqchip_split(apic->vcpu->kvm)) { + /* + * Don't exit to userspace if the guest has enabled Directed + * EOI, a.k.a. Suppress EOI Broadcasts, in which case the local + * APIC doesn't broadcast EOIs (the guest must EOI the target + * I/O APIC(s) directly). Ignore the suppression if userspace + * has NOT disabled KVM's quirk (KVM advertised support for + * Suppress EOI Broadcasts without actually suppressing EOIs). + */ + if ((kvm_lapic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI) && + apic->vcpu->kvm->arch.disable_ignore_suppress_eoi_broadcast_quirk) + return; + apic->vcpu->arch.pending_ioapic_eoi = vector; kvm_make_request(KVM_REQ_IOAPIC_EOI_EXIT, apic->vcpu); return; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c9c2aa6f4705..e1b6fe783615 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -121,8 +121,11 @@ static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE); #define KVM_CAP_PMU_VALID_MASK KVM_PMU_CAP_DISABLE -#define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \ - KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK) +#define KVM_X2APIC_API_VALID_FLAGS \ + (KVM_X2APIC_API_USE_32BIT_IDS | \ + KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK | \ + KVM_X2APIC_API_DISABLE_IGNORE_SUPPRESS_EOI_BROADCAST_QUIRK | \ + KVM_X2APIC_API_DISABLE_SUPPRESS_EOI_BROADCAST) static void update_cr8_intercept(struct kvm_vcpu *vcpu); static void process_nmi(struct kvm_vcpu *vcpu); @@ -6782,7 +6785,10 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, kvm->arch.x2apic_format = true; if (cap->args[0] & KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK) kvm->arch.x2apic_broadcast_quirk_disabled = true; - + if (cap->args[0] & KVM_X2APIC_API_DISABLE_IGNORE_SUPPRESS_EOI_BROADCAST_QUIRK) + kvm->arch.disable_ignore_suppress_eoi_broadcast_quirk = true; + if (cap->args[0] & KVM_X2APIC_API_DISABLE_SUPPRESS_EOI_BROADCAST) + kvm->arch.x2apic_disable_suppress_eoi_broadcast = true; r = 0; break; case KVM_CAP_X86_DISABLE_EXITS: -- 2.39.3

5 days, 13 hours

5
19
0 0

[PATCH 6.12.y 0/2] Backport support for Telit FN920C04 and FN990B40 modems

by Fabio Porcedda

Hi, these two patches are backports for 6.12.y of the following commits: commit d2b91b3097c693f784393a28801a3885778615df bus: mhi: host: pci_generic: Add Telit FN920C04 modem support commit 00559ba3ae740e7544b48fb509b2b97f56615892 bus: mhi: host: pci_generic: Add Telit FN990B40 modem support The cherry-pick of the original commits don't apply so I made this patches after fixing the conflict. Regards Daniele Palmas (2): bus: mhi: host: pci_generic: Add Telit FN920C04 modem support bus: mhi: host: pci_generic: Add Telit FN990B40 modem support drivers/bus/mhi/host/pci_generic.c | 52 ++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) -- 2.52.0

5 days, 13 hours

1
2
0 0

[PATCH] gpio: regmap: Fix gpio_remap_register

by Wentao Guan

Because gpiochip_add_data successfully done, use err_remove_gpiochip instead of err_free_bitmap to free such as gdev,descs.. Fixes: 553b75d4bfe9 ("gpio: regmap: Allow to allocate regmap-irq device") CC: stable(a)vger.kernel.org Co-developed-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: WangYuli <wangyl5933(a)chinaunicom.cn> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> --- drivers/gpio/gpio-regmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-regmap.c b/drivers/gpio/gpio-regmap.c index fd986afa7db5f..f0bcb2c2c6748 100644 --- a/drivers/gpio/gpio-regmap.c +++ b/drivers/gpio/gpio-regmap.c @@ -310,7 +310,7 @@ struct gpio_regmap *gpio_regmap_register(const struct gpio_regmap_config *config config->regmap_irq_line, config->regmap_irq_flags, 0, config->regmap_irq_chip, &gpio->irq_chip_data); if (ret) - goto err_free_bitmap; + goto err_remove_gpiochip; irq_domain = regmap_irq_get_domain(gpio->irq_chip_data); } else -- 2.20.1

5 days, 13 hours

3
3
0 0

please consider to backport "drm/i915/dp: Initialize the source OUI write timestamp always"

by H. Nikolaus Schaller

Adding this patch solves an observed 5 minutes wait delay issue with stable kernels (up to v6.12) on my AcePC T11 (with Atom Z8350 Cherry Trail). Commit is 5861258c4e6a("drm/i915/dp: Initialize the source OUI write timestamp always") resp. https://patchwork.freedesktop.org/patch/621660/ It apparently appeared upstream with v6.13-rc1 but got not backported. BR and thanks, Nikolaus

5 days, 14 hours

2
1
0 0

Linux 5.4.302

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.302 kernel. This is the LAST 5.4.y release. It is now end-of-life and should not be used by anyone, anymore. As of this point in time, there are 1539 documented unfixed CVEs for this kernel branch, and that number will only increase over time as more CVEs get assigned for kernel bugs. All users of the 5.4 kernel series must upgrade to a newer branch as this point in time. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/bitops.h | 2 arch/mips/boot/dts/lantiq/danube.dtsi | 6 arch/mips/lantiq/xway/sysctrl.c | 2 arch/mips/mti-malta/malta-init.c | 20 - arch/powerpc/kernel/eeh_driver.c | 2 arch/sparc/include/asm/elf_64.h | 1 arch/sparc/kernel/module.c | 1 arch/x86/entry/vsyscall/vsyscall_64.c | 17 + arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/resctrl/monitor.c | 10 drivers/acpi/acpi_video.c | 4 drivers/acpi/acpica/dsmethod.c | 10 drivers/acpi/property.c | 24 + drivers/acpi/video_detect.c | 8 drivers/ata/libata-scsi.c | 8 drivers/base/devcoredump.c | 138 ++++++---- drivers/base/regmap/regmap-slimbus.c | 6 drivers/bluetooth/btusb.c | 13 drivers/bluetooth/hci_bcsp.c | 3 drivers/char/misc.c | 8 drivers/clocksource/timer-vf-pit.c | 22 - drivers/cpufreq/longhaul.c | 3 drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 drivers/dma/sh/shdma-base.c | 25 + drivers/dma/sh/shdmac.c | 17 - drivers/edac/altera_edac.c | 22 + drivers/extcon/extcon-adc-jack.c | 2 drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/hid/hid-ids.h | 7 drivers/hid/hid-quirks.c | 14 - drivers/hwmon/dell-smm-hwmon.c | 7 drivers/iio/adc/spear_adc.c | 9 drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/misc/ati_remote2.c | 2 drivers/input/misc/cm109.c | 2 drivers/input/misc/powermate.c | 2 drivers/input/misc/yealink.c | 2 drivers/input/tablet/acecad.c | 2 drivers/input/tablet/pegasus_notetaker.c | 11 drivers/irqchip/irq-gic-v2m.c | 13 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 - drivers/media/i2c/ir-kbd-i2c.c | 6 drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 drivers/media/pci/ivtv/ivtv-driver.h | 3 drivers/media/pci/ivtv/ivtv-fileops.c | 18 - drivers/media/pci/ivtv/ivtv-irq.c | 4 drivers/media/rc/imon.c | 61 ++-- drivers/media/rc/redrat3.c | 2 drivers/media/tuners/xc4000.c | 8 drivers/media/tuners/xc5000.c | 12 drivers/memstick/core/memstick.c | 8 drivers/mfd/madera-core.c | 4 drivers/mfd/stmpe-i2c.c | 1 drivers/mfd/stmpe.c | 3 drivers/mmc/host/renesas_sdhi_core.c | 6 drivers/mmc/host/sdhci-msm.c | 15 + drivers/net/can/usb/gs_usb.c | 23 - drivers/net/dsa/b53/b53_common.c | 57 +++- drivers/net/dsa/b53/b53_regs.h | 4 drivers/net/ethernet/cadence/macb_main.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 - drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 16 + drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/ti/netcp_core.c | 10 drivers/net/phy/dp83867.c | 6 drivers/net/phy/mdio_bus.c | 5 drivers/net/usb/asix_devices.c | 12 drivers/net/usb/qmi_wwan.c | 6 drivers/net/usb/usbnet.c | 2 drivers/net/wireless/ath/ath10k/wmi.c | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 21 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 drivers/pci/p2pdma.c | 2 drivers/pci/quirks.c | 1 drivers/phy/cadence/cdns-dphy.c | 4 drivers/regulator/fixed.c | 6 drivers/remoteproc/qcom_q6v5.c | 5 drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/lpfc/lpfc_debugfs.h | 3 drivers/scsi/lpfc/lpfc_scsi.c | 14 - drivers/scsi/pm8001/pm8001_ctl.c | 2 drivers/scsi/sg.c | 10 drivers/soc/imx/gpc.c | 2 drivers/soc/qcom/smem.c | 2 drivers/soc/ti/knav_dma.c | 14 - drivers/spi/spi-loopback-test.c | 12 drivers/spi/spi.c | 10 drivers/target/loopback/tcm_loop.c | 3 drivers/tee/tee_core.c | 2 drivers/tty/serial/8250/8250_dw.c | 128 ++++----- drivers/uio/uio_hv_generic.c | 21 + drivers/usb/gadget/function/f_fs.c | 8 drivers/usb/gadget/function/f_hid.c | 4 drivers/usb/gadget/function/f_ncm.c | 3 drivers/usb/host/xhci-plat.c | 1 drivers/usb/mon/mon_bin.c | 14 - drivers/video/backlight/lp855x_bl.c | 2 drivers/video/fbdev/aty/atyfb_base.c | 8 drivers/video/fbdev/core/bitblit.c | 33 ++ drivers/video/fbdev/pvr2fb.c | 2 drivers/video/fbdev/valkyriefb.c | 2 fs/9p/v9fs.c | 9 fs/btrfs/transaction.c | 2 fs/ceph/locks.c | 5 fs/hpfs/namei.c | 18 - fs/jfs/inode.c | 8 fs/jfs/jfs_txnmgr.c | 9 fs/nfs/nfs4client.c | 1 fs/nfs/nfs4proc.c | 6 fs/nfs/nfs4state.c | 3 fs/open.c | 10 fs/orangefs/xattr.c | 12 fs/proc/generic.c | 12 include/linux/ata.h | 1 include/linux/compiler_types.h | 5 include/linux/filter.h | 2 include/linux/mm.h | 2 include/linux/shdma-base.h | 2 include/linux/usb.h | 16 - include/net/cls_cgroup.h | 2 include/net/nfc/nci_core.h | 2 include/net/pkt_sched.h | 25 + kernel/events/uprobes.c | 7 kernel/gcov/gcc_4_7.c | 4 kernel/trace/trace_events_hist.c | 6 mm/page_alloc.c | 2 net/8021q/vlan.c | 2 net/bluetooth/6lowpan.c | 97 ++++--- net/bluetooth/l2cap_core.c | 1 net/bluetooth/sco.c | 7 net/bridge/br_forward.c | 3 net/core/netpoll.c | 7 net/core/page_pool.c | 6 net/core/sock.c | 15 - net/ipv4/nexthop.c | 6 net/ipv4/route.c | 5 net/ipv6/ah6.c | 50 ++- net/ipv6/raw.c | 2 net/ipv6/udp.c | 2 net/mac80211/rx.c | 10 net/openvswitch/actions.c | 68 ---- net/openvswitch/flow_netlink.c | 64 ---- net/openvswitch/flow_netlink.h | 2 net/rds/rds.h | 2 net/sched/act_ife.c | 12 net/sched/sch_api.c | 10 net/sched/sch_generic.c | 24 - net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 net/sctp/associola.c | 10 net/sctp/chunk.c | 2 net/sctp/diag.c | 7 net/sctp/endpointola.c | 6 net/sctp/input.c | 5 net/sctp/output.c | 2 net/sctp/outqueue.c | 6 net/sctp/sm_make_chunk.c | 7 net/sctp/sm_sideeffect.c | 16 - net/sctp/sm_statefuns.c | 2 net/sctp/socket.c | 12 net/sctp/stream.c | 3 net/sctp/stream_interleave.c | 23 - net/sctp/transport.c | 15 - net/sctp/ulpqueue.c | 15 - net/strparser/strparser.c | 2 net/tipc/core.c | 4 net/tipc/core.h | 8 net/tipc/discover.c | 4 net/tipc/link.c | 5 net/tipc/link.h | 1 net/tipc/net.c | 17 - net/vmw_vsock/af_vsock.c | 40 ++ scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/max98090.c | 6 sound/soc/qcom/qdsp6/q6asm.c | 2 sound/usb/mixer.c | 11 tools/power/cpupower/lib/cpuidle.c | 5 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 26 + tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 tools/testing/selftests/net/fcnal-test.sh | 4 tools/testing/selftests/net/psock_tpacket.c | 4 200 files changed, 1294 insertions(+), 813 deletions(-) Abdun Nihaal (1): isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Al Viro (2): allow finish_no_open(file, ERR_PTR(-E...)) nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Albin Babu Varghese (1): fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Aleksander Jan Bajkowski (3): mips: lantiq: danube: add missing properties to cpu node mips: lantiq: danube: add missing device_type in pci node mips: lantiq: xway: sysctrl: rename stp clock Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alexander Stein (2): mfd: stmpe: Remove IRQ domain upon removal mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexey Klimov (1): regmap: slimbus: fix bus_context pointer in regmap init calls Amber Lin (1): drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Amirreza Zarrabi (1): tee: allow a driver to allocate a tee_device without a pool Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Andy Shevchenko (2): serial: 8250_dw: Use devm_clk_get_optional() to get the input clock serial: 8250_dw: Use devm_add_action_or_reset() Anthony Iliopoulos (1): NFSv4.1: fix mount hang after CREATE_SESSION failure Armin Wolf (1): hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Arnd Bergmann (1): mfd: madera: Work around false-positive -Wininitialized warning Artem Shimko (1): serial: 8250_dw: handle reset control deassert error Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bart Van Assche (1): scsi: sg: Do not sleep in atomic context Benjamin Berg (1): wifi: mac80211: skip rate verification for not captured PSDUs Biju Das (1): mmc: host: renesas_sdhi: Fix the actual clock Brahmajit Das (1): net: intel: fm10k: Fix parameter idx set but not used Breno Leitao (1): net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Celeste Liu (1): can: gs_usb: increase max interface to U8_MAX Charalampos Mitrodimas (1): net: ipv6: fix field-spanning memcpy warning in AH output Chelsy Ratnawat (1): media: fix uninitialized symbol warnings Chris Morgan (1): regulator: fixed: use dev_err_probe for register Christian Bruel (1): irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Christoph Paasch (1): net: When removing nexthops, don't call synchronize_net if it is not necessary Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Cryolitia PukNgae (1): ALSA: usb-audio: apply quirk for MOONDROP Quark2 Daniel Lezcano (1): clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Daniel Palmer (1): fbdev: atyfb: Check if pll_ops->init_pll failed David Ahern (2): selftests: Disable dad for ipv6 in fcnal-test.sh selftests: Replace sleep with slowwait David Kaplan (1): x86/bugs: Fix reporting of LFENCE retpoline Dennis Beier (1): cpufreq/longhaul: handle NULL policy in longhaul_exit Devendra K Verma (1): dmaengine: dw-edma: Set status for callback_result Dragos Tatulea (1): page_pool: Clamp pool size to max 16K pages Emanuele Ghidoli (1): net: phy: dp83867: Disable EEE support as not implemented Eric Dumazet (5): net: call cond_resched() less often in __release_sock() ipv6: np->rxpmtu race annotation sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: remove need_resched() from qdisc_run() net_sched: limit try_bulk_dequeue_skb() batches Filipe Manana (1): btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Florian Fuchs (1): fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Forest Crossman (1): usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Gal Pressman (2): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Geoffrey McRae (1): drm/amdkfd: return -ENOTTY for unsupported IOCTLs Gokul Sivakumar (1): wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Greg Kroah-Hartman (1): Linux 5.4.302 Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hangbin Liu (1): net: vlan: sync VLAN features with lower device Hans de Goede (2): ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() spi: Try to get ACPI GPIO IRQ earlier Haotian Zhang (2): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure Harikrishna Shenoy (1): phy: cadence: cdns-dphy: Enable lower resolutions in dphy Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Ido Schimmel (1): bridge: Redirect to backup port when port is administratively down Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Isaac J. Manjarres (1): mm/page_alloc: fix hash table order logging in alloc_large_system_hash() Ivan Pravdin (1): Bluetooth: bcsp: receive data only if registered Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jens Reidel (1): soc: qcom: smem: Fix endian-unaware access of num_entries Jiayi Li (1): memstick: Add timeout to prevent indefinite waiting Jiri Olsa (1): uprobe: Do not emulate/sstep original instruction when ip is changed Jonas Gorski (3): net: dsa: b53: fix resetting speed and pause on forced link net: dsa: b53: fix enabling ip multicast net: dsa: b53: stop reading ARL entries if search is done Joshua Watt (1): NFS4: Fix state renewals missing after boot Junjie Cao (1): fbdev: bitblit: bound-check glyph index in bit_putcs* Juraj Šarinay (1): net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Justin Tee (2): scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET scsi: lpfc: Define size of debugfs entry for xri rebalancing Kaushlendra Kumar (1): tools/cpupower: Fix incorrect size in cpuidle_state_disable() Kees Cook (1): arc: Fix __fls() const-foldability via __builtin_clzl() Kirill A. Shutemov (1): x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Koakuma (1): sparc/module: Add R_SPARC_UA64 relocation handling Krishna Kurapati (1): usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Krzysztof Kozlowski (2): extcon: adc-jack: Fix wakeup source leaks on device unbind extcon: adc-jack: Cleanup wakeup source only if it was enabled Kuniyuki Iwashima (2): net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. tipc: Fix use-after-free in tipc_mon_reinit_self(). Lad Prabhakar (1): net: ravb: Enforce descriptor type ordering Laurent Pinchart (1): media: pci: ivtv: Don't create fake v4l2_fh Len Brown (2): tools/power x86_energy_perf_policy: Enhance HWP enable tools/power x86_energy_perf_policy: Prefer driver HWP limits Lizhi Xu (1): usbnet: Prevents free active kevent Loic Poulain (1): wifi: ath10k: Fix memory leak on unsupported WMI command Long Li (1): uio_hv_generic: Set event for all channels on the device Luiz Augusto von Dentz (1): Bluetooth: SCO: Fix UAF on sco_conn_free Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Marcos Del Sol Vives (1): PCI: Disable MSI on RDC PCI to PCIe bridges Mario Limonciello (AMD) (1): ACPI: video: force native for Lenovo 82K8 Miaoqian Lin (3): net: usb: asix_devices: Check return value of usbnet_get_endpoints fbdev: valkyriefb: Fix reference count leak in valkyriefb_init pmdomain: imx: Fix reference count leak in imx_gpc_remove Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Marshall (1): orangefs: fix xattr related buffer overflow... Nai-Chen Cheng (1): selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug Nathan Chancellor (1): net: qede: Initialize qede_ll_ops with designated initializer Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niklas Schnelle (1): powerpc/eeh: Use result of error_detected() in uevent Niklas Söderlund (1): net: sh_eth: Disable WoL if system can not suspend Niravkumar L Rabara (2): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Olga Kornievskaia (1): NFSv4: handle ERR_GRACE on delegation recalls Owen Gu (1): usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Pauli Virtanen (4): Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Qendrim Maxhuni (1): net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Qianfeng Rong (2): scsi: pm8001: Use int instead of u32 to store error codes media: redrat3: use int type to store negative error codes Randall P. Embry (2): 9p: fix /sys/fs/9p/caches overwriting itself 9p: sysfs_init: don't hardcode error to ENOMEM Ranganath V N (1): net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Raphael Pinsonneault-Thibeault (1): Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Ricardo B. Marlière (1): selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Rodrigo Gobbi (1): iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Rosen Penev (1): dmaengine: mv_xor: match alloc_wc and free_wc Russell King (1): net: dsa/b53: change b53_force_port_config() pause argument Sakari Ailus (1): ACPI: property: Return present device nodes only on fwnode interface Saket Dumbre (1): ACPICA: Update dsmethod.c to get rid of unused variable warning Sarthak Garg (1): mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Seyediman Seyedarab (1): drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shaurya Rane (1): jfs: fix uninitialized waitqueue in transaction manager Srinivas Kandagatla (1): ASoC: qdsp6: q6asm: do not sleep while atomic Stefan Wiehler (2): sctp: Hold RCU read lock while iterating over address list sctp: Prevent TOCTOU out-of-bounds write Stephan Gerhold (1): remoteproc: qcom: q6v5: Avoid handling handover twice Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Sungho Kim (1): PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Svyatoslav Ryhel (1): video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Tetsuo Handa (2): media: imon: make send_packet() more robust jfs: Verify inode mode when loading from disk Thomas Andreatta (1): dmaengine: sh: setup_xref error handling Thomas Weißschuh (2): spi: loopback-test: Don't use %pK through printk bpf: Don't use %pK through printk Théo Lebrun (1): net: macb: avoid dealing with endianness in macb_set_hwaddr() Tomeu Vizoso (1): drm/etnaviv: fix flush sequence logic Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Ujwal Kundur (1): rds: Fix endianness annotation for RDS_MPATH_HASH Viacheslav Dubeyko (1): ceph: add checking of wait_for_completion_killable() return value Vincent Mailhol (2): usb: deprecate the third argument of usb_maxpacket() Input: remove third argument of usb_maxpacket() Wake Liu (2): selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 selftests/net: Ensure assert() triggers in psock_tpacket.c Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() William Wu (1): usb: gadget: f_hid: Fix zero length packet transfer Xiang Mei (1): net/sched: sch_qfq: Fix null-deref in agg_dequeue Xin Long (2): sctp: get netns from asoc and ep base tipc: simplify the finalize work queue Yafang Shao (1): net/cls_cgroup: Fix task_get_classid() during qdisc run Yikang Yue (1): fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Yuhao Jiang (1): ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zijun Hu (1): char: misc: Does not request module for miscdevice with dynamic minor Zilin Guan (2): tracing: Fix memory leaks in create_field_var() mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() raub camaioni (1): usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Álvaro Fernández Rojas (1): net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325

5 days, 14 hours

1
2
0 0

[PATCH v6.1 0/4] sched: The newidle balance regression

by Ajay Kaher

This series is to backport following patches for v6.1: link: https://lore.kernel.org/lkml/20251107160645.929564468@infradead.org/ Peter Zijlstra (4): sched/fair: Revert max_newidle_lb_cost bump sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 75 +++++++++++++++++++++++----------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 +++ 6 files changed, 75 insertions(+), 24 deletions(-) -- 2.40.4

5 days, 16 hours

1
4
0 0

[PATCH 6.1.y] HID: core: Harden s32ton() against conversion to 0 bits

by jetlan9＠163.com

From: Alan Stern <stern(a)rowland.harvard.edu> [ Upstream commit a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd ] Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.… Tested-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Fixes: dde5845a529f ("[PATCH] Generic HID layer - code split") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harva… Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> [ s32ton() was moved by c653ffc28340 ("HID: stop exporting hid_snto32()"). Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/hid/hid-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index ed65523d77c2..c8cca0c7ec67 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1354,7 +1354,12 @@ EXPORT_SYMBOL_GPL(hid_snto32); static u32 s32ton(__s32 value, unsigned n) { - s32 a = value >> (n - 1); + s32 a; + if (!value || !n) + return 0; + + a = value >> (n - 1); + if (a && a != -1) return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1; return value & ((1 << n) - 1); -- 2.43.0

5 days, 16 hours

1
0
0 0

[PATCH 6.6.y] HID: core: Harden s32ton() against conversion to 0 bits

by jetlan9＠163.com

From: Alan Stern <stern(a)rowland.harvard.edu> [ Upstream commit a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd ] Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.… Tested-by: syzbot+b63d677d63bcac06cf90(a)syzkaller.appspotmail.com Fixes: dde5845a529f ("[PATCH] Generic HID layer - code split") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harva… Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> [ s32ton() was moved by c653ffc28340 ("HID: stop exporting hid_snto32()"). Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/hid/hid-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 266cd56dec50..d8fda282d049 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1351,7 +1351,12 @@ EXPORT_SYMBOL_GPL(hid_snto32); static u32 s32ton(__s32 value, unsigned n) { - s32 a = value >> (n - 1); + s32 a; + + if (!value || !n) + return 0; + + a = value >> (n - 1); if (a && a != -1) return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1; return value & ((1 << n) - 1); -- 2.43.0

5 days, 16 hours

1
0
0 0

[PATCH v6.6 0/4] sched: The newidle balance regression

by Ajay Kaher

This series is to backport following patches for v6.6: link: https://lore.kernel.org/lkml/20251107160645.929564468@infradead.org/ Peter Zijlstra (3): sched/fair: Revert max_newidle_lb_cost bump sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 75 +++++++++++++++++++++++----------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 +++ 6 files changed, 75 insertions(+), 24 deletions(-) -- 2.40.4

5 days, 16 hours

1
4
0 0

Loan and Investment offer/ Account Reprofilling

by Gerald Johnson

5 days, 17 hours

1
0
0 0

[PATCH net] atm: mpoa: Fix UAF on qos_head list in procfs

by Minseong Kim

The global QoS list 'qos_head' in net/atm/mpc.c is accessed from the /proc/net/atm/mpc procfs interface without proper synchronization. The read-side seq_file show path (mpc_show() -> atm_mpoa_disp_qos()) walks qos_head without any lock, while the write-side path (proc_mpc_write() -> parse_qos() -> atm_mpoa_delete_qos()) can unlink and kfree() entries immediately. Concurrent read/write therefore leads to a use-after-free. This risk is already called out in-tree: /* this is buggered - we need locking for qos_head */ Fix this by adding a mutex to protect all qos_head list operations. A mutex is used (instead of a spinlock) because atm_mpoa_disp_qos() invokes seq_printf(), which may sleep. The fix: - Adds qos_mutex protecting qos_head - Introduces __atm_mpoa_search_qos() requiring the mutex - Serializes add/search/delete/show/cleanup on qos_head - Re-checks qos_head under lock in add path to avoid duplicates under concurrent additions - Uses a single-exit pattern in delete for clarity Note: atm_mpoa_search_qos() still returns an unprotected pointer; callers must ensure the entry is not freed while using it, or hold qos_mutex. Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- net/atm/mpc.c | 60 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 40 insertions(+), 20 deletions(-) diff --git a/net/atm/mpc.c b/net/atm/mpc.c index 324e3ab96bb393..12da0269275c54 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -123,6 +123,7 @@ static struct llc_snap_hdr llc_snap_mpoa_data_tagged = { struct mpoa_client *mpcs = NULL; /* FIXME */ static struct atm_mpoa_qos *qos_head = NULL; +static DEFINE_MUTEX(qos_mutex); /* Protect qos_head list */ static DEFINE_TIMER(mpc_timer, mpc_cache_check); @@ -175,23 +176,45 @@ static struct mpoa_client *find_mpc_by_lec(struct net_device *dev) /* * Functions for managing QoS list */ +/* + * Search for a QoS entry. Caller must hold qos_mutex. + * Returns pointer to entry if found, NULL otherwise. + */ +static struct atm_mpoa_qos *__atm_mpoa_search_qos(__be32 dst_ip) +{ + struct atm_mpoa_qos *qos = qos_head; + + while (qos) { + if (qos->ipaddr == dst_ip) + return qos; + qos = qos->next; + } + return NULL; +} + +/* + * Search for a QoS entry. + * WARNING: The returned pointer is not protected. The caller must ensure + * that the entry is not freed while using it, or hold qos_mutex during use. + */ struct atm_mpoa_qos *atm_mpoa_search_qos(__be32 dst_ip) { struct atm_mpoa_qos *qos; - qos = qos_head; - while (qos) { - if (qos->ipaddr == dst_ip) - break; - qos = qos->next; - } + mutex_lock(&qos_mutex); + qos = __atm_mpoa_search_qos(dst_ip); + mutex_unlock(&qos_mutex); return qos; } /* * Overwrites the old entry or makes a new one. */ struct atm_mpoa_qos *atm_mpoa_add_qos(__be32 dst_ip, struct atm_qos *qos) { struct atm_mpoa_qos *entry; + struct atm_mpoa_qos *new; - entry = atm_mpoa_search_qos(dst_ip); - if (entry != NULL) { + /* Fast path: update existing entry */ + mutex_lock(&qos_mutex); + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { entry->qos = *qos; + mutex_unlock(&qos_mutex); return entry; } + mutex_unlock(&qos_mutex); - entry = kmalloc(sizeof(struct atm_mpoa_qos), GFP_KERNEL); - if (entry == NULL) { + /* Allocate outside lock */ + new = kmalloc(sizeof(*new), GFP_KERNEL); + if (!new) { pr_info("mpoa: out of memory\n"); - return entry; + return NULL; } - entry->ipaddr = dst_ip; - entry->qos = *qos; + new->ipaddr = dst_ip; + new->qos = *qos; + /* Re-check under lock to avoid duplicates */ mutex_lock(&qos_mutex); - entry->next = qos_head; - qos_head = entry; + entry = __atm_mpoa_search_qos(dst_ip); + if (entry) { + entry->qos = *qos; + mutex_unlock(&qos_mutex); + kfree(new); + return entry; + } + + new->next = qos_head; + qos_head = new; mutex_unlock(&qos_mutex); - return entry; + return new; } /* * Returns 0 for failure, 1 for success */ int atm_mpoa_delete_qos(struct atm_mpoa_qos *entry) { struct atm_mpoa_qos *curr; + int ret = 0; if (entry == NULL) return 0; + mutex_lock(&qos_mutex); + if (entry == qos_head) { qos_head = qos_head->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = qos_head; while (curr != NULL) { if (curr->next == entry) { curr->next = entry->next; - kfree(entry); - return 1; + ret = 1; + goto out_free; } curr = curr->next; } - return 0; +out: + mutex_unlock(&qos_mutex); + return ret; + +out_free: + mutex_unlock(&qos_mutex); + kfree(entry); + return ret; } /* this is buggered - we need locking for qos_head */ void atm_mpoa_disp_qos(struct seq_file *m) { struct atm_mpoa_qos *qos; seq_printf(m, "QoS entries for shortcuts:\n"); seq_printf(m, "IP address\n TX:max_pcr pcr min_pcr max_cdv max_sdu\n RX:max_pcr pcr min_pcr max_cdv max_sdu\n"); + mutex_lock(&qos_mutex); qos = qos_head; while (qos != NULL) { seq_printf(m, "%pI4\n %-7d %-7d %-7d %-7d %-7d\n %-7d %-7d %-7d %-7d %-7d\n", @@ -250,6 +273,7 @@ void atm_mpoa_disp_qos(struct seq_file *m) qos->qos.rxtp.max_cdv, qos->qos.rxtp.max_sdu); qos = qos->next; } + mutex_unlock(&qos_mutex); } static struct net_device *find_lec_by_itfnum(int itf) @@ -1524,8 +1548,10 @@ static void __exit atm_mpoa_cleanup(void) mpc = tmp; } + mutex_lock(&qos_mutex); qos = qos_head; qos_head = NULL; + mutex_unlock(&qos_mutex); while (qos != NULL) { nextqos = qos->next; dprintk("freeing qos entry %p\n", qos); --

5 days, 18 hours

2
1
0 0

[PATCH 0/3] media: Fix CI warnings for 6.19

by Ricardo Ribalda

New kernel version, new warnings. This series only introduces a new patch: media: iris: Document difference in size during allocation The other two have been already sent to linux-media or linux-next ML, but they have not found their way into the tree. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Jacopo Mondi (1): media: uapi: c3-isp: Fix documentation warning Ricardo Ribalda (2): media: iris: Document difference in size during allocation media: iris: Fix fps calculation drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c | 10 +++++++++- drivers/media/platform/qcom/iris/iris_venc.c | 5 ++--- include/uapi/linux/media/amlogic/c3-isp-config.h | 2 +- 3 files changed, 12 insertions(+), 5 deletions(-) --- base-commit: 47b7b5e32bb7264b51b89186043e1ada4090b558 change-id: 20251202-warnings-6-19-960d9b686cff Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

5 days, 18 hours

2
2
0 0

[PATCH 5.4 000/182] 5.4.302-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.302 release. There are 182 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Dec 2025 15:28:35 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.302-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.302-rc3 Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/page_alloc: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Chris Morgan <macromorgan(a)hotmail.com> regulator: fixed: use dev_err_probe for register Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Eric Dumazet <edumazet(a)google.com> net_sched: remove need_resched() from qdisc_run() Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). Xin Long <lucien.xin(a)gmail.com> tipc: simplify the finalize work queue Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Xin Long <lucien.xin(a)gmail.com> sctp: get netns from asoc and ep base Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Russell King <rmk+kernel(a)armlinux.org.uk> net: dsa/b53: change b53_force_port_config() pause argument Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_clk_get_optional() to get the input clock Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/bitops.h | 2 + arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/mti-malta/malta-init.c | 20 +-- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/x86/entry/vsyscall/vsyscall_64.c | 17 ++- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/property.c | 24 +++- drivers/acpi/video_detect.c | 8 ++ drivers/ata/libata-scsi.c | 8 ++ drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clocksource/timer-vf-pit.c | 22 ++-- drivers/cpufreq/longhaul.c | 3 + drivers/dma/dw-edma/dw-edma-core.c | 22 ++++ drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +++- drivers/dma/sh/shdmac.c | 17 ++- drivers/edac/altera_edac.c | 22 +++- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-quirks.c | 14 ++- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/iio/adc/spear_adc.c | 9 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 ++- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +-- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +++++---- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 +++ drivers/net/can/usb/gs_usb.c | 23 ++-- drivers/net/dsa/b53/b53_common.c | 57 ++++++--- drivers/net/dsa/b53/b53_regs.h | 4 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 ++- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 16 ++- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/wmi.c | 1 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 21 ++-- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 1 + drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/regulator/fixed.c | 6 +- drivers/remoteproc/qcom_q6v5.c | 5 + drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_scsi.c | 14 ++- drivers/scsi/pm8001/pm8001_ctl.c | 2 +- drivers/scsi/sg.c | 10 +- drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 ++ drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 128 +++++++++---------- drivers/uio/uio_hv_generic.c | 21 +++- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 ++- drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 ++++- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/transaction.c | 2 +- fs/ceph/locks.c | 5 +- fs/hpfs/namei.c | 18 ++- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 6 +- fs/nfs/nfs4state.c | 3 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- include/linux/ata.h | 1 + include/linux/compiler_types.h | 5 +- include/linux/filter.h | 2 +- include/linux/mm.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/usb.h | 16 +-- include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +++- kernel/events/uprobes.c | 7 ++ kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- mm/page_alloc.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 ++++++++++----- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 ++ net/bridge/br_forward.c | 3 +- net/core/netpoll.c | 7 +- net/core/page_pool.c | 6 +- net/core/sock.c | 15 ++- net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv6/ah6.c | 50 +++++--- net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/openvswitch/actions.c | 68 +--------- net/openvswitch/flow_netlink.c | 64 ++-------- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_ife.c | 12 +- net/sched/sch_api.c | 10 -- net/sched/sch_generic.c | 24 ++-- net/sched/sch_hfsc.c | 16 --- net/sched/sch_qfq.c | 2 +- net/sctp/associola.c | 10 +- net/sctp/chunk.c | 2 +- net/sctp/diag.c | 7 ++ net/sctp/endpointola.c | 6 +- net/sctp/input.c | 5 +- net/sctp/output.c | 2 +- net/sctp/outqueue.c | 6 +- net/sctp/sm_make_chunk.c | 7 +- net/sctp/sm_sideeffect.c | 16 +-- net/sctp/sm_statefuns.c | 2 +- net/sctp/socket.c | 12 +- net/sctp/stream.c | 3 +- net/sctp/stream_interleave.c | 23 ++-- net/sctp/transport.c | 15 ++- net/sctp/ulpqueue.c | 15 ++- net/strparser/strparser.c | 2 +- net/tipc/core.c | 4 +- net/tipc/core.h | 8 +- net/tipc/discover.c | 4 +- net/tipc/link.c | 5 + net/tipc/link.h | 1 + net/tipc/net.c | 17 +-- net/vmw_vsock/af_vsock.c | 40 ++++-- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/mixer.c | 11 +- tools/power/cpupower/lib/cpuidle.c | 5 +- .../x86_energy_perf_policy.c | 26 ++-- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- 200 files changed, 1298 insertions(+), 817 deletions(-)

5 days, 18 hours

6
5
0 0

[PATCH] rpmsg: core: fix race in driver_override_show() and use core helper

by Gui-Dong Han

The driver_override_show function reads the driver_override string without holding the device_lock. However, the store function modifies and frees the string while holding the device_lock. This creates a race condition where the string can be freed by the store function while being read by the show function, leading to a use-after-free. To fix this, replace the rpmsg_string_attr macro with explicit show and store functions. The new driver_override_store uses the standard driver_set_override helper. Since the introduction of driver_set_override, the comments in include/linux/rpmsg.h have stated that this helper must be used to set or clear driver_override, but the implementation was not updated until now. Because driver_set_override modifies and frees the string while holding the device_lock, the new driver_override_show now correctly holds the device_lock during the read operation to prevent the race. Additionally, since rpmsg_string_attr has only ever been used for driver_override, removing the macro simplifies the code. Fixes: 39e47767ec9b ("rpmsg: Add driver_override device attribute for rpmsg_device") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)gmail.com> --- I verified this with a stress test that continuously writes/reads the attribute. It triggered KASAN and leaked bytes like a0 f4 81 9f a3 ff ff (likely kernel pointers). Since driver_override is world-readable (0644), this allows unprivileged users to leak kernel pointers and bypass KASLR. Similar races were fixed in other buses (e.g., commits 9561475db680 and 91d44c1afc61). Currently, 9 of 11 buses handle this correctly; this patch fixes one of the remaining two. --- drivers/rpmsg/rpmsg_core.c | 66 ++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 39 deletions(-) diff --git a/drivers/rpmsg/rpmsg_core.c b/drivers/rpmsg/rpmsg_core.c index 5d661681a9b6..96964745065b 100644 --- a/drivers/rpmsg/rpmsg_core.c +++ b/drivers/rpmsg/rpmsg_core.c @@ -352,50 +352,38 @@ field##_show(struct device *dev, \ } \ static DEVICE_ATTR_RO(field); -#define rpmsg_string_attr(field, member) \ -static ssize_t \ -field##_store(struct device *dev, struct device_attribute *attr, \ - const char *buf, size_t sz) \ -{ \ - struct rpmsg_device *rpdev = to_rpmsg_device(dev); \ - const char *old; \ - char *new; \ - \ - new = kstrndup(buf, sz, GFP_KERNEL); \ - if (!new) \ - return -ENOMEM; \ - new[strcspn(new, "\n")] = '\0'; \ - \ - device_lock(dev); \ - old = rpdev->member; \ - if (strlen(new)) { \ - rpdev->member = new; \ - } else { \ - kfree(new); \ - rpdev->member = NULL; \ - } \ - device_unlock(dev); \ - \ - kfree(old); \ - \ - return sz; \ -} \ -static ssize_t \ -field##_show(struct device *dev, \ - struct device_attribute *attr, char *buf) \ -{ \ - struct rpmsg_device *rpdev = to_rpmsg_device(dev); \ - \ - return sprintf(buf, "%s\n", rpdev->member); \ -} \ -static DEVICE_ATTR_RW(field) - /* for more info, see Documentation/ABI/testing/sysfs-bus-rpmsg */ rpmsg_show_attr(name, id.name, "%s\n"); rpmsg_show_attr(src, src, "0x%x\n"); rpmsg_show_attr(dst, dst, "0x%x\n"); rpmsg_show_attr(announce, announce ? "true" : "false", "%s\n"); -rpmsg_string_attr(driver_override, driver_override); + +static ssize_t driver_override_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + struct rpmsg_device *rpdev = to_rpmsg_device(dev); + int ret; + + ret = driver_set_override(dev, &rpdev->driver_override, buf, count); + if (ret) + return ret; + + return count; +} + +static ssize_t driver_override_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + struct rpmsg_device *rpdev = to_rpmsg_device(dev); + ssize_t len; + + device_lock(dev); + len = sysfs_emit(buf, "%s\n", rpdev->driver_override); + device_unlock(dev); + return len; +} +static DEVICE_ATTR_RW(driver_override); static ssize_t modalias_show(struct device *dev, struct device_attribute *attr, char *buf) -- 2.43.0

5 days, 18 hours

2
1
0 0

[PATCH v2] sched/fair: Clear ->h_load_next when unregistering cgroup

by Peng Wang

An invalid pointer dereference bug was reported on arm64 cpu, and has not yet been seen on x86. A partial oops looks like: Call trace: update_cfs_rq_h_load+0x80/0xb0 wake_affine+0x158/0x168 select_task_rq_fair+0x364/0x3a8 try_to_wake_up+0x154/0x648 wake_up_q+0x68/0xd0 futex_wake_op+0x280/0x4c8 do_futex+0x198/0x1c0 __arm64_sys_futex+0x11c/0x198 Link: https://lore.kernel.org/all/20251013071820.1531295-1-CruzZhao@linux.alibaba… We found that the task_group corresponding to the problematic se is not in the parent task_group’s children list, indicating that h_load_next points to an invalid address. Consider the following cgroup and task hierarchy: A / \ / \ B E / \ | / \ t2 C D | | t0 t1 Here follows a timing sequence that may be responsible for triggering the problem: CPU X CPU Y CPU Z wakeup t0 set list A->B->C traverse A->B->C t0 exits destroy C wakeup t2 set list A->E wakeup t1 set list A->B->D traverse A->B->C panic CPU Z sets ->h_load_next list to A->B->D, but due to arm64 weaker memory ordering, Y may observe A->B before it sees B->D, then in this time window, it can traverse A->B->C and reach an invalid se. We can avoid stale pointer accesses by clearing ->h_load_next when unregistering cgroup. Suggested-by: Vincent Guittot <vincent.guittot(a)linaro.org> Fixes: 685207963be9 ("sched: Move h_load calculation to task_h_load()") Cc: <stable(a)vger.kernel.org> Co-developed-by: Cruz Zhao <CruzZhao(a)linux.alibaba.com> Signed-off-by: Cruz Zhao <CruzZhao(a)linux.alibaba.com> Signed-off-by: Peng Wang <peng_wang(a)linux.alibaba.com> --- kernel/sched/fair.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index cee1793e8277..a5fce15093d3 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -13427,6 +13427,14 @@ void unregister_fair_sched_group(struct task_group *tg) list_del_leaf_cfs_rq(cfs_rq); } remove_entity_load_avg(se); + /* + * Clear parent's h_load_next if it points to the + * sched_entity being freed to avoid stale pointer. + */ + struct cfs_rq *parent_cfs_rq = cfs_rq_of(se); + + if (READ_ONCE(parent_cfs_rq->h_load_next) == se) + WRITE_ONCE(parent_cfs_rq->h_load_next, NULL); } /* -- 2.27.0

5 days, 19 hours

2
4
0 0