- Linux-stable-mirror - lists.linaro.org

[REGRESSION] drm/amd/display: Radeon 840M/860M: bisected suspend crash

by ggo＠tuxedocomputers.com

Hi, I have discovered that two small form factor desktops with Ryzen AI 7 350 and Ryzen AI 5 340 crash when woken up from suspend. I can see how the LED on the USB mouse is switched on when I trigger a resume via keyboard button, but the display remains black. The kernel also no longer responds to Magic SysRq keys in this state. The problem affects all kernels after merge b50753547453 (v6.11.0). But this merge only adds PCI_DEVICE_ID_AMD_1AH_M60H_ROOT with commit 59c34008d (necessary to trigger this bug with Ryzen AI CPU). I cherry-picked this commit and continued searching. Which finally led me to commit f6098641d3e - drm/amd/display: fix s2idle entry for DCN3.5+ If I remove the code, which has changed somewhat in the meantime, then the suspend works without any problems. See the following patch. Regards, Georg diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index d3100f641ac6..76204ae70acc 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -3121,9 +3121,6 @@ static int dm_suspend(struct amdgpu_ip_block *ip_block) dc_set_power_state(dm->dc, DC_ACPI_CM_POWER_STATE_D3); - if (dm->dc->caps.ips_support && adev->in_s0ix) - dc_allow_idle_optimizations(dm->dc, true); - dc_dmub_srv_set_power_state(dm->dc->ctx->dmub_srv, DC_ACPI_CM_POWER_STATE_D3); return 0;

2 hours, 6 minutes

3
2
0 0

[PATCH 1/4] mm/shmem, swap: improve cached mTHP handling and fix potential hung

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve the performance, as it avoided two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Cc: stable(a)vger.kernel.org Fixes: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index eda35be2a8d9..4e7ef343a29b 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struct folio *folio, pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struct folio *folio, gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } -- 2.50.0

2 hours, 11 minutes

3
3
0 0

+ ocfs2-reset-folio-to-null-when-get-folio-fails.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: reset folio to NULL when get folio fails has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-reset-folio-to-null-when-get-folio-fails.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lizhi Xu <lizhi.xu(a)windriver.com> Subject: ocfs2: reset folio to NULL when get folio fails Date: Mon, 16 Jun 2025 09:31:40 +0800 The reproducer uses FAULT_INJECTION to make memory allocation fail, which causes __filemap_get_folio() to fail, when initializing w_folios[i] in ocfs2_grab_folios_for_write(), it only returns an error code and the value of w_folios[i] is the error code, which causes ocfs2_unlock_and_free_folios() to recycle the invalid w_folios[i] when releasing folios. Link: https://lkml.kernel.org/r/20250616013140.3602219-1-lizhi.xu@windriver.com Reported-by: syzbot+c2ea94ae47cd7e3881ec(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c2ea94ae47cd7e3881ec Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ocfs2/aops.c~ocfs2-reset-folio-to-null-when-get-folio-fails +++ a/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(s if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } _ Patches currently in -mm which might be from lizhi.xu(a)windriver.com are ocfs2-reset-folio-to-null-when-get-folio-fails.patch

3 hours, 4 minutes

1
0
0 0

[PATCH 5.10 v2 00/16] ITS mitigation for 5.10

by Pawan Gupta

v2: - Fixed the sign-offs. v1: https://lore.kernel.org/stable/20250610-its-5-10-v1-0-64f0ae98c98d@linux.in… This is the backport for Indirect Target Selection(ITS) mitigation for 5.10. This is only boot tested, so sending it as an RFC for now. I hope some bot picks this up for some at-scale testing. Meanwhile I am doing basic tests around ITS mitigation. In addition to commits in 5.15 ITS backport, below commits are required to make the ITS mitigation work on 5.10. These are the prime target of scrutiny: x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/alternatives: Introduce int3_emulate_jcc() x86/bhi: Define SPEC_CTRL_BHI_DIS_S --- Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Daniel Sneddon (1): x86/bhi: Define SPEC_CTRL_BHI_DIS_S Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Pawan Gupta (7): Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Fix undefined reference to cpu_wants_rethunk_at() x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs Peter Zijlstra (4): x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++ Documentation/admin-guide/kernel-parameters.txt | 15 + arch/x86/Kconfig | 11 + arch/x86/include/asm/alternative.h | 26 ++ arch/x86/include/asm/cpufeatures.h | 6 +- arch/x86/include/asm/msr-index.h | 13 +- arch/x86/include/asm/nospec-branch.h | 11 + arch/x86/include/asm/text-patching.h | 31 +++ arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++++++- arch/x86/kernel/cpu/common.c | 63 ++++- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/kprobes/core.c | 39 +-- arch/x86/kernel/module.c | 14 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 8 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 +++ arch/x86/net/bpf_jit_comp.c | 8 +- drivers/base/cpu.c | 8 + include/linux/cpu.h | 2 + include/linux/module.h | 5 + 25 files changed, 842 insertions(+), 73 deletions(-) --- base-commit: 01e7e36b8606e5d4fddf795938010f7bfa3aa277 change-id: 20250617-its-5-10-43d1e195b345

3 hours, 34 minutes

1
16
0 0

[PATCH v6 1/4] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v5 and v6: - Incorporate review comments from John: - Rebase patches on 6.17/scsi-queue Changes between v4 and v5: - Incorporate review comments from John: - Refactor patches Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fdls.h | 1 + 3 files changed, 87 insertions(+), 29 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index f8ab69c51dab..36b498ad55b4 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2245,6 +2267,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = timer_container_of(fabric, t, @@ -2291,14 +2328,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3716,11 +3746,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3730,10 +3781,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic.h b/drivers/scsi/fnic/fnic.h index 6c5f6046b1f5..86e293ce530d 100644 --- a/drivers/scsi/fnic/fnic.h +++ b/drivers/scsi/fnic/fnic.h @@ -30,7 +30,7 @@ #define DRV_NAME "fnic" #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" -#define DRV_VERSION "1.8.0.0" +#define DRV_VERSION "1.8.0.1" #define PFX DRV_NAME ": " #define DFX DRV_NAME "%d: " diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

3 hours, 48 minutes

1
1
0 0

[PATCH 5.15] xfs: allow inode inactivation during a ro mount log recovery

by Amir Goldstein

From: "Darrick J. Wong" <djwong(a)kernel.org> [ Upstream commit 76e589013fec672c3587d6314f2d1f0aeddc26d9 ] In the next patch, we're going to prohibit log recovery if the primary superblock contains an unrecognized rocompat feature bit even on readonly mounts. This requires removing all the code in the log mounting process that temporarily disables the readonly state. Unfortunately, inode inactivation disables itself on readonly mounts. Clearing the iunlinked lists after log recovery needs inactivation to run to free the unreferenced inodes, which (AFAICT) is the only reason why log mounting plays games with the readonly state in the first place. Therefore, change the inactivation predicates to allow inactivation during log recovery of a readonly mount. Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Stable-dep-of: 74ad4693b647 ("xfs: fix log recovery when unknown rocompat bits are set") Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- Sasha, This 5.15 backport is needed to fix a regression introduced to test generic/417 in kernel v5.15.176. With this backport, kernel v5.15.185 passed the fstests quick run. As you may have noticed, 5.15.y (and 5.10.y) are not being actively maintained by xfs stable maintainer who moved their focus to 6.*.y LTS kernels. The $SUBJECT commit is a dependency of commit 74ad4693b647, as hinted by the wording: "In the next patch, we're going to... This requires...". Indeed, Leah has backported commit 74ad4693b647 to 6.1.y along with its dependency, yet somehow, commit 74ad4693b647 found its way to v5.15.176, without the dependency and without the xfs stable review process. Judging by the line: Stable-dep-of: 652f03db897b ("xfs: remove unknown compat feature check in superblock write validation") that exists only in the 5.15.y tree, I deduce that your bot has auto selected this patch in the process of backporting the commit 652f03db897b, which was explicitly marked for stable v4.19+ [1]. I don't know if there is a lesson to be learned from this incident. Applying xfs backports without running fstests regression is always going to be a gamble. I will leave it up to you to decide if anything in the process of applying xfs patches to <= v5.15.y needs to change. Thanks, Amir. [1] https://lore.kernel.org/linux-xfs/ZzFon-0VbKscbGMT@localhost.localdomain/ fs/xfs/xfs_inode.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 3b36d5569d15..98955cd0de40 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -32,6 +32,7 @@ #include "xfs_symlink.h" #include "xfs_trans_priv.h" #include "xfs_log.h" +#include "xfs_log_priv.h" #include "xfs_bmap_btree.h" #include "xfs_reflink.h" #include "xfs_ag.h" @@ -1678,8 +1679,11 @@ xfs_inode_needs_inactive( if (VFS_I(ip)->i_mode == 0) return false; - /* If this is a read-only mount, don't do this (would generate I/O) */ - if (xfs_is_readonly(mp)) + /* + * If this is a read-only mount, don't do this (would generate I/O) + * unless we're in log recovery and cleaning the iunlinked list. + */ + if (xfs_is_readonly(mp) && !xlog_recovery_needed(mp->m_log)) return false; /* If the log isn't running, push inodes straight to reclaim. */ @@ -1739,8 +1743,11 @@ xfs_inactive( mp = ip->i_mount; ASSERT(!xfs_iflags_test(ip, XFS_IRECOVERY)); - /* If this is a read-only mount, don't do this (would generate I/O) */ - if (xfs_is_readonly(mp)) + /* + * If this is a read-only mount, don't do this (would generate I/O) + * unless we're in log recovery and cleaning the iunlinked list. + */ + if (xfs_is_readonly(mp) && !xlog_recovery_needed(mp->m_log)) goto out; /* Metadata inodes require explicit resource cleanup. */ -- 2.47.1

3 hours, 58 minutes

2
1
0 0

[PATCH] usb: cdnsp: Fix issue with CV Bad Descriptor test

by Pawel Laszczak

The SSP2 controller has extra endpoint state preserve bit (ESP) which setting causes that endpoint state will be preserved during Halt Endpoint command. It is used only for EP0. Without this bit the Command Verifier "TD 9.10 Bad Descriptor Test" failed. Setting this bit doesn't have any impact for SSP controller. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-debug.h | 5 +++-- drivers/usb/cdns3/cdnsp-ep0.c | 17 ++++++++++++++--- drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-debug.h b/drivers/usb/cdns3/cdnsp-debug.h index cd138acdcce1..86860686d836 100644 --- a/drivers/usb/cdns3/cdnsp-debug.h +++ b/drivers/usb/cdns3/cdnsp-debug.h @@ -327,12 +327,13 @@ static inline const char *cdnsp_decode_trb(char *str, size_t size, u32 field0, case TRB_RESET_EP: case TRB_HALT_ENDPOINT: ret = scnprintf(str, size, - "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c", + "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c %c", cdnsp_trb_type_string(type), ep_num, ep_id % 2 ? "out" : "in", TRB_TO_EP_INDEX(field3), field1, field0, TRB_TO_SLOT_ID(field3), - field3 & TRB_CYCLE ? 'C' : 'c'); + field3 & TRB_CYCLE ? 'C' : 'c', + field3 & TRB_ESP ? 'P' : 'p'); break; case TRB_STOP_RING: ret = scnprintf(str, size, diff --git a/drivers/usb/cdns3/cdnsp-ep0.c b/drivers/usb/cdns3/cdnsp-ep0.c index f317d3c84781..567ccfdecded 100644 --- a/drivers/usb/cdns3/cdnsp-ep0.c +++ b/drivers/usb/cdns3/cdnsp-ep0.c @@ -414,6 +414,7 @@ static int cdnsp_ep0_std_request(struct cdnsp_device *pdev, void cdnsp_setup_analyze(struct cdnsp_device *pdev) { struct usb_ctrlrequest *ctrl = &pdev->setup; + struct cdnsp_ep *pep; int ret = -EINVAL; u16 len; @@ -428,9 +429,19 @@ void cdnsp_setup_analyze(struct cdnsp_device *pdev) } /* Restore the ep0 to Stopped/Running state. */ - if (pdev->eps[0].ep_state & EP_HALTED) { - trace_cdnsp_ep0_halted("Restore to normal state"); - cdnsp_halt_endpoint(pdev, &pdev->eps[0], 0); + if (pep->ep_state & EP_HALTED) { + /* + * Halt Endpoint Command for SSP2 for ep0 preserve current + * endpoint state and driver has to synchronise the + * software endpointp state with endpoint output context + * state. + */ + if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_HALTED) { + cdnsp_halt_endpoint(pdev, pep, 0); + } else { + pep->ep_state &= ~EP_HALTED; + pep->ep_state |= EP_STOPPED; + } } /* diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 2afa3e558f85..c26abef6e1c9 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -987,6 +987,9 @@ enum cdnsp_setup_dev { #define STREAM_ID_FOR_TRB(p) ((((p)) << 16) & GENMASK(31, 16)) #define SCT_FOR_TRB(p) (((p) << 1) & 0x7) +/* Halt Endpoint Command TRB field. */ +#define TRB_ESP BIT(9) + /* Link TRB specific fields. */ #define TRB_TC BIT(1) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..d397d28efc6e 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -2483,7 +2483,8 @@ void cdnsp_queue_halt_endpoint(struct cdnsp_device *pdev, unsigned int ep_index) { cdnsp_queue_command(pdev, 0, 0, 0, TRB_TYPE(TRB_HALT_ENDPOINT) | SLOT_ID_FOR_TRB(pdev->slot_id) | - EP_ID_FOR_TRB(ep_index)); + EP_ID_FOR_TRB(ep_index) | + (!ep_index ? TRB_ESP : 0)); } void cdnsp_force_header_wakeup(struct cdnsp_device *pdev, int intf_num) -- 2.43.0

4 hours, 24 minutes

3
2
0 0

+ fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Date: Tue, 17 Jun 2025 16:35:32 +0200 is_zero_pfn() does not work for the huge zero folio. Fix it by using is_huge_zero_pmd(). This can cause the PAGEMAP_SCAN ioctl against /proc/pid/pagemap to omit pages. Found by code inspection. Link: https://lkml.kernel.org/r/20250617143532.2375383-1-david@redhat.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio +++ a/fs/proc/task_mmu.c @@ -2182,7 +2182,7 @@ static unsigned long pagemap_thp_categor categories |= PAGE_IS_FILE; } - if (is_zero_pfn(pmd_pfn(pmd))) + if (is_huge_zero_pmd(pmd)) categories |= PAGE_IS_PFNZERO; if (pmd_soft_dirty(pmd)) categories |= PAGE_IS_SOFT_DIRTY; _ Patches currently in -mm which might be from david(a)redhat.com are mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

4 hours, 47 minutes

1
0
0 0

FAILED: patch "[PATCH] kbuild: hdrcheck: fix cross build with clang" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 02e9a22ceef0227175e391902d8760425fa072c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061706-stylishly-ravioli-ffa1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02e9a22ceef0227175e391902d8760425fa072c6 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Tue, 25 Feb 2025 11:00:31 +0100 Subject: [PATCH] kbuild: hdrcheck: fix cross build with clang The headercheck tries to call clang with a mix of compiler arguments that don't include the target architecture. When building e.g. x86 headers on arm64, this produces a warning like clang: warning: unknown platform, assuming -mfloat-abi=soft Add in the KBUILD_CPPFLAGS, which contain the target, in order to make it build properly. See also 1b71c2fb04e7 ("kbuild: userprogs: fix bitsize and target detection on clang"). Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> diff --git a/usr/include/Makefile b/usr/include/Makefile index 6c6de1b1622b..e3d6b03527fe 100644 --- a/usr/include/Makefile +++ b/usr/include/Makefile @@ -10,7 +10,7 @@ UAPI_CFLAGS := -std=c90 -Wall -Werror=implicit-function-declaration # In theory, we do not care -m32 or -m64 for header compile tests. # It is here just because CONFIG_CC_CAN_LINK is tested with -m32 or -m64. -UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) +UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # USERCFLAGS might contain sysroot location for CC. UAPI_CFLAGS += $(USERCFLAGS)

4 hours, 50 minutes

2
1
0 0

FAILED: patch "[PATCH] kbuild: userprogs: fix bitsize and target detection on clang" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1b71c2fb04e7a713abc6edde4a412416ff3158f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061733-fineness-scale-bebf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b71c2fb04e7a713abc6edde4a412416ff3158f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Thu, 13 Feb 2025 15:55:17 +0100 Subject: [PATCH] kbuild: userprogs: fix bitsize and target detection on clang MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit scripts/Makefile.clang was changed in the linked commit to move --target from KBUILD_CFLAGS to KBUILD_CPPFLAGS, as that generally has a broader scope. However that variable is not inspected by the userprogs logic, breaking cross compilation on clang. Use both variables to detect bitsize and target arguments for userprogs. Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index 52207bcb1a9d..272db408be5c 100644 --- a/Makefile +++ b/Makefile @@ -1120,8 +1120,8 @@ LDFLAGS_vmlinux += --orphan-handling=$(CONFIG_LD_ORPHAN_WARN_LEVEL) endif # Align the bit size of userspace programs with the kernel -KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) -KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) +KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) +KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # make the checker run with the right architecture CHECKFLAGS += --arch=$(ARCH)

5 hours, 2 minutes

2
1
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Wed, 18 Jun 2025 02:35:00 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in". The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (36 samples each): Before: avg: 11.23s, stddev: 0.06 After patch 1: avg: 10.92s, stddev: 0.05 After patch 2: avg: 10.93s, stddev: 0.15 After patch 3: avg: 10.07s, stddev: 0.09 After patch 4: avg: 10.09s, stddev: 0.08 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 samples each): Before: system time avg: 3945.25s After patch 1: system time avg: 3903.21s After patch 2: system time avg: 3914.76s After patch 3: system time avg: 3907.41s After patch 4: system time avg: 3876.24s Slightly better than noise level given the number of samples. Two of the patches in this series come from the swap table series [1], and it is worth noting that the performance gain of this series is independent of the swap table series, we'll see another bigger performance gain and reduction of memory usage after the swap table series. I found these issues while trying to split the shmem changes out of the swap table series for easier reviewing, and found several more issues while doing stress tests for performance comparision. Barry also mentioned that CONFIG_TRANSPARENT_HUGEPAGE may have redundant checks [2] and I managed to clean them up properly too. No issue is found with a few days of stress testing. This patch (of 4): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve the performance, as it avoided two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250617183503.10527-1-ryncsn@gmail.com Link: https://lore.kernel.org/linux-mm/20250514201729.48420-1-ryncsn@gmail.com/ [1] Link: https://lore.kernel.org/linux-mm/CAMgjq7AsKFz7UN+seR5atznE_RBTDC9qjDmwN5saM… [2] Link: https://lkml.kernel.org/r/20250617183503.10527-2-ryncsn@gmail.com Fixes: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch mm-shmem-swap-fix-softlockup-with-mthp-swapin-v3.patch mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

5 hours, 19 minutes

1
0
0 0

[PATCH net] can: tcan4x5x: fix power regulator retrieval during probe

by Marc Kleine-Budde

From: Brett Werling <brett.werling(a)garmin.com> Fixes the power regulator retrieval in tcan4x5x_can_probe() by ensuring the regulator pointer is not set to NULL in the successful return from devm_regulator_get_optional(). Fixes: 3814ca3a10be ("can: tcan4x5x: tcan4x5x_can_probe(): turn on the power before parsing the config") Signed-off-by: Brett Werling <brett.werling(a)garmin.com> Link: https://patch.msgid.link/20250612191825.3646364-1-brett.werling@garmin.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/m_can/tcan4x5x-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/can/m_can/tcan4x5x-core.c b/drivers/net/can/m_can/tcan4x5x-core.c index e5c162f8c589..8edaa339d590 100644 --- a/drivers/net/can/m_can/tcan4x5x-core.c +++ b/drivers/net/can/m_can/tcan4x5x-core.c @@ -411,10 +411,11 @@ static int tcan4x5x_can_probe(struct spi_device *spi) priv = cdev_to_priv(mcan_class); priv->power = devm_regulator_get_optional(&spi->dev, "vsup"); - if (PTR_ERR(priv->power) == -EPROBE_DEFER) { - ret = -EPROBE_DEFER; - goto out_m_can_class_free_dev; - } else { + if (IS_ERR(priv->power)) { + if (PTR_ERR(priv->power) == -EPROBE_DEFER) { + ret = -EPROBE_DEFER; + goto out_m_can_class_free_dev; + } priv->power = NULL; } base-commit: 7b4ac12cc929e281cf7edc22203e0533790ebc2b -- 2.47.2

5 hours, 22 minutes

2
1
0 0

[tip: x86/urgent] x86/mm: Disable INVLPGB when PTI is enabled

by tip-bot2 for Dave Hansen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 94a17f2dc90bc7eae36c0f478515d4bd1c23e877 Gitweb: https://git.kernel.org/tip/94a17f2dc90bc7eae36c0f478515d4bd1c23e877 Author: Dave Hansen <dave.hansen(a)linux.intel.com> AuthorDate: Tue, 10 Jun 2025 15:24:20 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 17 Jun 2025 15:36:57 -07:00 x86/mm: Disable INVLPGB when PTI is enabled PTI uses separate ASIDs (aka. PCIDs) for kernel and user address spaces. When the kernel needs to flush the user address space, it just sets a bit in a bitmap and then flushes the entire PCID on the next switch to userspace. This bitmap is a single 'unsigned long' which is plenty for all 6 dynamic ASIDs. But, unfortunately, the INVLPGB support brings along a bunch more user ASIDs, as many as ~2k more. The bitmap can't address that many. Fortunately, the bitmap is only needed for PTI and all the CPUs with INVLPGB are AMD CPUs that aren't vulnerable to Meltdown and don't need PTI. The only way someone can run into an issue in practice is by booting with pti=on on a newer AMD CPU. Disable INVLPGB if PTI is enabled. Avoid overrunning the small bitmap. Note: this will be fixed up properly by making the bitmap bigger. For now, just avoid the mostly theoretical bug. Fixes: 4afeb0ed1753 ("x86/mm: Enable broadcast TLB invalidation for multi-threaded processes") Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Rik van Riel <riel(a)surriel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250610222420.E8CBF472%40davehans-spike.ostc.i… --- arch/x86/mm/pti.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 1902998..c0c40b6 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -98,6 +98,11 @@ void __init pti_check_boottime_disable(void) return; setup_force_cpu_cap(X86_FEATURE_PTI); + + if (cpu_feature_enabled(X86_FEATURE_INVLPGB)) { + pr_debug("PTI enabled, disabling INVLPGB\n"); + setup_clear_cpu_cap(X86_FEATURE_INVLPGB); + } } static int __init pti_parse_cmdline(char *arg)

5 hours, 34 minutes

1
0
0 0

temporary hung tasks on XFS since updating to 6.6.92

by Christian Theune

Hi, in the last week, after updating to 6.6.92, we’ve encountered a number of VMs reporting temporarily hung tasks blocking the whole system for a few minutes. They unblock by themselves and have similar tracebacks. The IO PSIs show 100% pressure for that time, but the underlying devices are still processing read and write IO (well within their capacity). I’ve eliminated the underlying storage (Ceph) as the source of problems as I couldn’t find any latency outliers or significant queuing during that time. I’ve seen somewhat similar reports on 6.6.88 and 6.6.77, but those might have been different outliers. I’m attaching 3 logs - my intuition and the data so far leads me to consider this might be a kernel bug. I haven’t found a way to reproduce this, yet. Regards, Christian -- Christian Theune · ct(a)flyingcircus.io · +49 345 219401 0 Flying Circus Internet Operations GmbH · https://flyingcircus.io Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick

5 hours, 54 minutes

3
9
0 0

[PATCH v2 0/3] soc: qcom: mdt_loader: Validation and cleanup fixes

by Bjorn Andersson

Signed-off-by: Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> --- Changes in v2: - Validate e_phentsize and and e_shentsize as well --- Bjorn Andersson (3): soc: qcom: mdt_loader: Ensure we don't read past the ELF header soc: qcom: mdt_loader: Rename mdt_phdr_valid() soc: qcom: mdt_loader: Actually use the e_phoff drivers/soc/qcom/mdt_loader.c | 63 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 53 insertions(+), 10 deletions(-) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250604-mdt-loader-validation-and-fixes-5c3267f5b19f Best regards, -- Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>

6 hours, 51 minutes

3
3
0 0

[PATCH 6.6 000/356] 6.6.94-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.94 release. There are 356 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Jun 2025 15:22:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.94-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.94-rc1 I Hsin Cheng <richard120310(a)gmail.com> drm/meson: Use 1000ULL when operating with mode->clock Oliver Neukum <oneukum(a)suse.com> net: usb: aqc111: debug info before sanitation Nícolas F. R. A. Prado <nfraprado(a)collabora.com> regulator: dt-bindings: mt6357: Drop fixed compatible requirement Eric Dumazet <edumazet(a)google.com> calipso: unlock rcu before returning -EAFNOSUPPORT Thomas Gleixner <tglx(a)linutronix.de> x86/iopl: Cure TIF_IO_BITMAP inconsistencies Stefano Stabellini <stefano.stabellini(a)amd.com> xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Flush altsetting 0 endpoints before reinitializating them after reset. Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting USB 3.2 speed Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting command completion event Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Oleg Nesterov <oleg(a)redhat.com> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "io_uring: ensure deferred completions are posted for multishot" Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jens Axboe <axboe(a)kernel.dk> io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT Jens Axboe <axboe(a)kernel.dk> io_uring: add io_file_can_poll() helper Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() David Heimann <d(a)dmeh.net> ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Suleiman Souhlal <suleiman(a)google.com> tools/resolve_btfids: Fix build when cross compiling kernel with clang. Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Fix bvec_set_folio() for very large folios Matthew Wilcox (Oracle) <willy(a)infradead.org> bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP Peter Zijlstra <peterz(a)infradead.org> perf: Ensure bpf_perf_link path is properly serialized Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: access fcpreq only when holding reqlock Zijun Hu <quic_zijuhu(a)quicinc.com> fs/filesystems: Fix potential unsigned integer underflow in fs_name() Eric Dumazet <edumazet(a)google.com> net_sched: ets: fix a race in ets_qdisc_change() Eric Dumazet <edumazet(a)google.com> net_sched: tbf: fix a race in tbf_change() Eric Dumazet <edumazet(a)google.com> net_sched: red: fix a race in __red_change() Eric Dumazet <edumazet(a)google.com> net_sched: prio: fix a race in prio_tune() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix leak of Geneve TLV option object Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix return value when searching for existing flow group Amir Tzin <amirtz(a)nvidia.com> net/mlx5: Fix ECVF vports unload on shutdown flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Ensure fw pages are always allocated on same NUMA Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix sparse errors Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix NULL pointer deference on eir_get_service_data Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds read/write access Carlos Fernandez <carlos.fernandez(a)technica-engineering.de> macsec: MACsec SCI assignment for ES = 0 Michal Luczaj <mhal(a)rbox.co> net: Fix TOCTOU issue in sk_is_readable() Yunhui Cui <cuiyunhui(a)bytedance.com> ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Robert Malz <robert.malz(a)canonical.com> i40e: retry VFLR handling if there is ongoing VF reset Robert Malz <robert.malz(a)canonical.com> i40e: return false from i40e_reset_vf if reset is in progress Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix more rounding issues with 59.94Hz modes Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use vclk_freq instead of pixel_freq in debug print Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix debug log statement when setting the HDMI clocks Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use unsigned long long / Hz for frequency types Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: fix a potential crash on gso_skb handling Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: iscsi: Fix incorrect error path labels for flashnode operations Wojciech Slenska <wojciech.slenska(a)gmail.com> pinctrl: qcom: pinctrl-qcm2290: Add missing pins Dan Carpenter <dan.carpenter(a)linaro.org> regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't wait when there is no vdev started Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() Easwar Hariharan <eahariha(a)linux.microsoft.com> wifi: ath11k: convert timeouts to secs_to_jiffies() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: fix soc_dp_stats debugfs file permission Caleb Connolly <caleb.connolly(a)linaro.org> ath10k: snoc: fix unbalanced IRQ enable in crash recovery Jeongjun Park <aha310510(a)gmail.com> ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Protect mgmt_pending list with its own lock Dr. David Alan Gilbert <linux(a)treblig.org> Bluetooth: MGMT: Remove unused mgmt_pending_find_data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: fix list_for_each_entry_rcu usage Sanjeev Yadav <sanjeev.y(a)mediatek.com> scsi: core: ufs: Fix a hang in the error handler Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Beleswar Padhi <b-padhi(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Vaishnav Achath <vaishnav.a(a)ti.com> arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Fix sdhci node properties Andrey Konovalov <andreyknvl(a)gmail.com> kasan: use unchecked __memset internally Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics-rmi - fix crash with unsupported versions of F34 Dan Carpenter <dan.carpenter(a)linaro.org> pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Jakob Unterwurzacher <jakobunt(a)gmail.com> net: dsa: microchip: linearize skb for tail-tagging switches Pieter Van Trappen <pieter.van.trappen(a)cern.ch> net: dsa: microchip: update tag_ksz masks for KSZ9477 family Al Viro <viro(a)zeniv.linux.org.uk> do_change_type(): refuse to operate on unmounted/not ours mounts Al Viro <viro(a)zeniv.linux.org.uk> fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) Al Viro <viro(a)zeniv.linux.org.uk> path_overmount(): avoid false negatives Yuuki NAGAO <wf.yn386(a)gmail.com> ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Verify content returned by parse_int_array() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: hda: Fix RPM usage count underflow Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Ido Schimmel <idosch(a)nvidia.com> seg6: Fix validation of nexthop addresses Mirco Barone <mirco.barone(a)polito.it> wireguard: device: enable threaded NAPI Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not enable RGMII delay on bcm63xx Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: also check reverse tuple to obtain clashing entry Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: correctly report gso type for UDP tunnels Jinjian Song <jinjian.song(a)fibocom.com> net: wwan: t7xx: Fix napi rx poll issue Shiming Cheng <shiming.cheng(a)mediatek.com> net: fix udp gso skb_segment after pull from frag_list Paul Chaignon <paul.chaignon(a)gmail.com> net: Fix checksum update for ILA adj-transport Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: tag_brcm: legacy: fix pskb_may_pull length Michal Kubiak <michal.kubiak(a)intel.com> ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Kubiak <michal.kubiak(a)intel.com> ice: create new Tx scheduler nodes for new queues only Michal Kubiak <michal.kubiak(a)intel.com> ice: fix Tx scheduler error handling in XDP callback Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix shared reset Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-spi: fix shared reset Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Make sure to insert the vlan tags also in host mode Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4_en: Prevent potential integer overflow calculating Hz Yanqing Wang <ot_yanqing.wang(a)mediatek.com> driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Charalampos Mitrodimas <charmitro(a)posteo.net> net: tipc: fix refcount warning in tipc_aead_encrypt Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt Quentin Schulz <quentin.schulz(a)cherry.de> net: stmmac: platform: guarantee uniqueness of bus_id Nicolas Pitre <npitre(a)baylibre.com> vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: prevent deactivate active config while enabling the config Qasim Ijaz <qasdev00(a)gmail.com> fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> counter: interrupt-cnt: Protect enable/disable OPs with mutex WangYuli <wangyuli(a)uniontech.com> MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix 3dB filter frequency reading Brian Pellegrino <bpellegrino(a)arka.org> iio: filter: admv8818: Support frequencies >= 2^32 Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix range calculation Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix integer overflow Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix band 4, state 15 Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Fix a logic error in wake on connect Henry Martin <bsdhenrymartin(a)gmail.com> serial: Fix potential null-ptr-deref in mlb_usio_probe() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> usb: renesas_usbhs: Reorder clock handling and power management in probe Liu Dalin <liudalin(a)kylinsec.com.cn> rtc: loongson: Add missing alarm notifications for ACPI RTC events Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Initialize aer_err_info before using it Henry Martin <bsdhenrymartin(a)gmail.com> dmaengine: ti: Add NULL check in udma_probe() Chenyuan Yang <chenyuan0y(a)gmail.com> phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Mario Limonciello <mario.limonciello(a)amd.com> PCI: Explicitly put devices into D0 when initializing Hector Martin <marcan(a)marcan.st> PCI: apple: Use gpiod_set_value_cansleep in probe flow Hans Zhang <18255117159(a)163.com> PCI: cadence: Fix runtime atomic count underflow Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: sh: assign correct interrupts with DT Pali Rohár <pali(a)kernel.org> cifs: Fix validation of SMB1 query reparse point response Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when remounting nfs Li Lingfeng <lilingfeng3(a)huawei.com> nfs: clear SB_RDONLY before getting superblock Anubhav Shelat <ashelat(a)redhat.com> perf trace: Always print return value for syscalls returning a pid Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf record: Fix incorrect --user-regs comments Leo Yan <leo.yan(a)arm.com> perf tests switch-tracking: Fix timestamp comparison Alexey Gladkov <legion(a)kernel.org> mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Dan Carpenter <dan.carpenter(a)linaro.org> rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Dan Carpenter <dan.carpenter(a)linaro.org> remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe Adrian Hunter <adrian.hunter(a)intel.com> perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix PEBS-via-PT data_src Namhyung Kim <namhyung(a)kernel.org> perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: make corrupting read bios work Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: error all IOs when num_features is absent Alexei Safin <a.safin(a)rosa.ru> hwmon: (asus-ec-sensors) check sensor index in read_string() Mikhail Arkhipov <m.arhipov(a)rosa.ru> mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Henry Martin <bsdhenrymartin(a)gmail.com> backlight: pm8941: Add NULL check in wled_configure() Benjamin Marzinski <bmarzins(a)redhat.com> dm: free table mempools if not used in __bind Benjamin Marzinski <bmarzins(a)redhat.com> dm: don't change md if dm_table_set_restrictions() fails Arnaldo Carvalho de Melo <acme(a)redhat.com> perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Warn when libdebuginfod devel files are not available Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Fix attribute addition Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Remove bogus void member Sergey Shtylyov <s.shtylyov(a)omp.ru> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Henry Martin <bsdhenrymartin(a)gmail.com> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() Su Hui <suhui(a)nfschina.com> soc: aspeed: lpc: Fix impossible judgment condition Joel Stanley <joel(a)jms.id.au> ARM: aspeed: Don't select SRAM Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Rename RTC node to match binding expectations Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Vignesh Raman <vignesh.raman(a)collabora.com> arm64: defconfig: mediatek: enable PHY drivers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: add missing clocks to the timer node Andre Przywara <andre.przywara(a)arm.com> dt-bindings: vendor-prefixes: Add Liontron name Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: fix double-free on mc_dev Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Wentao Liang <vulab(a)iscas.ac.cn> nilfs2: add pointer check for nilfs_direct_propagate() Murad Masimov <m.masimov(a)mt-integration.ru> ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena <p-mantena(a)ti.com> arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Drop remaining serial clock-names and reset-names Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Update eMMC for NanoPi R5 series Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Add missing 'compatible' property to regulators node Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix RTC capacitive load Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: at91sam9263: fix NAND chip selects Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Xilin Wu <wuxilin123(a)gmail.com> arm64: dts: qcom: sm8250: Fix CPU7 opp table Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: refactor node order Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove wifi Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to correct check conditions in f2fs_cross_rename Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: use d_inode(dentry) cleanup dentry->d_inode Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Faicker Mo <faicker.mo(a)zenlayer.com> net: openvswitch: Fix the dead loop of MPLS parse Kuniyuki Iwashima <kuniyu(a)amazon.com> calipso: Don't call calipso functions for AF_INET sk. Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Fix memory leak when using one step timestamping Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: phy: fix up const issues in to_mdio_device() and to_phy_device() Wei Fang <wei.fang(a)nxp.com> net: phy: clear phydev->devlink when the link is deleted KaFai Wan <mannkafai(a)gmail.com> bpf: Avoid __bpf_prog_ret0_warn when jit fails Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 Jack Morgenstein <jackm(a)nvidia.com> RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: aqc111: fix error handling of usbnet read calls Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: lock the correct mp_state during reset Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_tunnel: fix geneve_opt dump Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Avoid using sk_socket after free when sending Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Li RongQing <lirongqing(a)baidu.com> vfio/type1: Fix error unwind in migration dirty bitmap allocation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix RX buffer size of MCU event Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: set EHT max ampdu length capability Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() Michal Koutný <mkoutny(a)suse.com> kernfs: Relax constraint in draining guard ping.gao <ping.gao(a)samsung.com> scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Toke Høiland-Jørgensen <toke(a)toke.dk> wifi: ath9k_htc: Abort software beacon handling if disabled Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix live migration function without VF device driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: add eq and aeq interruption restore Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: fix XQE dma address error Rajat Soni <quic_rajson(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Rolf Eike Beer <eb(a)emlix.com> iommu: remove duplicate selection of DMAR_TABLE Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Store backchain even for leaf progs Vincent Knecht <vincent.knecht(a)mailoo.org> clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Tao Chen <chen.dylane(a)linux.dev> bpf: Fix WARN() in get_bpf_raw_tp_regs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in nlattr Jiayuan Chen <jiayuan.chen(a)linux.dev> ktls, sockmap: Fix missing uncharge operation Miaoqian Lin <linmq006(a)gmail.com> tracing: Fix error handling in event_trigger_parse() Steven Rostedt <rostedt(a)goodmis.org> tracing: Rename event_trigger_alloc() to trigger_data_alloc() Hans Zhang <18255117159(a)163.com> efi/libstub: Describe missing 'out' parameter in efi_load_initrd Henry Martin <bsdhenrymartin(a)gmail.com> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs Steven Rostedt <rostedt(a)goodmis.org> tracing: Move histogram trigger variables from stack to per CPU structure Anton Protopopov <a.s.protopopov(a)gmail.com> bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Zhongqiu Duan <dzq.aishenghu0(a)gmail.com> netfilter: nft_quota: match correctly when the quota just depleted Huajian Yang <huajianyang(a)asrmicro.com> netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Lorenzo Bianconi <lorenzo(a)kernel.org> bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in linker Chao Yu <chao(a)kernel.org> f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Chao Yu <chao(a)kernel.org> f2fs: clean up w/ fscrypt_is_bounce_page() Hangbin Liu <liuhangbin(a)gmail.com> bonding: assign random address if device address is same as bond Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Protect against overflow in iommu_pgsize() Jonathan Wiepert <jonathan.wiepert(a)gmail.com> Use thread-safe function pointer in libbpf_print Tao Chen <chen.dylane(a)linux.dev> libbpf: Remove sample_period init in perf_buffer Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Maharaja Kennadyrajan <maharaja.kennadyrajan(a)oss.qualcomm.com> wifi: ath12k: fix node corruption in ar->arvifs list P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Add MSDU length validation for TKIP MIC error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: do not ignore hardware read error during DPK Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT Cosmin Ratiu <cratiu(a)nvidia.com> xfrm: Use xdo.dev instead of xdo.real_dev Viktor Malik <vmalik(a)redhat.com> libbpf: Fix buffer overflow in bpf_object__init_prog Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix GCPS 64-bit member variables Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sbi->total_valid_block_count Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Fix panic when calling skb_linearize Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: fix duplicated data transmission Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf: fix ktls panic with sockmap Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix bpf_nf selftest failure Jacob Moroni <jmoroni(a)google.com> IB/cm: use rwlock for MAD agent lock Stone Zhang <quic_stonez(a)quicinc.com> wifi: ath11k: fix node corruption in ar->arvifs list Roger Pau Monne <roger.pau(a)citrix.com> xen/x86: fix initial memory balloon target AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: Fix kobject put for component sub-drivers AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr Anand Moon <linux.amoon(a)gmail.com> perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Kees Cook <kees(a)kernel.org> scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Do not discard modified SVE state Huang Yiwei <quic_hyiwei(a)quicinc.com> firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Biju Das <biju.das.jz(a)bp.renesas.com> drm/tegra: rgb: Fix the unbound reference count Kees Cook <kees(a)kernel.org> drm/vkms: Adjust vkms_state->active_planes allocation type Biju Das <biju.das.jz(a)bp.renesas.com> drm: rcar-du: Fix memory leak in rcar_du_vsps_init() Neill Kapron <nkapron(a)google.com> selftests/seccomp: fix syscall_restart test for arm compat Kornel Dulęba <korneld(a)google.com> arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Miaoqian Lin <linmq006(a)gmail.com> firmware: psci: Fix refcount leak in psci_dt_init Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix macintosh_config for Mac II Kees Cook <kees(a)kernel.org> watchdog: exar: Shorten identity name to fit correctly Andrey Vatoropin <a.vatoropin(a)crpt.ru> fs/ntfs3: handle hdr_first_de() return value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Fix merging of FPSIMD state during signal return Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid RES0 bits in the SME trap handler Jonas Karlman <jonas(a)kwiboo.se> media: rkvdec: Fix frame size enumeration Charles Han <hanchunchao(a)inspur.com> drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Use return instead of assert Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Add seqno waiter for sync_files Martin Povišer <povik+lin(a)cutebit.org> ASoC: apple: mca: Constrain channels according to TDM mask Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix maximum DMA transfer size Armin Wolf <W_Armin(a)gmx.de> ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Print PM debug messages during hibernation Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Zijun Hu <quic_zijuhu(a)quicinc.com> PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() Kees Cook <kees(a)kernel.org> ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type Alexander Shiyan <eagle.alexander923(a)gmail.com> power: reset: at91-reset: Optimize at91_reset() Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: modify chip select (CS) deactivation Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: remove redundant error handling code Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: fix integer overflow in i{64,}toa_r() and Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Fix general protection fault Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Enable main IRQs Jemmy Wong <jemmywong512(a)gmail.com> tools/nolibc/types.h: fix mismatched parenthesis in minor() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Tzung-Bi Shih <tzungbi(a)kernel.org> kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - move fallback ahash_request to the end of the struct Herbert Xu <herbert(a)gondor.apana.org.au> crypto: xts - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lrw - Only add ecb if it is not already there Yongliang Gao <leonylgao(a)tencent.com> rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Qu Wenruo <wqu(a)suse.com> btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update device stats when an error is detected Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Avoid empty transfer descriptor Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Handle zero-length skcipher requests Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Sanitize CPUID(0x80000000) output Annie Li <jiayanli(a)google.com> x86/microcode/AMD: Do not return error when microcode update is not necessary Eddie James <eajames(a)linux.ibm.com> powerpc/crash: Fix non-smp kexec preparation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> powerpc: do not build ppc_save_regs.o always Corentin Labbe <clabbe.montjoie(a)gmail.com> crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Qing Wang <wangqing7171(a)gmail.com> perf/core: Fix broken throttling when max_samples_per_tick=1 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: gfs2_create_inode error handling fix Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() Andrew Cooper <andrew.cooper3(a)citrix.com> x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Fix error handling Aurabindo Pillai <aurabindo.pillai(a)amd.com> Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> dt-bindings: usb: cypress,hx3: Add support for all variants Sergey Senozhatsky <senozhatsky(a)chromium.org> thunderbolt: Do not double dequeue a configuration request Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix timeout value in get_stb Dustin Lundquist <dustin(a)null-ptr.net> serial: jsm: fix NPE during jsm_uart_port_init Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: hci_qca: move the SoC type check to the right place Qasim Ijaz <qasdev00(a)gmail.com> usb: typec: ucsi: fix Clang -Wsign-conversion warning Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li <lijiayi(a)kylinos.cn> usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Fix offset calculation for .start_secs < 0 Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Make rtc_time64_to_tm() support dates before 1970 Gautham R. Shenoy <gautham.shenoy(a)amd.com> acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: set GPIO output value before setting direction Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Pan Taixi <pantaixi(a)huaweicloud.com> tracing: Fix compilation warning on arm32 ------------- Diffstat: .../bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 +- .../regulator/mediatek,mt6357-regulator.yaml | 12 +- .../devicetree/bindings/usb/cypress,hx3.yaml | 19 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 +- arch/arm/boot/dts/microchip/tny_a9263.dts | 2 +- arch/arm/boot/dts/microchip/usb_a9263.dts | 4 +- arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 +- arch/arm/mach-aspeed/Kconfig | 1 - arch/arm64/Kconfig | 6 +- .../arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 + .../arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 + .../boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 - arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 ++--- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 -- arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 -- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 - .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 + .../arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 + .../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 +- .../r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 +- .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - .../arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 +- .../boot/dts/ti/k3-j721e-common-proc-board.dts | 1 + arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 ++++++++++++++- arch/arm64/configs/defconfig | 3 + arch/arm64/include/asm/esr.h | 12 +- arch/arm64/include/asm/fpsimd.h | 3 + arch/arm64/kernel/entry-common.c | 46 ++++- arch/arm64/kernel/fpsimd.c | 21 +- arch/arm64/xen/hypercall.S | 21 +- arch/m68k/mac/config.c | 2 +- .../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 + arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kexec/crash.c | 5 +- arch/powerpc/platforms/book3s/vas-api.c | 9 + arch/powerpc/platforms/powernv/memtrace.c | 8 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/net/bpf_jit_comp.c | 12 +- arch/x86/include/asm/mwait.h | 9 +- arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/microcode/core.c | 2 + arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/ioport.c | 13 +- arch/x86/kernel/process.c | 15 +- crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/acpi/acpica/exserial.c | 6 + drivers/acpi/apei/Kconfig | 1 + drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/cppc_acpi.c | 2 +- drivers/acpi/osi.c | 1 - drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 3 +- drivers/bluetooth/hci_qca.c | 14 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 6 +- drivers/clk/bcm/clk-raspberrypi.c | 2 + drivers/clk/qcom/camcc-sm6350.c | 18 ++ drivers/clk/qcom/dispcc-sm6350.c | 3 + drivers/clk/qcom/gcc-msm8939.c | 4 +- drivers/clk/qcom/gcc-sm6350.c | 6 + drivers/clk/qcom/gpucc-sm6350.c | 6 + drivers/counter/interrupt-cnt.c | 9 + drivers/cpufreq/acpi-cpufreq.c | 2 +- .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 +-- drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- .../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +- drivers/crypto/marvell/cesa/cipher.c | 3 + drivers/crypto/marvell/cesa/hash.c | 2 +- drivers/dma/ti/k3-udma.c | 3 +- drivers/edac/i10nm_base.c | 35 ++-- drivers/edac/skx_common.c | 1 + drivers/edac/skx_common.h | 11 +- drivers/firmware/Kconfig | 1 - drivers/firmware/arm_sdei.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 1 + drivers/firmware/psci/psci.c | 4 +- drivers/fpga/tests/fpga-mgr-test.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 + drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 ++- drivers/gpu/drm/meson/meson_drv.c | 2 +- drivers/gpu/drm/meson/meson_drv.h | 2 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 +-- drivers/gpu/drm/meson/meson_vclk.c | 226 +++++++++++--------- drivers/gpu/drm/meson/meson_vclk.h | 13 +- drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 +- drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 ++-- drivers/gpu/drm/vkms/vkms_crtc.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 +++ drivers/hid/hid-hyperv.c | 4 +- drivers/hid/usbhid/hid-core.c | 25 ++- drivers/hwmon/asus-ec-sensors.c | 4 + drivers/hwtracing/coresight/coresight-config.h | 2 +- drivers/hwtracing/coresight/coresight-syscfg.c | 49 +++-- drivers/iio/adc/ad7124.c | 4 +- drivers/iio/filter/admv8818.c | 230 ++++++++++++++++----- drivers/infiniband/core/cm.c | 16 +- drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 1 - drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 - drivers/infiniband/hw/mlx5/qpc.c | 30 ++- drivers/input/rmi4/rmi_f34.c | 133 ++++++------ drivers/iommu/Kconfig | 1 - drivers/iommu/iommu.c | 4 +- drivers/md/dm-flakey.c | 70 ++++--- drivers/md/dm.c | 30 +-- drivers/mfd/exynos-lpass.c | 1 - drivers/mfd/stmpe-spi.c | 2 +- drivers/misc/vmw_vmci/vmci_host.c | 11 +- drivers/mtd/nand/ecc-mxic.c | 2 +- drivers/net/bonding/bond_main.c | 25 ++- drivers/net/dsa/b53/b53_common.c | 23 +-- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +- drivers/net/ethernet/intel/ice/ice_main.c | 47 +++-- drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++++++++++++--- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 + drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +- drivers/net/ethernet/microchip/lan743x_main.c | 4 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 7 + .../net/ethernet/microchip/lan966x/lan966x_main.h | 6 + .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +++-- .../ethernet/microchip/lan966x/lan966x_switchdev.c | 1 + .../net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 +- drivers/net/macsec.c | 40 +++- drivers/net/phy/mdio_bus.c | 12 ++ drivers/net/phy/mscc/mscc_ptp.c | 20 +- drivers/net/phy/phy_device.c | 4 +- drivers/net/usb/aqc111.c | 10 +- drivers/net/vmxnet3/vmxnet3_drv.c | 26 +++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/ath/ath10k/snoc.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 37 ++-- drivers/net/wireless/ath/ath11k/core.h | 4 +- drivers/net/wireless/ath/ath11k/debugfs.c | 62 +++--- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 2 +- drivers/net/wireless/ath/ath12k/core.c | 8 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 9 + drivers/net/wireless/ath/ath12k/wmi.c | 3 +- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 + drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 + drivers/net/wireless/realtek/rtw88/coex.c | 2 +- drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 10 +- drivers/net/wwan/t7xx/t7xx_netdev.c | 11 +- drivers/nvme/target/fcloop.c | 31 +-- drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +- drivers/pci/controller/pcie-apple.c | 4 +- drivers/pci/pci-driver.c | 6 - drivers/pci/pci.c | 15 +- drivers/pci/pci.h | 1 + drivers/pci/pcie/dpc.c | 2 +- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 +- drivers/pinctrl/pinctrl-at91.c | 6 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 + drivers/power/reset/at91-reset.c | 5 +- drivers/ptp/ptp_private.h | 12 +- drivers/regulator/max20086-regulator.c | 6 +- drivers/remoteproc/qcom_wcnss_iris.c | 2 + drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 - drivers/rpmsg/qcom_smd.c | 2 +- drivers/rtc/class.c | 2 +- drivers/rtc/lib.c | 24 ++- drivers/rtc/rtc-loongson.c | 8 + drivers/rtc/rtc-sh.c | 12 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 29 +-- drivers/scsi/qedf/qedf_main.c | 2 +- drivers/scsi/scsi_transport_iscsi.c | 11 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +- drivers/spi/spi-bcm63xx-hsspi.c | 2 +- drivers/spi/spi-bcm63xx.c | 2 +- drivers/spi/spi-sh-msiof.c | 13 +- drivers/spi/spi-tegra210-quad.c | 24 +-- drivers/staging/media/rkvdec/rkvdec.c | 10 +- drivers/thunderbolt/ctl.c | 5 + drivers/thunderbolt/usb4.c | 4 +- drivers/tty/serial/jsm/jsm_tty.c | 1 + drivers/tty/serial/milbeaut_usio.c | 5 +- drivers/tty/serial/sh-sci.c | 81 ++++++-- drivers/tty/vt/vt_ioctl.c | 2 - drivers/ufs/core/ufs-mcq.c | 6 - drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-qcom.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 +- drivers/usb/cdns3/cdnsp-gadget.h | 4 + drivers/usb/class/usbtmc.c | 21 +- drivers/usb/core/hub.c | 16 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/function/f_hid.c | 12 +- drivers/usb/renesas_usbhs/common.c | 50 +++-- drivers/usb/serial/pl2303.c | 2 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 +++++-- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 +- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/qcom-wled.c | 6 +- drivers/video/fbdev/core/fbcvt.c | 2 +- drivers/watchdog/exar_wdt.c | 2 +- drivers/xen/balloon.c | 13 +- fs/btrfs/scrub.c | 34 ++- fs/f2fs/data.c | 4 +- fs/f2fs/f2fs.h | 10 +- fs/f2fs/namei.c | 10 +- fs/f2fs/super.c | 4 +- fs/filesystems.c | 14 +- fs/gfs2/inode.c | 3 +- fs/kernfs/dir.c | 5 +- fs/kernfs/file.c | 3 +- fs/namespace.c | 25 ++- fs/nfs/super.c | 19 ++ fs/nilfs2/btree.c | 4 +- fs/nilfs2/direct.c | 3 + fs/ntfs3/index.c | 8 + fs/ocfs2/quota_local.c | 2 +- fs/smb/client/cifssmb.c | 20 +- fs/squashfs/super.c | 5 + include/linux/arm_sdei.h | 4 +- include/linux/bio.h | 2 +- include/linux/bvec.h | 7 +- include/linux/hid.h | 3 +- include/linux/io_uring_types.h | 3 + include/linux/mdio.h | 5 +- include/linux/mlx5/driver.h | 1 + include/linux/phy.h | 5 +- include/net/bluetooth/hci_core.h | 2 +- include/net/checksum.h | 2 +- include/net/sock.h | 7 +- io_uring/io_uring.c | 10 +- io_uring/io_uring.h | 12 ++ io_uring/kbuf.c | 3 +- io_uring/poll.c | 2 +- io_uring/rw.c | 26 ++- kernel/bpf/core.c | 29 +-- kernel/events/core.c | 50 +++-- kernel/power/hibernate.c | 5 + kernel/power/main.c | 3 +- kernel/power/power.h | 4 + kernel/power/wakelock.c | 3 + kernel/rcu/tree.c | 10 +- kernel/rcu/tree.h | 2 +- kernel/rcu/tree_stall.h | 4 +- kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace.c | 2 +- kernel/trace/trace.h | 8 +- kernel/trace/trace_events_hist.c | 122 +++++++++-- kernel/trace/trace_events_trigger.c | 20 +- lib/kunit/static_stub.c | 2 +- mm/kasan/report.c | 4 +- mm/kasan/shadow.c | 2 +- net/bluetooth/eir.c | 10 +- net/bluetooth/hci_core.c | 16 +- net/bluetooth/hci_sync.c | 20 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/mgmt.c | 140 ++++++------- net/bluetooth/mgmt_util.c | 51 ++--- net/bluetooth/mgmt_util.h | 8 +- net/bridge/netfilter/nf_conntrack_bridge.c | 12 +- net/core/filter.c | 2 +- net/core/skmsg.c | 53 +++-- net/core/utils.c | 4 +- net/dsa/tag_brcm.c | 2 +- net/dsa/tag_ksz.c | 22 +- net/ipv4/udp_offload.c | 5 + net/ipv6/ila/ila_common.c | 6 +- net/ipv6/netfilter.c | 12 +- net/ipv6/netfilter/nft_fib_ipv6.c | 13 +- net/ipv6/seg6_local.c | 6 +- net/ncsi/internal.h | 21 +- net/ncsi/ncsi-pkt.h | 23 +-- net/ncsi/ncsi-rsp.c | 21 +- net/netfilter/nf_nat_core.c | 12 +- net/netfilter/nft_quota.c | 20 +- net/netfilter/nft_set_pipapo_avx2.c | 21 +- net/netfilter/nft_tunnel.c | 8 +- net/netlabel/netlabel_kapi.c | 5 + net/openvswitch/flow.c | 2 +- net/sched/sch_ets.c | 2 +- net/sched/sch_prio.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 5 +- net/sched/sch_tbf.c | 2 +- net/tipc/crypto.c | 6 +- net/tls/tls_sw.c | 15 +- net/xfrm/xfrm_device.c | 2 - net/xfrm/xfrm_state.c | 2 - scripts/Makefile.extrawarn | 12 ++ scripts/gcc-plugins/gcc-common.h | 32 +++ scripts/gcc-plugins/randomize_layout_plugin.c | 40 ++-- sound/soc/apple/mca.c | 23 +++ sound/soc/codecs/hda.c | 4 +- sound/soc/codecs/tas2764.c | 2 +- sound/soc/intel/avs/debugfs.c | 6 +- sound/soc/intel/avs/ipc.c | 4 +- sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/ti/omap-hdmi.c | 7 +- sound/usb/implicit.c | 1 + tools/arch/x86/kcpuid/kcpuid.c | 47 +++-- tools/bpf/resolve_btfids/Makefile | 2 +- tools/include/nolibc/stdlib.h | 4 +- tools/include/nolibc/types.h | 2 +- tools/lib/bpf/bpf_core_read.h | 6 + tools/lib/bpf/libbpf.c | 5 +- tools/lib/bpf/linker.c | 4 +- tools/lib/bpf/nlattr.c | 15 +- tools/perf/Makefile.config | 2 + tools/perf/builtin-record.c | 2 +- tools/perf/builtin-trace.c | 5 +- tools/perf/scripts/python/exported-sql-viewer.py | 5 +- tools/perf/tests/switch-tracking.c | 2 +- tools/perf/ui/browsers/hists.c | 2 +- tools/perf/util/intel-pt.c | 205 +++++++++++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 + tools/testing/selftests/seccomp/seccomp_bpf.c | 7 +- 347 files changed, 3285 insertions(+), 1551 deletions(-)

7 hours, 2 minutes

5
358
0 0

[PATCH 6.12 000/512] 6.12.34-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.34 release. There are 512 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Jun 2025 15:22:45 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.34-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.34-rc1 I Hsin Cheng <richard120310(a)gmail.com> drm/meson: Use 1000ULL when operating with mode->clock Andrew Price <anprice(a)redhat.com> gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Kees Cook <kees(a)kernel.org> overflow: Introduce __DEFINE_FLEX for having no initializer Oliver Neukum <oneukum(a)suse.com> net: usb: aqc111: debug info before sanitation Arnd Bergmann <arnd(a)arndb.de> usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n Nícolas F. R. A. Prado <nfraprado(a)collabora.com> regulator: dt-bindings: mt6357: Drop fixed compatible requirement Eric Dumazet <edumazet(a)google.com> calipso: unlock rcu before returning -EAFNOSUPPORT Xin Li (Intel) <xin(a)zytor.com> x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Thomas Gleixner <tglx(a)linutronix.de> x86/iopl: Cure TIF_IO_BITMAP inconsistencies Stefano Stabellini <stefano.stabellini(a)amd.com> xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Dave Chinner <dchinner(a)redhat.com> xfs: don't assume perags are initialised when trimming AGs Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Move cpus_read_lock() outside of buffer->mutex Dmitry Antipov <dmantipov(a)yandex.ru> ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not trigger WARN_ON() due to a commit_overrun Matthew Wilcox (Oracle) <willy(a)infradead.org> 9p: Add a migrate_folio method RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Flush altsetting 0 endpoints before reinitializating them after reset. Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting USB 3.2 speed Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting command completion event Jonathan Stroud <jonathan.stroud(a)amd.com> usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: serial: 8250_omap: fix TX with DMA for am33xx Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Peter Korsgaard <peter(a)korsgaard.com> nvmem: zynqmp_nvmem: unbreak driver after cleanup Oleg Nesterov <oleg(a)redhat.com> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() David Heimann <d(a)dmeh.net> ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Francesco Dolcini <francesco.dolcini(a)toradex.com> Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Suleiman Souhlal <suleiman(a)google.com> tools/resolve_btfids: Fix build when cross compiling kernel with clang. Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: relax slice condition to cover more `noreturn` Rust functions Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Fix bvec_set_folio() for very large folios Matthew Wilcox (Oracle) <willy(a)infradead.org> bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP Keith Busch <kbusch(a)kernel.org> io_uring: consistently use rcu semantics with sqpoll thread Christoph Hellwig <hch(a)lst.de> block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Penglei Jiang <superman.xpt(a)gmail.com> io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Ming Lei <ming.lei(a)redhat.com> block: use q->elevator with ->elevator_lock held in elv_iosched_show() Peter Zijlstra <peterz(a)infradead.org> perf: Ensure bpf_perf_link path is properly serialized Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: access fcpreq only when holding reqlock Filipe Manana <fdmanana(a)suse.com> btrfs: exit after state split error at set_extent_bit() Christian Brauner <brauner(a)kernel.org> gfs2: pass through holder from the VFS for freeze/thaw Zijun Hu <quic_zijuhu(a)quicinc.com> fs/filesystems: Fix potential unsigned integer underflow in fs_name() Filipe Manana <fdmanana(a)suse.com> btrfs: exit after state insertion failure at btrfs_convert_extent_bit() Jakub Kicinski <kuba(a)kernel.org> net: drv: netdevsim: don't napi_complete() from netpoll Eric Dumazet <edumazet(a)google.com> net_sched: ets: fix a race in ets_qdisc_change() Eric Dumazet <edumazet(a)google.com> net_sched: tbf: fix a race in tbf_change() Eric Dumazet <edumazet(a)google.com> net_sched: red: fix a race in __red_change() Eric Dumazet <edumazet(a)google.com> net_sched: prio: fix a race in prio_tune() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix leak of Geneve TLV option object Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix missing ip_version handling in definer Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix return value when searching for existing flow group Amir Tzin <amirtz(a)nvidia.com> net/mlx5: Fix ECVF vports unload on shutdown flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Ensure fw pages are always allocated on same NUMA Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix sparse errors Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: eir: Fix possible crashes on eir_create_adv_data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix NULL pointer deference on eir_get_service_data Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds read/write access Carlos Fernandez <carlos.fernandez(a)technica-engineering.de> macsec: MACsec SCI assignment for ES = 0 Michal Luczaj <mhal(a)rbox.co> net: Fix TOCTOU issue in sk_is_readable() Yunhui Cui <cuiyunhui(a)bytedance.com> ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Robert Malz <robert.malz(a)canonical.com> i40e: retry VFLR handling if there is ongoing VF reset Robert Malz <robert.malz(a)canonical.com> i40e: return false from i40e_reset_vf if reset is in progress Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix more rounding issues with 59.94Hz modes Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use vclk_freq instead of pixel_freq in debug print Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix debug log statement when setting the HDMI clocks Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use unsigned long long / Hz for frequency types Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: fix a potential crash on gso_skb handling Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: iscsi: Fix incorrect error path labels for flashnode operations Wojciech Slenska <wojciech.slenska(a)gmail.com> pinctrl: qcom: pinctrl-qcm2290: Add missing pins Félix Piédallu <felix.piedallu(a)non.se.com> spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Félix Piédallu <felix.piedallu(a)non.se.com> spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message Dan Carpenter <dan.carpenter(a)linaro.org> regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: refactor ath12k_hw_regs structure Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: move some firmware stats related functions outside of debugfs Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't wait when there is no vdev started Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() Easwar Hariharan <eahariha(a)linux.microsoft.com> wifi: ath11k: convert timeouts to secs_to_jiffies() Caleb Connolly <caleb.connolly(a)linaro.org> ath10k: snoc: fix unbalanced IRQ enable in crash recovery Jeongjun Park <aha310510(a)gmail.com> ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Protect mgmt_pending list with its own lock Dr. David Alan Gilbert <linux(a)treblig.org> Bluetooth: MGMT: Remove unused mgmt_pending_find_data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Chandrashekar Devegowda <chandrashekar.devegowda(a)intel.com> Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chandrashekar Devegowda <chandrashekar.devegowda(a)intel.com> Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: fix list_for_each_entry_rcu usage Sanjeev Yadav <sanjeev.y(a)mediatek.com> scsi: core: ufs: Fix a hang in the error handler Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() David Lechner <dlechner(a)baylibre.com> dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pwm: Correct indentation and style in DTS example Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> dt-bindings: pwm: adi,axi-pwmgen: Increase #pwm-cells to 3 Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: refactor drvdata suspend & resume callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Add GPU cooling Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> mmc: sdhci-of-dwcmshc: add PD workaround on RK3576 Ulf Hansson <ulf.hansson(a)linaro.org> pmdomain: core: Introduce dev_pm_genpd_rpm_always_on() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics-rmi - fix crash with unsupported versions of F34 Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Support mute led function for HP platform Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247 Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu: read back register after written for VCN v4.0.5 Boyuan Zhang <boyuan.zhang(a)amd.com> drm/amd/pm: power up or down vcn by instance Boyuan Zhang <boyuan.zhang(a)amd.com> drm/amd/pm: add inst to dpm_set_vcn_enable Gautham R. Shenoy <gautham.shenoy(a)amd.com> tools/power turbostat: Fix AMD package-energy reporting Al Viro <viro(a)zeniv.linux.org.uk> do_change_type(): refuse to operate on unmounted/not ours mounts Al Viro <viro(a)zeniv.linux.org.uk> fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) Al Viro <viro(a)zeniv.linux.org.uk> path_overmount(): avoid false negatives Nitesh Shetty <nj.shetty(a)samsung.com> iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Yuuki NAGAO <wf.yn386(a)gmail.com> ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Verify content returned by parse_int_array() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: hda: Fix RPM usage count underflow Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nylon Chen <nylon.chen(a)sifive.com> riscv: misaligned: fix sleeping function called during misaligned access handling Ido Schimmel <idosch(a)nvidia.com> seg6: Fix validation of nexthop addresses Mirco Barone <mirco.barone(a)polito.it> wireguard: device: enable threaded NAPI Daniele Palmas <dnlplm(a)gmail.com> net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not touch DLL_IQQD on bcm53115 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not enable RGMII delay on bcm63xx Meghana Malladi <m-malladi(a)ti.com> net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: also check reverse tuple to obtain clashing entry Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Michael Walle <mwalle(a)kernel.org> drm/panel-simple: fix the warnings for the Evervision VGG644804 Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO Keith Busch <kbusch(a)kernel.org> nvme: fix command limits status code Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Bui Quang Minh <minhquangbui99(a)gmail.com> selftests: net: build net/lib dependency in all target Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: correctly report gso type for UDP tunnels Jinjian Song <jinjian.song(a)fibocom.com> net: wwan: t7xx: Fix napi rx poll issue Shiming Cheng <shiming.cheng(a)mediatek.com> net: fix udp gso skb_segment after pull from frag_list Jesus Narvaez <jesus.narvaez(a)intel.com> drm/i915/guc: Handle race condition where wakeref count drops below 0 Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Jesus Narvaez <jesus.narvaez(a)intel.com> drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h Paul Chaignon <paul.chaignon(a)gmail.com> net: Fix checksum update for ILA adj-transport Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: tag_brcm: legacy: fix pskb_may_pull length Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: avoid mailbox timeout delays during reset Brian Vazquez <brianvv(a)google.com> idpf: fix a race in txq wakeup Michal Kubiak <michal.kubiak(a)intel.com> ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Kubiak <michal.kubiak(a)intel.com> ice: create new Tx scheduler nodes for new queues only Michal Kubiak <michal.kubiak(a)intel.com> ice: fix Tx scheduler error handling in XDP callback Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix shared reset Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-spi: fix shared reset Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Make sure to insert the vlan tags also in host mode Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4_en: Prevent potential integer overflow calculating Hz Yanqing Wang <ot_yanqing.wang(a)mediatek.com> driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Charalampos Mitrodimas <charmitro(a)posteo.net> net: tipc: fix refcount warning in tipc_aead_encrypt Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt Quentin Schulz <quentin.schulz(a)cherry.de> net: stmmac: platform: guarantee uniqueness of bus_id Dong Chenchen <dongchenchen2(a)huawei.com> page_pool: Fix use-after-free in page_pool_recycle_in_ring Tengteng Yang <yangtengteng(a)bytedance.com> Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Make xe_gt_freq part of the Documentation Ming Lei <ming.lei(a)redhat.com> loop: add file_start_write() and file_end_write() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: typec: fix const issue in typec_match() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: gadget: udc: fix const issue in gadget_match_driver() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: bus: fix const issue in usb_serial_device_match() Marcus Folkesson <marcus.folkesson(a)gmail.com> iio: adc: mcp3911: fix device dependent mappings for conversion result registers Marius Cristea <marius.cristea(a)microchip.com> iio: adc: PAC1934: fix typo in documentation link Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Nicolas Pitre <npitre(a)baylibre.com> vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: prevent deactivate active config while enabling the config Qasim Ijaz <qasdev00(a)gmail.com> fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> counter: interrupt-cnt: Protect enable/disable OPs with mutex Yabin Cui <yabinc(a)google.com> coresight: catu: Introduce refcount and spinlock for enabling/disabling Junhao He <hejunhao3(a)huawei.com> coresight: Fixes device's owner field for registered using coresight_init_driver() WangYuli <wangyuli(a)uniontech.com> MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Chenyuan Yang <chenyuan0y(a)gmail.com> usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix 3dB filter frequency reading Brian Pellegrino <bpellegrino(a)arka.org> iio: filter: admv8818: Support frequencies >= 2^32 Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix range calculation Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix integer overflow Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix band 4, state 15 Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Fix a logic error in wake on connect Henry Martin <bsdhenrymartin(a)gmail.com> serial: Fix potential null-ptr-deref in mlb_usio_probe() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> usb: renesas_usbhs: Reorder clock handling and power management in probe Jerome Brunet <jbrunet(a)baylibre.com> PCI: endpoint: Retain fixed-size BAR size as well as aligned size Liu Dalin <liudalin(a)kylinsec.com.cn> rtc: loongson: Add missing alarm notifications for ACPI RTC events Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Log Error Source ID only when valid Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Initialize aer_err_info before using it Zhe Qiao <qiaozhe(a)iscas.ac.cn> PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Henry Martin <bsdhenrymartin(a)gmail.com> dmaengine: ti: Add NULL check in udma_probe() Chenyuan Yang <chenyuan0y(a)gmail.com> phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Mario Limonciello <mario.limonciello(a)amd.com> PCI: Explicitly put devices into D0 when initializing Hector Martin <marcan(a)marcan.st> PCI: apple: Use gpiod_set_value_cansleep in probe flow Hans Zhang <18255117159(a)163.com> PCI: cadence: Fix runtime atomic count underflow Jerome Brunet <jbrunet(a)baylibre.com> PCI: rcar-gen4: set ep BAR4 fixed size Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Fix clock ratio setup Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: sh: assign correct interrupts with DT Danilo Krummrich <dakr(a)kernel.org> rust: alloc: add missing invariant in Vec::set_len() Pali Rohár <pali(a)kernel.org> cifs: Fix validation of SMB1 query reparse point response Ian Rogers <irogers(a)google.com> perf callchain: Always populate the addr_location map when adding IP Anubhav Shelat <ashelat(a)redhat.com> perf trace: Set errpid to false for rseq and set_robust_list Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when remounting nfs Li Lingfeng <lilingfeng3(a)huawei.com> nfs: clear SB_RDONLY before getting superblock Anubhav Shelat <ashelat(a)redhat.com> perf trace: Always print return value for syscalls returning a pid Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf record: Fix incorrect --user-regs comments Ian Rogers <irogers(a)google.com> perf symbol: Fix use-after-free in filename__read_build_id Jason-JH Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Peng Fan <peng.fan(a)nxp.com> mailbox: imx: Fix TXDB_V2 sending Leo Yan <leo.yan(a)arm.com> perf tests switch-tracking: Fix timestamp comparison Alexey Gladkov <legion(a)kernel.org> mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() Dan Carpenter <dan.carpenter(a)linaro.org> rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Dan Carpenter <dan.carpenter(a)linaro.org> remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe Adrian Hunter <adrian.hunter(a)intel.com> perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix PEBS-via-PT data_src Michael Petlan <mpetlan(a)redhat.com> perf tests: Fix 'perf report' tests installation Namhyung Kim <namhyung(a)kernel.org> perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: make corrupting read bios work Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: error all IOs when num_features is absent Benjamin Marzinski <bmarzins(a)redhat.com> dm: fix dm_blk_report_zones Ian Rogers <irogers(a)google.com> perf symbol-minimal: Fix double free in filename__read_build_id Alexei Safin <a.safin(a)rosa.ru> hwmon: (asus-ec-sensors) check sensor index in read_string() Mikhail Arkhipov <m.arhipov(a)rosa.ru> mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Sean Christopherson <seanjc(a)google.com> x86/irq: Ensure initial PIR loads are performed exactly once Henry Martin <bsdhenrymartin(a)gmail.com> backlight: pm8941: Add NULL check in wled_configure() Benjamin Marzinski <bmarzins(a)redhat.com> dm: free table mempools if not used in __bind Benjamin Marzinski <bmarzins(a)redhat.com> dm: don't change md if dm_table_set_restrictions() fails Arnaldo Carvalho de Melo <acme(a)redhat.com> perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Warn when libdebuginfod devel files are not available Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Fix attribute addition Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Remove bogus void member Sergey Shtylyov <s.shtylyov(a)omp.ru> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Henry Martin <bsdhenrymartin(a)gmail.com> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() Su Hui <suhui(a)nfschina.com> soc: aspeed: lpc: Fix impossible judgment condition Joel Stanley <joel(a)jms.id.au> ARM: aspeed: Don't select SRAM Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Rename RTC node to match binding expectations Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Vignesh Raman <vignesh.raman(a)collabora.com> arm64: defconfig: mediatek: enable PHY drivers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: move replicator out of soc node Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: add missing clocks to the timer node Andre Przywara <andre.przywara(a)arm.com> dt-bindings: vendor-prefixes: Add Liontron name Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: fix double-free on mc_dev Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Wentao Liang <vulab(a)iscas.ac.cn> nilfs2: add pointer check for nilfs_direct_propagate() Murad Masimov <m.masimov(a)mt-integration.ru> ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check return result of sb_min_blocksize Barnabás Czémán <barnabas.czeman(a)mainlining.org> soc: qcom: smp2p: Fix fallback to qcom,ipc parse Prasanth Babu Mantena <p-mantena(a)ti.com> arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Add uartd serial alias for Jetson TX1 module Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Drop remaining serial clock-names and reset-names Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Add missing 'compatible' property to regulators node Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix RTC capacitive load Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mt8183: Add port node to mt8183.dtsi Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: at91sam9263: fix NAND chip selects Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Varadarajan Narayanan <quic_varada(a)quicinc.com> arm64: dts: qcom: ipq9574: Fix USB vdd info Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Xilin Wu <wuxilin123(a)gmail.com> arm64: dts: qcom: sm8250: Fix CPU7 opp table Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: refactor node order Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove wifi Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures Mark Kettenis <kettenis(a)openbsd.org> arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to correct check conditions in f2fs_cross_rename Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: use d_inode(dentry) cleanup dentry->d_inode Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Faicker Mo <faicker.mo(a)zenlayer.com> net: openvswitch: Fix the dead loop of MPLS parse Kuniyuki Iwashima <kuniyu(a)amazon.com> calipso: Don't call calipso functions for AF_INET sk. Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Perform cache sync on send queue teardown Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Fix memory leak when using one step timestamping Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix PHY reset handling during initialization and WOL Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: phy: fix up const issues in to_mdio_device() and to_phy_device() Wei Fang <wei.fang(a)nxp.com> net: phy: clear phydev->devlink when the link is deleted KaFai Wan <mannkafai(a)gmail.com> bpf: Avoid __bpf_prog_ret0_warn when jit fails Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 Jack Morgenstein <jackm(a)nvidia.com> RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Stefano Garzarella <sgarzare(a)redhat.com> vsock/virtio: fix `rx_bytes` accounting for stream sockets Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: aqc111: fix error handling of usbnet read calls Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: lock the correct mp_state during reset Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_tunnel: fix geneve_opt dump Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib: consistent l3mdev handling Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Avoid using sk_socket after free when sending Kees Cook <kees(a)kernel.org> Bluetooth: btintel: Check dsbr size from EFI variable Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Li RongQing <lirongqing(a)baidu.com> vfio/type1: Fix error unwind in migration dirty bitmap allocation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy Florian Westphal <fw(a)strlen.de> netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds Di Shen <di.shen(a)unisoc.com> bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix RX buffer size of MCU event Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: set EHT max ampdu length capability Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: ensure all MCU commands wait for response Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: refine the sniffer commnad Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: prevent multiple scan commands Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not using SID from adv report Michal Koutný <mkoutny(a)suse.com> kernfs: Relax constraint in draining guard ping.gao <ping.gao(a)samsung.com> scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Toke Høiland-Jørgensen <toke(a)toke.dk> wifi: ath9k_htc: Abort software beacon handling if disabled Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix live migration function without VF device driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: add eq and aeq interruption restore Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: fix XQE dma address error Rajat Soni <quic_rajson(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Rolf Eike Beer <eb(a)emlix.com> iommu: remove duplicate selection of DMAR_TABLE Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Store backchain even for leaf progs Vincent Knecht <vincent.knecht(a)mailoo.org> clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Rob Herring (Arm) <robh(a)kernel.org> dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Tao Chen <chen.dylane(a)linux.dev> bpf: Fix WARN() in get_bpf_raw_tp_regs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in nlattr Jiayuan Chen <jiayuan.chen(a)linux.dev> ktls, sockmap: Fix missing uncharge operation Dan Carpenter <dan.carpenter(a)linaro.org> of: unittest: Unlock on error in unittest_data_add() Miaoqian Lin <linmq006(a)gmail.com> tracing: Fix error handling in event_trigger_parse() Steven Rostedt <rostedt(a)goodmis.org> tracing: Rename event_trigger_alloc() to trigger_data_alloc() Luis Gerhorst <luis.gerhorst(a)fau.de> selftests/bpf: Fix caps for __xlated/jited_unpriv Hans Zhang <18255117159(a)163.com> efi/libstub: Describe missing 'out' parameter in efi_load_initrd Ilan Peer <ilan.peer(a)intel.com> wifi: iwlfiwi: mvm: Fix the rate reporting Henry Martin <bsdhenrymartin(a)gmail.com> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() YiFei Zhu <zhuyifei(a)google.com> bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs Steven Rostedt <rostedt(a)goodmis.org> tracing: Move histogram trigger variables from stack to per CPU structure Anton Protopopov <a.s.protopopov(a)gmail.com> bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Zhongqiu Duan <dzq.aishenghu0(a)gmail.com> netfilter: nft_quota: match correctly when the quota just depleted Huajian Yang <huajianyang(a)asrmicro.com> netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Lorenzo Bianconi <lorenzo(a)kernel.org> bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in linker Yi Zhang <yi.zhang(a)redhat.com> scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Chao Yu <chao(a)kernel.org> f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Chao Yu <chao(a)kernel.org> f2fs: clean up w/ fscrypt_is_bounce_page() Hangbin Liu <liuhangbin(a)gmail.com> bonding: assign random address if device address is same as bond Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Protect against overflow in iommu_pgsize() Jonathan Wiepert <jonathan.wiepert(a)gmail.com> Use thread-safe function pointer in libbpf_print Tao Chen <chen.dylane(a)linux.dev> libbpf: Remove sample_period init in perf_buffer Feng Yang <yangfeng(a)kylinos.cn> libbpf: Fix event name too long error Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Maharaja Kennadyrajan <maharaja.kennadyrajan(a)oss.qualcomm.com> wifi: ath12k: fix node corruption in ar->arvifs list Ramasamy Kaliappan <quic_rkaliapp(a)quicinc.com> wifi: ath12k: Fix the QoS control field offset to build QoS header P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Add MSDU length validation for TKIP MIC error Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: fix invalid access to memory Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: do not ignore hardware read error during DPK Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT Cosmin Ratiu <cratiu(a)nvidia.com> xfrm: Use xdo.dev instead of xdo.real_dev Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Avoid using xso.real_dev unnecessarily Viktor Malik <vmalik(a)redhat.com> libbpf: Fix buffer overflow in bpf_object__init_prog Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix GCPS 64-bit member variables Toke Høiland-Jørgensen <toke(a)redhat.com> page_pool: Track DMA-mapped pages and unmap them when destroying the pool Toke Høiland-Jørgensen <toke(a)redhat.com> page_pool: Move pp_magic check into helper functions Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sbi->total_valid_block_count yohan.joung <yohan.joung(a)sk.com> f2fs: prevent the current section from being selected as a victim during GC Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: clean up unnecessary indentation Dan Carpenter <dan.carpenter(a)linaro.org> wifi: ath12k: Fix buffer overflow in debugfs Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: fix cleanup path after mhi init Chao Yu <chao(a)kernel.org> f2fs: zone: fix to avoid inconsistence in between SIT and SSA Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Fix panic when calling skb_linearize Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: fix duplicated data transmission Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf: fix ktls panic with sockmap Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix bpf_nf selftest failure Tao Chen <chen.dylane(a)linux.dev> bpf: Check link_create.flags parameter for multi_kprobe Jacob Moroni <jmoroni(a)google.com> IB/cm: use rwlock for MAD agent lock P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Fix invalid memory access while forming 802.11 header P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Fix memory leak during vdev_id mismatch Stone Zhang <quic_stonez(a)quicinc.com> wifi: ath11k: fix node corruption in ar->arvifs list Roger Pau Monne <roger.pau(a)citrix.com> xen/x86: fix initial memory balloon target Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Reduce the number of rdma_rw contexts per-QP Detlev Casanova <detlev.casanova(a)collabora.com> media: verisilicon: Free post processor buffers on error AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: Fix kobject put for component sub-drivers AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Anand Moon <linux.amoon(a)gmail.com> perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Kees Cook <kees(a)kernel.org> scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Gustavo A. R. Silva <gustavoars(a)kernel.org> overflow: Fix direct struct member initialization in _DEFINE_FLEX() Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Do not discard modified SVE state Huang Yiwei <quic_hyiwei(a)quicinc.com> firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Biju Das <biju.das.jz(a)bp.renesas.com> drm/tegra: rgb: Fix the unbound reference count Kees Cook <kees(a)kernel.org> drm/vkms: Adjust vkms_state->active_planes allocation type Biju Das <biju.das.jz(a)bp.renesas.com> drm: rcar-du: Fix memory leak in rcar_du_vsps_init() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable SmartDMA on SC8180X Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable SmartDMA on SM8150 Neill Kapron <nkapron(a)google.com> selftests/seccomp: fix syscall_restart test for arm compat Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused Kornel Dulęba <korneld(a)google.com> arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Miaoqian Lin <linmq006(a)gmail.com> firmware: psci: Fix refcount leak in psci_dt_init Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix macintosh_config for Mac II Kees Cook <kees(a)kernel.org> watchdog: exar: Shorten identity name to fit correctly Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit/usercopy: Disable u64 test on 32-bit SPARC Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Andrey Vatoropin <a.vatoropin(a)crpt.ru> fs/ntfs3: handle hdr_first_de() return value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() Casey Connolly <casey.connolly(a)linaro.org> drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Hongbo Yao <andy.xu(a)hj-micro.com> perf: arm-ni: Fix missing platform_set_drvdata() Hongbo Yao <andy.xu(a)hj-micro.com> perf: arm-ni: Unregister PMUs on probe failure Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Update panthor_mmu::irq::mask when needed Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Fix merging of FPSIMD state during signal return Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Reset FPMR upon exec() Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid RES0 bits in the SME trap handler Jonas Karlman <jonas(a)kwiboo.se> media: rkvdec: Fix frame size enumeration Charles Han <hanchunchao(a)inspur.com> drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Use return instead of assert Badal Nilawar <badal.nilawar(a)intel.com> drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix dumb buffer leak Keisuke Nishimura <keisuke.nishimura(a)inria.fr> drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Add seqno waiter for sync_files Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> ALSA: core: fix up bus match const issues. Martin Povišer <povik+lin(a)cutebit.org> ASoC: apple: mca: Constrain channels according to TDM mask Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix maximum DMA transfer size Armin Wolf <W_Armin(a)gmx.de> ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Print PM debug messages during hibernation Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Mingcong Bai <jeffbai(a)aosc.io> ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Zijun Hu <quic_zijuhu(a)quicinc.com> PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: add missing acp descriptor field Kees Cook <kees(a)kernel.org> ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type Yaxiong Tian <tianyaxiong(a)kylinos.cn> PM: EM: Fix potential division-by-zero error in em_compute_costs() Alexander Shiyan <eagle.alexander923(a)gmail.com> power: reset: at91-reset: Optimize at91_reset() Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: modify chip select (CS) deactivation Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: remove redundant error handling code Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: fix integer overflow in i{64,}toa_r() and Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Fix general protection fault Julien Massot <julien.massot(a)collabora.com> ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Enable main IRQs Jemmy Wong <jemmywong512(a)gmail.com> tools/nolibc/types.h: fix mismatched parenthesis in minor() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Redo lookup on EEXIST Tzung-Bi Shih <tzungbi(a)kernel.org> kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - move fallback ahash_request to the end of the struct Herbert Xu <herbert(a)gondor.apana.org.au> crypto: xts - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lrw - Only add ecb if it is not already there Yongliang Gao <leonylgao(a)tencent.com> rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid data space release when truncating block in NOCOW mode Qu Wenruo <wqu(a)suse.com> btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update device stats when an error is detected Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Sheng Yong <shengyong1(a)xiaomi.com> erofs: avoid using multiple devices with different type Hongbo Li <lihongbo22(a)huawei.com> erofs: fix file handle encoding for 64-bit NIDs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Avoid empty transfer descriptor Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Handle zero-length skcipher requests Nícolas F. R. A. Prado <nfraprado(a)collabora.com> kselftest: cpufreq: Get rid of double suspend in rtcwake case Yu Kuai <yukuai3(a)huawei.com> brd: fix discard end sector Yu Kuai <yukuai3(a)huawei.com> brd: fix aligned_sector from brd_do_discard() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> x86/insn: Fix opcode map (!REX2) superscript tags Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Sanitize CPUID(0x80000000) output Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - undo runtime PM changes during driver removal Annie Li <jiayanli(a)google.com> x86/microcode/AMD: Do not return error when microcode update is not necessary John Stultz <jstultz(a)google.com> sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Eddie James <eajames(a)linux.ibm.com> powerpc/crash: Fix non-smp kexec preparation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> powerpc: do not build ppc_save_regs.o always Corentin Labbe <clabbe.montjoie(a)gmail.com> crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Qing Wang <wangqing7171(a)gmail.com> perf/core: Fix broken throttling when max_samples_per_tick=1 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: gfs2_create_inode error handling fix Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: replace sd_aspace with sd_inode Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Prevent UMC counters from saturating Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member Peter Zijlstra <peterz(a)infradead.org> sched: Fix trace_sched_switch(.prev_state) Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() Andrew Cooper <andrew.cooper3(a)citrix.com> x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Fix error handling ------------- Diffstat: .../devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 21 +- .../devicetree/bindings/pwm/brcm,bcm7038-pwm.yaml | 8 +- .../devicetree/bindings/pwm/brcm,kona-pwm.yaml | 8 +- .../regulator/mediatek,mt6357-regulator.yaml | 12 +- .../devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/gpu/xe/index.rst | 1 + Documentation/gpu/xe/xe_gt_freq.rst | 14 + Makefile | 4 +- arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 +- arch/arm/boot/dts/microchip/tny_a9263.dts | 2 +- arch/arm/boot/dts/microchip/usb_a9263.dts | 4 +- arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +++--- arch/arm/mach-aspeed/Kconfig | 1 - arch/arm64/Kconfig | 6 +- .../arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 + .../arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 + .../boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 - arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 + arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 ++-- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 - arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 - arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 + arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 +- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 - .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 + .../arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 + .../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 71 ++--- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e80100.dtsi | 299 +++++++++++---------- .../r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 +- .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 + .../arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 +- .../boot/dts/ti/k3-j721e-common-proc-board.dts | 1 + arch/arm64/configs/defconfig | 3 + arch/arm64/include/asm/esr.h | 12 +- arch/arm64/include/asm/fpsimd.h | 3 + arch/arm64/kernel/entry-common.c | 46 +++- arch/arm64/kernel/fpsimd.c | 36 ++- arch/arm64/xen/hypercall.S | 21 +- arch/m68k/mac/config.c | 2 +- .../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 + arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kexec/crash.c | 5 +- arch/powerpc/platforms/book3s/vas-api.c | 9 + arch/powerpc/platforms/powernv/memtrace.c | 8 +- arch/powerpc/platforms/pseries/iommu.c | 2 +- arch/riscv/kernel/traps_misaligned.c | 4 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/net/bpf_jit_comp.c | 12 +- arch/x86/events/amd/uncore.c | 36 ++- arch/x86/include/asm/mwait.h | 9 +- arch/x86/include/asm/sighandling.h | 22 ++ arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/microcode/core.c | 2 + arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/ioport.c | 13 +- arch/x86/kernel/irq.c | 2 +- arch/x86/kernel/process.c | 15 +- arch/x86/kernel/signal_32.c | 4 + arch/x86/kernel/signal_64.c | 4 + arch/x86/lib/x86-opcode-map.txt | 50 ++-- block/blk-zoned.c | 7 +- block/elevator.c | 3 +- crypto/api.c | 13 +- crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/acpi/acpica/exserial.c | 6 + drivers/acpi/apei/Kconfig | 1 + drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/cppc_acpi.c | 2 +- drivers/acpi/osi.c | 1 - drivers/acpi/resource.c | 2 +- drivers/base/power/main.c | 3 +- drivers/block/brd.c | 11 +- drivers/block/loop.c | 8 +- drivers/bluetooth/btintel.c | 10 +- drivers/bluetooth/btintel_pcie.c | 31 ++- drivers/bluetooth/btintel_pcie.h | 10 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 6 +- drivers/clk/bcm/clk-raspberrypi.c | 2 + drivers/clk/qcom/camcc-sm6350.c | 18 ++ drivers/clk/qcom/dispcc-sm6350.c | 3 + drivers/clk/qcom/gcc-msm8939.c | 4 +- drivers/clk/qcom/gcc-sm6350.c | 6 + drivers/clk/qcom/gpucc-sm6350.c | 6 + drivers/counter/interrupt-cnt.c | 9 + .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 ++- drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- .../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +- drivers/crypto/marvell/cesa/cipher.c | 3 + drivers/crypto/marvell/cesa/hash.c | 2 +- drivers/dma/ti/k3-udma.c | 3 +- drivers/edac/i10nm_base.c | 35 +-- drivers/edac/skx_common.c | 1 + drivers/edac/skx_common.h | 11 +- drivers/firmware/Kconfig | 1 - drivers/firmware/arm_sdei.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 1 + drivers/firmware/psci/psci.c | 4 +- drivers/fpga/tests/fpga-mgr-test.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 8 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 3 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v14_0.h | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 24 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 19 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_5_ppt.c | 4 +- .../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 38 ++- drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 ++- drivers/gpu/drm/meson/meson_drv.c | 2 +- drivers/gpu/drm/meson/meson_drv.h | 2 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 +- drivers/gpu/drm/meson/meson_vclk.c | 226 +++++++++------- drivers/gpu/drm/meson/meson_vclk.h | 13 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 - .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 +- drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 +-- drivers/gpu/drm/panel/panel-simple.c | 5 +- drivers/gpu/drm/panthor/panthor_mmu.c | 1 + drivers/gpu/drm/panthor/panthor_regs.h | 4 +- drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 +- drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 ++- drivers/gpu/drm/vkms/vkms_crtc.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 ++ drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 ++- drivers/gpu/drm/xe/xe_gt_freq.c | 2 + drivers/gpu/drm/xe/xe_pci.c | 1 + drivers/hid/hid-hyperv.c | 4 +- drivers/hid/usbhid/hid-core.c | 25 +- drivers/hwmon/asus-ec-sensors.c | 4 + drivers/hwtracing/coresight/coresight-catu.c | 27 +- drivers/hwtracing/coresight/coresight-catu.h | 1 + drivers/hwtracing/coresight/coresight-config.h | 2 +- drivers/hwtracing/coresight/coresight-core.c | 6 +- drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 +- drivers/hwtracing/coresight/coresight-funnel.c | 3 +- drivers/hwtracing/coresight/coresight-replicator.c | 3 +- drivers/hwtracing/coresight/coresight-stm.c | 2 +- drivers/hwtracing/coresight/coresight-syscfg.c | 49 ++-- drivers/hwtracing/coresight/coresight-tmc-core.c | 2 +- drivers/hwtracing/coresight/coresight-tpiu.c | 2 +- drivers/iio/adc/ad7124.c | 4 +- drivers/iio/adc/mcp3911.c | 39 ++- drivers/iio/adc/pac1934.c | 2 +- drivers/iio/filter/admv8818.c | 230 ++++++++++++---- drivers/infiniband/core/cm.c | 16 +- drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 1 - drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 - drivers/infiniband/hw/mlx5/qpc.c | 30 ++- drivers/input/rmi4/rmi_f34.c | 133 +++++---- drivers/iommu/Kconfig | 1 - drivers/iommu/iommu.c | 4 +- drivers/mailbox/imx-mailbox.c | 21 +- drivers/mailbox/mtk-cmdq-mailbox.c | 51 ++-- drivers/md/dm-core.h | 1 + drivers/md/dm-flakey.c | 70 ++--- drivers/md/dm-zone.c | 25 +- drivers/md/dm.c | 30 ++- .../media/platform/verisilicon/hantro_postproc.c | 4 +- drivers/mfd/exynos-lpass.c | 6 +- drivers/mfd/stmpe-spi.c | 2 +- drivers/misc/mei/vsc-tp.c | 4 +- drivers/misc/vmw_vmci/vmci_host.c | 11 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 40 +++ drivers/mtd/nand/ecc-mxic.c | 2 +- drivers/net/bonding/bond_main.c | 25 +- drivers/net/dsa/b53/b53_common.c | 37 +-- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +- drivers/net/ethernet/intel/ice/ice_main.c | 47 +++- drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++++++++--- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +- .../net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 ++-- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 - drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 + drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 +- .../net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 ++ drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 + drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 18 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +- .../mlx5/core/steering/hws/mlx5hws_definer.c | 3 + drivers/net/ethernet/microchip/lan743x_main.c | 15 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 7 + .../net/ethernet/microchip/lan966x/lan966x_main.h | 6 + .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +++- .../ethernet/microchip/lan966x/lan966x_switchdev.c | 1 + .../net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 +- drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 +- drivers/net/macsec.c | 40 ++- drivers/net/netdevsim/netdev.c | 3 +- drivers/net/phy/mdio_bus.c | 12 + drivers/net/phy/mscc/mscc_ptp.c | 20 +- drivers/net/phy/phy_device.c | 4 +- drivers/net/usb/aqc111.c | 10 +- drivers/net/vmxnet3/vmxnet3_drv.c | 26 ++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/ath/ath10k/snoc.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 37 +-- drivers/net/wireless/ath/ath11k/core.h | 4 +- drivers/net/wireless/ath/ath11k/debugfs.c | 148 +--------- drivers/net/wireless/ath/ath11k/debugfs.h | 10 +- drivers/net/wireless/ath/ath11k/mac.c | 92 ++++++- drivers/net/wireless/ath/ath11k/mac.h | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 47 +++- drivers/net/wireless/ath/ath12k/core.c | 8 +- .../net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 + drivers/net/wireless/ath/ath12k/dp_rx.c | 54 ++-- drivers/net/wireless/ath/ath12k/dp_tx.c | 1 + drivers/net/wireless/ath/ath12k/hal.c | 103 +++---- drivers/net/wireless/ath/ath12k/hal.h | 64 +++-- drivers/net/wireless/ath/ath12k/hal_desc.h | 3 +- drivers/net/wireless/ath/ath12k/hw.c | 35 ++- drivers/net/wireless/ath/ath12k/hw.h | 12 +- drivers/net/wireless/ath/ath12k/pci.c | 12 +- drivers/net/wireless/ath/ath12k/pci.h | 4 +- drivers/net/wireless/ath/ath12k/wmi.c | 3 +- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 + drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 + drivers/net/wireless/marvell/mwifiex/11n.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 + drivers/net/wireless/realtek/rtw88/coex.c | 2 +- drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 10 +- drivers/net/wireless/realtek/rtw89/fw.c | 2 +- drivers/net/wireless/realtek/rtw89/pci.c | 2 +- drivers/net/wwan/mhi_wwan_mbim.c | 9 +- drivers/net/wwan/t7xx/t7xx_netdev.c | 11 +- drivers/nvme/host/constants.c | 2 +- drivers/nvme/host/core.c | 1 - drivers/nvme/host/pr.c | 2 - drivers/nvme/target/core.c | 9 +- drivers/nvme/target/fcloop.c | 31 +-- drivers/nvme/target/io-cmd-bdev.c | 9 +- drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/of/unittest.c | 10 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +- drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 + drivers/pci/controller/pcie-apple.c | 4 +- drivers/pci/endpoint/pci-epf-core.c | 22 +- drivers/pci/pci-acpi.c | 23 +- drivers/pci/pci-driver.c | 6 - drivers/pci/pci.c | 15 +- drivers/pci/pci.h | 1 + drivers/pci/pcie/dpc.c | 66 +++-- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 +- drivers/perf/arm-ni.c | 40 +-- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 +- drivers/pinctrl/pinctrl-at91.c | 6 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 + drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 ++-- drivers/pinctrl/samsung/pinctrl-exynos.c | 266 ++++++++++-------- drivers/pinctrl/samsung/pinctrl-exynos.h | 8 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 21 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 8 +- drivers/pmdomain/core.c | 35 +++ drivers/power/reset/at91-reset.c | 5 +- drivers/ptp/ptp_private.h | 12 +- drivers/regulator/max20086-regulator.c | 6 +- drivers/remoteproc/qcom_wcnss_iris.c | 2 + drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 - drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 - drivers/rpmsg/qcom_smd.c | 2 +- drivers/rtc/rtc-loongson.c | 8 + drivers/rtc/rtc-sh.c | 12 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 29 +- drivers/scsi/qedf/qedf_main.c | 2 +- drivers/scsi/scsi_transport_iscsi.c | 11 +- drivers/scsi/smartpqi/smartpqi_init.c | 4 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +- drivers/soc/qcom/smp2p.c | 2 +- drivers/spi/spi-bcm63xx-hsspi.c | 2 +- drivers/spi/spi-bcm63xx.c | 2 +- drivers/spi/spi-omap2-mcspi.c | 30 ++- drivers/spi/spi-sh-msiof.c | 13 +- drivers/spi/spi-tegra210-quad.c | 24 +- drivers/staging/media/rkvdec/rkvdec.c | 10 +- drivers/thermal/mediatek/lvts_thermal.c | 16 +- drivers/thunderbolt/usb4.c | 4 +- drivers/tty/serial/8250/8250_omap.c | 25 +- drivers/tty/serial/milbeaut_usio.c | 5 +- drivers/tty/serial/sh-sci.c | 24 +- drivers/tty/vt/vt_ioctl.c | 2 - drivers/ufs/core/ufs-mcq.c | 6 - drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-qcom.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 +- drivers/usb/cdns3/cdnsp-gadget.h | 4 + drivers/usb/class/usbtmc.c | 17 +- drivers/usb/core/hub.c | 16 +- drivers/usb/core/usb-acpi.c | 2 + drivers/usb/gadget/function/f_hid.c | 12 +- drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/misc/onboard_usb_dev.c | 111 ++++++-- drivers/usb/renesas_usbhs/common.c | 50 +++- drivers/usb/serial/bus.c | 2 +- drivers/usb/typec/bus.c | 2 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 +- drivers/usb/typec/tcpm/tcpm.c | 91 +++++-- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 +++++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 +- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/qcom-wled.c | 6 +- drivers/video/fbdev/core/fbcvt.c | 2 +- drivers/watchdog/exar_wdt.c | 2 +- drivers/xen/balloon.c | 13 +- fs/9p/vfs_addr.c | 1 + fs/btrfs/extent-io-tree.c | 6 +- fs/btrfs/inode.c | 7 +- fs/btrfs/scrub.c | 34 ++- fs/erofs/super.c | 49 +++- fs/f2fs/data.c | 4 +- fs/f2fs/f2fs.h | 10 +- fs/f2fs/gc.c | 3 + fs/f2fs/namei.c | 10 +- fs/f2fs/segment.h | 43 +-- fs/f2fs/super.c | 4 +- fs/filesystems.c | 14 +- fs/gfs2/glock.c | 3 +- fs/gfs2/glops.c | 4 +- fs/gfs2/incore.h | 9 +- fs/gfs2/inode.c | 3 +- fs/gfs2/meta_io.c | 2 +- fs/gfs2/meta_io.h | 4 +- fs/gfs2/ops_fstype.c | 35 ++- fs/gfs2/super.c | 16 +- fs/gfs2/sys.c | 1 - fs/kernfs/dir.c | 5 +- fs/kernfs/file.c | 3 +- fs/namespace.c | 25 +- fs/nfs/super.c | 19 ++ fs/nilfs2/btree.c | 4 +- fs/nilfs2/direct.c | 3 + fs/ntfs3/index.c | 8 + fs/ntfs3/inode.c | 5 + fs/ocfs2/quota_local.c | 2 +- fs/smb/client/cifssmb.c | 20 +- fs/squashfs/super.c | 5 + fs/xfs/xfs_discard.c | 17 +- include/linux/arm_sdei.h | 4 +- include/linux/bio.h | 2 +- include/linux/bvec.h | 7 +- include/linux/coresight.h | 2 +- include/linux/hid.h | 3 +- include/linux/ieee80211.h | 79 +++++- include/linux/mdio.h | 5 +- include/linux/mlx5/driver.h | 1 + include/linux/mm.h | 58 ++++ include/linux/nvme.h | 2 +- include/linux/overflow.h | 33 ++- include/linux/pci-epf.h | 3 + include/linux/phy.h | 5 +- include/linux/pm_domain.h | 7 + include/linux/poison.h | 4 + include/linux/virtio_vsock.h | 1 + include/net/bluetooth/hci_core.h | 2 +- include/net/checksum.h | 2 +- include/net/netfilter/nft_fib.h | 9 + include/net/page_pool/types.h | 6 + include/net/sock.h | 7 +- include/sound/hdaudio.h | 4 +- io_uring/fdinfo.c | 12 +- io_uring/io_uring.c | 4 +- io_uring/register.c | 7 +- io_uring/sqpoll.c | 43 +-- io_uring/sqpoll.h | 8 +- kernel/bpf/core.c | 29 +- kernel/events/core.c | 50 +++- kernel/power/energy_model.c | 4 + kernel/power/hibernate.c | 5 + kernel/power/main.c | 3 +- kernel/power/power.h | 4 + kernel/power/wakelock.c | 3 + kernel/rcu/tree.c | 10 +- kernel/rcu/tree.h | 2 +- kernel/rcu/tree_stall.h | 4 +- kernel/sched/core.c | 12 +- kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 7 +- kernel/trace/ring_buffer.c | 41 +-- kernel/trace/trace.h | 8 +- kernel/trace/trace_events_hist.c | 122 +++++++-- kernel/trace/trace_events_trigger.c | 20 +- lib/iov_iter.c | 2 +- lib/kunit/static_stub.c | 2 +- lib/usercopy_kunit.c | 1 + mm/page_alloc.c | 8 +- net/bluetooth/eir.c | 17 +- net/bluetooth/eir.h | 2 +- net/bluetooth/hci_conn.c | 2 + net/bluetooth/hci_core.c | 29 +- net/bluetooth/hci_event.c | 16 +- net/bluetooth/hci_sync.c | 76 +++++- net/bluetooth/iso.c | 9 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/mgmt.c | 140 +++++----- net/bluetooth/mgmt_util.c | 51 ++-- net/bluetooth/mgmt_util.h | 8 +- net/bridge/netfilter/nf_conntrack_bridge.c | 12 +- net/core/filter.c | 2 +- net/core/netmem_priv.h | 33 ++- net/core/page_pool.c | 108 ++++++-- net/core/skbuff.c | 16 +- net/core/skmsg.c | 53 ++-- net/core/sock.c | 8 +- net/core/utils.c | 4 +- net/core/xdp.c | 4 +- net/dsa/tag_brcm.c | 2 +- net/ipv4/netfilter/nft_fib_ipv4.c | 11 +- net/ipv4/udp_offload.c | 5 + net/ipv6/ila/ila_common.c | 6 +- net/ipv6/netfilter.c | 12 +- net/ipv6/netfilter/nft_fib_ipv6.c | 17 +- net/ipv6/seg6_local.c | 6 +- net/mac80211/mlme.c | 7 +- net/mac80211/scan.c | 11 +- net/ncsi/internal.h | 21 +- net/ncsi/ncsi-pkt.h | 23 +- net/ncsi/ncsi-rsp.c | 21 +- net/netfilter/nf_nat_core.c | 12 +- net/netfilter/nft_quota.c | 20 +- net/netfilter/nft_set_pipapo.c | 58 +++- net/netfilter/nft_set_pipapo_avx2.c | 21 +- net/netfilter/nft_tunnel.c | 8 +- net/netfilter/xt_TCPOPTSTRIP.c | 4 +- net/netfilter/xt_mark.c | 2 +- net/netlabel/netlabel_kapi.c | 5 + net/openvswitch/flow.c | 2 +- net/sched/sch_ets.c | 2 +- net/sched/sch_prio.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 5 +- net/sched/sch_tbf.c | 2 +- net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 +- net/tipc/crypto.c | 6 +- net/tls/tls_sw.c | 15 +- net/vmw_vsock/virtio_transport_common.c | 26 +- net/wireless/scan.c | 18 +- net/xfrm/xfrm_device.c | 2 - net/xfrm/xfrm_state.c | 2 - rust/kernel/alloc/kvec.rs | 3 + scripts/gcc-plugins/gcc-common.h | 32 +++ scripts/gcc-plugins/randomize_layout_plugin.c | 40 +-- sound/core/seq_device.c | 2 +- sound/hda/hda_bus_type.c | 6 +- sound/pci/hda/hda_bind.c | 4 +- sound/pci/hda/patch_realtek.c | 68 ++++- sound/soc/apple/mca.c | 23 ++ sound/soc/codecs/hda.c | 4 +- sound/soc/codecs/tas2764.c | 2 +- sound/soc/intel/avs/debugfs.c | 6 +- sound/soc/intel/avs/ipc.c | 4 +- sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 +- sound/soc/sof/amd/pci-acp70.c | 1 + sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/ti/omap-hdmi.c | 7 +- sound/usb/implicit.c | 1 + tools/arch/x86/kcpuid/kcpuid.c | 47 ++-- tools/arch/x86/lib/x86-opcode-map.txt | 50 ++-- tools/bpf/bpftool/cgroup.c | 2 +- tools/bpf/resolve_btfids/Makefile | 2 +- tools/include/nolibc/stdlib.h | 4 +- tools/include/nolibc/types.h | 2 +- tools/lib/bpf/bpf_core_read.h | 6 + tools/lib/bpf/libbpf.c | 48 ++-- tools/lib/bpf/linker.c | 4 +- tools/lib/bpf/nlattr.c | 15 +- tools/objtool/check.c | 3 +- tools/perf/Makefile.config | 2 + tools/perf/Makefile.perf | 3 +- tools/perf/builtin-record.c | 2 +- tools/perf/builtin-trace.c | 9 +- tools/perf/scripts/python/exported-sql-viewer.py | 5 +- tools/perf/tests/switch-tracking.c | 2 +- tools/perf/ui/browsers/hists.c | 2 +- tools/perf/util/intel-pt.c | 205 +++++++++++++- tools/perf/util/machine.c | 6 +- tools/perf/util/symbol-minimal.c | 164 +++++------ tools/perf/util/thread.c | 8 +- tools/perf/util/thread.h | 2 +- tools/power/x86/turbostat/turbostat.c | 41 ++- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 + tools/testing/selftests/bpf/test_loader.c | 14 +- tools/testing/selftests/cpufreq/cpufreq.sh | 3 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 13 +- 538 files changed, 5609 insertions(+), 3139 deletions(-)

7 hours, 4 minutes

5
514
0 0

[PATCH 6.15 000/780] 6.15.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.3 release. There are 780 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Jun 2025 15:22:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.3-rc1 Andrew Price <anprice(a)redhat.com> gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Kees Cook <kees(a)kernel.org> overflow: Introduce __DEFINE_FLEX for having no initializer Oliver Neukum <oneukum(a)suse.com> net: usb: aqc111: debug info before sanitation Arnd Bergmann <arnd(a)arndb.de> usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n Nícolas F. R. A. Prado <nfraprado(a)collabora.com> regulator: dt-bindings: mt6357: Drop fixed compatible requirement Al Viro <viro(a)zeniv.linux.org.uk> do_move_mount(): split the checks in subtree-of-our-ns and entire-anon cases Eric Dumazet <edumazet(a)google.com> calipso: unlock rcu before returning -EAFNOSUPPORT Xin Li (Intel) <xin(a)zytor.com> x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Roman Kisel <romank(a)linux.microsoft.com> x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() Thomas Gleixner <tglx(a)linutronix.de> x86/iopl: Cure TIF_IO_BITMAP inconsistencies Stefano Stabellini <stefano.stabellini(a)amd.com> xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Dave Chinner <dchinner(a)redhat.com> xfs: don't assume perags are initialised when trimming AGs Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Move cpus_read_lock() outside of buffer->mutex Dmitry Antipov <dmantipov(a)yandex.ru> ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not trigger WARN_ON() due to a commit_overrun Jens Axboe <axboe(a)kernel.dk> mm/filemap: use filemap_end_dropbehind() for read invalidation Jens Axboe <axboe(a)kernel.dk> mm/filemap: gate dropbehind invalidate on folio !dirty && !writeback Al Viro <viro(a)zeniv.linux.org.uk> Don't propagate mounts into detached trees Matthew Wilcox (Oracle) <willy(a)infradead.org> 9p: Add a migrate_folio method RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Flush altsetting 0 endpoints before reinitializating them after reset. Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting USB 3.2 speed Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting command completion event Jonathan Stroud <jonathan.stroud(a)amd.com> usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: serial: 8250_omap: fix TX with DMA for am33xx Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Peter Korsgaard <peter(a)korsgaard.com> nvmem: zynqmp_nvmem: unbreak driver after cleanup Oleg Nesterov <oleg(a)redhat.com> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kernel: Fix ppc_save_regs inclusion in build Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() David Heimann <d(a)dmeh.net> ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Kill timer properly at removal Mike Rapoport (Microsoft) <rppt(a)kernel.org> Revert "mm/execmem: Unify early execmem_cache behaviour" Francesco Dolcini <francesco.dolcini(a)toradex.com> Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Suleiman Souhlal <suleiman(a)google.com> tools/resolve_btfids: Fix build when cross compiling kernel with clang. Mike Yuan <me(a)yhndnzj.com> pidfs: never refuse ppid == 0 in PIDFD_GET_INFO Benno Lossin <lossin(a)kernel.org> rust: list: fix path of `assert_pinned!` Gary Guo <gary(a)garyguo.net> rust: compile libcore with edition 2024 for 1.87+ Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: relax slice condition to cover more `noreturn` Rust functions Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> uapi: bitops: use UAPI-safe variant of BITS_PER_LONG again Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Fix bvec_set_folio() for very large folios Matthew Wilcox (Oracle) <willy(a)infradead.org> bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP Paulo Alcantara <pc(a)manguebit.org> smb: client: fix perf regression with deferred closes Keith Busch <kbusch(a)kernel.org> io_uring: consistently use rcu semantics with sqpoll thread Christoph Hellwig <hch(a)lst.de> block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Penglei Jiang <superman.xpt(a)gmail.com> io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Ming Lei <ming.lei(a)redhat.com> block: use q->elevator with ->elevator_lock held in elv_iosched_show() Peter Zijlstra <peterz(a)infradead.org> perf: Ensure bpf_perf_link path is properly serialized Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix spurious drain flushing Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: access fcpreq only when holding reqlock Filipe Manana <fdmanana(a)suse.com> btrfs: exit after state split error at set_extent_bit() Christian Brauner <brauner(a)kernel.org> gfs2: pass through holder from the VFS for freeze/thaw Filipe Manana <fdmanana(a)suse.com> btrfs: fix fsync of files with no hard links not persisting deletion Zijun Hu <quic_zijuhu(a)quicinc.com> fs/filesystems: Fix potential unsigned integer underflow in fs_name() Filipe Manana <fdmanana(a)suse.com> btrfs: exit after state insertion failure at btrfs_convert_extent_bit() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/lrc: Use a temporary buffer for WA BB Gal Pressman <gal(a)nvidia.com> net: ethtool: Don't check if RSS context exists in case of context 0 Jakub Kicinski <kuba(a)kernel.org> net: drv: netdevsim: don't napi_complete() from netpoll Eric Dumazet <edumazet(a)google.com> net_sched: ets: fix a race in ets_qdisc_change() Eric Dumazet <edumazet(a)google.com> net_sched: tbf: fix a race in tbf_change() Eric Dumazet <edumazet(a)google.com> net_sched: red: fix a race in __red_change() Eric Dumazet <edumazet(a)google.com> net_sched: prio: fix a race in prio_tune() Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: phy: phy_caps: Don't skip better duplex macth on non-exact match Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5e: Fix number of lanes to UNKNOWN when using data_rate_oper Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix leak of Geneve TLV option object Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5: HWS, make sure the uplink is the last destination Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix missing ip_version handling in definer Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix return value when searching for existing flow group Amir Tzin <amirtz(a)nvidia.com> net/mlx5: Fix ECVF vports unload on shutdown flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Ensure fw pages are always allocated on same NUMA Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix sparse errors Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: eir: Fix possible crashes on eir_create_adv_data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix NULL pointer deference on eir_get_service_data Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds read/write access Carlos Fernandez <carlos.fernandez(a)technica-engineering.de> macsec: MACsec SCI assignment for ES = 0 Gustavo Luiz Duarte <gustavold(a)gmail.com> netconsole: fix appending sysdata when sysdata_fields == SYSDATA_RELEASE Michal Luczaj <mhal(a)rbox.co> net: Fix TOCTOU issue in sk_is_readable() Yunhui Cui <cuiyunhui(a)bytedance.com> ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Joe Damato <jdamato(a)fastly.com> e1000: Move cancel_work_sync to avoid deadlock Anton Nadezhdin <anton.nadezhdin(a)intel.com> ice/ptp: fix crosstimestamp reporting Ahmed Zaki <ahmed.zaki(a)intel.com> iavf: fix reset_task for early reset event Robert Malz <robert.malz(a)canonical.com> i40e: retry VFLR handling if there is ongoing VF reset Robert Malz <robert.malz(a)canonical.com> i40e: return false from i40e_reset_vf if reset is in progress Chen-Yu Tsai <wens(a)csie.org> pinctrl: sunxi: dt: Consider pin base when calculating bank number from pin Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix more rounding issues with 59.94Hz modes Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use vclk_freq instead of pixel_freq in debug print Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix debug log statement when setting the HDMI clocks Gabriel Dalimonte <gabriel.dalimonte(a)gmail.com> drm/vc4: fix infinite EPROBE_DEFER loop Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: fix a potential crash on gso_skb handling Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: iscsi: Fix incorrect error path labels for flashnode operations Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Fix incorrect PSP firmware size Wojciech Slenska <wojciech.slenska(a)gmail.com> pinctrl: qcom: pinctrl-qcm2290: Add missing pins Félix Piédallu <felix.piedallu(a)non.se.com> spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Félix Piédallu <felix.piedallu(a)non.se.com> spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message Dan Carpenter <dan.carpenter(a)linaro.org> regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Miaoqing Pan <miaoqing.pan(a)oss.qualcomm.com> wifi: ath12k: fix uaf in ath12k_core_init() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: refactor ath12k_hw_regs structure Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: move some firmware stats related functions outside of debugfs Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't wait when there is no vdev started Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() Caleb Connolly <caleb.connolly(a)linaro.org> ath10k: snoc: fix unbalanced IRQ enable in crash recovery Jeongjun Park <aha310510(a)gmail.com> ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Protect mgmt_pending list with its own lock Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Chandrashekar Devegowda <chandrashekar.devegowda(a)intel.com> Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chandrashekar Devegowda <chandrashekar.devegowda(a)intel.com> Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: fix list_for_each_entry_rcu usage Sanjeev Yadav <sanjeev.y(a)mediatek.com> scsi: core: ufs: Fix a hang in the error handler Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks Peter Griffin <peter.griffin(a)linaro.org> pinctrl: samsung: refactor drvdata suspend & resume callbacks Gautham R. Shenoy <gautham.shenoy(a)amd.com> tools/power turbostat: Fix AMD package-energy reporting Petr Pavlu <petr.pavlu(a)suse.com> genksyms: Fix enum consts from a reference affecting new values Al Viro <viro(a)zeniv.linux.org.uk> do_change_type(): refuse to operate on unmounted/not ours mounts Al Viro <viro(a)zeniv.linux.org.uk> clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> fs: allow clone_private_mount() for a path on real rootfs Al Viro <viro(a)zeniv.linux.org.uk> fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) Al Viro <viro(a)zeniv.linux.org.uk> finish_automount(): don't leak MNT_LOCKED from parent to child Stephen Brennan <stephen.s.brennan(a)oracle.com> fs: convert mount flags to enum Al Viro <viro(a)zeniv.linux.org.uk> path_overmount(): avoid false negatives Al Viro <viro(a)zeniv.linux.org.uk> fs/fhandle.c: fix a race in call of has_locked_children() Nitesh Shetty <nj.shetty(a)samsung.com> iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Yuuki NAGAO <wf.yn386(a)gmail.com> ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Verify content returned by parse_int_array() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Verify kcalloc() status when setting constraints Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix paths in MODULE_FIRMWARE hints Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Relocate DSP status registers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Read HW capabilities when possible Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Ignore Vendor-space manipulation for ACE Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix PPLCxFMT calculation Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: PCM operations for LNL-based platforms Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Allow to fetch hlink by ID Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: hda: Fix RPM usage count underflow Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Can Guo <quic_cang(a)quicinc.com> scsi: ufs: qcom: Map devfreq OPP freq to UniPro Core Clock freq Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: qcom: Check gear against max gear in vop freq_to_gear() Nylon Chen <nylon.chen(a)sifive.com> riscv: misaligned: fix sleeping function called during misaligned access handling Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/pxp: Clarify PXP queue creation behavior if PXP is not ready Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/pxp: Use the correct define in the set_property_funcs array Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework eviction rejection of bound external bos Arnd Bergmann <arnd(a)arndb.de> drm/xe/vsec: fix CONFIG_INTEL_VSEC dependency Matthew Auld <matthew.auld(a)intel.com> drm/xe/vm: move xe_svm_init() earlier Ido Schimmel <idosch(a)nvidia.com> seg6: Fix validation of nexthop addresses Eric Dumazet <edumazet(a)google.com> net: prevent a NULL deref in rtnl_create_link() Eric Dumazet <edumazet(a)google.com> net: annotate data-races around cleanup_net_task Jakub Kicinski <kuba(a)kernel.org> selftests: drv-net: tso: make bkg() wait for socat to quit Jakub Kicinski <kuba(a)kernel.org> selftests: drv-net: tso: fix the GRE device name Mirco Barone <mirco.barone(a)polito.it> wireguard: device: enable threaded NAPI Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: decode ip6gre Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: add missing byte-order properties Daniele Palmas <dnlplm(a)gmail.com> net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not touch DLL_IQQD on bcm53115 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not configure bcm63xx's IMP port interface Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: implement setting ageing time Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not enable RGMII delay on bcm63xx Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not enable EEE on bcm63xx Meghana Malladi <m-malladi(a)ti.com> net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: also check reverse tuple to obtain clashing entry Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Michael Walle <mwalle(a)kernel.org> drm/panel-simple: fix the warnings for the Evervision VGG644804 Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: avoid panic on init failure Dibin Moolakadan Subrahmanian <dibin.moolakadan.subrahmanian(a)intel.com> drm/i915/display: Fix u32 overflow in SNPS PHY HDMI PLL setup Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO Pavel Begunkov <asml.silence(a)gmail.com> nvme: fix implicit bool to flags conversion Keith Busch <kbusch(a)kernel.org> nvme: fix command limits status code Caleb Sander Mateos <csander(a)purestorage.com> block: flip iter directions in blk_rq_integrity_map_user() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu/gfx10: Refine Cleaner Shader for GFX10.1.10 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> iavf: get rid of the crit lock Przemek Kitszel <przemyslaw.kitszel(a)intel.com> iavf: sprinkle netdev_assert_locked() annotations Przemek Kitszel <przemyslaw.kitszel(a)intel.com> iavf: extract iavf_watchdog_step() out of iavf_watchdog_task() Przemek Kitszel <przemyslaw.kitszel(a)intel.com> iavf: simplify watchdog_task in terms of adminq task scheduling Przemek Kitszel <przemyslaw.kitszel(a)intel.com> iavf: centralize watchdog requeueing itself Przemek Kitszel <przemyslaw.kitszel(a)intel.com> iavf: iavf_suspend(): take RTNL before netdev_lock() Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Initialize PPE UPDMEM source-mac table Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Add the capability to allocate hfwd descriptors in SRAM Bui Quang Minh <minhquangbui99(a)gmail.com> selftests: net: build net/lib dependency in all target Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: correctly report gso type for UDP tunnels Jinjian Song <jinjian.song(a)fibocom.com> net: wwan: t7xx: Fix napi rx poll issue Shiming Cheng <shiming.cheng(a)mediatek.com> net: fix udp gso skb_segment after pull from frag_list Yongting Lin <linyongting(a)gmail.com> um: Fix tgkill compile error on old host OSes Jesus Narvaez <jesus.narvaez(a)intel.com> drm/i915/guc: Handle race condition where wakeref count drops below 0 Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Jesus Narvaez <jesus.narvaez(a)intel.com> drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Clarify the meaning of BPF_F_PSEUDO_HDR Paul Chaignon <paul.chaignon(a)gmail.com> net: Fix checksum update for ILA adj-transport Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: tag_brcm: legacy: fix pskb_may_pull length Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: avoid mailbox timeout delays during reset Brian Vazquez <brianvv(a)google.com> idpf: fix a race in txq wakeup Michal Kubiak <michal.kubiak(a)intel.com> ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Kubiak <michal.kubiak(a)intel.com> ice: create new Tx scheduler nodes for new queues only Michal Kubiak <michal.kubiak(a)intel.com> ice: fix Tx scheduler error handling in XDP callback Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix shared reset Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-spi: fix shared reset Yu Kuai <yukuai3(a)huawei.com> md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Make sure to insert the vlan tags also in host mode Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4_en: Prevent potential integer overflow calculating Hz Yanqing Wang <ot_yanqing.wang(a)mediatek.com> driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Charalampos Mitrodimas <charmitro(a)posteo.net> net: tipc: fix refcount warning in tipc_aead_encrypt Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt Quentin Schulz <quentin.schulz(a)cherry.de> net: stmmac: platform: guarantee uniqueness of bus_id Dong Chenchen <dongchenchen2(a)huawei.com> page_pool: Fix use-after-free in page_pool_recycle_in_ring Tengteng Yang <yangtengteng(a)bytedance.com> Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Add missing documentation of rpa_freq Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Make xe_gt_freq part of the Documentation Heiko Stuebner <heiko(a)sntech.de> drm/bridge: analogix_dp: Fix clk-disable removal Damon Ding <damon.ding(a)rock-chips.com> drm/bridge: analogix_dp: Add support to get panel from the DP AUX bus Damon Ding <damon.ding(a)rock-chips.com> drm/bridge: analogix_dp: Remove CONFIG_PM related check in analogix_dp_bind()/analogix_dp_unbind() Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Reorder Doorbell Unregister and Command Queue Destruction Damon Ding <damon.ding(a)rock-chips.com> drm/bridge: analogix_dp: Remove the unnecessary calls to clk_disable_unprepare() during probing Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> drm/connector: only call HDMI audio helper plugged cb if non-null Ming Lei <ming.lei(a)redhat.com> loop: add file_start_write() and file_end_write() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: typec: fix const issue in typec_match() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: gadget: udc: fix const issue in gadget_match_driver() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: bus: fix const issue in usb_serial_device_match() Marcus Folkesson <marcus.folkesson(a)gmail.com> iio: adc: mcp3911: fix device dependent mappings for conversion result registers Marius Cristea <marius.cristea(a)microchip.com> iio: adc: PAC1934: fix typo in documentation link Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Roxana Nicolescu <nicolescu.roxana(a)protonmail.com> char: tlclk: Fix correct sysfs directory path for tlclk Roxana Nicolescu <nicolescu.roxana(a)protonmail.com> misc: lis3lv02d: Fix correct sysfs directory path for lis3lv02d Christian Schrefl <chrisi.schrefl(a)gmail.com> rust: miscdevice: fix typo in MiscDevice::ioctl documentation Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix secondary address restriction Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix PCMCIA config identifier Nicolas Pitre <npitre(a)baylibre.com> vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: prevent deactivate active config while enabling the config Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: holding cscfg_csdev_lock while removing cscfg from csdev Yeoreum Yun <yeoreum.yun(a)arm.com> coresight/etm4: fix missing disable active config Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Fix timestamp bit field handling Mao Jinlong <quic_jinlmao(a)quicinc.com> coresight: tmc: fix failure to disable/enable ETF after reading Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: adc: ad4851: fix ad4858 chan pointer handling Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: fix bus read Qasim Ijaz <qasdev00(a)gmail.com> fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Alexander Sverdlin <alexander.sverdlin(a)gmail.com> counter: interrupt-cnt: Protect enable/disable OPs with mutex Yabin Cui <yabinc(a)google.com> coresight: core: Disable helpers for devices that fail to enable Yabin Cui <yabinc(a)google.com> coresight: catu: Introduce refcount and spinlock for enabling/disabling Junhao He <hejunhao3(a)huawei.com> coresight: Fixes device's owner field for registered using coresight_init_driver() WangYuli <wangyuli(a)uniontech.com> MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Chenyuan Yang <chenyuan0y(a)gmail.com> usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix 3dB filter frequency reading Brian Pellegrino <bpellegrino(a)arka.org> iio: filter: admv8818: Support frequencies >= 2^32 Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix range calculation Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix integer overflow Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix band 4, state 15 Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Fix a logic error in wake on connect Henry Martin <bsdhenrymartin(a)gmail.com> serial: Fix potential null-ptr-deref in mlb_usio_probe() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> usb: renesas_usbhs: Reorder clock handling and power management in probe Andrea Righi <arighi(a)nvidia.com> sched_ext: idle: Skip cross-node search with !CONFIG_NUMA Jerome Brunet <jbrunet(a)baylibre.com> PCI: endpoint: Retain fixed-size BAR size as well as aligned size Miguel Ojeda <ojeda(a)kernel.org> rust: pci: fix docs related to missing Markdown code spans Liu Dalin <liudalin(a)kylinsec.com.cn> rtc: loongson: Add missing alarm notifications for ACPI RTC events Brian Norris <briannorris(a)google.com> PCI/pwrctrl: Cancel outstanding rescan work when unregistering Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Log Error Source ID only when valid Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Initialize aer_err_info before using it Zhe Qiao <qiaozhe(a)iscas.ac.cn> PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Henry Martin <bsdhenrymartin(a)gmail.com> dmaengine: ti: Add NULL check in udma_probe() Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: only compute port params in specific stream states Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> phy: qcom-qusb2: reuse the IPQ6018 settings for IPQ5424 Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> Revert "phy: qcom-qusb2: add QUSB2 support for IPQ5424" Chenyuan Yang <chenyuan0y(a)gmail.com> phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Mario Limonciello <mario.limonciello(a)amd.com> PCI: Explicitly put devices into D0 when initializing Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Save and restore the LUT setting during suspend/resume for i.MX95 SoC Hector Martin <marcan(a)marcan.st> PCI: apple: Use gpiod_set_value_cansleep in probe flow Hans Zhang <18255117159(a)163.com> PCI: cadence: Fix runtime atomic count underflow Jerome Brunet <jbrunet(a)baylibre.com> PCI: rcar-gen4: set ep BAR4 fixed size Jensen Huang <jensenhuang(a)friendlyarm.com> PCI: rockchip: Fix order of rockchip_pci_core_rsts Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Ignore Presence Detect Changed caused by DPC Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Fix clock ratio setup Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: sh: assign correct interrupts with DT Danilo Krummrich <dakr(a)kernel.org> rust: alloc: add missing invariant in Vec::set_len() Pali Rohár <pali(a)kernel.org> cifs: Fix validation of SMB1 query reparse point response Ian Rogers <irogers(a)google.com> perf callchain: Always populate the addr_location map when adding IP Amir Goldstein <amir73il(a)gmail.com> exportfs: require ->fh_to_parent() to encode connectable file handles Pekka Ristola <pekkarr(a)protonmail.com> rust: file: mark `LocalFile` as `repr(transparent)` Alistair Popple <apopple(a)nvidia.com> fs/dax: Fix "don't skip locked entries when scanning entries" Anubhav Shelat <ashelat(a)redhat.com> perf trace: Set errpid to false for rseq and set_robust_list NeilBrown <neil(a)brown.name> nfs_localio: change nfsd_file_put_local() to take a pointer to __rcu pointer NeilBrown <neil(a)brown.name> nfs_localio: protect race between nfs_uuid_put() and nfs_close_local_fh() NeilBrown <neil(a)brown.name> nfs_localio: duplicate nfs_close_local_fh() NeilBrown <neil(a)brown.name> nfs_localio: simplify interface to nfsd for getting nfsd_file NeilBrown <neil(a)brown.name> nfs_localio: always hold nfsd net ref with nfsd_file ref NeilBrown <neil(a)brown.name> nfs_localio: use cmpxchg() to install new nfs_file_localio NeilBrown <neil(a)brown.name> nfs: fix incorrect handling of large-number NFS errors in nfs4_do_mkdir() Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when remounting nfs Li Lingfeng <lilingfeng3(a)huawei.com> nfs: clear SB_RDONLY before getting superblock Anubhav Shelat <ashelat(a)redhat.com> perf trace: Always print return value for syscalls returning a pid Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf record: Fix incorrect --user-regs comments David Hildenbrand <david(a)redhat.com> s390/uv: Improve splitting of large folios that cannot be split while dirty David Hildenbrand <david(a)redhat.com> s390/uv: Always return 0 from s390_wiggle_split_folio() if successful David Hildenbrand <david(a)redhat.com> s390/uv: Don't return 0 from make_hva_secure() if the operation was not successful Ian Rogers <irogers(a)google.com> perf symbol: Fix use-after-free in filename__read_build_id Ian Rogers <irogers(a)google.com> perf pmu: Avoid segv for missing name/alias_name in wildcarding Jens Axboe <axboe(a)kernel.dk> iomap: don't lose folio dropbehind state for overwrites Jason-JH Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Peng Fan <peng.fan(a)nxp.com> mailbox: imx: Fix TXDB_V2 sending Yue Haibing <yuehaibing(a)huawei.com> mailbox: mchp-ipc-sbi: Fix COMPILE_TEST build error Leo Yan <leo.yan(a)arm.com> perf tests switch-tracking: Fix timestamp comparison David Howells <dhowells(a)redhat.com> netfs: Fix undifferentiation of DIO reads from unbuffered reads Alexey Gladkov <legion(a)kernel.org> mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() David Howells <dhowells(a)redhat.com> netfs: Fix wait/wake to be consistent about the waitqueue used David Howells <dhowells(a)redhat.com> netfs: Fix the request's work item to not require a ref Paulo Alcantara <pc(a)manguebit.com> netfs: Fix setting of transferred bytes with short DIO reads David Howells <dhowells(a)redhat.com> netfs: Fix oops in write-retry from mis-resetting the subreq iterator Dan Carpenter <dan.carpenter(a)linaro.org> rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Refactor sequential core power up/down operations Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} James Clark <james.clark(a)linaro.org> perf tools: Fix arm64 source package build Dan Carpenter <dan.carpenter(a)linaro.org> remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe Adrian Hunter <adrian.hunter(a)intel.com> perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix PEBS-via-PT data_src Michael Petlan <mpetlan(a)redhat.com> perf tests: Fix 'perf report' tests installation Namhyung Kim <namhyung(a)kernel.org> perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Namhyung Kim <namhyung(a)kernel.org> perf trace: Fix leaks of 'struct thread' in fprintf_sys_enter() Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: make corrupting read bios work Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: error all IOs when num_features is absent Benjamin Marzinski <bmarzins(a)redhat.com> dm: limit swapping tables for devices with zone write plugs Benjamin Marzinski <bmarzins(a)redhat.com> dm: fix dm_blk_report_zones Ian Rogers <irogers(a)google.com> perf symbol-minimal: Fix double free in filename__read_build_id Alexei Safin <a.safin(a)rosa.ru> hwmon: (asus-ec-sensors) check sensor index in read_string() Mikhail Arkhipov <m.arhipov(a)rosa.ru> mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Thomas Richter <tmricht(a)linux.ibm.com> perf tests metric-only perf stat: Fix tests 84 and 86 s390 Ian Rogers <irogers(a)google.com> perf tool_pmu: Fix aggregation on duration_time Sean Christopherson <seanjc(a)google.com> x86/irq: Ensure initial PIR loads are performed exactly once Geert Uytterhoeven <geert+renesas(a)glider.be> HID: HID_APPLETB_BL should depend on X86 Geert Uytterhoeven <geert+renesas(a)glider.be> HID: HID_APPLETB_KBD should depend on X86 Wentao Guan <guanwentao(a)uniontech.com> HID: intel-thc-hid: intel-quicki2c: pass correct arguments to acpi_evaluate_object Henry Martin <bsdhenrymartin(a)gmail.com> backlight: pm8941: Add NULL check in wled_configure() Benjamin Marzinski <bmarzins(a)redhat.com> dm: handle failures in dm_table_set_restrictions Benjamin Marzinski <bmarzins(a)redhat.com> dm: free table mempools if not used in __bind Benjamin Marzinski <bmarzins(a)redhat.com> dm: don't change md if dm_table_set_restrictions() fails Arnaldo Carvalho de Melo <acme(a)redhat.com> perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Don't show libbfd build status as it is opt-in Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Warn when libdebuginfod devel files are not available Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Don't show libunwind build status as it is opt-in Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Don't set libunwind as available if test-all.c build succeeds Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Fix attribute addition Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Remove bogus void member Henry Martin <bsdhenrymartin(a)gmail.com> watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe() Sergey Shtylyov <s.shtylyov(a)omp.ru> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Kees Cook <kees(a)kernel.org> ubsan: integer-overflow: depend on BROKEN to keep this out of CI Henry Martin <bsdhenrymartin(a)gmail.com> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() Su Hui <suhui(a)nfschina.com> soc: aspeed: lpc: Fix impossible judgment condition Joel Stanley <joel(a)jms.id.au> ARM: aspeed: Don't select SRAM Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Rename RTC node to match binding expectations Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: qcs615: Fix up UFS clocks Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8998: Remove mdss_hdmi_phy phandle argument Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8998: Use the header with DSI phy clock IDs Dmitry Baryshkov <lumag(a)kernel.org> arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma Pengyu Luo <mitltlatltl(a)gmail.com> arm64: dts: qcom: sm8650: add the missing l2 cache node Vignesh Raman <vignesh.raman(a)collabora.com> arm64: defconfig: mediatek: enable PHY drivers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: move replicator out of soc node Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: add missing clocks to the timer node Andre Przywara <andre.przywara(a)arm.com> dt-bindings: vendor-prefixes: Add Liontron name Robin Murphy <robin.murphy(a)arm.com> bus: fsl_mc: Fix driver_managed_dma check Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: fix double-free on mc_dev Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Wentao Liang <vulab(a)iscas.ac.cn> nilfs2: add pointer check for nilfs_direct_propagate() Murad Masimov <m.masimov(a)mt-integration.ru> ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check return result of sb_min_blocksize Barnabás Czémán <barnabas.czeman(a)mainlining.org> soc: qcom: smp2p: Fix fallback to qcom,ipc parse Prasanth Babu Mantena <p-mantena(a)ti.com> arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Add uartd serial alias for Jetson TX1 module Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Drop remaining serial clock-names and reset-names Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Update eMMC for NanoPi R5 series Andre Przywara <andre.przywara(a)arm.com> arm64: dts: allwinner: a100: set maximum MMC frequency Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e001de-devkit: Fix pin config for USB0 retimer vregs Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e001de-devkit: Describe USB retimers resets pin configs Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Add missing 'compatible' property to regulators node Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> arm64: dts: mediatek: mt8390-genio-common: Set ssusb2 default dual role mode to host Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix RTC capacitive load Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mt8183: Add port node to mt8183.dtsi André Draszik <andre.draszik(a)linaro.org> firmware: exynos-acpm: silence EPROBE_DEFER error on boot André Draszik <andre.draszik(a)linaro.org> firmware: exynos-acpm: fix reading longer results Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8188: Fix IOMMU device for rdma0 Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: at91sam9263: fix NAND chip selects Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: Add missing uart3 interrupt for RK3528 Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Tingguo Cheng <quic_tingguoc(a)quicinc.com> arm64: dts: qcom: qcs615: remove disallowed property in spmi bus node Varadarajan Narayanan <quic_varada(a)quicinc.com> arm64: dts: qcom: ipq9574: Fix USB vdd info Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Jyothi Kumar Seerapu <quic_jseerapu(a)quicinc.com> arm64: dts: qcom: sm8750: Correct clocks property for uart14 node Xilin Wu <wuxilin123(a)gmail.com> arm64: dts: qcom: sm8250: Fix CPU7 opp table Maulik Shah <maulik.shah(a)oss.qualcomm.com> arm64: dts: qcom: sm8750: Fix cluster hierarchy for idle states Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> arm64: dts: qcom: ipq9574: fix the msi interrupt numbers of pcie3 Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: refactor node order Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove wifi Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8550: add missing cpu-cfg interconnect path in the mdss node Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8550: use ICC tag for all interconnect phandles Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: qcs8300: Partially revert "arm64: dts: qcom: qcs8300: add QCrypto nodes" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sa8775p: Partially revert "arm64: dts: qcom: sa8775p: add QCrypto nodes" Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures Mark Kettenis <kettenis(a)openbsd.org> arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to correct check conditions in f2fs_cross_rename Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: use d_inode(dentry) cleanup dentry->d_inode Chao Yu <chao(a)kernel.org> f2fs: fix to skip f2fs_balance_fs() if checkpoint is disabled Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Faicker Mo <faicker.mo(a)zenlayer.com> net: openvswitch: Fix the dead loop of MPLS parse Kuniyuki Iwashima <kuniyu(a)amazon.com> calipso: Don't call calipso functions for AF_INET sk. Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Perform cache sync on send queue teardown Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Fix memory leak when using one step timestamping Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Fix PHY reset handling during initialization and WOL Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: phy: fix up const issues in to_mdio_device() and to_phy_device() Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: start tx queue on netdev open Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: airoha: Fix an error handling path in airoha_alloc_gdm_port() Wei Fang <wei.fang(a)nxp.com> net: phy: clear phydev->devlink when the link is deleted Yonghong Song <yonghong.song(a)linux.dev> bpf: Do not include stack ptr register in precision backtracking bookkeeping KaFai Wan <mannkafai(a)gmail.com> bpf: Avoid __bpf_prog_ret0_warn when jit fails Israel Rukshin <israelr(a)nvidia.com> virtio-pci: Fix result size returned for the admin command completion Stanislav Fomichev <stfomichev(a)gmail.com> af_packet: move notifier's packet_dev_mc out of rcu critical section Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 Jack Morgenstein <jackm(a)nvidia.com> RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Stefano Garzarella <sgarzare(a)redhat.com> vsock/virtio: fix `rx_bytes` accounting for stream sockets Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Send Link events one by one Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: aqc111: fix error handling of usbnet read calls Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: lock the correct mp_state during reset Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_tunnel: fix geneve_opt dump Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib: consistent l3mdev handling Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Avoid using sk_socket after free when sending Kees Cook <kees(a)kernel.org> Bluetooth: btintel: Check dsbr size from EFI variable Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Li RongQing <lirongqing(a)baidu.com> vfio/type1: Fix error unwind in migration dirty bitmap allocation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy Florian Westphal <fw(a)strlen.de> netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds Di Shen <di.shen(a)unisoc.com> bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: fix available_antennas setting Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix RX buffer size of MCU event Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix invalid NSS setting when TX path differs from NSS Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: set EHT max ampdu length capability Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix beamformee SS field Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: ensure all MCU commands wait for response Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: refine the sniffer commnad Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: prevent multiple scan commands Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() Feng Jiang <jiangfeng(a)kylinos.cn> wifi: mt76: scan: Fix 'mlink' dereferenced before IS_ERR_OR_NULL check Pauli Virtanen <pav(a)iki.fi> Bluetooth: separate CIS_LINK and BIS_LINK link types Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not using SID from adv report Qasim Ijaz <qasdev00(a)gmail.com> wifi: mt76: mt7996: avoid null deref in mt7996_stop_phy() Qasim Ijaz <qasdev00(a)gmail.com> wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() Qasim Ijaz <qasdev00(a)gmail.com> wifi: mt76: mt7996: prevent uninit return in mt7996_mac_sta_add_links Charles Han <hanchunchao(a)inspur.com> wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mt76: mt7925: Fix logical vs bitwise typo Michal Koutný <mkoutny(a)suse.com> kernfs: Relax constraint in draining guard Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix return code of bnxt_re_configure_cc Gautam R A <gautam-r.a(a)broadcom.com> RDMA/bnxt_re: Fix missing error handling for tx_queue Gautam R A <gautam-r.a(a)broadcom.com> RDMA/bnxt_re: Fix incorrect display of inactivity_cp in debugfs output Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: mpt3sas: Fix _ctl_get_mpt_mctp_passthru_adapter() to return IOC pointer ping.gao <ping.gao(a)samsung.com> scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Hao Chang <ot_chhao.chang(a)mediatek.com> pinctrl: mediatek: Fix the invalid conditions Toke Høiland-Jørgensen <toke(a)toke.dk> wifi: ath9k_htc: Abort software beacon handling if disabled Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix live migration function without VF device driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix the problem of uninstalling driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix cache write-back issue Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: add eq and aeq interruption restore Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: fix XQE dma address error Rajat Soni <quic_rajson(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Yingying Tang <quic_yintang(a)quicinc.com> wifi: ath12k: Reorder and relocate the release of resources in ath12k_core_deinit() P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Fix invalid RSSI values in station dump Rolf Eike Beer <eb(a)emlix.com> iommu: remove duplicate selection of DMAR_TABLE Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: configure manual DAC mode via PCI config API only Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Store backchain even for leaf progs Vincent Knecht <vincent.knecht(a)mailoo.org> clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Rob Herring (Arm) <robh(a)kernel.org> dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Tao Chen <chen.dylane(a)linux.dev> bpf: Fix WARN() in get_bpf_raw_tp_regs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: at91: Fix possible out-of-boundary access Lijuan Gao <quic_lijuang(a)quicinc.com> pinctrl: qcom: correct the ngpios entry for QCS8300 Lijuan Gao <quic_lijuang(a)quicinc.com> pinctrl: qcom: correct the ngpios entry for QCS615 Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in nlattr Jiayuan Chen <jiayuan.chen(a)linux.dev> ktls, sockmap: Fix missing uncharge operation Dan Carpenter <dan.carpenter(a)linaro.org> of: unittest: Unlock on error in unittest_data_add() Miaoqian Lin <linmq006(a)gmail.com> tracing: Fix error handling in event_trigger_parse() Steven Rostedt <rostedt(a)goodmis.org> tracing: Rename event_trigger_alloc() to trigger_data_alloc() Luis Gerhorst <luis.gerhorst(a)fau.de> selftests/bpf: Fix caps for __xlated/jited_unpriv Peilin Ye <yepeilin(a)google.com> selftests/bpf: Avoid passing out-of-range values to __retval() Hans Zhang <18255117159(a)163.com> efi/libstub: Describe missing 'out' parameter in efi_load_initrd Tomas Glozar <tglozar(a)redhat.com> rtla: Define _GNU_SOURCE in timerlat_bpf.c Ilan Peer <ilan.peer(a)intel.com> wifi: iwlfiwi: mvm: Fix the rate reporting Richard Fitzgerald <rf(a)opensource.cirrus.com> clk: test: Forward-declare struct of_phandle_args in kunit/clk.h Henry Martin <bsdhenrymartin(a)gmail.com> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() YiFei Zhu <zhuyifei(a)google.com> bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs Steven Rostedt <rostedt(a)goodmis.org> tracing: Move histogram trigger variables from stack to per CPU structure Qinxin Xia <xiaqinxin(a)huawei.com> iommu/arm-smmu-v3: Fix incorrect return in arm_smmu_attach_dev Anton Protopopov <a.s.protopopov(a)gmail.com> bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/cm: Drop lockdep assert and WARN when freeing old msg Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Zhongqiu Duan <dzq.aishenghu0(a)gmail.com> netfilter: nft_quota: match correctly when the quota just depleted Huajian Yang <huajianyang(a)asrmicro.com> netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Lorenzo Bianconi <lorenzo(a)kernel.org> bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in linker T.J. Mercier <tjmercier(a)google.com> selftests/bpf: Fix kmem_cache iterator draining David Howells <dhowells(a)redhat.com> crypto/krb5: Fix change to use SG miter to use offset Yi Zhang <yi.zhang(a)redhat.com> scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Chao Yu <chao(a)kernel.org> f2fs: zone: fix to calculate first_zoned_segno correctly Chao Yu <chao(a)kernel.org> f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Chao Yu <chao(a)kernel.org> f2fs: clean up w/ fscrypt_is_bounce_page() Hangbin Liu <liuhangbin(a)gmail.com> bonding: assign random address if device address is same as bond Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Protect against overflow in iommu_pgsize() Arnd Bergmann <arnd(a)arndb.de> iommu/io-pgtable-arm: dynamically allocate selftest device struct Arnd Bergmann <arnd(a)arndb.de> iommu: ipmmu-vmsa: avoid Wformat-security warning Jonathan Wiepert <jonathan.wiepert(a)gmail.com> Use thread-safe function pointer in libbpf_print Tao Chen <chen.dylane(a)linux.dev> libbpf: Remove sample_period init in perf_buffer Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: re-add IWL_AMSDU_8K case Feng Yang <yangfeng(a)kylinos.cn> libbpf: Fix event name too long error Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug Maharaja Kennadyrajan <maharaja.kennadyrajan(a)oss.qualcomm.com> wifi: ath12k: fix node corruption in ar->arvifs list Maharaja Kennadyrajan <maharaja.kennadyrajan(a)oss.qualcomm.com> wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com> wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: replace the usage of rx desc with rx_info P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: add rx_info to capture required field from rx descriptor P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: change the status update in the monitor Rx Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: Replace band define G with GHZ where appropriate P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Avoid fetch Error bitmap and decap format from Rx TLV P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Add extra TLV tag parsing support in monitor Rx path Ramasamy Kaliappan <quic_rkaliapp(a)quicinc.com> wifi: ath12k: Fix the QoS control field offset to build QoS header P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Add MSDU length validation for TKIP MIC error Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: fix invalid access to memory P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Handle error cases during extended skb allocation Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: do not ignore hardware read error during DPK Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT Cosmin Ratiu <cratiu(a)nvidia.com> bonding: Fix multiple long standing offload races Cosmin Ratiu <cratiu(a)nvidia.com> bonding: Mark active offloaded xfrm_states Cosmin Ratiu <cratiu(a)nvidia.com> xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free} Cosmin Ratiu <cratiu(a)nvidia.com> xfrm: Use xdo.dev instead of xdo.real_dev Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Avoid using xso.real_dev unnecessarily Viktor Malik <vmalik(a)redhat.com> libbpf: Fix buffer overflow in bpf_object__init_prog Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix GCPS 64-bit member variables Charles Han <hanchunchao(a)inspur.com> pinctrl: qcom: tlmm-test: Fix potential null dereference in tlmm kunit test Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5: HWS, Fix matcher action template attach Toke Høiland-Jørgensen <toke(a)redhat.com> page_pool: Track DMA-mapped pages and unmap them when destroying the pool Toke Høiland-Jørgensen <toke(a)redhat.com> page_pool: Move pp_magic check into helper functions Paolo Abeni <pabeni(a)redhat.com> udp: properly deal with xfrm encap and ADDRFORM Paolo Abeni <pabeni(a)redhat.com> udp_tunnel: use static call for GRO hooks when possible Paolo Abeni <pabeni(a)redhat.com> udp_tunnel: create a fastpath GRO lookup. Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sbi->total_valid_block_count yohan.joung <yohan.joung(a)sk.com> f2fs: prevent the current section from being selected as a victim during GC Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: clean up unnecessary indentation Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix ATH12K_FLAG_REGISTERED flag handling Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: fix SLUB BUG - Object already free in ath12k_reg_free() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: ath12k: Fix buffer overflow in debugfs Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Aaradhana Sahu <aaradhana.sahu(a)oss.qualcomm.com> wifi: ath12k: Resolve multicast packet drop by populating key_cipher in ath12k_install_key() Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: fix cleanup path after mhi init Christian Marangi <ansuelsmth(a)gmail.com> net: phy: mediatek: permit to compile test GE SOC PHY driver Chao Yu <chao(a)kernel.org> f2fs: zone: fix to avoid inconsistence in between SIT and SSA Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Fix panic when calling skb_linearize Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: fix duplicated data transmission Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf: fix ktls panic with sockmap Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix bpf_nf selftest failure Tao Chen <chen.dylane(a)linux.dev> bpf: Check link_create.flags parameter for multi_uprobe Tao Chen <chen.dylane(a)linux.dev> bpf: Check link_create.flags parameter for multi_kprobe Jacob Moroni <jmoroni(a)google.com> IB/cm: use rwlock for MAD agent lock P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Fix invalid memory access while forming 802.11 header P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Fix memory corruption during MLO multicast tx P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Fix memory leak during vdev_id mismatch Carlos Llamas <cmllamas(a)google.com> libbpf: Fix implicit memfd_create() for bionic Stone Zhang <quic_stonez(a)quicinc.com> wifi: ath11k: fix node corruption in ar->arvifs list Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix NULL access in assign channel context handler Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Use a decimal fifo to avoid u64 by u64 divide Miguel Ojeda <ojeda(a)kernel.org> drm/panic: clean Clippy warning Aradhya Bhatia <aradhya.bhatia(a)intel.com> drm/xe/guc: Make creation of SLPC debugfs files conditional Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Don't expose GuC privileged debugfs files if VF Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Refactor GuC debugfs initialization Roger Pau Monne <roger.pau(a)citrix.com> xen/x86: fix initial memory balloon target Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Reduce the number of rdma_rw contexts per-QP Detlev Casanova <detlev.casanova(a)collabora.com> media: verisilicon: Free post processor buffers on error AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: Fix kobject put for component sub-drivers AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Use the correct connector while computing the link BPP limit on MST Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> drm/msm/dp: Prepare for link training per-segment for LTTPRs Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> drm/msm/dp: Account for LTTPRs capabilities Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> drm/msm/dp: Fix support of LTTPR initialization Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Anand Moon <linux.amoon(a)gmail.com> perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: synopsys: hdmirx: Count dropped frames Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: synopsys: hdmirx: Renamed frame_idx to sequence Kees Cook <kees(a)kernel.org> scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Gustavo A. R. Silva <gustavoars(a)kernel.org> overflow: Fix direct struct member initialization in _DEFINE_FLEX() Mark Rutland <mark.rutland(a)arm.com> kselftest/arm64: fp-ptrace: Fix expected FPMR value when PSTATE.SM is changed Huang Yiwei <quic_hyiwei(a)quicinc.com> firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Don't check for NULL divisor in fixpt code Biju Das <biju.das.jz(a)bp.renesas.com> drm/tegra: rgb: Fix the unbound reference count Kees Cook <kees(a)kernel.org> drm/vkms: Adjust vkms_state->active_planes allocation type Biju Das <biju.das.jz(a)bp.renesas.com> drm: rcar-du: Fix memory leak in rcar_du_vsps_init() Dmitry Baryshkov <lumag(a)kernel.org> drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8953 Dmitry Baryshkov <lumag(a)kernel.org> drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8917 Dmitry Baryshkov <lumag(a)kernel.org> drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8937 Dmitry Baryshkov <lumag(a)kernel.org> drm/msm/dpu: enable SmartDMA on SC8180X Dmitry Baryshkov <lumag(a)kernel.org> drm/msm/dpu: enable SmartDMA on SM8150 Neill Kapron <nkapron(a)google.com> selftests/seccomp: fix syscall_restart test for arm compat Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused Kornel Dulęba <korneld(a)google.com> arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Miaoqian Lin <linmq006(a)gmail.com> firmware: psci: Fix refcount leak in psci_dt_init Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix macintosh_config for Mac II Kees Cook <kees(a)kernel.org> watchdog: exar: Shorten identity name to fit correctly Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit/usercopy: Disable u64 test on 32-bit SPARC Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Andrey Vatoropin <a.vatoropin(a)crpt.ru> fs/ntfs3: handle hdr_first_de() return value Jose Maria Casanova Crespo <jmcasanova(a)igalia.com> drm/v3d: client ranges from axi_ids are different with V3D 7.1 Jose Maria Casanova Crespo <jmcasanova(a)igalia.com> drm/v3d: fix client obtained from axi_ids on V3D 4.1 Maíra Canal <mcanal(a)igalia.com> drm/v3d: Associate a V3D tech revision to all supported devices Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() Casey Connolly <casey.connolly(a)linaro.org> drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Refine Cleaner Shader MEC firmware version for GFX10.1.x GPUs Hongbo Yao <andy.xu(a)hj-micro.com> perf: arm-ni: Fix missing platform_set_drvdata() Hongbo Yao <andy.xu(a)hj-micro.com> perf: arm-ni: Unregister PMUs on probe failure Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix the panthor_gpu_coherency_init() error path Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Fix incorrect size of ERT_START_NPU commands Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Update panthor_mmu::irq::mask when needed Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Call panthor_gpu_coherency_init() after PM resume() Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Fix merging of FPSIMD state during signal return Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Reset FPMR upon exec() Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid RES0 bits in the SME trap handler Jonas Karlman <jonas(a)kwiboo.se> media: rkvdec: Fix frame size enumeration Charles Han <hanchunchao(a)inspur.com> drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Retry pv-muxing tests when EDEADLK Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Stop allocating the state in test init Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Use return instead of assert Badal Nilawar <badal.nilawar(a)intel.com> drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Stefan Wahren <wahrenst(a)gmx.net> drm/vc4: hdmi: Call HDMI hotplug helper on disconnect Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix dumb buffer leak Vignesh Raman <vignesh.raman(a)collabora.com> drm/ci: fix merge request rules Arnd Bergmann <arnd(a)arndb.de> drm: xlnx: zynqmp_dpsub: fix Kconfig dependencies for ASoC Keisuke Nishimura <keisuke.nishimura(a)inria.fr> drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Add seqno waiter for sync_files Alexandre Ghiti <alexghiti(a)rivosinc.com> ACPI: platform_profile: Avoid initializing on non-ACPI platforms Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> ALSA: core: fix up bus match const issues. David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Don't use bluefield_edac_readl() result on error Martin Povišer <povik+lin(a)cutebit.org> ASoC: apple: mca: Constrain channels according to TDM mask Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix maximum DMA transfer size Armin Wolf <W_Armin(a)gmx.de> ACPI: thermal: Execute _SCP before reading trip points Armin Wolf <W_Armin(a)gmx.de> ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: validate user/chip specific ECC properties Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: use kmalloc() for OOB buffer allocation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Print PM debug messages during hibernation Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Fix unbalanced pm_runtime by using devm_ API Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Mingcong Bai <jeffbai(a)aosc.io> ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Zijun Hu <quic_zijuhu(a)quicinc.com> PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: add missing acp descriptor field Thorsten Blum <thorsten.blum(a)linux.dev> ASoC: Intel: avs: Fix kcalloc() sizes Kees Cook <kees(a)kernel.org> ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type Benson Leung <bleung(a)chromium.org> platform/chrome: cros_ec_typec: Set Pin Assignment E in DP PORT VDO Dan Carpenter <dan.carpenter(a)linaro.org> power: supply: max77705: Fix workqueue error handling in probe Yaxiong Tian <tianyaxiong(a)kylinos.cn> PM: EM: Fix potential division-by-zero error in em_compute_costs() Alexander Shiyan <eagle.alexander923(a)gmail.com> power: reset: at91-reset: Optimize at91_reset() Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: modify chip select (CS) deactivation Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: remove redundant error handling code Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: fix integer overflow in i{64,}toa_r() and Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: properly align dirent buffer Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Fix general protection fault Julien Massot <julien.massot(a)collabora.com> ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Enable main IRQs Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Reinit cache on part reset Jemmy Wong <jemmywong512(a)gmail.com> tools/nolibc/types.h: fix mismatched parenthesis in minor() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Redo lookup on EEXIST Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't start unnecessary transactions during log flush Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move gfs2_trans_add_databufs Tzung-Bi Shih <tzungbi(a)kernel.org> kunit: Fix wrong parameter to kunit_deactivate_static_stub() Xuewen Yan <xuewen.yan(a)unisoc.com> sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - move fallback ahash_request to the end of the struct Herbert Xu <herbert(a)gondor.apana.org.au> crypto: xts - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lrw - Only add ecb if it is not already there Yongliang Gao <leonylgao(a)tencent.com> rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Filipe Manana <fdmanana(a)suse.com> btrfs: fix wrong start offset for delalloc space release during mmap write Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid data space release when truncating block in NOCOW mode Qu Wenruo <wqu(a)suse.com> btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update device stats when an error is detected Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Sheng Yong <shengyong1(a)xiaomi.com> erofs: avoid using multiple devices with different type Hongbo Li <lihongbo22(a)huawei.com> erofs: fix file handle encoding for 64-bit NIDs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Avoid empty transfer descriptor Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Handle zero-length skcipher requests Nícolas F. R. A. Prado <nfraprado(a)collabora.com> kselftest: cpufreq: Get rid of double suspend in rtcwake case Yu Kuai <yukuai3(a)huawei.com> brd: fix discard end sector Yu Kuai <yukuai3(a)huawei.com> brd: fix aligned_sector from brd_do_discard() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> x86/insn: Fix opcode map (!REX2) superscript tags Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Sanitize CPUID(0x80000000) output Zizhi Wo <wozizhi(a)huawei.com> blk-throttle: Fix wrong tg->[bytes/io]_disp update in __tg_update_carryover() Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - undo runtime PM changes during driver removal Nam Cao <namcao(a)linutronix.de> selftests: coredump: Raise timeout to 2 minutes Nam Cao <namcao(a)linutronix.de> selftests: coredump: Fix test failure for slow machines Nam Cao <namcao(a)linutronix.de> selftests: coredump: Properly initialize pointer Annie Li <jiayanli(a)google.com> x86/microcode/AMD: Do not return error when microcode update is not necessary John Stultz <jstultz(a)google.com> sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Eddie James <eajames(a)linux.ibm.com> powerpc/crash: Fix non-smp kexec preparation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> powerpc: do not build ppc_save_regs.o always Corentin Labbe <clabbe.montjoie(a)gmail.com> crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Qing Wang <wangqing7171(a)gmail.com> perf/core: Fix broken throttling when max_samples_per_tick=1 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: deallocate inodes in gfs2_create_inode Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move gfs2_dinode_dealloc Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: gfs2_create_inode error handling fix Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: replace sd_aspace with sd_inode Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Prevent UMC counters from saturating Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member David Gow <davidgow(a)google.com> kunit: qemu_configs: Disable faulting tests on 32-bit SPARC Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y Herbert Xu <herbert(a)gondor.apana.org.au> crypto: zynqmp-sha - Add locking Lukas Wunner <lukas(a)wunner.de> crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY Lukas Wunner <lukas(a)wunner.de> crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY Peter Zijlstra <peterz(a)infradead.org> sched: Fix trace_sched_switch(.prev_state) Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Do not clobber req->base.data Andrew Cooper <andrew.cooper3(a)citrix.com> x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Fix error handling ------------- Diffstat: .../regulator/mediatek,mt6357-regulator.yaml | 12 +- .../devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/gpu/xe/index.rst | 1 + Documentation/gpu/xe/xe_gt_freq.rst | 14 + Documentation/misc-devices/lis3lv02d.rst | 6 +- Documentation/netlink/specs/rt_link.yaml | 68 +++- Documentation/networking/xfrm_device.rst | 10 +- Makefile | 4 +- arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 +- arch/arm/boot/dts/microchip/tny_a9263.dts | 2 +- arch/arm/boot/dts/microchip/usb_a9263.dts | 4 +- arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +++-- arch/arm/mach-aspeed/Kconfig | 1 - arch/arm64/Kconfig | 6 +- arch/arm64/boot/dts/allwinner/sun50i-a100.dtsi | 3 + .../arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 + .../arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 + .../boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 - arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 + arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 +-- .../boot/dts/mediatek/mt8390-genio-common.dtsi | 12 +- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 - arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 - arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 + arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 +- arch/arm64/boot/dts/qcom/ipq9574.dtsi | 16 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 19 +- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 +- arch/arm64/boot/dts/qcom/qcs615.dtsi | 17 +- arch/arm64/boot/dts/qcom/qcs8300.dtsi | 12 - arch/arm64/boot/dts/qcom/sa8775p.dtsi | 11 - .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 - .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 + .../arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 + .../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 391 ++++++++++++++------- arch/arm64/boot/dts/qcom/sm8650.dtsi | 82 +++-- arch/arm64/boot/dts/qcom/sm8750.dtsi | 26 +- arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 44 +++ .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 + .../dts/renesas/white-hawk-ard-audio-da7212.dtso | 2 +- arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 8 +- .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 12 - arch/arm64/boot/dts/rockchip/rk3528.dtsi | 3 +- arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 + .../arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 +- .../boot/dts/ti/k3-j721e-common-proc-board.dts | 1 + arch/arm64/configs/defconfig | 3 + arch/arm64/include/asm/esr.h | 12 +- arch/arm64/kernel/fpsimd.c | 21 +- arch/arm64/xen/hypercall.S | 21 +- arch/m68k/mac/config.c | 2 +- .../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 + arch/powerpc/kernel/Makefile | 2 - arch/powerpc/kexec/crash.c | 5 +- arch/powerpc/platforms/book3s/vas-api.c | 9 + arch/powerpc/platforms/powernv/memtrace.c | 8 +- arch/powerpc/platforms/pseries/iommu.c | 2 +- arch/riscv/kernel/traps_misaligned.c | 4 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/kernel/uv.c | 85 ++++- arch/s390/net/bpf_jit_comp.c | 12 +- arch/um/os-Linux/sigio.c | 3 +- arch/x86/events/amd/uncore.c | 36 +- arch/x86/hyperv/hv_init.c | 33 ++ arch/x86/hyperv/hv_vtl.c | 44 +-- arch/x86/hyperv/ivm.c | 22 +- arch/x86/include/asm/mshyperv.h | 6 +- arch/x86/include/asm/mwait.h | 9 +- arch/x86/include/asm/sighandling.h | 22 ++ arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/microcode/core.c | 2 + arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/ioport.c | 13 +- arch/x86/kernel/irq.c | 2 +- arch/x86/kernel/process.c | 15 +- arch/x86/kernel/signal_32.c | 4 + arch/x86/kernel/signal_64.c | 4 + arch/x86/lib/x86-opcode-map.txt | 50 +-- arch/x86/mm/init_32.c | 3 - arch/x86/mm/init_64.c | 3 - block/blk-integrity.c | 7 +- block/blk-throttle.c | 22 +- block/blk-zoned.c | 7 +- block/elevator.c | 3 +- crypto/api.c | 13 +- crypto/asymmetric_keys/public_key.c | 13 +- crypto/ecdsa-p1363.c | 6 +- crypto/ecdsa-x962.c | 5 +- crypto/ecdsa.c | 2 +- crypto/ecrdsa.c | 2 +- crypto/krb5/rfc3961_simplified.c | 1 + crypto/lrw.c | 4 +- crypto/rsassa-pkcs1.c | 2 +- crypto/sig.c | 9 +- crypto/xts.c | 4 +- drivers/accel/amdxdna/aie2_message.c | 6 +- drivers/accel/amdxdna/aie2_msg_priv.h | 10 +- drivers/accel/amdxdna/aie2_psp.c | 4 +- drivers/accel/ivpu/ivpu_job.c | 8 +- drivers/acpi/acpica/exserial.c | 6 + drivers/acpi/apei/Kconfig | 1 + drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/cppc_acpi.c | 2 +- drivers/acpi/osi.c | 1 - drivers/acpi/platform_profile.c | 3 + drivers/acpi/resource.c | 2 +- drivers/acpi/thermal.c | 10 +- drivers/base/power/main.c | 3 +- drivers/base/power/runtime.c | 44 +++ drivers/block/brd.c | 11 +- drivers/block/loop.c | 8 +- drivers/bluetooth/btintel.c | 10 +- drivers/bluetooth/btintel_pcie.c | 31 +- drivers/bluetooth/btintel_pcie.h | 10 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 12 +- drivers/char/Kconfig | 2 +- drivers/clk/bcm/clk-raspberrypi.c | 2 + drivers/clk/qcom/camcc-sm6350.c | 18 + drivers/clk/qcom/dispcc-sm6350.c | 3 + drivers/clk/qcom/gcc-msm8939.c | 4 +- drivers/clk/qcom/gcc-sm6350.c | 6 + drivers/clk/qcom/gpucc-sm6350.c | 6 + drivers/counter/interrupt-cnt.c | 9 + .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- .../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 6 +- drivers/crypto/marvell/cesa/cipher.c | 3 + drivers/crypto/marvell/cesa/hash.c | 2 +- drivers/crypto/xilinx/zynqmp-sha.c | 18 +- drivers/dma/ti/k3-udma.c | 3 +- drivers/edac/bluefield_edac.c | 20 +- drivers/edac/i10nm_base.c | 35 +- drivers/edac/skx_common.c | 1 + drivers/edac/skx_common.h | 11 +- drivers/firmware/Kconfig | 1 - drivers/firmware/arm_sdei.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 1 + drivers/firmware/psci/psci.c | 4 +- drivers/firmware/samsung/exynos-acpm-pmic.c | 16 +- drivers/firmware/samsung/exynos-acpm.c | 11 +- drivers/fpga/tests/fpga-mgr-test.c | 1 + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 +- .../gpu/drm/amd/amdgpu/gfx_v10_0_cleaner_shader.h | 6 +- .../drm/amd/amdgpu/gfx_v10_1_10_cleaner_shader.asm | 13 +- drivers/gpu/drm/amd/display/dc/basics/fixpt31_32.c | 5 - .../gpu/drm/amd/display/dc/sspl/spl_fixpt31_32.c | 4 - .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 + drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 58 +-- drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/ci/gitlab-ci.yml | 19 +- drivers/gpu/drm/display/drm_hdmi_audio_helper.c | 3 +- drivers/gpu/drm/drm_panic_qr.rs | 71 ++-- drivers/gpu/drm/i915/display/intel_dp.c | 7 +- drivers/gpu/drm/i915/display/intel_dp.h | 1 + drivers/gpu/drm/i915/display/intel_dp_mst.c | 5 +- drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 +- drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 16 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 2 +- drivers/gpu/drm/meson/meson_vclk.c | 55 +-- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 - .../drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2 - .../drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1 - .../drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 2 - .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 +- drivers/gpu/drm/msm/dp/dp_display.c | 27 +- drivers/gpu/drm/msm/dp/dp_link.h | 4 + drivers/gpu/drm/msm/dp/dp_panel.c | 12 +- drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 +- drivers/gpu/drm/panel/panel-simple.c | 5 +- drivers/gpu/drm/panthor/panthor_device.c | 8 +- drivers/gpu/drm/panthor/panthor_mmu.c | 1 + drivers/gpu/drm/panthor/panthor_regs.h | 4 +- drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 +- drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/v3d/v3d_debugfs.c | 116 +++--- drivers/gpu/drm/v3d/v3d_drv.c | 22 +- drivers/gpu/drm/v3d/v3d_drv.h | 11 +- drivers/gpu/drm/v3d/v3d_gem.c | 10 +- drivers/gpu/drm/v3d/v3d_irq.c | 64 +++- drivers/gpu/drm/v3d/v3d_perfmon.c | 4 +- drivers/gpu/drm/v3d/v3d_sched.c | 6 +- drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 +- drivers/gpu/drm/vc4/tests/vc4_test_pv_muxing.c | 154 +++++++- drivers/gpu/drm/vc4/vc4_hdmi.c | 16 +- drivers/gpu/drm/vkms/vkms_crtc.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 ++ drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 +- drivers/gpu/drm/xe/Kconfig | 3 +- drivers/gpu/drm/xe/xe_bo.c | 48 ++- drivers/gpu/drm/xe/xe_gt_freq.c | 5 + drivers/gpu/drm/xe/xe_guc_debugfs.c | 167 +++++---- drivers/gpu/drm/xe/xe_lrc.c | 24 +- drivers/gpu/drm/xe/xe_pci.c | 1 + drivers/gpu/drm/xe/xe_pxp.c | 8 +- drivers/gpu/drm/xe/xe_vm.c | 19 +- drivers/gpu/drm/xe/xe_vm.h | 69 ++++ drivers/gpu/drm/xe/xe_vm_types.h | 8 + drivers/gpu/drm/xlnx/Kconfig | 1 + drivers/hid/Kconfig | 2 + drivers/hid/hid-hyperv.c | 4 +- .../intel-thc-hid/intel-quicki2c/pci-quicki2c.c | 7 +- drivers/hid/usbhid/hid-core.c | 25 +- drivers/hwmon/asus-ec-sensors.c | 4 + drivers/hwtracing/coresight/coresight-catu.c | 27 +- drivers/hwtracing/coresight/coresight-catu.h | 1 + drivers/hwtracing/coresight/coresight-config.h | 2 +- drivers/hwtracing/coresight/coresight-core.c | 21 +- drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 5 +- .../hwtracing/coresight/coresight-etm4x-sysfs.c | 4 +- drivers/hwtracing/coresight/coresight-funnel.c | 3 +- drivers/hwtracing/coresight/coresight-replicator.c | 3 +- drivers/hwtracing/coresight/coresight-stm.c | 2 +- drivers/hwtracing/coresight/coresight-syscfg.c | 51 ++- drivers/hwtracing/coresight/coresight-tmc-core.c | 2 +- drivers/hwtracing/coresight/coresight-tmc-etf.c | 11 +- drivers/hwtracing/coresight/coresight-tpiu.c | 2 +- drivers/iio/adc/ad4851.c | 14 +- drivers/iio/adc/ad7124.c | 4 +- drivers/iio/adc/mcp3911.c | 39 +- drivers/iio/adc/pac1934.c | 2 +- drivers/iio/dac/adi-axi-dac.c | 8 + drivers/iio/filter/admv8818.c | 230 +++++++++--- drivers/infiniband/core/cm.c | 19 +- drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/hw/bnxt_re/debugfs.c | 20 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 1 - drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 - drivers/infiniband/hw/mlx5/qpc.c | 30 +- drivers/infiniband/sw/rxe/rxe_qp.c | 7 +- drivers/iommu/Kconfig | 1 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/iommu/io-pgtable-arm.c | 13 +- drivers/iommu/iommu.c | 4 +- drivers/iommu/ipmmu-vmsa.c | 3 +- drivers/mailbox/Kconfig | 4 +- drivers/mailbox/imx-mailbox.c | 21 +- drivers/mailbox/mtk-cmdq-mailbox.c | 51 ++- drivers/md/dm-core.h | 1 + drivers/md/dm-flakey.c | 70 ++-- drivers/md/dm-table.c | 67 +++- drivers/md/dm-zone.c | 86 +++-- drivers/md/dm.c | 36 +- drivers/md/dm.h | 6 + drivers/md/raid1-10.c | 10 + drivers/md/raid1.c | 19 +- drivers/md/raid10.c | 11 +- .../media/platform/synopsys/hdmirx/snps_hdmirx.c | 14 +- .../media/platform/verisilicon/hantro_postproc.c | 4 +- drivers/mfd/exynos-lpass.c | 31 +- drivers/mfd/stmpe-spi.c | 2 +- drivers/misc/lis3lv02d/Kconfig | 4 +- drivers/misc/mei/vsc-tp.c | 4 +- drivers/misc/vmw_vmci/vmci_host.c | 11 +- drivers/mtd/nand/ecc-mxic.c | 2 +- drivers/net/bonding/bond_main.c | 144 ++++---- drivers/net/dsa/b53/b53_common.c | 92 ++--- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/dsa/b53/b53_regs.h | 7 + drivers/net/dsa/bcm_sf2.c | 1 + drivers/net/ethernet/airoha/airoha_eth.c | 23 +- drivers/net/ethernet/airoha/airoha_eth.h | 10 + drivers/net/ethernet/airoha/airoha_ppe.c | 32 +- drivers/net/ethernet/airoha/airoha_regs.h | 10 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 20 +- .../chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 18 +- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 + drivers/net/ethernet/intel/e1000/e1000_main.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +- drivers/net/ethernet/intel/iavf/iavf.h | 1 - drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 29 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 302 ++++++---------- drivers/net/ethernet/intel/iavf/iavf_virtchnl.c | 17 + drivers/net/ethernet/intel/ice/ice_main.c | 47 ++- drivers/net/ethernet/intel/ice/ice_ptp.c | 1 + drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++++++-- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +- .../net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 +-- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 - drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 41 ++- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 21 +- .../net/ethernet/marvell/octeontx2/af/mcs_rvu_if.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_rep.c | 2 + .../ethernet/marvell/octeontx2/nic/cn10k_ipsec.c | 18 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 +- .../net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 ++ drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 + drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 28 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 + .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +- .../mellanox/mlx5/core/steering/hws/action.c | 14 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 55 ++- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 9 +- .../mellanox/mlx5/core/steering/hws/definer.c | 3 + .../mellanox/mlx5/core/steering/hws/fs_hws.c | 3 + .../mellanox/mlx5/core/steering/hws/matcher.c | 48 ++- .../mellanox/mlx5/core/steering/hws/matcher.h | 4 + .../mellanox/mlx5/core/steering/hws/mlx5hws.h | 6 +- drivers/net/ethernet/microchip/lan743x_main.c | 15 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 7 + .../net/ethernet/microchip/lan966x/lan966x_main.h | 6 + .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 ++- .../ethernet/microchip/lan966x/lan966x_switchdev.c | 1 + .../net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 ++ drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 11 +- drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 +- drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 +- drivers/net/macsec.c | 40 ++- drivers/net/mctp/mctp-usb.c | 2 + drivers/net/netconsole.c | 3 +- drivers/net/netdevsim/ipsec.c | 15 +- drivers/net/netdevsim/netdev.c | 3 +- drivers/net/phy/mdio_bus.c | 12 + drivers/net/phy/mediatek/Kconfig | 3 +- drivers/net/phy/mscc/mscc_ptp.c | 20 +- drivers/net/phy/phy_caps.c | 18 +- drivers/net/phy/phy_device.c | 4 +- drivers/net/usb/aqc111.c | 10 +- drivers/net/vmxnet3/vmxnet3_drv.c | 26 ++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/ath/ath10k/snoc.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 37 +- drivers/net/wireless/ath/ath11k/core.h | 4 +- drivers/net/wireless/ath/ath11k/debugfs.c | 148 +------- drivers/net/wireless/ath/ath11k/debugfs.h | 10 +- drivers/net/wireless/ath/ath11k/mac.c | 92 ++++- drivers/net/wireless/ath/ath11k/mac.h | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 47 ++- drivers/net/wireless/ath/ath12k/core.c | 28 +- drivers/net/wireless/ath/ath12k/core.h | 19 +- drivers/net/wireless/ath/ath12k/debugfs.c | 4 +- .../net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 + drivers/net/wireless/ath/ath12k/dp.h | 2 + drivers/net/wireless/ath/ath12k/dp_mon.c | 351 +++++++++++++++--- drivers/net/wireless/ath/ath12k/dp_mon.h | 4 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 234 ++++++------ drivers/net/wireless/ath/ath12k/dp_rx.h | 29 +- drivers/net/wireless/ath/ath12k/dp_tx.c | 23 +- drivers/net/wireless/ath/ath12k/hal.c | 103 +++--- drivers/net/wireless/ath/ath12k/hal.h | 64 ++-- drivers/net/wireless/ath/ath12k/hal_desc.h | 3 +- drivers/net/wireless/ath/ath12k/hal_rx.h | 15 +- drivers/net/wireless/ath/ath12k/hw.c | 35 +- drivers/net/wireless/ath/ath12k/hw.h | 12 +- drivers/net/wireless/ath/ath12k/mac.c | 86 +++-- drivers/net/wireless/ath/ath12k/mhi.c | 7 +- drivers/net/wireless/ath/ath12k/pci.c | 17 +- drivers/net/wireless/ath/ath12k/pci.h | 4 +- drivers/net/wireless/ath/ath12k/reg.c | 4 + drivers/net/wireless/ath/ath12k/wmi.c | 39 +- drivers/net/wireless/ath/ath12k/wmi.h | 16 +- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 1 + drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 +- drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 + drivers/net/wireless/marvell/mwifiex/11n.c | 6 +- drivers/net/wireless/mediatek/mt76/channel.c | 4 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/eeprom.c | 1 + drivers/net/wireless/mediatek/mt76/mt7996/init.c | 14 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 23 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 4 + drivers/net/wireless/realtek/rtw88/coex.c | 2 +- drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 10 +- drivers/net/wireless/realtek/rtw89/fw.c | 2 +- drivers/net/wireless/realtek/rtw89/pci.c | 36 +- drivers/net/wwan/mhi_wwan_mbim.c | 9 +- drivers/net/wwan/t7xx/t7xx_netdev.c | 11 +- drivers/nvme/host/constants.c | 2 +- drivers/nvme/host/core.c | 1 - drivers/nvme/host/ioctl.c | 2 +- drivers/nvme/host/pr.c | 2 - drivers/nvme/target/core.c | 9 +- drivers/nvme/target/fcloop.c | 31 +- drivers/nvme/target/io-cmd-bdev.c | 9 +- drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/of/unittest.c | 10 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +- drivers/pci/controller/dwc/pci-imx6.c | 47 +++ drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 + drivers/pci/controller/pcie-apple.c | 4 +- drivers/pci/controller/pcie-rockchip.h | 7 +- drivers/pci/endpoint/pci-epf-core.c | 22 +- drivers/pci/hotplug/pci_hotplug_core.c | 69 ++++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 29 -- drivers/pci/hotplug/pciehp_hpc.c | 78 ++-- drivers/pci/pci-acpi.c | 23 +- drivers/pci/pci-driver.c | 6 - drivers/pci/pci.c | 15 +- drivers/pci/pci.h | 4 + drivers/pci/pcie/dpc.c | 66 ++-- drivers/pci/pwrctrl/core.c | 2 + drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 +- drivers/perf/arm-ni.c | 40 ++- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 +- drivers/phy/qualcomm/phy-qcom-qusb2.c | 27 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 +- drivers/pinctrl/mediatek/mtk-eint.c | 4 +- drivers/pinctrl/mediatek/mtk-eint.h | 2 +- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 7 +- drivers/pinctrl/pinctrl-at91.c | 6 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 + drivers/pinctrl/qcom/pinctrl-qcs615.c | 2 +- drivers/pinctrl/qcom/pinctrl-qcs8300.c | 2 +- drivers/pinctrl/qcom/tlmm-test.c | 1 + drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 +-- drivers/pinctrl/samsung/pinctrl-exynos.c | 266 ++++++++------ drivers/pinctrl/samsung/pinctrl-exynos.h | 8 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 21 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 8 +- drivers/pinctrl/sunxi/pinctrl-sunxi-dt.c | 8 +- drivers/platform/chrome/cros_ec_typec.c | 6 +- drivers/power/reset/at91-reset.c | 5 +- drivers/power/supply/max77705_charger.c | 20 +- drivers/ptp/ptp_private.h | 12 +- drivers/regulator/max20086-regulator.c | 6 +- drivers/remoteproc/qcom_wcnss_iris.c | 2 + drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 - drivers/remoteproc/ti_k3_r5_remoteproc.c | 118 ++++--- drivers/rpmsg/qcom_smd.c | 2 +- drivers/rtc/rtc-loongson.c | 8 + drivers/rtc/rtc-sh.c | 12 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 29 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 32 +- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 +- drivers/scsi/qedf/qedf_main.c | 2 +- drivers/scsi/scsi_transport_iscsi.c | 11 +- drivers/scsi/smartpqi/smartpqi_init.c | 4 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +- drivers/soc/qcom/smp2p.c | 2 +- drivers/soundwire/generic_bandwidth_allocation.c | 7 + drivers/spi/atmel-quadspi.c | 17 +- drivers/spi/spi-bcm63xx-hsspi.c | 2 +- drivers/spi/spi-bcm63xx.c | 2 +- drivers/spi/spi-omap2-mcspi.c | 30 +- drivers/spi/spi-qpic-snand.c | 44 ++- drivers/spi/spi-sh-msiof.c | 13 +- drivers/spi/spi-tegra210-quad.c | 24 +- drivers/staging/gpib/ines/ines_gpib.c | 2 +- drivers/staging/gpib/uapi/gpib_user.h | 2 +- drivers/staging/media/rkvdec/rkvdec.c | 10 +- drivers/thermal/mediatek/lvts_thermal.c | 16 +- drivers/thunderbolt/usb4.c | 4 +- drivers/tty/serial/8250/8250_omap.c | 25 +- drivers/tty/serial/milbeaut_usio.c | 5 +- drivers/tty/vt/vt_ioctl.c | 2 - drivers/ufs/core/ufs-mcq.c | 6 - drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-qcom.c | 92 ++++- drivers/usb/cdns3/cdnsp-gadget.c | 21 +- drivers/usb/cdns3/cdnsp-gadget.h | 4 + drivers/usb/class/usbtmc.c | 17 +- drivers/usb/core/hub.c | 16 +- drivers/usb/core/usb-acpi.c | 2 + drivers/usb/gadget/function/f_hid.c | 12 +- drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/misc/onboard_usb_dev.c | 111 +++++- drivers/usb/renesas_usbhs/common.c | 50 ++- drivers/usb/serial/bus.c | 2 +- drivers/usb/typec/bus.c | 2 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 +- drivers/usb/typec/tcpm/tcpm.c | 91 +++-- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 94 +++-- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 +- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/qcom-wled.c | 6 +- drivers/video/fbdev/core/fbcvt.c | 2 +- drivers/virtio/virtio_pci_modern.c | 13 +- drivers/watchdog/exar_wdt.c | 2 +- drivers/watchdog/lenovo_se30_wdt.c | 2 + drivers/xen/balloon.c | 13 +- fs/9p/vfs_addr.c | 6 +- fs/afs/write.c | 9 +- fs/btrfs/extent-io-tree.c | 6 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 7 +- fs/btrfs/scrub.c | 34 +- fs/btrfs/tree-log.c | 24 +- fs/cachefiles/io.c | 16 +- fs/ceph/addr.c | 6 +- fs/dax.c | 2 +- fs/erofs/fscache.c | 6 +- fs/erofs/super.c | 49 ++- fs/f2fs/data.c | 6 +- fs/f2fs/f2fs.h | 46 ++- fs/f2fs/gc.c | 3 + fs/f2fs/namei.c | 10 +- fs/f2fs/segment.c | 12 +- fs/f2fs/segment.h | 43 ++- fs/f2fs/super.c | 45 ++- fs/filesystems.c | 14 +- fs/gfs2/aops.c | 54 +-- fs/gfs2/aops.h | 3 +- fs/gfs2/bmap.c | 3 +- fs/gfs2/glock.c | 3 +- fs/gfs2/glops.c | 4 +- fs/gfs2/incore.h | 9 +- fs/gfs2/inode.c | 98 +++++- fs/gfs2/inode.h | 1 + fs/gfs2/log.c | 7 +- fs/gfs2/meta_io.c | 2 +- fs/gfs2/meta_io.h | 4 +- fs/gfs2/ops_fstype.c | 35 +- fs/gfs2/super.c | 90 +---- fs/gfs2/sys.c | 1 - fs/gfs2/trans.c | 21 ++ fs/gfs2/trans.h | 2 + fs/gfs2/xattr.c | 11 +- fs/gfs2/xattr.h | 2 +- fs/iomap/buffered-io.c | 2 + fs/kernfs/dir.c | 5 +- fs/kernfs/file.c | 3 +- fs/mount.h | 5 - fs/namespace.c | 122 ++++--- fs/netfs/buffered_read.c | 32 +- fs/netfs/buffered_write.c | 2 +- fs/netfs/direct_read.c | 13 +- fs/netfs/direct_write.c | 12 +- fs/netfs/fscache_io.c | 10 +- fs/netfs/internal.h | 42 ++- fs/netfs/main.c | 1 + fs/netfs/misc.c | 219 ++++++++++++ fs/netfs/objects.c | 48 +-- fs/netfs/read_collect.c | 185 ++-------- fs/netfs/read_pgpriv2.c | 4 +- fs/netfs/read_retry.c | 26 +- fs/netfs/read_single.c | 6 +- fs/netfs/write_collect.c | 81 ++--- fs/netfs/write_issue.c | 38 +- fs/netfs/write_retry.c | 19 +- fs/nfs/fscache.c | 1 + fs/nfs/localio.c | 45 +-- fs/nfs/nfs4proc.c | 32 +- fs/nfs/super.c | 19 + fs/nfs_common/nfslocalio.c | 101 ++++-- fs/nfsd/filecache.c | 32 +- fs/nfsd/filecache.h | 3 +- fs/nfsd/localio.c | 70 +++- fs/nilfs2/btree.c | 4 +- fs/nilfs2/direct.c | 3 + fs/ntfs3/index.c | 8 + fs/ntfs3/inode.c | 5 + fs/ocfs2/quota_local.c | 2 +- fs/pidfs.c | 2 +- fs/pnode.c | 4 +- fs/smb/client/cifsproto.h | 3 +- fs/smb/client/cifssmb.c | 24 +- fs/smb/client/file.c | 19 +- fs/smb/client/smb2pdu.c | 4 +- fs/squashfs/super.c | 5 + fs/xfs/xfs_aops.c | 22 +- fs/xfs/xfs_discard.c | 17 +- include/crypto/sig.h | 2 +- include/hyperv/hvgdk_mini.h | 2 +- include/kunit/clk.h | 1 + include/linux/arm_sdei.h | 4 +- include/linux/bio.h | 2 +- include/linux/bpf_verifier.h | 12 +- include/linux/bvec.h | 7 +- include/linux/coresight.h | 2 +- include/linux/execmem.h | 8 +- include/linux/exportfs.h | 10 + include/linux/fscache.h | 2 +- include/linux/hid.h | 3 +- include/linux/ieee80211.h | 79 ++++- include/linux/iomap.h | 5 +- include/linux/mdio.h | 5 +- include/linux/mlx5/driver.h | 1 + include/linux/mm.h | 58 +++ include/linux/mount.h | 78 ++-- include/linux/netdevice.h | 10 +- include/linux/netfs.h | 15 +- include/linux/nfslocalio.h | 26 +- include/linux/nvme.h | 2 +- include/linux/overflow.h | 33 +- include/linux/pci-epf.h | 3 + include/linux/pci.h | 8 + include/linux/phy.h | 5 +- include/linux/pm_runtime.h | 4 + include/linux/poison.h | 4 + include/linux/udp.h | 16 + include/linux/virtio_vsock.h | 1 + include/net/bluetooth/hci.h | 3 +- include/net/bluetooth/hci_core.h | 50 ++- include/net/checksum.h | 2 +- include/net/netfilter/nft_fib.h | 9 + include/net/netns/ipv4.h | 11 + include/net/page_pool/types.h | 6 + include/net/sock.h | 7 +- include/net/udp.h | 1 + include/net/udp_tunnel.h | 15 + include/net/xfrm.h | 11 + include/sound/hdaudio.h | 4 +- include/sound/hdaudio_ext.h | 6 + include/trace/events/netfs.h | 8 +- include/uapi/drm/xe_drm.h | 5 + include/uapi/linux/bits.h | 4 +- include/uapi/linux/bpf.h | 4 +- io_uring/fdinfo.c | 12 +- io_uring/io_uring.c | 18 +- io_uring/register.c | 7 +- io_uring/sqpoll.c | 43 ++- io_uring/sqpoll.h | 8 +- kernel/bpf/core.c | 29 +- kernel/bpf/verifier.c | 18 +- kernel/events/core.c | 50 ++- kernel/power/energy_model.c | 4 + kernel/power/hibernate.c | 5 + kernel/power/main.c | 3 +- kernel/power/power.h | 4 + kernel/power/wakelock.c | 3 + kernel/rcu/tree.c | 10 +- kernel/rcu/tree.h | 2 +- kernel/rcu/tree_stall.h | 4 +- kernel/sched/core.c | 12 +- kernel/sched/ext_idle.c | 8 + kernel/sched/fair.c | 13 +- kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 10 +- kernel/trace/ring_buffer.c | 41 ++- kernel/trace/trace.h | 8 +- kernel/trace/trace_events_hist.c | 122 ++++++- kernel/trace/trace_events_trigger.c | 20 +- lib/Kconfig.ubsan | 2 + lib/iov_iter.c | 2 +- lib/kunit/static_stub.c | 2 +- lib/tests/usercopy_kunit.c | 1 + mm/execmem.c | 40 +-- mm/filemap.c | 20 +- mm/page_alloc.c | 8 +- net/9p/client.c | 6 +- net/bluetooth/eir.c | 17 +- net/bluetooth/eir.h | 2 +- net/bluetooth/hci_conn.c | 46 ++- net/bluetooth/hci_core.c | 50 +-- net/bluetooth/hci_event.c | 40 ++- net/bluetooth/hci_sync.c | 90 ++++- net/bluetooth/iso.c | 13 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/mgmt.c | 146 ++++---- net/bluetooth/mgmt_util.c | 34 +- net/bluetooth/mgmt_util.h | 4 +- net/bridge/netfilter/nf_conntrack_bridge.c | 12 +- net/core/dev.c | 2 +- net/core/filter.c | 5 +- net/core/net_namespace.c | 4 +- net/core/netmem_priv.h | 33 +- net/core/page_pool.c | 108 ++++-- net/core/rtnetlink.c | 2 +- net/core/skbuff.c | 16 +- net/core/skmsg.c | 53 +-- net/core/sock.c | 8 +- net/core/utils.c | 4 +- net/core/xdp.c | 4 +- net/dsa/tag_brcm.c | 2 +- net/ethtool/ioctl.c | 3 +- net/ipv4/netfilter/nft_fib_ipv4.c | 11 +- net/ipv4/udp.c | 44 ++- net/ipv4/udp_offload.c | 177 +++++++++- net/ipv4/udp_tunnel_core.c | 15 + net/ipv6/ila/ila_common.c | 6 +- net/ipv6/netfilter.c | 12 +- net/ipv6/netfilter/nft_fib_ipv6.c | 17 +- net/ipv6/seg6_local.c | 6 +- net/ipv6/udp.c | 2 + net/ipv6/udp_offload.c | 5 + net/mac80211/mlme.c | 7 +- net/mac80211/scan.c | 11 +- net/ncsi/internal.h | 21 +- net/ncsi/ncsi-pkt.h | 23 +- net/ncsi/ncsi-rsp.c | 21 +- net/netfilter/nf_nat_core.c | 12 +- net/netfilter/nft_quota.c | 20 +- net/netfilter/nft_set_pipapo.c | 58 ++- net/netfilter/nft_set_pipapo_avx2.c | 21 +- net/netfilter/nft_tunnel.c | 8 +- net/netfilter/xt_TCPOPTSTRIP.c | 4 +- net/netfilter/xt_mark.c | 2 +- net/netlabel/netlabel_kapi.c | 5 + net/openvswitch/flow.c | 2 +- net/packet/af_packet.c | 21 +- net/packet/internal.h | 1 + net/sched/sch_ets.c | 2 +- net/sched/sch_prio.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 5 +- net/sched/sch_tbf.c | 2 +- net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 +- net/tipc/crypto.c | 6 +- net/tls/tls_sw.c | 15 +- net/vmw_vsock/virtio_transport_common.c | 26 +- net/wireless/scan.c | 18 +- net/xfrm/xfrm_device.c | 6 +- net/xfrm/xfrm_state.c | 16 +- rust/Makefile | 14 +- rust/kernel/alloc/kvec.rs | 3 + rust/kernel/fs/file.rs | 1 + rust/kernel/list/arc.rs | 2 +- rust/kernel/miscdevice.rs | 2 +- rust/kernel/pci.rs | 15 +- scripts/gcc-plugins/gcc-common.h | 32 ++ scripts/gcc-plugins/randomize_layout_plugin.c | 40 +-- scripts/generate_rust_analyzer.py | 13 +- scripts/genksyms/genksyms.c | 27 +- sound/core/seq_device.c | 2 +- sound/hda/ext/hdac_ext_controller.c | 19 + sound/hda/hda_bus_type.c | 6 +- sound/pci/hda/hda_bind.c | 4 +- sound/soc/apple/mca.c | 23 ++ sound/soc/codecs/hda.c | 4 +- sound/soc/codecs/tas2764.c | 5 +- sound/soc/intel/avs/avs.h | 4 +- sound/soc/intel/avs/core.c | 51 ++- sound/soc/intel/avs/debugfs.c | 6 +- sound/soc/intel/avs/ipc.c | 4 +- sound/soc/intel/avs/loader.c | 11 +- sound/soc/intel/avs/path.c | 8 +- sound/soc/intel/avs/pcm.c | 129 +++++-- sound/soc/intel/avs/registers.h | 2 +- sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 +- sound/soc/sof/amd/pci-acp70.c | 1 + sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/ti/omap-hdmi.c | 7 +- sound/usb/implicit.c | 1 + sound/usb/midi.c | 3 +- tools/arch/x86/kcpuid/kcpuid.c | 47 ++- tools/arch/x86/lib/x86-opcode-map.txt | 50 +-- tools/bpf/bpftool/cgroup.c | 2 +- tools/bpf/resolve_btfids/Makefile | 2 +- tools/build/Makefile.feature | 4 - tools/include/nolibc/dirent.h | 3 +- tools/include/nolibc/stdlib.h | 4 +- tools/include/nolibc/types.h | 2 +- tools/include/uapi/linux/bpf.h | 4 +- tools/lib/bpf/bpf_core_read.h | 6 + tools/lib/bpf/libbpf.c | 57 +-- tools/lib/bpf/libbpf_internal.h | 9 + tools/lib/bpf/linker.c | 6 +- tools/lib/bpf/nlattr.c | 15 +- tools/objtool/check.c | 3 +- tools/perf/MANIFEST | 6 + tools/perf/Makefile.config | 6 +- tools/perf/Makefile.perf | 3 +- tools/perf/builtin-record.c | 2 +- tools/perf/builtin-trace.c | 11 +- tools/perf/scripts/python/exported-sql-viewer.py | 5 +- tools/perf/tests/shell/lib/stat_output.sh | 5 + tools/perf/tests/shell/stat+json_output.sh | 5 + tools/perf/tests/switch-tracking.c | 2 +- tools/perf/ui/browsers/hists.c | 2 +- tools/perf/util/intel-pt.c | 205 ++++++++++- tools/perf/util/machine.c | 6 +- tools/perf/util/pmu.c | 3 + tools/perf/util/symbol-minimal.c | 164 ++++----- tools/perf/util/thread.c | 8 +- tools/perf/util/thread.h | 2 +- tools/perf/util/tool_pmu.c | 8 +- tools/power/x86/turbostat/turbostat.c | 41 ++- tools/testing/kunit/qemu_configs/sparc.py | 2 + tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/arm64/fp/fp-ptrace.c | 14 +- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 + .../selftests/bpf/prog_tests/kmem_cache_iter.c | 2 +- .../selftests/bpf/progs/verifier_load_acquire.c | 40 ++- .../selftests/bpf/progs/verifier_store_release.c | 32 +- tools/testing/selftests/bpf/test_loader.c | 14 +- tools/testing/selftests/coredump/stackdump_test.c | 10 +- tools/testing/selftests/cpufreq/cpufreq.sh | 3 +- tools/testing/selftests/drivers/net/hw/tso.py | 4 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 13 +- tools/tracing/rtla/src/timerlat_bpf.c | 1 + 818 files changed, 10103 insertions(+), 5457 deletions(-)

7 hours, 5 minutes

8
787
0 0

[PATCH 5.15 0/2] fix LTP regression in fanotify22

by Amir Goldstein

Jan, I noticed that fanotify22, the FAN_FS_ERROR test has regressed in the 5.15.y stable tree. This is because commit d3476f3dad4a ("ext4: don't set SB_RDONLY after filesystem errors") was backported to 5.15.y and the later Fixes commit could not be cleanly applied to 5.15.y over the new mount api re-factoring. I am not sure it is critical to fix this regression, because it is mostly a regression in a test feature, but I think the backport is pretty simple, although I could be missing something. Please ACK if you agree that this backport should be applied to 5.15.y. Thanks, Amir. Amir Goldstein (2): ext4: make 'abort' mount option handling standard ext4: avoid remount errors with 'abort' mount option fs/ext4/ext4.h | 1 + fs/ext4/super.c | 15 +++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) -- 2.47.1

7 hours, 6 minutes

1
3
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function]...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function] in drivers/thermal/mediatek/lvts_thermal.o (drivers/thermal/mediatek/lvts_thermal.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:fb8aae5340da55b6254442f0858147bf5f0b39dc - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 519e0647630e07972733e99a0dc82065a65736ea Log excerpt: ===================================================== drivers/thermal/mediatek/lvts_thermal.c:262:13: error: ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function] 262 | static void lvts_debugfs_exit(struct lvts_domain *lvts_td) { } | ^~~~~~~~~~~~~~~~~ CC [M] drivers/watchdog/softdog.o cc1: all warnings being treated as errors ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/arm64/chromiumos-mediatek.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685194ac5c2cf25042b9c1a8 #kernelci issue maestro:fb8aae5340da55b6254442f0858147bf5f0b39dc Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 hours, 23 minutes

1
0
0 0

Request for backport of 358de8b4f201 to LTS kernels

by Chuck Lever

Hi Greg & Sasha ! I ran into some trouble in my nightly CI systems that test v6.6.y and v6.1.y. Using "make binrpm-pkg" followed by "rpm -iv ..." results in the test systems being unbootable because the vmlinuz file is never copied to /boot. The test systems are imaged with Fedora 39. I found a related Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=2239008 It appears there is a missing fix in LTS kernels. I bisected the kernel fix to: 358de8b4f201 ("kbuild: rpm-pkg: simplify installkernel %post") which includes a "Cc: stable" tag but does not appear in origin/linux-6.6.y, origin/linux-6.1.y, or origin/5.15.y (I did not look further back than that). Would it be appropriate to apply 358de8b4f201 to LTS kernels? -- Chuck Lever

7 hours, 58 minutes

2
3
0 0

FAILED: patch "[PATCH] kbuild: rpm-pkg: simplify installkernel %post" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 358de8b4f201bc05712484b15f0109b1ae3516a8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021932-lavish-expel-58e5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 358de8b4f201 ("kbuild: rpm-pkg: simplify installkernel %post") 0df8e9708594 ("scripts: clean up IA-64 code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 358de8b4f201bc05712484b15f0109b1ae3516a8 Mon Sep 17 00:00:00 2001 From: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> Date: Mon, 29 Jan 2024 10:28:19 +0100 Subject: [PATCH] kbuild: rpm-pkg: simplify installkernel %post The new installkernel application that is now included in systemd-udev package allows installation although destination files are already present in the boot directory of the kernel package, but is failing with the implemented workaround for the old installkernel application from grubby package. For the new installkernel application, as Davide says: <<The %post currently does a shuffling dance before calling installkernel. This isn't actually necessary afaict, and the current implementation ends up triggering downstream issues such as https://github.com/systemd/systemd/issues/29568 This commit simplifies the logic to remove the shuffling. For reference, the original logic was added in commit 3c9c7a14b627("rpm-pkg: add %post section to create initramfs and grub hooks").>> But we need to keep the old behavior as well, because the old installkernel application from grubby package, does not allow this simplification and we need to be backward compatible to avoid issues with the different packages. Mimic Fedora shipping process and store vmlinuz, config amd System.map in the module directory instead of the boot directory. In this way, we will avoid the commented problem for all the cases, because the new destination files are not going to exist in the boot directory of the kernel package. Replace installkernel tool with kernel-install tool, because the latter is more complete. Besides, after installkernel tool execution, check to complete if the correct package files vmlinuz, System.map and config files are present in /boot directory, and if necessary, copy manually for install operation. In this way, take into account if files were not previously copied from /usr/lib/kernel/install.d/* scripts and if the suitable files for the requested package are present (it could be others if the rpm files were replace with a new pacakge with the same release and a different build). Tested with Fedora 38, Fedora 39, RHEL 9, Oracle Linux 9.3, openSUSE Tumbleweed and openMandrive ROME, using dnf/zypper and rpm tools. cc: stable(a)vger.kernel.org Co-Developed-by: Davide Cavalca <dcavalca(a)meta.com> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/scripts/package/kernel.spec b/scripts/package/kernel.spec index 89298983a169..f58726671fb3 100644 --- a/scripts/package/kernel.spec +++ b/scripts/package/kernel.spec @@ -55,12 +55,12 @@ patch -p1 < %{SOURCE2} %{make} %{makeflags} KERNELRELEASE=%{KERNELRELEASE} KBUILD_BUILD_VERSION=%{release} %install -mkdir -p %{buildroot}/boot -cp $(%{make} %{makeflags} -s image_name) %{buildroot}/boot/vmlinuz-%{KERNELRELEASE} +mkdir -p %{buildroot}/lib/modules/%{KERNELRELEASE} +cp $(%{make} %{makeflags} -s image_name) %{buildroot}/lib/modules/%{KERNELRELEASE}/vmlinuz %{make} %{makeflags} INSTALL_MOD_PATH=%{buildroot} modules_install %{make} %{makeflags} INSTALL_HDR_PATH=%{buildroot}/usr headers_install -cp System.map %{buildroot}/boot/System.map-%{KERNELRELEASE} -cp .config %{buildroot}/boot/config-%{KERNELRELEASE} +cp System.map %{buildroot}/lib/modules/%{KERNELRELEASE} +cp .config %{buildroot}/lib/modules/%{KERNELRELEASE}/config ln -fns /usr/src/kernels/%{KERNELRELEASE} %{buildroot}/lib/modules/%{KERNELRELEASE}/build %if %{with_devel} %{make} %{makeflags} run-command KBUILD_RUN_COMMAND='${srctree}/scripts/package/install-extmod-build %{buildroot}/usr/src/kernels/%{KERNELRELEASE}' @@ -70,13 +70,14 @@ ln -fns /usr/src/kernels/%{KERNELRELEASE} %{buildroot}/lib/modules/%{KERNELRELEA rm -rf %{buildroot} %post -if [ -x /sbin/installkernel -a -r /boot/vmlinuz-%{KERNELRELEASE} -a -r /boot/System.map-%{KERNELRELEASE} ]; then -cp /boot/vmlinuz-%{KERNELRELEASE} /boot/.vmlinuz-%{KERNELRELEASE}-rpm -cp /boot/System.map-%{KERNELRELEASE} /boot/.System.map-%{KERNELRELEASE}-rpm -rm -f /boot/vmlinuz-%{KERNELRELEASE} /boot/System.map-%{KERNELRELEASE} -/sbin/installkernel %{KERNELRELEASE} /boot/.vmlinuz-%{KERNELRELEASE}-rpm /boot/.System.map-%{KERNELRELEASE}-rpm -rm -f /boot/.vmlinuz-%{KERNELRELEASE}-rpm /boot/.System.map-%{KERNELRELEASE}-rpm +if [ -x /usr/bin/kernel-install ]; then + /usr/bin/kernel-install add %{KERNELRELEASE} /lib/modules/%{KERNELRELEASE}/vmlinuz fi +for file in vmlinuz System.map config; do + if ! cmp --silent "/lib/modules/%{KERNELRELEASE}/${file}" "/boot/${file}-%{KERNELRELEASE}"; then + cp "/lib/modules/%{KERNELRELEASE}/${file}" "/boot/${file}-%{KERNELRELEASE}" + fi +done %preun if [ -x /sbin/new-kernel-pkg ]; then @@ -94,7 +95,6 @@ fi %defattr (-, root, root) /lib/modules/%{KERNELRELEASE} %exclude /lib/modules/%{KERNELRELEASE}/build -/boot/* %files headers %defattr (-, root, root)

8 hours, 44 minutes

2
3
0 0

[PATCH v2] sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

by Jeff Layton

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. Cc: stable(a)vger.kernel.org # v6.9+ Fixes: 29cd2927fb91 ("SUNRPC: Fix encoding of accepted but unsuccessful RPC replies") Reported-by: tianshuo han <hantianshuo233(a)gmail.com> Signed-off-by: Jeff Layton <jlayton(a)kernel.org> --- This should be more correct. Unfortunately, I don't know of any testcases for low-level RPC error handling. That seems like something that would be nice to do with pynfs or similar though. --- Changes in v2: - Fix endianness of rq_accept_statp assignment - Better describe the way the crash happens and how this fixes it - point Fixes: tag at correct patch - add Cc: stable tag --- net/sunrpc/svc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 939b6239df8ab6229ce34836d77d3a6b983fbbb7..99050ab1435148ac5d52b697ab1a771b9e948143 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1375,7 +1375,8 @@ svc_process_common(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - goto err_garbage_args; + rqstp->rq_auth_stat = rpc_autherr_badcred; + goto err_bad_auth; case SVC_SYSERR: goto err_system_err; case SVC_DENIED: @@ -1516,14 +1517,6 @@ svc_process_common(struct svc_rqst *rqstp) *rqstp->rq_accept_statp = rpc_proc_unavail; goto sendit; -err_garbage_args: - svc_printk(rqstp, "failed to decode RPC header\n"); - - if (serv->sv_stats) - serv->sv_stats->rpcbadfmt++; - *rqstp->rq_accept_statp = rpc_garbage_args; - goto sendit; - err_system_err: if (serv->sv_stats) serv->sv_stats->rpcbadfmt++; --- base-commit: 9afe652958c3ee88f24df1e4a97f298afce89407 change-id: 20250617-rpc-6-16-cc7a23e9c961 Best regards, -- Jeff Layton <jlayton(a)kernel.org>

8 hours, 56 minutes

2
1
0 0

[RFC PATCH 5.10 00/16] ITS mitigation for 5.10

by Pawan Gupta

This is the backport for Indirect Target Selection(ITS) mitigation for 5.10. This is only boot tested, so sending it as an RFC for now. I hope some bot picks this up for some at-scale testing. Meanwhile I am doing basic tests around ITS mitigation. In addition to commits in 5.15 ITS backport, below commits are required to make the ITS mitigation work on 5.10. These are the prime target of scrutiny: x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/alternatives: Introduce int3_emulate_jcc() x86/bhi: Define SPEC_CTRL_BHI_DIS_S --- Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Daniel Sneddon (1): x86/bhi: Define SPEC_CTRL_BHI_DIS_S Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Pawan Gupta (7): Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Fix undefined reference to cpu_wants_rethunk_at() x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs Peter Zijlstra (4): x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++ Documentation/admin-guide/kernel-parameters.txt | 15 + arch/x86/Kconfig | 11 + arch/x86/include/asm/alternative.h | 26 ++ arch/x86/include/asm/cpufeatures.h | 6 +- arch/x86/include/asm/msr-index.h | 13 +- arch/x86/include/asm/nospec-branch.h | 11 + arch/x86/include/asm/text-patching.h | 31 +++ arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++++++- arch/x86/kernel/cpu/common.c | 63 ++++- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/kprobes/core.c | 39 +-- arch/x86/kernel/module.c | 14 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 8 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 +++ arch/x86/net/bpf_jit_comp.c | 8 +- drivers/base/cpu.c | 8 + include/linux/cpu.h | 2 + include/linux/module.h | 5 + 25 files changed, 842 insertions(+), 73 deletions(-) --- base-commit: 01e7e36b8606e5d4fddf795938010f7bfa3aa277 change-id: 20250609-its-5-10-a656ce2e08ce Best regards, -- Pawan

9 hours, 11 minutes

2
18
0 0

6.12.y longterm regression - IPv6 UDP packet fragmentation

by Brett Sheffield

Hello Stable Maintainers, Longterm kernel 6.12.y backports commit: - a18dfa9925b9ef6107ea3aa5814ca3c704d34a8a "ipv6: save dontfrag in cork" but does not backport these related commits: - 54580ccdd8a9c6821fd6f72171d435480867e4c3 "ipv6: remove leftover ip6 cookie initializer" - 096208592b09c2f5fc0c1a174694efa41c04209d "ipv6: replace ipcm6_init calls with ipcm6_init_sk" This causes a regression when sending IPv6 UDP packets by preventing fragmentation and instead returning EMSGSIZE. I have attached a program which demonstrates the issue. sendmsg() returns correctly (8192) on a working kernel, and returns -1 (EMSGSIZE) when the regression is present. The regression is not present in the mainline kernel. Applying the two missing commits to 6.12.y fixes the regression. Cheers, Brett -- Brett Sheffield (he/him) Librecast - Decentralising the Internet with Multicast https://librecast.net/ https://blog.brettsheffield.com/

9 hours, 57 minutes

4
3
0 0

Tulip 21142 panic on physical link disconnect

by Greg Chandler

This is a from-scratch build (non-vendor/non-distribution) Host/Target = alpha ev6 Kernel source = 6.12.12 My last working kernel on this was a 2.6.x, it's been a while since I've had time to bring this system up to date, so I don't know when this may have started. I had a 3.0.102 in there, but I didn't test the networking while using it. Please let me know what I can do to help out with figuring this one out. The kernel output: [ 0.692382] net eth0: Digital DS21142/43 Tulip rev 65 at MMIO 0xa120000, 08:00:2b:86:ab:b1, IRQ 29 [ 0.710937] net eth1: Digital DS21142/43 Tulip rev 65 at MMIO 0xa121000, 08:00:2b:86:a8:5b, IRQ 30 [ 0.989257] e1000 0000:00:10.0 eth2: (PCI:33MHz:64-bit) 00:02:b3:f3:e6:3d [ 0.990233] e1000 0000:00:10.0 eth2: Intel(R) PRO/1000 Network Connection [ 6.088864] tulip 0000:00:09.0 eth126: renamed from eth0 [ 6.103512] tulip 0000:00:09.0 rename_eth126: renamed from eth126 [ 6.164059] e1000 0000:00:10.0 eth124: renamed from eth2 [ 6.172848] e1000 0000:00:10.0 eth0: renamed from eth124 [ 6.207028] tulip 0000:00:09.0 eth2: renamed from rename_eth126 [ 18.957998] net eth2: Using user-specified media 10baseT-FDX [ 19.082021] net eth2: 21143 10baseT link beat good I attempted to set the interface to 100MB/FDX with mii-tool but didn't seem to be having any luck, so I disconnected the cord, and it dropped this immediately: [ 195.170798] ------------[ cut here ]------------ [ 195.170798] WARNING: CPU: 0 PID: 0 at kernel/time/timer.c:1657 __timer_delete_sync+0x104/0x120 [ 195.170798] Modules linked in: loop [ 195.170798] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.12.12 #4 [ 195.170798] fffffc0000c83ab0 fffffc0000388c94 fffffc0000326744 fffffc0000afbee8 [ 195.170798] 0000000000000000 fffffc0000388c94 fffffc00009e0d70 0000000000000000 [ 195.170798] fffffc0000afbee8 0000000000000679 fffffc0000388c94 0000000000000009 [ 195.170798] fffffc0000cf9100 0000000000000000 fffffc0000388c94 0000000000000000 [ 195.170798] fffffc00020e6000 fffffc00020e73d0 fffffffff0669000 fffffd000a120000 [ 195.170798] fffffc00007cff70 fffffc00024b5c00 0000000000000000 0000000000000122 [ 195.170798] Trace: [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc0000326744>] __warn+0x194/0x1a0 [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc00009e0d70>] warn_slowpath_fmt+0x84/0xf0 [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc0000388c94>] __timer_delete_sync+0x104/0x120 [ 195.170798] [<fffffc00007cff70>] usb_hcd_poll_rh_status+0x140/0x1a0 [ 195.170798] [<fffffc0000919a2c>] tcp_orphan_update+0x6c/0x90 [ 195.170798] [<fffffc000038be64>] timekeeping_update+0xd4/0x290 [ 195.170798] [<fffffc0000780fdc>] t21142_lnk_change+0x1bc/0x790 [ 195.170798] [<fffffc000077a890>] tulip_interrupt+0x280/0xac0 [ 195.170798] [<fffffc0000372b90>] __handle_irq_event_percpu+0x60/0x180 [ 195.170798] [<fffffc0000372d30>] handle_irq_event_percpu+0x80/0xa0 [ 195.170798] [<fffffc0000372d98>] handle_irq_event+0x48/0xe0 [ 195.170798] [<fffffc0000377af0>] handle_level_irq+0xc0/0x1f0 [ 195.170798] [<fffffc0000315300>] handle_irq+0x70/0xe0 [ 195.170798] [<fffffc000031d6c0>] dp264_srm_device_interrupt+0x30/0x50 [ 195.170798] [<fffffc00003153dc>] do_entInt+0x6c/0x1c0 [ 195.170798] [<fffffc0000310cc0>] ret_from_sys_call+0x0/0x10 [ 195.170798] [<fffffc000035c69c>] pick_task_fair+0x3c/0x100 [ 195.170798] [<fffffc000035d89c>] task_non_contending+0x6c/0x2a0 [ 195.170798] [<fffffc000035fc28>] do_idle+0x58/0x190 [ 195.170798] [<fffffc00009eda20>] cpu_idle_poll.isra.0+0x0/0x60 [ 195.170798] [<fffffc00009eda50>] cpu_idle_poll.isra.0+0x30/0x60 [ 195.170798] [<fffffc0000360058>] cpu_startup_entry+0x38/0x50 [ 195.170798] [<fffffc00009edbc8>] rest_init+0xe8/0xec [ 195.170798] [<fffffc000031001c>] _stext+0x1c/0x20 [ 195.170798] [<fffffc0000312460>] common_shutdown_1+0x0/0x150 [ 195.170798] ---[ end trace 0000000000000000 ]--- Kernel options that may be relevant: CONFIG_ALPHA_DP264=y CONFIG_NET_TULIP=y CONFIG_TULIP=y CONFIG_TULIP_MWI=y CONFIG_TULIP_MMIO=y CONFIG_TULIP_NAPI=y CONFIG_TULIP_NAPI_HW_MITIGATION=y Device info: root@bigbang:~# lspci -vvv |more 00:09.0 Ethernet controller: Digital Equipment Corporation DECchip 21142/43 (rev 41) Subsystem: Digital Equipment Corporation DE500B Fast Ethernet Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 255 (5000ns min, 10000ns max), Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 29 Region 0: I/O ports at 8400 [size=128] Region 1: Memory at 0a120000 (32-bit, non-prefetchable) [size=1K] Expansion ROM at 0a000000 [disabled] [size=256K] Kernel driver in use: tulip 00:0b.0 Ethernet controller: Digital Equipment Corporation DECchip 21142/43 (rev 41) Subsystem: Digital Equipment Corporation DE500B Fast Ethernet Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 255 (5000ns min, 10000ns max), Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 30 Region 0: I/O ports at 8480 [size=128] Region 1: Memory at 0a121000 (32-bit, non-prefetchable) [size=1K] Expansion ROM at 0a040000 [disabled] [size=256K] Kernel driver in use: tulip

10 hours

2
6
0 0

FAILED: patch "[PATCH] rust: compile libcore with edition 2024 for 1.87+" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f4daa80d6be7d3c55ca72a8e560afc4e21f886aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061734-shale-reliably-8969@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4daa80d6be7d3c55ca72a8e560afc4e21f886aa Mon Sep 17 00:00:00 2001 From: Gary Guo <gary(a)garyguo.net> Date: Sat, 17 May 2025 09:55:59 +0100 Subject: [PATCH] rust: compile libcore with edition 2024 for 1.87+ Rust 1.87 (released on 2025-05-15) compiles core library with edition 2024 instead of 2021 [1]. Ensure that the edition matches libcore's expectation to avoid potential breakage. [ J3m3 reported in Zulip [2] that the `rust-analyzer` target was broken after this patch -- indeed, we need to avoid `core-cfgs` since those are passed to the `rust-analyzer` target. So, instead, I tweaked the patch to create a new `core-edition` variable and explicitly mention the `--edition` flag instead of reusing `core-cfg`s. In addition, pass a new argument using this new variable to `generate_rust_analyzer.py` so that we set the right edition there. By the way, for future reference: the `filter-out` change is needed for Rust < 1.87, since otherwise we would skip the `--edition=2021` we just added, ending up with no edition flag, and thus the compiler would default to the 2015 one. [2] https://rust-for-linux.zulipchat.com/#narrow/channel/291565/topic/x/near/52… - Miguel ] Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust/pull/138162 [1] Reported-by: est31 <est31(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/1163 Signed-off-by: Gary Guo <gary(a)garyguo.net> Link: https://lore.kernel.org/r/20250517085600.2857460-1-gary@garyguo.net Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/Makefile b/rust/Makefile index f207ba0ed466..d62b58d0a55c 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -60,6 +60,8 @@ endif core-cfgs = \ --cfg no_fp_fmt_parse +core-edition := $(if $(call rustc-min-version,108700),2024,2021) + # `rustc` recognizes `--remap-path-prefix` since 1.26.0, but `rustdoc` only # since Rust 1.81.0. Moreover, `rustdoc` ICEs on out-of-tree builds since Rust # 1.82.0 (https://github.com/rust-lang/rust/issues/138520). Thus workaround both @@ -106,8 +108,8 @@ rustdoc-macros: $(src)/macros/lib.rs FORCE # Starting with Rust 1.82.0, skipping `-Wrustdoc::unescaped_backticks` should # not be needed -- see https://github.com/rust-lang/rust/pull/128307. -rustdoc-core: private skip_flags = -Wrustdoc::unescaped_backticks -rustdoc-core: private rustc_target_flags = $(core-cfgs) +rustdoc-core: private skip_flags = --edition=2021 -Wrustdoc::unescaped_backticks +rustdoc-core: private rustc_target_flags = --edition=$(core-edition) $(core-cfgs) rustdoc-core: $(RUST_LIB_SRC)/core/src/lib.rs FORCE +$(call if_changed,rustdoc) @@ -416,7 +418,7 @@ quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L cmd_rustc_library = \ OBJTREE=$(abspath $(objtree)) \ $(if $(skip_clippy),$(RUSTC),$(RUSTC_OR_CLIPPY)) \ - $(filter-out $(skip_flags),$(rust_flags) $(rustc_target_flags)) \ + $(filter-out $(skip_flags),$(rust_flags)) $(rustc_target_flags) \ --emit=dep-info=$(depfile) --emit=obj=$@ \ --emit=metadata=$(dir $@)$(patsubst %.o,lib%.rmeta,$(notdir $@)) \ --crate-type rlib -L$(objtree)/$(obj) \ @@ -427,7 +429,7 @@ quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L rust-analyzer: $(Q)MAKEFLAGS= $(srctree)/scripts/generate_rust_analyzer.py \ - --cfgs='core=$(core-cfgs)' \ + --cfgs='core=$(core-cfgs)' $(core-edition) \ $(realpath $(srctree)) $(realpath $(objtree)) \ $(rustc_sysroot) $(RUST_LIB_SRC) $(if $(KBUILD_EXTMOD),$(srcroot)) \ > rust-project.json @@ -483,9 +485,9 @@ $(obj)/helpers/helpers.o: $(src)/helpers/helpers.c $(recordmcount_source) FORCE $(obj)/exports.o: private skip_gendwarfksyms = 1 $(obj)/core.o: private skip_clippy = 1 -$(obj)/core.o: private skip_flags = -Wunreachable_pub +$(obj)/core.o: private skip_flags = --edition=2021 -Wunreachable_pub $(obj)/core.o: private rustc_objcopy = $(foreach sym,$(redirect-intrinsics),--redefine-sym $(sym)=__rust$(sym)) -$(obj)/core.o: private rustc_target_flags = $(core-cfgs) +$(obj)/core.o: private rustc_target_flags = --edition=$(core-edition) $(core-cfgs) $(obj)/core.o: $(RUST_LIB_SRC)/core/src/lib.rs \ $(wildcard $(objtree)/include/config/RUSTC_VERSION_TEXT) FORCE +$(call if_changed_rule,rustc_library) diff --git a/scripts/generate_rust_analyzer.py b/scripts/generate_rust_analyzer.py index fe663dd0c43b..7c3ea2b55041 100755 --- a/scripts/generate_rust_analyzer.py +++ b/scripts/generate_rust_analyzer.py @@ -19,7 +19,7 @@ def args_crates_cfgs(cfgs): return crates_cfgs -def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): +def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs, core_edition): # Generate the configuration list. cfg = [] with open(objtree / "include" / "generated" / "rustc_cfg") as fd: @@ -35,7 +35,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): crates_indexes = {} crates_cfgs = args_crates_cfgs(cfgs) - def append_crate(display_name, root_module, deps, cfg=[], is_workspace_member=True, is_proc_macro=False): + def append_crate(display_name, root_module, deps, cfg=[], is_workspace_member=True, is_proc_macro=False, edition="2021"): crate = { "display_name": display_name, "root_module": str(root_module), @@ -43,7 +43,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): "is_proc_macro": is_proc_macro, "deps": [{"crate": crates_indexes[dep], "name": dep} for dep in deps], "cfg": cfg, - "edition": "2021", + "edition": edition, "env": { "RUST_MODFILE": "This is only for rust-analyzer" } @@ -61,6 +61,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): display_name, deps, cfg=[], + edition="2021", ): append_crate( display_name, @@ -68,12 +69,13 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): deps, cfg, is_workspace_member=False, + edition=edition, ) # NB: sysroot crates reexport items from one another so setting up our transitive dependencies # here is important for ensuring that rust-analyzer can resolve symbols. The sources of truth # for this dependency graph are `(sysroot_src / crate / "Cargo.toml" for crate in crates)`. - append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", [])) + append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", []), edition=core_edition) append_sysroot_crate("alloc", ["core"]) append_sysroot_crate("std", ["alloc", "core"]) append_sysroot_crate("proc_macro", ["core", "std"]) @@ -177,6 +179,7 @@ def main(): parser = argparse.ArgumentParser() parser.add_argument('--verbose', '-v', action='store_true') parser.add_argument('--cfgs', action='append', default=[]) + parser.add_argument("core_edition") parser.add_argument("srctree", type=pathlib.Path) parser.add_argument("objtree", type=pathlib.Path) parser.add_argument("sysroot", type=pathlib.Path) @@ -193,7 +196,7 @@ def main(): assert args.sysroot in args.sysroot_src.parents rust_project = { - "crates": generate_crates(args.srctree, args.objtree, args.sysroot_src, args.exttree, args.cfgs), + "crates": generate_crates(args.srctree, args.objtree, args.sysroot_src, args.exttree, args.cfgs, args.core_edition), "sysroot": str(args.sysroot), }

10 hours, 24 minutes

3
3
0 0

FAILED: patch "[PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f90fff1e152dedf52b932240ebbd670d83330eca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061744-precinct-rubble-45c9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f90fff1e152dedf52b932240ebbd670d83330eca Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Fri, 13 Jun 2025 19:26:50 +0200 Subject: [PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. Cc: stable(a)vger.kernel.org Reported-by: Benoît Sevens <bsevens(a)google.com> Fixes: 0bdd2ed4138e ("sched: run_posix_cpu_timers: Don't check ->exit_state, use lock_task_sighand()") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c index 50e8d04ab661..2e5b89d7d866 100644 --- a/kernel/time/posix-cpu-timers.c +++ b/kernel/time/posix-cpu-timers.c @@ -1405,6 +1405,15 @@ void run_posix_cpu_timers(void) lockdep_assert_irqs_disabled(); + /* + * Ensure that release_task(tsk) can't happen while + * handle_posix_cpu_timers() is running. Otherwise, a concurrent + * posix_cpu_timer_del() may fail to lock_task_sighand(tsk) and + * miss timer->it.cpu.firing != 0. + */ + if (tsk->exit_state) + return; + /* * If the actual expiry is deferred to task work context and the * work is already scheduled there is no point to do anything here.

10 hours, 56 minutes

2
1
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) clang: error: assembler command failed with exit code 1 (use -v to...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- clang: error: assembler command failed with exit code 1 (use -v to see invocation) in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:e1ce6e2cb61e68ec7bf14991570487d713f77e0a - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e2f5a2e75b315706dd2d1d50a4313e5785eb189d Log excerpt: ===================================================== CC drivers/firmware/qcom_scm-32.o CC lib/idr.o CC drivers/gpu/host1x/debug.o CC drivers/clk/rockchip/clk-rk3328.o CC drivers/clk/rockchip/clk-rk3368.o CC lib/ioremap.o CC drivers/gpu/drm/drm_probe_helper.o CC drivers/clk/rockchip/clk-rk3399.o /tmp/qcom_scm-32-2d4d72.s: Assembler messages: /tmp/qcom_scm-32-2d4d72.s:56: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:69: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:173: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:394: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:545: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:930: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:1070: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:1117: Error: selected processor does not support `smc #0' in ARM mode clang: error: assembler command failed with exit code 1 (use -v to see invocation) ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685191885c2cf25042b9bb39 ## multi_v7_defconfig on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685191845c2cf25042b9bb35 #kernelci issue maestro:e1ce6e2cb61e68ec7bf14991570487d713f77e0a Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

11 hours, 23 minutes

1
0
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupport...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] in drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.o (drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:69fb66ef80a96ff4750a9dacf73be24a7cbe888e - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 2c86adab41e98d103953bf8c447202c9147150ab Log excerpt: ===================================================== drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c:3795:6: error: stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3795 | void dml31_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ CC drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn303/dcn303_fpu.o 1 error generated. CC drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn314/dcn314_fpu.o ===================================================== # Builds where the incident occurred: ## x86_64_defconfig+kselftest+x86-board on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685193725c2cf25042b9bcc9 #kernelci issue maestro:69fb66ef80a96ff4750a9dacf73be24a7cbe888e Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

11 hours, 23 minutes

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [lo...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [logspec:kbuild,kbuild.compiler] --- - dashboard: https://d.kernelci.org/i/maestro:04c1ce2921a16b59c7329a6026c59ea7942ef691 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e2f5a2e75b315706dd2d1d50a4313e5785eb189d Log excerpt: ===================================================== CC drivers/firmware/qcom_scm-32.o CC drivers/firmware/trusted_foundations.o CC drivers/clk/qcom/clk-regmap.o CC drivers/gpio/gpio-pl061.o CC kernel/resource.o CC kernel/sysctl.o /tmp/ccsKkK07.s: Assembler messages: /tmp/ccsKkK07.s:45: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:94: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:160: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:296: Error: selected processor does not support `smc #0' in ARM mode ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685191a35c2cf25042b9bb4f ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685191ab5c2cf25042b9bb56 #kernelci issue maestro:04c1ce2921a16b59c7329a6026c59ea7942ef691 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

11 hours, 23 minutes

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) integer literal is too large to be represented in type 'long', int...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] in drivers/gpu/drm/meson/meson_vclk.o (drivers/gpu/drm/meson/meson_vclk.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:ae3b0334acd91200d6ced325a381bafac2d46493 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: d99cd6f3a570e2f93e8f966b8ca772ef3da54fe2 Log excerpt: ===================================================== drivers/gpu/drm/meson/meson_vclk.c:399:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 399 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:411:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 411 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:423:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 423 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:436:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 436 | .phy_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:460:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 460 | .phy_freq = 2970000000, | ^ CC [M] net/dccp/feat.o drivers/gpu/drm/meson/meson_vclk.c:850:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 850 | case 2970000000: | ^ drivers/gpu/drm/meson/meson_vclk.c:868:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 868 | case 2970000000: | ^ drivers/gpu/drm/meson/meson_vclk.c:885:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 885 | case 2970000000: | ^ 8 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685192b15c2cf25042b9bc2e #kernelci issue maestro:ae3b0334acd91200d6ced325a381bafac2d46493 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

11 hours, 23 minutes

1
0
0 0

[PATCH v2] serial: core: restore of_node information in sysfs

by Aidan Stewart

Since in v6.8-rc1, the of_node symlink under tty devices is missing. This breaks any udev rules relying on this information. Link the of_node information in the serial controller device with the parent defined in the device tree. This will also apply to the serial device which takes the serial controller as a parent device. Fixes: b286f4e87e32 ("serial: core: Move tty and serdev to be children of serial core port device") Cc: stable(a)vger.kernel.org Signed-off-by: Aidan Stewart <astewart(a)tektelic.com> --- v1 -> v2: - v1: https://lore.kernel.org/linux-serial/20250616162154.9057-1-astewart@tekteli… - Remove IS_ENABLED(CONFIG_OF) check. --- drivers/tty/serial/serial_base_bus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/serial_base_bus.c b/drivers/tty/serial/serial_base_bus.c index 5d1677f1b651..cb3b127b06b6 100644 --- a/drivers/tty/serial/serial_base_bus.c +++ b/drivers/tty/serial/serial_base_bus.c @@ -72,6 +72,7 @@ static int serial_base_device_init(struct uart_port *port, dev->parent = parent_dev; dev->bus = &serial_base_bus_type; dev->release = release; + device_set_of_node_from_dev(dev, parent_dev); if (!serial_base_initialized) { dev_dbg(port->dev, "uart_add_one_port() called before arch_initcall()?\n"); -- 2.49.0

11 hours, 34 minutes

1
0
0 0

[PATCH 1/2] drm/xe: Move DSB l2 flush to a more sensible place

by Matthew Auld

From: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Flushing l2 is only needed after all data has been written. Fixes: 01570b446939 ("drm/xe/bmg: implement Wa_16023588340") Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.12+ Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> --- drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/xe/display/xe_dsb_buffer.c b/drivers/gpu/drm/xe/display/xe_dsb_buffer.c index f95375451e2f..9f941fc2e36b 100644 --- a/drivers/gpu/drm/xe/display/xe_dsb_buffer.c +++ b/drivers/gpu/drm/xe/display/xe_dsb_buffer.c @@ -17,10 +17,7 @@ u32 intel_dsb_buffer_ggtt_offset(struct intel_dsb_buffer *dsb_buf) void intel_dsb_buffer_write(struct intel_dsb_buffer *dsb_buf, u32 idx, u32 val) { - struct xe_device *xe = dsb_buf->vma->bo->tile->xe; - iosys_map_wr(&dsb_buf->vma->bo->vmap, idx * 4, u32, val); - xe_device_l2_flush(xe); } u32 intel_dsb_buffer_read(struct intel_dsb_buffer *dsb_buf, u32 idx) @@ -30,12 +27,9 @@ u32 intel_dsb_buffer_read(struct intel_dsb_buffer *dsb_buf, u32 idx) void intel_dsb_buffer_memset(struct intel_dsb_buffer *dsb_buf, u32 idx, u32 val, size_t size) { - struct xe_device *xe = dsb_buf->vma->bo->tile->xe; - WARN_ON(idx > (dsb_buf->buf_size - size) / sizeof(*dsb_buf->cmd_buf)); iosys_map_memset(&dsb_buf->vma->bo->vmap, idx * 4, val, size); - xe_device_l2_flush(xe); } bool intel_dsb_buffer_create(struct intel_crtc *crtc, struct intel_dsb_buffer *dsb_buf, size_t size) @@ -74,9 +68,12 @@ void intel_dsb_buffer_cleanup(struct intel_dsb_buffer *dsb_buf) void intel_dsb_buffer_flush_map(struct intel_dsb_buffer *dsb_buf) { + struct xe_device *xe = dsb_buf->vma->bo->tile->xe; + /* * The memory barrier here is to ensure coherency of DSB vs MMIO, * both for weak ordering archs and discrete cards. */ - xe_device_wmb(dsb_buf->vma->bo->tile->xe); + xe_device_wmb(xe); + xe_device_l2_flush(xe); } -- 2.49.0

11 hours, 46 minutes

2
4
0 0

[PATCH 6.12.y 0/2] Kunit to check the longest symbol length

by Sergio González Collado

The longest length of a symbol (KSYM_NAME_LEN) was increased to 512 in the reference [1]. Because in Rust symbols can become quite long due to namespacing introduced by modules, types, traits, generics, etc. This patch series presents two commits that implement a test to verify that a symbol with KSYM_NAME_LEN of 512 can be read. The first commit: To check that symbol length was valid, the commit implements a kunit test that verifies that a symbol of 512 length can be read. The second commit: There was a warning when building with clang because there was a definition of unlikely from compiler.h in tools/include/linux, which conflicted with the one in the instruction decoder selftest. [1] https://lore.kernel.org/lkml/20220802015052.10452-6-ojeda@kernel.org/ --- Nathan Chancellor (1): x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c Sergio González Collado (1): Kunit to check the longest symbol length arch/x86/tools/insn_decoder_test.c | 5 +- lib/Kconfig.debug | 9 ++++ lib/Makefile | 2 + lib/longest_symbol_kunit.c | 82 ++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 lib/longest_symbol_kunit.c base-commit: ba9210b8c96355a16b78e1b890dce78f284d6f31 -- 2.39.2

12 hours, 18 minutes

4
11
0 0

[PATCH] serial: core: restore of_node information in sysfs

by Aidan Stewart

Since in v6.8-rc1, the of_node symlink under tty devices is missing. This breaks any udev rules relying on this information. Link the of_node information in the serial controller device with the parent defined in the device tree. This will also apply to the serial device which takes the serial controller as a parent device. Fixes: b286f4e87e32 ("serial: core: Move tty and serdev to be children of serial core port device") Cc: stable(a)vger.kernel.org Signed-off-by: Aidan Stewart <astewart(a)tektelic.com> --- drivers/tty/serial/serial_base_bus.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/tty/serial/serial_base_bus.c b/drivers/tty/serial/serial_base_bus.c index 5d1677f1b651..0e4bf7a3e775 100644 --- a/drivers/tty/serial/serial_base_bus.c +++ b/drivers/tty/serial/serial_base_bus.c @@ -73,6 +73,10 @@ static int serial_base_device_init(struct uart_port *port, dev->bus = &serial_base_bus_type; dev->release = release; + if (IS_ENABLED(CONFIG_OF)) { + device_set_of_node_from_dev(dev, parent_dev); + } + if (!serial_base_initialized) { dev_dbg(port->dev, "uart_add_one_port() called before arch_initcall()?\n"); return -EPROBE_DEFER; -- 2.49.0

12 hours, 26 minutes

2
3
0 0

[PATCH stable 5.10,5.15 1/2] net: Fix checksum update for ILA adj-transport

by Paul Chaignon

[ Upstream commit 6043b794c7668c19dabc4a93c75b924a19474d59 ] [ Note: Fixed conflict due to unrelated change in inet_proto_csum_replace_by_diff. ] During ILA address translations, the L4 checksums can be handled in different ways. One of them, adj-transport, consist in parsing the transport layer and updating any found checksum. This logic relies on inet_proto_csum_replace_by_diff and produces an incorrect skb->csum when in state CHECKSUM_COMPLETE. This bug can be reproduced with a simple ILA to SIR mapping, assuming packets are received with CHECKSUM_COMPLETE: $ ip a show dev eth0 14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 62:ae:35:9e:0f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 3333:0:0:1::c078/64 scope global valid_lft forever preferred_lft forever inet6 fd00:10:244:1::c078/128 scope global nodad valid_lft forever preferred_lft forever inet6 fe80::60ae:35ff:fe9e:f8d/64 scope link proto kernel_ll valid_lft forever preferred_lft forever $ ip ila add loc_match fd00:10:244:1 loc 3333:0:0:1 \ csum-mode adj-transport ident-type luid dev eth0 Then I hit [fd00:10:244:1::c078]:8000 with a server listening only on [3333:0:0:1::c078]:8000. With the bug, the SYN packet is dropped with SKB_DROP_REASON_TCP_CSUM after inet_proto_csum_replace_by_diff changed skb->csum. The translation and drop are visible on pwru [1] traces: IFACE TUPLE FUNC eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ipv6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ip6_rcv_core eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) nf_hook_slow eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) inet_proto_csum_replace_by_diff eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_early_demux eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_route_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input_finish eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_protocol_deliver_rcu eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) raw6_local_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ipv6_raw_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) __skb_checksum_complete eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skb_reason(SKB_DROP_REASON_TCP_CSUM) eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_head_state eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_data eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_free_head eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skbmem This is happening because inet_proto_csum_replace_by_diff is updating skb->csum when it shouldn't. The L4 checksum is updated such that it "cancels" the IPv6 address change in terms of checksum computation, so the impact on skb->csum is null. Note this would be different for an IPv4 packet since three fields would be updated: the IPv4 address, the IP checksum, and the L4 checksum. Two would cancel each other and skb->csum would still need to be updated to take the L4 checksum change into account. This patch fixes it by passing an ipv6 flag to inet_proto_csum_replace_by_diff, to skip the skb->csum update if we're in the IPv6 case. Note the behavior of the only other user of inet_proto_csum_replace_by_diff, the BPF subsystem, is left as is in this patch and fixed in the subsequent patch. With the fix, using the reproduction from above, I can confirm skb->csum is not touched by inet_proto_csum_replace_by_diff and the TCP SYN proceeds to the application after the ILA translation. Link: https://github.com/cilium/pwru [1] Fixes: 65d7ab8de582 ("net: Identifier Locator Addressing module") Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://patch.msgid.link/b5539869e3550d46068504feb02d37653d939c0b.174850948… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> --- include/net/checksum.h | 2 +- net/core/filter.c | 2 +- net/core/utils.c | 4 ++-- net/ipv6/ila/ila_common.c | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/checksum.h b/include/net/checksum.h index d3b5d368a0ca..c975c76b4dd4 100644 --- a/include/net/checksum.h +++ b/include/net/checksum.h @@ -154,7 +154,7 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, const __be32 *from, const __be32 *to, bool pseudohdr); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr); + __wsum diff, bool pseudohdr, bool ipv6); static __always_inline void inet_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb, diff --git a/net/core/filter.c b/net/core/filter.c index 9d358fb865e2..65b7fb9c3d29 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1970,7 +1970,7 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset, if (unlikely(from != 0)) return -EINVAL; - inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo); + inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo, false); break; case 2: inet_proto_csum_replace2(ptr, skb, from, to, is_pseudo); diff --git a/net/core/utils.c b/net/core/utils.c index 1f31a39236d5..d010fcf1dc08 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -473,11 +473,11 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, EXPORT_SYMBOL(inet_proto_csum_replace16); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr) + __wsum diff, bool pseudohdr, bool ipv6) { if (skb->ip_summed != CHECKSUM_PARTIAL) { *sum = csum_fold(csum_add(diff, ~csum_unfold(*sum))); - if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) + if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr && !ipv6) skb->csum = ~csum_add(diff, ~skb->csum); } else if (pseudohdr) { *sum = ~csum_fold(csum_add(diff, csum_unfold(*sum))); diff --git a/net/ipv6/ila/ila_common.c b/net/ipv6/ila/ila_common.c index 95e9146918cc..b8d43ed4689d 100644 --- a/net/ipv6/ila/ila_common.c +++ b/net/ipv6/ila/ila_common.c @@ -86,7 +86,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&th->check, skb, - diff, true); + diff, true, true); } break; case NEXTHDR_UDP: @@ -97,7 +97,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) { diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&uh->check, skb, - diff, true); + diff, true, true); if (!uh->check) uh->check = CSUM_MANGLED_0; } @@ -111,7 +111,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&ih->icmp6_cksum, skb, - diff, true); + diff, true, true); } break; } -- 2.43.0

12 hours, 33 minutes

1
1
0 0

FAILED: patch "[PATCH] usb: cdnsp: Fix issue with detecting command completion event" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f4ecdc352646f7d23f348e5c544dbe3212c94fc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061708-cameo-caring-38a0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4ecdc352646f7d23f348e5c544dbe3212c94fc8 Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Tue, 13 May 2025 05:30:09 +0000 Subject: [PATCH] usb: cdnsp: Fix issue with detecting command completion event In some cases, there is a small-time gap in which CMD_RING_BUSY can be cleared by controller but adding command completion event to event ring will be delayed. As the result driver will return error code. This behavior has been detected on usbtest driver (test 9) with configuration including ep1in/ep1out bulk and ep2in/ep2out isoc endpoint. Probably this gap occurred because controller was busy with adding some other events to event ring. The CMD_RING_BUSY is cleared to '0' when the Command Descriptor has been executed and not when command completion event has been added to event ring. To fix this issue for this test the small delay is sufficient less than 10us) but to make sure the problem doesn't happen again in the future the patch introduces 10 retries to check with delay about 20us before returning error code. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB9538AA45362ACCF1B94EE9B7DD96A@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index cd1e00daf43f..55f95f41b3b4 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -548,6 +548,7 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) dma_addr_t cmd_deq_dma; union cdnsp_trb *event; u32 cycle_state; + u32 retry = 10; int ret, val; u64 cmd_dma; u32 flags; @@ -579,8 +580,23 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) flags = le32_to_cpu(event->event_cmd.flags); /* Check the owner of the TRB. */ - if ((flags & TRB_CYCLE) != cycle_state) + if ((flags & TRB_CYCLE) != cycle_state) { + /* + * Give some extra time to get chance controller + * to finish command before returning error code. + * Checking CMD_RING_BUSY is not sufficient because + * this bit is cleared to '0' when the Command + * Descriptor has been executed by controller + * and not when command completion event has + * be added to event ring. + */ + if (retry--) { + udelay(20); + continue; + } + return -EINVAL; + } cmd_dma = le64_to_cpu(event->event_cmd.cmd_trb);

13 hours, 35 minutes

2
1
0 0

[PATCH v7 0/5] media: uvcvideo: Introduce V4L2_META_FMT_UVC_MSXU_1_5 + other meta fixes

by Ricardo Ribalda

This series introduces a new metadata format for UVC cameras and adds a couple of improvements to the UVC metadata handling. The new metadata format can be enabled in runtime with quirks. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v7: - Add patch: Introduce dev->meta_formats - Link to v6: https://lore.kernel.org/r/20250604-uvc-meta-v6-0-7141d48c322c@chromium.org Changes in v6 (Thanks Laurent): - Fix typo in metafmt-uvc.rst - Improve metafmt-uvc-msxu-1-5.rst - uvc_meta_v4l2_try_format() block MSXU format unless the quirk is active - Refactor uvc_enable_msxu - Document uvc_meta_detect_msxu - Rebase series - Add R-b - Link to v5: https://lore.kernel.org/r/20250404-uvc-meta-v5-0-f79974fc2d20@chromium.org Changes in v5: - Fix codestyle and kerneldoc warnings reported by media-ci - Link to v4: https://lore.kernel.org/r/20250403-uvc-meta-v4-0-877aa6475975@chromium.org Changes in v4: - Rename format to V4L2_META_FMT_UVC_MSXU_1_5 (Thanks Mauro) - Flag the new format with a quirk. - Autodetect MSXU devices. - Link to v3: https://lore.kernel.org/linux-media/20250313-uvc-metadata-v3-0-c467af869c60… Changes in v3: - Fix doc syntax errors. - Link to v2: https://lore.kernel.org/r/20250306-uvc-metadata-v2-0-7e939857cad5@chromium.… Changes in v2: - Add metadata invalid fix - Move doc note to a separate patch - Introduce V4L2_META_FMT_UVC_CUSTOM (thanks HdG!). - Link to v1: https://lore.kernel.org/r/20250226-uvc-metadata-v1-1-6cd6fe5ec2cb@chromium.… --- Ricardo Ribalda (5): media: uvcvideo: Do not mark valid metadata as invalid media: Documentation: Add note about UVCH length field media: uvcvideo: Introduce dev->meta_formats media: uvcvideo: Introduce V4L2_META_FMT_UVC_MSXU_1_5 media: uvcvideo: Auto-set UVC_QUIRK_MSXU_META .../userspace-api/media/v4l/meta-formats.rst | 1 + .../media/v4l/metafmt-uvc-msxu-1-5.rst | 23 ++++ .../userspace-api/media/v4l/metafmt-uvc.rst | 4 +- MAINTAINERS | 1 + drivers/media/usb/uvc/uvc_driver.c | 7 ++ drivers/media/usb/uvc/uvc_metadata.c | 133 +++++++++++++++++++-- drivers/media/usb/uvc/uvc_video.c | 12 +- drivers/media/usb/uvc/uvcvideo.h | 3 + drivers/media/v4l2-core/v4l2-ioctl.c | 1 + include/linux/usb/uvc.h | 3 + include/uapi/linux/videodev2.h | 1 + 11 files changed, 175 insertions(+), 14 deletions(-) --- base-commit: c3021d6a80ff05034dfee494115ec71f1954e311 change-id: 20250403-uvc-meta-e556773d12ae Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

13 hours, 40 minutes

1
1
0 0

Re: Patch "tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()" has been added to the 6.6-stable tree

by Eric Dumazet

On Thu, May 22, 2025 at 3:44 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > tcp-reorganize-tcp_in_ack_event-and-tcp_count_delive.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > May I ask why this patch was backported to stable versions ? This is causing a packetdrill test to fail. Ilpo, can you take a look ? # packetdrill --ip_version=ipv6 --mtu=1520 dctcp-plb-simple.pkt dctcp-plb-simple.pkt:49: error handling packet: inconsistent flowlabels for this packet: expected: 0x1c50c vs actual: 0xb867c script packet: 0.032224 P.W 5001:6001(1000) ack 1 <nop,nop,TS val 100 ecr 100> actual packet: 0.032209 P.W 5001:6001(1000) ack 1 win 255 <nop,nop,TS val 124 ecr 100> $ cat dctcp-plb-simple.pkt // DCTCP PLB Test // Check that DCTCP rehashes based on PLB congestion conditions `sysctl -qw net/ipv4/tcp_ecn=1 \ net/ipv4/tcp_congestion_control=dctcp \ net/ipv4/tcp_plb_enabled=1 \ net/ipv4/tcp_rmem="4096 131072 15000000"` // Initialize connection 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 // ECN handshake: send EW flags in SYN packet, E flag in SYN-ACK response +0 < SEW 0:0(0) win 32792 <mss 1460,sackOK,TS val 100 ecr 100,nop,wscale 6> +0 > (flowlabel 0x1) SE. 0:0(0) ack 1 <mss 1460,sackOK,TS val 100 ecr 100,nop,wscale 8> +0 < . 1:1(0) ack 1 win 257 +0 accept(3, ..., ...) = 4 +0 getsockopt(4, IPPROTO_TCP, TCP_CONGESTION, "dctcp", [5]) = 0 +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) P. 1:1001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 1001 win 1000 <nop,nop,TS val 100 ecr 100> // no ECN mark, flowlabel won't change. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) P. 1001:2001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 2001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) P. 2001:3001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < E. 1:1(0) ack 3001 win 1000 <nop,nop,TS val 100 ecr 100> // ECN-marked. 1 congested round. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) PW. 3001:4001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < E. 1:1(0) ack 4001 win 1000 <nop,nop,TS val 100 ecr 100> // ECN-marked. 2 congested round. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) PW. 4001:5001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < E. 1:1(0) ack 5001 win 1000 <nop,nop,TS val 100 ecr 100> // ECN-marked. 3 congested round. +0 write(4, ..., 1000) = 1000 // Flowlabel will change next round +0 > (flowlabel 0x1) PW. 5001:6001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 6001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. 0 congested round. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x2) P. 6001:7001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 7001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. Verify new flowlabel +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x2) P. 7001:8001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 8001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. New flowlabel should stick > > commit c39f5ebea6713c908f64e4682c26d144d9a659de > Author: Ilpo Järvinen <ij(a)kernel.org> > Date: Wed Mar 5 23:38:41 2025 +0100 > > tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() > > [ Upstream commit 149dfb31615e22271d2525f078c95ea49bc4db24 ] > > - Move tcp_count_delivered() earlier and split tcp_count_delivered_ce() > out of it > - Move tcp_in_ack_event() later > - While at it, remove the inline from tcp_in_ack_event() and let > the compiler to decide > > Accurate ECN's heuristics does not know if there is going > to be ACE field based CE counter increase or not until after > rtx queue has been processed. Only then the number of ACKed > bytes/pkts is available. As CE or not affects presence of > FLAG_ECE, that information for tcp_in_ack_event is not yet > available in the old location of the call to tcp_in_ack_event(). > > Signed-off-by: Ilpo Järvinen <ij(a)kernel.org> > Signed-off-by: Chia-Yu Chang <chia-yu.chang(a)nokia-bell-labs.com> > Signed-off-by: David S. Miller <davem(a)davemloft.net> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > index 10d38ec0ff5ac..a172248b66783 100644 > --- a/net/ipv4/tcp_input.c > +++ b/net/ipv4/tcp_input.c > @@ -425,6 +425,20 @@ static bool tcp_ecn_rcv_ecn_echo(const struct tcp_sock *tp, const struct tcphdr > return false; > } > > +static void tcp_count_delivered_ce(struct tcp_sock *tp, u32 ecn_count) > +{ > + tp->delivered_ce += ecn_count; > +} > + > +/* Updates the delivered and delivered_ce counts */ > +static void tcp_count_delivered(struct tcp_sock *tp, u32 delivered, > + bool ece_ack) > +{ > + tp->delivered += delivered; > + if (ece_ack) > + tcp_count_delivered_ce(tp, delivered); > +} > + > /* Buffer size and advertised window tuning. > * > * 1. Tuning sk->sk_sndbuf, when connection enters established state. > @@ -1137,15 +1151,6 @@ void tcp_mark_skb_lost(struct sock *sk, struct sk_buff *skb) > } > } > > -/* Updates the delivered and delivered_ce counts */ > -static void tcp_count_delivered(struct tcp_sock *tp, u32 delivered, > - bool ece_ack) > -{ > - tp->delivered += delivered; > - if (ece_ack) > - tp->delivered_ce += delivered; > -} > - > /* This procedure tags the retransmission queue when SACKs arrive. > * > * We have three tag bits: SACKED(S), RETRANS(R) and LOST(L). > @@ -3816,12 +3821,23 @@ static void tcp_process_tlp_ack(struct sock *sk, u32 ack, int flag) > } > } > > -static inline void tcp_in_ack_event(struct sock *sk, u32 flags) > +static void tcp_in_ack_event(struct sock *sk, int flag) > { > const struct inet_connection_sock *icsk = inet_csk(sk); > > - if (icsk->icsk_ca_ops->in_ack_event) > - icsk->icsk_ca_ops->in_ack_event(sk, flags); > + if (icsk->icsk_ca_ops->in_ack_event) { > + u32 ack_ev_flags = 0; > + > + if (flag & FLAG_WIN_UPDATE) > + ack_ev_flags |= CA_ACK_WIN_UPDATE; > + if (flag & FLAG_SLOWPATH) { > + ack_ev_flags |= CA_ACK_SLOWPATH; > + if (flag & FLAG_ECE) > + ack_ev_flags |= CA_ACK_ECE; > + } > + > + icsk->icsk_ca_ops->in_ack_event(sk, ack_ev_flags); > + } > } > > /* Congestion control has updated the cwnd already. So if we're in > @@ -3938,12 +3954,8 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > tcp_snd_una_update(tp, ack); > flag |= FLAG_WIN_UPDATE; > > - tcp_in_ack_event(sk, CA_ACK_WIN_UPDATE); > - > NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPHPACKS); > } else { > - u32 ack_ev_flags = CA_ACK_SLOWPATH; > - > if (ack_seq != TCP_SKB_CB(skb)->end_seq) > flag |= FLAG_DATA; > else > @@ -3955,19 +3967,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una, > &sack_state); > > - if (tcp_ecn_rcv_ecn_echo(tp, tcp_hdr(skb))) { > + if (tcp_ecn_rcv_ecn_echo(tp, tcp_hdr(skb))) > flag |= FLAG_ECE; > - ack_ev_flags |= CA_ACK_ECE; > - } > > if (sack_state.sack_delivered) > tcp_count_delivered(tp, sack_state.sack_delivered, > flag & FLAG_ECE); > - > - if (flag & FLAG_WIN_UPDATE) > - ack_ev_flags |= CA_ACK_WIN_UPDATE; > - > - tcp_in_ack_event(sk, ack_ev_flags); > } > > /* This is a deviation from RFC3168 since it states that: > @@ -3994,6 +3999,8 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > > tcp_rack_update_reo_wnd(sk, &rs); > > + tcp_in_ack_event(sk, flag); > + > if (tp->tlp_high_seq) > tcp_process_tlp_ack(sk, ack, flag); > > @@ -4025,6 +4032,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > return 1; > > no_queue: > + tcp_in_ack_event(sk, flag); > /* If data was DSACKed, see if we can undo a cwnd reduction. */ > if (flag & FLAG_DSACKING_ACK) { > tcp_fastretrans_alert(sk, prior_snd_una, num_dupack, &flag,

13 hours, 42 minutes

5
5
0 0

Revert of a commit in 6.6-stable

by Jens Axboe

Hi Greg and crew, Can you revert: commit 746e7d285dcb96caa1845fbbb62b14bf4010cdfb Author: Jens Axboe <axboe(a)kernel.dk> Date: Wed May 7 08:07:09 2025 -0600 io_uring: ensure deferred completions are posted for multishot in 6.6-stable? There's some missing dependencies that makes this not work right, I'll bring it back in a series instead. -- Jens Axboe

13 hours, 49 minutes

2
3
0 0

FAILED: patch "[PATCH] x86/hyperv: Fix APIC ID and VP index confusion in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 86c48271e0d60c82665e9fd61277002391efcef7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061757-refusing-outmatch-70b7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 86c48271e0d60c82665e9fd61277002391efcef7 Mon Sep 17 00:00:00 2001 From: Roman Kisel <romank(a)linux.microsoft.com> Date: Wed, 7 May 2025 11:22:25 -0700 Subject: [PATCH] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() To start an application processor in SNP-isolated guest, a hypercall is used that takes a virtual processor index. The hv_snp_boot_ap() function uses that START_VP hypercall but passes as VP index to it what it receives as a wakeup_secondary_cpu_64 callback: the APIC ID. As those two aren't generally interchangeable, that may lead to hung APs if the VP index and the APIC ID don't match up. Update the parameter names to avoid confusion as to what the parameter is. Use the APIC ID to the VP index conversion to provide the correct input to the hypercall. Cc: stable(a)vger.kernel.org Fixes: 44676bb9d566 ("x86/hyperv: Add smp support for SEV-SNP guest") Signed-off-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Link: https://lore.kernel.org/r/20250507182227.7421-2-romank@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250507182227.7421-2-romank(a)linux.microsoft.com> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 3b569291dfed..9a8fc144e195 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -672,3 +672,36 @@ bool hv_is_hyperv_initialized(void) return hypercall_msr.enable; } EXPORT_SYMBOL_GPL(hv_is_hyperv_initialized); + +int hv_apicid_to_vp_index(u32 apic_id) +{ + u64 control; + u64 status; + unsigned long irq_flags; + struct hv_get_vp_from_apic_id_in *input; + u32 *output, ret; + + local_irq_save(irq_flags); + + input = *this_cpu_ptr(hyperv_pcpu_input_arg); + memset(input, 0, sizeof(*input)); + input->partition_id = HV_PARTITION_ID_SELF; + input->apic_ids[0] = apic_id; + + output = *this_cpu_ptr(hyperv_pcpu_output_arg); + + control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_INDEX_FROM_APIC_ID; + status = hv_do_hypercall(control, input, output); + ret = output[0]; + + local_irq_restore(irq_flags); + + if (!hv_result_success(status)) { + pr_err("failed to get vp index from apic id %d, status %#llx\n", + apic_id, status); + return -EINVAL; + } + + return ret; +} +EXPORT_SYMBOL_GPL(hv_apicid_to_vp_index); diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index ac3d27a766d5..2f32ac1ae40e 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -211,41 +211,9 @@ static int hv_vtl_bringup_vcpu(u32 target_vp_index, int cpu, u64 eip_ignored) return ret; } -static int hv_vtl_apicid_to_vp_id(u32 apic_id) -{ - u64 control; - u64 status; - unsigned long irq_flags; - struct hv_get_vp_from_apic_id_in *input; - u32 *output, ret; - - local_irq_save(irq_flags); - - input = *this_cpu_ptr(hyperv_pcpu_input_arg); - memset(input, 0, sizeof(*input)); - input->partition_id = HV_PARTITION_ID_SELF; - input->apic_ids[0] = apic_id; - - output = *this_cpu_ptr(hyperv_pcpu_output_arg); - - control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_ID_FROM_APIC_ID; - status = hv_do_hypercall(control, input, output); - ret = output[0]; - - local_irq_restore(irq_flags); - - if (!hv_result_success(status)) { - pr_err("failed to get vp id from apic id %d, status %#llx\n", - apic_id, status); - return -EINVAL; - } - - return ret; -} - static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) { - int vp_id, cpu; + int vp_index, cpu; /* Find the logical CPU for the APIC ID */ for_each_present_cpu(cpu) { @@ -256,18 +224,18 @@ static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) return -EINVAL; pr_debug("Bringing up CPU with APIC ID %d in VTL2...\n", apicid); - vp_id = hv_vtl_apicid_to_vp_id(apicid); + vp_index = hv_apicid_to_vp_index(apicid); - if (vp_id < 0) { + if (vp_index < 0) { pr_err("Couldn't find CPU with APIC ID %d\n", apicid); return -EINVAL; } - if (vp_id > ms_hyperv.max_vp_index) { - pr_err("Invalid CPU id %d for APIC ID %d\n", vp_id, apicid); + if (vp_index > ms_hyperv.max_vp_index) { + pr_err("Invalid CPU id %d for APIC ID %d\n", vp_index, apicid); return -EINVAL; } - return hv_vtl_bringup_vcpu(vp_id, cpu, start_eip); + return hv_vtl_bringup_vcpu(vp_index, cpu, start_eip); } int __init hv_vtl_early_init(void) diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index 77bf05f06b9e..0cc239cdb4da 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -9,6 +9,7 @@ #include <linux/bitfield.h> #include <linux/types.h> #include <linux/slab.h> +#include <linux/cpu.h> #include <asm/svm.h> #include <asm/sev.h> #include <asm/io.h> @@ -288,7 +289,7 @@ static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa) free_page((unsigned long)vmsa); } -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { struct sev_es_save_area *vmsa = (struct sev_es_save_area *) __get_free_page(GFP_KERNEL | __GFP_ZERO); @@ -297,10 +298,27 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) u64 ret, retry = 5; struct hv_enable_vp_vtl *start_vp_input; unsigned long flags; + int cpu, vp_index; if (!vmsa) return -ENOMEM; + /* Find the Hyper-V VP index which might be not the same as APIC ID */ + vp_index = hv_apicid_to_vp_index(apic_id); + if (vp_index < 0 || vp_index > ms_hyperv.max_vp_index) + return -EINVAL; + + /* + * Find the Linux CPU number for addressing the per-CPU data, and it + * might not be the same as APIC ID. + */ + for_each_present_cpu(cpu) { + if (arch_match_cpu_phys_id(cpu, apic_id)) + break; + } + if (cpu >= nr_cpu_ids) + return -EINVAL; + native_store_gdt(&gdtr); vmsa->gdtr.base = gdtr.address; @@ -348,7 +366,7 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) start_vp_input = (struct hv_enable_vp_vtl *)ap_start_input_arg; memset(start_vp_input, 0, sizeof(*start_vp_input)); start_vp_input->partition_id = -1; - start_vp_input->vp_index = cpu; + start_vp_input->vp_index = vp_index; start_vp_input->target_vtl.target_vtl = ms_hyperv.vtl; *(u64 *)&start_vp_input->vp_context = __pa(vmsa) | 1; diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h index bab5ccfc60a7..0b9a3a307d06 100644 --- a/arch/x86/include/asm/mshyperv.h +++ b/arch/x86/include/asm/mshyperv.h @@ -268,11 +268,11 @@ int hv_unmap_ioapic_interrupt(int ioapic_id, struct hv_interrupt_entry *entry); #ifdef CONFIG_AMD_MEM_ENCRYPT bool hv_ghcb_negotiate_protocol(void); void __noreturn hv_ghcb_terminate(unsigned int set, unsigned int reason); -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip); +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip); #else static inline bool hv_ghcb_negotiate_protocol(void) { return false; } static inline void hv_ghcb_terminate(unsigned int set, unsigned int reason) {} -static inline int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) { return 0; } +static inline int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { return 0; } #endif #if defined(CONFIG_AMD_MEM_ENCRYPT) || defined(CONFIG_INTEL_TDX_GUEST) @@ -306,6 +306,7 @@ static __always_inline u64 hv_raw_get_msr(unsigned int reg) { return __rdmsr(reg); } +int hv_apicid_to_vp_index(u32 apic_id); #else /* CONFIG_HYPERV */ static inline void hyperv_init(void) {} @@ -327,6 +328,7 @@ static inline void hv_set_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_msr(unsigned int reg) { return 0; } static inline void hv_set_non_nested_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_non_nested_msr(unsigned int reg) { return 0; } +static inline int hv_apicid_to_vp_index(u32 apic_id) { return -EINVAL; } #endif /* CONFIG_HYPERV */ diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h index cf0923dc727d..2d431b53f587 100644 --- a/include/hyperv/hvgdk_mini.h +++ b/include/hyperv/hvgdk_mini.h @@ -475,7 +475,7 @@ union hv_vp_assist_msr_contents { /* HV_REGISTER_VP_ASSIST_PAGE */ #define HVCALL_CREATE_PORT 0x0095 #define HVCALL_CONNECT_PORT 0x0096 #define HVCALL_START_VP 0x0099 -#define HVCALL_GET_VP_ID_FROM_APIC_ID 0x009a +#define HVCALL_GET_VP_INDEX_FROM_APIC_ID 0x009a #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE 0x00af #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_LIST 0x00b0 #define HVCALL_SIGNAL_EVENT_DIRECT 0x00c0

13 hours, 52 minutes

1
0
0 0

FAILED: patch "[PATCH] x86/hyperv: Fix APIC ID and VP index confusion in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 86c48271e0d60c82665e9fd61277002391efcef7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061756-shale-squiggly-9c9a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 86c48271e0d60c82665e9fd61277002391efcef7 Mon Sep 17 00:00:00 2001 From: Roman Kisel <romank(a)linux.microsoft.com> Date: Wed, 7 May 2025 11:22:25 -0700 Subject: [PATCH] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() To start an application processor in SNP-isolated guest, a hypercall is used that takes a virtual processor index. The hv_snp_boot_ap() function uses that START_VP hypercall but passes as VP index to it what it receives as a wakeup_secondary_cpu_64 callback: the APIC ID. As those two aren't generally interchangeable, that may lead to hung APs if the VP index and the APIC ID don't match up. Update the parameter names to avoid confusion as to what the parameter is. Use the APIC ID to the VP index conversion to provide the correct input to the hypercall. Cc: stable(a)vger.kernel.org Fixes: 44676bb9d566 ("x86/hyperv: Add smp support for SEV-SNP guest") Signed-off-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Link: https://lore.kernel.org/r/20250507182227.7421-2-romank@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250507182227.7421-2-romank(a)linux.microsoft.com> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 3b569291dfed..9a8fc144e195 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -672,3 +672,36 @@ bool hv_is_hyperv_initialized(void) return hypercall_msr.enable; } EXPORT_SYMBOL_GPL(hv_is_hyperv_initialized); + +int hv_apicid_to_vp_index(u32 apic_id) +{ + u64 control; + u64 status; + unsigned long irq_flags; + struct hv_get_vp_from_apic_id_in *input; + u32 *output, ret; + + local_irq_save(irq_flags); + + input = *this_cpu_ptr(hyperv_pcpu_input_arg); + memset(input, 0, sizeof(*input)); + input->partition_id = HV_PARTITION_ID_SELF; + input->apic_ids[0] = apic_id; + + output = *this_cpu_ptr(hyperv_pcpu_output_arg); + + control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_INDEX_FROM_APIC_ID; + status = hv_do_hypercall(control, input, output); + ret = output[0]; + + local_irq_restore(irq_flags); + + if (!hv_result_success(status)) { + pr_err("failed to get vp index from apic id %d, status %#llx\n", + apic_id, status); + return -EINVAL; + } + + return ret; +} +EXPORT_SYMBOL_GPL(hv_apicid_to_vp_index); diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index ac3d27a766d5..2f32ac1ae40e 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -211,41 +211,9 @@ static int hv_vtl_bringup_vcpu(u32 target_vp_index, int cpu, u64 eip_ignored) return ret; } -static int hv_vtl_apicid_to_vp_id(u32 apic_id) -{ - u64 control; - u64 status; - unsigned long irq_flags; - struct hv_get_vp_from_apic_id_in *input; - u32 *output, ret; - - local_irq_save(irq_flags); - - input = *this_cpu_ptr(hyperv_pcpu_input_arg); - memset(input, 0, sizeof(*input)); - input->partition_id = HV_PARTITION_ID_SELF; - input->apic_ids[0] = apic_id; - - output = *this_cpu_ptr(hyperv_pcpu_output_arg); - - control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_ID_FROM_APIC_ID; - status = hv_do_hypercall(control, input, output); - ret = output[0]; - - local_irq_restore(irq_flags); - - if (!hv_result_success(status)) { - pr_err("failed to get vp id from apic id %d, status %#llx\n", - apic_id, status); - return -EINVAL; - } - - return ret; -} - static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) { - int vp_id, cpu; + int vp_index, cpu; /* Find the logical CPU for the APIC ID */ for_each_present_cpu(cpu) { @@ -256,18 +224,18 @@ static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) return -EINVAL; pr_debug("Bringing up CPU with APIC ID %d in VTL2...\n", apicid); - vp_id = hv_vtl_apicid_to_vp_id(apicid); + vp_index = hv_apicid_to_vp_index(apicid); - if (vp_id < 0) { + if (vp_index < 0) { pr_err("Couldn't find CPU with APIC ID %d\n", apicid); return -EINVAL; } - if (vp_id > ms_hyperv.max_vp_index) { - pr_err("Invalid CPU id %d for APIC ID %d\n", vp_id, apicid); + if (vp_index > ms_hyperv.max_vp_index) { + pr_err("Invalid CPU id %d for APIC ID %d\n", vp_index, apicid); return -EINVAL; } - return hv_vtl_bringup_vcpu(vp_id, cpu, start_eip); + return hv_vtl_bringup_vcpu(vp_index, cpu, start_eip); } int __init hv_vtl_early_init(void) diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index 77bf05f06b9e..0cc239cdb4da 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -9,6 +9,7 @@ #include <linux/bitfield.h> #include <linux/types.h> #include <linux/slab.h> +#include <linux/cpu.h> #include <asm/svm.h> #include <asm/sev.h> #include <asm/io.h> @@ -288,7 +289,7 @@ static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa) free_page((unsigned long)vmsa); } -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { struct sev_es_save_area *vmsa = (struct sev_es_save_area *) __get_free_page(GFP_KERNEL | __GFP_ZERO); @@ -297,10 +298,27 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) u64 ret, retry = 5; struct hv_enable_vp_vtl *start_vp_input; unsigned long flags; + int cpu, vp_index; if (!vmsa) return -ENOMEM; + /* Find the Hyper-V VP index which might be not the same as APIC ID */ + vp_index = hv_apicid_to_vp_index(apic_id); + if (vp_index < 0 || vp_index > ms_hyperv.max_vp_index) + return -EINVAL; + + /* + * Find the Linux CPU number for addressing the per-CPU data, and it + * might not be the same as APIC ID. + */ + for_each_present_cpu(cpu) { + if (arch_match_cpu_phys_id(cpu, apic_id)) + break; + } + if (cpu >= nr_cpu_ids) + return -EINVAL; + native_store_gdt(&gdtr); vmsa->gdtr.base = gdtr.address; @@ -348,7 +366,7 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) start_vp_input = (struct hv_enable_vp_vtl *)ap_start_input_arg; memset(start_vp_input, 0, sizeof(*start_vp_input)); start_vp_input->partition_id = -1; - start_vp_input->vp_index = cpu; + start_vp_input->vp_index = vp_index; start_vp_input->target_vtl.target_vtl = ms_hyperv.vtl; *(u64 *)&start_vp_input->vp_context = __pa(vmsa) | 1; diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h index bab5ccfc60a7..0b9a3a307d06 100644 --- a/arch/x86/include/asm/mshyperv.h +++ b/arch/x86/include/asm/mshyperv.h @@ -268,11 +268,11 @@ int hv_unmap_ioapic_interrupt(int ioapic_id, struct hv_interrupt_entry *entry); #ifdef CONFIG_AMD_MEM_ENCRYPT bool hv_ghcb_negotiate_protocol(void); void __noreturn hv_ghcb_terminate(unsigned int set, unsigned int reason); -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip); +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip); #else static inline bool hv_ghcb_negotiate_protocol(void) { return false; } static inline void hv_ghcb_terminate(unsigned int set, unsigned int reason) {} -static inline int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) { return 0; } +static inline int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { return 0; } #endif #if defined(CONFIG_AMD_MEM_ENCRYPT) || defined(CONFIG_INTEL_TDX_GUEST) @@ -306,6 +306,7 @@ static __always_inline u64 hv_raw_get_msr(unsigned int reg) { return __rdmsr(reg); } +int hv_apicid_to_vp_index(u32 apic_id); #else /* CONFIG_HYPERV */ static inline void hyperv_init(void) {} @@ -327,6 +328,7 @@ static inline void hv_set_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_msr(unsigned int reg) { return 0; } static inline void hv_set_non_nested_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_non_nested_msr(unsigned int reg) { return 0; } +static inline int hv_apicid_to_vp_index(u32 apic_id) { return -EINVAL; } #endif /* CONFIG_HYPERV */ diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h index cf0923dc727d..2d431b53f587 100644 --- a/include/hyperv/hvgdk_mini.h +++ b/include/hyperv/hvgdk_mini.h @@ -475,7 +475,7 @@ union hv_vp_assist_msr_contents { /* HV_REGISTER_VP_ASSIST_PAGE */ #define HVCALL_CREATE_PORT 0x0095 #define HVCALL_CONNECT_PORT 0x0096 #define HVCALL_START_VP 0x0099 -#define HVCALL_GET_VP_ID_FROM_APIC_ID 0x009a +#define HVCALL_GET_VP_INDEX_FROM_APIC_ID 0x009a #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE 0x00af #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_LIST 0x00b0 #define HVCALL_SIGNAL_EVENT_DIRECT 0x00c0

13 hours, 52 minutes

1
0
0 0

FAILED: patch "[PATCH] xfs: don't assume perags are initialised when trimming AGs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 23be716b1c4f3f3a6c00ee38d51a57ef7db9ef7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061709-overboard-duplicate-5035@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 23be716b1c4f3f3a6c00ee38d51a57ef7db9ef7d Mon Sep 17 00:00:00 2001 From: Dave Chinner <dchinner(a)redhat.com> Date: Thu, 1 May 2025 09:27:24 +1000 Subject: [PATCH] xfs: don't assume perags are initialised when trimming AGs When running fstrim immediately after mounting a V4 filesystem, the fstrim fails to trim all the free space in the filesystem. It only trims the first extent in the by-size free space tree in each AG and then returns. If a second fstrim is then run, it runs correctly and the entire free space in the filesystem is iterated and discarded correctly. The problem lies in the setup of the trim cursor - it assumes that pag->pagf_longest is valid without either reading the AGF first or checking if xfs_perag_initialised_agf(pag) is true or not. As a result, when a filesystem is mounted without reading the AGF (e.g. a clean mount on a v4 filesystem) and the first operation is a fstrim call, pag->pagf_longest is zero and so the free extent search starts at the wrong end of the by-size btree and exits after discarding the first record in the tree. Fix this by deferring the initialisation of tcur->count to after we have locked the AGF and guaranteed that the perag is properly initialised. We trigger this on tcur->count == 0 after locking the AGF, as this will only occur on the first call to xfs_trim_gather_extents() for each AG. If we need to iterate, tcur->count will be set to the length of the record we need to restart at, so we can use this to ensure we only sample a valid pag->pagf_longest value for the iteration. Signed-off-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Bill O'Donnell <bodonnel(a)redhat.com> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Fixes: 89cfa899608f ("xfs: reduce AGF hold times during fstrim operations") Cc: <stable(a)vger.kernel.org> # v6.6 Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/xfs_discard.c b/fs/xfs/xfs_discard.c index c1a306268ae4..94d0873bcd62 100644 --- a/fs/xfs/xfs_discard.c +++ b/fs/xfs/xfs_discard.c @@ -167,6 +167,14 @@ xfs_discard_extents( return error; } +/* + * Care must be taken setting up the trim cursor as the perags may not have been + * initialised when the cursor is initialised. e.g. a clean mount which hasn't + * read in AGFs and the first operation run on the mounted fs is a trim. This + * can result in perag fields that aren't initialised until + * xfs_trim_gather_extents() calls xfs_alloc_read_agf() to lock down the AG for + * the free space search. + */ struct xfs_trim_cur { xfs_agblock_t start; xfs_extlen_t count; @@ -204,6 +212,14 @@ xfs_trim_gather_extents( if (error) goto out_trans_cancel; + /* + * First time through tcur->count will not have been initialised as + * pag->pagf_longest is not guaranteed to be valid before we read + * the AGF buffer above. + */ + if (!tcur->count) + tcur->count = pag->pagf_longest; + if (tcur->by_bno) { /* sub-AG discard request always starts at tcur->start */ cur = xfs_bnobt_init_cursor(mp, tp, agbp, pag); @@ -350,7 +366,6 @@ xfs_trim_perag_extents( { struct xfs_trim_cur tcur = { .start = start, - .count = pag->pagf_longest, .end = end, .minlen = minlen, };

13 hours, 53 minutes

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm/tcpci_maxim: Fix bounds check in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0736299d090f5c6a1032678705c4bc0a9511a3db # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061709-nacho-bronchial-18a8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0736299d090f5c6a1032678705c4bc0a9511a3db Mon Sep 17 00:00:00 2001 From: Amit Sunil Dhamne <amitsd(a)google.com> Date: Fri, 2 May 2025 16:57:03 -0700 Subject: [PATCH] usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Register read of TCPC_RX_BYTE_CNT returns the total size consisting of: PD message (pending read) size + 1 Byte for Frame Type (SOP*) This is validated against the max PD message (`struct pd_message`) size without accounting for the extra byte for the frame type. Note that the struct pd_message does not contain a field for the frame_type. This results in false negatives when the "PD message (pending read)" is equal to the max PD message size. Fixes: 6f413b559f86 ("usb: typec: tcpci_maxim: Chip level TCPC driver") Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Kyle Tso <kyletso(a)google.com> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/stable/20250502-b4-new-fix-pd-rx-count-v1-1-e5711ed… Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250502-b4-new-fix-pd-rx-count-v1-1-e5711ed09b3d… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpci_maxim_core.c b/drivers/usb/typec/tcpm/tcpci_maxim_core.c index 29a4aa89d1a1..b5a5ed40faea 100644 --- a/drivers/usb/typec/tcpm/tcpci_maxim_core.c +++ b/drivers/usb/typec/tcpm/tcpci_maxim_core.c @@ -166,7 +166,8 @@ static void process_rx(struct max_tcpci_chip *chip, u16 status) return; } - if (count > sizeof(struct pd_message) || count + 1 > TCPC_RECEIVE_BUFFER_LEN) { + if (count > sizeof(struct pd_message) + 1 || + count + 1 > TCPC_RECEIVE_BUFFER_LEN) { dev_err(chip->dev, "Invalid TCPC_RX_BYTE_CNT %d\n", count); return; }

13 hours, 56 minutes

1
0
0 0

[PATCH v8 0/4] media: pisp-be: Split jobs creation and scheduling

by Jacopo Mondi

Currently the 'pispbe_schedule()' function does two things: 1) Tries to assemble a job by inspecting all the video node queues to make sure all the required buffers are available 2) Submit the job to the hardware The pispbe_schedule() function is called at: - video device start_streaming() time - video device qbuf() time - irq handler As assembling a job requires inspecting all queues, it is a rather time consuming operation which is better not run in IRQ context. To avoid executing the time consuming job creation in interrupt context, split the job creation and job scheduling in two distinct operations. When a well-formed job is created, append it to the newly introduced 'pispbe->job_queue' where it will be dequeued from by the scheduling routine. At start_streaming() and qbuf() time immediately try to schedule a job if one has been created as the irq handler routine is only called when a job has completed, and we can't solely rely on it for scheduling new jobs. Signed-off-by: Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> --- Changes in v8: - Use automatic release of *job in pispbe_prepare_job() - Use temporary list to release jobs without holding the main driver lock - Collect tags - Rebased on rpi-6.6.y: https://github.com/raspberrypi/linux/pull/6905 - Link to v7: https://lore.kernel.org/r/20250606-pispbe-mainline-split-jobs-handling-v6-v… Changes in v7: - Rebased on media-committers/next - Fix lockdep warning by using the proper spinlock_irq() primitive in pispbe_prepare_job() which can race with the IRQ handler - Link to v6: https://lore.kernel.org/r/20240930-pispbe-mainline-split-jobs-handling-v6-v… v5->v6: - Make the driver depend on PM - Simplify the probe() routine by using pm_runtime_ - Remove suspend call from remove() v4->v5: - Use appropriate locking constructs: - spin_lock_irq() for pispbe_prepare_job() called from non irq context - spin_lock_irqsave() for pispbe_schedule() called from irq context - Remove hw_lock from ready_queue accesses in stop_streaming and start_streaming - Fix trivial indentation mistake in 4/4 v3->v4: - Expand commit message in 2/4 to explain why removing validation in schedule() is safe - Drop ready_lock spinlock - Use non _irqsave version of safe_guard(spinlock - Support !CONFIG_PM in 4/4 by calling the enable/disable routines directly and adjust pm_runtime usage as suggested by Laurent v2->v3: - Mark pispbe_runtime_resume() as __maybe_unused - Add fixes tags where appropriate v1->v2: - Add two patches to address Laurent's comments separately - use scoped_guard() when possible - Add patch to fix runtime_pm imbalance --- Jacopo Mondi (4): media: pisp_be: Drop reference to non-existing function media: pisp_be: Remove config validation from schedule() media: pisp_be: Split jobs creation and scheduling media: pisp_be: Fix pm_runtime underrun in probe drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 196 ++++++++++----------- 2 files changed, 98 insertions(+), 99 deletions(-) --- base-commit: ce5cac69b2edac3e3246fee03e8f4c2a1075238b change-id: 20240930-pispbe-mainline-split-jobs-handling-v6-15dc16e11e3a Best regards, -- Jacopo Mondi <jacopo.mondi(a)ideasonboard.com>

13 hours, 57 minutes

2
2
0 0

FAILED: patch "[PATCH] usb: cdnsp: Fix issue with detecting command completion event" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f4ecdc352646f7d23f348e5c544dbe3212c94fc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061707-putt-mutable-5fb5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4ecdc352646f7d23f348e5c544dbe3212c94fc8 Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Tue, 13 May 2025 05:30:09 +0000 Subject: [PATCH] usb: cdnsp: Fix issue with detecting command completion event In some cases, there is a small-time gap in which CMD_RING_BUSY can be cleared by controller but adding command completion event to event ring will be delayed. As the result driver will return error code. This behavior has been detected on usbtest driver (test 9) with configuration including ep1in/ep1out bulk and ep2in/ep2out isoc endpoint. Probably this gap occurred because controller was busy with adding some other events to event ring. The CMD_RING_BUSY is cleared to '0' when the Command Descriptor has been executed and not when command completion event has been added to event ring. To fix this issue for this test the small delay is sufficient less than 10us) but to make sure the problem doesn't happen again in the future the patch introduces 10 retries to check with delay about 20us before returning error code. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB9538AA45362ACCF1B94EE9B7DD96A@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index cd1e00daf43f..55f95f41b3b4 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -548,6 +548,7 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) dma_addr_t cmd_deq_dma; union cdnsp_trb *event; u32 cycle_state; + u32 retry = 10; int ret, val; u64 cmd_dma; u32 flags; @@ -579,8 +580,23 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) flags = le32_to_cpu(event->event_cmd.flags); /* Check the owner of the TRB. */ - if ((flags & TRB_CYCLE) != cycle_state) + if ((flags & TRB_CYCLE) != cycle_state) { + /* + * Give some extra time to get chance controller + * to finish command before returning error code. + * Checking CMD_RING_BUSY is not sufficient because + * this bit is cleared to '0' when the Command + * Descriptor has been executed by controller + * and not when command completion event has + * be added to event ring. + */ + if (retry--) { + udelay(20); + continue; + } + return -EINVAL; + } cmd_dma = le64_to_cpu(event->event_cmd.cmd_trb);

13 hours, 58 minutes

1
0
0 0

FAILED: patch "[PATCH] VMCI: fix race between vmci_host_setup_notify and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061733-scarring-crevice-7648@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 Mon Sep 17 00:00:00 2001 From: Wupeng Ma <mawupeng1(a)huawei.com> Date: Sat, 10 May 2025 11:30:40 +0800 Subject: [PATCH] VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130 Modules linked in: CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef) RIP: 0010:try_grab_folio+0x106/0x130 Call Trace: <TASK> follow_huge_pmd+0x240/0x8e0 follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0 follow_pud_mask.constprop.0.isra.0+0x14a/0x170 follow_page_mask+0x1c2/0x1f0 __get_user_pages+0x176/0x950 __gup_longterm_locked+0x15b/0x1060 ? gup_fast+0x120/0x1f0 gup_fast_fallback+0x17e/0x230 get_user_pages_fast+0x5f/0x80 vmci_host_unlocked_ioctl+0x21c/0xf80 RIP: 0033:0x54d2cd ---[ end trace 0000000000000000 ]--- Digging into the source, context->notify_page may init by get_user_pages_fast and can be seen in vmci_ctx_unset_notify which will try to put_page. However get_user_pages_fast is not finished here and lead to following try_grab_folio warning. The race condition is shown as follow: cpu0 cpu1 vmci_host_do_set_notify vmci_host_setup_notify get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); lockless_pages_from_mm gup_pgd_range gup_huge_pmd // update &context->notify_page vmci_host_do_set_notify vmci_ctx_unset_notify notify_page = context->notify_page; if (notify_page) put_page(notify_page); // page is freed __gup_longterm_locked __get_user_pages follow_trans_huge_pmd try_grab_folio // warn here To slove this, use local variable page to make notify_page can be seen after finish get_user_pages_fast. Fixes: a1d88436d53a ("VMCI: Fix two UVA mapping bugs") Cc: stable <stable(a)kernel.org> Closes: https://lore.kernel.org/all/e91da589-ad57-3969-d979-879bbd10dddd@huawei.com/ Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com> Link: https://lore.kernel.org/r/20250510033040.901582-1-mawupeng1@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c index abe79f6fd2a7..b64944367ac5 100644 --- a/drivers/misc/vmw_vmci/vmci_host.c +++ b/drivers/misc/vmw_vmci/vmci_host.c @@ -227,6 +227,7 @@ static int drv_cp_harray_to_user(void __user *user_buf_uva, static int vmci_host_setup_notify(struct vmci_ctx *context, unsigned long uva) { + struct page *page; int retval; if (context->notify_page) { @@ -243,13 +244,11 @@ static int vmci_host_setup_notify(struct vmci_ctx *context, /* * Lock physical page backing a given user VA. */ - retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); - if (retval != 1) { - context->notify_page = NULL; + retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &page); + if (retval != 1) return VMCI_ERROR_GENERIC; - } - if (context->notify_page == NULL) - return VMCI_ERROR_UNAVAILABLE; + + context->notify_page = page; /* * Map the locked page and set up notify pointer.

13 hours, 59 minutes

1
0
0 0

FAILED: patch "[PATCH] VMCI: fix race between vmci_host_setup_notify and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061722-shaded-throwback-5dda@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 Mon Sep 17 00:00:00 2001 From: Wupeng Ma <mawupeng1(a)huawei.com> Date: Sat, 10 May 2025 11:30:40 +0800 Subject: [PATCH] VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130 Modules linked in: CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef) RIP: 0010:try_grab_folio+0x106/0x130 Call Trace: <TASK> follow_huge_pmd+0x240/0x8e0 follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0 follow_pud_mask.constprop.0.isra.0+0x14a/0x170 follow_page_mask+0x1c2/0x1f0 __get_user_pages+0x176/0x950 __gup_longterm_locked+0x15b/0x1060 ? gup_fast+0x120/0x1f0 gup_fast_fallback+0x17e/0x230 get_user_pages_fast+0x5f/0x80 vmci_host_unlocked_ioctl+0x21c/0xf80 RIP: 0033:0x54d2cd ---[ end trace 0000000000000000 ]--- Digging into the source, context->notify_page may init by get_user_pages_fast and can be seen in vmci_ctx_unset_notify which will try to put_page. However get_user_pages_fast is not finished here and lead to following try_grab_folio warning. The race condition is shown as follow: cpu0 cpu1 vmci_host_do_set_notify vmci_host_setup_notify get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); lockless_pages_from_mm gup_pgd_range gup_huge_pmd // update &context->notify_page vmci_host_do_set_notify vmci_ctx_unset_notify notify_page = context->notify_page; if (notify_page) put_page(notify_page); // page is freed __gup_longterm_locked __get_user_pages follow_trans_huge_pmd try_grab_folio // warn here To slove this, use local variable page to make notify_page can be seen after finish get_user_pages_fast. Fixes: a1d88436d53a ("VMCI: Fix two UVA mapping bugs") Cc: stable <stable(a)kernel.org> Closes: https://lore.kernel.org/all/e91da589-ad57-3969-d979-879bbd10dddd@huawei.com/ Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com> Link: https://lore.kernel.org/r/20250510033040.901582-1-mawupeng1@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c index abe79f6fd2a7..b64944367ac5 100644 --- a/drivers/misc/vmw_vmci/vmci_host.c +++ b/drivers/misc/vmw_vmci/vmci_host.c @@ -227,6 +227,7 @@ static int drv_cp_harray_to_user(void __user *user_buf_uva, static int vmci_host_setup_notify(struct vmci_ctx *context, unsigned long uva) { + struct page *page; int retval; if (context->notify_page) { @@ -243,13 +244,11 @@ static int vmci_host_setup_notify(struct vmci_ctx *context, /* * Lock physical page backing a given user VA. */ - retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); - if (retval != 1) { - context->notify_page = NULL; + retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &page); + if (retval != 1) return VMCI_ERROR_GENERIC; - } - if (context->notify_page == NULL) - return VMCI_ERROR_UNAVAILABLE; + + context->notify_page = page; /* * Map the locked page and set up notify pointer.

13 hours, 59 minutes

1
0
0 0

FAILED: patch "[PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x acb3dac2805d3342ded7dbbd164add32bbfdf21c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061708-chaperone-fantasy-02f0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acb3dac2805d3342ded7dbbd164add32bbfdf21c Mon Sep 17 00:00:00 2001 From: Dave Penkler <dpenkler(a)gmail.com> Date: Wed, 21 May 2025 14:16:55 +0200 Subject: [PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl The usbtmc488_ioctl_read_stb function relied on a positive return from usbtmc_get_stb to reset the srq condition in the driver. The USBTMC_IOCTL_GET_STB case tested for a positive return to return the stb to the user. Commit: <cac01bd178d6> ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") changed the return value of usbtmc_get_stb to 0 on success instead of returning the value of usb_control_msg which is positive in the normal case. This change caused the function usbtmc488_ioctl_read_stb and the USBTMC_IOCTL_GET_STB ioctl to no longer function correctly. Change the test in usbtmc488_ioctl_read_stb to test for failure first and return the failure code immediately. Change the test for the USBTMC_IOCTL_GET_STB ioctl to test for 0 instead of a positive value. Fixes: cac01bd178d6 ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") Cc: stable(a)vger.kernel.org Signed-off-by: Dave Penkler <dpenkler(a)gmail.com> Link: https://lore.kernel.org/r/20250521121656.18174-3-dpenkler@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c index 740d2d2b19fb..08511442a27f 100644 --- a/drivers/usb/class/usbtmc.c +++ b/drivers/usb/class/usbtmc.c @@ -563,14 +563,15 @@ static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, rv = usbtmc_get_stb(file_data, &stb); - if (rv > 0) { - srq_asserted = atomic_xchg(&file_data->srq_asserted, - srq_asserted); - if (srq_asserted) - stb |= 0x40; /* Set RQS bit */ + if (rv < 0) + return rv; + + srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); + if (srq_asserted) + stb |= 0x40; /* Set RQS bit */ + + rv = put_user(stb, (__u8 __user *)arg); - rv = put_user(stb, (__u8 __user *)arg); - } return rv; } @@ -2199,7 +2200,7 @@ static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) case USBTMC_IOCTL_GET_STB: retval = usbtmc_get_stb(file_data, &tmp_byte); - if (retval > 0) + if (!retval) retval = put_user(tmp_byte, (__u8 __user *)arg); break;

13 hours, 59 minutes

1
0
0 0

FAILED: patch "[PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x acb3dac2805d3342ded7dbbd164add32bbfdf21c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061707-conceded-outwit-2f2f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acb3dac2805d3342ded7dbbd164add32bbfdf21c Mon Sep 17 00:00:00 2001 From: Dave Penkler <dpenkler(a)gmail.com> Date: Wed, 21 May 2025 14:16:55 +0200 Subject: [PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl The usbtmc488_ioctl_read_stb function relied on a positive return from usbtmc_get_stb to reset the srq condition in the driver. The USBTMC_IOCTL_GET_STB case tested for a positive return to return the stb to the user. Commit: <cac01bd178d6> ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") changed the return value of usbtmc_get_stb to 0 on success instead of returning the value of usb_control_msg which is positive in the normal case. This change caused the function usbtmc488_ioctl_read_stb and the USBTMC_IOCTL_GET_STB ioctl to no longer function correctly. Change the test in usbtmc488_ioctl_read_stb to test for failure first and return the failure code immediately. Change the test for the USBTMC_IOCTL_GET_STB ioctl to test for 0 instead of a positive value. Fixes: cac01bd178d6 ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") Cc: stable(a)vger.kernel.org Signed-off-by: Dave Penkler <dpenkler(a)gmail.com> Link: https://lore.kernel.org/r/20250521121656.18174-3-dpenkler@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c index 740d2d2b19fb..08511442a27f 100644 --- a/drivers/usb/class/usbtmc.c +++ b/drivers/usb/class/usbtmc.c @@ -563,14 +563,15 @@ static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, rv = usbtmc_get_stb(file_data, &stb); - if (rv > 0) { - srq_asserted = atomic_xchg(&file_data->srq_asserted, - srq_asserted); - if (srq_asserted) - stb |= 0x40; /* Set RQS bit */ + if (rv < 0) + return rv; + + srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); + if (srq_asserted) + stb |= 0x40; /* Set RQS bit */ + + rv = put_user(stb, (__u8 __user *)arg); - rv = put_user(stb, (__u8 __user *)arg); - } return rv; } @@ -2199,7 +2200,7 @@ static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) case USBTMC_IOCTL_GET_STB: retval = usbtmc_get_stb(file_data, &tmp_byte); - if (retval > 0) + if (!retval) retval = put_user(tmp_byte, (__u8 __user *)arg); break;

13 hours, 59 minutes

1
0
0 0

Backports of d0afcfeb9e3810ec89d1ffde1a0e36621bb75dca for 6.6 and older

by Nathan Chancellor

Hi Greg and Sasha, Please find attached backports of commit d0afcfeb9e38 ("kbuild: Disable -Wdefault-const-init-unsafe") for 6.6 and older, which is needed for tip of tree versions of LLVM. Please let me know if there are any questions. Cheers, Nathan

14 hours, 13 minutes

2
3
0 0

[PATCH stable 6.1-6.12 1/2] net: Fix checksum update for ILA adj-transport

by Paul Chaignon

[ Upstream commit 6043b794c7668c19dabc4a93c75b924a19474d59 ] During ILA address translations, the L4 checksums can be handled in different ways. One of them, adj-transport, consist in parsing the transport layer and updating any found checksum. This logic relies on inet_proto_csum_replace_by_diff and produces an incorrect skb->csum when in state CHECKSUM_COMPLETE. This bug can be reproduced with a simple ILA to SIR mapping, assuming packets are received with CHECKSUM_COMPLETE: $ ip a show dev eth0 14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 62:ae:35:9e:0f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 3333:0:0:1::c078/64 scope global valid_lft forever preferred_lft forever inet6 fd00:10:244:1::c078/128 scope global nodad valid_lft forever preferred_lft forever inet6 fe80::60ae:35ff:fe9e:f8d/64 scope link proto kernel_ll valid_lft forever preferred_lft forever $ ip ila add loc_match fd00:10:244:1 loc 3333:0:0:1 \ csum-mode adj-transport ident-type luid dev eth0 Then I hit [fd00:10:244:1::c078]:8000 with a server listening only on [3333:0:0:1::c078]:8000. With the bug, the SYN packet is dropped with SKB_DROP_REASON_TCP_CSUM after inet_proto_csum_replace_by_diff changed skb->csum. The translation and drop are visible on pwru [1] traces: IFACE TUPLE FUNC eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ipv6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ip6_rcv_core eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) nf_hook_slow eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) inet_proto_csum_replace_by_diff eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_early_demux eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_route_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input_finish eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_protocol_deliver_rcu eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) raw6_local_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ipv6_raw_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) __skb_checksum_complete eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skb_reason(SKB_DROP_REASON_TCP_CSUM) eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_head_state eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_data eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_free_head eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skbmem This is happening because inet_proto_csum_replace_by_diff is updating skb->csum when it shouldn't. The L4 checksum is updated such that it "cancels" the IPv6 address change in terms of checksum computation, so the impact on skb->csum is null. Note this would be different for an IPv4 packet since three fields would be updated: the IPv4 address, the IP checksum, and the L4 checksum. Two would cancel each other and skb->csum would still need to be updated to take the L4 checksum change into account. This patch fixes it by passing an ipv6 flag to inet_proto_csum_replace_by_diff, to skip the skb->csum update if we're in the IPv6 case. Note the behavior of the only other user of inet_proto_csum_replace_by_diff, the BPF subsystem, is left as is in this patch and fixed in the subsequent patch. With the fix, using the reproduction from above, I can confirm skb->csum is not touched by inet_proto_csum_replace_by_diff and the TCP SYN proceeds to the application after the ILA translation. Link: https://github.com/cilium/pwru [1] Fixes: 65d7ab8de582 ("net: Identifier Locator Addressing module") Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://patch.msgid.link/b5539869e3550d46068504feb02d37653d939c0b.174850948… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> --- include/net/checksum.h | 2 +- net/core/filter.c | 2 +- net/core/utils.c | 4 ++-- net/ipv6/ila/ila_common.c | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/checksum.h b/include/net/checksum.h index 1338cb92c8e7..28b101f26636 100644 --- a/include/net/checksum.h +++ b/include/net/checksum.h @@ -158,7 +158,7 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, const __be32 *from, const __be32 *to, bool pseudohdr); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr); + __wsum diff, bool pseudohdr, bool ipv6); static __always_inline void inet_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb, diff --git a/net/core/filter.c b/net/core/filter.c index 99b23fd2f509..e0d978c1a4cd 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1999,7 +1999,7 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset, if (unlikely(from != 0)) return -EINVAL; - inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo); + inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo, false); break; case 2: inet_proto_csum_replace2(ptr, skb, from, to, is_pseudo); diff --git a/net/core/utils.c b/net/core/utils.c index 27f4cffaae05..b8c21a859e27 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -473,11 +473,11 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, EXPORT_SYMBOL(inet_proto_csum_replace16); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr) + __wsum diff, bool pseudohdr, bool ipv6) { if (skb->ip_summed != CHECKSUM_PARTIAL) { csum_replace_by_diff(sum, diff); - if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) + if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr && !ipv6) skb->csum = ~csum_sub(diff, skb->csum); } else if (pseudohdr) { *sum = ~csum_fold(csum_add(diff, csum_unfold(*sum))); diff --git a/net/ipv6/ila/ila_common.c b/net/ipv6/ila/ila_common.c index 95e9146918cc..b8d43ed4689d 100644 --- a/net/ipv6/ila/ila_common.c +++ b/net/ipv6/ila/ila_common.c @@ -86,7 +86,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&th->check, skb, - diff, true); + diff, true, true); } break; case NEXTHDR_UDP: @@ -97,7 +97,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) { diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&uh->check, skb, - diff, true); + diff, true, true); if (!uh->check) uh->check = CSUM_MANGLED_0; } @@ -111,7 +111,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&ih->icmp6_cksum, skb, - diff, true); + diff, true, true); } break; } -- 2.43.0

14 hours, 14 minutes

1
1
0 0

5.10 kernel series fails to build on newer toolchain: FAILED unresolved symbol filp_close

by Philip Müller

For some odd reason 5.10 kernel series doesn't compile with a newer toolchain since 2025-02-09: 2025-02-09T17:32:07.7991299Z GEN .version 2025-02-09T17:32:07.8270062Z CHK include/generated/compile.h 2025-02-09T17:32:07.8540777Z LD vmlinux.o 2025-02-09T17:32:11.7210899Z MODPOST vmlinux.symvers 2025-02-09T17:32:12.0869599Z MODINFO modules.builtin.modinfo 2025-02-09T17:32:12.1403022Z GEN modules.builtin 2025-02-09T17:32:12.1475659Z LD .tmp_vmlinux.btf 2025-02-09T17:32:19.6117204Z BTF .btf.vmlinux.bin.o 2025-02-09T17:32:31.2916650Z LD .tmp_vmlinux.kallsyms1 2025-02-09T17:32:34.8731104Z KSYMS .tmp_vmlinux.kallsyms1.S 2025-02-09T17:32:35.4910608Z AS .tmp_vmlinux.kallsyms1.o 2025-02-09T17:32:35.9662538Z LD .tmp_vmlinux.kallsyms2 2025-02-09T17:32:39.2595984Z KSYMS .tmp_vmlinux.kallsyms2.S 2025-02-09T17:32:39.8802028Z AS .tmp_vmlinux.kallsyms2.o 2025-02-09T17:32:40.3659440Z LD vmlinux 2025-02-09T17:32:48.0031558Z BTFIDS vmlinux 2025-02-09T17:32:48.0143553Z FAILED unresolved symbol filp_close 2025-02-09T17:32:48.5019928Z make: *** [Makefile:1207: vmlinux] Error 255 2025-02-09T17:32:48.5061241Z ==> ERROR: A failure occurred in build(). 5.10.234 built fine couple of days ago with the older one. There were slight changes made. 5.4 and 5.15 still compile. Wonder what might be missing here ... -- Best, Philip

14 hours, 17 minutes

4
10
0 0

Re: Patch "net: sch_ets: Add a new Qdisc" has been added to the 5.4-stable tree

by Petr Machata

Sasha Levin <sashal(a)kernel.org> writes: > This is a note to let you know that I've just added the patch titled > > net: sch_ets: Add a new Qdisc > > to the 5.4-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-sch_ets-add-a-new-qdisc.patch > and it can be found in the queue-5.4 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Not sure what the motivation is to include a pure added feature to a stable tree. But if you truly want the patch, then there were a couple follow up fixes over the years. At least the following look like patches to code that would be problematic in 5.4.y as well: cd9b50adc6bb ("net/sched: ets: fix crash when flipping from 'strict' to 'quantum'") 454d3e1ae057 ("net/sched: sch_ets: properly init all active DRR list handles") de6d25924c2a ("net/sched: sch_ets: don't peek at classes beyond 'nbands'") c062f2a0b04d ("net/sched: sch_ets: don't remove idle classes from the round-robin list") d62b04fca434 ("net: sched: fix ets qdisc OOB Indexing") 1a6d0c00fa07 ("net_sched: ets: Fix double list add in class with netem as child qdisc")

14 hours, 27 minutes

3
2
0 0

[REGRESSION][BISECTED] intel iGPU with HDMI PLL stopped working at 1080p@120Hz 1efd5384

by Vas Novikov

Hi dear LKML and community, this is my first post here, so I'd appreciate any guidance or redirection if it's due. Starting from commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…, HDMI handling for certain refresh rates on my intel iGPU is broken. The error is still present in 6.16rc1. Specifically, this is the command that disambiguates the newer broken kernels: xrandr --output HDMI-1 --auto --scale 1x1 --mode 1920x1080 --rate 120 --pos 0x0 --output eDP-1 --off The important parts are 1920x1080 and 120Hz. When run on commits prior to the bisected above, it behaves as expected, delivering 1920x1080 @ 120Hz. When run on kernel builds with the above commit included (that commit or later), the monitor goes completely blank. After about 30 seconds, it shuts down entirely (which I assume means that from the monitor's perspective, HDMI got "disconnected"). On this link you can see my original report in the ArchLinux community, where Christian Heusel (@gromit) kindly guided me through the bisection process and built the bisection images for me to try: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/14… This link also contains the bisection history. Additional info: * The monitor and the notebook are connected via an HDMI cable, the monitor itself is a 4k@120Hz monitor. * According to `lsmod | grep -E "(i915|Xe)"`, I'm using the i915 kernel driver for the GPU. * The GPU is an iGPU from intel, specifically `Intel Core Ultra 7 155H`. * One symptom that disambiguates the working and non-working kernels, besides whether they actually have the bug, is that the broken kernels cause xrandr to additionally report the 144.05 refresh rate as possible for the monitor, whereas the non-broken kernels consistently cause xrandr to only list refresh rate 120 and below as possible. I'm only ever testing the refresh rate of 120, but the presence of the 144.05 rate is correlated. If any other information or anything is needed, please write. Thank you, Vas ---- #regzbot introduced: 1efd5384277eb71fce20922579061cd3acdb07cf #regzbot title: intel iGPU with HDMI PLL stopped working at 1080p@120Hz 1efd5384 #regzbot link: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/145

14 hours, 31 minutes

2
3
0 0

Re: Patch "powerpc: do not build ppc_save_regs.o always" has been added to the 6.15-stable tree

by Jiri Slaby

On 10. 06. 25, 13:56, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > powerpc: do not build ppc_save_regs.o always > > to the 6.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… Please drop this from all trees. It was correctly broken. The whole if was removed later by 93bd4a80efeb521314485a06d8c21157240497bb. > The filename of the patch is: > powerpc-do-not-build-ppc_save_regs.o-always.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 242c2ba3f16d92cd81c309725550f6c723833ae3 > Author: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> > Date: Thu Apr 17 12:53:05 2025 +0200 > > powerpc: do not build ppc_save_regs.o always > > [ Upstream commit 497b7794aef03d525a5be05ae78dd7137c6861a5 ] > > The Fixes commit below tried to add CONFIG_PPC_BOOK3S to one of the > conditions to enable the build of ppc_save_regs.o. But it failed to do > so, in fact. The commit omitted to add a dollar sign. > > Therefore, ppc_save_regs.o is built always these days (as > "(CONFIG_PPC_BOOK3S)" is never an empty string). > > Fix this by adding the missing dollar sign. > > Signed-off-by: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> > Fixes: fc2a5a6161a2 ("powerpc/64s: ppc_save_regs is now needed for all 64s builds") > Acked-by: Stephen Rothwell <sfr(a)canb.auug.org.au> > Signed-off-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> > Link: https://patch.msgid.link/20250417105305.397128-1-jirislaby@kernel.org > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile > index 6ac621155ec3c..0c26b2412d173 100644 > --- a/arch/powerpc/kernel/Makefile > +++ b/arch/powerpc/kernel/Makefile > @@ -160,7 +160,7 @@ endif > > obj64-$(CONFIG_PPC_TRANSACTIONAL_MEM) += tm.o > > -ifneq ($(CONFIG_XMON)$(CONFIG_KEXEC_CORE)(CONFIG_PPC_BOOK3S),) > +ifneq ($(CONFIG_XMON)$(CONFIG_KEXEC_CORE)$(CONFIG_PPC_BOOK3S),) > obj-y += ppc_save_regs.o > endif > -- js suse labs

14 hours, 36 minutes

3
3
0 0

RE: Patch "Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests" has been added to the 6.15-stable tree

by Michael Kelley

From: Sasha Levin <sashal(a)kernel.org> > > This is a note to let you know that I've just added the patch titled > > Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests > > to the 6.15-stable tree which can be found at: > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git > > The filename of the patch is: > drivers-hv-always-select-config_sysfb-for-hyper-v-gu.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please DO NOT backport this patch to ANY stable trees, at least not at the moment. It is causing a config problem that we're trying to work out. Once the resolution is decided upon, we can figure out what to backport. Thanks, Michael Kelley > > > > commit 9766859ee9884c35dde0411df167a06452fee3ce > Author: Michael Kelley <mhklinux(a)outlook.com> > Date: Mon May 19 21:01:43 2025 -0700 > > Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests > > [ Upstream commit 96959283a58d91ae20d025546f00e16f0a555208 ] > > The Hyper-V host provides guest VMs with a range of MMIO addresses > that guest VMBus drivers can use. The VMBus driver in Linux manages > that MMIO space, and allocates portions to drivers upon request. As > part of managing that MMIO space in a Generation 2 VM, the VMBus > driver must reserve the portion of the MMIO space that Hyper-V has > designated for the synthetic frame buffer, and not allocate this > space to VMBus drivers other than graphics framebuffer drivers. The > synthetic frame buffer MMIO area is described by the screen_info data > structure that is passed to the Linux kernel at boot time, so the > VMBus driver must access screen_info for Generation 2 VMs. (In > Generation 1 VMs, the framebuffer MMIO space is communicated to > the guest via a PCI pseudo-device, and access to screen_info is > not needed.) > > In commit a07b50d80ab6 ("hyperv: avoid dependency on screen_info") > the VMBus driver's access to screen_info is restricted to when > CONFIG_SYSFB is enabled. CONFIG_SYSFB is typically enabled in kernels > built for Hyper-V by virtue of having at least one of CONFIG_FB_EFI, > CONFIG_FB_VESA, or CONFIG_SYSFB_SIMPLEFB enabled, so the restriction > doesn't usually affect anything. But it's valid to have none of these > enabled, in which case CONFIG_SYSFB is not enabled, and the VMBus driver > is unable to properly reserve the framebuffer MMIO space for graphics > framebuffer drivers. The framebuffer MMIO space may be assigned to > some other VMBus driver, with undefined results. As an example, if > a VM is using a PCI pass-thru NVMe controller to host the OS disk, > the PCI NVMe controller is probed before any graphics devices, and the > NVMe controller is assigned a portion of the framebuffer MMIO space. > Hyper-V reports an error to Linux during the probe, and the OS disk > fails to get setup. Then Linux fails to boot in the VM. > > Fix this by having CONFIG_HYPERV always select SYSFB. Then the > VMBus driver in a Gen 2 VM can always reserve the MMIO space for the > graphics framebuffer driver, and prevent the undefined behavior. But > don't select SYSFB when building for HYPERV_VTL_MODE as VTLs other > than VTL 0 don't have a framebuffer and aren't subject to the issue. > Adding SYSFB in such cases is harmless, but would increase the image > size for no purpose. > > Fixes: a07b50d80ab6 ("hyperv: avoid dependency on screen_info") > Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> > Reviewed-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> > Link: > https://lore.kernel.org/st > able%2F20250520040143.6964-1- > mhklinux%2540outlook.com&data=05%7C02%7C%7C516ef64661c145eb315d08dda81861 > 51%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638851544842065319%7CUn > known%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXa > W4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=FZnrM9REMICWp > JqW88gD7CxeTwcztS2y8%2B8GqHNtF3E%3D&reserved=0 > Link: > https://lore.kernel.org/r%25 > 2F20250520040143.6964-1- > mhklinux%40outlook.com&data=05%7C02%7C%7C516ef64661c145eb315d08dda8186151 > %7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638851544842081386%7CUnkn > own%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4 > zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=j%2F5AvOlxwTKfVUL > vmNr%2FZliwRVrd9rSlVECyFGqFErE%3D&reserved=0 > Signed-off-by: Wei Liu <wei.liu(a)kernel.org> > Message-ID: <20250520040143.6964-1-mhklinux(a)outlook.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig > index 6c1416167bd2e..724fc08a73e70 100644 > --- a/drivers/hv/Kconfig > +++ b/drivers/hv/Kconfig > @@ -9,6 +9,7 @@ config HYPERV > select PARAVIRT > select X86_HV_CALLBACK_VECTOR if X86 > select OF_EARLY_FLATTREE if OF > + select SYSFB if !HYPERV_VTL_MODE > help > Select this option to run Linux as a Hyper-V client operating > system.

14 hours, 37 minutes

2
1
0 0

[PATCH 0/7] KVM: arm64: trap fixes and cleanup

by Mark Rutland

This series fixes some issues with the way KVM manages traps in VHE mode, with some cleanups/simplifications atop. Patch 1 fixes a theoretical issue with debug register manipulation, which has been around forever. This was found by inspection while working on other fixes. Patch 2 fixes an issue with NV where a host may take unexpected traps as a result of a guest hypervisor's configuration of CPTR_EL2. Patch 5 fixes an issue with NV where a guest hypervisor's configuration of CPTR_EL2 may not be taken into account when running a guest guest, incorrectly permitting usage of SVE when this should be trapped to the guest hypervisor. The other patches in the series are prepartory work and cleanup. Originally I intended to simplify/cleanup to kvm_hyp_handle_fpsimd() and kvm_hyp_save_fpsimd_host(), as discussed with Will on an earlier series: https://lore.kernel.org/linux-arm-kernel/20250210161242.GC7568@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6owjEPNaJ55e9LM@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/20250210180637.GA7926@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6pbeIsIMWexiDta@J2N7QTR9R3/ In the process of implementing that, I realised that the CPTR trap management wasn't quite right for NV, and found the potential issue with debug register configuration. I've given the series some light testing on a fast model so far; any further testing and/or review would be much appreciated. The series is based on the 'kvmarm-fixes-6.16-2' tag from the kvmarm tree. Mark. Mark Rutland (7): KVM: arm64: VHE: Synchronize restore of host debug registers KVM: arm64: VHE: Synchronize CPTR trap deactivation KVM: arm64: Reorganise CPTR trap manipulation KVM: arm64: Remove ad-hoc CPTR manipulation from fpsimd_sve_sync() KVM: arm64: Remove ad-hoc CPTR manipulation from kvm_hyp_handle_fpsimd() KVM: arm64: Remove cpacr_clear_set() KVM: arm64: VHE: Centralize ISBs when returning to host arch/arm64/include/asm/kvm_emulate.h | 62 ---------- arch/arm64/include/asm/kvm_host.h | 6 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 147 ++++++++++++++++++++++-- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 +- arch/arm64/kvm/hyp/nvhe/switch.c | 59 ---------- arch/arm64/kvm/hyp/vhe/switch.c | 107 +++-------------- 6 files changed, 158 insertions(+), 228 deletions(-) -- 2.30.2

14 hours, 45 minutes

1
7
0 0

6.6-stable inclusion request

by Jens Axboe

Hi, Can you add these three patches to 6.6-stable? It fixes a behavioral change with 6.6-stable that Rom reported, affecting OpenBMC. Other stable versions not affected, as they got the required fixes on top backported already. Thanks, -- Jens Axboe

15 hours, 3 minutes

2
1
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-tiger-fritter-acf8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

15 hours, 5 minutes

1
0
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-jersey-sneak-9ecf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

15 hours, 5 minutes

1
0
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061738-circus-skipping-ed0c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

15 hours, 5 minutes

1
0
0 0

[PATCH] riscv: export boot_cpu_hartid

by Klara Modin

The mailbox controller driver for the Microchip Inter-processor Communication can be built as a module. It uses cpuid_to_hartid_map and commit 4783ce32b080 ("riscv: export __cpuid_to_hartid_map") enables that to work for SMP. However, cpuid_to_hartid_map uses boot_cpu_hartid on non-SMP kernels and this driver can be useful in such configurations[1]. Export boot_cpu_hartid so the driver can be built as a module on non-SMP kernels as well. Link: https://lore.kernel.org/lkml/20250617-confess-reimburse-876101e099cb@spud/ [1] Cc: stable(a)vger.kernel.org Fixes: e4b1d67e7141 ("mailbox: add Microchip IPC support") Signed-off-by: Klara Modin <klarasmodin(a)gmail.com> --- arch/riscv/kernel/setup.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index f7c9a1caa83e..14888e5ea19a 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -50,6 +50,7 @@ atomic_t hart_lottery __section(".sdata") #endif ; unsigned long boot_cpu_hartid; +EXPORT_SYMBOL_GPL(boot_cpu_hartid); /* * Place kernel memory regions on the resource tree so that -- 2.49.0

15 hours, 24 minutes

1
0
0 0

[PATCH AUTOSEL 5.4 1/5] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 17a25e453f60c..047fe6cca7f1a 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -44,7 +44,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

15 hours, 59 minutes

1
4
0 0

[PATCH AUTOSEL 5.10 1/6] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 0a83afa5f373c..6625643f333e8 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -44,7 +44,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

15 hours, 59 minutes

1
5
0 0

[PATCH AUTOSEL 5.15 1/8] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 8e35009ec25cb..a22f723ab3ab6 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -45,7 +45,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

15 hours, 59 minutes

1
7
0 0

[PATCH AUTOSEL 6.1 1/8] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 890c2f7c33fc2..4c7355a0814d1 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -45,7 +45,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

15 hours, 59 minutes

1
7
0 0

[PATCH AUTOSEL 6.6 1/9] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index b7ca2a83fbb08..95786bdadfe6a 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -44,7 +44,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

16 hours

1
8
0 0

[PATCH AUTOSEL 6.12 01/12] riscv: add a data fence for CMODX in the kernel mode

by Sasha Levin

From: Andy Chiu <andybnac(a)gmail.com> [ Upstream commit ca358692de41b273468e625f96926fa53e13bd8c ] RISC-V spec explicitly calls out that a local fence.i is not enough for the code modification to be visble from a remote hart. In fact, it states: To make a store to instruction memory visible to all RISC-V harts, the writing hart also has to execute a data FENCE before requesting that all remote RISC-V harts execute a FENCE.I. Although current riscv drivers for IPI use ordered MMIO when sending IPIs in order to synchronize the action between previous csd writes, riscv does not restrict itself to any particular flavor of IPI. Any driver or firmware implementation that does not order data writes before the IPI may pose a risk for code-modifying race. Thus, add a fence here to order data writes before making the IPI. Signed-off-by: Andy Chiu <andybnac(a)gmail.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Link: https://lore.kernel.org/r/20250407180838.42877-8-andybnac@gmail.com Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Palmer Dabbelt <palmer(a)dabbelt.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the RISC-V kernel codebase, here is my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds a critical memory fence (`RISCV_FENCE(w, o)`) before sending IPIs in the `flush_icache_all()` function in `arch/riscv/mm/cacheflush.c`. Specifically, it: 1. **Adds a data fence before IPI**: The `RISCV_FENCE(w, o)` instruction ensures that all previous memory writes (w) are ordered before device output operations (o), which includes MMIO writes for sending IPIs. 2. **Addresses RISC-V specification requirement**: The commit message explicitly references the RISC-V Platform Specification Section 2.1, which requires a data FENCE before requesting remote FENCE.I operations to ensure code modifications are visible across harts (hardware threads). 3. **Fixes a potential race condition**: Without this fence, there's a risk that code modifications made by one hart might not be visible to other harts when they receive the IPI to flush their instruction caches. ## Why This Should Be Backported ### 1. **Critical Correctness Issue** This fixes a fundamental correctness issue in code modification (CMODX) operations on RISC-V multiprocessor systems. The lack of proper ordering can lead to: - Stale instruction execution on remote cores - Race conditions in dynamic code modification scenarios - Potential security vulnerabilities in JIT compilers, kernel modules, and other code-patching mechanisms ### 2. **Specification Compliance** The fix ensures compliance with the RISC-V specification requirements. The spec explicitly states that a data fence is required before remote fence.i operations, making this a standards compliance fix rather than an optimization. ### 3. **Small and Contained Change** The change is minimal and surgical: - Adds only one fence instruction (`RISCV_FENCE(w, o)`) - No functional logic changes - Affects only the `flush_icache_all()` path - Low risk of introducing regressions ### 4. **Wide Impact on Code Modification** The `flush_icache_all()` function is used by: - Kernel module loading/unloading - JIT compilers (eBPF, etc.) - Dynamic code patching - Debugging infrastructure (kprobes, uprobes) - Any code that modifies executable instructions ### 5. **Similarity to Accepted Backports** Looking at similar commit #1 in the reference examples (irqchip fence ordering), which was marked as backportable, this commit addresses the same class of memory ordering issues that are critical for correctness on RISC-V systems. ### 6. **Platform Independence** The fix applies to all RISC-V implementations, as it addresses a fundamental architectural requirement rather than a specific hardware bug. ## Risk Assessment **Low Risk**: The fence instruction is a standard RISC-V barrier that: - Does not change control flow - Only adds necessary ordering constraints - Is already used extensively throughout the RISC-V kernel code - Has predictable performance impact (minimal additional latency) ## Comparison with Reference Commits This commit is most similar to reference commit #1 (irqchip memory ordering fix), which was correctly marked for backporting. Both commits: - Fix memory ordering issues in IPI/interrupt subsystems - Address RISC-V specification requirements - Have minimal code changes with high correctness impact - Fix potential race conditions in multi-hart systems The commit fixes a critical specification compliance issue that could lead to correctness problems in code modification scenarios across all RISC-V multiprocessor systems, making it an excellent candidate for stable backporting. arch/riscv/mm/cacheflush.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/riscv/mm/cacheflush.c b/arch/riscv/mm/cacheflush.c index b816727298872..b2e4b81763f88 100644 --- a/arch/riscv/mm/cacheflush.c +++ b/arch/riscv/mm/cacheflush.c @@ -24,7 +24,20 @@ void flush_icache_all(void) if (num_online_cpus() < 2) return; - else if (riscv_use_sbi_for_rfence()) + + /* + * Make sure all previous writes to the D$ are ordered before making + * the IPI. The RISC-V spec states that a hart must execute a data fence + * before triggering a remote fence.i in order to make the modification + * visable for remote harts. + * + * IPIs on RISC-V are triggered by MMIO writes to either CLINT or + * S-IMSIC, so the fence ensures previous data writes "happen before" + * the MMIO. + */ + RISCV_FENCE(w, o); + + if (riscv_use_sbi_for_rfence()) sbi_remote_fence_i(NULL); else on_each_cpu(ipi_remote_fence_i, NULL, 1); -- 2.39.5

16 hours

1
11
0 0

[PATCH AUTOSEL 6.15 01/15] riscv: add a data fence for CMODX in the kernel mode

by Sasha Levin

From: Andy Chiu <andybnac(a)gmail.com> [ Upstream commit ca358692de41b273468e625f96926fa53e13bd8c ] RISC-V spec explicitly calls out that a local fence.i is not enough for the code modification to be visble from a remote hart. In fact, it states: To make a store to instruction memory visible to all RISC-V harts, the writing hart also has to execute a data FENCE before requesting that all remote RISC-V harts execute a FENCE.I. Although current riscv drivers for IPI use ordered MMIO when sending IPIs in order to synchronize the action between previous csd writes, riscv does not restrict itself to any particular flavor of IPI. Any driver or firmware implementation that does not order data writes before the IPI may pose a risk for code-modifying race. Thus, add a fence here to order data writes before making the IPI. Signed-off-by: Andy Chiu <andybnac(a)gmail.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Link: https://lore.kernel.org/r/20250407180838.42877-8-andybnac@gmail.com Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Palmer Dabbelt <palmer(a)dabbelt.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the RISC-V kernel codebase, here is my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds a critical memory fence (`RISCV_FENCE(w, o)`) before sending IPIs in the `flush_icache_all()` function in `arch/riscv/mm/cacheflush.c`. Specifically, it: 1. **Adds a data fence before IPI**: The `RISCV_FENCE(w, o)` instruction ensures that all previous memory writes (w) are ordered before device output operations (o), which includes MMIO writes for sending IPIs. 2. **Addresses RISC-V specification requirement**: The commit message explicitly references the RISC-V Platform Specification Section 2.1, which requires a data FENCE before requesting remote FENCE.I operations to ensure code modifications are visible across harts (hardware threads). 3. **Fixes a potential race condition**: Without this fence, there's a risk that code modifications made by one hart might not be visible to other harts when they receive the IPI to flush their instruction caches. ## Why This Should Be Backported ### 1. **Critical Correctness Issue** This fixes a fundamental correctness issue in code modification (CMODX) operations on RISC-V multiprocessor systems. The lack of proper ordering can lead to: - Stale instruction execution on remote cores - Race conditions in dynamic code modification scenarios - Potential security vulnerabilities in JIT compilers, kernel modules, and other code-patching mechanisms ### 2. **Specification Compliance** The fix ensures compliance with the RISC-V specification requirements. The spec explicitly states that a data fence is required before remote fence.i operations, making this a standards compliance fix rather than an optimization. ### 3. **Small and Contained Change** The change is minimal and surgical: - Adds only one fence instruction (`RISCV_FENCE(w, o)`) - No functional logic changes - Affects only the `flush_icache_all()` path - Low risk of introducing regressions ### 4. **Wide Impact on Code Modification** The `flush_icache_all()` function is used by: - Kernel module loading/unloading - JIT compilers (eBPF, etc.) - Dynamic code patching - Debugging infrastructure (kprobes, uprobes) - Any code that modifies executable instructions ### 5. **Similarity to Accepted Backports** Looking at similar commit #1 in the reference examples (irqchip fence ordering), which was marked as backportable, this commit addresses the same class of memory ordering issues that are critical for correctness on RISC-V systems. ### 6. **Platform Independence** The fix applies to all RISC-V implementations, as it addresses a fundamental architectural requirement rather than a specific hardware bug. ## Risk Assessment **Low Risk**: The fence instruction is a standard RISC-V barrier that: - Does not change control flow - Only adds necessary ordering constraints - Is already used extensively throughout the RISC-V kernel code - Has predictable performance impact (minimal additional latency) ## Comparison with Reference Commits This commit is most similar to reference commit #1 (irqchip memory ordering fix), which was correctly marked for backporting. Both commits: - Fix memory ordering issues in IPI/interrupt subsystems - Address RISC-V specification requirements - Have minimal code changes with high correctness impact - Fix potential race conditions in multi-hart systems The commit fixes a critical specification compliance issue that could lead to correctness problems in code modification scenarios across all RISC-V multiprocessor systems, making it an excellent candidate for stable backporting. arch/riscv/mm/cacheflush.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/riscv/mm/cacheflush.c b/arch/riscv/mm/cacheflush.c index b816727298872..b2e4b81763f88 100644 --- a/arch/riscv/mm/cacheflush.c +++ b/arch/riscv/mm/cacheflush.c @@ -24,7 +24,20 @@ void flush_icache_all(void) if (num_online_cpus() < 2) return; - else if (riscv_use_sbi_for_rfence()) + + /* + * Make sure all previous writes to the D$ are ordered before making + * the IPI. The RISC-V spec states that a hart must execute a data fence + * before triggering a remote fence.i in order to make the modification + * visable for remote harts. + * + * IPIs on RISC-V are triggered by MMIO writes to either CLINT or + * S-IMSIC, so the fence ensures previous data writes "happen before" + * the MMIO. + */ + RISCV_FENCE(w, o); + + if (riscv_use_sbi_for_rfence()) sbi_remote_fence_i(NULL); else on_each_cpu(ipi_remote_fence_i, NULL, 1); -- 2.39.5

16 hours, 1 minute

1
14
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061755-peso-ravage-c101@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

16 hours, 57 minutes

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061754-motive-astride-cdfd@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

16 hours, 57 minutes

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061754-sensitive-pointed-5663@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

16 hours, 57 minutes

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061753-unsubtle-afterlife-33f7@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

16 hours, 57 minutes

1
0
0 0

[PATCH 6.12.y] cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update

by jetlan9＠163.com

From: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> [ Upstream commit 426db24d4db2e4f0d6720aeb7795eafcb9e82640 ] Check if policy is NULL before dereferencing it in amd_pstate_update. Fixes: e8f555daacd3 ("cpufreq/amd-pstate: fix setting policy current frequency value") Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Gautham R. Shenoy <gautham.shenoy(a)amd.com> Link: https://lore.kernel.org/r/20250205112523.201101-11-dhananjay.ugwekar@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> [Minor context change fixed.] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/cpufreq/amd-pstate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index 7a16d1932228..62dbc5701e99 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -482,6 +482,9 @@ static void amd_pstate_update(struct amd_cpudata *cpudata, u32 min_perf, u32 nominal_perf = READ_ONCE(cpudata->nominal_perf); u64 value = prev; + if (!policy) + return; + min_perf = clamp_t(unsigned long, min_perf, cpudata->min_limit_perf, cpudata->max_limit_perf); max_perf = clamp_t(unsigned long, max_perf, cpudata->min_limit_perf, -- 2.34.1

17 hours, 4 minutes

1
0
0 0

stable@vger.kernel.org

by vicky685kg＠gmail.com

Hi there, Market trend is changing rapidly. Paid ads are not delivering much better results. You must have to plan to move to organic marketing. If you would be interested, I can send complete marketing plan. Cheers! Sendy

17 hours, 36 minutes

1
0
0 0

[PATCH] platform/x86: ideapad-laptop: use usleep_range() for EC polling

by Rong Zhang

It was reported that ideapad-laptop sometimes causes some recent (since 2024) Lenovo ThinkBook models shut down when: - suspending/resuming - closing/opening the lid - (dis)connecting a charger - reading/writing some sysfs properties, e.g., fan_mode, touchpad - pressing down some Fn keys, e.g., Brightness Up/Down (Fn+F5/F6) - (seldom) loading the kmod The issue has existed since the launch day of such models, and there have been some out-of-tree workarounds (see Link:) for the issue. One disables some functionalities, while another one simply shortens IDEAPAD_EC_TIMEOUT. The disabled functionalities have read_ec_data() in their call chains, which calls schedule() between each poll. It turns out that these models suffer from the indeterminacy of schedule() because of their low tolerance for being polled too frequently. Sometimes schedule() returns too soon due to the lack of ready tasks, causing the margin between two polls to be too short. In this case, the command is somehow aborted, and too many subsequent polls (they poll for "nothing!") may eventually break the state machine in the EC, resulting in a hard shutdown. This explains why shortening IDEAPAD_EC_TIMEOUT works around the issue - it reduces the total number of polls sent to the EC. Even when it doesn't lead to a shutdown, frequent polls may also disturb the ongoing operation and notably delay (+ 10-20ms) the availability of EC response. This phenomenon is unlikely to be exclusive to the models mentioned above, so dropping the schedule() manner should also slightly improve the responsiveness of various models. Fix these issues by migrating to usleep_range(150, 300). The interval is chosen to add some margin to the minimal 50us and considering EC responses are usually available after 150-2500us based on my test. It should be enough to fix these issues on all models subject to the EC bug without introducing latency on other models. Tested on ThinkBook 14 G7+ ASP and solved both issues. No regression was introduced in the test on a model without the EC bug (ThinkBook X IMH, thanks Eric). Link: https://github.com/ty2/ideapad-laptop-tb2024g6plus/commit/6c5db18c9e8109873… Link: https://github.com/ferstar/ideapad-laptop-tb/commit/42d1e68e5009529d31bd23f… Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218771 Fixes: 6a09f21dd1e2 ("ideapad: add ACPI helpers") Cc: stable(a)vger.kernel.org Tested-by: Eric Long <i(a)hack3r.moe> Signed-off-by: Rong Zhang <i(a)rong.moe> --- drivers/platform/x86/ideapad-laptop.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c index ede483573fe0..b5e4da6a6779 100644 --- a/drivers/platform/x86/ideapad-laptop.c +++ b/drivers/platform/x86/ideapad-laptop.c @@ -15,6 +15,7 @@ #include <linux/bug.h> #include <linux/cleanup.h> #include <linux/debugfs.h> +#include <linux/delay.h> #include <linux/device.h> #include <linux/dmi.h> #include <linux/i8042.h> @@ -267,6 +268,20 @@ static void ideapad_shared_exit(struct ideapad_private *priv) */ #define IDEAPAD_EC_TIMEOUT 200 /* in ms */ +/* + * Some models (e.g., ThinkBook since 2024) have a low tolerance for being + * polled too frequently. Doing so may break the state machine in the EC, + * resulting in a hard shutdown. + * + * It is also observed that frequent polls may disturb the ongoing operation + * and notably delay the availability of EC response. + * + * These values are used as the delay before the first poll and the interval + * between subsequent polls to solve the above issues. + */ +#define IDEAPAD_EC_POLL_MIN_US 150 +#define IDEAPAD_EC_POLL_MAX_US 300 + static int eval_int(acpi_handle handle, const char *name, unsigned long *res) { unsigned long long result; @@ -383,7 +398,7 @@ static int read_ec_data(acpi_handle handle, unsigned long cmd, unsigned long *da end_jiffies = jiffies + msecs_to_jiffies(IDEAPAD_EC_TIMEOUT) + 1; while (time_before(jiffies, end_jiffies)) { - schedule(); + usleep_range(IDEAPAD_EC_POLL_MIN_US, IDEAPAD_EC_POLL_MAX_US); err = eval_vpcr(handle, 1, &val); if (err) @@ -414,7 +429,7 @@ static int write_ec_cmd(acpi_handle handle, unsigned long cmd, unsigned long dat end_jiffies = jiffies + msecs_to_jiffies(IDEAPAD_EC_TIMEOUT) + 1; while (time_before(jiffies, end_jiffies)) { - schedule(); + usleep_range(IDEAPAD_EC_POLL_MIN_US, IDEAPAD_EC_POLL_MAX_US); err = eval_vpcr(handle, 1, &val); if (err) base-commit: a5806cd506af5a7c19bcd596e4708b5c464bfd21 -- 2.49.0

17 hours, 57 minutes

7
6
0 0

Unplayable framerates in game but specific kernel versions work, maybe amdgpu problem

by machion＠disroot.org

Hello kernel/driver developers, I hope, with my information it's possible to find a bug/problem in the kernel. Otherwise I am sorry, that I disturbed you. I only use LTS kernels, but I can narrow it down to a hand full of them, where it works. The PC: Manjaro Stable/Cinnamon/X11/AMD Ryzen 5 2600/Radeon HD 7790/8GB RAM I already asked the Manjaro community, but with no luck. The game: Hellpoint (GOG Linux latest version, Unity3D-Engine v2021), uses vulkan --- I came a long road of kernels. I had many versions of 5.4, 5.10, 5.15, 6.1 and 6.6 and and the game was always unplayable, because the frames where around 1fps (performance of PC is not the problem). I asked the mesa and cinnamon team for help in the past, but also with no luck. It never worked, till on 2025-03-29 when I installed 6.12.19 for the first time and it worked! But it only worked with 6.12.19, 6.12.20 and 6.12.21 When I updated to 6.12.25, it was back to unplayable. For testing I installed 6.14.4 with the same result. It doesn't work. I also compared file /proc/config.gz of both kernels (6.12.21 <> 6.14.4), but can't seem to see drastic changes to the graphical part. I presume it has something to do with amdgpu. If you need more information, I would be happy to help. Kind regards, Marion

18 hours, 40 minutes

2
4
0 0

[PATCH 0/2] media: qcom: camss: Fix two bugs in mainline

by Bryan O'Donoghue

Two bug fixes here. First up SDM630/SDM660 hasn't been probing because moving the CSIPHY gen2 init sequence into a common location also moved the default case of the switch statement which rejects non-gen2 devices. Second is a fix for a very longstanding bug which is a race-condition between fully enumerating /dev/videoX devices along with all of their dependent data-structures and gating user-space access to those devices. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (2): media: qcom: camss: csiphy-3ph: Fix inadvertent dropping of SDM660/SDM670 phy init media: qcom: camss: vfe: Fix registration sequencing bug drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c | 3 +-- drivers/media/platform/qcom/camss/camss-vfe.c | 8 ++++++++ drivers/media/platform/qcom/camss/camss-vfe.h | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) --- base-commit: 8666245114d979b963dc23894a03c74ecab8a7a6 change-id: 20250610-linux-next-25-05-30-daily-reviews-47ef54eee7ea Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

19 hours, 20 minutes

3
8
0 0

[PATCH v2 1/4] wifi: ath12k: fix dest ring-buffer corruption

by Johan Hovold

Add the missing memory barrier to make sure that destination ring descriptors are read after the head pointers to avoid using stale data on weakly ordered architectures like aarch64. The barrier is added to the ath12k_hal_srng_access_begin() helper for symmetry with follow-on fixes for source ring buffer corruption which will add barriers to ath12k_hal_srng_access_end(). Note that this may fix the empty descriptor issue recently worked around by commit 51ad34a47e9f ("wifi: ath12k: Add drop descriptor handling for monitor ring"). Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/ce.c | 3 --- drivers/net/wireless/ath/ath12k/hal.c | 17 ++++++++++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/ce.c b/drivers/net/wireless/ath/ath12k/ce.c index 740586fe49d1..b66d23d6b2bd 100644 --- a/drivers/net/wireless/ath/ath12k/ce.c +++ b/drivers/net/wireless/ath/ath12k/ce.c @@ -343,9 +343,6 @@ static int ath12k_ce_completed_recv_next(struct ath12k_ce_pipe *pipe, goto err; } - /* Make sure descriptor is read after the head pointer. */ - dma_rmb(); - *nbytes = ath12k_hal_ce_dst_status_get_length(desc); *skb = pipe->dest_ring->skb[sw_index]; diff --git a/drivers/net/wireless/ath/ath12k/hal.c b/drivers/net/wireless/ath/ath12k/hal.c index 91d5126ca149..9eea13ed5565 100644 --- a/drivers/net/wireless/ath/ath12k/hal.c +++ b/drivers/net/wireless/ath/ath12k/hal.c @@ -2126,13 +2126,24 @@ void *ath12k_hal_srng_src_get_next_reaped(struct ath12k_base *ab, void ath12k_hal_srng_access_begin(struct ath12k_base *ab, struct hal_srng *srng) { + u32 hp; + lockdep_assert_held(&srng->lock); - if (srng->ring_dir == HAL_SRNG_DIR_SRC) + if (srng->ring_dir == HAL_SRNG_DIR_SRC) { srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; - else - srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + } else { + hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + + if (hp != srng->u.dst_ring.cached_hp) { + srng->u.dst_ring.cached_hp = hp; + /* Make sure descriptor is read after the head + * pointer. + */ + dma_rmb(); + } + } } /* Update cached ring head/tail pointers to HW. ath12k_hal_srng_access_begin() -- 2.49.0

19 hours, 36 minutes

4
6
0 0

[PATCH v3 4/4] wifi: ath12k: fix dest ring-buffer corruption when ring is full

by Johan Hovold

Add the missing memory barriers to make sure that destination ring descriptors are read before updating the tail pointer (and passing ownership to the device) to avoid memory corruption on weakly ordered architectures like aarch64 when the ring is full. Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/hal.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/hal.c b/drivers/net/wireless/ath/ath12k/hal.c index d8193d9577bb..6406fcf5d69f 100644 --- a/drivers/net/wireless/ath/ath12k/hal.c +++ b/drivers/net/wireless/ath/ath12k/hal.c @@ -2170,7 +2170,6 @@ void ath12k_hal_srng_access_end(struct ath12k_base *ab, struct hal_srng *srng) { lockdep_assert_held(&srng->lock); - /* TODO: See if we need a write memory barrier here */ if (srng->flags & HAL_SRNG_FLAGS_LMAC_RING) { /* For LMAC rings, ring pointer updates are done through FW and * hence written to a shared memory location that is read by FW @@ -2185,7 +2184,11 @@ void ath12k_hal_srng_access_end(struct ath12k_base *ab, struct hal_srng *srng) WRITE_ONCE(*srng->u.src_ring.hp_addr, srng->u.src_ring.hp); } else { srng->u.dst_ring.last_hp = *srng->u.dst_ring.hp_addr; - *srng->u.dst_ring.tp_addr = srng->u.dst_ring.tp; + /* Make sure descriptor is read before updating the + * tail pointer. + */ + dma_mb(); + WRITE_ONCE(*srng->u.dst_ring.tp_addr, srng->u.dst_ring.tp); } } else { if (srng->ring_dir == HAL_SRNG_DIR_SRC) { @@ -2201,6 +2204,10 @@ void ath12k_hal_srng_access_end(struct ath12k_base *ab, struct hal_srng *srng) srng->u.src_ring.hp); } else { srng->u.dst_ring.last_hp = *srng->u.dst_ring.hp_addr; + /* Make sure descriptor is read before updating the + * tail pointer. + */ + mb(); ath12k_hif_write32(ab, (unsigned long)srng->u.dst_ring.tp_addr - (unsigned long)ab->mem, -- 2.49.0

19 hours, 38 minutes

1
0
0 0

[PATCH v3 3/4] wifi: ath12k: fix source ring-buffer corruption

by Johan Hovold

Add the missing memory barrier to make sure that LMAC source ring descriptors are written before updating the head pointer to avoid passing stale data to the firmware on weakly ordered architectures like aarch64. Note that non-LMAC rings use MMIO write accessors which have the required write memory barrier. Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/hal.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/hal.c b/drivers/net/wireless/ath/ath12k/hal.c index 726969cfcaec..d8193d9577bb 100644 --- a/drivers/net/wireless/ath/ath12k/hal.c +++ b/drivers/net/wireless/ath/ath12k/hal.c @@ -2178,7 +2178,11 @@ void ath12k_hal_srng_access_end(struct ath12k_base *ab, struct hal_srng *srng) if (srng->ring_dir == HAL_SRNG_DIR_SRC) { srng->u.src_ring.last_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; - *srng->u.src_ring.hp_addr = srng->u.src_ring.hp; + /* Make sure descriptor is written before updating the + * head pointer. + */ + dma_wmb(); + WRITE_ONCE(*srng->u.src_ring.hp_addr, srng->u.src_ring.hp); } else { srng->u.dst_ring.last_hp = *srng->u.dst_ring.hp_addr; *srng->u.dst_ring.tp_addr = srng->u.dst_ring.tp; @@ -2187,6 +2191,10 @@ void ath12k_hal_srng_access_end(struct ath12k_base *ab, struct hal_srng *srng) if (srng->ring_dir == HAL_SRNG_DIR_SRC) { srng->u.src_ring.last_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; + /* Assume implementation use an MMIO write accessor + * which has the required wmb() so that the descriptor + * is written before the updating the head pointer. + */ ath12k_hif_write32(ab, (unsigned long)srng->u.src_ring.hp_addr - (unsigned long)ab->mem, -- 2.49.0

19 hours, 38 minutes

1
0
0 0

[PATCH v3 1/4] wifi: ath12k: fix dest ring-buffer corruption

by Johan Hovold

Add the missing memory barrier to make sure that destination ring descriptors are read after the head pointers to avoid using stale data on weakly ordered architectures like aarch64. The barrier is added to the ath12k_hal_srng_access_begin() helper for symmetry with follow-on fixes for source ring buffer corruption which will add barriers to ath12k_hal_srng_access_end(). Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/ce.c | 3 --- drivers/net/wireless/ath/ath12k/hal.c | 17 ++++++++++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/ce.c b/drivers/net/wireless/ath/ath12k/ce.c index 3f3439262cf4..f7c15b547504 100644 --- a/drivers/net/wireless/ath/ath12k/ce.c +++ b/drivers/net/wireless/ath/ath12k/ce.c @@ -433,9 +433,6 @@ static int ath12k_ce_completed_recv_next(struct ath12k_ce_pipe *pipe, goto err; } - /* Make sure descriptor is read after the head pointer. */ - dma_rmb(); - *nbytes = ath12k_hal_ce_dst_status_get_length(desc); *skb = pipe->dest_ring->skb[sw_index]; diff --git a/drivers/net/wireless/ath/ath12k/hal.c b/drivers/net/wireless/ath/ath12k/hal.c index a301898e5849..f8bd3837b9dc 100644 --- a/drivers/net/wireless/ath/ath12k/hal.c +++ b/drivers/net/wireless/ath/ath12k/hal.c @@ -2143,13 +2143,24 @@ void *ath12k_hal_srng_src_get_next_reaped(struct ath12k_base *ab, void ath12k_hal_srng_access_begin(struct ath12k_base *ab, struct hal_srng *srng) { + u32 hp; + lockdep_assert_held(&srng->lock); - if (srng->ring_dir == HAL_SRNG_DIR_SRC) + if (srng->ring_dir == HAL_SRNG_DIR_SRC) { srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; - else - srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + } else { + hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + + if (hp != srng->u.dst_ring.cached_hp) { + srng->u.dst_ring.cached_hp = hp; + /* Make sure descriptor is read after the head + * pointer. + */ + dma_rmb(); + } + } } /* Update cached ring head/tail pointers to HW. ath12k_hal_srng_access_begin() -- 2.49.0

19 hours, 38 minutes

1
0
0 0

[PATCH v2 0/4] arm64: dts: rockchip: enable further peripherals on ArmSoM Sige5

by Alexey Charkov

Link up the CPU regulators for DVFS, enable WiFi and Bluetooth. Different board versions use different incompatible WiFi/Bluetooth modules so split the version-specific bits out into an overlay. Basic WiFi functionality works even without an overlay, but OOB interrupts and all Bluetooth stuff requires one. My board is v1.2, so the overlay is only provided for it. Signed-off-by: Alexey Charkov <alchark(a)gmail.com> --- Changes in v2: - Expand the commit message for the patch linking CPU regulators and add tags for stable (thanks Nicolas) - Fix the ordering of cpu_b* nodes vs. combphy0_ps (thanks Diederik) - Drop the USB patch, as Nicolas has already posted a more comprehensive series including also the Type-C stuff (thanks Nicolas) - Pick up Nicolas' tags - Split out board version specific WiFi/Bluetooth stuff into an overlay - Link to v1: https://lore.kernel.org/r/20250603-sige5-updates-v1-0-717e8ce4ab77@gmail.com --- Alexey Charkov (4): arm64: dts: rockchip: list all CPU supplies on ArmSoM Sige5 arm64: dts: rockchip: add SDIO controller on RK3576 arm64: dts: rockchip: add version-independent WiFi/BT nodes on Sige5 arm64: dts: rockchip: add overlay for the WiFi/BT module on Sige5 v1.2 arch/arm64/boot/dts/rockchip/Makefile | 5 ++ .../rockchip/rk3576-armsom-sige5-v1.2-wifibt.dtso | 49 +++++++++++++ .../boot/dts/rockchip/rk3576-armsom-sige5.dts | 85 ++++++++++++++++++++++ arch/arm64/boot/dts/rockchip/rk3576.dtsi | 16 ++++ 4 files changed, 155 insertions(+) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250602-sige5-updates-a162b501a1b1 Best regards, -- Alexey Charkov <alchark(a)gmail.com>

21 hours, 28 minutes

2
3
0 0

[PATCH] erofs: remove unused trace event erofs_destroy_inode

by Gao Xiang

The trace event `erofs_destroy_inode` was added but remains unused. This unused event contributes approximately 5KB to the kernel module size. Reported-by: Steven Rostedt <rostedt(a)goodmis.org> Closes: https://lore.kernel.org/r/20250612224906.15000244@batman.local.home Fixes: 13f06f48f7bf ("staging: erofs: support tracepoint") Cc: stable(a)vger.kernel.org Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- include/trace/events/erofs.h | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/include/trace/events/erofs.h b/include/trace/events/erofs.h index a5f4b9234f46..dad7360f42f9 100644 --- a/include/trace/events/erofs.h +++ b/include/trace/events/erofs.h @@ -211,24 +211,6 @@ TRACE_EVENT(erofs_map_blocks_exit, show_mflags(__entry->mflags), __entry->ret) ); -TRACE_EVENT(erofs_destroy_inode, - TP_PROTO(struct inode *inode), - - TP_ARGS(inode), - - TP_STRUCT__entry( - __field( dev_t, dev ) - __field( erofs_nid_t, nid ) - ), - - TP_fast_assign( - __entry->dev = inode->i_sb->s_dev; - __entry->nid = EROFS_I(inode)->nid; - ), - - TP_printk("dev = (%d,%d), nid = %llu", show_dev_nid(__entry)) -); - #endif /* _TRACE_EROFS_H */ /* This part must be outside protection */ -- 2.43.5

22 hours, 41 minutes

1
0
0 0

[PATCH v2 2/2] usb: gadget: u_serial: Fix race condition in TTY wakeup

by Kuen-Han Tsai

A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and port_usb, respectively. Use the null-safe TTY Port helper function to wake up TTY. Example CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port.tty and unlock gs_start_rx() // lock tty_wakeup() // NPE Fixes: 35f95fd7f234 ("TTY: usb/u_serial, use tty from tty_port") Cc: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- v2: - Move the example up to the changelog Traces: [ 51.494375][ T278] ttyGS1: shutdown [ 51.494817][ T269] android_work: sent uevent USB_STATE=DISCONNECTED [ 52.115792][ T1508] usb: [dm_bind] generic ttyGS1: super speed IN/ep1in OUT/ep1out [ 52.516288][ T1026] android_work: sent uevent USB_STATE=CONNECTED [ 52.551667][ T1533] gserial_connect: start ttyGS1 [ 52.565634][ T1533] [khtsai] enter gs_start_io, ttyGS1, port->port.tty=0000000046bd4060 [ 52.565671][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.591552][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.619901][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.638659][ T1325] [khtsai] gs_close, lock port ttyGS1 [ 52.656842][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) ... [ 52.683005][ T1325] [khtsai] gs_close, clear ttyGS1 [ 52.683007][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) done! [ 52.708643][ T1325] [khtsai] gs_close, unlock port ttyGS1 [ 52.747592][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.747616][ T1533] [khtsai] gs_start_io, ttyGS1, going to call tty_wakeup(), port->port.tty=0000000000000000 [ 52.747629][ T1533] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001f8 --- drivers/usb/gadget/function/u_serial.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index c043bdc30d8a..540dc5ab96fc 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -295,8 +295,8 @@ __acquires(&port->port_lock) break; } - if (do_tty_wake && port->port.tty) - tty_wakeup(port->port.tty); + if (do_tty_wake) + tty_port_tty_wakeup(&port->port); return status; } @@ -574,7 +574,7 @@ static int gs_start_io(struct gs_port *port) gs_start_tx(port); /* Unblock any pending writes into our circular buffer, in case * we didn't in gs_start_tx() */ - tty_wakeup(port->port.tty); + tty_port_tty_wakeup(&port->port); } else { /* Free reqs only if we are still connected */ if (port->port_usb) { -- 2.50.0.rc2.692.g299adb8693-goog

23 hours, 15 minutes

1
0
0 0

[PATCH] crypto: qat - lower priority for skcipher and aead algorithms

by Giovanni Cabiddu

Most kernel applications utilizing the crypto API operate synchronously and on small buffer sizes, therefore do not benefit from QAT acceleration. Reduce the priority of QAT implementations for both skcipher and aead algorithms, allowing more suitable alternatives to be selected by default. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Link: https://lore.kernel.org/all/20250613012357.GA3603104@google.com/ Cc: stable(a)vger.kernel.org --- drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/intel/qat/qat_common/qat_algs.c b/drivers/crypto/intel/qat/qat_common/qat_algs.c index 3c4bba4a8779..d69cc1e5e023 100644 --- a/drivers/crypto/intel/qat/qat_common/qat_algs.c +++ b/drivers/crypto/intel/qat/qat_common/qat_algs.c @@ -1277,7 +1277,7 @@ static struct aead_alg qat_aeads[] = { { .base = { .cra_name = "authenc(hmac(sha1),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha1", - .cra_priority = 4001, + .cra_priority = 100, .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), @@ -1294,7 +1294,7 @@ static struct aead_alg qat_aeads[] = { { .base = { .cra_name = "authenc(hmac(sha256),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha256", - .cra_priority = 4001, + .cra_priority = 100, .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), @@ -1311,7 +1311,7 @@ static struct aead_alg qat_aeads[] = { { .base = { .cra_name = "authenc(hmac(sha512),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha512", - .cra_priority = 4001, + .cra_priority = 100, .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), @@ -1329,7 +1329,7 @@ static struct aead_alg qat_aeads[] = { { static struct skcipher_alg qat_skciphers[] = { { .base.cra_name = "cbc(aes)", .base.cra_driver_name = "qat_aes_cbc", - .base.cra_priority = 4001, + .base.cra_priority = 100, .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), @@ -1347,7 +1347,7 @@ static struct skcipher_alg qat_skciphers[] = { { }, { .base.cra_name = "ctr(aes)", .base.cra_driver_name = "qat_aes_ctr", - .base.cra_priority = 4001, + .base.cra_priority = 100, .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, .base.cra_blocksize = 1, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), @@ -1365,7 +1365,7 @@ static struct skcipher_alg qat_skciphers[] = { { }, { .base.cra_name = "xts(aes)", .base.cra_driver_name = "qat_aes_xts", - .base.cra_priority = 4001, + .base.cra_priority = 100, .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ALLOCATES_MEMORY, .base.cra_blocksize = AES_BLOCK_SIZE, -- 2.49.0

23 hours, 25 minutes

3
8
0 0

[PATCH] net/9p: Fix buffer overflow in USB transport layer

by Yuhao Jiang

A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) for memcpy This allows an attacker to craft packets with small declared size (bypassing validation) but large actual payload (triggering overflow in memcpy). Add validation in usb9pfs_rx_complete() to ensure req->actual does not exceed the buffer capacity before copying data. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Fixes: a3be076dc174 ("net/9p/usbg: Add new usb gadget function transport") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- net/9p/trans_usbg.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c index 6b694f117aef..047a2862fc84 100644 --- a/net/9p/trans_usbg.c +++ b/net/9p/trans_usbg.c @@ -242,6 +242,15 @@ static void usb9pfs_rx_complete(struct usb_ep *ep, struct usb_request *req) if (!p9_rx_req) return; + /* Validate actual received size against buffer capacity */ + if (req->actual > p9_rx_req->rc.capacity) { + dev_err(&cdev->gadget->dev, + "received data size %u exceeds buffer capacity %zu\n", + req->actual, p9_rx_req->rc.capacity); + p9_req_put(usb9pfs->client, p9_rx_req); + return; + } + memcpy(p9_rx_req->rc.sdata, req->buf, req->actual); p9_rx_req->rc.size = req->actual; -- 2.43.0

23 hours, 52 minutes

3
4
0 0

[PATCH 1/2] Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"

by Kuen-Han Tsai

This reverts commit ffd603f214237e250271162a5b325c6199a65382. Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") adds null pointer checks at the beginning of the gs_start_io() function to prevent a null pointer dereference. However, these checks are redundant because the function's comment already requires callers to hold the port_lock and ensure port.tty and port_usb are not null. All existing callers already follow these rules. The true cause of the null pointer dereference is a race condition. When gs_start_io() calls either gs_start_rx() or gs_start_tx(), the port_lock is temporarily released for usb_ep_queue(). This allows port.tty and port_usb to be cleared. Cc: stable(a)vger.kernel.org Fixes: ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- drivers/usb/gadget/function/u_serial.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index ab544f6824be..c043bdc30d8a 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -544,20 +544,16 @@ static int gs_alloc_requests(struct usb_ep *ep, struct list_head *head, static int gs_start_io(struct gs_port *port) { struct list_head *head = &port->read_pool; - struct usb_ep *ep; + struct usb_ep *ep = port->port_usb->out; int status; unsigned started; - if (!port->port_usb || !port->port.tty) - return -EIO; - /* Allocate RX and TX I/O buffers. We can't easily do this much * earlier (with GFP_KERNEL) because the requests are coupled to * endpoints, as are the packet sizes we'll be using. Different * configurations may use different endpoints with a given port; * and high speed vs full speed changes packet sizes too. */ - ep = port->port_usb->out; status = gs_alloc_requests(ep, head, gs_read_complete, &port->read_allocated); if (status) -- 2.50.0.rc2.692.g299adb8693-goog

1 day

2
5
0 0

[PATCH] drm/etnaviv: Protect the scheduler's pending list with its lock

by Maíra Canal

Commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active") ensured that active jobs are returned to the pending list when extending the timeout. However, it didn't use the pending list's lock to manipulate the list, which causes a race condition as the scheduler's workqueues are running. Hold the lock while manipulating the scheduler's pending list to prevent a race. Cc: stable(a)vger.kernel.org Fixes: 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> --- Hi, I'm proposing this workaround patch to address the race-condition caused by manipulating the pending list without using its lock. Although I understand this isn't a complete solution (see [1]), it's not reasonable to backport the new DRM stat series [2] to the stable branches. Therefore, I believe the best solution is backporting this fix to the stable branches, which will fix the race and will keep adding the job back to the pending list (which will avoid most memory leaks). [1] https://lore.kernel.org/dri-devel/bcc0ed477f8a6f3bb06665b1756bcb98fb7af871.… [2] https://lore.kernel.org/dri-devel/20250530-sched-skip-reset-v2-0-c40a8d2d8d… Best Regards, - Maíra --- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_sched.c b/drivers/gpu/drm/etnaviv/etnaviv_sched.c index 76a3a3e517d8..71e2e6b9d713 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_sched.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_sched.c @@ -35,6 +35,7 @@ static enum drm_gpu_sched_stat etnaviv_sched_timedout_job(struct drm_sched_job *sched_job) { struct etnaviv_gem_submit *submit = to_etnaviv_submit(sched_job); + struct drm_gpu_scheduler *sched = sched_job->sched; struct etnaviv_gpu *gpu = submit->gpu; u32 dma_addr, primid = 0; int change; @@ -89,7 +90,9 @@ static enum drm_gpu_sched_stat etnaviv_sched_timedout_job(struct drm_sched_job return DRM_GPU_SCHED_STAT_NOMINAL; out_no_timeout: - list_add(&sched_job->list, &sched_job->sched->pending_list); + spin_lock(&sched->job_list_lock); + list_add(&sched_job->list, &sched->pending_list); + spin_unlock(&sched->job_list_lock); return DRM_GPU_SCHED_STAT_NOMINAL; } -- 2.49.0

1 day, 4 hours

3
3
0 0

+ maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Date: Mon, 16 Jun 2025 14:45:20 -0400 Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least) Link: https://lkml.kernel.org/r/20250616184521.3382795-3-Liam.Howlett@oracle.com Fixes: 54a611b605901 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reported-by: Hailong Liu <hailong.liu(a)oppo.com> Link: https://lore.kernel.org/all/1652f7eb-a51b-4fee-8058-c73af63bacd1@oppo.com/ Link: https://lore.kernel.org/all/20250428184058.1416274-1-Liam.Howlett@oracle.co… Link: https://lore.kernel.org/all/20250429014754.1479118-1-Liam.Howlett@oracle.co… Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Hailong Liu <hailong.liu(a)oppo.com> Cc: zhangpeng.00(a)bytedance.com <zhangpeng.00(a)bytedance.com> Cc: Steve Kang <Steve.Kang(a)unisoc.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/lib/maple_tree.c~maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate +++ a/lib/maple_tree.c @@ -5527,8 +5527,9 @@ int mas_preallocate(struct ma_state *mas mas->store_type = mas_wr_store_type(&wr_mas); request = mas_prealloc_calc(&wr_mas, entry); if (!request) - return ret; + goto set_flag; + mas->mas_flags &= ~MA_STATE_PREALLOC; mas_node_count_gfp(mas, request, gfp); if (mas_is_err(mas)) { mas_set_alloc_req(mas, 0); @@ -5538,6 +5539,7 @@ int mas_preallocate(struct ma_state *mas return ret; } +set_flag: mas->mas_flags |= MA_STATE_PREALLOC; return ret; } _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch testing-raix-tree-maple-increase-readers-and-reduce-delay-for-faster-machines.patch

1 day, 5 hours

1
0
0 0

[PATCH] drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`

by Maíra Canal

The following kernel Oops was recently reported by Mesa CI: [ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588 [ 800.148619] Mem abort info: [ 800.151402] ESR = 0x0000000096000005 [ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits [ 800.160444] SET = 0, FnV = 0 [ 800.163488] EA = 0, S1PTW = 0 [ 800.166619] FSC = 0x05: level 1 translation fault [ 800.171487] Data abort info: [ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000 [ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight [ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1 [ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT) [ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d] [ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d] [ 800.267251] sp : ffffffc080003e60 [ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000 [ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020 [ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158 [ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000 [ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000 [ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c [ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0 [ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980 [ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382 [ 800.341859] Call trace: [ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d] [ 800.349086] v3d_irq+0x124/0x2e0 [v3d] [ 800.352835] __handle_irq_event_percpu+0x58/0x218 [ 800.357539] handle_irq_event+0x54/0xb8 [ 800.361369] handle_fasteoi_irq+0xac/0x240 [ 800.365458] handle_irq_desc+0x48/0x68 [ 800.369200] generic_handle_domain_irq+0x24/0x38 [ 800.373810] gic_handle_irq+0x48/0xd8 [ 800.377464] call_on_irq_stack+0x24/0x58 [ 800.381379] do_interrupt_handler+0x88/0x98 [ 800.385554] el1_interrupt+0x34/0x68 [ 800.389123] el1h_64_irq_handler+0x18/0x28 [ 800.393211] el1h_64_irq+0x64/0x68 [ 800.396603] default_idle_call+0x3c/0x168 [ 800.400606] do_idle+0x1fc/0x230 [ 800.403827] cpu_startup_entry+0x40/0x50 [ 800.407742] rest_init+0xe4/0xf0 [ 800.410962] start_kernel+0x5e8/0x790 [ 800.414616] __primary_switched+0x80/0x90 [ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1) [ 800.424707] ---[ end trace 0000000000000000 ]--- [ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- This issue happens when the file descriptor is closed before the jobs submitted by it are completed. When the job completes, we update the global GPU stats and the per-fd GPU stats, which are exposed through fdinfo. If the file descriptor was closed, then the struct `v3d_file_priv` and its stats were already freed and we can't update the per-fd stats. Therefore, if the file descriptor was already closed, don't update the per-fd GPU stats, only update the global ones. Cc: stable(a)vger.kernel.org # v6.12+ Signed-off-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_sched.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 466d28ceee28..5ed676304964 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -199,7 +199,6 @@ v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue) struct v3d_dev *v3d = job->v3d; struct v3d_file_priv *file = job->file->driver_priv; struct v3d_stats *global_stats = &v3d->queue[queue].stats; - struct v3d_stats *local_stats = &file->stats[queue]; u64 now = local_clock(); unsigned long flags; @@ -209,7 +208,12 @@ v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue) else preempt_disable(); - v3d_stats_update(local_stats, now); + /* Don't update the local stats if the file context has already closed */ + if (file) + v3d_stats_update(&file->stats[queue], now); + else + drm_dbg(&v3d->drm, "The file descriptor was closed before job completion\n"); + v3d_stats_update(global_stats, now); if (IS_ENABLED(CONFIG_LOCKDEP)) -- 2.49.0

1 day, 5 hours

2
2
0 0

[PATCH 2/2] dmaengine: qcom_hidma: fix handoff FIFO memory leak on driver removal

by Qasim Ijaz

hidma_ll_init() allocates a handoff FIFO, but the matching hidma_ll_uninit() function (which is invoked in remove()) never releases it, leaking memory. To fix this call kfifo_free in hidma_ll_uninit(). Fixes: d1615ca2e085 ("dmaengine: qcom_hidma: implement lower level hardware interface") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/dma/qcom/hidma_ll.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/dma/qcom/hidma_ll.c b/drivers/dma/qcom/hidma_ll.c index fee448499777..0c2bae46746c 100644 --- a/drivers/dma/qcom/hidma_ll.c +++ b/drivers/dma/qcom/hidma_ll.c @@ -816,6 +816,7 @@ int hidma_ll_uninit(struct hidma_lldev *lldev) required_bytes = sizeof(struct hidma_tre) * lldev->nr_tres; tasklet_kill(&lldev->task); + kfifo_free(&lldev->handoff_fifo); memset(lldev->trepool, 0, required_bytes); lldev->trepool = NULL; atomic_set(&lldev->pending_tre_count, 0); -- 2.39.5

1 day, 6 hours

3
4
0 0

[RESEND PATCH v3] crypto: ccp: Fix SNP panic notifier unregistration

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> Panic notifiers are invoked with RCU read lock held and when the SNP panic notifier tries to unregister itself from the panic notifier callback itself it causes a deadlock as notifier unregistration does RCU synchronization. Code flow for SNP panic notifier: snp_shutdown_on_panic() -> __sev_firmware_shutdown() -> __sev_snp_shutdown_locked() -> atomic_notifier_chain_unregister(.., &snp_panic_notifier) Fix SNP panic notifier to unregister itself during SNP shutdown only if panic is not in progress. Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Fixes: 19860c3274fb ("crypto: ccp - Register SNP panic notifier only if SNP is enabled") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- drivers/crypto/ccp/sev-dev.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 8fb94c5f006a..17edc6bf5622 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1787,8 +1787,14 @@ static int __sev_snp_shutdown_locked(int *error, bool panic) sev->snp_initialized = false; dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n"); - atomic_notifier_chain_unregister(&panic_notifier_list, - &snp_panic_notifier); + /* + * __sev_snp_shutdown_locked() deadlocks when it tries to unregister + * itself during panic as the panic notifier is called with RCU read + * lock held and notifier unregistration does RCU synchronization. + */ + if (!panic) + atomic_notifier_chain_unregister(&panic_notifier_list, + &snp_panic_notifier); /* Reset TMR size back to default */ sev_es_tmr_size = SEV_TMR_SIZE; -- 2.34.1

1 day, 6 hours

1
0
0 0

[PATCH v3] crypto: ccp: Fix SNP panic notifier unregistration

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> Panic notifiers are invoked with RCU read lock held and when the SNP panic notifier tries to unregister itself from the panic notifier callback itself it causes a deadlock as notifier unregistration does RCU synchronization. Code flow for SNP panic notifier: snp_shutdown_on_panic() -> __sev_firmware_shutdown() -> __sev_snp_shutdown_locked() -> atomic_notifier_chain_unregister(.., &snp_panic_notifier) Fix SNP panic notifier to unregister itself during SNP shutdown only if panic is not in progress. Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Fixes: 19860c3274fb ("crypto: ccp - Register SNP panic notifier only if SNP is enabled") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- drivers/crypto/ccp/sev-dev.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 8fb94c5f006a..17edc6bf5622 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1787,8 +1787,14 @@ static int __sev_snp_shutdown_locked(int *error, bool panic) sev->snp_initialized = false; dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n"); - atomic_notifier_chain_unregister(&panic_notifier_list, - &snp_panic_notifier); + /* + * __sev_snp_shutdown_locked() deadlocks when it tries to unregister + * itself during panic as the panic notifier is called with RCU read + * lock held and notifier unregistration does RCU synchronization. + */ + if (!panic) + atomic_notifier_chain_unregister(&panic_notifier_list, + &snp_panic_notifier); /* Reset TMR size back to default */ sev_es_tmr_size = SEV_TMR_SIZE; -- 2.34.1

1 day, 6 hours

2
1
0 0

[PATCH] scsi: mpt3sas: drop unused variable in mpt3sas_send_mctp_passthru_req()

by André Draszik

With W=1, gcc complains correctly: mpt3sas_ctl.c: In function ‘mpt3sas_send_mctp_passthru_req’: mpt3sas_ctl.c:2917:29: error: variable ‘mpi_reply’ set but not used [-Werror=unused-but-set-variable] 2917 | MPI2DefaultReply_t *mpi_reply; | ^~~~~~~~~ Drop the unused assignment and variable. Fixes: c72be4b5bb7c ("scsi: mpt3sas: Add support for MCTP Passthrough commands") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c index 02fc204b9bf7b276115bf6db52746155381799fd..3b951589feeb6c13094ea44b494ca3050a309b15 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c +++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c @@ -2914,7 +2914,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) { struct MPT3SAS_ADAPTER *ioc; MPI2RequestHeader_t *mpi_request = NULL, *request; - MPI2DefaultReply_t *mpi_reply; Mpi26MctpPassthroughRequest_t *mctp_passthru_req; u16 smid; unsigned long timeout; @@ -3022,8 +3021,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) goto issue_host_reset; } - mpi_reply = ioc->ctl_cmds.reply; - /* copy out xdata to user */ if (data_in_sz) memcpy(command->data_in_buf_ptr, data_in, data_in_sz); --- base-commit: a0bea9e39035edc56a994630e6048c8a191a99d8 change-id: 20250606-mpt3sas-15563809f705 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

1 day, 9 hours

2
1
0 0

[PATCH v4 4/5] scsi: fnic: Turn off FDMI ACTIVE flags on link down

by Karan Tilak Kumar

When the link goes down and comes up, FDMI requests are not sent out anymore. Fix bug by turning off FNIC_FDMI_ACTIVE when the link goes down. Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Reviewed-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index 9e9939d41fa8..14691db4d5f9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -5078,9 +5078,12 @@ void fnic_fdls_link_down(struct fnic_iport_s *iport) fdls_delete_tport(iport, tport); } - if ((fnic_fdmi_support == 1) && (iport->fabric.fdmi_pending > 0)) { - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending = 0; + if (fnic_fdmi_support == 1) { + if (iport->fabric.fdmi_pending > 0) { + timer_delete_sync(&iport->fabric.fdmi_timer); + iport->fabric.fdmi_pending = 0; + } + iport->flags &= ~FNIC_FDMI_ACTIVE; } FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, -- 2.47.1

1 day, 11 hours

3
4
0 0

[PATCH v5 1/4] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v4 and v5: - Incorporate review comments from John: - Refactor patches Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fdls.h | 1 + 3 files changed, 87 insertions(+), 29 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index c2b6f4eb338e..0ee1b74967b9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2244,6 +2266,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = from_timer(fabric, t, fdmi_timer); @@ -2289,14 +2326,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3714,11 +3744,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3728,10 +3779,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic.h b/drivers/scsi/fnic/fnic.h index 6c5f6046b1f5..86e293ce530d 100644 --- a/drivers/scsi/fnic/fnic.h +++ b/drivers/scsi/fnic/fnic.h @@ -30,7 +30,7 @@ #define DRV_NAME "fnic" #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" -#define DRV_VERSION "1.8.0.0" +#define DRV_VERSION "1.8.0.1" #define PFX DRV_NAME ": " #define DFX DRV_NAME "%d: " diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

1 day, 11 hours

1
1
0 0

Design Automation Conference 2025 Updated Attendee's List!

by Delilah Murray

Hi, We’re pleased to offer you exclusive access to the “Design Automation Conference 2025” Visitor Contact List—a powerful resource to connect directly with key industry professionals. Event Recap:- Date: 22 - 25 Jun 2025 Location: San Francisco, USA Registrants Counts: 6,286 Visitors Contacts Data Fields Available: Individual Email Address, Cell Phone Number, Contact Name, Job Title, Company Name, Website, Physical Address, LinkedIn Profile, and more. This list gives you a direct line to your ideal audience—no gatekeepers, no guesswork. Want pricing or a sample? Just reply: “Send me pricing” or “Sample please.” Best regards, Delilah Murray Sr. Marketing Manager Prefer not to receive these emails? Just reply “NOT INTERESTED”.

1 day, 12 hours

1
0
0 0

[PATCH 6.1] Mm/uffd: fix vma operation where start addr cuts part of vma

by Jakub Acs

commit 270aa010620697fb27b8f892cc4e194bc2b7d134 upstream. Patch series "mm/uffd: Fix vma merge/split", v2. This series contains two patches that fix vma merge/split for userfaultfd on two separate issues. Patch 1 fixes a regression since 6.1+ due to something we overlooked when converting to maple tree apis. The plan is we use patch 1 to replace the commit "2f628010799e (mm: userfaultfd: avoid passing an invalid range to vma_merge())" in mm-hostfixes-unstable tree if possible, so as to bring uffd vma operations back aligned with the rest code again. Patch 2 fixes a long standing issue that vma can be left unmerged even if we can for either uffd register or unregister. Many thanks to Lorenzo on either noticing this issue from the assert movement patch, looking at this problem, and also provided a reproducer on the unmerged vma issue [1]. [1] https://gist.github.com/lorenzo-stoakes/a11a10f5f479e7a977fc456331266e0e This patch (of 2): It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ It's possible that "start" is contained within vma but not clamped to its start. We need to convert this into either "cannot merge" case or "can merge" case 4 which permits subdivision of prev by assigning vma to prev. As we loop, each subsequent VMA will be clamped to the start. This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Link: https://lkml.kernel.org/r/20230517190916.3429499-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20230517190916.3429499-2-peterx@redhat.com Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Lorenzo Stoakes <lstoakes(a)gmail.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Jakub Acs <acsjakub(a)amazon.com> [acsjakub: contextual change - keep call to mas_next()] Cc: linux-mm(a)kvack.org --- This backport fixes a security issue - dangling pointer to a VMA in maple tree. Omitting details in this message to be brief, but happy to provide if requested. Since the envelope mentions series fixes 2 separate issues I hope the patch is acceptable on its own? fs/userfaultfd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 82101a2cf933..fcf96f52b2e9 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1426,6 +1426,9 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, if (prev != vma) mas_next(&mas, ULONG_MAX); + if (vma->vm_start < start) + prev = vma; + ret = 0; do { cond_resched(); @@ -1603,6 +1606,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, if (prev != vma) mas_next(&mas, ULONG_MAX); + if (vma->vm_start < start) + prev = vma; + ret = 0; do { cond_resched(); -- 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

1 day, 13 hours

3
2
0 0

[PATCH v7 0/4] media: pisp-be: Split jobs creation and scheduling

by Jacopo Mondi

Currently the 'pispbe_schedule()' function does two things: 1) Tries to assemble a job by inspecting all the video node queues to make sure all the required buffers are available 2) Submit the job to the hardware The pispbe_schedule() function is called at: - video device start_streaming() time - video device qbuf() time - irq handler As assembling a job requires inspecting all queues, it is a rather time consuming operation which is better not run in IRQ context. To avoid executing the time consuming job creation in interrupt context, split the job creation and job scheduling in two distinct operations. When a well-formed job is created, append it to the newly introduced 'pispbe->job_queue' where it will be dequeued from by the scheduling routine. At start_streaming() and qbuf() time immediately try to schedule a job if one has been created as the irq handler routine is only called when a job has completed, and we can't solely rely on it for scheduling new jobs. Signed-off-by: Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> --- Changes in v7: - Rebased on media-committers/next - Fix lockdep warning by using the proper spinlock_irq() primitive in pispbe_prepare_job() which can race with the IRQ handler - Link to v6: https://lore.kernel.org/r/20240930-pispbe-mainline-split-jobs-handling-v6-v… v5->v6: - Make the driver depend on PM - Simplify the probe() routine by using pm_runtime_ - Remove suspend call from remove() v4->v5: - Use appropriate locking constructs: - spin_lock_irq() for pispbe_prepare_job() called from non irq context - spin_lock_irqsave() for pispbe_schedule() called from irq context - Remove hw_lock from ready_queue accesses in stop_streaming and start_streaming - Fix trivial indentation mistake in 4/4 v3->v4: - Expand commit message in 2/4 to explain why removing validation in schedule() is safe - Drop ready_lock spinlock - Use non _irqsave version of safe_guard(spinlock - Support !CONFIG_PM in 4/4 by calling the enable/disable routines directly and adjust pm_runtime usage as suggested by Laurent v2->v3: - Mark pispbe_runtime_resume() as __maybe_unused - Add fixes tags where appropriate v1->v2: - Add two patches to address Laurent's comments separately - use scoped_guard() when possible - Add patch to fix runtime_pm imbalance --- Jacopo Mondi (4): media: pisp_be: Drop reference to non-existing function media: pisp_be: Remove config validation from schedule() media: pisp_be: Split jobs creation and scheduling media: pisp_be: Fix pm_runtime underrun in probe drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 187 ++++++++++----------- 2 files changed, 90 insertions(+), 98 deletions(-) --- base-commit: 5e1ff2314797bf53636468a97719a8222deca9ae change-id: 20240930-pispbe-mainline-split-jobs-handling-v6-15dc16e11e3a Best regards, -- Jacopo Mondi <jacopo.mondi(a)ideasonboard.com>

1 day, 14 hours

2
2
0 0

[PATCH] net/9p: Fix buffer overflow in USB transport layer

by Yuhao Jiang

A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) for memcpy This allows an attacker to craft packets with small declared size (bypassing validation) but large actual payload (triggering overflow in memcpy). Add validation in usb9pfs_rx_complete() to ensure req->actual does not exceed the buffer capacity before copying data. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Fixes: a3be076dc174 ("net/9p/usbg: Add new usb gadget function transport") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- net/9p/trans_usbg.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c index 6b694f117aef..047a2862fc84 100644 --- a/net/9p/trans_usbg.c +++ b/net/9p/trans_usbg.c @@ -242,6 +242,15 @@ static void usb9pfs_rx_complete(struct usb_ep *ep, struct usb_request *req) if (!p9_rx_req) return; + /* Validate actual received size against buffer capacity */ + if (req->actual > p9_rx_req->rc.capacity) { + dev_err(&cdev->gadget->dev, + "received data size %u exceeds buffer capacity %zu\n", + req->actual, p9_rx_req->rc.capacity); + p9_req_put(usb9pfs->client, p9_rx_req); + return; + } + memcpy(p9_rx_req->rc.sdata, req->buf, req->actual); p9_rx_req->rc.size = req->actual; -- 2.43.0

1 day, 15 hours

1
0
0 0

[PATCH v2 00/10] soc: aspeed: lpc-snoop: Miscellaneous fixes

by Andrew Jeffery

Henry's bug[1] and fix[2] prompted some further inspection by Jean. This series provides fixes for the remaining issues Jean identified, as well as reworking the channel paths to reduce cleanup required in error paths. It is based on v6.16-rc1. Lightly tested under qemu and on an AST2600 EVB. Further testing on platforms designed around the snoop device appreciated. [1]: https://bugzilla.kernel.org/show_bug.cgi?id=219934 [2]: https://lore.kernel.org/all/20250401074647.21300-1-bsdhenrymartin@gmail.com/ Signed-off-by: Andrew Jeffery <andrew(a)codeconstruct.com.au> --- Changes in v2: - Address comments on v1 from Jean - Implement channel indexing using enums to avoid unnecessary tests - Switch to devm_clk_get_enabled() - Use dev_err_probe() where possible - Link to v1: https://patch.msgid.link/20250411-aspeed-lpc-snoop-fixes-v1-0-64f522e3ad6f@… --- Andrew Jeffery (10): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled soc: aspeed: lpc-snoop: Ensure model_data is valid soc: aspeed: lpc-snoop: Constrain parameters in channel paths soc: aspeed: lpc-snoop: Rename 'channel' to 'index' in channel paths soc: aspeed: lpc-snoop: Rearrange channel paths soc: aspeed: lpc-snoop: Switch to devm_clk_get_enabled() soc: aspeed: lpc-snoop: Use dev_err_probe() where possible soc: aspeed: lpc-snoop: Consolidate channel initialisation soc: aspeed: lpc-snoop: Lift channel config to const structs drivers/soc/aspeed/aspeed-lpc-snoop.c | 224 +++++++++++++++++----------------- 1 file changed, 110 insertions(+), 114 deletions(-) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250401-aspeed-lpc-snoop-fixes-e5d2883da3a3 Best regards, -- Andrew Jeffery <andrew(a)codeconstruct.com.au>

1 day, 15 hours

1
2
0 0

[PATCH v2] zynq_fpga: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of statterlists related calls. dma_unmap_sg() function has to be called with the number of elements originally passed to the dma_map_sg() function, not the one returned in sgtable's nents. CC: stable(a)vger.kernel.org Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v2: - fixed build break (missing flags parameter) --- drivers/fpga/zynq-fpga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git drivers/fpga/zynq-fpga.c drivers/fpga/zynq-fpga.c index f7e08f7ea9ef..0be0d569589d 100644 --- drivers/fpga/zynq-fpga.c +++ drivers/fpga/zynq-fpga.c @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) } priv->dma_nelms = - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); if (priv->dma_nelms == 0) { dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); return -ENOMEM; @@ -478,7 +478,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) clk_disable(priv->clk); out_free: - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); return err; } -- 2.34.1

1 day, 16 hours

1
0
0 0

[PATCH v2] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore

by Anvith Dosapati

From: anvithdosapati <anvithdosapati(a)google.com> In ufshcd_host_reset_and_restore, scale up clocks only when clock scaling is supported. Without this change cpu latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Fixes: a3cd5ec55f6c7 ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org --- v2: - Update commit message - Add Fixes and Cc stable drivers/ufs/core/ufshcd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 4410e7d93b7d..fac381ea2b3a 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7802,7 +7802,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba); -- 2.50.0.rc1.591.g9c95f17f64-goog

1 day, 19 hours

1
0
0 0

[PATCH] pinctrl: nuvoton: Fix boot on ma35dx platforms

by Miquel Raynal

As part of a wider cleanup trying to get rid of OF specific APIs, an incorrect (and partially unrelated) cleanup was introduced. The goal was to replace a device_for_each_chil_node() loop including an additional condition inside by a macro doing both the loop and the check on a single line. The snippet: device_for_each_child_node(dev, child) if (fwnode_property_present(child, "gpio-controller")) continue; was replaced by: for_each_gpiochip_node(dev, child) which expands into: device_for_each_child_node(dev, child) for_each_if(fwnode_property_present(child, "gpio-controller")) This change is actually doing the opposite of what was initially expected, breaking the probe of this driver, breaking at the same time the whole boot of Nuvoton platforms (no more console, the kernel WARN()). Revert these two changes to roll back to the correct behavior. Fixes: 693c9ecd8326 ("pinctrl: nuvoton: Reduce use of OF-specific APIs") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/pinctrl/nuvoton/pinctrl-ma35.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/pinctrl/nuvoton/pinctrl-ma35.c b/drivers/pinctrl/nuvoton/pinctrl-ma35.c index 06ae1fe8b8c5..b51704bafd81 100644 --- a/drivers/pinctrl/nuvoton/pinctrl-ma35.c +++ b/drivers/pinctrl/nuvoton/pinctrl-ma35.c @@ -1074,7 +1074,10 @@ static int ma35_pinctrl_probe_dt(struct platform_device *pdev, struct ma35_pinct u32 idx = 0; int ret; - for_each_gpiochip_node(dev, child) { + device_for_each_child_node(dev, child) { + if (fwnode_property_present(child, "gpio-controller")) + continue; + npctl->nfunctions++; npctl->ngroups += of_get_child_count(to_of_node(child)); } @@ -1092,7 +1095,10 @@ static int ma35_pinctrl_probe_dt(struct platform_device *pdev, struct ma35_pinct if (!npctl->groups) return -ENOMEM; - for_each_gpiochip_node(dev, child) { + device_for_each_child_node(dev, child) { + if (fwnode_property_present(child, "gpio-controller")) + continue; + ret = ma35_pinctrl_parse_functions(child, npctl, idx++); if (ret) { fwnode_handle_put(child); -- 2.48.1

1 day, 19 hours

2
2
0 0

Re: [PATCH] drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64

by Jani Nikula

On Sun, 15 Jun 2025, "Nautiyal, Ankit K" <ankit.k.nautiyal(a)intel.com> wrote: > On 6/13/2025 3:06 PM, Jani Nikula wrote: >> On Fri, 13 Jun 2025, Ankit Nautiyal<ankit.k.nautiyal(a)intel.com> wrote: >>> *ana_cp_int = max(1, min(ana_cp_int_temp, 127)); >> Unrelated to this patch, but this should be: >> >> *ana_cp_int = clamp(ana_cp_int_temp, 1, 127); >> >> There's a similar issue with ana_cp_prop also in the file. >> > Agreed. Should there be a separate patch for this? Yes. That's why I emphasized "unrelated to this patch". ;) BR, Jani. -- Jani Nikula, Intel

1 day, 20 hours

1
0
0 0

[PATCH] fpga: zynq-fpga: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of statterlists related calls. dma_unmap_sg() function has to be called with the number of elements originally passed to the dma_map_sg() function, not the one returned in sgtable's nents. CC: stable(a)vger.kernel.org Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/fpga/zynq-fpga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c index f7e08f7ea9ef..9bd39d1d4048 100644 --- a/drivers/fpga/zynq-fpga.c +++ b/drivers/fpga/zynq-fpga.c @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) } priv->dma_nelms = - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE); if (priv->dma_nelms == 0) { dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); return -ENOMEM; @@ -478,7 +478,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) clk_disable(priv->clk); out_free: - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE); return err; } -- 2.34.1

1 day, 20 hours

3
3
0 0

BLOCK_LEGACY_AUTOLOAD not default y in Linux 5.15.179+

by Sebastian Priebe

Hello, we're facing a regression after updating to 5.15.179+. I've found that fbdee71bb5d8d054e1bdb5af4c540f2cb86fe296 (block: deprecate autoloading based on dev_t) was merged that disabled autoloading of modules. This broke mounting loopback devices on our side. Why wasn't 451f0b6f4c44d7b649ae609157b114b71f6d7875 (block: default BLOCK_LEGACY_AUTOLOAD to y) merged, too? This commit was merged for 6.1.y, 6.6.y and 6.12y, but not for 5.15.y. Please consider merging this for 5.15.y soon. Thanks. Sebastian

1 day, 20 hours

1
0
0 0

Host panic in bpf verifier when loading bpf prog in 5.10 stable kernel

by Aaron Lu

Hello, Wei reported when loading his bpf prog in 5.10.200 kernel, host would panic, this didn't happen in 5.10.135 kernel. Test on latest v5.10.238 still has this panic. [ 26.531718] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 26.538093] #PF: supervisor read access in kernel mode [ 26.542727] #PF: error_code(0x0000) - not-present page [ 26.548093] PGD 10f3e9067 P4D 10f332067 PUD 10f0c5067 PMD 0 [ 26.553211] Oops: 0000 [#1] SMP NOPTI [ 26.556531] CPU: 2 PID: 541 Comm: main Not tainted 5.10.238-00267-g01e7e36b8606 #63 [ 26.563816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 26.572357] RIP: 0010:__mark_chain_precision+0x24b/0x4d0 [ 26.576572] Code: 51 01 be 20 00 00 00 4c 89 ef 48 63 d2 e8 bd df 31 00 89 c1 83 f8 1f 7f 29 48 63 d1 48 89 d0 48 c1 e0 04 48 29 d0 48 8d 04 c3 <83> 38 01 75 c3 0f b6 74 24 06 80 78 74 00 c6 40 74 01 44 0f 44 f6 [ 26.589100] RSP: 0018:ffa0000000ff7b60 EFLAGS: 00010216 [ 26.592612] RAX: 0000000000000168 RBX: 0000000000000000 RCX: 0000000000000003 [ 26.597416] RDX: 0000000000000003 RSI: 0000000000000020 RDI: ffa0000000ff7b78 [ 26.601362] RBP: 0000000000000003 R08: ffa0000000ff7b70 R09: 0000000000000004 [ 26.604261] R10: 0000000000000007 R11: ffa0000000425000 R12: ff11000102ee2000 [ 26.607202] R13: ffa0000000ff7b78 R14: 0000000000000000 R15: ff1100010ee37140 [ 26.610327] FS: 00000000007a0630(0000) GS:ff1100081c400000(0000) knlGS:0000000000000000 [ 26.613678] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.616105] CR2: 0000000000000168 CR3: 0000000115e72002 CR4: 0000000000371ee0 [ 26.619059] Call Trace: [ 26.620118] adjust_reg_min_max_vals+0x133/0x340 [ 26.622048] ? krealloc+0x63/0xe0 [ 26.623435] do_check+0x38c/0xa80 [ 26.624859] do_check_common+0x15b/0x280 [ 26.626496] bpf_check+0xbe1/0xd30 [ 26.627939] ? srso_alias_return_thunk+0x5/0x7f [ 26.629796] ? trace_hardirqs_on+0x1a/0xd0 [ 26.631503] ? srso_alias_return_thunk+0x5/0x7f [ 26.633402] bpf_prog_load+0x422/0x8a0 [ 26.634987] ? srso_alias_return_thunk+0x5/0x7f [ 26.636864] ? __handle_mm_fault+0x3cb/0x6d0 [ 26.638658] ? srso_alias_return_thunk+0x5/0x7f [ 26.640543] ? lock_release+0xe3/0x110 [ 26.642114] __do_sys_bpf+0x485/0xdf0 [ 26.643624] do_syscall_64+0x33/0x40 [ 26.645110] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 26.647190] RIP: 0033:0x409a6e [ 26.648470] Code: 24 28 44 8b 44 24 2c e9 70 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48 [ 26.656154] RSP: 002b:000000c00199edc0 EFLAGS: 00000212 ORIG_RAX: 0000000000000141 [ 26.659451] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000409a6e [ 26.662375] RDX: 0000000000000098 RSI: 000000c00199f290 RDI: 0000000000000005 [ 26.665267] RBP: 000000c00199ee00 R08: 0000000000000000 R09: 0000000000000000 [ 26.668204] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 26.671125] R13: 0000000000000080 R14: 000000c000002380 R15: 8080808080808080 [ 26.674085] Modules linked in: [ 26.675363] CR2: 0000000000000168 [ 26.676772] ---[ end trace 3fc192ee4dabbf12 ]--- [ 26.678667] RIP: 0010:__mark_chain_precision+0x24b/0x4d0 [ 26.680926] Code: 51 01 be 20 00 00 00 4c 89 ef 48 63 d2 e8 bd df 31 00 89 c1 83 f8 1f 7f 29 48 63 d1 48 89 d0 48 c1 e0 04 48 29 d0 48 8d 04 c3 <83> 38 01 75 c3 0f b6 74 24 06 80 78 74 00 c6 40 74 01 44 0f 44 f6 [ 26.688665] RSP: 0018:ffa0000000ff7b60 EFLAGS: 00010216 [ 26.690828] RAX: 0000000000000168 RBX: 0000000000000000 RCX: 0000000000000003 [ 26.693777] RDX: 0000000000000003 RSI: 0000000000000020 RDI: ffa0000000ff7b78 [ 26.696680] RBP: 0000000000000003 R08: ffa0000000ff7b70 R09: 0000000000000004 [ 26.699651] R10: 0000000000000007 R11: ffa0000000425000 R12: ff11000102ee2000 [ 26.702561] R13: ffa0000000ff7b78 R14: 0000000000000000 R15: ff1100010ee37140 [ 26.705522] FS: 00000000007a0630(0000) GS:ff1100081c400000(0000) knlGS:0000000000000000 [ 26.708806] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.711179] CR2: 0000000000000168 CR3: 0000000115e72002 CR4: 0000000000371ee0 [ 26.714143] Kernel panic - not syncing: Fatal exception [ 26.716893] Kernel Offset: disabled [ 26.718911] Rebooting in 5 seconds.. I did a bisect in linux-5.10.y branch and found the fbc is commit 2474ec58b96d("bpf: allow precision tracking for programs with subprogs"). I noticed there is a commit in Linus master branch that has a fix tag for this bisected commit: commit 81335f90e8a8("bpf: unconditionally reset backtrack_state masks on global func exit"), I tried to apply it in this 5.10.y branch but since the bases are quite different, clean apply is not possible, I end up with the following diff: diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 40ac67a04ab75..71da33fb96552 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2118,11 +2118,9 @@ static int __mark_chain_precision(struct bpf_verifier_env *env, int frame, int r bitmap_from_u64(mask, reg_mask); for_each_set_bit(i, mask, 32) { reg = &st->frame[0]->regs[i]; - if (reg->type != SCALAR_VALUE) { - reg_mask &= ~(1u << i); - continue; - } - reg->precise = true; + reg_mask &= ~(1u << i); + if (reg->type == SCALAR_VALUE) + reg->precise = true; } return 0; } But it didn't make any difference. Here are the reproduce steps: 1 clone this repo https://github.com/bytedance/vArmor-ebpf and switch to panic-analysis branch; 2 make build A binary named main should be built. I used golang compiler downloaded here: https://go.dev/dl/go1.24.3.linux-amd64.tar.gz but other golang compiler may also work. Run main as root and it will panic the host(kernel needs CONFIG_BPF_LSM). Full dmesg and config are attached, feel free to let me know if you need any additional info, thanks. P.S. linux-5.15.y has the same situation.

1 day, 21 hours

1
1
0 0

[PATCH] wifi: mt76: mt7925: fix incorrect scan probe IE handling for hw_scan

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> The IEs should be processed and filled into the command tlv separately according to each band. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- .../net/wireless/mediatek/mt76/mt7925/main.c | 2 +- .../net/wireless/mediatek/mt76/mt7925/mcu.c | 75 +++++++++++++++---- .../net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +- 3 files changed, 63 insertions(+), 19 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c index 555ef302ae97..506387b4ce13 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -1540,7 +1540,7 @@ mt7925_start_sched_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif, mt792x_mutex_acquire(dev); - err = mt7925_mcu_sched_scan_req(mphy, vif, req); + err = mt7925_mcu_sched_scan_req(mphy, vif, req, ies); if (err < 0) goto out; diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index ef1d42af96f7..9993d47e643c 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -192,6 +192,7 @@ mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif, bool suspend, struct cfg80211_wowlan *wowlan) { struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv; + struct ieee80211_scan_ies ies = {}; struct mt76_dev *dev = phy->dev; struct { struct { @@ -227,7 +228,7 @@ mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif, req.wow_ctrl_tlv.trigger |= (UNI_WOW_DETECT_TYPE_DISCONNECT | UNI_WOW_DETECT_TYPE_BCN_LOST); if (wowlan->nd_config) { - mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config); + mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config, &ies); req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_SCH_SCAN_HIT; mt7925_mcu_sched_scan_enable(phy, vif, suspend); } @@ -3085,6 +3086,54 @@ int mt7925_mcu_set_dbdc(struct mt76_phy *phy, bool enable) return err; } +static void +mt7925_mcu_build_scan_ie_tlv(struct mt76_dev *mdev, + struct sk_buff *skb, + struct ieee80211_scan_ies *scan_ies) +{ + u32 max_len = sizeof(struct scan_ie_tlv) + MT76_CONNAC_SCAN_IE_LEN; + struct scan_ie_tlv *ie; + enum nl80211_band i; + struct tlv *tlv; + const u8 *ies; + u16 ies_len; + + for (i = 0; i <= NL80211_BAND_6GHZ; i++) { + if (i == NL80211_BAND_60GHZ) + continue; + + ies = scan_ies->ies[i]; + ies_len = scan_ies->len[i]; + + if (!ies || !ies_len) + continue; + + if (ies_len > max_len) + return; + + tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, + sizeof(*ie) + ies_len); + ie = (struct scan_ie_tlv *)tlv; + + memcpy(ie->ies, ies, ies_len); + ie->ies_len = cpu_to_le16(ies_len); + + switch (i) { + case NL80211_BAND_2GHZ: + ie->band = 1; + break; + case NL80211_BAND_6GHZ: + ie->band = 3; + break; + default: + ie->band = 2; + break; + } + + max_len -= (sizeof(*ie) + ies_len); + } +} + int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, struct ieee80211_scan_request *scan_req) { @@ -3110,7 +3159,8 @@ int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) + sizeof(*bssid) * MT7925_RNR_SCAN_MAX_BSSIDS + - sizeof(*chan_info) + sizeof(*misc) + sizeof(*ie); + sizeof(*chan_info) + sizeof(*misc) + sizeof(*ie) + + MT76_CONNAC_SCAN_IE_LEN; skb = mt76_mcu_msg_alloc(mdev, NULL, max_len); if (!skb) @@ -3192,13 +3242,6 @@ int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, } chan_info->channel_type = sreq->n_channels ? 4 : 0; - tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie)); - ie = (struct scan_ie_tlv *)tlv; - if (sreq->ie_len > 0) { - memcpy(ie->ies, sreq->ie, sreq->ie_len); - ie->ies_len = cpu_to_le16(sreq->ie_len); - } - req->scan_func |= SCAN_FUNC_SPLIT_SCAN; tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_MISC, sizeof(*misc)); @@ -3209,6 +3252,9 @@ int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, req->scan_func |= SCAN_FUNC_RANDOM_MAC; } + /* Append scan probe IEs as the last tlv */ + mt7925_mcu_build_scan_ie_tlv(mdev, skb, &scan_req->ies); + err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ), true); if (err < 0) @@ -3220,7 +3266,8 @@ EXPORT_SYMBOL_GPL(mt7925_mcu_hw_scan); int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, struct ieee80211_vif *vif, - struct cfg80211_sched_scan_request *sreq) + struct cfg80211_sched_scan_request *sreq, + struct ieee80211_scan_ies *ies) { struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv; struct ieee80211_channel **scan_list = sreq->channels; @@ -3308,12 +3355,8 @@ int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, } chan_info->channel_type = sreq->n_channels ? 4 : 0; - tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie)); - ie = (struct scan_ie_tlv *)tlv; - if (sreq->ie_len > 0) { - memcpy(ie->ies, sreq->ie, sreq->ie_len); - ie->ies_len = cpu_to_le16(sreq->ie_len); - } + /* Append scan probe IEs as the last tlv */ + mt7925_mcu_build_scan_ie_tlv(mdev, skb, ies); return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ), true); diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h index 3dddadb7457b..c34b28769782 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h @@ -269,7 +269,7 @@ struct scan_ie_tlv { __le16 ies_len; u8 band; u8 pad; - u8 ies[MT76_CONNAC_SCAN_IE_LEN]; + u8 ies[]; }; struct scan_misc_tlv { @@ -674,7 +674,8 @@ int mt7925_mcu_cancel_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif); int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, struct ieee80211_vif *vif, - struct cfg80211_sched_scan_request *sreq); + struct cfg80211_sched_scan_request *sreq, + struct ieee80211_scan_ies *ies); int mt7925_mcu_sched_scan_enable(struct mt76_phy *phy, struct ieee80211_vif *vif, bool enable); -- 2.34.1

1 day, 21 hours

1
0
0 0

[PATCH v2 0/5] drm/xe: enable driver usage on non-4KiB kernels

by Mingcong Bai via B4 Relay

This patch series attempts to enable the use of xe DRM driver on non-4KiB kernel page platforms. This involves fixing the ttm/bo interface, as well as parts of the userspace API to make use of kernel `PAGE_SIZE' for alignment instead of the assumed `SZ_4K', it also fixes incorrect usage of `PAGE_SIZE' in the GuC and ring buffer interface code to make sure all instructions/commands were aligned to 4KiB barriers (per the Programmer's Manual for the GPUs covered by this DRM driver). This issue was first discovered and reported by members of the LoongArch user communities, whose hardware commonly ran on 16KiB-page kernels. The patch series began on an unassuming branch of a downstream kernel tree maintained by Shang Yatsen.[^1] It worked well but remained sparsely documented, a lot of the work done here relied on Shang Yatsen's original patch. AOSC OS then picked it up[^2] to provide Intel Xe/Arc support for users of its LoongArch port, for which I worked extensively on. After months of positive user feedback and from encouragement from Kexy Biscuit, my colleague at the community, I decided to examine its potential for upstreaming, cross-reference kernel and Intel documentation to better document and revise this patch. Now that this series has been tested good (for boot up, OpenGL, and playback of a standardised set of video samples[^3] on the following platforms (motherboard + GPU model): - x86-64, 4KiB kernel page: - MS-7D42 + Intel Arc A580 - COLORFIRE B760M-MEOW WIFI D5 + Intel Arc B580 - LoongArch, 16KiB kernel page: - XA61200 + GUNNIR DG1 Blue Halberd (Intel DG1) - XA61200 + GUNNIR Iris Xe Index 4 (Intel DG1) - XA61200 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XA61200 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - XA61200 + ASRock Arc A380 Challenger ITX OC (Intel Arc A380) - XA61200 + Intel Arc A580 - XA61200 + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) - XA61200 + Intel Arc B580 - XB612B0 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XB612B0 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ASUS XC-LS3A6M + GUNNIR Intel Arc B580 INDEX 12G (Intel Arc B580) On these platforms, basic functionalities tested good but the driver was unstable with occasional resets (I do suspect however, that this platform suffers from PCIe coherence issues, as instability only occurs under heavy VRAM I/O load): - AArch64, 4KiB/64KiB kernel pages: - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) I think that this patch series is now ready for your comment and review. Please forgive me if I made any simple mistake or used wrong terminologies, but I have never worked on a patch for the DRM subsystem and my experience is still quite thin. But anyway, just letting you all know that Intel Xe/Arc works on non-4KiB kernel page platforms (and honestly, it's great to use, especially for games and media playback)! [^1]: https://github.com/FanFansfan/loongson-linux/tree/loongarch-xe [^2]: We maintained Shang Yatsen's patch until our v6.13.3 tree, until we decided to test and send this series upstream, https://github.com/AOSC-Tracking/linux/tree/aosc/v6.13.3 [^3]: Delicious hot pot! https://repo.aosc.io/ahvl/sample-videos-20250223.tar.zst --- Matthew(s), Lucas, and Francois: Thanks again for your patience and review. I recently had a job change and it put me off this series for months, but I'm back (and should be a lot more responsive now) - sorry! Let's get this ball rolling again. I was unfortunately unable to revise 1/5 from v1 as you requested, neither of your suggestions to allow allocation of VRAM smaller than page size worked... So I kept that part as is. As for the your comment in 5/5, I'm not sure about what the right approach to implement a SZ_64K >= PAGE_SIZE assert was, as there are many other instances of similar ternary conditional operators in the xe code. Correct me if I'm wrong but I felt that it might be better handled in a separate patch series? --- Changes in v2: - Define `GUC_ALIGN' and use them in GuC code to improve clarity. - Update documentation on `DRM_XE_QUERY_CONFIG_MIN_ALIGNMENT'. - Rebase, and other minor changes. - Link to v1: https://lore.kernel.org/all/20250226-xe-non-4k-fix-v1-0-80f23b5ee40e@aosc.i… To: Lucas De Marchi <lucas.demarchi(a)intel.com> To: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> To: Rodrigo Vivi <rodrigo.vivi(a)intel.com> To: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> To: Maxime Ripard <mripard(a)kernel.org> To: Thomas Zimmermann <tzimmermann(a)suse.de> To: David Airlie <airlied(a)gmail.com> To: Simona Vetter <simona(a)ffwll.ch> To: José Roberto de Souza <jose.souza(a)intel.com> To: Francois Dugast <francois.dugast(a)intel.com> To: Matthew Brost <matthew.brost(a)intel.com> To: Alan Previn <alan.previn.teres.alexis(a)intel.com> To: Zhanjun Dong <zhanjun.dong(a)intel.com> To: Matt Roper <matthew.d.roper(a)intel.com> To: Mateusz Naklicki <mateusz.naklicki(a)intel.com> Cc: Mauro Carvalho Chehab <mauro.chehab(a)linux.intel.com> Cc: Zbigniew Kempczyński <zbigniew.kempczynski(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Suggested-by: Kexy Biscuit <kexybiscuit(a)aosc.io> Co-developed-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- Mingcong Bai (5): drm/xe/bo: fix alignment with non-4KiB kernel page sizes drm/xe/guc: use GUC_SIZE (SZ_4K) for alignment drm/xe/regs: fix RING_CTL_SIZE(size) calculation drm/xe: use 4KiB alignment for cursor jumps drm/xe/query: use PAGE_SIZE as the minimum page alignment drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_bo.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc.c | 4 ++-- drivers/gpu/drm/xe/xe_guc.h | 3 +++ drivers/gpu/drm/xe/xe_guc_ads.c | 32 ++++++++++++++++---------------- drivers/gpu/drm/xe/xe_guc_capture.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc_ct.c | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 5 +++-- drivers/gpu/drm/xe/xe_guc_pc.c | 4 ++-- drivers/gpu/drm/xe/xe_migrate.c | 4 ++-- drivers/gpu/drm/xe/xe_query.c | 2 +- include/uapi/drm/xe_drm.h | 7 +++++-- 12 files changed, 44 insertions(+), 37 deletions(-) --- base-commit: 546b1c9e93c2bb8cf5ed24e0be1c86bb089b3253 change-id: 20250603-upstream-xe-non-4k-v2-4acf253c9bfd Best regards, -- Mingcong Bai <jeffbai(a)aosc.io>

1 day, 22 hours

2
6
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051202-nutrient-upswing-4a86@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

2 days, 1 hour

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051203-thrift-spool-ebc8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

2 days, 1 hour

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051204-tidal-lake-6ae7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

2 days, 1 hour

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051205-work-bronze-e167@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

2 days, 1 hour

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051206-t-shirt-wrist-ad33@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

2 days, 1 hour

2
1
0 0

[PATCH v2] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible

by Alexey Klimov

Add the SM6115 MDSS compatible to clients compatible list, as it also needs that workaround. Without this workaround, for example, QRB4210 RB2 which is based on SM4250/SM6115 generates a lot of smmu unhandled context faults during boot: arm_smmu_context_fault: 116854 callbacks suppressed arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420 arm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1] arm-smmu c600000.iommu: Unhandled context fault: fsr=0x402, iova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5 arm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420 and also failed initialisation of lontium lt9611uxc, gpu and dpu is observed: (binding MDSS components triggered by lt9611uxc have failed) ------------[ cut here ]------------ !aspace WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm] Modules linked in: ... (long list of modules) CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : msm_gem_vma_init+0x150/0x18c [msm] lr : msm_gem_vma_init+0x150/0x18c [msm] sp : ffff80008144b280 ... Call trace: msm_gem_vma_init+0x150/0x18c [msm] (P) get_vma_locked+0xc0/0x194 [msm] msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm] msm_gem_kernel_new+0x48/0x160 [msm] msm_gpu_init+0x34c/0x53c [msm] adreno_gpu_init+0x1b0/0x2d8 [msm] a6xx_gpu_init+0x1e8/0x9e0 [msm] adreno_bind+0x2b8/0x348 [msm] component_bind_all+0x100/0x230 msm_drm_bind+0x13c/0x3d0 [msm] try_to_bring_up_aggregate_device+0x164/0x1d0 __component_add+0xa4/0x174 component_add+0x14/0x20 dsi_dev_attach+0x20/0x34 [msm] dsi_host_attach+0x58/0x98 [msm] devm_mipi_dsi_attach+0x34/0x90 lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc] lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc] i2c_device_probe+0x148/0x2a8 really_probe+0xbc/0x2c0 __driver_probe_device+0x78/0x120 driver_probe_device+0x3c/0x154 __driver_attach+0x90/0x1a0 bus_for_each_dev+0x68/0xb8 driver_attach+0x24/0x30 bus_add_driver+0xe4/0x208 driver_register+0x68/0x124 i2c_register_driver+0x48/0xcc lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc] do_one_initcall+0x60/0x1d4 do_init_module+0x54/0x1fc load_module+0x1748/0x1c8c init_module_from_file+0x74/0xa0 __arm64_sys_finit_module+0x130/0x2f8 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x2c/0x80 el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]--- msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22 msm_dpu 5e01000.display-controller: failed to load adreno gpu platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19 msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22 msm_dpu 5e01000.display-controller: adev bind failed: -22 lt9611uxc 0-002b: failed to attach dsi to host lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22 Suggested-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Fixes: 3581b7062cec ("drm/msm/disp/dpu1: add support for display on SM6115") Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexey Klimov <alexey.klimov(a)linaro.org> --- v2: - added tags as suggested by Dmitry; - slightly updated text in the commit message. Previous version: https://lore.kernel.org/linux-arm-msm/20250528003118.214093-1-alexey.klimov… drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c index 62874b18f645..c75023718595 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c @@ -379,6 +379,7 @@ static const struct of_device_id qcom_smmu_client_of_match[] __maybe_unused = { { .compatible = "qcom,sdm670-mdss" }, { .compatible = "qcom,sdm845-mdss" }, { .compatible = "qcom,sdm845-mss-pil" }, + { .compatible = "qcom,sm6115-mdss" }, { .compatible = "qcom,sm6350-mdss" }, { .compatible = "qcom,sm6375-mdss" }, { .compatible = "qcom,sm8150-mdss" }, -- 2.47.2

2 days, 4 hours

2
1
0 0

[PATCH] HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting

by Qasim Ijaz

During appletb_kbd_probe, probe attempts to get the backlight device by name. When this happens backlight_device_get_by_name looks for a device in the backlight class which has name "appletb_backlight" and upon finding a match it increments the reference count for the device and returns it to the caller. However this reference is never released leading to a reference leak. Fix this by decrementing the backlight device reference count on removal via put_device and on probe failure. Fixes: 93a0fc489481 ("HID: hid-appletb-kbd: add support for automatic brightness control while using the touchbar") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/hid/hid-appletb-kbd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/hid/hid-appletb-kbd.c b/drivers/hid/hid-appletb-kbd.c index ef51b2c06872..e06567886e50 100644 --- a/drivers/hid/hid-appletb-kbd.c +++ b/drivers/hid/hid-appletb-kbd.c @@ -438,6 +438,8 @@ static int appletb_kbd_probe(struct hid_device *hdev, const struct hid_device_id return 0; close_hw: + if (kbd->backlight_dev) + put_device(&kbd->backlight_dev->dev); hid_hw_close(hdev); stop_hw: hid_hw_stop(hdev); @@ -453,6 +455,9 @@ static void appletb_kbd_remove(struct hid_device *hdev) input_unregister_handler(&kbd->inp_handler); timer_delete_sync(&kbd->inactivity_timer); + if (kbd->backlight_dev) + put_device(&kbd->backlight_dev->dev); + hid_hw_close(hdev); hid_hw_stop(hdev); } -- 2.39.5

2 days, 5 hours

1
0
0 0

+ bcache-remove-unnecessary-select-min_heap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bcache: remove unnecessary select MIN_HEAP has been added to the -mm mm-hotfixes-unstable branch. Its filename is bcache-remove-unnecessary-select-min_heap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: bcache: remove unnecessary select MIN_HEAP Date: Sun, 15 Jun 2025 04:23:53 +0800 After reverting the transition to the generic min heap library, bcache no longer depends on MIN_HEAP. The select entry can be removed to reduce code size and shrink the kernel's attack surface. This change effectively reverts the bcache-related part of commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"). This is part of a series of changes to address a performance regression caused by the use of the generic min_heap implementation. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-4-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/Kconfig | 1 - 1 file changed, 1 deletion(-) --- a/drivers/md/bcache/Kconfig~bcache-remove-unnecessary-select-min_heap +++ a/drivers/md/bcache/Kconfig @@ -5,7 +5,6 @@ config BCACHE select BLOCK_HOLDER_DEPRECATED if SYSFS select CRC64 select CLOSURES - select MIN_HEAP help Allows a block device to be used as cache for other devices; uses a btree for indexing and the layout is optimized for SSDs. _ Patches currently in -mm which might be from visitorckw(a)gmail.com are revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch bcache-remove-unnecessary-select-min_heap.patch lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

2 days, 5 hours

1
0
0 0

+ revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" Date: Sun, 15 Jun 2025 04:23:52 +0800 This reverts commit 866898efbb25bb44fd42848318e46db9e785973a. The generic bottom-up min_heap implementation causes performance regression in invalidate_buckets_lru(), a hot path in bcache. Before the cache is fully populated, new_bucket_prio() often returns zero, leading to many equal comparisons. In such cases, bottom-up sift_down performs up to 2 * log2(n) comparisons, while the original top-down approach completes with just O() comparisons, resulting in a measurable performance gap. The performance degradation is further worsened by the non-inlined min_heap API functions introduced in commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), adding function call overhead to this critical path. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert aims to restore bcache's original low-latency behavior. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-3-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 64 ++++------------ drivers/md/bcache/bcache.h | 2 drivers/md/bcache/bset.c | 124 +++++++++++--------------------- drivers/md/bcache/bset.h | 42 ++++++---- drivers/md/bcache/btree.c | 69 +++++++---------- drivers/md/bcache/extents.c | 51 ++++--------- drivers/md/bcache/movinggc.c | 41 ++-------- drivers/md/bcache/super.c | 3 drivers/md/bcache/sysfs.c | 4 - drivers/md/bcache/util.h | 67 ++++++++++++++++- drivers/md/bcache/writeback.c | 13 +-- 11 files changed, 217 insertions(+), 263 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/alloc.c @@ -164,68 +164,40 @@ static void bch_invalidate_one_bucket(st * prio is worth 1/8th of what INITIAL_PRIO is worth. */ -static inline unsigned int new_bucket_prio(struct cache *ca, struct bucket *b) -{ - unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; - - return (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); -} - -static inline bool new_bucket_max_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) > new_bucket_prio(ca, *rhs); -} - -static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); -} - -static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **lhs = l, **rhs = r; +#define bucket_prio(b) \ +({ \ + unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; \ + \ + (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); \ +}) - swap(*lhs, *rhs); -} +#define bucket_max_cmp(l, r) (bucket_prio(l) < bucket_prio(r)) +#define bucket_min_cmp(l, r) (bucket_prio(l) > bucket_prio(r)) static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; - const struct min_heap_callbacks bucket_max_cmp_callback = { - .less = new_bucket_max_cmp, - .swp = new_bucket_swap, - }; - const struct min_heap_callbacks bucket_min_cmp_callback = { - .less = new_bucket_min_cmp, - .swp = new_bucket_swap, - }; + ssize_t i; - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (!bch_can_invalidate_bucket(ca, b)) continue; - if (!min_heap_full(&ca->heap)) - min_heap_push(&ca->heap, &b, &bucket_max_cmp_callback, ca); - else if (!new_bucket_max_cmp(&b, min_heap_peek(&ca->heap), ca)) { + if (!heap_full(&ca->heap)) + heap_add(&ca->heap, b, bucket_max_cmp); + else if (bucket_max_cmp(b, heap_peek(&ca->heap))) { ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &bucket_max_cmp_callback, ca); + heap_sift(&ca->heap, 0, bucket_max_cmp); } } - min_heapify_all(&ca->heap, &bucket_min_cmp_callback, ca); + for (i = ca->heap.used / 2 - 1; i >= 0; --i) + heap_sift(&ca->heap, i, bucket_min_cmp); while (!fifo_full(&ca->free_inc)) { - if (!ca->heap.nr) { + if (!heap_pop(&ca->heap, b, bucket_min_cmp)) { /* * We don't want to be calling invalidate_buckets() * multiple times when it can't do anything @@ -234,8 +206,6 @@ static void invalidate_buckets_lru(struc wake_up_gc(ca->set); return; } - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &bucket_min_cmp_callback, ca); bch_invalidate_one_bucket(ca, b); } --- a/drivers/md/bcache/bcache.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bcache.h @@ -458,7 +458,7 @@ struct cache { /* Allocation stuff: */ struct bucket *buckets; - DEFINE_MIN_HEAP(struct bucket *, cache_heap) heap; + DECLARE_HEAP(struct bucket *, heap); /* * If nonzero, we know we aren't going to find any buckets to invalidate --- a/drivers/md/bcache/bset.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.c @@ -54,11 +54,9 @@ void bch_dump_bucket(struct btree_keys * int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - if (b->ops->is_extents) for_each_key(b, k, &iter) ret += KEY_SIZE(k); @@ -69,11 +67,9 @@ void __bch_check_keys(struct btree_keys { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key(b, k, &iter) { if (b->ops->is_extents) { err = "Keys out of order"; @@ -114,9 +110,9 @@ bug: static void bch_btree_iter_next_check(struct btree_iter *iter) { - struct bkey *k = iter->heap.data->k, *next = bkey_next(k); + struct bkey *k = iter->data->k, *next = bkey_next(k); - if (next < iter->heap.data->end && + if (next < iter->data->end && bkey_cmp(k, iter->b->ops->is_extents ? &START_KEY(next) : next) > 0) { bch_dump_bucket(iter->b); @@ -883,14 +879,12 @@ unsigned int bch_btree_insert_key(struct unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* * If k has preceding key, preceding_key_p will be set to address * of k's preceding key; otherwise preceding_key_p will be set @@ -901,9 +895,9 @@ unsigned int bch_btree_insert_key(struct else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1083,102 +1077,79 @@ struct bkey *__bch_bset_search(struct bt /* Btree iterator */ -typedef bool (new_btree_iter_cmp_fn)(const void *, const void *, void *); - -static inline bool new_btree_iter_cmp(const void *l, const void *r, void __always_unused *args) -{ - const struct btree_iter_set *_l = l; - const struct btree_iter_set *_r = r; - - return bkey_cmp(_l->k, _r->k) <= 0; -} +typedef bool (btree_iter_cmp_fn)(struct btree_iter_set, + struct btree_iter_set); -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static inline bool btree_iter_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; - - swap(*_iter1, *_iter2); + return bkey_cmp(l.k, r.k) > 0; } static inline bool btree_iter_end(struct btree_iter *iter) { - return !iter->heap.nr; + return !iter->used; } void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end) { - const struct min_heap_callbacks callbacks = { - .less = new_btree_iter_cmp, - .swp = new_btree_iter_swap, - }; - if (k != end) - BUG_ON(!min_heap_push(&iter->heap, - &((struct btree_iter_set) { k, end }), - &callbacks, - NULL)); + BUG_ON(!heap_add(iter, + ((struct btree_iter_set) { k, end }), + btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->heap.size = ARRAY_SIZE(iter->heap.preallocated); - iter->heap.nr = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, - new_btree_iter_cmp_fn *cmp) + btree_iter_cmp_fn *cmp) { struct btree_iter_set b __maybe_unused; struct bkey *ret = NULL; - const struct min_heap_callbacks callbacks = { - .less = cmp, - .swp = new_btree_iter_swap, - }; if (!btree_iter_end(iter)) { bch_btree_iter_next_check(iter); - ret = iter->heap.data->k; - iter->heap.data->k = bkey_next(iter->heap.data->k); + ret = iter->data->k; + iter->data->k = bkey_next(iter->data->k); - if (iter->heap.data->k > iter->heap.data->end) { + if (iter->data->k > iter->data->end) { WARN_ONCE(1, "bset was corrupt!\n"); - iter->heap.data->k = iter->heap.data->end; + iter->data->k = iter->data->end; } - if (iter->heap.data->k == iter->heap.data->end) { - if (iter->heap.nr) { - b = min_heap_peek(&iter->heap)[0]; - min_heap_pop(&iter->heap, &callbacks, NULL); - } - } + if (iter->data->k == iter->data->end) + heap_pop(iter, b, cmp); else - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, cmp); } return ret; @@ -1186,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *bch_btree_iter_next(struct btree_iter *iter) { - return __bch_btree_iter_next(iter, new_btree_iter_cmp); + return __bch_btree_iter_next(iter, btree_iter_cmp); } @@ -1224,18 +1195,16 @@ static void btree_mergesort(struct btree struct btree_iter *iter, bool fixup, bool remove_stale) { + int i; struct bkey *k, *last = NULL; BKEY_PADDED(k) tmp; bool (*bad)(struct btree_keys *, const struct bkey *) = remove_stale ? bch_ptr_bad : bch_ptr_invalid; - const struct min_heap_callbacks callbacks = { - .less = b->ops->sort_cmp, - .swp = new_btree_iter_swap, - }; /* Heapify the iterator, using our comparison function */ - min_heapify_all(&iter->heap, &callbacks, NULL); + for (i = iter->used / 2 - 1; i >= 0; --i) + heap_sift(iter, i, b->ops->sort_cmp); while (!btree_iter_end(iter)) { if (b->ops->sort_fixup && fixup) @@ -1324,11 +1293,10 @@ void bch_btree_sort_partial(struct btree struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1339,7 +1307,7 @@ void bch_btree_sort_partial(struct btree order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1355,13 +1323,11 @@ void bch_btree_sort_into(struct btree_ke struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); --- a/drivers/md/bcache/bset.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.h @@ -187,9 +187,8 @@ struct bset_tree { }; struct btree_keys_ops { - bool (*sort_cmp)(const void *l, - const void *r, - void *args); + bool (*sort_cmp)(struct btree_iter_set l, + struct btree_iter_set r); struct bkey *(*sort_fixup)(struct btree_iter *iter, struct bkey *tmp); bool (*insert_fixup)(struct btree_keys *b, @@ -313,17 +312,23 @@ enum { BTREE_INSERT_STATUS_FRONT_MERGE, }; -struct btree_iter_set { - struct bkey *k, *end; -}; - /* Btree key iteration */ struct btree_iter { + size_t size, used; #ifdef CONFIG_BCACHE_DEBUG struct btree_keys *b; #endif - MIN_HEAP_PREALLOCATED(struct btree_iter_set, btree_iter_heap, MAX_BSETS) heap; + struct btree_iter_set { + struct bkey *k, *end; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -335,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter( void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -352,13 +357,14 @@ static inline struct bkey *bch_bset_sear return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) - -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) + +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ --- a/drivers/md/bcache/btree.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/btree.c @@ -148,19 +148,19 @@ void bch_btree_node_read_done(struct btr { const char *err = "bad btree header"; struct bset *i = btree_bset_first(b); - struct btree_iter iter; + struct btree_iter *iter; /* * c->fill_iter can allocate an iterator with more memory space * than static MAX_BSETS. * See the comment arount cache_set->fill_iter. */ - iter.heap.data = mempool_alloc(&b->c->fill_iter, GFP_NOIO); - iter.heap.size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; - iter.heap.nr = 0; + iter = mempool_alloc(&b->c->fill_iter, GFP_NOIO); + iter->size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; + iter->used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter.b = &b->keys; + iter->b = &b->keys; #endif if (!i->seq) @@ -198,7 +198,7 @@ void bch_btree_node_read_done(struct btr if (i != b->keys.set[0].data && !i->keys) goto err; - bch_btree_iter_push(&iter, i->start, bset_bkey_last(i)); + bch_btree_iter_push(iter, i->start, bset_bkey_last(i)); b->written += set_blocks(i, block_bytes(b->c->cache)); } @@ -210,7 +210,7 @@ void bch_btree_node_read_done(struct btr if (i->seq == b->keys.set[0].data->seq) goto err; - bch_btree_sort_and_fix_extents(&b->keys, &iter, &b->c->sort); + bch_btree_sort_and_fix_extents(&b->keys, iter, &b->c->sort); i = b->keys.set[0].data; err = "short btree key"; @@ -222,7 +222,7 @@ void bch_btree_node_read_done(struct btr bch_bset_init_next(&b->keys, write_block(b), bset_magic(&b->c->cache->sb)); out: - mempool_free(iter.heap.data, &b->c->fill_iter); + mempool_free(iter, &b->c->fill_iter); return; err: set_btree_node_io_error(b); @@ -1306,11 +1306,9 @@ static bool btree_gc_mark_node(struct bt uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - gc->nodes++; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) { @@ -1569,11 +1567,9 @@ static int btree_gc_rewrite_node(struct static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) ret += bkey_u64s(k); @@ -1612,18 +1608,18 @@ static int btree_gc_recurse(struct btree int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1918,9 +1914,7 @@ static int bch_btree_check_recurse(struc { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1928,10 +1922,10 @@ static int bch_btree_check_recurse(struc bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1959,7 +1953,7 @@ static int bch_btree_check_thread(void * struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1967,11 +1961,9 @@ static int bch_btree_check_thread(void * cur_idx = prev_idx = 0; ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1989,7 +1981,7 @@ static int bch_btree_check_thread(void * skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2062,11 +2054,9 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* check and mark root node keys */ for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(c, c->root->level, k); @@ -2560,12 +2550,11 @@ static int bch_btree_map_nodes_recurse(s if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2594,12 +2583,12 @@ int bch_btree_map_keys_recurse(struct bt { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, --- a/drivers/md/bcache/extents.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/extents.c @@ -33,16 +33,15 @@ static void sort_key_next(struct btree_i i->k = bkey_next(i->k); if (i->k == i->end) - *i = iter->heap.data[--iter->heap.nr]; + *i = iter->data[--iter->used]; } -static bool new_bch_key_sort_cmp(const void *l, const void *r, void *args) +static bool bch_key_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(_l->k, _r->k); + int64_t c = bkey_cmp(l.k, r.k); - return !(c ? c > 0 : _l->k < _r->k); + return c ? c > 0 : l.k < r.k; } static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) @@ -239,7 +238,7 @@ static bool bch_btree_ptr_insert_fixup(s } const struct btree_keys_ops bch_btree_keys_ops = { - .sort_cmp = new_bch_key_sort_cmp, + .sort_cmp = bch_key_sort_cmp, .insert_fixup = bch_btree_ptr_insert_fixup, .key_invalid = bch_btree_ptr_invalid, .key_bad = bch_btree_ptr_bad, @@ -256,36 +255,22 @@ const struct btree_keys_ops bch_btree_ke * Necessary for btree_sort_fixup() - if there are multiple keys that compare * equal in different sets, we have to process them newest to oldest. */ - -static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_unused *args) -{ - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(&START_KEY(_l->k), &START_KEY(_r->k)); - - return !(c ? c > 0 : _l->k < _r->k); -} - -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static bool bch_extent_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; + int64_t c = bkey_cmp(&START_KEY(l.k), &START_KEY(r.k)); - swap(*_iter1, *_iter2); + return c ? c > 0 : l.k < r.k; } static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { - const struct min_heap_callbacks callbacks = { - .less = new_bch_extent_sort_cmp, - .swp = new_btree_iter_swap, - }; - while (iter->heap.nr > 1) { - struct btree_iter_set *top = iter->heap.data, *i = top + 1; + while (iter->used > 1) { + struct btree_iter_set *top = iter->data, *i = top + 1; - if (iter->heap.nr > 2 && - !new_bch_extent_sort_cmp(&i[0], &i[1], NULL)) + if (iter->used > 2 && + bch_extent_sort_cmp(i[0], i[1])) i++; if (bkey_cmp(top->k, &START_KEY(i->k)) <= 0) @@ -293,7 +278,7 @@ static struct bkey *bch_extent_sort_fixu if (!KEY_SIZE(i->k)) { sort_key_next(iter, i); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); continue; } @@ -303,7 +288,7 @@ static struct bkey *bch_extent_sort_fixu else bch_cut_front(top->k, i->k); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); } else { /* can't happen because of comparison func */ BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k))); @@ -313,7 +298,7 @@ static struct bkey *bch_extent_sort_fixu bch_cut_back(&START_KEY(i->k), tmp); bch_cut_front(i->k, top->k); - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, bch_extent_sort_cmp); return tmp; } else { @@ -633,7 +618,7 @@ static bool bch_extent_merge(struct btre } const struct btree_keys_ops bch_extent_keys_ops = { - .sort_cmp = new_bch_extent_sort_cmp, + .sort_cmp = bch_extent_sort_cmp, .sort_fixup = bch_extent_sort_fixup, .insert_fixup = bch_extent_insert_fixup, .key_invalid = bch_extent_invalid, --- a/drivers/md/bcache/movinggc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/movinggc.c @@ -182,27 +182,16 @@ err: if (!IS_ERR_OR_NULL(w->private)) closure_sync(&cl); } -static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *args) +static bool bucket_cmp(struct bucket *l, struct bucket *r) { - struct bucket **_l = (struct bucket **)l; - struct bucket **_r = (struct bucket **)r; - - return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); -} - -static void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **_l = l; - struct bucket **_r = r; - - swap(*_l, *_r); + return GC_SECTORS_USED(l) < GC_SECTORS_USED(r); } static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; - return (b = min_heap_peek(&ca->heap)[0]) ? GC_SECTORS_USED(b) : 0; + return (b = heap_peek(&ca->heap)) ? GC_SECTORS_USED(b) : 0; } void bch_moving_gc(struct cache_set *c) @@ -210,10 +199,6 @@ void bch_moving_gc(struct cache_set *c) struct cache *ca = c->cache; struct bucket *b; unsigned long sectors_to_move, reserve_sectors; - const struct min_heap_callbacks callbacks = { - .less = new_bucket_cmp, - .swp = new_bucket_swap, - }; if (!c->copy_gc_enabled) return; @@ -224,7 +209,7 @@ void bch_moving_gc(struct cache_set *c) reserve_sectors = ca->sb.bucket_size * fifo_used(&ca->free[RESERVE_MOVINGGC]); - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (GC_MARK(b) == GC_MARK_METADATA || @@ -233,31 +218,25 @@ void bch_moving_gc(struct cache_set *c) atomic_read(&b->pin)) continue; - if (!min_heap_full(&ca->heap)) { + if (!heap_full(&ca->heap)) { sectors_to_move += GC_SECTORS_USED(b); - min_heap_push(&ca->heap, &b, &callbacks, NULL); - } else if (!new_bucket_cmp(&b, min_heap_peek(&ca->heap), ca)) { + heap_add(&ca->heap, b, bucket_cmp); + } else if (bucket_cmp(b, heap_peek(&ca->heap))) { sectors_to_move -= bucket_heap_top(ca); sectors_to_move += GC_SECTORS_USED(b); ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &callbacks, NULL); + heap_sift(&ca->heap, 0, bucket_cmp); } } while (sectors_to_move > reserve_sectors) { - if (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); - } + heap_pop(&ca->heap, b, bucket_cmp); sectors_to_move -= GC_SECTORS_USED(b); } - while (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); + while (heap_pop(&ca->heap, b, bucket_cmp)) SET_GC_MOVE(b, 1); - } mutex_unlock(&c->bucket_lock); --- a/drivers/md/bcache/super.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/super.c @@ -1912,7 +1912,8 @@ struct cache_set *bch_cache_set_alloc(st INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); --- a/drivers/md/bcache/sysfs.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/sysfs.c @@ -660,9 +660,7 @@ static unsigned int bch_root_usage(struc unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; goto lock_root; --- a/drivers/md/bcache/util.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/util.h @@ -9,7 +9,6 @@ #include <linux/kernel.h> #include <linux/sched/clock.h> #include <linux/llist.h> -#include <linux/min_heap.h> #include <linux/ratelimit.h> #include <linux/vmalloc.h> #include <linux/workqueue.h> @@ -31,10 +30,16 @@ struct closure; #endif +#define DECLARE_HEAP(type, name) \ + struct { \ + size_t size, used; \ + type *data; \ + } name + #define init_heap(heap, _size, gfp) \ ({ \ size_t _bytes; \ - (heap)->nr = 0; \ + (heap)->used = 0; \ (heap)->size = (_size); \ _bytes = (heap)->size * sizeof(*(heap)->data); \ (heap)->data = kvmalloc(_bytes, (gfp) & GFP_KERNEL); \ @@ -47,6 +52,64 @@ do { \ (heap)->data = NULL; \ } while (0) +#define heap_swap(h, i, j) swap((h)->data[i], (h)->data[j]) + +#define heap_sift(h, i, cmp) \ +do { \ + size_t _r, _j = i; \ + \ + for (; _j * 2 + 1 < (h)->used; _j = _r) { \ + _r = _j * 2 + 1; \ + if (_r + 1 < (h)->used && \ + cmp((h)->data[_r], (h)->data[_r + 1])) \ + _r++; \ + \ + if (cmp((h)->data[_r], (h)->data[_j])) \ + break; \ + heap_swap(h, _r, _j); \ + } \ +} while (0) + +#define heap_sift_down(h, i, cmp) \ +do { \ + while (i) { \ + size_t p = (i - 1) / 2; \ + if (cmp((h)->data[i], (h)->data[p])) \ + break; \ + heap_swap(h, i, p); \ + i = p; \ + } \ +} while (0) + +#define heap_add(h, d, cmp) \ +({ \ + bool _r = !heap_full(h); \ + if (_r) { \ + size_t _i = (h)->used++; \ + (h)->data[_i] = d; \ + \ + heap_sift_down(h, _i, cmp); \ + heap_sift(h, _i, cmp); \ + } \ + _r; \ +}) + +#define heap_pop(h, d, cmp) \ +({ \ + bool _r = (h)->used; \ + if (_r) { \ + (d) = (h)->data[0]; \ + (h)->used--; \ + heap_swap(h, 0, (h)->used); \ + heap_sift(h, 0, cmp); \ + } \ + _r; \ +}) + +#define heap_peek(h) ((h)->used ? (h)->data[0] : NULL) + +#define heap_full(h) ((h)->used == (h)->size) + #define DECLARE_FIFO(type, name) \ struct { \ size_t front, back, size, mask; \ --- a/drivers/md/bcache/writeback.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/writeback.c @@ -908,16 +908,15 @@ static int bch_dirty_init_thread(void *a struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -931,7 +930,7 @@ static int bch_dirty_init_thread(void *a skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -980,13 +979,11 @@ void bch_sectors_dirty_init(struct bcach int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - retry_lock: b = c->root; rw_lock(0, b, b->level); _ Patches currently in -mm which might be from visitorckw(a)gmail.com are revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch bcache-remove-unnecessary-select-min_heap.patch lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

2 days, 5 hours

1
0
0 0

+ revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" Date: Sun, 15 Jun 2025 04:23:51 +0800 Patch series "bcache: Revert min_heap migration due to performance regression". This patch series reverts the migration of bcache from its original heap implementation to the generic min_heap library. While the original change aimed to simplify the code and improve maintainability, it introduced a severe performance regression in real-world scenarios. As reported by Robert, systems using bcache now suffer from periodic latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. This degrades bcache's value as a low-latency caching layer, and leads to frequent timeouts and application stalls in production environments. The primary cause of this regression is the behavior of the generic min_heap implementation's bottom-up sift_down, which performs up to 2 * log2(n) comparisons when many elements are equal. The original top-down variant used by bcache only required O(1) comparisons in such cases. The issue was further exacerbated by commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), which introduced non-inlined versions of the min_heap API, adding function call overhead to a performance-critical hot path. This patch (of 3): This reverts commit 3d8a9a1c35227c3f1b0bd132c9f0a80dbda07b65. Although removing the custom swap function simplified the code, this change is part of a broader migration to the generic min_heap API that introduced significant performance regressions in bcache. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert is part of a series of changes to restore previous performance by undoing the min_heap transition. Link: https://lkml.kernel.org/r/20250614202353.1632957-1-visitorckw@gmail.com Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-2-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 11 +++++++++-- drivers/md/bcache/bset.c | 14 +++++++++++--- drivers/md/bcache/extents.c | 10 +++++++++- drivers/md/bcache/movinggc.c | 10 +++++++++- 4 files changed, 38 insertions(+), 7 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/alloc.c @@ -189,16 +189,23 @@ static inline bool new_bucket_min_cmp(co return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); } +static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **lhs = l, **rhs = r; + + swap(*lhs, *rhs); +} + static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; const struct min_heap_callbacks bucket_max_cmp_callback = { .less = new_bucket_max_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; const struct min_heap_callbacks bucket_min_cmp_callback = { .less = new_bucket_min_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; ca->heap.nr = 0; --- a/drivers/md/bcache/bset.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/bset.c @@ -1093,6 +1093,14 @@ static inline bool new_btree_iter_cmp(co return bkey_cmp(_l->k, _r->k) <= 0; } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static inline bool btree_iter_end(struct btree_iter *iter) { return !iter->heap.nr; @@ -1103,7 +1111,7 @@ void bch_btree_iter_push(struct btree_it { const struct min_heap_callbacks callbacks = { .less = new_btree_iter_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (k != end) @@ -1149,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *ret = NULL; const struct min_heap_callbacks callbacks = { .less = cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (!btree_iter_end(iter)) { @@ -1223,7 +1231,7 @@ static void btree_mergesort(struct btree : bch_ptr_invalid; const struct min_heap_callbacks callbacks = { .less = b->ops->sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; /* Heapify the iterator, using our comparison function */ --- a/drivers/md/bcache/extents.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/extents.c @@ -266,12 +266,20 @@ static bool new_bch_extent_sort_cmp(cons return !(c ? c > 0 : _l->k < _r->k); } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { const struct min_heap_callbacks callbacks = { .less = new_bch_extent_sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; while (iter->heap.nr > 1) { struct btree_iter_set *top = iter->heap.data, *i = top + 1; --- a/drivers/md/bcache/movinggc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/movinggc.c @@ -190,6 +190,14 @@ static bool new_bucket_cmp(const void *l return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); } +static void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **_l = l; + struct bucket **_r = r; + + swap(*_l, *_r); +} + static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; @@ -204,7 +212,7 @@ void bch_moving_gc(struct cache_set *c) unsigned long sectors_to_move, reserve_sectors; const struct min_heap_callbacks callbacks = { .less = new_bucket_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; if (!c->copy_gc_enabled) _ Patches currently in -mm which might be from visitorckw(a)gmail.com are revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch bcache-remove-unnecessary-select-min_heap.patch lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

2 days, 5 hours

1
0
0 0

[stable 6.12+] x86/pkeys: Simplify PKRU update in signal frame

by Ben Hutchings

Hi stable maintainers, Please apply commit d1e420772cd1 ("x86/pkeys: Simplify PKRU update in signal frame") to the stable branches for 6.12 and later. This fixes a regression introduced in 6.13 by commit ae6012d72fa6 ("x86/pkeys: Ensure updated PKRU value is XRSTOR'd"), which was also backported in 6.12.5. Ben. -- Ben Hutchings 73.46% of all statistics are made up.

2 days, 8 hours

1
0
0 0

[PATCH] kallsyms: fix build without execinfo

by Achill Gilgenast

Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: stable(a)vger.kernel.org --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/include/linux/kallsyms.h b/tools/include/linux/kallsyms.h index 5a37ccbec54f..f61a01dd7eb7 100644 --- a/tools/include/linux/kallsyms.h +++ b/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_lookup(unsigned long addr, return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const char *loglvl, unsigned long ip) free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif -- 2.49.0

2 days, 9 hours

3
2
0 0

[PATCH v2] kallsyms: fix build without execinfo

by Achill Gilgenast

Some libc's like musl libc don't provide execinfo.h since it's not part of POSIX. In order to fix compilation on musl, only include execinfo.h if available (HAVE_BACKTRACE_SUPPORT) This was discovered with c104c16073b7 ("Kunit to check the longest symbol length") which starts to include linux/kallsyms.h with Alpine Linux' configs. Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: stable(a)vger.kernel.org --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/include/linux/kallsyms.h b/tools/include/linux/kallsyms.h index 5a37ccbec54f..f61a01dd7eb7 100644 --- a/tools/include/linux/kallsyms.h +++ b/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_lookup(unsigned long addr, return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const char *loglvl, unsigned long ip) free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif -- 2.50.0.rc2

2 days, 9 hours

1
0
0 0

[PATCH 5.10.y 0/5] Backport few sfq fixes

by Harshit Mogalapalli

commit: 10685681bafc ("net_sched: sch_sfq: don't allow 1 packet limit") fixes CVE-2024-57996 and commit: b3bf8f63e617 ("net_sched: sch_sfq: move the limit validation") fixes CVE-2025-37752. Patches 3 and 5 are CVE fixes for above mentioned CVEs. Patch 1,2 and 4 are pulled in as stable-deps. Testing performed on the patched 5.10.238 kernel with the above 5 patches: (Used latest upstream kselftests for tc-testing) # uname -a Linux hamogala-vm-6 5.10.238+ #2 SMP Sun Jun 15 17:27:54 GMT 2025 x86_64 x86_64 x86_64 GNU/Linux # ./tdc.py -f tc-tests/qdiscs/sfq.json -- ns/SubPlugin.__init__ Test 7482: Create SFQ with default setting Test c186: Create SFQ with limit setting Test ae23: Create SFQ with perturb setting Test a430: Create SFQ with quantum setting Test 4539: Create SFQ with divisor setting Test b089: Create SFQ with flows setting Test 99a0: Create SFQ with depth setting Test 7389: Create SFQ with headdrop setting Test 6472: Create SFQ with redflowlimit setting Test 8929: Show SFQ class Test 4d6f: Check that limit of 1 is rejected Test 7f8f: Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) Test 5168: Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) All test results: 1..13 ok 1 7482 - Create SFQ with default setting ok 2 c186 - Create SFQ with limit setting ok 3 ae23 - Create SFQ with perturb setting ok 4 a430 - Create SFQ with quantum setting ok 5 4539 - Create SFQ with divisor setting ok 6 b089 - Create SFQ with flows setting ok 7 99a0 - Create SFQ with depth setting ok 8 7389 - Create SFQ with headdrop setting ok 9 6472 - Create SFQ with redflowlimit setting ok 10 8929 - Show SFQ class ok 11 4d6f - Check that limit of 1 is rejected ok 12 7f8f - Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) ok 13 5168 - Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) Thanks, Harshit Eric Dumazet (2): net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets Octavian Purdila (3): net_sched: sch_sfq: don't allow 1 packet limit net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation net/sched/sch_sfq.c | 112 ++++++++++++++++++++++++++++---------------- 1 file changed, 71 insertions(+), 41 deletions(-) -- 2.47.1

2 days, 10 hours

1
5
0 0

[PATCH 1/1] phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode

by Wayne Chang

When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on, regulator_is_enabled() continues to return true, leading to an incorrect attempt to disable a regulator which is not enabled. This can result in warnings such as: [ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004 _regulator_disable+0xe4/0x1a0 [ 250.155652] unbalanced disables for VIN_SYS_5V0 To fix this, we move the regulator control logic into tegra186_xusb_padctl_id_override() function since it's directly related to the ID override state. The regulator is now only disabled when the role transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID register. This ensures that regulator enable/disable operations are properly balanced and only occur when actually transitioning to/from host mode. Fixes: 49d46e3c7e59 ("phy: tegra: xusb: Add set_mode support for UTMI phy on Tegra186") Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- drivers/phy/tegra/xusb-tegra186.c | 59 +++++++++++++++++++------------ 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index fae6242aa730..1b35d50821f7 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -774,13 +774,15 @@ static int tegra186_xusb_padctl_vbus_override(struct tegra_xusb_padctl *padctl, } static int tegra186_xusb_padctl_id_override(struct tegra_xusb_padctl *padctl, - bool status) + struct tegra_xusb_usb2_port *port, bool status) { - u32 value; + u32 value, id_override; + int err = 0; dev_dbg(padctl->dev, "%s id override\n", status ? "set" : "clear"); value = padctl_readl(padctl, USB2_VBUS_ID); + id_override = value & ID_OVERRIDE(~0); if (status) { if (value & VBUS_OVERRIDE) { @@ -791,15 +793,35 @@ static int tegra186_xusb_padctl_id_override(struct tegra_xusb_padctl *padctl, value = padctl_readl(padctl, USB2_VBUS_ID); } - value &= ~ID_OVERRIDE(~0); - value |= ID_OVERRIDE_GROUNDED; + if (id_override != ID_OVERRIDE_GROUNDED) { + value &= ~ID_OVERRIDE(~0); + value |= ID_OVERRIDE_GROUNDED; + padctl_writel(padctl, value, USB2_VBUS_ID); + + err = regulator_enable(port->supply); + if (err) { + dev_err(padctl->dev, "Failed to enable regulator: %d\n", err); + return err; + } + } } else { - value &= ~ID_OVERRIDE(~0); - value |= ID_OVERRIDE_FLOATING; + if (id_override == ID_OVERRIDE_GROUNDED) { + /* + * The regulator is disabled only when the role transitions + * from USB_ROLE_HOST to USB_ROLE_NONE. + */ + err = regulator_disable(port->supply); + if (err) { + dev_err(padctl->dev, "Failed to disable regulator: %d\n", err); + return err; + } + + value &= ~ID_OVERRIDE(~0); + value |= ID_OVERRIDE_FLOATING; + padctl_writel(padctl, value, USB2_VBUS_ID); + } } - padctl_writel(padctl, value, USB2_VBUS_ID); - return 0; } @@ -818,27 +840,20 @@ static int tegra186_utmi_phy_set_mode(struct phy *phy, enum phy_mode mode, if (mode == PHY_MODE_USB_OTG) { if (submode == USB_ROLE_HOST) { - tegra186_xusb_padctl_id_override(padctl, true); - - err = regulator_enable(port->supply); + err = tegra186_xusb_padctl_id_override(padctl, port, true); + if (err) + goto out; } else if (submode == USB_ROLE_DEVICE) { tegra186_xusb_padctl_vbus_override(padctl, true); } else if (submode == USB_ROLE_NONE) { - /* - * When port is peripheral only or role transitions to - * USB_ROLE_NONE from USB_ROLE_DEVICE, regulator is not - * enabled. - */ - if (regulator_is_enabled(port->supply)) - regulator_disable(port->supply); - - tegra186_xusb_padctl_id_override(padctl, false); + err = tegra186_xusb_padctl_id_override(padctl, port, false); + if (err) + goto out; tegra186_xusb_padctl_vbus_override(padctl, false); } } - +out: mutex_unlock(&padctl->lock); - return err; } -- 2.25.1

2 days, 11 hours

3
3
0 0

[PATCH] i2c: qup: jump out of the loop in case of timeout

by Yang Xiwen via B4 Relay

From: Yang Xiwen <forbidden405(a)outlook.com> Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT. Cc: stable(a)vger.kernel.org Signed-off-by: Yang Xiwen <forbidden405(a)outlook.com> --- drivers/i2c/busses/i2c-qup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-qup.c b/drivers/i2c/busses/i2c-qup.c index 3a36d682ed57..5b053e51f4c9 100644 --- a/drivers/i2c/busses/i2c-qup.c +++ b/drivers/i2c/busses/i2c-qup.c @@ -452,8 +452,10 @@ static int qup_i2c_bus_active(struct qup_i2c_dev *qup, int len) if (!(status & I2C_STATUS_BUS_ACTIVE)) break; - if (time_after(jiffies, timeout)) + if (time_after(jiffies, timeout)) { ret = -ETIMEDOUT; + break; + } usleep_range(len, len * 2); } --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250615-qca-i2c-d41bb61aa59e Best regards, -- Yang Xiwen <forbidden405(a)outlook.com>

2 days, 12 hours

1
0
0 0

stable patch 42fac18 missing from linux-6.6

by Alex Lyakas

Greetings, The following patch [1]: "42fac18 btrfs: check delayed refs when we're checking if a ref exists" has been marked as "CC: stable(a)vger.kernel.org # 5.4+" but I do not see that it has been backported to linux-6.6.y branch. Can this patch be picked up in the next version of linux-6.6 please? Thanks, Alex. [1] commit 42fac187b5c746227c92d024f1caf33bc1d337e4 Author: Josef Bacik <josef(a)toxicpanda.com> Date: Thu Apr 11 16:41:20 2024 -0400 btrfs: check delayed refs when we're checking if a ref exists In the patch 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") I added some code to handle file systems that had been corrupted by a bug that incorrectly skipped updating the drop progress key while dropping a snapshot. This code would check to see if we had already deleted our reference for a child block, and skip the deletion if we had already. ... Fixes: 78c52d9eb6b7 ("btrfs: check for refs on snapshot delete resume") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com>

2 days, 12 hours

1
0
0 0

[PATCH 5.15.y 0/5] Backport few sfq fixes

by Harshit Mogalapalli

commit: 10685681bafc ("net_sched: sch_sfq: don't allow 1 packet limit") fixes CVE-2024-57996 and commit: b3bf8f63e617 ("net_sched: sch_sfq: move the limit validation") fixes CVE-2025-37752. Patches 3 and 5 are CVE fixes for above mentioned CVEs. Patch 1,2 and 4 are pulled in as stable-deps. Testeing performed on the patches 5.15.185 kernel with the above 5 patches: (Used latest upstream kselftests for tc-testing) # ./tdc.py -f tc-tests/qdiscs/sfq.json -- ns/SubPlugin.__init__ Test 7482: Create SFQ with default setting Test c186: Create SFQ with limit setting Test ae23: Create SFQ with perturb setting Test a430: Create SFQ with quantum setting Test 4539: Create SFQ with divisor setting Test b089: Create SFQ with flows setting Test 99a0: Create SFQ with depth setting Test 7389: Create SFQ with headdrop setting Test 6472: Create SFQ with redflowlimit setting Test 8929: Show SFQ class Test 4d6f: Check that limit of 1 is rejected Test 7f8f: Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) Test 5168: Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) All test results: 1..13 ok 1 7482 - Create SFQ with default setting ok 2 c186 - Create SFQ with limit setting ok 3 ae23 - Create SFQ with perturb setting ok 4 a430 - Create SFQ with quantum setting ok 5 4539 - Create SFQ with divisor setting ok 6 b089 - Create SFQ with flows setting ok 7 99a0 - Create SFQ with depth setting ok 8 7389 - Create SFQ with headdrop setting ok 9 6472 - Create SFQ with redflowlimit setting ok 10 8929 - Show SFQ class ok 11 4d6f - Check that limit of 1 is rejected ok 12 7f8f - Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) ok 13 5168 - Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) # uname -a Linux hamogala-vm-6 5.15.185+ #1 SMP Fri Jun 13 18:34:53 GMT 2025 x86_64 x86_64 x86_64 GNU/Linux I will try to send similar backports to kernels older than 5.15.y as well. Thanks, Harshit Eric Dumazet (2): net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets Octavian Purdila (3): net_sched: sch_sfq: don't allow 1 packet limit net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation net/sched/sch_sfq.c | 112 ++++++++++++++++++++++++++++---------------- 1 file changed, 71 insertions(+), 41 deletions(-) -- 2.47.1

2 days, 12 hours

1
5
0 0

Re: Patch "Bluetooth: MGMT: Remove unused mgmt_pending_find_data" has been added to the 6.12-stable tree

by Dr. David Alan Gilbert

* Sasha Levin (sashal(a)kernel.org) wrote: > This is a note to let you know that I've just added the patch titled > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bluetooth-mgmt-remove-unused-mgmt_pending_find_data.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. It's a cleanup only, so I wouldn't backport it unless it makes backporting a useful patch easier. Dave > > > commit 17d285fbdeb9dabee6c6c348a528ac81ca65a6da > Author: Dr. David Alan Gilbert <linux(a)treblig.org> > Date: Mon Jan 27 21:37:15 2025 +0000 > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > [ Upstream commit 276af34d82f13bda0b2a4d9786c90b8bbf1cd064 ] > > mgmt_pending_find_data() last use was removed in 2021 by > commit 5a7501374664 ("Bluetooth: hci_sync: Convert MGMT_OP_GET_CLOCK_INFO") > > Remove it. > > Signed-off-by: Dr. David Alan Gilbert <linux(a)treblig.org> > Reviewed-by: Simon Horman <horms(a)kernel.org> > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> > Stable-dep-of: 6fe26f694c82 ("Bluetooth: MGMT: Protect mgmt_pending list with its own lock") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/bluetooth/mgmt_util.c b/net/bluetooth/mgmt_util.c > index 67db32a60c6a9..3713ff490c65d 100644 > --- a/net/bluetooth/mgmt_util.c > +++ b/net/bluetooth/mgmt_util.c > @@ -229,23 +229,6 @@ struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > return NULL; > } > > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data) > -{ > - struct mgmt_pending_cmd *cmd; > - > - list_for_each_entry(cmd, &hdev->mgmt_pending, list) { > - if (cmd->user_data != data) > - continue; > - if (cmd->opcode == opcode) > - return cmd; > - } > - > - return NULL; > -} > - > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data) > diff --git a/net/bluetooth/mgmt_util.h b/net/bluetooth/mgmt_util.h > index bdf978605d5a8..f2ba994ab1d84 100644 > --- a/net/bluetooth/mgmt_util.h > +++ b/net/bluetooth/mgmt_util.h > @@ -54,10 +54,6 @@ int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, > > struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > struct hci_dev *hdev); > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data); > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data); -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ dave @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/

2 days, 13 hours

2
2
0 0

Re: Patch "Bluetooth: MGMT: Remove unused mgmt_pending_find_data" has been added to the 6.6-stable tree

by Dr. David Alan Gilbert

* Sasha Levin (sashal(a)kernel.org) wrote: > This is a note to let you know that I've just added the patch titled > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bluetooth-mgmt-remove-unused-mgmt_pending_find_data.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. <rewinds, copies same message I did for 6.12 - please take this to mean all of them> It's a cleanup only, so I wouldn't backport it unless it makes backporting a useful patch easier. Dave > > > > commit af31788b431f56d9b304d32701f1f9143aae8f95 > Author: Dr. David Alan Gilbert <linux(a)treblig.org> > Date: Mon Jan 27 21:37:15 2025 +0000 > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > [ Upstream commit 276af34d82f13bda0b2a4d9786c90b8bbf1cd064 ] > > mgmt_pending_find_data() last use was removed in 2021 by > commit 5a7501374664 ("Bluetooth: hci_sync: Convert MGMT_OP_GET_CLOCK_INFO") > > Remove it. > > Signed-off-by: Dr. David Alan Gilbert <linux(a)treblig.org> > Reviewed-by: Simon Horman <horms(a)kernel.org> > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> > Stable-dep-of: 6fe26f694c82 ("Bluetooth: MGMT: Protect mgmt_pending list with its own lock") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/bluetooth/mgmt_util.c b/net/bluetooth/mgmt_util.c > index 17e32605d9b00..dba6a0d66500f 100644 > --- a/net/bluetooth/mgmt_util.c > +++ b/net/bluetooth/mgmt_util.c > @@ -229,23 +229,6 @@ struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > return NULL; > } > > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data) > -{ > - struct mgmt_pending_cmd *cmd; > - > - list_for_each_entry(cmd, &hdev->mgmt_pending, list) { > - if (cmd->user_data != data) > - continue; > - if (cmd->opcode == opcode) > - return cmd; > - } > - > - return NULL; > -} > - > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data) > diff --git a/net/bluetooth/mgmt_util.h b/net/bluetooth/mgmt_util.h > index bdf978605d5a8..f2ba994ab1d84 100644 > --- a/net/bluetooth/mgmt_util.h > +++ b/net/bluetooth/mgmt_util.h > @@ -54,10 +54,6 @@ int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, > > struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > struct hci_dev *hdev); > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data); > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data); -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ dave @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/

2 days, 15 hours

1
0
0 0

[PATCH v2 3/3] bcache: Remove unnecessary select MIN_HEAP

by Kuan-Wei Chiu

After reverting the transition to the generic min heap library, bcache no longer depends on MIN_HEAP. The select entry can be removed to reduce code size and shrink the kernel's attack surface. This change effectively reverts the bcache-related part of commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"). This is part of a series of changes to address a performance regression caused by the use of the generic min_heap implementation. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- drivers/md/bcache/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/md/bcache/Kconfig b/drivers/md/bcache/Kconfig index d4697e79d5a3..b2d10063d35f 100644 --- a/drivers/md/bcache/Kconfig +++ b/drivers/md/bcache/Kconfig @@ -5,7 +5,6 @@ config BCACHE select BLOCK_HOLDER_DEPRECATED if SYSFS select CRC64 select CLOSURES - select MIN_HEAP help Allows a block device to be used as cache for other devices; uses a btree for indexing and the layout is optimized for SSDs. -- 2.34.1

2 days, 22 hours

2
1
0 0

[PATCH v2 2/3] Revert "bcache: remove heap-related macros and switch to generic min_heap"

by Kuan-Wei Chiu

This reverts commit 866898efbb25bb44fd42848318e46db9e785973a. The generic bottom-up min_heap implementation causes performance regression in invalidate_buckets_lru(), a hot path in bcache. Before the cache is fully populated, new_bucket_prio() often returns zero, leading to many equal comparisons. In such cases, bottom-up sift_down performs up to 2 * log2(n) comparisons, while the original top-down approach completes with just O() comparisons, resulting in a measurable performance gap. The performance degradation is further worsened by the non-inlined min_heap API functions introduced in commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), adding function call overhead to this critical path. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert aims to restore bcache's original low-latency behavior. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- drivers/md/bcache/alloc.c | 64 +++++------------- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/bset.c | 124 ++++++++++++---------------------- drivers/md/bcache/bset.h | 40 ++++++----- drivers/md/bcache/btree.c | 69 ++++++++----------- drivers/md/bcache/extents.c | 53 ++++++--------- drivers/md/bcache/movinggc.c | 41 +++-------- drivers/md/bcache/super.c | 3 +- drivers/md/bcache/sysfs.c | 4 +- drivers/md/bcache/util.h | 67 +++++++++++++++++- drivers/md/bcache/writeback.c | 13 ++-- 11 files changed, 217 insertions(+), 263 deletions(-) diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c index da50f6661bae..48ce750bf70a 100644 --- a/drivers/md/bcache/alloc.c +++ b/drivers/md/bcache/alloc.c @@ -164,68 +164,40 @@ static void bch_invalidate_one_bucket(struct cache *ca, struct bucket *b) * prio is worth 1/8th of what INITIAL_PRIO is worth. */ -static inline unsigned int new_bucket_prio(struct cache *ca, struct bucket *b) -{ - unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; - - return (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); -} - -static inline bool new_bucket_max_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) > new_bucket_prio(ca, *rhs); -} - -static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); -} - -static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **lhs = l, **rhs = r; +#define bucket_prio(b) \ +({ \ + unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; \ + \ + (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); \ +}) - swap(*lhs, *rhs); -} +#define bucket_max_cmp(l, r) (bucket_prio(l) < bucket_prio(r)) +#define bucket_min_cmp(l, r) (bucket_prio(l) > bucket_prio(r)) static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; - const struct min_heap_callbacks bucket_max_cmp_callback = { - .less = new_bucket_max_cmp, - .swp = new_bucket_swap, - }; - const struct min_heap_callbacks bucket_min_cmp_callback = { - .less = new_bucket_min_cmp, - .swp = new_bucket_swap, - }; + ssize_t i; - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (!bch_can_invalidate_bucket(ca, b)) continue; - if (!min_heap_full(&ca->heap)) - min_heap_push(&ca->heap, &b, &bucket_max_cmp_callback, ca); - else if (!new_bucket_max_cmp(&b, min_heap_peek(&ca->heap), ca)) { + if (!heap_full(&ca->heap)) + heap_add(&ca->heap, b, bucket_max_cmp); + else if (bucket_max_cmp(b, heap_peek(&ca->heap))) { ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &bucket_max_cmp_callback, ca); + heap_sift(&ca->heap, 0, bucket_max_cmp); } } - min_heapify_all(&ca->heap, &bucket_min_cmp_callback, ca); + for (i = ca->heap.used / 2 - 1; i >= 0; --i) + heap_sift(&ca->heap, i, bucket_min_cmp); while (!fifo_full(&ca->free_inc)) { - if (!ca->heap.nr) { + if (!heap_pop(&ca->heap, b, bucket_min_cmp)) { /* * We don't want to be calling invalidate_buckets() * multiple times when it can't do anything @@ -234,8 +206,6 @@ static void invalidate_buckets_lru(struct cache *ca) wake_up_gc(ca->set); return; } - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &bucket_min_cmp_callback, ca); bch_invalidate_one_bucket(ca, b); } diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 785b0d9008fa..1d33e40d26ea 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -458,7 +458,7 @@ struct cache { /* Allocation stuff: */ struct bucket *buckets; - DEFINE_MIN_HEAP(struct bucket *, cache_heap) heap; + DECLARE_HEAP(struct bucket *, heap); /* * If nonzero, we know we aren't going to find any buckets to invalidate diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c index bd97d8626887..463eb13bd0b2 100644 --- a/drivers/md/bcache/bset.c +++ b/drivers/md/bcache/bset.c @@ -54,11 +54,9 @@ void bch_dump_bucket(struct btree_keys *b) int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - if (b->ops->is_extents) for_each_key(b, k, &iter) ret += KEY_SIZE(k); @@ -69,11 +67,9 @@ void __bch_check_keys(struct btree_keys *b, const char *fmt, ...) { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key(b, k, &iter) { if (b->ops->is_extents) { err = "Keys out of order"; @@ -114,9 +110,9 @@ void __bch_check_keys(struct btree_keys *b, const char *fmt, ...) static void bch_btree_iter_next_check(struct btree_iter *iter) { - struct bkey *k = iter->heap.data->k, *next = bkey_next(k); + struct bkey *k = iter->data->k, *next = bkey_next(k); - if (next < iter->heap.data->end && + if (next < iter->data->end && bkey_cmp(k, iter->b->ops->is_extents ? &START_KEY(next) : next) > 0) { bch_dump_bucket(iter->b); @@ -883,14 +879,12 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* * If k has preceding key, preceding_key_p will be set to address * of k's preceding key; otherwise preceding_key_p will be set @@ -901,9 +895,9 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1083,102 +1077,79 @@ struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, /* Btree iterator */ -typedef bool (new_btree_iter_cmp_fn)(const void *, const void *, void *); - -static inline bool new_btree_iter_cmp(const void *l, const void *r, void __always_unused *args) -{ - const struct btree_iter_set *_l = l; - const struct btree_iter_set *_r = r; - - return bkey_cmp(_l->k, _r->k) <= 0; -} +typedef bool (btree_iter_cmp_fn)(struct btree_iter_set, + struct btree_iter_set); -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static inline bool btree_iter_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; - - swap(*_iter1, *_iter2); + return bkey_cmp(l.k, r.k) > 0; } static inline bool btree_iter_end(struct btree_iter *iter) { - return !iter->heap.nr; + return !iter->used; } void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end) { - const struct min_heap_callbacks callbacks = { - .less = new_btree_iter_cmp, - .swp = new_btree_iter_swap, - }; - if (k != end) - BUG_ON(!min_heap_push(&iter->heap, - &((struct btree_iter_set) { k, end }), - &callbacks, - NULL)); + BUG_ON(!heap_add(iter, + ((struct btree_iter_set) { k, end }), + btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->heap.size = ARRAY_SIZE(iter->heap.preallocated); - iter->heap.nr = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, - new_btree_iter_cmp_fn *cmp) + btree_iter_cmp_fn *cmp) { struct btree_iter_set b __maybe_unused; struct bkey *ret = NULL; - const struct min_heap_callbacks callbacks = { - .less = cmp, - .swp = new_btree_iter_swap, - }; if (!btree_iter_end(iter)) { bch_btree_iter_next_check(iter); - ret = iter->heap.data->k; - iter->heap.data->k = bkey_next(iter->heap.data->k); + ret = iter->data->k; + iter->data->k = bkey_next(iter->data->k); - if (iter->heap.data->k > iter->heap.data->end) { + if (iter->data->k > iter->data->end) { WARN_ONCE(1, "bset was corrupt!\n"); - iter->heap.data->k = iter->heap.data->end; + iter->data->k = iter->data->end; } - if (iter->heap.data->k == iter->heap.data->end) { - if (iter->heap.nr) { - b = min_heap_peek(&iter->heap)[0]; - min_heap_pop(&iter->heap, &callbacks, NULL); - } - } + if (iter->data->k == iter->data->end) + heap_pop(iter, b, cmp); else - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, cmp); } return ret; @@ -1186,7 +1157,7 @@ static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, struct bkey *bch_btree_iter_next(struct btree_iter *iter) { - return __bch_btree_iter_next(iter, new_btree_iter_cmp); + return __bch_btree_iter_next(iter, btree_iter_cmp); } @@ -1224,18 +1195,16 @@ static void btree_mergesort(struct btree_keys *b, struct bset *out, struct btree_iter *iter, bool fixup, bool remove_stale) { + int i; struct bkey *k, *last = NULL; BKEY_PADDED(k) tmp; bool (*bad)(struct btree_keys *, const struct bkey *) = remove_stale ? bch_ptr_bad : bch_ptr_invalid; - const struct min_heap_callbacks callbacks = { - .less = b->ops->sort_cmp, - .swp = new_btree_iter_swap, - }; /* Heapify the iterator, using our comparison function */ - min_heapify_all(&iter->heap, &callbacks, NULL); + for (i = iter->used / 2 - 1; i >= 0; --i) + heap_sift(iter, i, b->ops->sort_cmp); while (!btree_iter_end(iter)) { if (b->ops->sort_fixup && fixup) @@ -1324,11 +1293,10 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1339,7 +1307,7 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1355,13 +1323,11 @@ void bch_btree_sort_into(struct btree_keys *b, struct btree_keys *new, struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h index f79441acd4c1..011f6062c4c0 100644 --- a/drivers/md/bcache/bset.h +++ b/drivers/md/bcache/bset.h @@ -187,9 +187,8 @@ struct bset_tree { }; struct btree_keys_ops { - bool (*sort_cmp)(const void *l, - const void *r, - void *args); + bool (*sort_cmp)(struct btree_iter_set l, + struct btree_iter_set r); struct bkey *(*sort_fixup)(struct btree_iter *iter, struct bkey *tmp); bool (*insert_fixup)(struct btree_keys *b, @@ -313,17 +312,23 @@ enum { BTREE_INSERT_STATUS_FRONT_MERGE, }; -struct btree_iter_set { - struct bkey *k, *end; -}; - /* Btree key iteration */ struct btree_iter { + size_t size, used; #ifdef CONFIG_BCACHE_DEBUG struct btree_keys *b; #endif - MIN_HEAP_PREALLOCATED(struct btree_iter_set, btree_iter_heap, MAX_BSETS) heap; + struct btree_iter_set { + struct bkey *k, *end; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -335,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter(struct btree_iter *iter, void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -352,13 +357,14 @@ static inline struct bkey *bch_bset_search(struct btree_keys *b, return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index 1d0100677357..210b59007d98 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -148,19 +148,19 @@ void bch_btree_node_read_done(struct btree *b) { const char *err = "bad btree header"; struct bset *i = btree_bset_first(b); - struct btree_iter iter; + struct btree_iter *iter; /* * c->fill_iter can allocate an iterator with more memory space * than static MAX_BSETS. * See the comment arount cache_set->fill_iter. */ - iter.heap.data = mempool_alloc(&b->c->fill_iter, GFP_NOIO); - iter.heap.size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; - iter.heap.nr = 0; + iter = mempool_alloc(&b->c->fill_iter, GFP_NOIO); + iter->size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; + iter->used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter.b = &b->keys; + iter->b = &b->keys; #endif if (!i->seq) @@ -198,7 +198,7 @@ void bch_btree_node_read_done(struct btree *b) if (i != b->keys.set[0].data && !i->keys) goto err; - bch_btree_iter_push(&iter, i->start, bset_bkey_last(i)); + bch_btree_iter_push(iter, i->start, bset_bkey_last(i)); b->written += set_blocks(i, block_bytes(b->c->cache)); } @@ -210,7 +210,7 @@ void bch_btree_node_read_done(struct btree *b) if (i->seq == b->keys.set[0].data->seq) goto err; - bch_btree_sort_and_fix_extents(&b->keys, &iter, &b->c->sort); + bch_btree_sort_and_fix_extents(&b->keys, iter, &b->c->sort); i = b->keys.set[0].data; err = "short btree key"; @@ -222,7 +222,7 @@ void bch_btree_node_read_done(struct btree *b) bch_bset_init_next(&b->keys, write_block(b), bset_magic(&b->c->cache->sb)); out: - mempool_free(iter.heap.data, &b->c->fill_iter); + mempool_free(iter, &b->c->fill_iter); return; err: set_btree_node_io_error(b); @@ -1306,11 +1306,9 @@ static bool btree_gc_mark_node(struct btree *b, struct gc_stat *gc) uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - gc->nodes++; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) { @@ -1569,11 +1567,9 @@ static int btree_gc_rewrite_node(struct btree *b, struct btree_op *op, static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) ret += bkey_u64s(k); @@ -1612,18 +1608,18 @@ static int btree_gc_recurse(struct btree *b, struct btree_op *op, int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1918,9 +1914,7 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1928,10 +1922,10 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1959,7 +1953,7 @@ static int bch_btree_check_thread(void *arg) struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1967,11 +1961,9 @@ static int bch_btree_check_thread(void *arg) cur_idx = prev_idx = 0; ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1989,7 +1981,7 @@ static int bch_btree_check_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2062,11 +2054,9 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* check and mark root node keys */ for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(c, c->root->level, k); @@ -2560,12 +2550,11 @@ static int bch_btree_map_nodes_recurse(struct btree *b, struct btree_op *op, if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2594,12 +2583,12 @@ int bch_btree_map_keys_recurse(struct btree *b, struct btree_op *op, { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, diff --git a/drivers/md/bcache/extents.c b/drivers/md/bcache/extents.c index a7221e5dbe81..d626ffcbecb9 100644 --- a/drivers/md/bcache/extents.c +++ b/drivers/md/bcache/extents.c @@ -33,16 +33,15 @@ static void sort_key_next(struct btree_iter *iter, i->k = bkey_next(i->k); if (i->k == i->end) - *i = iter->heap.data[--iter->heap.nr]; + *i = iter->data[--iter->used]; } -static bool new_bch_key_sort_cmp(const void *l, const void *r, void *args) +static bool bch_key_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(_l->k, _r->k); + int64_t c = bkey_cmp(l.k, r.k); - return !(c ? c > 0 : _l->k < _r->k); + return c ? c > 0 : l.k < r.k; } static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) @@ -239,7 +238,7 @@ static bool bch_btree_ptr_insert_fixup(struct btree_keys *bk, } const struct btree_keys_ops bch_btree_keys_ops = { - .sort_cmp = new_bch_key_sort_cmp, + .sort_cmp = bch_key_sort_cmp, .insert_fixup = bch_btree_ptr_insert_fixup, .key_invalid = bch_btree_ptr_invalid, .key_bad = bch_btree_ptr_bad, @@ -256,36 +255,22 @@ const struct btree_keys_ops bch_btree_keys_ops = { * Necessary for btree_sort_fixup() - if there are multiple keys that compare * equal in different sets, we have to process them newest to oldest. */ - -static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_unused *args) -{ - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(&START_KEY(_l->k), &START_KEY(_r->k)); - - return !(c ? c > 0 : _l->k < _r->k); -} - -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static bool bch_extent_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; + int64_t c = bkey_cmp(&START_KEY(l.k), &START_KEY(r.k)); - swap(*_iter1, *_iter2); + return c ? c > 0 : l.k < r.k; } static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { - const struct min_heap_callbacks callbacks = { - .less = new_bch_extent_sort_cmp, - .swp = new_btree_iter_swap, - }; - while (iter->heap.nr > 1) { - struct btree_iter_set *top = iter->heap.data, *i = top + 1; - - if (iter->heap.nr > 2 && - !new_bch_extent_sort_cmp(&i[0], &i[1], NULL)) + while (iter->used > 1) { + struct btree_iter_set *top = iter->data, *i = top + 1; + + if (iter->used > 2 && + bch_extent_sort_cmp(i[0], i[1])) i++; if (bkey_cmp(top->k, &START_KEY(i->k)) <= 0) @@ -293,7 +278,7 @@ static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, if (!KEY_SIZE(i->k)) { sort_key_next(iter, i); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); continue; } @@ -303,7 +288,7 @@ static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, else bch_cut_front(top->k, i->k); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); } else { /* can't happen because of comparison func */ BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k))); @@ -313,7 +298,7 @@ static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, bch_cut_back(&START_KEY(i->k), tmp); bch_cut_front(i->k, top->k); - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, bch_extent_sort_cmp); return tmp; } else { @@ -633,7 +618,7 @@ static bool bch_extent_merge(struct btree_keys *bk, } const struct btree_keys_ops bch_extent_keys_ops = { - .sort_cmp = new_bch_extent_sort_cmp, + .sort_cmp = bch_extent_sort_cmp, .sort_fixup = bch_extent_sort_fixup, .insert_fixup = bch_extent_insert_fixup, .key_invalid = bch_extent_invalid, diff --git a/drivers/md/bcache/movinggc.c b/drivers/md/bcache/movinggc.c index d6c73dd8eb2b..26a6a535ec32 100644 --- a/drivers/md/bcache/movinggc.c +++ b/drivers/md/bcache/movinggc.c @@ -182,27 +182,16 @@ err: if (!IS_ERR_OR_NULL(w->private)) closure_sync(&cl); } -static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *args) +static bool bucket_cmp(struct bucket *l, struct bucket *r) { - struct bucket **_l = (struct bucket **)l; - struct bucket **_r = (struct bucket **)r; - - return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); -} - -static void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **_l = l; - struct bucket **_r = r; - - swap(*_l, *_r); + return GC_SECTORS_USED(l) < GC_SECTORS_USED(r); } static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; - return (b = min_heap_peek(&ca->heap)[0]) ? GC_SECTORS_USED(b) : 0; + return (b = heap_peek(&ca->heap)) ? GC_SECTORS_USED(b) : 0; } void bch_moving_gc(struct cache_set *c) @@ -210,10 +199,6 @@ void bch_moving_gc(struct cache_set *c) struct cache *ca = c->cache; struct bucket *b; unsigned long sectors_to_move, reserve_sectors; - const struct min_heap_callbacks callbacks = { - .less = new_bucket_cmp, - .swp = new_bucket_swap, - }; if (!c->copy_gc_enabled) return; @@ -224,7 +209,7 @@ void bch_moving_gc(struct cache_set *c) reserve_sectors = ca->sb.bucket_size * fifo_used(&ca->free[RESERVE_MOVINGGC]); - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (GC_MARK(b) == GC_MARK_METADATA || @@ -233,31 +218,25 @@ void bch_moving_gc(struct cache_set *c) atomic_read(&b->pin)) continue; - if (!min_heap_full(&ca->heap)) { + if (!heap_full(&ca->heap)) { sectors_to_move += GC_SECTORS_USED(b); - min_heap_push(&ca->heap, &b, &callbacks, NULL); - } else if (!new_bucket_cmp(&b, min_heap_peek(&ca->heap), ca)) { + heap_add(&ca->heap, b, bucket_cmp); + } else if (bucket_cmp(b, heap_peek(&ca->heap))) { sectors_to_move -= bucket_heap_top(ca); sectors_to_move += GC_SECTORS_USED(b); ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &callbacks, NULL); + heap_sift(&ca->heap, 0, bucket_cmp); } } while (sectors_to_move > reserve_sectors) { - if (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); - } + heap_pop(&ca->heap, b, bucket_cmp); sectors_to_move -= GC_SECTORS_USED(b); } - while (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); + while (heap_pop(&ca->heap, b, bucket_cmp)) SET_GC_MOVE(b, 1); - } mutex_unlock(&c->bucket_lock); diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 1efb768b2890..2ea490b9d370 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1912,7 +1912,8 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index e8f696cb58c0..826b14cae4e5 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -660,9 +660,7 @@ static unsigned int bch_root_usage(struct cache_set *c) unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; goto lock_root; diff --git a/drivers/md/bcache/util.h b/drivers/md/bcache/util.h index 539454d8e2d0..f61ab1bada6c 100644 --- a/drivers/md/bcache/util.h +++ b/drivers/md/bcache/util.h @@ -9,7 +9,6 @@ #include <linux/kernel.h> #include <linux/sched/clock.h> #include <linux/llist.h> -#include <linux/min_heap.h> #include <linux/ratelimit.h> #include <linux/vmalloc.h> #include <linux/workqueue.h> @@ -31,10 +30,16 @@ struct closure; #endif +#define DECLARE_HEAP(type, name) \ + struct { \ + size_t size, used; \ + type *data; \ + } name + #define init_heap(heap, _size, gfp) \ ({ \ size_t _bytes; \ - (heap)->nr = 0; \ + (heap)->used = 0; \ (heap)->size = (_size); \ _bytes = (heap)->size * sizeof(*(heap)->data); \ (heap)->data = kvmalloc(_bytes, (gfp) & GFP_KERNEL); \ @@ -47,6 +52,64 @@ do { \ (heap)->data = NULL; \ } while (0) +#define heap_swap(h, i, j) swap((h)->data[i], (h)->data[j]) + +#define heap_sift(h, i, cmp) \ +do { \ + size_t _r, _j = i; \ + \ + for (; _j * 2 + 1 < (h)->used; _j = _r) { \ + _r = _j * 2 + 1; \ + if (_r + 1 < (h)->used && \ + cmp((h)->data[_r], (h)->data[_r + 1])) \ + _r++; \ + \ + if (cmp((h)->data[_r], (h)->data[_j])) \ + break; \ + heap_swap(h, _r, _j); \ + } \ +} while (0) + +#define heap_sift_down(h, i, cmp) \ +do { \ + while (i) { \ + size_t p = (i - 1) / 2; \ + if (cmp((h)->data[i], (h)->data[p])) \ + break; \ + heap_swap(h, i, p); \ + i = p; \ + } \ +} while (0) + +#define heap_add(h, d, cmp) \ +({ \ + bool _r = !heap_full(h); \ + if (_r) { \ + size_t _i = (h)->used++; \ + (h)->data[_i] = d; \ + \ + heap_sift_down(h, _i, cmp); \ + heap_sift(h, _i, cmp); \ + } \ + _r; \ +}) + +#define heap_pop(h, d, cmp) \ +({ \ + bool _r = (h)->used; \ + if (_r) { \ + (d) = (h)->data[0]; \ + (h)->used--; \ + heap_swap(h, 0, (h)->used); \ + heap_sift(h, 0, cmp); \ + } \ + _r; \ +}) + +#define heap_peek(h) ((h)->used ? (h)->data[0] : NULL) + +#define heap_full(h) ((h)->used == (h)->size) + #define DECLARE_FIFO(type, name) \ struct { \ size_t front, back, size, mask; \ diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 453efbbdc8ee..302e75f1fc4b 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -908,16 +908,15 @@ static int bch_dirty_init_thread(void *arg) struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -931,7 +930,7 @@ static int bch_dirty_init_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -980,13 +979,11 @@ void bch_sectors_dirty_init(struct bcache_device *d) int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - retry_lock: b = c->root; rw_lock(0, b, b->level); -- 2.34.1

2 days, 22 hours

2
1
0 0

[PATCH v2 1/3] Revert "bcache: update min_heap_callbacks to use default builtin swap"

by Kuan-Wei Chiu

This reverts commit 3d8a9a1c35227c3f1b0bd132c9f0a80dbda07b65. Although removing the custom swap function simplified the code, this change is part of a broader migration to the generic min_heap API that introduced significant performance regressions in bcache. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert is part of a series of changes to restore previous performance by undoing the min_heap transition. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- drivers/md/bcache/alloc.c | 11 +++++++++-- drivers/md/bcache/bset.c | 14 +++++++++++--- drivers/md/bcache/extents.c | 10 +++++++++- drivers/md/bcache/movinggc.c | 10 +++++++++- 4 files changed, 38 insertions(+), 7 deletions(-) diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c index 8998e61efa40..da50f6661bae 100644 --- a/drivers/md/bcache/alloc.c +++ b/drivers/md/bcache/alloc.c @@ -189,16 +189,23 @@ static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); } +static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **lhs = l, **rhs = r; + + swap(*lhs, *rhs); +} + static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; const struct min_heap_callbacks bucket_max_cmp_callback = { .less = new_bucket_max_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; const struct min_heap_callbacks bucket_min_cmp_callback = { .less = new_bucket_min_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; ca->heap.nr = 0; diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c index 68258a16e125..bd97d8626887 100644 --- a/drivers/md/bcache/bset.c +++ b/drivers/md/bcache/bset.c @@ -1093,6 +1093,14 @@ static inline bool new_btree_iter_cmp(const void *l, const void *r, void __alway return bkey_cmp(_l->k, _r->k) <= 0; } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static inline bool btree_iter_end(struct btree_iter *iter) { return !iter->heap.nr; @@ -1103,7 +1111,7 @@ void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, { const struct min_heap_callbacks callbacks = { .less = new_btree_iter_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (k != end) @@ -1149,7 +1157,7 @@ static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, struct bkey *ret = NULL; const struct min_heap_callbacks callbacks = { .less = cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (!btree_iter_end(iter)) { @@ -1223,7 +1231,7 @@ static void btree_mergesort(struct btree_keys *b, struct bset *out, : bch_ptr_invalid; const struct min_heap_callbacks callbacks = { .less = b->ops->sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; /* Heapify the iterator, using our comparison function */ diff --git a/drivers/md/bcache/extents.c b/drivers/md/bcache/extents.c index 4b84fda1530a..a7221e5dbe81 100644 --- a/drivers/md/bcache/extents.c +++ b/drivers/md/bcache/extents.c @@ -266,12 +266,20 @@ static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_ return !(c ? c > 0 : _l->k < _r->k); } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { const struct min_heap_callbacks callbacks = { .less = new_bch_extent_sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; while (iter->heap.nr > 1) { struct btree_iter_set *top = iter->heap.data, *i = top + 1; diff --git a/drivers/md/bcache/movinggc.c b/drivers/md/bcache/movinggc.c index 45ca134cbf02..d6c73dd8eb2b 100644 --- a/drivers/md/bcache/movinggc.c +++ b/drivers/md/bcache/movinggc.c @@ -190,6 +190,14 @@ static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *a return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); } +static void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **_l = l; + struct bucket **_r = r; + + swap(*_l, *_r); +} + static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; @@ -204,7 +212,7 @@ void bch_moving_gc(struct cache_set *c) unsigned long sectors_to_move, reserve_sectors; const struct min_heap_callbacks callbacks = { .less = new_bucket_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; if (!c->copy_gc_enabled) -- 2.34.1

2 days, 22 hours

2
1
0 0

[PATCH v2] fscrypt: don't use problematic non-inline crypto accelerators

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> Make fscrypt no longer use Crypto API drivers for non-inline crypto accelerators, even when the Crypto API prioritizes them over CPU-based code (which unfortunately it often does). These drivers tend to be really problematic, especially for fscrypt's synchronous workload. Specifically, exclude drivers that have CRYPTO_ALG_KERN_DRIVER_ONLY or CRYPTO_ALG_ALLOCATES_MEMORY set. (Later, CRYPTO_ALG_ASYNC should be excluded too. That's omitted for now to keep this commit backportable, since until recently some CPU-based code had CRYPTO_ALG_ASYNC set.) There are two major issues with these drivers: bugs and performance. First, these drivers tend to be buggy. They're fundamentally much more error-prone and harder to test than the CPU-based code, and they often don't get tested before kernel releases. Released drivers have en/decrypted data incorrectly. These bugs cause real issues for fscrypt users who often didn't even want to use these drivers, for example: - https://github.com/google/fscryptctl/issues/32 - https://github.com/google/fscryptctl/issues/9 - https://lore.kernel.org/r/PH0PR02MB731916ECDB6C613665863B6CFFAA2@PH0PR02MB7… These drivers have also caused issues for dm-crypt users, including data corruption and deadlocks. Since Linux v5.10, dm-crypt has disabled most of these drivers by excluding CRYPTO_ALG_ALLOCATES_MEMORY. Second, the CPU-based crypto tends to be faster, often *much* faster. This may seem counterintuitive, but benchmarks clearly show it. There's a *lot* of overhead associated with going to a hardware driver, off the CPU, and back again. Measuring synchronous AES-256-XTS encryption of 4096-byte messages (fscrypt's workload) on two platforms with non-inline crypto accelerators that I have access to: Intel Emerald Rapids server: xts-aes-vaes-avx512: 16171 MB/s [CPU-based, Vector AES] xts(ecb(aes-generic)): 305 MB/s [CPU-based, generic C code] qat_aes_xts: 289 MB/s [Offload, Intel QuickAssist] Qualcomm SM8650 HDK: xts-aes-ce: 4301 MB/s [CPU-based, ARMv8 Crypto Extensions] xts(ecb(aes-generic)): 265 MB/s [CPU-based, generic C code] xts-aes-qce: 73 MB/s [Offload, Qualcomm Crypto Engine] So, using the "accelerators" is over 50 times slower than just using the CPU. Not only that, it's even slower than the generic C code, which suggests that even on platforms whose CPUs lack AES instructions the performance benefit of any accelerator would be marginal at best. The usefulness of the accelerators could be improved with a different software architecture that allows blocks to be efficiently en/decrypted in parallel. But fscrypt does not do that today, and even the async support in the Crypto API isn't really all that efficient. And even if the accelerator was used perfectly efficiently, it seems unlikely to help on small I/O requests, for which latency is really important. As of this writing, the Crypto API prioritizes qat_aes_xts over xts-aes-vaes-avx512. Therefore, this commit greatly improves fscrypt performance on Intel servers that have QAT and the QAT driver enabled. qat_aes_xts is going to be deprioritized in the Crypto API (like I did for xts-aes-qce recently too). But as this seems to be a common pattern with all the "accelerators", fscrypt should just disable all of them. An argument that has been given in favor of non-inline crypto accelerators is that they can protect keys in hardware. But fscrypt does not take advantage of that, so it is irrelevant. (Also, it would be quite difficult for fscrypt to do that.) Note that fscrypt does support inline encryption engines, using raw or hardware-wrapped keys. These actually do work well and are widely used. These do not use the "Crypto API" and are unaffected by this commit. Fixes: b30ab0e03407 ("ext4 crypto: add ext4 encryption facilities") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- Changed in v2: - Improved commit message and comment - Dropped CRYPTO_ALG_ASYNC from the mask, to make this patch backport-friendly - Added Fixes and Cc stable fs/crypto/fscrypt_private.h | 16 ++++++++++++++++ fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 ++- fs/crypto/keysetup_v1.c | 3 ++- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index c1d92074b65c5..0e95c7a095d49 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -43,10 +43,26 @@ * hardware-wrapped keys has made it misleading as it's only for raw keys. * Don't use it in kernel code; use one of the above constants instead. */ #undef FSCRYPT_MAX_KEY_SIZE +/* + * This mask is passed as the third argument to the crypto_alloc_*() functions + * to prevent fscrypt from using the Crypto API drivers for non-inline crypto + * accelerators. Those drivers have been problematic for fscrypt. fscrypt + * users have reported hangs and even incorrect en/decryption with these + * drivers. Since going to the driver, off CPU, and back again is really slow, + * such drivers can be over 50 times slower than the CPU-based code for + * fscrypt's synchronous workload. Even on platforms that lack AES instructions + * on the CPU, any performance benefit is likely to be marginal at best. + * + * Note that fscrypt also supports inline encryption engines. Those don't use + * the Crypto API and work much better than non-inline accelerators. + */ +#define FSCRYPT_CRYPTOAPI_MASK \ + (CRYPTO_ALG_ALLOCATES_MEMORY | CRYPTO_ALG_KERN_DRIVER_ONLY) + #define FSCRYPT_CONTEXT_V1 1 #define FSCRYPT_CONTEXT_V2 2 /* Keep this in sync with include/uapi/linux/fscrypt.h */ #define FSCRYPT_MODE_MAX FSCRYPT_MODE_AES_256_HCTR2 diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c index 0f3028adc9c72..5b9c21cfe2b45 100644 --- a/fs/crypto/hkdf.c +++ b/fs/crypto/hkdf.c @@ -56,11 +56,11 @@ int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key, struct crypto_shash *hmac_tfm; static const u8 default_salt[HKDF_HASHLEN]; u8 prk[HKDF_HASHLEN]; int err; - hmac_tfm = crypto_alloc_shash(HKDF_HMAC_ALG, 0, 0); + hmac_tfm = crypto_alloc_shash(HKDF_HMAC_ALG, 0, FSCRYPT_CRYPTOAPI_MASK); if (IS_ERR(hmac_tfm)) { fscrypt_err(NULL, "Error allocating " HKDF_HMAC_ALG ": %ld", PTR_ERR(hmac_tfm)); return PTR_ERR(hmac_tfm); } diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index 0d71843af9469..d8113a7196979 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -101,11 +101,12 @@ fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key, const struct inode *inode) { struct crypto_skcipher *tfm; int err; - tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0); + tfm = crypto_alloc_skcipher(mode->cipher_str, 0, + FSCRYPT_CRYPTOAPI_MASK); if (IS_ERR(tfm)) { if (PTR_ERR(tfm) == -ENOENT) { fscrypt_warn(inode, "Missing crypto API support for %s (API name: \"%s\")", mode->friendly_name, mode->cipher_str); diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c index b70521c55132b..158ceae8a5bce 100644 --- a/fs/crypto/keysetup_v1.c +++ b/fs/crypto/keysetup_v1.c @@ -50,11 +50,12 @@ static int derive_key_aes(const u8 *master_key, { int res = 0; struct skcipher_request *req = NULL; DECLARE_CRYPTO_WAIT(wait); struct scatterlist src_sg, dst_sg; - struct crypto_skcipher *tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0); + struct crypto_skcipher *tfm = + crypto_alloc_skcipher("ecb(aes)", 0, FSCRYPT_CRYPTOAPI_MASK); if (IS_ERR(tfm)) { res = PTR_ERR(tfm); tfm = NULL; goto out; base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 -- 2.49.0

2 days, 23 hours

1
0
0 0

Reply for - Mobile World Congress Shanghai 2025!

by Delilah Murray

Hi, Just wanted to check if you have received my previous email. Any update for me? Awaiting your reply. Regards, Delilah ___________________________________________________________________________________ From: Delilah Murray Subject: Attendee’s List “Mobile World Congress Shanghai 2025”. Hi, We're excited to offer exclusive access to the “Mobile World Congress Shanghai 2025” Visitor Contact List. Event Recap:- Date: 18 - 20 Jun 2025 Location: Shanghai, China Registrants Counts: 42,276 Visitors Contacts Data Fields Available: Individual Email Address, Cell Phone Number, Contact Name, Job Title, Company Name, Website, Physical Address, LinkedIn Profile, and more. This list gives you a direct line to your ideal audience—no gatekeepers, no guesswork. If you're interested in the list, just reply "Send me Pricing" or sample? Best regards, Delilah Murray Sr. Marketing Manager Prefer not to receive these emails? Just reply “NOT INTERESTED”.

3 days, 3 hours

1
0
0 0

Re: Patch "PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset" has been added to the 6.15-stable tree

by Lukas Wunner

[cc += Joel Mathew Thomas] On Tue, Jun 10, 2025 at 08:16:05AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset > > to the 6.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > pci-pciehp-ignore-link-down-up-caused-by-secondary-b.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hi Sasha, thanks for selecting the above (which is 2af781a9edc4 upstream) as a 6.15 backport. A small feature request, could you amend the stable tooling to cc people tagged as Reported-by and Tested-by? I think they're the ones most interested in seeing something backported. Thanks! Lukas > commit 161a7237de69f65ccfe68da318343f3719149480 > Author: Lukas Wunner <lukas(a)wunner.de> > Date: Thu Apr 10 17:27:12 2025 +0200 > > PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset > > [ Upstream commit 2af781a9edc4ef5f6684c0710cc3542d9be48b31 ] > > When a Secondary Bus Reset is issued at a hotplug port, it causes a Data > Link Layer State Changed event as a side effect. On hotplug ports using > in-band presence detect, it additionally causes a Presence Detect Changed > event. > > These spurious events should not result in teardown and re-enumeration of > the device in the slot. Hence commit 2e35afaefe64 ("PCI: pciehp: Add > reset_slot() method") masked the Presence Detect Changed Enable bit in the > Slot Control register during a Secondary Bus Reset. Commit 06a8d89af551 > ("PCI: pciehp: Disable link notification across slot reset") additionally > masked the Data Link Layer State Changed Enable bit. > > However masking those bits only disables interrupt generation (PCIe r6.2 > sec 6.7.3.1). The events are still visible in the Slot Status register > and picked up by the IRQ handler if it runs during a Secondary Bus Reset. > This can happen if the interrupt is shared or if an unmasked hotplug event > occurs, e.g. Attention Button Pressed or Power Fault Detected. > > The likelihood of this happening used to be small, so it wasn't much of a > problem in practice. That has changed with the recent introduction of > bandwidth control in v6.13-rc1 with commit 665745f27487 ("PCI/bwctrl: > Re-add BW notification portdrv as PCIe BW controller"): > > Bandwidth control shares the interrupt with PCIe hotplug. A Secondary Bus > Reset causes a Link Bandwidth Notification, so the hotplug IRQ handler > runs, picks up the masked events and tears down the device in the slot. > > As a result, Joel reports VFIO passthrough failure of a GPU, which Ilpo > root-caused to the incorrect handling of masked hotplug events. > > Clearly, a more reliable way is needed to ignore spurious hotplug events. > > For Downstream Port Containment, a new ignore mechanism was introduced by > commit a97396c6eb13 ("PCI: pciehp: Ignore Link Down/Up caused by DPC"). > It has been working reliably for the past four years. > > Adapt it for Secondary Bus Resets. > > Introduce two helpers to annotate code sections which cause spurious link > changes: pci_hp_ignore_link_change() and pci_hp_unignore_link_change() > Use those helpers in lieu of masking interrupts in the Slot Control > register. > > Introduce a helper to check whether such a code section is executing > concurrently and if so, await it: pci_hp_spurious_link_change() > Invoke the helper in the hotplug IRQ thread pciehp_ist(). Re-use the > IRQ thread's existing code which ignores DPC-induced link changes unless > the link is unexpectedly down after reset recovery or the device was > replaced during the bus reset. > > That code block in pciehp_ist() was previously only executed if a Data > Link Layer State Changed event has occurred. Additionally execute it for > Presence Detect Changed events. That's necessary for compatibility with > PCIe r1.0 hotplug ports because Data Link Layer State Changed didn't exist > before PCIe r1.1. DPC was added with PCIe r3.1 and thus DPC-capable > hotplug ports always support Data Link Layer State Changed events. > But the same cannot be assumed for Secondary Bus Reset, which already > existed in PCIe r1.0. > > Secondary Bus Reset is only one of many causes of spurious link changes. > Others include runtime suspend to D3cold, firmware updates or FPGA > reconfiguration. The new pci_hp_{,un}ignore_link_change() helpers may be > used by all kinds of drivers to annotate such code sections, hence their > declarations are publicly visible in <linux/pci.h>. A case in point is > the Mellanox Ethernet driver which disables a firmware reset feature if > the Ethernet card is attached to a hotplug port, see commit 3d7a3f2612d7 > ("net/mlx5: Nack sync reset request when HotPlug is enabled"). Going > forward, PCIe hotplug will be able to cope gracefully with all such use > cases once the code sections are properly annotated. > > The new helpers internally use two bits in struct pci_dev's priv_flags as > well as a wait_queue. This mirrors what was done for DPC by commit > a97396c6eb13 ("PCI: pciehp: Ignore Link Down/Up caused by DPC"). That may > be insufficient if spurious link changes are caused by multiple sources > simultaneously. An example might be a Secondary Bus Reset issued by AER > during FPGA reconfiguration. If this turns out to happen in real life, > support for it can easily be added by replacing the PCI_LINK_CHANGING flag > with an atomic_t counter incremented by pci_hp_ignore_link_change() and > decremented by pci_hp_unignore_link_change(). Instead of awaiting a zero > PCI_LINK_CHANGING flag, the pci_hp_spurious_link_change() helper would > then simply await a zero counter. > > Fixes: 665745f27487 ("PCI/bwctrl: Re-add BW notification portdrv as PCIe BW controller") > Reported-by: Joel Mathew Thomas <proxy0(a)tutamail.com> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219765 > Signed-off-by: Lukas Wunner <lukas(a)wunner.de> > Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> > Tested-by: Joel Mathew Thomas <proxy0(a)tutamail.com> > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Link: https://patch.msgid.link/d04deaf49d634a2edf42bf3c06ed81b4ca54d17b.174429823… > Signed-off-by: Sasha Levin <sashal(a)kernel.org>

3 days, 12 hours

2
1
0 0

[PATCH 6.1 00/23] fixes from 6.11 for 6.1.y

by Leah Rumancik

Hello again, This is a series for 6.1.y for fixes from 6.11. It corresponds to the 6.6.y series here: https://lore.kernel.org/linux-xfs/20241218191725.63098-1-catherine.hoang@or… During porting, I noticed 6.1.y was missing a fix series from 6.5 that is a dependency of the fixes from 6.11 so I included those first. These were tested via the auto group on 9 configs with no regressions seen. These were also already ack'd on the xfs-stable mailing list. series from 6.5: https://lore.kernel.org/linux-xfs/168506055189.3727958.722711918040129046.s… 63ef7a35912d xfs: fix interval filtering in multi-step fsmap queries 7975aba19cba xfs: fix integer overflows in the fsmap rtbitmap and logdev backends d898137d789c xfs: fix getfsmap reporting past the last rt extent f045dd00328d xfs: clean up the rtbitmap fsmap backend a949a1c2a198 xfs: fix logdev fsmap query result filtering 3ee9351e7490 xfs: validate fsmap offsets specified in the query keys 75dc03453122 xfs: fix xfs_btree_query_range callers to initialize btree rec fully fix of 63ef7a35912dd ("xfs: fix interval filtering in multi-step fsmap queries") https://lore.kernel.org/linux-xfs/169335025661.3518128.12423331693506002020… cfa2df68b7ce xfs: fix an agbno overflow in __xfs_getfsmap_datadev 6.6 series for 6.11: https://lore.kernel.org/linux-xfs/20241218191725.63098-1-catherine.hoang@or… 85d0947db262 xfs: fix the contact address for the sysfs ABI documentation c08d03996cea xfs: verify buffer, inode, and dquot items every tx commit ff627196ddc1 xfs: use consistent uid/gid when grabbing dquots for inodes 7531c9ab2e55 xfs: declare xfs_file.c symbols in xfs_file.h c070b8802159 xfs: create a new helper to return a file's allocation unit 2e63ed9b0175 xfs: Fix xfs_flush_unmap_range() range for RT fe962ab3c4f1 xfs: Fix xfs_prepare_shift() range for RT ca96d83c9307 xfs: don't walk off the end of a directory data block 27336a327b40 xfs: remove unused parameter in macro XFS_DQUOT_LOGRES b2dcbd8a928c xfs: attr forks require attr, not attr2 4a82db7a4b73 xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set 9fadc53d793c xfs: Fix the owner setting issue for rmap query in xfs fsmap 35bd108619c2 xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code 29fcb5fef608 xfs: take m_growlock when running growfsrt e5d1ae2d4d0b xfs: reset rootdir extent size hint after growfsrt [skipped for 6.1 as scrub is not supported in 6.1:] cb95cb2450e3 xfs: convert comma to semicolon 1bee32f33c0a xfs: fix file_path handling in tracepoints - Leah Christoph Hellwig (1): xfs: fix the contact address for the sysfs ABI documentation Darrick J. Wong (17): xfs: fix interval filtering in multi-step fsmap queries xfs: fix integer overflows in the fsmap rtbitmap and logdev backends xfs: fix getfsmap reporting past the last rt extent xfs: clean up the rtbitmap fsmap backend xfs: fix logdev fsmap query result filtering xfs: validate fsmap offsets specified in the query keys xfs: fix xfs_btree_query_range callers to initialize btree rec fully xfs: fix an agbno overflow in __xfs_getfsmap_datadev xfs: verify buffer, inode, and dquot items every tx commit xfs: use consistent uid/gid when grabbing dquots for inodes xfs: declare xfs_file.c symbols in xfs_file.h xfs: create a new helper to return a file's allocation unit xfs: attr forks require attr, not attr2 xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code xfs: take m_growlock when running growfsrt xfs: reset rootdir extent size hint after growfsrt John Garry (2): xfs: Fix xfs_flush_unmap_range() range for RT xfs: Fix xfs_prepare_shift() range for RT Julian Sun (1): xfs: remove unused parameter in macro XFS_DQUOT_LOGRES Zizhi Wo (1): xfs: Fix the owner setting issue for rmap query in xfs fsmap lei lu (1): xfs: don't walk off the end of a directory data block Documentation/ABI/testing/sysfs-fs-xfs | 8 +- fs/xfs/Kconfig | 12 ++ fs/xfs/libxfs/xfs_alloc.c | 10 +- fs/xfs/libxfs/xfs_dir2_data.c | 31 ++- fs/xfs/libxfs/xfs_dir2_priv.h | 7 + fs/xfs/libxfs/xfs_quota_defs.h | 2 +- fs/xfs/libxfs/xfs_refcount.c | 13 +- fs/xfs/libxfs/xfs_rmap.c | 10 +- fs/xfs/libxfs/xfs_trans_resv.c | 28 +-- fs/xfs/scrub/bmap.c | 8 +- fs/xfs/xfs.h | 4 + fs/xfs/xfs_bmap_util.c | 22 +- fs/xfs/xfs_buf_item.c | 32 +++ fs/xfs/xfs_dquot_item.c | 31 +++ fs/xfs/xfs_file.c | 33 ++- fs/xfs/xfs_file.h | 15 ++ fs/xfs/xfs_fsmap.c | 266 ++++++++++++++----------- fs/xfs/xfs_inode.c | 29 ++- fs/xfs/xfs_inode.h | 2 + fs/xfs/xfs_inode_item.c | 32 +++ fs/xfs/xfs_ioctl.c | 12 ++ fs/xfs/xfs_iops.c | 1 + fs/xfs/xfs_iops.h | 3 - fs/xfs/xfs_rtalloc.c | 78 ++++++-- fs/xfs/xfs_symlink.c | 8 +- fs/xfs/xfs_trace.h | 25 +++ 26 files changed, 505 insertions(+), 217 deletions(-) create mode 100644 fs/xfs/xfs_file.h -- 2.50.0.rc1.591.g9c95f17f64-goog

3 days, 14 hours

2
24
0 0

Backport sh-sci fixes to 6.12.y

by Claudiu Beznea

Hi, stable team, Please backport the following commits to 6.12.y: 1/ 239f11209e5f ("serial: sh-sci: Move runtime PM enable to sci_probe_single()") 2/ 5f1017069933 ("serial: sh-sci: Clean sci_ports[0] after at earlycon exit") 3/ 651dee03696e ("serial: sh-sci: Increment the runtime usage counter for the earlycon device") These applies cleanly on top of 6.12.y (if applied in the order provided above) and fix the debug console on Renesas devices. Thank you, Claudiu Beznea

3 days, 14 hours

2
3
0 0

[PATCH AUTOSEL 6.15 001/118] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index e1e8bd2ec155b..d1f1ae5ea161c 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -5283,7 +5283,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 days, 23 hours

6
126
0 0

[PATCH 0/8] Fix bcache regression with equality-aware heap APIs

by Kuan-Wei Chiu

This patch series introduces equality-aware variants of the min heap API that use a top-down heapify strategy to improve performance when many elements are equal under the comparison function. It also updates the documentation accordingly and modifies bcache to use the new APIs to fix a performance regression caused by the switch to the generic min heap library. In particular, invalidate_buckets_lru() in bcache suffered from increased comparison overhead due to the bottom-up strategy introduced in commit 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap"). The regression is addressed by switching to the equality-aware variants and using the inline versions to avoid function call overhead in this hot path. Cc: stable(a)vger.kernel.org --- To avoid duplicated effort and expedite resolution, Robert kindly agreed that I should submit my already-completed series instead. Many thanks to him for his cooperation and support. Kuan-Wei Chiu (8): lib min_heap: Add equal-elements-aware sift_down variant lib min_heap: Add typedef for sift_down function pointer lib min_heap: add eqaware variant of min_heapify_all() lib min_heap: add eqaware variant of min_heap_pop() lib min_heap: add eqaware variant of min_heap_pop_push() lib min_heap: add eqaware variant of min_heap_del() Documentation/core-api: min_heap: Document _eqaware variants of min-heap APIs bcache: Fix the tail IO latency regression by using equality-aware min heap API Documentation/core-api/min_heap.rst | 20 +++++ drivers/md/bcache/alloc.c | 15 ++-- include/linux/min_heap.h | 131 +++++++++++++++++++++++----- lib/min_heap.c | 23 +++-- 4 files changed, 154 insertions(+), 35 deletions(-) -- 2.34.1

4 days, 2 hours

3
17
0 0

+ mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() has been added to the -mm mm-unstable branch. Its filename is mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Date: Fri, 13 Jun 2025 11:27:00 +0200 Patch series "mm/huge_memory: vmf_insert_folio_*() and vmf_insert_pfn_pud() fixes", v3. While working on improving vm_normal_page() and friends, I stumbled over this issues: refcounted "normal" folios must not be marked using pmd_special() / pud_special(). Otherwise, we're effectively telling the system that these folios are no "normal", violating the rules we documented for vm_normal_page(). Fortunately, there are not many pmd_special()/pud_special() users yet. So far there doesn't seem to be serious damage. Tested using the ndctl tests ("ndctl:dax" suite). This patch (of 3): We set up the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. It is unclear in which configurations we would get the cachemode wrong: through vfio seems possible. Getting cachemodes wrong is usually ... bad. As the fix is easy, let's backport it to stable. Identified by code inspection. Link: https://lkml.kernel.org/r/20250613092702.1943533-1-david@redhat.com Link: https://lkml.kernel.org/r/20250613092702.1943533-2-david@redhat.com Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Tested-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/huge_memory.c~mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud +++ a/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_ pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct v add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; _ Patches currently in -mm which might be from david(a)redhat.com are mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

4 days, 4 hours

1
0
0 0

[PATCH 1/1] Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled

by mhkelley58＠gmail.com

From: Michael Kelley <mhklinux(a)outlook.com> Commit 96959283a58d ("Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests") selects CONFIG_SYSFB for Hyper-V guests so that screen_info is available to the VMBus driver to get the location of the framebuffer in Generation 2 VMs. However, if CONFIG_HYPERV is enabled but CONFIG_EFI is not, a kernel link error results in ARM64 builds because screen_info is provided by the EFI firmware interface. While configuring an ARM64 Hyper-V guest without EFI isn't useful since EFI is required to boot, the configuration is still possible and the link error should be prevented. Fix this by making the selection of CONFIG_SYSFB conditional on CONFIG_EFI being defined. For Generation 1 VMs on x86/x64, which don't use EFI, the additional condition is OK because such VMs get the framebuffer information via a mechanism that doesn't use screen_info. Fixes: 96959283a58d ("Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests") Reported-by: Arnd Bergmann <arnd(a)arndb.de> Closes: https://lore.kernel.org/linux-hyperv/20250610091810.2638058-1-arnd@kernel.o… Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202506080820.1wmkQufc-lkp@intel.com/ Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> --- drivers/hv/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig index 1cd188b73b74..57623ca7f350 100644 --- a/drivers/hv/Kconfig +++ b/drivers/hv/Kconfig @@ -9,7 +9,7 @@ config HYPERV select PARAVIRT select X86_HV_CALLBACK_VECTOR if X86 select OF_EARLY_FLATTREE if OF - select SYSFB if !HYPERV_VTL_MODE + select SYSFB if EFI && !HYPERV_VTL_MODE help Select this option to run Linux as a Hyper-V client operating system. -- 2.25.1

4 days, 5 hours

2
1
0 0

[PATCH 1/3] mtd: spinand: winbond: Fix W35N number of planes/LUN

by Miquel Raynal

There's been a mistake when extracting the geometry of the W35N02 and W35N04 chips from the datasheet. There is a single plane, however there are respectively 2 and 4 LUNs. They are actually referred in the datasheet as dies (equivalent of target), but as there is no die select operation and the chips only feature a single configuration register for the entire chip (instead of one per die), we can reasonably assume we are talking about LUNs and not dies. Reported-by: Andreas Dannenberg <dannenberg(a)ti.com> Suggested-by: Vignesh Raghavendra <vigneshr(a)ti.com> Fixes: 25e08bf66660 ("mtd: spinand: winbond: Add support for W35N02JW and W35N04JW chips") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/spi/winbond.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/spi/winbond.c b/drivers/mtd/nand/spi/winbond.c index 19f8dd4a6370..2808bbd7a16e 100644 --- a/drivers/mtd/nand/spi/winbond.c +++ b/drivers/mtd/nand/spi/winbond.c @@ -289,7 +289,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N02JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x22), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 2, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 2, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, @@ -298,7 +298,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N04JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x23), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 4, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 4, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, -- 2.48.1

4 days, 10 hours

1
0
0 0

[PATCH net] virtio-net: drop the multi-buffer XDP packet in zerocopy

by Bui Quang Minh

In virtio-net, we have not yet supported multi-buffer XDP packet in zerocopy mode when there is a binding XDP program. However, in that case, when receiving multi-buffer XDP packet, we skip the XDP program and return XDP_PASS. As a result, the packet is passed to normal network stack which is an incorrect behavior. This commit instead returns XDP_DROP in that case. Fixes: 99c861b44eb1 ("virtio_net: xsk: rx: support recv merge mode") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- drivers/net/virtio_net.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..4c35324d6e5b 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -1309,9 +1309,14 @@ static struct sk_buff *virtnet_receive_xsk_merge(struct net_device *dev, struct ret = XDP_PASS; rcu_read_lock(); prog = rcu_dereference(rq->xdp_prog); - /* TODO: support multi buffer. */ - if (prog && num_buf == 1) - ret = virtnet_xdp_handler(prog, xdp, dev, xdp_xmit, stats); + if (prog) { + /* TODO: support multi buffer. */ + if (num_buf == 1) + ret = virtnet_xdp_handler(prog, xdp, dev, xdp_xmit, + stats); + else + ret = XDP_DROP; + } rcu_read_unlock(); switch (ret) { -- 2.43.0

4 days, 12 hours

6
14
0 0

Re: [PATCH net-next v9 2/2] page_pool: Track DMA-mapped pages and unmap them when destroying the pool

by Jakub Kicinski

On Fri, 13 Jun 2025 10:41:10 +0200 Toke Høiland-Jørgensen wrote: > Jakub Kicinski <kuba(a)kernel.org> writes: > > > On Thu, 12 Jun 2025 09:25:30 +0200 Toke Høiland-Jørgensen wrote: > >> Hmm, okay, guess we should ask Sasha to drop these, then? > >> > >> https://lore.kernel.org/r/20250610122811.1567780-1-sashal@kernel.org > >> https://lore.kernel.org/r/20250610120306.1543986-1-sashal@kernel.org > > > > These links don't work for me? > > Oh, sorry, didn't realise the stable notifications are not archived on > lore. Here are the patches in the stable queue: > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre… > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre… > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre… > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre… Thanks! Sasha, could we drop these please? They need more mileage before we send them to LTS.

4 days, 13 hours

1
0
0 0

[PATCH v2] leds: flash: leds-qcom-flash: Fix registry access after re-bind

by Krzysztof Kozlowski

Driver in probe() updates each of 'reg_field' with 'reg_base': for (i = 0; i < REG_MAX_COUNT; i++) regs[i].reg += reg_base; 'reg_field' array (under variable 'regs' above) is statically allocated, thus each re-bind would add another 'reg_base' leading to bogus register addresses. Constify the local 'reg_field' array and duplicate it in probe to solve this. Fixes: 96a2e242a5dc ("leds: flash: Add driver to support flash LED module in QCOM PMICs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. Fix sizeof() argument (Fenglin Wu) This is a nice example why constifying static memory is useful. --- drivers/leds/flash/leds-qcom-flash.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/leds/flash/leds-qcom-flash.c b/drivers/leds/flash/leds-qcom-flash.c index b4c19be51c4d..89cf5120f5d5 100644 --- a/drivers/leds/flash/leds-qcom-flash.c +++ b/drivers/leds/flash/leds-qcom-flash.c @@ -117,7 +117,7 @@ enum { REG_MAX_COUNT, }; -static struct reg_field mvflash_3ch_regs[REG_MAX_COUNT] = { +static const struct reg_field mvflash_3ch_regs[REG_MAX_COUNT] = { REG_FIELD(0x08, 0, 7), /* status1 */ REG_FIELD(0x09, 0, 7), /* status2 */ REG_FIELD(0x0a, 0, 7), /* status3 */ @@ -132,7 +132,7 @@ static struct reg_field mvflash_3ch_regs[REG_MAX_COUNT] = { REG_FIELD(0x58, 0, 2), /* therm_thrsh3 */ }; -static struct reg_field mvflash_4ch_regs[REG_MAX_COUNT] = { +static const struct reg_field mvflash_4ch_regs[REG_MAX_COUNT] = { REG_FIELD(0x06, 0, 7), /* status1 */ REG_FIELD(0x07, 0, 6), /* status2 */ REG_FIELD(0x09, 0, 7), /* status3 */ @@ -854,11 +854,17 @@ static int qcom_flash_led_probe(struct platform_device *pdev) if (val == FLASH_SUBTYPE_3CH_PM8150_VAL || val == FLASH_SUBTYPE_3CH_PMI8998_VAL) { flash_data->hw_type = QCOM_MVFLASH_3CH; flash_data->max_channels = 3; - regs = mvflash_3ch_regs; + regs = devm_kmemdup(dev, mvflash_3ch_regs, sizeof(mvflash_3ch_regs), + GFP_KERNEL); + if (!regs) + return -ENOMEM; } else if (val == FLASH_SUBTYPE_4CH_VAL) { flash_data->hw_type = QCOM_MVFLASH_4CH; flash_data->max_channels = 4; - regs = mvflash_4ch_regs; + regs = devm_kmemdup(dev, mvflash_4ch_regs, sizeof(mvflash_4ch_regs), + GFP_KERNEL); + if (!regs) + return -ENOMEM; rc = regmap_read(regmap, reg_base + FLASH_REVISION_REG, &val); if (rc < 0) { @@ -880,6 +886,7 @@ static int qcom_flash_led_probe(struct platform_device *pdev) dev_err(dev, "Failed to allocate regmap field, rc=%d\n", rc); return rc; } + devm_kfree(dev, regs); /* devm_regmap_field_bulk_alloc() makes copies */ platform_set_drvdata(pdev, flash_data); mutex_init(&flash_data->lock); -- 2.45.2

4 days, 14 hours

3
2
0 0

[PATCH v2] mfd: cros_ec: Separate charge-control probing from USB-PD

by Thomas Weißschuh

The charge-control subsystem in the ChromeOS EC is not strictly tied to its USB-PD subsystem. Since commit 7613bc0d116a ("mfd: cros_ec: Don't load charger with UCSI") the presence of EC_FEATURE_UCSI_PPM would inhibit the probing of the charge-control driver. Furthermore recent versions of the EC firmware in Framework laptops hard-disable EC_FEATURE_USB_PD to avoid probing cros-usbpd-charger, which then also breaks cros-charge-control. Instead use the dedicated EC_FEATURE_CHARGER. Link: https://github.com/FrameworkComputer/EmbeddedController/commit/1d7bcf1d5013… Fixes: 555b5fcdb844 ("mfd: cros_ec: Register charge control subdevice") Cc: stable(a)vger.kernel.org Tested-by: Tom Vincent <linux(a)tlvince.com> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Changes in v2: - Rebase onto v6.16-rc1 - Pick up tested-by from Tom - Also Cc stable@ - Link to v1: https://lore.kernel.org/r/20250521-cros-ec-mfd-chctl-probe-v1-1-6ebfe3a6efa… --- drivers/mfd/cros_ec_dev.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/mfd/cros_ec_dev.c b/drivers/mfd/cros_ec_dev.c index 9f84a52b48d6a8994d23edba999398684303ee64..dc80a272726bb16b58253418999021cd56dfd975 100644 --- a/drivers/mfd/cros_ec_dev.c +++ b/drivers/mfd/cros_ec_dev.c @@ -87,7 +87,6 @@ static const struct mfd_cell cros_ec_sensorhub_cells[] = { }; static const struct mfd_cell cros_usbpd_charger_cells[] = { - { .name = "cros-charge-control", }, { .name = "cros-usbpd-charger", }, { .name = "cros-usbpd-logger", }, }; @@ -112,6 +111,10 @@ static const struct mfd_cell cros_ec_ucsi_cells[] = { { .name = "cros_ec_ucsi", }, }; +static const struct mfd_cell cros_ec_charge_control_cells[] = { + { .name = "cros-charge-control", }, +}; + static const struct cros_feature_to_cells cros_subdevices[] = { { .id = EC_FEATURE_CEC, @@ -148,6 +151,11 @@ static const struct cros_feature_to_cells cros_subdevices[] = { .mfd_cells = cros_ec_keyboard_leds_cells, .num_cells = ARRAY_SIZE(cros_ec_keyboard_leds_cells), }, + { + .id = EC_FEATURE_CHARGER, + .mfd_cells = cros_ec_charge_control_cells, + .num_cells = ARRAY_SIZE(cros_ec_charge_control_cells), + }, }; static const struct mfd_cell cros_ec_platform_cells[] = { --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250521-cros-ec-mfd-chctl-probe-64a63ac9c160 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

4 days, 14 hours

3
2
0 0

[PATCH v3 1/3] mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud()

by David Hildenbrand

We setup the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. It is unclear in which configurations we would get the cachemode wrong: through vfio seems possible. Getting cachemodes wrong is usually ... bad. As the fix is easy, let's backport it to stable. Identified by code inspection. Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Tested-by: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index d3e66136e41a3..49b98082c5401 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud, struct vm_area_struct *vma) } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_fault *vmf, pfn_t pfn, bool write) pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct vm_fault *vmf, struct folio *folio, add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; -- 2.49.0

4 days, 14 hours

2
1
0 0

[PATCH v3] ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard

by Niklas Cassel

A user has bisected a regression which causes graphical corruptions on his screen to commit 7627a0edef54 ("ata: ahci: Drop low power policy board type"). Simply reverting commit 7627a0edef54 ("ata: ahci: Drop low power policy board type") makes the graphical corruptions on his screen to go away. (Note: there are no visible messages in dmesg that indicates a problem with AHCI.) The user also reports that the problem occurs regardless if there is an HDD or an SSD connected via AHCI, so the problem is not device related. The devices also work fine on other motherboards, so it seems specific to the ASUSPRO-D840SA motherboard. While enabling low power modes for AHCI is not supposed to affect completely unrelated hardware, like a graphics card, it does however allow the system to enter deeper PC-states, which could expose ACPI issues that were previously not visible (because the system never entered these lower power states before). There are previous examples where enabling LPM exposed serious BIOS/ACPI bugs, see e.g. commit 240630e61870 ("ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS"). Since there hasn't been any BIOS update in years for the ASUSPRO-D840SA motherboard, disable LPM for this board, in order to avoid entering lower PC-states, which triggers graphical corruptions. Cc: stable(a)vger.kernel.org Reported-by: Andy Yang <andyybtc79(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220111 Fixes: 7627a0edef54 ("ata: ahci: Drop low power policy board type") Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- Changes since v2: -Rework how we handle the quirk so that we also quirk future BIOS versions unless a build date is explicitly added to driver_data. drivers/ata/ahci.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index e7c8357cbc54..c8ad8ace7496 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -1410,8 +1410,15 @@ static bool ahci_broken_suspend(struct pci_dev *pdev) static bool ahci_broken_lpm(struct pci_dev *pdev) { + /* + * Platforms with LPM problems. + * If driver_data is NULL, there is no existing BIOS version with + * functioning LPM. + * If driver_data is non-NULL, then driver_data contains the DMI BIOS + * build date of the first BIOS version with functioning LPM (i.e. older + * BIOS versions have broken LPM). + */ static const struct dmi_system_id sysids[] = { - /* Various Lenovo 50 series have LPM issues with older BIOSen */ { .matches = { DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), @@ -1440,6 +1447,13 @@ static bool ahci_broken_lpm(struct pci_dev *pdev) }, .driver_data = "20180409", /* 2.35 */ }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_VERSION, "ASUSPRO D840MB_M840SA"), + }, + /* 320 is broken, there is no known good version yet. */ + }, { } /* terminate list */ }; const struct dmi_system_id *dmi = dmi_first_match(sysids); @@ -1449,6 +1463,9 @@ static bool ahci_broken_lpm(struct pci_dev *pdev) if (!dmi) return false; + if (!dmi->driver_data) + return true; + dmi_get_date(DMI_BIOS_DATE, &year, &month, &date); snprintf(buf, sizeof(buf), "%04d%02d%02d", year, month, date); -- 2.49.0

4 days, 15 hours

3
3
0 0

[PATCH] Revert "platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1"

by Kurt Borja

This reverts commit 5ff79cabb23a2f14d2ed29e9596aec908905a0e6. Although the Alienware m16 R1 AMD model supports G-Mode, it actually has a lower power ceiling than plain "performance" profile, which results in lower performance. Reported-by: Cihan Ozakca <cozakca(a)outlook.com> Cc: stable(a)vger.kernel.org # 6.15.x Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> --- Hi all, Contrary to (my) intuition, imitating Windows behavior actually results in LOWER performance. I was having second thoughts about this revert because users will notice that "performance" not longer turns on the G-Mode key found in this laptop. Some users may think this is actually a regression, but IMO lower performance is worse. --- drivers/platform/x86/dell/alienware-wmi-wmax.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index c42f9228b0b255fe962b735ac96486824e83945f..20ec122a9fe0571a1ecd2ccf630615564ab30481 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -119,7 +119,7 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m16 R1 AMD"), }, - .driver_data = &g_series_quirks, + .driver_data = &generic_quirks, }, { .ident = "Alienware m16 R2", --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250611-m16-rev-8109b82dee30 -- ~ Kurt

4 days, 16 hours

2
1
0 0

[PATCH] drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64

by Ankit Nautiyal

DIV_ROUND_CLOSEST_ULL uses do_div(), which expects a 32-bit divisor. When passing a 64-bit constant like CURVE2_MULTIPLIER, the value is silently truncated to u32, potentially leading to incorrect results on large divisors. Replace DIV_ROUND_CLOSEST_ULL with div64_u64(), which correctly handles full 64-bit division. Since the result is clamped between 1 and 127, rounding is unnecessary and truncating division is sufficient. Fixes: 5947642004bf ("drm/i915/display: Add support for SNPS PHY HDMI PLL algorithm for DG2") Cc: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> Cc: Suraj Kandpal <suraj.kandpal(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> --- drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c b/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c index 74bb3bedf30f..ac609bdf6653 100644 --- a/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c +++ b/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c @@ -103,8 +103,8 @@ static void get_ana_cp_int_prop(u64 vco_clk, DIV_ROUND_DOWN_ULL(curve_1_interpolated, CURVE0_MULTIPLIER))); ana_cp_int_temp = - DIV_ROUND_CLOSEST_ULL(DIV_ROUND_DOWN_ULL(adjusted_vco_clk1, curve_2_scaled1), - CURVE2_MULTIPLIER); + div64_u64(DIV_ROUND_DOWN_ULL(adjusted_vco_clk1, curve_2_scaled1), + CURVE2_MULTIPLIER); *ana_cp_int = max(1, min(ana_cp_int_temp, 127)); -- 2.45.2

4 days, 18 hours

3
2
0 0

Reply Request: UITP Summit - Hamburg 2025 Attendees List

by Michelle Calara

Hi, Following up on my primary email about the visitor list. Please let me know your thoughts, and I'd be happy to give more details. Best regards, Grace Subject: UITP Summit - Hamburg 2025! Hi, I wanted to check if you’d be interested in acquiring the attendees list of UITP Summit - Hamburg 2025? Event Overview: Dates: 15 - 18 Jun 2025 Location: Hamburg, Germany Attendees: 10,126 Exhibitors: 380 Each contact contains: Contact Name, First Name, Last Name, Job Title, Company, Website Address, City, State, Zip, Country Code, Revenue, Employee Size, Email, Phone Number, and Fax Number. If you're interested in the list, just reply "Send Counts and Cost"? Best regards, Michelle Calara Senior Marketing Manager To unsubscribe, simply respond with “Not interested.”

4 days, 19 hours

1
0
0 0

[tip: perf/urgent] perf/x86/intel: Fix crash in icl_update_topdown_event()

by tip-bot2 for Kan Liang

The following commit has been merged into the perf/urgent branch of tip: Commit-ID: b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed Gitweb: https://git.kernel.org/tip/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed Author: Kan Liang <kan.liang(a)linux.intel.com> AuthorDate: Thu, 12 Jun 2025 07:38:18 -07:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Fri, 13 Jun 2025 09:38:06 +02:00 perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: <TASK> icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it. Fixes: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") Closes: https://lore.kernel.org/lkml/352f0709-f026-cd45-e60c-60dfd97f73f3@maine.edu/ Reported-by: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Vince Weaver <vincent.weaver(a)maine.edu> Cc: stable(a)vger.kernel.org # v6.15+ Link: https://lore.kernel.org/r/20250612143818.2889040-1-kan.liang@linux.intel.com --- arch/x86/events/intel/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 741b229..c2fb729 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -2826,7 +2826,7 @@ static void intel_pmu_read_event(struct perf_event *event) * If the PEBS counters snapshotting is enabled, * the topdown event is available in PEBS records. */ - if (is_topdown_event(event) && !is_pebs_counter_event_group(event)) + if (is_topdown_count(event) && !is_pebs_counter_event_group(event)) static_call(intel_pmu_update_topdown_event)(event, NULL); else intel_pmu_drain_pebs_buffer();

4 days, 20 hours

1
0
0 0

[PATCH V3 2/2] PCI: Prevent LS7A Bus Master clearing on kexec

by Huacai Chen

This is similar to commit 62b6dee1b44a ("PCI/portdrv: Prevent LS7A Bus Master clearing on shutdown"), which prevents LS7A Bus Master clearing on kexec. The key point of this is to work around the LS7A defect that clearing PCI_COMMAND_MASTER prevents MMIO requests from going downstream, and we may need to do that even after .shutdown(), e.g., to print console messages. And in this case we rely on .shutdown() for the downstream devices to disable interrupts and DMA. Only skip Bus Master clearing on bridges because endpoint devices still need it. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ming Wang <wangming01(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 602838416e6a..8a1e32367a06 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -517,7 +517,7 @@ static void pci_device_shutdown(struct device *dev) * If it is not a kexec reboot, firmware will hit the PCI * devices with big hammer and stop their DMA any way. */ - if (kexec_in_progress && (pci_dev->current_state <= PCI_D3hot)) + if (kexec_in_progress && !pci_is_bridge(pci_dev) && (pci_dev->current_state <= PCI_D3hot)) pci_clear_master(pci_dev); } -- 2.47.1

4 days, 21 hours

2
1
0 0

[PATCH V3 1/2] PCI: Use local_pci_probe() when best selected cpu is offline

by Huacai Chen

From: Hongchen Zhang <zhanghongchen(a)loongson.cn> When the best selected CPU is offline, work_on_cpu() will stuck forever. This can be happen if a node is online while all its CPUs are offline (we can use "maxcpus=1" without "nr_cpus=1" to reproduce it), Therefore, in this case, we should call local_pci_probe() instead of work_on_cpu(). Cc: <stable(a)vger.kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index c8bd71a739f7..602838416e6a 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -386,7 +386,7 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, free_cpumask_var(wq_domain_mask); } - if (cpu < nr_cpu_ids) + if ((cpu < nr_cpu_ids) && cpu_online(cpu)) error = work_on_cpu(cpu, local_pci_probe, &ddi); else error = local_pci_probe(&ddi); -- 2.47.1

4 days, 21 hours

2
1
0 0

two nouveau patches for 6.15 stable

by Dave Airlie

Hey, Can we please get 4570355f8eaa476164cfb7ca959fdbf0cebbc9eb Author: Zhi Wang <zhiw(a)nvidia.com> Date: Thu Feb 27 01:35:53 2025 +0000 drm/nouveau/nvkm: factor out current GSP RPC command policies a738fa9105ac2897701ba4067c33e85faa27d1e2 Author: Zhi Wang <zhiw(a)nvidia.com> Date: Thu Feb 27 01:35:54 2025 +0000 drm/nouveau/nvkm: introduce new GSP reply policy NVKM_GSP_RPC_REPLY_POLL Into 6.15 stable they fix a major regression in suspend/resume on nouveau. Thanks, Dave.

4 days, 22 hours

1
0
0 0

[PATCH v2 0/6] media: ti, cdns: Multiple pixel support and misc fixes

by Jai Luthra

Hi, The first four patches in this series are miscellaneous fixes and improvements in the Cadence and TI CSI-RX drivers around probing, fwnode and link creation. The last two patches add support for transmitting multiple pixels per clock on the internal bus between Cadence CSI-RX bridge and TI CSI-RX wrapper. As this internal bus is 32-bit wide, the maximum number of pixels that can be transmitted per cycle depend upon the format's bit width. Secondly, the downstream element must support unpacking of multiple pixels. Thus we export a module function that can be used by the downstream driver to negotiate the pixels per cycle on the output pixel stream of the Cadence bridge. Signed-off-by: Jai Luthra <jai.luthra(a)ideasonboard.com> --- Changes in v2: - Rebase on v6.15-rc1 - Fix lkp warnings in PATCH 5/6 missing header for FIELD_PREP - Add R-By tags from Devarsh and Changhuang - Link to v1: https://lore.kernel.org/r/20250324-probe_fixes-v1-0-5cd5b9e1cfac@ideasonboa… --- Jai Luthra (6): media: ti: j721e-csi2rx: Use devm_of_platform_populate media: ti: j721e-csi2rx: Use fwnode_get_named_child_node media: ti: j721e-csi2rx: Fix source subdev link creation media: cadence: csi2rx: Implement get_fwnode_pad op media: cadence: cdns-csi2rx: Support multiple pixels per clock cycle media: ti: j721e-csi2rx: Support multiple pixels per clock drivers/media/platform/cadence/cdns-csi2rx.c | 76 +++++++++++++++++----- drivers/media/platform/cadence/cdns-csi2rx.h | 19 ++++++ drivers/media/platform/ti/Kconfig | 3 +- .../media/platform/ti/j721e-csi2rx/j721e-csi2rx.c | 66 ++++++++++++++----- 4 files changed, 129 insertions(+), 35 deletions(-) --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250314-probe_fixes-7e0ec33c7fee Best regards, -- Jai Luthra <jai.luthra(a)ideasonboard.com>

4 days, 22 hours

2
3
0 0

Re: it's Seven again for PCBA One-stop Service

by Seven

Hi , What would it mean to you if your business was able to reduce Expenses by 20% (Clients: Littelfuse, Corsair, BMB, Mercedes-Benz, Fantac) We are a PCBA factory with an area of 6,000 square meters. We have been in this industry for 18 years and have an experienced team of engineers. Help you reduce BOM Expenses Fast delivery (15 days for Demo) Competitive prices (10% lower than peers) Real factory processing fees are Fees Complete quality management system (ISO9001,ISO14001,ISO13485,IATF16949,UL)Given how well our pcba service suits your needs, I think we could do some Excellent work together. Seven LeeChief Technology Officer Business Department | Shenzhen STHL Technology Co,Ltd +8618569002840 Seven(a)pcba-china.com 在2025-06-04，Seven <seven(a)ems-sthi.com> 写道:-----原始邮件----- 发件人： Seven <seven(a)ems-sthi.com> 发件时间: 2025年06月04日周三收件人： [Linux-stable-mirror <linux-stable-mirror(a)lists.linaro.org>] 主题： Re:Jordan recommend me get in touch Hi, Glad to know you and your company from Jordan. I‘m Seven CTO of STHL We are a one-stop service provider for PCBA. We can help you with production from PCB to finished product assembly. Why Partner With Us? ✅ One-Stop Expertise: From PCB fabrication, PCBA (SMT & Through-Hole), custom cable harnesses, , to final product assembly – we eliminate multi-vendor coordination risks. ✅ Cost Efficiency: 40%+ clients reduce logistics/QC costs through our integrated service model (ISO 9001:2015 certified). ✅ Speed-to-Market: Average 15% faster lead times achieved via in-house vertical integration. Recent Success Case: Helped a German IoT startup scale from prototype to 50K-unit/month production within 6 months through our: PCB Design-for-Manufacturing (DFM) optimization Automated PCBA with 99.98% first-pass yield Mechanical housing CNC machining & IP67-rated assembly Seven Marcus CTO Shenzhen STHL Technology Co,Ltd +8618569002840 Seven(a)pcba-china.com

4 days, 22 hours

1
0
0 0

[PATCH] arm64/ptdump: Ensure memory hotplug is prevented during ptdump_check_wx()

by Anshuman Khandual

The arm64 page table dump code can race with concurrent modification of the kernel page tables. When a leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. When intermediate levels of table are freed, the dump code will continue to use memory which has been freed and potentially reallocated for another purpose. In such cases, the dump code may dereference bogus addresses, leading to a number of potential problems. This problem was fixed for ptdump_show() earlier via commit 'bf2b59f60ee1 ("arm64/mm: Hold memory hotplug lock while walking for kernel page table dump")' but a same was missed for ptdump_check_wx() which faced the race condition as well. Let's just take the memory hotplug lock while executing ptdump_check_wx(). Cc: stable(a)vger.kernel.org Fixes: bbd6ec605c0f ("arm64/mm: Enable memory hot remove") Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-kernel(a)vger.kernel.org Reported-by: Dev Jain <dev.jain(a)arm.com> Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> --- This patch applies on v6.16-rc1 Dev Jain found this via code inspection. arch/arm64/mm/ptdump.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c index 421a5de806c62..551f80d41e8d2 100644 --- a/arch/arm64/mm/ptdump.c +++ b/arch/arm64/mm/ptdump.c @@ -328,7 +328,7 @@ static struct ptdump_info kernel_ptdump_info __ro_after_init = { .mm = &init_mm, }; -bool ptdump_check_wx(void) +static bool __ptdump_check_wx(void) { struct ptdump_pg_state st = { .seq = NULL, @@ -367,6 +367,16 @@ bool ptdump_check_wx(void) } } +bool ptdump_check_wx(void) +{ + bool ret; + + get_online_mems(); + ret = __ptdump_check_wx(); + put_online_mems(); + return ret; +} + static int __init ptdump_init(void) { u64 page_offset = _PAGE_OFFSET(vabits_actual); -- 2.30.2

4 days, 23 hours

5
5
0 0

[PATCH 6.12.y] wifi: rtw89: phy: add dummy C2H event handler for report of TAS power

by Zenm Chen

From: Ping-Ke Shih <pkshih(a)realtek.com> [ Upstream commit 09489812013f9ff3850c3af9900c88012b8c1e5d ] The newer firmware, like RTL8852C version 0.27.111.0, will notify driver report of TAS (Time Averaged SAR) power by new C2H events. This is to assist in higher accurate calculation of TAS. For now, driver doesn't use the report yet, so add a dummy handler to avoid it throws info like: rtw89_8852ce 0000:03:00.0: c2h class 9 func 6 not support Also add "MAC" and "PHY" to the message to disambiguate the source of C2H event. Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Link: https://patch.msgid.link/20241209042127.21424-1-pkshih@realtek.com Signed-off-by: Zenm Chen <zenmchen(a)gmail.com> --- Currently the rtw89 driver in kernel 6.12.y could spam the system log with the messages below if the distro provides a newer firmware, backport this patch to 6.12.y to fix it. [ 13.207637] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 17.115171] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 19.117996] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 21.122162] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 23.123588] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 25.127008] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 31.246591] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 34.665080] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 41.064308] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 43.067127] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 45.069878] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 47.072845] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 49.265599] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 51.268512] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 53.271490] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 55.274271] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support --- drivers/net/wireless/realtek/rtw89/mac.c | 4 ++-- drivers/net/wireless/realtek/rtw89/phy.c | 10 ++++++++-- drivers/net/wireless/realtek/rtw89/phy.h | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/mac.c b/drivers/net/wireless/realtek/rtw89/mac.c index 9b09d4b7d..2188bca89 100644 --- a/drivers/net/wireless/realtek/rtw89/mac.c +++ b/drivers/net/wireless/realtek/rtw89/mac.c @@ -5513,11 +5513,11 @@ void rtw89_mac_c2h_handle(struct rtw89_dev *rtwdev, struct sk_buff *skb, case RTW89_MAC_C2H_CLASS_FWDBG: return; default: - rtw89_info(rtwdev, "c2h class %d not support\n", class); + rtw89_info(rtwdev, "MAC c2h class %d not support\n", class); return; } if (!handler) { - rtw89_info(rtwdev, "c2h class %d func %d not support\n", class, + rtw89_info(rtwdev, "MAC c2h class %d func %d not support\n", class, func); return; } diff --git a/drivers/net/wireless/realtek/rtw89/phy.c b/drivers/net/wireless/realtek/rtw89/phy.c index 5c31639b4..355c3f58a 100644 --- a/drivers/net/wireless/realtek/rtw89/phy.c +++ b/drivers/net/wireless/realtek/rtw89/phy.c @@ -3062,10 +3062,16 @@ rtw89_phy_c2h_rfk_report_state(struct rtw89_dev *rtwdev, struct sk_buff *c2h, u3 (int)(len - sizeof(report->hdr)), &report->state); } +static void +rtw89_phy_c2h_rfk_log_tas_pwr(struct rtw89_dev *rtwdev, struct sk_buff *c2h, u32 len) +{ +} + static void (* const rtw89_phy_c2h_rfk_report_handler[])(struct rtw89_dev *rtwdev, struct sk_buff *c2h, u32 len) = { [RTW89_PHY_C2H_RFK_REPORT_FUNC_STATE] = rtw89_phy_c2h_rfk_report_state, + [RTW89_PHY_C2H_RFK_LOG_TAS_PWR] = rtw89_phy_c2h_rfk_log_tas_pwr, }; bool rtw89_phy_c2h_chk_atomic(struct rtw89_dev *rtwdev, u8 class, u8 func) @@ -3119,11 +3125,11 @@ void rtw89_phy_c2h_handle(struct rtw89_dev *rtwdev, struct sk_buff *skb, return; fallthrough; default: - rtw89_info(rtwdev, "c2h class %d not support\n", class); + rtw89_info(rtwdev, "PHY c2h class %d not support\n", class); return; } if (!handler) { - rtw89_info(rtwdev, "c2h class %d func %d not support\n", class, + rtw89_info(rtwdev, "PHY c2h class %d func %d not support\n", class, func); return; } diff --git a/drivers/net/wireless/realtek/rtw89/phy.h b/drivers/net/wireless/realtek/rtw89/phy.h index 9bb9c9c8e..961a4bacb 100644 --- a/drivers/net/wireless/realtek/rtw89/phy.h +++ b/drivers/net/wireless/realtek/rtw89/phy.h @@ -151,6 +151,7 @@ enum rtw89_phy_c2h_rfk_log_func { enum rtw89_phy_c2h_rfk_report_func { RTW89_PHY_C2H_RFK_REPORT_FUNC_STATE = 0, + RTW89_PHY_C2H_RFK_LOG_TAS_PWR = 6, }; enum rtw89_phy_c2h_dm_func { -- 2.49.0

5 days, 1 hour

1
0
0 0

[PATCH 6.15 00/34] 6.15.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.2 release. There are 34 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 09 Jun 2025 10:07:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.2-rc1 Aurabindo Pillai <aurabindo.pillai(a)amd.com> Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> dt-bindings: usb: cypress,hx3: Add support for all variants Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: remoteproc: qcom,sm8150-pas: Add missing SC8180X compatible David Lechner <dlechner(a)baylibre.com> dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Sergey Senozhatsky <senozhatsky(a)chromium.org> thunderbolt: Do not double dequeue a configuration request Carlos Llamas <cmllamas(a)google.com> binder: fix yet another UAF in binder_devices Dmitry Antipov <dmantipov(a)yandex.ru> binder: fix use-after-free in binderfs_evict_inode() Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix timeout value in get_stb Arnd Bergmann <arnd(a)arndb.de> nvmem: rmem: select CONFIG_CRC32 Dustin Lundquist <dustin(a)null-ptr.net> serial: jsm: fix NPE during jsm_uart_port_init Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: hci_qca: move the SoC type check to the right place Qasim Ijaz <qasdev00(a)gmail.com> usb: typec: ucsi: fix Clang -Wsign-conversion warning Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li <lijiayi(a)kylinos.cn> usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix subvol to missing root repair Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Run may_delete_deleted_inode() checks in bch2_inode_rm() Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: delete dead code from may_delete_deleted_inode() Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Repair code for directory i_size Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Kill un-reverted directory i_size code Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Fix offset calculation for .start_secs < 0 Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Make rtc_time64_to_tm() support dates before 1970 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Sakari Ailus <sakari.ailus(a)linux.intel.com> Documentation: ACPI: Use all-string data node references Gautham R. Shenoy <gautham.shenoy(a)amd.com> acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Pritam Manohar Sutar <pritam.sutar(a)samsung.com> clk: samsung: correct clock summary for hsi1 block Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: set GPIO output value before setting direction Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Ahmed Salem <x0rw3ll(a)gmail.com> ACPICA: Apply ACPI_NONSTRING in more places Kees Cook <kees(a)kernel.org> ACPICA: Apply ACPI_NONSTRING Kees Cook <kees(a)kernel.org> ACPICA: Introduce ACPI_NONSTRING Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" Pan Taixi <pantaixi(a)huaweicloud.com> tracing: Fix compilation warning on arm32 ------------- Diffstat: .../bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 +- .../devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 13 +++- .../bindings/remoteproc/qcom,sm8150-pas.yaml | 3 + .../devicetree/bindings/usb/cypress,hx3.yaml | 19 +++++- .../acpi/dsd/data-node-references.rst | 26 ++++---- Documentation/firmware-guide/acpi/dsd/graph.rst | 11 ++-- Documentation/firmware-guide/acpi/dsd/leds.rst | 7 +- Makefile | 4 +- arch/x86/kernel/smpboot.c | 54 +++++++++++++-- drivers/acpi/acpica/acdebug.h | 2 +- drivers/acpi/acpica/aclocal.h | 4 +- drivers/acpi/acpica/nsnames.c | 2 +- drivers/acpi/acpica/nsrepair2.c | 2 +- drivers/android/binder.c | 16 ++++- drivers/android/binder_internal.h | 8 ++- drivers/android/binderfs.c | 2 +- drivers/bluetooth/hci_qca.c | 14 ++-- drivers/clk/samsung/clk-exynosautov920.c | 2 +- drivers/cpufreq/acpi-cpufreq.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 ++--- drivers/nvmem/Kconfig | 1 + drivers/pinctrl/mediatek/mtk-eint.c | 26 ++++---- drivers/pinctrl/mediatek/mtk-eint.h | 5 +- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 2 +- drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 2 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 ++-- drivers/rtc/class.c | 2 +- drivers/rtc/lib.c | 24 +++++-- drivers/thunderbolt/ctl.c | 5 ++ drivers/tty/serial/jsm/jsm_tty.c | 1 + drivers/usb/class/usbtmc.c | 4 +- drivers/usb/core/quirks.c | 3 + drivers/usb/serial/pl2303.c | 2 + drivers/usb/storage/unusual_uas.h | 7 ++ drivers/usb/typec/ucsi/ucsi.h | 2 +- fs/bcachefs/dirent.c | 12 +--- fs/bcachefs/dirent.h | 4 +- fs/bcachefs/errcode.h | 2 + fs/bcachefs/fs.c | 8 ++- fs/bcachefs/fsck.c | 8 +++ fs/bcachefs/inode.c | 77 ++++++++++++++-------- fs/bcachefs/namei.c | 4 +- fs/bcachefs/sb-errors_format.h | 4 +- fs/bcachefs/subvolume.c | 19 ++++-- include/acpi/actbl.h | 6 +- include/acpi/actypes.h | 4 ++ include/acpi/platform/acgcc.h | 8 +++ kernel/trace/trace.c | 2 +- .../acpi/os_specific/service_layers/oslinuxtbl.c | 2 +- tools/power/acpi/tools/acpidump/apfiles.c | 2 +- 50 files changed, 314 insertions(+), 158 deletions(-)

5 days, 2 hours

16
51
0 0

[PATCH v2 0/5] drm/xe: enable driver usage on non-4KiB kernels

by Mingcong Bai via B4 Relay

This patch series attempts to enable the use of xe DRM driver on non-4KiB kernel page platforms. This involves fixing the ttm/bo interface, as well as parts of the userspace API to make use of kernel `PAGE_SIZE' for alignment instead of the assumed `SZ_4K', it also fixes incorrect usage of `PAGE_SIZE' in the GuC and ring buffer interface code to make sure all instructions/commands were aligned to 4KiB barriers (per the Programmer's Manual for the GPUs covered by this DRM driver). This issue was first discovered and reported by members of the LoongArch user communities, whose hardware commonly ran on 16KiB-page kernels. The patch series began on an unassuming branch of a downstream kernel tree maintained by Shang Yatsen.[^1] It worked well but remained sparsely documented, a lot of the work done here relied on Shang Yatsen's original patch. AOSC OS then picked it up[^2] to provide Intel Xe/Arc support for users of its LoongArch port, for which I worked extensively on. After months of positive user feedback and from encouragement from Kexy Biscuit, my colleague at the community, I decided to examine its potential for upstreaming, cross-reference kernel and Intel documentation to better document and revise this patch. Now that this series has been tested good (for boot up, OpenGL, and playback of a standardised set of video samples[^3] on the following platforms (motherboard + GPU model): - x86-64, 4KiB kernel page: - MS-7D42 + Intel Arc A580 - COLORFIRE B760M-MEOW WIFI D5 + Intel Arc B580 - LoongArch, 16KiB kernel page: - XA61200 + GUNNIR DG1 Blue Halberd (Intel DG1) - XA61200 + GUNNIR Iris Xe Index 4 (Intel DG1) - XA61200 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XA61200 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - XA61200 + ASRock Arc A380 Challenger ITX OC (Intel Arc A380) - XA61200 + Intel Arc A580 - XA61200 + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) - XA61200 + Intel Arc B580 - XB612B0 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XB612B0 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ASUS XC-LS3A6M + GUNNIR Intel Arc B580 INDEX 12G (Intel Arc B580) On these platforms, basic functionalities tested good but the driver was unstable with occasional resets (I do suspect however, that this platform suffers from PCIe coherence issues, as instability only occurs under heavy VRAM I/O load): - AArch64, 4KiB/64KiB kernel pages: - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) I think that this patch series is now ready for your comment and review. Please forgive me if I made any simple mistake or used wrong terminologies, but I have never worked on a patch for the DRM subsystem and my experience is still quite thin. But anyway, just letting you all know that Intel Xe/Arc works on non-4KiB kernel page platforms (and honestly, it's great to use, especially for games and media playback)! [^1]: https://github.com/FanFansfan/loongson-linux/tree/loongarch-xe [^2]: We maintained Shang Yatsen's patch until our v6.13.3 tree, until we decided to test and send this series upstream, https://github.com/AOSC-Tracking/linux/tree/aosc/v6.13.3 [^3]: Delicious hot pot! https://repo.aosc.io/ahvl/sample-videos-20250223.tar.zst --- Matthew(s), Lucas, and Francois: Thanks again for your patience and review. I recently had a job change and it put me off this series for months, but I'm back (and should be a lot more responsive now) - sorry! Let's get this ball rolling again. I was unfortunately unable to revise 1/5 from v1 as you requested, neither of your suggestions to allow allocation of VRAM smaller than page size worked... So I kept that part as is. As for the your comment in 5/5, I'm not sure about what the right approach to implement a SZ_64K >= PAGE_SIZE assert was, as there are many other instances of similar ternary conditional operators in the xe code. Correct me if I'm wrong but I felt that it might be better handled in a separate patch series? --- Changes in v2: - Define `GUC_ALIGN' and use them in GuC code to improve clarity. - Update documentation on `DRM_XE_QUERY_CONFIG_MIN_ALIGNMENT'. - Rebase, and other minor changes. - Link to v1: https://lore.kernel.org/all/20250226-xe-non-4k-fix-v1-0-80f23b5ee40e@aosc.i… To: Lucas De Marchi <lucas.demarchi(a)intel.com> To: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> To: Rodrigo Vivi <rodrigo.vivi(a)intel.com> To: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> To: Maxime Ripard <mripard(a)kernel.org> To: Thomas Zimmermann <tzimmermann(a)suse.de> To: David Airlie <airlied(a)gmail.com> To: Simona Vetter <simona(a)ffwll.ch> To: José Roberto de Souza <jose.souza(a)intel.com> To: Francois Dugast <francois.dugast(a)intel.com> To: Matthew Brost <matthew.brost(a)intel.com> To: Alan Previn <alan.previn.teres.alexis(a)intel.com> To: Zhanjun Dong <zhanjun.dong(a)intel.com> To: Matt Roper <matthew.d.roper(a)intel.com> To: Mateusz Naklicki <mateusz.naklicki(a)intel.com> Cc: Mauro Carvalho Chehab <mauro.chehab(a)linux.intel.com> Cc: Zbigniew Kempczyński <zbigniew.kempczynski(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Suggested-by: Kexy Biscuit <kexybiscuit(a)aosc.io> Co-developed-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- Mingcong Bai (5): drm/xe/bo: fix alignment with non-4KiB kernel page sizes drm/xe/guc: use GUC_SIZE (SZ_4K) for alignment drm/xe/regs: fix RING_CTL_SIZE(size) calculation drm/xe: use 4KiB alignment for cursor jumps drm/xe/query: use PAGE_SIZE as the minimum page alignment drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_bo.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc.c | 4 ++-- drivers/gpu/drm/xe/xe_guc.h | 3 +++ drivers/gpu/drm/xe/xe_guc_ads.c | 32 ++++++++++++++++---------------- drivers/gpu/drm/xe/xe_guc_capture.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc_ct.c | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 5 +++-- drivers/gpu/drm/xe/xe_guc_pc.c | 4 ++-- drivers/gpu/drm/xe/xe_migrate.c | 4 ++-- drivers/gpu/drm/xe/xe_query.c | 2 +- include/uapi/drm/xe_drm.h | 7 +++++-- 12 files changed, 44 insertions(+), 37 deletions(-) --- base-commit: 546b1c9e93c2bb8cf5ed24e0be1c86bb089b3253 change-id: 20250603-upstream-xe-non-4k-v2-4acf253c9bfd Best regards, -- Mingcong Bai <jeffbai(a)aosc.io>

5 days, 3 hours

3
7
0 0

[PATCH 6.6.y] wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE

by Zenm Chen

From: Chin-Yen Lee <timlee(a)realtek.com> [ Upstream commit 9496d62f3877bc0f97b415bc04af98d092878026 ] Sometimes driver can't use kernel API pci_read/write_config_byte to access the PCI config space of above address 0x100 due to the negotiated PCI setting. 8852AE/8852BE/8851BE provide another way called DBI function, which belongs to WiFi mac and could access all PCI config space for this case. Link: https://lore.kernel.org/linux-wireless/79fe81b7db7148b9a7da2353c16d70fb@rea… Signed-off-by: Chin-Yen Lee <timlee(a)realtek.com> Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240103012346.6822-1-pkshih@realtek.com Signed-off-by: Zenm Chen <zenmchen(a)gmail.com> --- Without this patch applied, the rtw89 driver in kernel 6.6.y may fail to initialize the RTL8852BE chip and print the error messages below on some platforms [1]. [ 13.449168] rtw89_8852be_git 0000:02:00.0: [ERR]pci config read 719 [ 13.449754] rtw89_8852be_git 0000:02:00.0: [ERR] pcie autok fail -22 [ 13.450353] rtw89_8852be_git 0000:02:00.0: failed to setup chip information [ 13.455857] rtw89_8852be_git: probe of 0000:02:00.0 failed with error -22 [1] https://github.com/a5a5aa555oo/rtw89/issues/3 --- drivers/net/wireless/realtek/rtw89/pci.c | 69 +++++++++++++++++++++++- drivers/net/wireless/realtek/rtw89/pci.h | 1 + 2 files changed, 68 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index 30cc6e03c..33b2543ee 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -1822,22 +1822,87 @@ static int rtw89_write16_mdio_clr(struct rtw89_dev *rtwdev, u8 addr, u16 mask, u return 0; } +static int rtw89_dbi_write8(struct rtw89_dev *rtwdev, u16 addr, u8 data) +{ + u16 addr_2lsb = addr & B_AX_DBI_2LSB; + u16 write_addr; + u8 flag; + int ret; + + write_addr = addr & B_AX_DBI_ADDR_MSK; + write_addr |= u16_encode_bits(BIT(addr_2lsb), B_AX_DBI_WREN_MSK); + rtw89_write8(rtwdev, R_AX_DBI_WDATA + addr_2lsb, data); + rtw89_write16(rtwdev, R_AX_DBI_FLAG, write_addr); + rtw89_write8(rtwdev, R_AX_DBI_FLAG + 2, B_AX_DBI_WFLAG >> 16); + + ret = read_poll_timeout_atomic(rtw89_read8, flag, !flag, 10, + 10 * RTW89_PCI_WR_RETRY_CNT, false, + rtwdev, R_AX_DBI_FLAG + 2); + if (ret) + rtw89_err(rtwdev, "failed to write DBI register, addr=0x%X\n", + addr); + + return ret; +} + +static int rtw89_dbi_read8(struct rtw89_dev *rtwdev, u16 addr, u8 *value) +{ + u16 read_addr = addr & B_AX_DBI_ADDR_MSK; + u8 flag; + int ret; + + rtw89_write16(rtwdev, R_AX_DBI_FLAG, read_addr); + rtw89_write8(rtwdev, R_AX_DBI_FLAG + 2, B_AX_DBI_RFLAG >> 16); + + ret = read_poll_timeout_atomic(rtw89_read8, flag, !flag, 10, + 10 * RTW89_PCI_WR_RETRY_CNT, false, + rtwdev, R_AX_DBI_FLAG + 2); + if (ret) { + rtw89_err(rtwdev, "failed to read DBI register, addr=0x%X\n", + addr); + return ret; + } + + read_addr = R_AX_DBI_RDATA + (addr & 3); + *value = rtw89_read8(rtwdev, read_addr); + + return 0; +} + static int rtw89_pci_write_config_byte(struct rtw89_dev *rtwdev, u16 addr, u8 data) { struct rtw89_pci *rtwpci = (struct rtw89_pci *)rtwdev->priv; + enum rtw89_core_chip_id chip_id = rtwdev->chip->chip_id; struct pci_dev *pdev = rtwpci->pdev; + int ret; + + ret = pci_write_config_byte(pdev, addr, data); + if (!ret) + return 0; - return pci_write_config_byte(pdev, addr, data); + if (chip_id == RTL8852A || chip_id == RTL8852B || chip_id == RTL8851B) + ret = rtw89_dbi_write8(rtwdev, addr, data); + + return ret; } static int rtw89_pci_read_config_byte(struct rtw89_dev *rtwdev, u16 addr, u8 *value) { struct rtw89_pci *rtwpci = (struct rtw89_pci *)rtwdev->priv; + enum rtw89_core_chip_id chip_id = rtwdev->chip->chip_id; struct pci_dev *pdev = rtwpci->pdev; + int ret; - return pci_read_config_byte(pdev, addr, value); + ret = pci_read_config_byte(pdev, addr, value); + if (!ret) + return 0; + + if (chip_id == RTL8852A || chip_id == RTL8852B || chip_id == RTL8851B) + ret = rtw89_dbi_read8(rtwdev, addr, value); + + return ret; } static int rtw89_pci_config_byte_set(struct rtw89_dev *rtwdev, u16 addr, diff --git a/drivers/net/wireless/realtek/rtw89/pci.h b/drivers/net/wireless/realtek/rtw89/pci.h index 4259b79b1..119c0608b 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.h +++ b/drivers/net/wireless/realtek/rtw89/pci.h @@ -42,6 +42,7 @@ #define B_AX_DBI_WFLAG BIT(16) #define B_AX_DBI_WREN_MSK GENMASK(15, 12) #define B_AX_DBI_ADDR_MSK GENMASK(11, 2) +#define B_AX_DBI_2LSB GENMASK(1, 0) #define R_AX_DBI_WDATA 0x1094 #define R_AX_DBI_RDATA 0x1098 -- 2.49.0

5 days, 3 hours

1
0
0 0

[PATCH] drm/xe: Fix early wedge on GuC load failure

by Daniele Ceraolo Spurio

When the GuC fails to load we declare the device wedged. However, the very first GuC load attempt on GT0 (from xe_gt_init_hwconfig) is done before the GT1 GuC objects are initialized, so things go bad when the wedge code attempts to cleanup GT1. To fix this, check the initialization status in the functions called during wedge. Fixes: 7dbe8af13c18 ("drm/xe: Wedge the entire device") Signed-off-by: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Jonathan Cavitt <jonathan.cavitt(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: Zhanjun Dong <zhanjun.dong(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.12+: 1e1981b16bb1: drm/xe: Fix taking invalid lock on wedge Cc: <stable(a)vger.kernel.org> # v6.12+ Reviewed-by: Jonathan Cavitt <jonathan.cavitt(a)intel.com> Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> --- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 ++++++++ drivers/gpu/drm/xe/xe_guc_ct.c | 7 +++++-- drivers/gpu/drm/xe/xe_guc_ct.h | 5 +++++ drivers/gpu/drm/xe/xe_guc_submit.c | 3 +++ 4 files changed, 21 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c index 084cbdeba8ea..e1362e608146 100644 --- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c +++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c @@ -137,6 +137,14 @@ void xe_gt_tlb_invalidation_reset(struct xe_gt *gt) struct xe_gt_tlb_invalidation_fence *fence, *next; int pending_seqno; + /* + * we can get here before the CTs are even initialized if we're wedging + * very early, in which case there are not going to be any pending + * fences so we can bail immediately. + */ + if (!xe_guc_ct_initialized(&gt->uc.guc.ct)) + return; + /* * CT channel is already disabled at this point. No new TLB requests can * appear. diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index 822f4c33f730..e303fec18174 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -517,6 +517,9 @@ void xe_guc_ct_disable(struct xe_guc_ct *ct) */ void xe_guc_ct_stop(struct xe_guc_ct *ct) { + if (!xe_guc_ct_initialized(ct)) + return; + xe_guc_ct_set_state(ct, XE_GUC_CT_STATE_STOPPED); stop_g2h_handler(ct); } @@ -788,7 +791,7 @@ static int __guc_ct_send_locked(struct xe_guc_ct *ct, const u32 *action, u16 seqno; int ret; - xe_gt_assert(gt, ct->state != XE_GUC_CT_STATE_NOT_INITIALIZED); + xe_gt_assert(gt, xe_guc_ct_initialized(ct)); xe_gt_assert(gt, !g2h_len || !g2h_fence); xe_gt_assert(gt, !num_g2h || !g2h_fence); xe_gt_assert(gt, !g2h_len || num_g2h); @@ -1424,7 +1427,7 @@ static int g2h_read(struct xe_guc_ct *ct, u32 *msg, bool fast_path) u32 action; u32 *hxg; - xe_gt_assert(gt, ct->state != XE_GUC_CT_STATE_NOT_INITIALIZED); + xe_gt_assert(gt, xe_guc_ct_initialized(ct)); lockdep_assert_held(&ct->fast_lock); if (ct->state == XE_GUC_CT_STATE_DISABLED) diff --git a/drivers/gpu/drm/xe/xe_guc_ct.h b/drivers/gpu/drm/xe/xe_guc_ct.h index 5649bda82823..99c5dec446f2 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.h +++ b/drivers/gpu/drm/xe/xe_guc_ct.h @@ -24,6 +24,11 @@ void xe_guc_ct_print(struct xe_guc_ct *ct, struct drm_printer *p, bool want_ctb) void xe_guc_ct_fixup_messages_with_ggtt(struct xe_guc_ct *ct, s64 ggtt_shift); +static inline bool xe_guc_ct_initialized(struct xe_guc_ct *ct) +{ + return ct->state != XE_GUC_CT_STATE_NOT_INITIALIZED; +} + static inline bool xe_guc_ct_enabled(struct xe_guc_ct *ct) { return ct->state == XE_GUC_CT_STATE_ENABLED; diff --git a/drivers/gpu/drm/xe/xe_guc_submit.c b/drivers/gpu/drm/xe/xe_guc_submit.c index 4a5bcaf83965..55f6385c63a6 100644 --- a/drivers/gpu/drm/xe/xe_guc_submit.c +++ b/drivers/gpu/drm/xe/xe_guc_submit.c @@ -1787,6 +1787,9 @@ int xe_guc_submit_reset_prepare(struct xe_guc *guc) { int ret; + if (!guc->submission_state.initialized) + return 0; + /* * Using an atomic here rather than submission_state.lock as this * function can be called while holding the CT lock (engine reset -- 2.43.0

5 days, 5 hours

2
1
0 0

[PATCH] drm/xe: Fix memset on iomem

by Lucas De Marchi

It should rather use xe_map_memset() as the BO is created with XE_BO_FLAG_VRAM_IF_DGFX in xe_guc_pc_init(). Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: stable(a)vger.kernel.org Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> --- drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_guc_pc.c b/drivers/gpu/drm/xe/xe_guc_pc.c index 18c6239920355..3beaaa7b25c1b 100644 --- a/drivers/gpu/drm/xe/xe_guc_pc.c +++ b/drivers/gpu/drm/xe/xe_guc_pc.c @@ -1068,7 +1068,7 @@ int xe_guc_pc_start(struct xe_guc_pc *pc) goto out; } - memset(pc->bo->vmap.vaddr, 0, size); + xe_map_memset(xe, &pc->bo->vmap, 0, 0, size); slpc_shared_data_write(pc, header.size, size); earlier = ktime_get();

5 days, 5 hours

2
1
0 0

[PATCH v4 2/5] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic_fdls.h | 1 + 2 files changed, 86 insertions(+), 28 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index c2b6f4eb338e..0ee1b74967b9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2244,6 +2266,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = from_timer(fabric, t, fdmi_timer); @@ -2289,14 +2326,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3714,11 +3744,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3728,10 +3779,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

5 days, 6 hours

1
0
0 0

[PATCH v3 2/5] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> # 6.14.x Please see patch description Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic_fdls.h | 1 + 2 files changed, 86 insertions(+), 28 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index c2b6f4eb338e..0ee1b74967b9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2244,6 +2266,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = from_timer(fabric, t, fdmi_timer); @@ -2289,14 +2326,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3714,11 +3744,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3728,10 +3779,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

5 days, 7 hours

3
3
0 0

[PATCH net] net_sched: sch_sfq: reject invalid perturb period

by Eric Dumazet

Gerrard Tai reported that SFQ perturb_period has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to make sure ctl->perturb_period * HZ will not overflow and is positive. Tested: tc qd add dev lo root sfq perturb -10 # negative value : error Error: sch_sfq: invalid perturb period. tc qd add dev lo root sfq perturb 1000000000 # too big : error Error: sch_sfq: invalid perturb period. tc qd add dev lo root sfq perturb 2000000 # acceptable value tc -s -d qd sh dev lo qdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Gerrard Tai <gerrard.tai(a)starlabs.sg> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: stable(a)vger.kernel.org --- net/sched/sch_sfq.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c index 77fa02f2bfcd56a36815199aa2e7987943ea226f..a8cca549b5a2eb2407949560c2b6b658fb7a581f 100644 --- a/net/sched/sch_sfq.c +++ b/net/sched/sch_sfq.c @@ -656,6 +656,14 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt, NL_SET_ERR_MSG_MOD(extack, "invalid quantum"); return -EINVAL; } + + if (ctl->perturb_period < 0 || + ctl->perturb_period > INT_MAX / HZ) { + NL_SET_ERR_MSG_MOD(extack, "invalid perturb period"); + return -EINVAL; + } + perturb_period = ctl->perturb_period * HZ; + if (ctl_v1 && !red_check_params(ctl_v1->qth_min, ctl_v1->qth_max, ctl_v1->Wlog, ctl_v1->Scell_log, NULL)) return -EINVAL; @@ -672,14 +680,12 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt, headdrop = q->headdrop; maxdepth = q->maxdepth; maxflows = q->maxflows; - perturb_period = q->perturb_period; quantum = q->quantum; flags = q->flags; /* update and validate configuration */ if (ctl->quantum) quantum = ctl->quantum; - perturb_period = ctl->perturb_period * HZ; if (ctl->flows) maxflows = min_t(u32, ctl->flows, SFQ_MAX_FLOWS); if (ctl->divisor) { -- 2.50.0.rc0.642.g800a2b2222-goog

5 days, 8 hours

3
2
0 0

FAILED: patch "[PATCH] iio: dac: ad3552r-common: fix ad3541/2r ranges" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 1e758b613212b6964518a67939535910b5aee831 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021010-antarctic-untried-a72b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e758b613212b6964518a67939535910b5aee831 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <adureghello(a)baylibre.com> Date: Wed, 8 Jan 2025 18:29:15 +0100 Subject: [PATCH] iio: dac: ad3552r-common: fix ad3541/2r ranges Fix ad3541/2r voltage ranges to be as per ad3542r datasheet, rev. C, table 38 (page 57). The wrong ad354xr ranges was generating erroneous Vpp output. In more details: - fix wrong number of ranges, they are 5 ranges, not 6, - remove non-existent 0-3V range, - adjust order, since ad3552r_find_range() get a wrong index, producing a wrong Vpp as output. Retested all the ranges on real hardware, EVALAD3542RFMCZ: adi,output-range-microvolt (fdt): <(000000) (2500000)>; ok (Rfbx1, switch 10) <(000000) (5000000)>; ok (Rfbx1, switch 10) <(000000) (10000000)>; ok (Rfbx1, switch 10) <(-5000000) (5000000)>; ok (Rfbx2, switch +/- 5) <(-2500000) (7500000)>; ok (Rfbx2, switch -2.5/7.5) Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250108-wip-bl-ad3552r-axi-v0-iio-testing-carlos-… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/dac/ad3552r-common.c b/drivers/iio/dac/ad3552r-common.c index 0f495df2e5ce..03e0864f5084 100644 --- a/drivers/iio/dac/ad3552r-common.c +++ b/drivers/iio/dac/ad3552r-common.c @@ -22,11 +22,10 @@ EXPORT_SYMBOL_NS_GPL(ad3552r_ch_ranges, "IIO_AD3552R"); const s32 ad3542r_ch_ranges[AD3542R_MAX_RANGES][2] = { [AD3542R_CH_OUTPUT_RANGE_0__2P5V] = { 0, 2500 }, - [AD3542R_CH_OUTPUT_RANGE_0__3V] = { 0, 3000 }, [AD3542R_CH_OUTPUT_RANGE_0__5V] = { 0, 5000 }, [AD3542R_CH_OUTPUT_RANGE_0__10V] = { 0, 10000 }, - [AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V] = { -2500, 7500 }, - [AD3542R_CH_OUTPUT_RANGE_NEG_5__5V] = { -5000, 5000 } + [AD3542R_CH_OUTPUT_RANGE_NEG_5__5V] = { -5000, 5000 }, + [AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V] = { -2500, 7500 } }; EXPORT_SYMBOL_NS_GPL(ad3542r_ch_ranges, "IIO_AD3552R"); diff --git a/drivers/iio/dac/ad3552r.h b/drivers/iio/dac/ad3552r.h index fd5a3dfd1d1c..4b5581039ae9 100644 --- a/drivers/iio/dac/ad3552r.h +++ b/drivers/iio/dac/ad3552r.h @@ -131,7 +131,7 @@ #define AD3552R_CH1_ACTIVE BIT(1) #define AD3552R_MAX_RANGES 5 -#define AD3542R_MAX_RANGES 6 +#define AD3542R_MAX_RANGES 5 #define AD3552R_QUAD_SPI 2 extern const s32 ad3552r_ch_ranges[AD3552R_MAX_RANGES][2]; @@ -189,16 +189,14 @@ enum ad3552r_ch_vref_select { enum ad3542r_ch_output_range { /* Range from 0 V to 2.5 V. Requires Rfb1x connection */ AD3542R_CH_OUTPUT_RANGE_0__2P5V, - /* Range from 0 V to 3 V. Requires Rfb1x connection */ - AD3542R_CH_OUTPUT_RANGE_0__3V, /* Range from 0 V to 5 V. Requires Rfb1x connection */ AD3542R_CH_OUTPUT_RANGE_0__5V, /* Range from 0 V to 10 V. Requires Rfb2x connection */ AD3542R_CH_OUTPUT_RANGE_0__10V, - /* Range from -2.5 V to 7.5 V. Requires Rfb2x connection */ - AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V, /* Range from -5 V to 5 V. Requires Rfb2x connection */ AD3542R_CH_OUTPUT_RANGE_NEG_5__5V, + /* Range from -2.5 V to 7.5 V. Requires Rfb2x connection */ + AD3542R_CH_OUTPUT_RANGE_NEG_2P5__7P5V, }; enum ad3552r_ch_output_range {

5 days, 9 hours

3
4
0 0

[PATCH v2 1/3] mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud()

by David Hildenbrand

We setup the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. Identified by code inspection. Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index d3e66136e41a3..49b98082c5401 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud, struct vm_area_struct *vma) } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_fault *vmf, pfn_t pfn, bool write) pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct vm_fault *vmf, struct folio *folio, add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; -- 2.49.0

5 days, 10 hours

5
9
0 0

[PATCH v3] arm64: Restrict pagetable teardown to avoid false warning

by Dev Jain

Commit 9c006972c3fe removes the pxd_present() checks because the caller checks pxd_present(). But, in case of vmap_try_huge_pud(), the caller only checks pud_present(); pud_free_pmd_page() recurses on each pmd through pmd_free_pte_page(), wherein the pmd may be none. Thus it is possible to hit a warning in the latter, since pmd_none => !pmd_table(). Thus, add a pmd_present() check in pud_free_pmd_page(). This problem was found by code inspection. Fixes: 9c006972c3fe (arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()) Cc: <stable(a)vger.kernel.org> Reported-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- This patch is based on 6.15-rc6. v2->v3: - Use pmdp_get() v1->v2: - Enforce check in caller arch/arm64/mm/mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index ea6695d53fb9..5a9bf291c649 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1286,7 +1286,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr) next = addr; end = addr + PUD_SIZE; do { - pmd_free_pte_page(pmdp, next); + if (pmd_present(pmdp_get(pmdp))) + pmd_free_pte_page(pmdp, next); } while (pmdp++, next += PMD_SIZE, next != end); pud_clear(pudp); -- 2.30.2

5 days, 10 hours

5
7
0 0

[PATCH v2 0/2] Samsung Exynos 7870 DECON driver support

by Kaustabh Chakraborty

This patch series aims at adding support for Exynos7870's DECON in the Exynos7 DECON driver. It introduces a driver data struct so that support for DECON on other SoCs can be added to it in the future. It also fixes a few bugs in the driver, such as functions receiving bad pointers. Tested on Samsung Galaxy J7 Prime (samsung-on7xelte), Samsung Galaxy A2 Core (samsung-a2corelte), and Samsung Galaxy J6 (samsung-j6lte). Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> --- Changes in v2: - Add a new commit to prevent an occasional panic under circumstances. - Rewrite and redo [v1 2/6] to be a more sensible commit. - Link to v1: https://lore.kernel.org/r/20240919-exynosdrm-decon-v1-0-6c5861c1cb04@disroo… --- Kaustabh Chakraborty (2): drm/exynos: exynos7_drm_decon: fix call of decon_commit() drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling drivers/gpu/drm/exynos/exynos7_drm_decon.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- base-commit: 0bb71d301869446810a0b13d3da290bd455d7c78 change-id: 20240917-exynosdrm-decon-4c228dd1d2bf Best regards, -- Kaustabh Chakraborty <kauschluss(a)disroot.org>

5 days, 13 hours

1
2
0 0

[PATCH] net: pfcp: fix typo in message_priority field name

by RubenKelevra

Fix 'message_priprity' typo to 'message_priority' in big endian bitfield definition. This typo breaks compilation on big endian architectures. Fixes: 6dd514f48110 ("pfcp: always set pfcp metadata") Cc: stable(a)vger.kernel.org # commit 6dd514f48110 ("pfcp: always set pfcp metadata") Signed-off-by: RubenKelevra <rubenkelevra(a)gmail.com> --- include/net/pfcp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/pfcp.h b/include/net/pfcp.h index af14f970b80e1..639553797d3e4 100644 --- a/include/net/pfcp.h +++ b/include/net/pfcp.h @@ -45,7 +45,7 @@ struct pfcphdr_session { reserved:4; #elif defined(__BIG_ENDIAN_BITFIELD) u8 reserved:4, - message_priprity:4; + message_priority:4; #else #error "Please fix <asm/byteorder>" #endif -- 2.49.0

5 days, 13 hours

4
4
0 0

[PATCH v2] iommu/amd: Fix geometry.aperture_end for V2 tables

by Jason Gunthorpe

The AMD IOMMU documentation seems pretty clear that the V2 table follows the normal CPU expectation of sign extension. This is shown in Figure 25: AMD64 Long Mode 4-Kbyte Page Address Translation Where bits Sign-Extend [63:57] == [56]. This is typical for x86 which would have three regions in the page table: lower, non-canonical, upper. The manual describes that the V1 table does not sign extend in section 2.2.4 Sharing AMD64 Processor and IOMMU Page Tables GPA-to-SPA Further, Vasant has checked this and indicates the HW has an addtional behavior that the manual does not yet describe. The AMDv2 table does not have the sign extended behavior when attached to PASID 0, which may explain why this has gone unnoticed. The iommu domain geometry does not directly support sign extended page tables. The driver should report only one of the lower/upper spaces. Solve this by removing the top VA bit from the geometry to use only the lower space. This will also make the iommu_domain work consistently on all PASID 0 and PASID != 1. Adjust dma_max_address() to remove the top VA bit. It now returns: 5 Level: Before 0x1ffffffffffffff After 0x0ffffffffffffff 4 Level: Before 0xffffffffffff After 0x7fffffffffff Fixes: 11c439a19466 ("iommu/amd/pgtbl_v2: Fix domain max address") Link: https://lore.kernel.org/all/8858d4d6-d360-4ef0-935c-bfd13ea54f42@amd.com/ Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> --- drivers/iommu/amd/iommu.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) v2: - Revise the commit message and comment with the new information from Vasant. v1: https://patch.msgid.link/r/0-v1-6925ece6b623+296-amdv2_geo_jgg@nvidia.com diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index 3117d99cf83d0d..1baa9d3583f369 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -2526,8 +2526,21 @@ static inline u64 dma_max_address(enum protection_domain_mode pgtable) if (pgtable == PD_MODE_V1) return ~0ULL; - /* V2 with 4/5 level page table */ - return ((1ULL << PM_LEVEL_SHIFT(amd_iommu_gpt_level)) - 1); + /* + * V2 with 4/5 level page table. Note that "2.2.6.5 AMD64 4-Kbyte Page + * Translation" shows that the V2 table sign extends the top of the + * address space creating a reserved region in the middle of the + * translation, just like the CPU does. Further Vasant says the docs are + * incomplete and this only applies to non-zero PASIDs. If the AMDv2 + * page table is assigned to the 0 PASID then there is no sign extension + * check. + * + * Since the IOMMU must have a fixed geometry, and the core code does + * not understand sign extended addressing, we have to chop off the high + * bit to get consistent behavior with attachments of the domain to any + * PASID. + */ + return ((1ULL << (PM_LEVEL_SHIFT(amd_iommu_gpt_level) - 1)) - 1); } static bool amd_iommu_hd_support(struct amd_iommu *iommu) base-commit: eb328711b15b17987021dbb674f446b7b008dca5 -- 2.43.0

5 days, 15 hours

3
3
0 0

[PATCH 0/3] arm64: dts: rockchip: Fix HDMI output on RK3576

by Cristian Ciocaltea

Since commit c871a311edf0 ("phy: rockchip: samsung-hdptx: Setup TMDS char rate via phy_configure_opts_hdmi"), the workaround of passing the PHY rate from DW HDMI QP bridge driver via phy_set_bus_width() became partially broken, unless the rate adjustment is done as with RK3588, i.e. by CCF from VOP2. Attempting to fix this up at PHY level would not only introduce additional hacks, but it would also fail to adequately resolve the display issues that are a consequence of the system CRU limitations. Therefore, let's proceed with the solution already implemented for RK3588, that is to make use of the HDMI PHY PLL as a more accurate DCLK source in VOP2. It's worth noting a follow-up patch is going to drop the hack from the bridge driver altogether, while switching to HDMI PHY configuration API for setting up the TMDS character rate. Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> --- Cristian Ciocaltea (3): dt-bindings: display: vop2: Add optional PLL clock property for rk3576 arm64: dts: rockchip: Enable HDMI PHY clk provider on rk3576 arm64: dts: rockchip: Add HDMI PHY PLL clock source to VOP2 on rk3576 .../bindings/display/rockchip/rockchip-vop2.yaml | 56 +++++++++++++++++----- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 7 ++- 2 files changed, 49 insertions(+), 14 deletions(-) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250611-rk3576-hdmitx-fix-e030fbdb0d17

5 days, 15 hours

4
9
0 0

[PATCH v2] s390/pkey: prevent overflow in size calculation for memdup_user()

by Fedor Pchelkin

Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in calculation of size passed to memdup_user() may overflow. In this case the actual size of the allocated area and the value describing it won't be in sync leading to various types of unpredictable behaviour later. Use a proper memdup_array_user() helper which returns an error if an overflow is detected. Note that it is different from when nr_apqns is initially zero - that case is considered valid and should be handled in subsequent pkey_handler implementations. Found by Linux Verification Center (linuxtesting.org). Fixes: f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v2: use memdup_array_user() helper (Heiko Carstens) drivers/s390/crypto/pkey_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index cef60770f68b..b3fcdcae379e 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -86,7 +86,7 @@ static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns) if (!uapqns || nr_apqns == 0) return NULL; - return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn)); + return memdup_array_user(uapqns, nr_apqns, sizeof(struct pkey_apqn)); } static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs) -- 2.49.0

5 days, 16 hours

4
3
0 0

[PATCH v2] pinctrl: qcom: msm: mark certain pins as invalid for interrupts

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a BUG() in the pinctrl-msm driver by running, for example: `gpiomon -c 0 113` on RB2. The exact culprit is requesting pins whose intr_detection_width setting is not 1 or 2 for interrupts. This hits a BUG() in msm_gpio_irq_set_type(). Potentially crashing the kernel due to an invalid request from user-space is not optimal, so let's go through the pins and mark those that would fail the check as invalid for the irq chip as we should not even register them as available irqs. This function can be extended if we determine that there are more corner-cases like this. Fixes: f365be092572 ("pinctrl: Add Qualcomm TLMM driver") Cc: stable(a)vger.kernel.org Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- Changes in v2: - expand the commit message, describing the underlying code issue in detail - added a newline for better readability drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c index f012ea88aa22c..1ff84e8c176d4 100644 --- a/drivers/pinctrl/qcom/pinctrl-msm.c +++ b/drivers/pinctrl/qcom/pinctrl-msm.c @@ -1038,6 +1038,25 @@ static bool msm_gpio_needs_dual_edge_parent_workaround(struct irq_data *d, test_bit(d->hwirq, pctrl->skip_wake_irqs); } +static void msm_gpio_irq_init_valid_mask(struct gpio_chip *gc, + unsigned long *valid_mask, + unsigned int ngpios) +{ + struct msm_pinctrl *pctrl = gpiochip_get_data(gc); + const struct msm_pingroup *g; + int i; + + bitmap_fill(valid_mask, ngpios); + + for (i = 0; i < ngpios; i++) { + g = &pctrl->soc->groups[i]; + + if (g->intr_detection_width != 1 && + g->intr_detection_width != 2) + clear_bit(i, valid_mask); + } +} + static int msm_gpio_irq_set_type(struct irq_data *d, unsigned int type) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); @@ -1441,6 +1460,7 @@ static int msm_gpio_init(struct msm_pinctrl *pctrl) girq->default_type = IRQ_TYPE_NONE; girq->handler = handle_bad_irq; girq->parents[0] = pctrl->irq; + girq->init_valid_mask = msm_gpio_irq_init_valid_mask; ret = gpiochip_add_data(&pctrl->chip, pctrl); if (ret) { -- 2.48.1

5 days, 19 hours

1
0
0 0

Qualcomm Snapdragon <SM6375>

by Alan Ye

The Qualcomm SM6375 processor is a 7nm process SoC for the mid-range market with the following features: CPU: Eight-core design, including high-performance Kryo 670 core and efficient Kryo 265 core, optimized performance and energy efficiency. GPU: Equipped with Adreno 642L GPU, supporting high-quality graphics and gaming experience. AI Engine: Integrated Qualcomm AI engine to enhance intelligent features such as voice recognition and image processing. Connectivity: Supports modern wireless standards such as 5G, Wi-Fi 6 and Bluetooth 5.2. Multimedia: Supports 4K video encoding and decoding Mainly used in mid-to-high-end smartphones, tablets and some IoT devices, suitable for users who need to balance cost performance and performance. .# Part Number Manufacturer Date Code Quantity Unit Price Lead Time Condition (PCS) USD/Each one 1 SM-6375-1-PSP837-TR-00-0-AB QUALCOMM 2023+ 12000pcs US$18.00/pcs 7days New & original - stock 2 PM-6375-0-FOWNSP144-TR-01-0；TR-01-1 QUALCOMM 2023+ 12000pcs US$1.00/pcs 3 PMR-735A-0-WLNSP48-TR-05-0,TR-05-1 QUALCOMM 2023+ 12000pcs US$0.85/pcs 4 PMK-8003-0-FOWPSP36-TR-01-0 QUALCOMM 2023+ 12000pcs US$0.24/pcs 5 SDR-735-0-PSP219B-TR-01-0；TR-01-1 QUALCOMM 2023+ 12000pcs US$2.50/pcs 6 WCD-9370-0-WLPSP55-TR-01-0;TR-01-4 QUALCOMM 2023+ 12000pcs US$0.50/pcs 7 WCN-3988-0-82BWLPSP-TR-00-0 QUALCOMM 2023+ 12000pcs US$3.50/pcs 8 QET-6105-0-WLNSP24B-TR-00-1 QUALCOMM 2023+ 12000pcs US$1.20/pcs 9 QET4101-0-12WLNSP-TR-00-0 QUALCOMM 2022+ 12000pcs US$0.21/pcs These materials are sold as a set for $28/usd, and are guaranteed to be authentic. If you need other Qualcomm materials, please feel free to contact me Stay in tune with product evolutions—tap . Keep Receiving Notices Feel like taking a break? Select Configure Your Mailing.

5 days, 21 hours

1
0
0 0

[PATCH] wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan

by Mingyen Hsieh

From: Michael Lo <michael.lo(a)mediatek.com> Update the destination index to use 'n_ssids', which is incremented only when a valid SSID is present. Previously, both mt76_connac_mcu_hw_scan() and mt7925_mcu_hw_scan() used the loop index 'i' for the destination array, potentially leaving gaps if any source SSIDs had zero length. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Michael Lo <michael.lo(a)mediatek.com> Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 ++-- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c index db85a9d984c5..660c8df89910 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c @@ -1740,8 +1740,8 @@ int mt76_connac_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, if (!sreq->ssids[i].ssid_len) continue; - req->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); - memcpy(req->ssids[i].ssid, sreq->ssids[i].ssid, + req->ssids[n_ssids].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); + memcpy(req->ssids[n_ssids].ssid, sreq->ssids[i].ssid, sreq->ssids[i].ssid_len); n_ssids++; } diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 2bd506a4208c..66bac3047b2b 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -3178,8 +3178,8 @@ int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, if (i > MT7925_RNR_SCAN_MAX_BSSIDS) break; - ssid->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); - memcpy(ssid->ssids[i].ssid, sreq->ssids[i].ssid, + ssid->ssids[n_ssids].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); + memcpy(ssid->ssids[n_ssids].ssid, sreq->ssids[i].ssid, sreq->ssids[i].ssid_len); n_ssids++; } -- 2.34.1

5 days, 22 hours

1
0
0 0

[PATCH] wifi: mt76: mt7925: fix the wrong config for tx interrupt

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> MT_INT_TX_DONE_MCU_WM may cause tx interrupt to be mishandled during a reset failure, leading to the reset process failing. By using MT_INT_TX_DONE_MCU instead of MT_INT_TX_DONE_MCU_WM, the handling of tx interrupt is improved. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/regs.h b/drivers/net/wireless/mediatek/mt76/mt7925/regs.h index 547489092c29..341987e47f67 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/regs.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/regs.h @@ -58,7 +58,7 @@ #define MT_INT_TX_DONE_MCU (MT_INT_TX_DONE_MCU_WM | \ MT_INT_TX_DONE_FWDL) -#define MT_INT_TX_DONE_ALL (MT_INT_TX_DONE_MCU_WM | \ +#define MT_INT_TX_DONE_ALL (MT_INT_TX_DONE_MCU | \ MT_INT_TX_DONE_BAND0 | \ GENMASK(18, 4)) -- 2.34.1

5 days, 22 hours

1
0
0 0

[merged mm-hotfixes-stable] drivers-rapidio-rio_cmc-prevent-possible-used-uninitialized.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: drivers/rapidio/rio_cm.c: prevent possible heap overwrite has been removed from the -mm tree. Its filename was drivers-rapidio-rio_cmc-prevent-possible-used-uninitialized.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrew Morton <akpm(a)linux-foundation.org> Subject: drivers/rapidio/rio_cm.c: prevent possible heap overwrite Date: Sat Jun 7 05:43:18 PM PDT 2025 In riocm_cdev_ioctl(RIO_CM_CHAN_SEND) -> cm_chan_msg_send() -> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much data but riocm_ch_send() failed to check that userspace sent sufficient data. The result is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr which were outside the bounds of the space which cm_chan_msg_send() allocated. Address this by teaching riocm_ch_send() to check that the entire rio_ch_chan_hdr was copied in from userspace. Reported-by: maher azz <maherazz04(a)gmail.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/rapidio/rio_cm.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/rapidio/rio_cm.c~drivers-rapidio-rio_cmc-prevent-possible-used-uninitialized +++ a/drivers/rapidio/rio_cm.c @@ -783,6 +783,9 @@ static int riocm_ch_send(u16 ch_id, void if (buf == NULL || ch_id == 0 || len == 0 || len > RIO_MAX_MSG_SIZE) return -EINVAL; + if (len < sizeof(struct rio_ch_chan_hdr)) + return -EINVAL; /* insufficient data from user */ + ch = riocm_get_channel(ch_id); if (!ch) { riocm_error("%s(%d) ch_%d not found", current->comm, _ Patches currently in -mm which might be from akpm(a)linux-foundation.org are mm-add-mmap_prepare-compatibility-layer-for-nested-file-systems-fix.patch

5 days, 22 hours

1
0
0 0

[merged mm-hotfixes-stable] mm-close-theoretical-race-where-stale-tlb-entries-could-linger.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: close theoretical race where stale TLB entries could linger has been removed from the -mm tree. Its filename was mm-close-theoretical-race-where-stale-tlb-entries-could-linger.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: close theoretical race where stale TLB entries could linger Date: Fri, 6 Jun 2025 10:28:07 +0100 Commit 3ea277194daa ("mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries") described a theoretical race as such: """ Nadav Amit identified a theoretical race between page reclaim and mprotect due to TLB flushes being batched outside of the PTL being held. He described the race as follows: CPU0 CPU1 ---- ---- user accesses memory using RW PTE [PTE now cached in TLB] try_to_unmap_one() ==> ptep_get_and_clear() ==> set_tlb_ubc_flush_pending() mprotect(addr, PROT_READ) ==> change_pte_range() ==> [ PTE non-present - no flush ] user writes using cached RW PTE ... try_to_unmap_flush() The same type of race exists for reads when protecting for PROT_NONE and also exists for operations that can leave an old TLB entry behind such as munmap, mremap and madvise. """ The solution was to introduce flush_tlb_batched_pending() and call it under the PTL from mprotect/madvise/munmap/mremap to complete any pending tlb flushes. However, while madvise_free_pte_range() and madvise_cold_or_pageout_pte_range() were both retro-fitted to call flush_tlb_batched_pending() immediately after initially acquiring the PTL, they both temporarily release the PTL to split a large folio if they stumble upon one. In this case, where re-acquiring the PTL flush_tlb_batched_pending() must be called again, but it previously was not. Let's fix that. There are 2 Fixes: tags here: the first is the commit that fixed madvise_free_pte_range(). The second is the commit that added madvise_cold_or_pageout_pte_range(), which looks like it copy/pasted the faulty pattern from madvise_free_pte_range(). This is a theoretical bug discovered during code review. Link: https://lkml.kernel.org/r/20250606092809.4194056-1-ryan.roberts@arm.com Fixes: 3ea277194daa ("mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries") Fixes: 9c276cc65a58 ("mm: introduce MADV_COLD") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Jann Horn <jannh(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mel Gorman <mgorman <mgorman(a)suse.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/madvise.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/madvise.c~mm-close-theoretical-race-where-stale-tlb-entries-could-linger +++ a/mm/madvise.c @@ -508,6 +508,7 @@ restart: pte_offset_map_lock(mm, pmd, addr, &ptl); if (!start_pte) break; + flush_tlb_batched_pending(mm); arch_enter_lazy_mmu_mode(); if (!err) nr = 0; @@ -741,6 +742,7 @@ static int madvise_free_pte_range(pmd_t start_pte = pte; if (!start_pte) break; + flush_tlb_batched_pending(mm); arch_enter_lazy_mmu_mode(); if (!err) nr = 0; _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-readahead-honour-new_order-in-page_cache_ra_order.patch mm-readahead-terminate-async-readahead-on-natural-boundary.patch mm-readahead-make-space-in-struct-file_ra_state.patch mm-readahead-store-folio-order-in-struct-file_ra_state.patch mm-filemap-allow-arch-to-request-folio-size-for-exec-memory.patch mm-remove-arch_flush_tlb_batched_pending-arch-helper.patch

5 days, 22 hours

1
0
0 0

[merged mm-hotfixes-stable] mm-vma-reset-vma-iterator-on-commit_merge-oom-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vma: reset VMA iterator on commit_merge() OOM failure has been removed from the -mm tree. Its filename was mm-vma-reset-vma-iterator-on-commit_merge-oom-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/vma: reset VMA iterator on commit_merge() OOM failure Date: Fri, 6 Jun 2025 13:50:32 +0100 While an OOM failure in commit_merge() isn't really feasible due to the allocation which might fail (a maple tree pre-allocation) being 'too small to fail', we do need to handle this case correctly regardless. In vma_merge_existing_range(), we can theoretically encounter failures which result in an OOM error in two ways - firstly dup_anon_vma() might fail with an OOM error, and secondly commit_merge() failing, ultimately, to pre-allocate a maple tree node. The abort logic for dup_anon_vma() resets the VMA iterator to the initial range, ensuring that any logic looping on this iterator will correctly proceed to the next VMA. However the commit_merge() abort logic does not do the same thing. This resulted in a syzbot report occurring because mlockall() iterates through VMAs, is tolerant of errors, but ended up with an incorrect previous VMA being specified due to incorrect iterator state. While making this change, it became apparent we are duplicating logic - the logic introduced in commit 41e6ddcaa0f1 ("mm/vma: add give_up_on_oom option on modify/merge, use in uffd release") duplicates the vmg->give_up_on_oom check in both abort branches. Additionally, we observe that we can perform the anon_dup check safely on dup_anon_vma() failure, as this will not be modified should this call fail. Finally, we need to reset the iterator in both cases, so now we can simply use the exact same code to abort for both. We remove the VM_WARN_ON(err != -ENOMEM) as it would be silly for this to be otherwise and it allows us to implement the abort check more neatly. Link: https://lkml.kernel.org/r/20250606125032.164249-1-lorenzo.stoakes@oracle.com Fixes: 47b16d0462a4 ("mm: abort vma_modify() on merge out of memory failure") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reported-by: syzbot+d16409ea9ecc16ed261a(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/6842cc67.a00a0220.29ac89.003b.GAE@google.c… Reviewed-by: Pedro Falcato <pfalcato(a)suse.de> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vma.c | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) --- a/mm/vma.c~mm-vma-reset-vma-iterator-on-commit_merge-oom-failure +++ a/mm/vma.c @@ -967,26 +967,9 @@ static __must_check struct vm_area_struc err = dup_anon_vma(next, middle, &anon_dup); } - if (err) + if (err || commit_merge(vmg)) goto abort; - err = commit_merge(vmg); - if (err) { - VM_WARN_ON(err != -ENOMEM); - - if (anon_dup) - unlink_anon_vmas(anon_dup); - - /* - * We've cleaned up any cloned anon_vma's, no VMAs have been - * modified, no harm no foul if the user requests that we not - * report this and just give up, leaving the VMAs unmerged. - */ - if (!vmg->give_up_on_oom) - vmg->state = VMA_MERGE_ERROR_NOMEM; - return NULL; - } - khugepaged_enter_vma(vmg->target, vmg->flags); vmg->state = VMA_MERGE_SUCCESS; return vmg->target; @@ -995,6 +978,9 @@ abort: vma_iter_set(vmg->vmi, start); vma_iter_load(vmg->vmi); + if (anon_dup) + unlink_anon_vmas(anon_dup); + /* * This means we have failed to clone anon_vma's correctly, but no * actual changes to VMAs have occurred, so no harm no foul - if the _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-add-mmap_prepare-compatibility-layer-for-nested-file-systems.patch mm-add-mmap_prepare-compatibility-layer-for-nested-file-systems-fix-2.patch docs-mm-expand-vma-doc-to-highlight-pte-freeing-non-vma-traversal.patch mm-ksm-have-ksm-vma-checks-not-require-a-vma-pointer.patch mm-ksm-refer-to-special-vmas-via-vm_special-in-ksm_compatible.patch mm-prevent-ksm-from-breaking-vma-merging-for-new-vmas.patch tools-testing-selftests-add-vma-merge-tests-for-ksm-merge.patch mm-pagewalk-split-walk_page_range_novma-into-kernel-user-parts.patch mm-mremap-introduce-more-mergeable-mremap-via-mremap_relocate_anon.patch mm-mremap-add-mremap_must_relocate_anon.patch mm-mremap-add-mremap_relocate_anon-support-for-large-folios.patch tools-uapi-update-copy-of-linux-mmanh-from-the-kernel-sources.patch tools-testing-selftests-add-sys_mremap-helper-to-vm_utilh.patch tools-testing-selftests-add-mremap-cases-that-merge-normally.patch tools-testing-selftests-add-mremap_relocate_anon-merge-test-cases.patch tools-testing-selftests-expand-mremap-tests-for-mremap_relocate_anon.patch tools-testing-selftests-have-cow-self-test-use-mremap_relocate_anon.patch tools-testing-selftests-test-relocate-anon-in-split-huge-page-test.patch tools-testing-selftests-add-mremap_relocate_anon-fork-tests.patch

5 days, 22 hours

1
0
0 0

[PATCH v6] clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks

by Krzysztof Kozlowski

On SM8750 the setting rate of pixel and byte clocks, while the parent DSI PHY PLL, fails with: disp_cc_mdss_byte0_clk_src: rcg didn't update its configuration. DSI PHY PLL has to be unprepared and its "PLL Power Down" bits in CMN_CTRL_0 asserted. Mark these clocks with CLK_OPS_PARENT_ENABLE to ensure the parent is enabled during rate changes. Cc: <stable(a)vger.kernel.org> Fixes: f1080d8dab0f ("clk: qcom: dispcc-sm8750: Add SM8750 Display clock controller") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v6: 1. Add CLK_OPS_PARENT_ENABLE also to pclk1, pclk2 and byte1. 2. Add Fixes tag and cc-stable Previously part of v5 (thus b4 diff might not work nice here): https://lore.kernel.org/r/20250430-b4-sm8750-display-v5-6-8cab30c3e4df@lina… Changes in v5: 1. New patch in above patchset. Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <lumag(a)kernel.org> --- drivers/clk/qcom/dispcc-sm8750.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/clk/qcom/dispcc-sm8750.c b/drivers/clk/qcom/dispcc-sm8750.c index 877b40d50e6f..ca09da111a50 100644 --- a/drivers/clk/qcom/dispcc-sm8750.c +++ b/drivers/clk/qcom/dispcc-sm8750.c @@ -393,7 +393,7 @@ static struct clk_rcg2 disp_cc_mdss_byte0_clk_src = { .name = "disp_cc_mdss_byte0_clk_src", .parent_data = disp_cc_parent_data_1, .num_parents = ARRAY_SIZE(disp_cc_parent_data_1), - .flags = CLK_SET_RATE_PARENT, + .flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE, .ops = &clk_byte2_ops, }, }; @@ -408,7 +408,7 @@ static struct clk_rcg2 disp_cc_mdss_byte1_clk_src = { .name = "disp_cc_mdss_byte1_clk_src", .parent_data = disp_cc_parent_data_1, .num_parents = ARRAY_SIZE(disp_cc_parent_data_1), - .flags = CLK_SET_RATE_PARENT, + .flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE, .ops = &clk_byte2_ops, }, }; @@ -712,7 +712,7 @@ static struct clk_rcg2 disp_cc_mdss_pclk0_clk_src = { .name = "disp_cc_mdss_pclk0_clk_src", .parent_data = disp_cc_parent_data_1, .num_parents = ARRAY_SIZE(disp_cc_parent_data_1), - .flags = CLK_SET_RATE_PARENT, + .flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE, .ops = &clk_pixel_ops, }, }; @@ -727,7 +727,7 @@ static struct clk_rcg2 disp_cc_mdss_pclk1_clk_src = { .name = "disp_cc_mdss_pclk1_clk_src", .parent_data = disp_cc_parent_data_1, .num_parents = ARRAY_SIZE(disp_cc_parent_data_1), - .flags = CLK_SET_RATE_PARENT, + .flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE, .ops = &clk_pixel_ops, }, }; @@ -742,7 +742,7 @@ static struct clk_rcg2 disp_cc_mdss_pclk2_clk_src = { .name = "disp_cc_mdss_pclk2_clk_src", .parent_data = disp_cc_parent_data_1, .num_parents = ARRAY_SIZE(disp_cc_parent_data_1), - .flags = CLK_SET_RATE_PARENT, + .flags = CLK_SET_RATE_PARENT | CLK_OPS_PARENT_ENABLE, .ops = &clk_pixel_ops, }, }; -- 2.45.2

6 days

4
3
0 0

[PATCH] clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src

by Christian Marangi

With the conversion done by commit e88f03230dc0 ("clk: qcom: gcc-ipq8074: rework nss_port5/6 clock to multiple conf") a Copy-Paste error was made for the nss_port6_tx_clk_src frequency table. This was caused by the wrong setting of the parent in ftbl_nss_port6_tx_clk_src that was wrongly set to P_UNIPHY1_RX instead of P_UNIPHY2_TX. This cause the UNIPHY2 port to malfunction when it needs to be scaled to higher clock. The malfunction was observed with the example scenario with an Aquantia 10G PHY connected and a speed higher than 1G (example 2.5G) Fix the broken frequency table to restore original functionality. Cc: stable(a)vger.kernel.org Fixes: e88f03230dc0 ("clk: qcom: gcc-ipq8074: rework nss_port5/6 clock to multiple conf") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/clk/qcom/gcc-ipq8074.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c index 7258ba5c0900..1329ea28d703 100644 --- a/drivers/clk/qcom/gcc-ipq8074.c +++ b/drivers/clk/qcom/gcc-ipq8074.c @@ -1895,10 +1895,10 @@ static const struct freq_conf ftbl_nss_port6_tx_clk_src_125[] = { static const struct freq_multi_tbl ftbl_nss_port6_tx_clk_src[] = { FMS(19200000, P_XO, 1, 0, 0), FM(25000000, ftbl_nss_port6_tx_clk_src_25), - FMS(78125000, P_UNIPHY1_RX, 4, 0, 0), + FMS(78125000, P_UNIPHY2_TX, 4, 0, 0), FM(125000000, ftbl_nss_port6_tx_clk_src_125), - FMS(156250000, P_UNIPHY1_RX, 2, 0, 0), - FMS(312500000, P_UNIPHY1_RX, 1, 0, 0), + FMS(156250000, P_UNIPHY2_TX, 2, 0, 0), + FMS(312500000, P_UNIPHY2_TX, 1, 0, 0), { } }; -- 2.48.1

6 days

3
2
0 0

[PATCH RESEND 5.10.y 0/4] serial: sh-sci: Backport fixes

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Hi, Commit 653143ed73ec ("serial: sh-sci: Check if TX data was written to device in .tx_empty()") doesn't apply cleanly on top of v5.10.y stable tree. This series adjust it. Along with it, propose for backporting other sh-sci fixes. Please provide your feedback. Thank you, Claudiu Beznea Claudiu Beznea (4): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device drivers/tty/serial/sh-sci.c | 97 ++++++++++++++++++++++++++++++------- 1 file changed, 79 insertions(+), 18 deletions(-) -- 2.43.0

6 days, 1 hour

2
8
0 0

[PATCH 6.1.y 0/4] serial: sh-sci: Backport fixes

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Hi, Commit 653143ed73ec ("serial: sh-sci: Check if TX data was written to device in .tx_empty()") doesn't apply cleanly on top of v6.1.y stable tree. This series adjust it. Along with it, propose for backporting other sh-sci fixes. Please provide your feedback. Thank you, Claudiu Beznea Claudiu Beznea (4): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device drivers/tty/serial/sh-sci.c | 97 ++++++++++++++++++++++++++++++------- 1 file changed, 79 insertions(+), 18 deletions(-) -- 2.43.0

6 days, 2 hours

2
8
0 0

[PATCH 5.15.y 0/4] serial: sh-sci: Backport fixes

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Hi, Commit 653143ed73ec ("serial: sh-sci: Check if TX data was written to device in .tx_empty()") doesn't apply cleanly on top of v5.15.y stable tree. This series adjust it. Along with it, propose for backporting other sh-sci fixes. Please provide your feedback. Thank you, Claudiu Beznea Claudiu Beznea (4): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device drivers/tty/serial/sh-sci.c | 97 ++++++++++++++++++++++++++++++------- 1 file changed, 79 insertions(+), 18 deletions(-) -- 2.43.0

6 days, 2 hours

2
8
0 0

[PATCH 5.4.y] NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes

by Larry Bassel

From: Chuck Lever <chuck.lever(a)oracle.com> [ Upstream commit a648fdeb7c0e17177a2280344d015dba3fbe3314 ] iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without corrupting the value. Silently capping the value results in storing a different value than the client passed in which is unexpected behavior, so remove the min_t() check in decode_sattr3(). Note that RFC 1813 permits only the WRITE procedure to return NFS3ERR_FBIG. We believe that NFSv3 reference implementations also return NFS3ERR_FBIG when ia_size is too large. Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> (cherry picked from commit a648fdeb7c0e17177a2280344d015dba3fbe3314) [Larry: backport to 5.4.y. Minor conflict resolved due to missing commit 9cde9360d18d NFSD: Update the SETATTR3args decoder to use struct xdr_stream] Signed-off-by: Larry Bassel <larry.bassel(a)oracle.com> --- fs/nfsd/nfs3xdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 03e8c45a52f3..25b6b4db0af2 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -122,7 +122,7 @@ decode_sattr3(__be32 *p, struct iattr *iap, struct user_namespace *userns) iap->ia_valid |= ATTR_SIZE; p = xdr_decode_hyper(p, &newsize); - iap->ia_size = min_t(u64, newsize, NFS_OFFSET_MAX); + iap->ia_size = newsize; } if ((tmp = ntohl(*p++)) == 1) { /* set to server time */ iap->ia_valid |= ATTR_ATIME; -- 2.46.0

6 days, 2 hours

2
1
0 0

[PATCH 6.6.y 0/4] serial: sh-sci: Backport fixes

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Hi, Commit 653143ed73ec ("serial: sh-sci: Check if TX data was written to device in .tx_empty()") doesn't apply cleanly on top of v6.6.y stable tree. This series adjust it. Along with it, propose for backporting other sh-sci fixes. Please provide your feedback. Thank you, Claudiu Beznea Claudiu Beznea (4): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device drivers/tty/serial/sh-sci.c | 97 ++++++++++++++++++++++++++++++------- 1 file changed, 79 insertions(+), 18 deletions(-) -- 2.43.0

6 days, 2 hours

2
8
0 0

[PATCH 5.4.y] NFSD: Fix ia_size underflow

by Larry Bassel

From: Chuck Lever <chuck.lever(a)oracle.com> [ Upstream commit e6faac3f58c7c4176b66f63def17a34232a17b0e ] iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is already larger than Linux can handle. Currently decode_fattr4() dumps a full u64 value into ia_size. If that value happens to be larger than S64_MAX, then ia_size underflows. I'm about to fix up the NFSv3 behavior as well, so let's catch the underflow in the common code path: nfsd_setattr(). Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> (cherry picked from commit e6faac3f58c7c4176b66f63def17a34232a17b0e) [Larry: backport to 5.4.y. Minor conflict resolved due to missing commit 2f221d6f7b88 attr: handle idmapped mounts] Signed-off-by: Larry Bassel <larry.bassel(a)oracle.com> --- fs/nfsd/vfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 6aa968bee0ce..bee4fdf6e239 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -448,6 +448,10 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, .ia_size = iap->ia_size, }; + host_err = -EFBIG; + if (iap->ia_size < 0) + goto out_unlock; + host_err = notify_change(dentry, &size_attr, NULL); if (host_err) goto out_unlock; -- 2.46.0

6 days, 2 hours

2
1
0 0

[PATCH v3 4/5] scsi: fnic: Turn off FDMI ACTIVE flags on link down

by Karan Tilak Kumar

When the link goes down and comes up, FDMI requests are not sent out anymore. Fix bug by turning off FNIC_FDMI_ACTIVE when the link goes down. Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Reviewed-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> # 6.14.x Please see patch description Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- drivers/scsi/fnic/fdls_disc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index 9e9939d41fa8..14691db4d5f9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -5078,9 +5078,12 @@ void fnic_fdls_link_down(struct fnic_iport_s *iport) fdls_delete_tport(iport, tport); } - if ((fnic_fdmi_support == 1) && (iport->fabric.fdmi_pending > 0)) { - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending = 0; + if (fnic_fdmi_support == 1) { + if (iport->fabric.fdmi_pending > 0) { + timer_delete_sync(&iport->fabric.fdmi_timer); + iport->fabric.fdmi_pending = 0; + } + iport->flags &= ~FNIC_FDMI_ACTIVE; } FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, -- 2.47.1

6 days, 3 hours

1
0
0 0

[PATCH net v3 1/2] net: clear the dst when changing skb protocol

by Jakub Kicinski

A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flips ingress packets from v4 to v6: BUG: kernel NULL pointer dereference, address: 0000000000000000 ip6_rcv_core (net/ipv6/ip6_input.c:190:20) ipv6_rcv (net/ipv6/ip6_input.c:306:8) process_backlog (net/core/dev.c:6186:4) napi_poll (net/core/dev.c:6906:9) net_rx_action (net/core/dev.c:7028:13) do_softirq (kernel/softirq.c:462:3) netif_rx (net/core/dev.c:5326:3) dev_loopback_xmit (net/core/dev.c:4015:2) ip_mc_finish_output (net/ipv4/ip_output.c:363:8) NF_HOOK (./include/linux/netfilter.h:314:9) ip_mc_output (net/ipv4/ip_output.c:400:5) dst_output (./include/net/dst.h:459:9) ip_local_out (net/ipv4/ip_output.c:130:9) ip_send_skb (net/ipv4/ip_output.c:1496:8) udp_send_skb (net/ipv4/udp.c:1040:8) udp_sendmsg (net/ipv4/udp.c:1328:10) The output interface has a 4->6 program attached at ingress. We try to loop the multicast skb back to the sending socket. Ingress BPF runs as part of netif_rx(), pushes a valid v6 hdr and changes skb->protocol to v6. We enter ip6_rcv_core which tries to use skb_dst(). But the dst is still an IPv4 one left after IPv4 mcast output. Clear the dst in all BPF helpers which change the protocol. Try to preserve metadata dsts, those may carry non-routing metadata. Cc: stable(a)vger.kernel.org Reviewed-by: Maciej Żenczykowski <maze(a)google.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Fixes: d219df60a70e ("bpf: Add ipip6 and ip6ip decap support for bpf_skb_adjust_room()") Fixes: 1b00e0dfe7d0 ("bpf: update skb->protocol in bpf_skb_net_grow") Fixes: 6578171a7ff0 ("bpf: add bpf_skb_change_proto helper") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- v3: - go back to v1, the encap / decap which don't change proto will be added in -next - split out the test v2: https://lore.kernel.org/20250607204734.1588964-1-kuba@kernel.org - drop on encap/decap - fix typo (protcol) - add the test to the Makefile v1: https://lore.kernel.org/20250604210604.257036-1-kuba@kernel.org I wonder if we should not skip ingress (tc_skip_classify?) for looped back packets in the first place. But that doesn't seem robust enough vs multiple redirections to solve the crash. Ignoring LOOPBACK packets (like the NAT46 prog should) doesn't work either, since BPF can change pkt_type arbitrarily. CC: martin.lau(a)linux.dev CC: daniel(a)iogearbox.net CC: john.fastabend(a)gmail.com CC: eddyz87(a)gmail.com CC: sdf(a)fomichev.me CC: haoluo(a)google.com CC: willemb(a)google.com CC: william.xuanziyang(a)huawei.com CC: alan.maguire(a)oracle.com CC: bpf(a)vger.kernel.org CC: edumazet(a)google.com CC: maze(a)google.com CC: shuah(a)kernel.org CC: linux-kselftest(a)vger.kernel.org CC: yonghong.song(a)linux.dev --- net/core/filter.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 327ca73f9cd7..7a72f766aacf 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3233,6 +3233,13 @@ static const struct bpf_func_proto bpf_skb_vlan_pop_proto = { .arg1_type = ARG_PTR_TO_CTX, }; +static void bpf_skb_change_protocol(struct sk_buff *skb, u16 proto) +{ + skb->protocol = htons(proto); + if (skb_valid_dst(skb)) + skb_dst_drop(skb); +} + static int bpf_skb_generic_push(struct sk_buff *skb, u32 off, u32 len) { /* Caller already did skb_cow() with len as headroom, @@ -3329,7 +3336,7 @@ static int bpf_skb_proto_4_to_6(struct sk_buff *skb) } } - skb->protocol = htons(ETH_P_IPV6); + bpf_skb_change_protocol(skb, ETH_P_IPV6); skb_clear_hash(skb); return 0; @@ -3359,7 +3366,7 @@ static int bpf_skb_proto_6_to_4(struct sk_buff *skb) } } - skb->protocol = htons(ETH_P_IP); + bpf_skb_change_protocol(skb, ETH_P_IP); skb_clear_hash(skb); return 0; @@ -3550,10 +3557,10 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff, /* Match skb->protocol to new outer l3 protocol */ if (skb->protocol == htons(ETH_P_IP) && flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) - skb->protocol = htons(ETH_P_IPV6); + bpf_skb_change_protocol(skb, ETH_P_IPV6); else if (skb->protocol == htons(ETH_P_IPV6) && flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4) - skb->protocol = htons(ETH_P_IP); + bpf_skb_change_protocol(skb, ETH_P_IP); } if (skb_is_gso(skb)) { @@ -3606,10 +3613,10 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff, /* Match skb->protocol to new outer l3 protocol */ if (skb->protocol == htons(ETH_P_IP) && flags & BPF_F_ADJ_ROOM_DECAP_L3_IPV6) - skb->protocol = htons(ETH_P_IPV6); + bpf_skb_change_protocol(skb, ETH_P_IPV6); else if (skb->protocol == htons(ETH_P_IPV6) && flags & BPF_F_ADJ_ROOM_DECAP_L3_IPV4) - skb->protocol = htons(ETH_P_IP); + bpf_skb_change_protocol(skb, ETH_P_IP); if (skb_is_gso(skb)) { struct skb_shared_info *shinfo = skb_shinfo(skb); -- 2.49.0

6 days, 3 hours

3
2
0 0

[PATCH v2 1/5] scsi: fnic: Set appropriate logging level for log message

by Karan Tilak Kumar

Replace KERN_INFO with KERN_DEBUG for a log message. Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Reviewed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- drivers/scsi/fnic/fnic_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/fnic/fnic_scsi.c b/drivers/scsi/fnic/fnic_scsi.c index 7133b254cbe4..75b29a018d1f 100644 --- a/drivers/scsi/fnic/fnic_scsi.c +++ b/drivers/scsi/fnic/fnic_scsi.c @@ -1046,7 +1046,7 @@ static void fnic_fcpio_icmnd_cmpl_handler(struct fnic *fnic, unsigned int cq_ind if (icmnd_cmpl->scsi_status == SAM_STAT_TASK_SET_FULL) atomic64_inc(&fnic_stats->misc_stats.queue_fulls); - FNIC_SCSI_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + FNIC_SCSI_DBG(KERN_DEBUG, fnic->host, fnic->fnic_num, "xfer_len: %llu", xfer_len); break; -- 2.47.1

6 days, 4 hours

2
5
0 0

[PATCH v4] mm: userfaultfd: fix race of userfaultfd_move and swap cache

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still belongs to the src swap entry and that no new folio has been added to the swap cache, which turns out to be unreliable. While working and reviewing the swap table series with Barry, following existing races are observed and reproduced [1]: In the example below, move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 is not in the swap cache: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B can use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry PTE // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced easily. This can be fixed by checking if the folio returned by filemap is the valid swap cache folio after acquiring the folio lock. Another similar race is possible: filemap_get_folio may return NULL, but folio (A) could be swapped in and then swapped out again using the same swap entry after the lookup. In such a case, folio (A) may remain in the swap cache, so it must be moved too: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1, and S1 is not in swap cache folio = filemap_get_folio(S1) // Got NULL ... < interrupted again> ... <swapin folio A and free S1> <swapout folio A re-using S1> move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // folio A is ignored !!! Fix this by checking the swap cache again after acquiring the src_pte lock. And to avoid the filemap overhead, we check swap_map directly [2]. The SWP_SYNCHRONOUS_IO path does make the problem more complex, but so far we don't need to worry about that, since folios can only be exposed to the swap cache in the swap out path, and this is covered in this patch by checking the swap cache again after acquiring the src_pte lock. Testing with a simple C program that allocates and moves several GB of memory did not show any observable performance change. Cc: <stable(a)vger.kernel.org> Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Link: https://lore.kernel.org/all/CAGsJ_4yJhJBo16XhiC-nUzSheyX-V3-nFE+tAi=8Y560K8… [2] Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Lokesh Gidra <lokeshgidra(a)google.com> --- V1: https://lore.kernel.org/linux-mm/20250530201710.81365-1-ryncsn@gmail.com/ Changes: - Check swap_map instead of doing a filemap lookup after acquiring the PTE lock to minimize critical section overhead [ Barry Song, Lokesh Gidra ] V2: https://lore.kernel.org/linux-mm/20250601200108.23186-1-ryncsn@gmail.com/ Changes: - Move the folio and swap check inside move_swap_pte to avoid skipping the check and potential overhead [ Lokesh Gidra ] - Add a READ_ONCE for the swap_map read to ensure it reads a up to dated value. V3: https://lore.kernel.org/all/20250602181419.20478-1-ryncsn@gmail.com/ Changes: - Add more comments and more context in commit message. mm/userfaultfd.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index bc473ad21202..8253978ee0fb 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1084,8 +1084,18 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si, swp_entry_t entry) { + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (src_folio && unlikely(!folio_test_swapcache(src_folio) || + entry.val != src_folio->swap.val)) + return -EAGAIN; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1112,25 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Otherwise, we might miss a newly loaded swap cache folio. + * + * Check swap_map directly to minimize overhead, READ_ONCE is sufficient. + * We are trying to catch newly added swap cache, the only possible case is + * when a folio is swapped in and out again staying in swap cache, using the + * same entry before the PTE check above. The PTL is acquired and released + * twice, each time after updating the swap_map's flag. So holding + * the PTL here ensures we see the updated value. False positive is possible, + * e.g. SWP_SYNCHRONOUS_IO swapin may set the flag without touching the + * cache, or during the tiny synchronization window between swap cache and + * swap_map, but it will be gone very quickly, worst result is retry jitters. + */ + if (READ_ONCE(si->swap_map[swp_offset(entry)]) & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1412,7 +1441,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } out: -- 2.49.0

6 days, 4 hours

6
6
0 0

+ mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() has been added to the -mm mm-new branch. Its filename is mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Date: Wed, 11 Jun 2025 14:06:52 +0200 Patch series "mm/huge_memory: vmf_insert_folio_*() and vmf_insert_pfn_pud() fixes", v2. While working on improving vm_normal_page() and friends, I stumbled over this issues: refcounted "normal" pages must not be marked using pmd_special() / pud_special(). Fortunately, so far there doesn't seem to be serious damage. This patch (of 3): We setup the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. Identified by code inspection. Link: https://lkml.kernel.org/r/20250611120654.545963-1-david@redhat.com Link: https://lkml.kernel.org/r/20250611120654.545963-2-david@redhat.com Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/huge_memory.c~mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud +++ a/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_ pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct v add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; _ Patches currently in -mm which might be from david(a)redhat.com are mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

6 days, 5 hours

1
0
0 0

[PATCH wireless v2] Revert "wifi: mwifiex: Fix HT40 bandwidth issue."

by Francesco Dolcini

From: Francesco Dolcini <francesco.dolcini(a)toradex.com> This reverts commit 4fcfcbe457349267fe048524078e8970807c1a5b. That commit introduces a regression, when HT40 mode is enabled, received packets are lost, this was experience with W8997 with both SDIO-UART and SDIO-SDIO variants. From an initial investigation the issue solves on its own after some time, but it's not clear what is the reason. Given that this was just a performance optimization, let's revert it till we have a better understanding of the issue and a proper fix. Cc: Jeff Chen <jeff.chen_1(a)nxp.com> Cc: stable(a)vger.kernel.org Fixes: 4fcfcbe45734 ("wifi: mwifiex: Fix HT40 bandwidth issue.") Closes: https://lore.kernel.org/all/20250603203337.GA109929@francesco-nb/ Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- v2: fix reverted commit sha v1: https://lore.kernel.org/all/20250605100313.34014-1-francesco@dolcini.it/ --- drivers/net/wireless/marvell/mwifiex/11n.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/marvell/mwifiex/11n.c b/drivers/net/wireless/marvell/mwifiex/11n.c index 738bafc3749b..66f0f5377ac1 100644 --- a/drivers/net/wireless/marvell/mwifiex/11n.c +++ b/drivers/net/wireless/marvell/mwifiex/11n.c @@ -403,14 +403,12 @@ mwifiex_cmd_append_11n_tlv(struct mwifiex_private *priv, if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 && bss_desc->bcn_ht_oper->ht_param & - IEEE80211_HT_PARAM_CHAN_WIDTH_ANY) { - chan_list->chan_scan_param[0].radio_type |= - CHAN_BW_40MHZ << 2; + IEEE80211_HT_PARAM_CHAN_WIDTH_ANY) SET_SECONDARYCHAN(chan_list->chan_scan_param[0]. radio_type, (bss_desc->bcn_ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET)); - } + *buffer += struct_size(chan_list, chan_scan_param, 1); ret_len += struct_size(chan_list, chan_scan_param, 1); } -- 2.39.5

6 days, 5 hours

2
1
0 0