- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.120 release. There are 737 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.120-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.120-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "iommu/amd: Skip enabling command/event buffers for kdump" Amitai Gottlieb <amitaig(a)hailo.ai> firmware: arm_scmi: Fix unused notifier-block in unregister Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: fix tty_port_tty_*hangup() kernel-doc Ming Lei <ming.lei(a)redhat.com> blk-mq: setup queue ->tag_set before initializing hctx Sean Nyekjaer <sean(a)geanix.com> pwm: stm32: Always program polarity Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring EST Lizhi Xu <lizhi.xu(a)windriver.com> ext4: filesystems without casefold feature cannot be mounted with siphash Maximilian Immanuel Brandtner <maxbr(a)linux.ibm.com> virtio_console: fix order of fields cols and rows SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory failure from damon_test_target() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Remove the direct link to net_device Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> net: Allow to use SMP threads for backlog NAPI. Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> net: Remove conditional threaded-NAPI wakeup based on task state. Peter Zijlstra (Intel) <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Fix redundant updates of LBR MSR intercepts Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Fix and simplify LBR virtualization handling with nested Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() Chen-Yu Tsai <wenst(a)chromium.org> media: mediatek: vcodec: Use spinlock for context list protection lock Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Remove vpu_vb_is_codecconfig Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: amphion: Make some vpu_v4l2 functions static Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Add a frame flush mode for decoder Dongli Zhang <dongli.zhang(a)oracle.com> KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: we cannot have isolated pages in the balloon list Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix CPU stalls on G2 bus error Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: g2: Use common helpers to compute chroma and mv offsets Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: Store chroma and motion vectors offset Chao Yu <chao(a)kernel.org> f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Chao Yu <chao(a)kernel.org> f2fs: use global inline_xattr_slab instead of per-sb slab cache Chao Yu <chao(a)kernel.org> f2fs: fix to propagate error from f2fs_enable_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating compression context during writeback Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: drop inode from the donation list when the last file is closed Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: keep POSIX_FADV_NOREUSE ranges Chao Yu <chao(a)kernel.org> f2fs: remove unused GC_FAILURE_PIN Gyeyoung Baek <gye976(a)gmail.com> genirq/irq_sim: Initialize work context pointers properly Jingbo Xu <jefflexu(a)linux.alibaba.com> mm: fix arithmetic for max_prop_frac when setting max_ratio Jingbo Xu <jefflexu(a)linux.alibaba.com> mm: fix arithmetic for bdi min_ratio Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Dong Chenchen <dongchenchen2(a)huawei.com> page_pool: Fix use-after-free in page_pool_recycle_in_ring Florian Westphal <fw(a)strlen.de> xfrm: state: fix out-of-bounds read during lookup Ye Bin <yebin10(a)huawei.com> ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() Ye Bin <yebin10(a)huawei.com> ext4: introduce ITAIL helper Gabriel Krisman Bertazi <krisman(a)suse.de> ext4: fix error message when rejecting the default hash Hari Bathini <hbathini(a)linux.ibm.com> powerpc/64s/radix/kfence: map __kfence_pool at page granularity Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: Refactor register restoration in ftrace_common_return Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Fix null pointer deref in dcn20_resource.c Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Apply the link chain quirk on NEC isoc endpoints Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: move link chain bit quirk checks into one helper function. Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister: fixup Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: introduce and use tty_port_tty_vhangup() helper Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> drm/tilcdc: Fix removal actions in case of failed probe Philipp Stanner <pstanner(a)redhat.com> drm/tilcdc: request and mapp iomem with devres Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe resource leaks Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe memory leak Natalie Vock <natalie.vock(a)gmx.de> drm/amdgpu: Forward VMID reservation errors Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure context reset on disconnect() Miaoqian Lin <linmq006(a)gmail.com> net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Wentao Liang <vulab(a)iscas.ac.cn> pmdomain: imx: Fix reference count leak in imx_gpc_probe() Rob Herring <robh(a)kernel.org> pmdomain: Use device_get_match_data() Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand <david(a)redhat.com> mm: simplify folio_expected_ref_count() Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address NeilBrown <neil(a)brown.name> lockd: fix vfs_test_lock() calls Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix disabling L0s capability Joanne Koong <joannelkoong(a)gmail.com> fuse: fix readahead reclaim deadlock Joshua Rogers <linux(a)joshua.hu> svcrdma: bound check rq_pages index in inline path Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Askar Safin <safinaskar(a)gmail.com> gpiolib: acpi: Add quirk for Dell Precision 7780 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap Chao Yu <chao(a)kernel.org> f2fs: fix to avoid potential deadlock Chao Yu <chao(a)kernel.org> f2fs: use f2fs_err_ratelimited() to avoid redundant logs Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ignore unknown endpoint flags Seunghwan Baek <sh8267.baek(a)samsung.com> scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Johan Hovold <johan(a)kernel.org> usb: ohci-nxp: fix device leak on probe failure Zhang Zekun <zhangzekun11(a)huawei.com> usb: ohci-nxp: Use helper function devm_clk_get_enabled() xu xin <xu.xin16(a)zte.com.cn> mm/ksm: fix exec/fork inheritance support for prctl Sven Eckelmann (Plasma Cloud) <se(a)simonwunderlich.de> wifi: mt76: Fix DTS power-limits on little endian systems Josef Bacik <josef(a)toxicpanda.com> btrfs: don't rewrite ret from inode_permission Alexey Velichayshiy <a.velichayshiy(a)ispras.ru> gfs2: fix freeze error handling Ye Bin <yebin10(a)huawei.com> jbd2: fix the inconsistency between checksum and data in memory for journal sb Fedor Pchelkin <pchelkin(a)ispras.ru> ext4: fix string copying in parse_apply_sb_mount_options() Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Clear substream pointers on close Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use guard() for spin locks Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Fix integer overflow in sample size validation Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use standard print API Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> tpm: Cap the number of PCR banks Ming Lei <ming.lei(a)redhat.com> blk-mq: add helper for checking if one CPU is mapped to specified hctx Johan Hovold <johan(a)kernel.org> usb: gadget: lpc32xx_udc: fix clock imbalance in error path Lyude Paul <lyude(a)redhat.com> drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Krzysztof Niemiec <krzysztof.niemiec(a)intel.com> drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Nikolay Kuratov <kniv(a)yandex-team.ru> drm/msm/dpu: Add missing NULL pointer check for pingpong interface René Rebe <rene(a)exactco.de> drm/mgag200: Fix big-endian support Simon Richter <Simon.Richter(a)hogyros.de> drm/ttm: Avoid NULL pointer deref for evicted BOs Miaoqian Lin <linmq006(a)gmail.com> drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Thomas Zimmermann <tzimmermann(a)suse.de> drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Xiaolei Wang <xiaolei.wang(a)windriver.com> net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Deepanshu Kartikey <kartikey406(a)gmail.com> net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Ethan Nelson-Moore <enelsonmoore(a)gmail.com> net: usb: sr9700: fix incorrect command used to write single register Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> nfsd: Drop the client reference in client_states_open() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Sign extend kfunc call arguments Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Zero-extend bpf_tail_call() index Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> fjes: Add missing iounmap in fjes_hw_init() Guangshuo Li <lgs201920130244(a)gmail.com> e1000: fix OOB in e1000_tbi_should_accept() Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/cm: Fix leaking the multicast GID table reference Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly Chenghao Duan <duanchenghao(a)kylinos.cn> samples/ftrace: Adjust LoongArch register restore order in direct calls Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/mm/page_owner_sort: fix timestamp comparison for stable sorting Rong Zhang <i(a)rong.moe> x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo Matthew Wilcox (Oracle) <willy(a)infradead.org> idr: fix idr_alloc() returning an ID out of range Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: refactor pcpu kasan vmalloc unpoison H. Peter Anvin <hpa(a)zytor.com> compiler_types.h: add "auto" as a macro for "__auto_type" Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Use unsigned long for _end and _text WangYuli <wangyl5933(a)chinaunicom.cn> LoongArch: Use __pmd()/__pte() for swap entry conversions Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix build errors for CONFIG_RANDSTRUCT Qiang Ma <maqianga(a)uniontech.com> LoongArch: Correct the calculation logic of thread_count Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add new PCI ID for pci_fixup_vgadev() Haoxiang Li <haoxiang_li2024(a)163.com> media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Cancel message work before releasing the VPU core Johan Hovold <johan(a)kernel.org> media: vpif_display: fix section mismatch Johan Hovold <johan(a)kernel.org> media: vpif_capture: fix section mismatch Haotian Zhang <vulab(a)iscas.ac.cn> media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Protect G2 HEVC decoder against invalid DPB index Duoming Zhou <duoming(a)zju.edu.cn> media: TDA1997x: Remove redundant cancel_delayed_work in probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: samsung: exynos4-is: fix potential ABBA deadlock on init Miaoqian Lin <linmq006(a)gmail.com> media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled Ivan Abramov <i.abramov(a)mt-integration.ru> media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Haotian Zhang <vulab(a)iscas.ac.cn> media: cec: Fix debugfs leak on bus_register() failure René Rebe <rene(a)exactco.de> fbdev: tcx.c fix mem_map to correct smem_start offset Thorsten Blum <thorsten.blum(a)linux.dev> fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Rene Rebe <rene(a)exactco.de> fbdev: gbefb: fix to use physical address instead of dma address Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: align write boundary on physical block size Uladzislau Rezki (Sony) <urezki(a)gmail.com> dm-ebs: Mark full buffer dirty even on partial write Mahesh Rao <mahesh.rao(a)altera.com> firmware: stratix10-svc: Add mutex in stratix10 memory management Ivan Abramov <i.abramov(a)mt-integration.ru> media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION Sven Schnelle <svens(a)stackframe.org> parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Sven Schnelle <svens(a)stackframe.org> parisc: entry.S: fix space adjustment on interruption for 64-bit userspace Haotian Zhang <vulab(a)iscas.ac.cn> media: rc: st_rc: Fix reset control resource leak Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77620: Fix potential IRQ chip conflict when probing two devices Johan Hovold <johan(a)kernel.org> mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup Nathan Chancellor <nathan(a)kernel.org> clk: samsung: exynos-clkout: Assign .num before accessing .hws Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Enable chip before any communication Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Allow LED 0 to be added to module bank Donet Tom <donettom(a)linux.ibm.com> powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dave Vasilevsky <dave(a)vasilevsky.ca> powerpc, mm: Fix mprotect on book3s 32-bit Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Lukas Wunner <lukas(a)wunner.de> PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Hans de Goede <johannes.goede(a)oss.qualcomm.com> HID: logitech-dj: Remove duplicate error logging Lu Baolu <baolu.lu(a)linux.intel.com> iommu: disable SVA when CONFIG_X86 is set Johan Hovold <johan(a)kernel.org> iommu/tegra: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/sun50i: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/qcom: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/omap: fix device leaks on probe_device() Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leaks on probe() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/ipmmu-vmsa: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/exynos: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/apple-dart: fix device leak on of_xlate() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6adm: the the copp device only during last instance Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6asm-dai: perform correct state check before closing Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix OF node leak on probe Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix clk prepare imbalance on probe failure Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix device leak on probe Matthew Wilcox (Oracle) <willy(a)infradead.org> ntfs: Do not overwrite uptodate pages Yipeng Zou <zouyipeng(a)huawei.com> selftests/ftrace: traceonoff_triggers: strip off names Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: skip CPU offline notify on unmapped hctx Ming Lei <ming.lei(a)redhat.com> blk-mq: don't schedule block kworker on isolated CPUs Thomas Fourier <fourier.thomas(a)gmail.com> RDMA/bnxt_re: fix dma_free_coherent() pointer Honggang LI <honggangli(a)163.com> RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Zilin Guan <zilin(a)seu.edu.cn> ksmbd: Fix memory leak in get_file_all_info() Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to use correct page size for PDE table Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() Jang Ingyu <ingyujang25(a)korea.ac.kr> RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Remove possible negative shift Michal Schmidt <mschmidt(a)redhat.com> RDMA/irdma: avoid invalid read in irdma_net_event Pwnverse <stanksal(a)purdue.edu> net: rose: fix invalid array index in rose_kill_by_device() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix reference count leak when using error routes with nexthop objects Will Rosenberg <whrosenb(a)asu.edu> ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() Wei Fang <wei.fang(a)nxp.com> net: stmmac: fix the crash issue for zero copy XDP_TX action Anshumali Gaur <agaur(a)marvell.com> octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Junrui Luo <moonafterrain(a)outlook.com> platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing Bagas Sanjaya <bagasdotme(a)gmail.com> net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Deepanshu Kartikey <kartikey406(a)gmail.com> net: usb: asix: validate PHY address before use Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: skip multicast entries for fdb_dump() Thomas Fourier <fourier.thomas(a)gmail.com> firewire: nosy: Fix dma_free_coherent() size Andrew Morton <akpm(a)linux-foundation.org> genalloc.h: fix htmldocs warning Yeoreum Yun <yeoreum.yun(a)arm.com> smc91x: fix broken irq-context in PREEMPT_RT Alice C. Munduruca <alice.munduruca(a)canonical.com> selftests: net: fix "buffer overflow detected" for tap.c Deepakkumar Karn <dkarn(a)redhat.com> net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: reset retries and mode on RX adapt failures Jiri Pirko <jiri(a)resnulli.us> team: fix check for port enabled in team_queue_override_port_prio_changed() Junrui Luo <moonafterrain(a)outlook.com> platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic Thomas Fourier <fourier.thomas(a)gmail.com> platform/x86: msi-laptop: add missing sysfs_remove_group() Eric Dumazet <edumazet(a)google.com> ip6_gre: make ip6gre_header() robust Toke Høiland-Jørgensen <toke(a)redhat.com> net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Jacky Chou <jacky_chou(a)aspeedtech.com> net: mdio: aspeed: add dummy read to avoid read-after-write issue Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: revert use of devm_kzalloc in btusb Herbert Xu <herbert(a)gondor.apana.org.au> crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Kohei Enju <enjuk(a)amazon.com> iavf: fix off-by-one issues in iavf_config_rss_reg() Przemyslaw Korba <przemyslaw.korba(a)intel.com> i40e: fix scheduling in set_rx_mode Aloka Dixit <aloka.dixit(a)oss.qualcomm.com> wifi: mac80211: do not use old MBSSID elements Dan Carpenter <dan.carpenter(a)linaro.org> wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: limit indirect IO under powered off for RTL8822CS Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix use-after-free on probe deferral Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83791d) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (max16065) Use local variable to avoid TOCTOU Ma Ke <make24(a)iscas.ac.cn> i2c: amd-mp2: fix reference leak in MP2 PCI device Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> platform/x86: intel: chtwc_int33fe: don't dereference swnode args Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> rpmsg: glink: fix rpmsg device leak Johan Hovold <johan(a)kernel.org> soc: amlogic: canvas: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: qcom: ocmem: fix device leak on lookup Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix fixed array of synthetic event Johan Hovold <johan(a)kernel.org> amba: tegra-ahb: Fix device leak on SMMU enable Guangshuo Li <lgs201920130244(a)gmail.com> crypto: caam - Add check for kcalloc() in test_len() Shivani Agarwal <shivani.agarwal(a)broadcom.com> crypto: af_alg - zero initialize memory allocated via sock_kmalloc Adrian Moreno <amorenoz(a)redhat.com> selftests: openvswitch: Fix escape chars in regexp. Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: correctly handle io_poll_add() return value on update Wentao Guan <guanwentao(a)uniontech.com> gpio: regmap: Fix memleak in error path in gpio_regmap_register() Sven Schnelle <svens(a)linux.ibm.com> s390/ipl: Clear SBP flag when bootprog is set Filipe Manana <fdmanana(a)suse.com> btrfs: don't log conflicting inode if it's a dir moved in the current transaction Nysal Jan K.A. <nysal(a)linux.ibm.com> powerpc/kexec: Enable SMT before waking offline CPUs Joshua Rogers <linux(a)joshua.hu> SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf Joshua Rogers <linux(a)joshua.hu> svcrdma: return 0 on success from svc_rdma_copy_inline_range Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> nfsd: Mark variable __maybe_unused to avoid W=1 build break caoping <caoping(a)cmss.chinamobile.com> net/handshake: restore destructor on submit failure Amir Goldstein <amir73il(a)gmail.com> fsnotify: do not generate ACCESS/MODIFY events on child for special files René Rebe <rene(a)exactco.de> r8169: fix RTL8117 Wake-on-Lan in DASH mode Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Do not clear needs_force_resume with enabled runtime PM Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not register unsupported perf events Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> xfs: fix a memory leak in xfs_buf_item_init() Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() Sean Christopherson <seanjc(a)google.com> KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 Ilya Dryomov <idryomov(a)gmail.com> libceph: make decode_pool() more resilient against corrupted osdmaps Helge Deller <deller(a)gmx.de> parisc: Do not reprogram affinitiy on ASP chip Zhichi Lin <zhichi.lin(a)vivo.com> scs: fix a wrong parameter in __scs_magic Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Prithvi Tambewagh <activprithvi(a)gmail.com> ocfs2: fix kernel BUG in ocfs2_find_victim_chain Jeongjun Park <aha310510(a)gmail.com> media: vidtv: initialize local pointers upon transfer of memory ownership Alison Schofield <alison.schofield(a)intel.com> tools/testing/nvdimm: Use per-DIMM device handle Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_recover_fsync_data() Xiaole He <hexiaole1994(a)126.com> f2fs: fix age extent cache insertion skip on counter overflow Deepanshu Kartikey <kartikey406(a)gmail.com> f2fs: invalidate dentry cache on failed whiteout creation Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating zero-sized extent in extent cache Jan Prusakowski <jprusakowski(a)google.com> f2fs: ensure node page reads complete before f2fs_put_super() finishes Andrey Vatoropin <a.vatoropin(a)crpt.ru> scsi: target: Reset t_task_cdb pointer in error case Dai Ngo <dai.ngo(a)oracle.com> NFSD: use correct reservation type in nfsd4_scsi_fence_client Junrui Luo <moonafterrain(a)outlook.com> scsi: aic94xx: fix use-after-free in device removal path Tony Battersby <tonyb(a)cybernetics.com> scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Miaoqian Lin <linmq006(a)gmail.com> cpufreq: nforce2: fix reference count leak in nforce2 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: teo: Drop misguided target residency check Ma Ke <make24(a)iscas.ac.cn> intel_th: Fix error handling in intel_th_output_open Tianchu Chen <flynnnchen(a)tencent.com> char: applicom: fix NULL pointer dereference in ac_ioctl Haoxiang Li <haoxiang_li2024(a)163.com> usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() Udipto Goswami <udipto.goswami(a)oss.qualcomm.com> usb: dwc3: keep susphy enabled during exit to avoid controller faults Miaoqian Lin <linmq006(a)gmail.com> usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe Johan Hovold <johan(a)kernel.org> usb: phy: isp1301: fix non-OF device reference imbalance Duoming Zhou <duoming(a)zju.edu.cn> usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal Ma Ke <make24(a)iscas.ac.cn> USB: lpc32xx_udc: Fix error handling in probe Johan Hovold <johan(a)kernel.org> phy: broadcom: bcm63xx-usbh: fix section mismatches Colin Ian King <colin.i.king(a)gmail.com> media: pvrusb2: Fix incorrect variable used in trace message Jeongjun Park <aha310510(a)gmail.com> media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid deadlock on fallback while reinjecting Paolo Abeni <pabeni(a)redhat.com> mptcp: schedule rtx timer only after pushing data Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-mem2mem: Fix outdated documentation Byungchul Park <byungchul(a)sk.com> jbd2: use a weaker annotation in journal handling Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key Baokun Li <libaokun1(a)huawei.com> ext4: align max orphan file size with e2fsprogs limit Yongjian Sun <sunyongjian1(a)huawei.com> ext4: fix incorrect group number assertion in mb_check_buddy Haibo Chen <haibo.chen(a)nxp.com> ext4: clear i_state_flags when alloc inode Karina Yankevich <k.yankevich(a)omp.ru> ext4: xattr: fix null pointer deref in ext4_raw_inode() Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Fix uninitialized var in config-bisect.pl Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: fix mount failure for sparse runs in run_unpack() Zheng Yejian <zhengyejian(a)huaweicloud.com> kallsyms: Fix wrong "big" kernel symbol type read from procfs Rene Rebe <rene(a)exactco.de> floppy: fix for PAGE_SIZE != 4KB Li Chen <chenl311(a)chinatelecom.cn> block: rate-limit capacity change info log Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: Fix gendisk parent after copy pair swap Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Sarthak Garg <sarthak.garg(a)oss.qualcomm.com> mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Prithvi Tambewagh <activprithvi(a)gmail.com> io_uring: fix filename leak in __io_openat_prep() Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix a memory leak in tpm2_load_cmd Zilin Guan <zilin(a)seu.edu.cn> cifs: Fix memory and information leak in smb3_reconfigure() Stefano Garzarella <sgarzare(a)redhat.com> vhost/vsock: improve RCU read sections around vhost_vsock_get() Dan Carpenter <dan.carpenter(a)linaro.org> block: rnbd-clt: Fix signedness bug in init_dev() Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Daniel Wagner <wagi(a)kernel.org> nvme-fc: don't hold rport lock when putting ctrl Jinhui Guo <guojinhui.liam(a)bytedance.com> i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware Ian Rogers <irogers(a)google.com> libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map Wenhua Lin <Wenhua.Lin(a)unisoc.com> serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: xhci: limit run_graceperiod for only usb 3.0 devices Pei Xiao <xiaopei01(a)kylinos.cn> iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Mark Pearson <mpearson-lenovo(a)squebb.ca> usb: typec: ucsi: Handle incorrect num_connectors capability Lizhi Xu <lizhi.xu(a)windriver.com> usbip: Fix locking bug in RT-enabled kernels Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix remount failure in different process environments Encrow Thorne <jyc0019(a)gmail.com> reset: fix BIT macro reference Li Qiang <liqiang01(a)kylinos.cn> via_wdt: fix critical boot hang due to unnamed resource allocation Bernd Schubert <bschubert(a)ddn.com> fuse: Invalidate the page cache after FOPEN_DIRECT_IO write Bernd Schubert <bschubert(a)ddn.com> fuse: Always flush the page cache before FOPEN_DIRECT_IO write Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Use reinit_completion on mbx_intr_comp Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled Ben Collins <bcollins(a)kernel.org> powerpc/addnote: Fix overflow on 32-bit builds Josua Mayer <josua(a)solid-run.com> clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Matthias Schiffer <matthias.schiffer(a)tq-group.com> ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: Init workqueue before request mbox channel Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix __scan_channels() failing to rescan channels Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix the race between __scan_channels() and deliver_response() Shipei Qu <qu(a)darknavy.com> ALSA: usb-mixer: us16x08: validate meter packet indices Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: vxpocket: Fix resource leak in vxpocket_probe error path Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Andrew Jeffery <andrew(a)codeconstruct.com.au> dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml Jared Kangas <jkangas(a)redhat.com> mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Christophe Leroy <christophe.leroy(a)csgroup.eu> spi: fsl-cpm: Check length parity before switching to 16 bit mode Pengjie Zhang <zhangpengjie2(a)huawei.com> ACPI: CPPC: Fix missing PCC check for guaranteed_perf Pengjie Zhang <zhangpengjie2(a)huawei.com> ACPI: PCC: Fix race condition by removing static qualifier Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_can_open(): fix error handling Christoffer Sandberg <cs(a)tuxedo.de> Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Junjie Cao <junjie.cao(a)intel.com> Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Ping Cheng <pinglinux(a)gmail.com> HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix buffer validation by including null terminator size in EA length Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Fix refcount leak when invalid session is found on session lookup Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: skip lock-range check on equal size to avoid size==0 underflow Thomas Fourier <fourier.thomas(a)gmail.com> block: rnbd-clt: Fix leaked ID in init_dev() Anurag Dutta <a-dutta(a)ti.com> spi: cadence-quadspi: Fix clock disable on probe failure path Juergen Gross <jgross(a)suse.com> x86/xen: Fix sparse warning in enlighten_pv.c Brian Gerst <brgerst(a)gmail.com> x86/xen: Move Xen upcall handler Marijn Suijten <marijn.suijten(a)somainline.org> drm/panel: sony-td4353-jdi: Enable prepare_prev_first Haoxiang Li <haoxiang_li2024(a)163.com> MIPS: Fix a reference leak bug in ip22_check_gio() Alexey Simakov <bigalex934(a)gmail.com> hwmon: (tmp401) fix overflow caused by default conversion rate value Junrui Luo <moonafterrain(a)outlook.com> hwmon: (ibmpex) fix use-after-free in high/low store Jian Shen <shenjian15(a)huawei.com> net: hns3: add VLAN id validation before using Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps in the vf driver to apply for resources Wei Fang <wei.fang(a)nxp.com> net: enetc: do not transmit redirected XDP frames when the link is down Scott Mayhew <smayhew(a)redhat.com> net/handshake: duplicate handshake cancellations leak socket Shay Drory <shayd(a)nvidia.com> net/mlx5: Serialize firmware reset with devlink Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Skip HotPlug check on sync reset using hot reset Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Handle escaped percent properly Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Validate format string parameters Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Drain firmware reset in shutdown callback Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: fw reset, clear reset requested on drain_fw_reset Gal Pressman <gal(a)nvidia.com> ethtool: Avoid overflowing userspace buffer on stats query Jason Gunthorpe <jgg(a)ziepe.ca> iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove redundant chain validation on register store Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: allow loads only when register is initialized Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: pass context structure to nft_parse_register_load Dan Carpenter <dan.carpenter(a)linaro.org> nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() Victor Nogueira <victor(a)mojatatu.com> net/sched: ets: Remove drr class from the active list if it changes to strict Junrui Luo <moonafterrain(a)outlook.com> caif: fix integer underflow in cffrml_receive() Slavin Liu <slavin452(a)gmail.com> ipvs: fix ipv4 null-ptr-deref in route error path Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: fix leaked ct in error paths Alexey Simakov <bigalex934(a)gmail.com> broadcom: b44: prevent uninitialized value usage Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix middle attribute validation in push_nsh() action Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix neighbour use-after-free Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix possible neighbour reference count leak Dmitry Skorodumov <skorodumov.dmitry(a)huawei.com> ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Wang Liang <wangliang74(a)huawei.com> netrom: Fix memory leak in nr_sendmsg() Wei Fang <wei.fang(a)nxp.com> net: fec: ERR007885 Workaround for XDP TX path Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix use of bio_chain Gongwei Li <ligongwei(a)kylinos.cn> Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Chingbin Li <liqb365(a)163.com> Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: vfs: fix race on m_flags in vfs_cache Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix return value of smb2_ioctl() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: fix remote evict for read-only filesystems Qu Wenruo <wqu(a)suse.com> btrfs: scrub: always update btrfs_scrub_progress::last_physical Hans de Goede <hansg(a)kernel.org> wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/073 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: Verify inode mode when loading from disk Yang Chenzhi <yang.chenzhi(a)vivo.com> hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/070 Pedro Demarchi Gomes <pedrodemargomes(a)gmail.com> ntfs: set dummy blocksize to read boot_block when mounting Mikhail Malyshev <mike.malyshev(a)gmail.com> kbuild: Use objtree for module signing key path Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Support timestamps prior to epoch Song Liu <song(a)kernel.org> livepatch: Match old_sympos 0 and 1 in klp_find_func() Aboorva Devarajan <aboorvad(a)linux.ibm.com> cpuidle: menu: Use residency threshold in polling state override decisions Shuhao Fu <sfual(a)cse.ust.hk> cpufreq: s5pv210: fix refcount leak Hal Feng <hal.feng(a)starfivetech.com> cpufreq: dt-platdev: Add JH7110S SOC to the allowlist Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Cryolitia PukNgae <cryolitia.pukngae(a)linux.dev> ACPICA: Avoid walking the Namespace if start_node is NULL Peter Zijlstra <peterz(a)infradead.org> x86/ptrace: Always inline trivial accessors Peter Zijlstra <peterz(a)infradead.org> sched/fair: Revert max_newidle_lb_cost bump Doug Berger <opendmb(a)gmail.com> sched/deadline: only set free_cpus for online runqueues George Kennedy <george.kennedy(a)oracle.com> perf/x86/amd: Check event before enable to avoid GPF Joanne Koong <joannelkoong(a)gmail.com> iomap: account for unaligned end offsets when truncating read range Joanne Koong <joannelkoong(a)gmail.com> iomap: adjust read range correctly for non-block-aligned positions Deepanshu Kartikey <kartikey406(a)gmail.com> btrfs: fix memory leak of fs_devices in degraded seed device path Ondrej Mosnacek <omosnace(a)redhat.com> bpf, arm64: Do not audit capability check in do_jit() Qu Wenruo <wqu(a)suse.com> btrfs: fix a potential path leak in print_data_reloc_error() Filipe Manana <fdmanana(a)suse.com> btrfs: do not skip logging new dentries when logging a new name Xin Long <lucien.xin(a)gmail.com> ipv6: add exception routes to GC list in rt6_insert_exception Eric Dumazet <edumazet(a)google.com> ipv6: avoid possible NULL deref in modify_prefix_route() Junrui Luo <moonafterrain(a)outlook.com> ALSA: dice: fix buffer overflow in detect_stream_formats() Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> usb: phy: Initialize struct usb_phy list_head Haotien Hsu <haotienh(a)nvidia.com> usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Allocate rings outside ZONE_DMA Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add machine_kexec_mask_interrupts() implementation Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix memory leak in ocfs2_merge_rec_left() Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Adjust infopfx size to accept an extra space Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Add a new helper function to print bitmasks Haotian Zhang <vulab(a)iscas.ac.cn> dm log-writes: Add missing set_freezable() for freezable kthread Alexey Simakov <bigalex934(a)gmail.com> dm-raid: fix possible NULL dereference with undefined raid type Mohamed Khalfella <mkhalfella(a)purestorage.com> block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock Liyuan Pang <pangliyuan1(a)huawei.com> ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: add bounds check in put_user loop for DSP events Haotian Zhang <vulab(a)iscas.ac.cn> rtc: gamecube: Check the return value of ioremap() Andres J Rosa <andyrosa(a)gmail.com> ALSA: uapi: Fix typo in asound.h comment Dave Kleikamp <dave.kleikamp(a)oracle.com> dma/pool: eliminate alloc_pages warning in atomic_pool_expand Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events Israel Rukshin <israelr(a)nvidia.com> nvme-auth: use kvfree() for memory allocated with kvcalloc() shechenglong <shechenglong(a)xfusion.com> block: fix comment for op_is_zone_mgmt() to include RESET_ALL Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: Abort suspend when wakeup events are pending Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak5558: Disable regulator when error happens Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak4458: Disable regulator when error happens Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() Anton Khirnov <anton(a)khirnov.net> platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix inheritance of the block sizes when automounting Trond Myklebust <trond.myklebust(a)primarydata.com> Expand the type of nfs_fattr->valid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when mounting nfs" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: clear SB_RDONLY before getting superblock" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when remounting nfs" Jonathan Curley <jcurley(a)purestorage.com> NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in readdir and lookup Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix utf16 to utf8 conversion Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid changing nlink when file removes and attribute updates race Eric Sandeen <sandeen(a)redhat.com> 9p: fix cache/debug options printing in v9fs_show_options Abdun Nihaal <nihaal(a)cse.iitm.ac.in> fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: single: Fix incorrect type for error return variable Matthijs Kooijman <matthijs(a)stdin.nl> pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix split kallsyms DSO counting Xiang Mei <xmei5(a)asu.edu> net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Johan Hovold <johan(a)kernel.org> clk: keystone: fix compile testing Yu Kuai <yukuai(a)fnnas.com> md/raid5: fix IO hang when array is broken with IO inflight Alexandru Gagniuc <mr.nuke.me(a)gmail.com> remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Ivan Stepchenko <sid(a)itb.spb.ru> mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: add delay before each xvlan_over_bond connectivity check Etienne Champetier <champetier.etienne(a)gmail.com> selftests: bonding: add ipvlan over bond testing Benjamin Poirier <bpoirier(a)nvidia.com> selftests: bonding: Add more missing config options Jakub Kicinski <kuba(a)kernel.org> selftests: bonding: add missing build configs Haotian Zhang <vulab(a)iscas.ac.cn> mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: stmmac: fix rx limit check in stmmac_rx_zc() Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_connlimit: update the count if add was skipped Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: rework API to use sk_buff directly Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: check for maximum number of encapsulations in bridge vlan Ilias Stamatis <ilstam(a)amazon.com> Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: introduce is_type_match() helper and use it Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: replace open coded resource_intersection() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: Reuse for_each_resource() macro sparkhuang <huangshaobo3(a)xiaomi.com> regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: catpt: Fix error path in hw_params() Alok Tiwari <alok.a.tiwari(a)oracle.com> vdpa/pds: use %pe for ERR_PTR() in event handler registration Michael S. Tsirkin <mst(a)redhat.com> virtio: fix virtqueue_set_affinity() docs Michael S. Tsirkin <mst(a)redhat.com> virtio: fix whitespace in virtio_config_ops Michael S. Tsirkin <mst(a)redhat.com> virtio: fix typo in virtio_device_ready() comment Alok Tiwari <alok.a.tiwari(a)oracle.com> virtio_vdpa: fix misleading return in void function Yongjian Sun <sunyongjian1(a)huawei.com> ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove unused return value of __mb_check_buddy Kevin Brodsky <kevin.brodsky(a)arm.com> ublk: prevent invalid access with DEBUG Caleb Sander Mateos <csander(a)purestorage.com> ublk: complete command synchronously on error Ming Lei <ming.lei(a)redhat.com> ublk: make sure io cmd handled in submitter task context René Rebe <rene(a)exactco.de> ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 Haotian Zhang <vulab(a)iscas.ac.cn> hwmon: sy7636a: Fix regulator_enable resource leak on error path Dan Carpenter <dan.carpenter(a)linaro.org> drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: clear the channel status control memory Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY Sindhu Devale <sindhu.devale(a)intel.com> RDMA/irdma: Add support to re-register a memory region Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_sc_ccq_arm Stephan Gerhold <stephan.gerhold(a)linaro.org> iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Randy Dunlap <rdunlap(a)infradead.org> backlight: lp855x: Fix lp855x.h kernel-doc warnings Luca Ceresoli <luca.ceresoli(a)bootlin.com> backlight: led-bl: Add devlink to supplier LEDs Ria Thomas <ria.thomas(a)morsemicro.com> wifi: ieee80211: correct FILS status codes Christoph Hellwig <hch(a)lst.de> iomap: always run error completions in user context Christoph Hellwig <hch(a)lst.de> iomap: factor out a iomap_dio_done helper Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: restrict the flush page to a 32-bit address Shawn Lin <shawn.lin(a)rock-chips.com> PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Filipe Manana <fdmanana(a)suse.com> btrfs: fix leaf leak in an error path in btrfs_del_items() Jianglei Nie <niejianglei2021(a)163.com> staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Dinh Nguyen <dinguyen(a)kernel.org> firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Zilin Guan <zilin(a)seu.edu.cn> mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the inline size for GenP7 devices Fangyu Yu <fangyu.yu(a)linux.alibaba.com> RISC-V: KVM: Fix guest page fault within HLV* instructions Haotian Zhang <vulab(a)iscas.ac.cn> crypto: ccree - Correctly handle return of sg_nents_for_len Haotian Zhang <vulab(a)iscas.ac.cn> crypto: starfive - Correctly handle return of sg_nents_for_len Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: skip test_perf_branches_hw() on unsupported platforms Gopi Krishna Menon <krishnagopi487(a)gmail.com> usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during suspend if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during shutdown if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: disable platform lowlevel hw resources during shutdown Oliver Neukum <oneukum(a)suse.com> usb: chaoskey: fix locking for O_NONBLOCK Zhao Yipeng <zhaoyipeng5(a)huawei.com> ima: Handle error code returned by ima_filter_rule_match() Seungjin Bae <eeodqql09(a)gmail.com> wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Chen Ridong <chenridong(a)huawei.com> cpuset: Treat cpusets in attaching as populated Alexander Dahl <ada(a)thorsis.com> net: phy: adin1100: Fix software power-down ready condition Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6358-irq: Fix missing irq_domain_remove() in error path Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6397-irq: Fix missing irq_domain_remove() in error path Chien Wong <m(a)xv97.com> wifi: mac80211: fix CMAC functions not handling errors Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove RX_DROP_UNUSABLE Zilin Guan <zilin(a)seu.edu.cn> scsi: qla2xxx: Fix improper freeing of purex item Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: bcm2835: Make sure the channel is enabled after pwm_request() Leo Yan <leo.yan(a)arm.com> perf arm_spe: Fix memset subclass in operation Leo Yan <leo.yan(a)arm.com> perf arm-spe: Extend branch operations Fernando Fernandez Mancera <fmancera(a)suse.de> ipv6: clear RA flags when adding a static route Kui-Feng Lee <thinker.li(a)gmail.com> net/ipv6: Remove expired routes with a separated list of routes. Jay Liu <jay.liu(a)mediatek.com> drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Prevent memory leaks in add sub record Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: out1 also needs to put mi Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit Pu Lehui <pulehui(a)huawei.com> bpf: Fix invalid prog->stats access when update_effective_progs fails Jose Fernandez <josef(a)netflix.com> bpf: Improve program stats run-time calculation Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/a2xx: stop over-complaining about the legacy firmware Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD/blocklayout: Fix minlength check in proc_layoutget Al Viro <viro(a)zeniv.linux.org.uk> tracefs: fix a leak in eventfs_create_events_dir() Haotian Zhang <vulab(a)iscas.ac.cn> watchdog: starfive: Fix resource leak in probe error path Haotian Zhang <vulab(a)iscas.ac.cn> watchdog: wdat_wdt: Fix ACPI table leak in probe function Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Check skb->transport_header is set in bpf_skb_check_mtu Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Fix failure paths in send_signal test Menglong Dong <menglong8.dong(a)gmail.com> bpf: Handle return value of ftrace_set_filter_ip in register_fentry Rene Rebe <rene(a)exactco.de> ps3disk: use memcpy_{from,to}_bvec index FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Exit ks_pcie_probe() for invalid mode Leon Hwang <leon.hwang(a)linux.dev> bpf: Free special fields when update [lru_,]percpu_hash maps Haotian Zhang <vulab(a)iscas.ac.cn> leds: netxbig: Fix GPIO descriptor leak in error paths Haotian Zhang <vulab(a)iscas.ac.cn> scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls Haotian Zhang <vulab(a)iscas.ac.cn> ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> lib/vsprintf: Check pointer before dereferencing in time_and_date() Haotian Zhang <vulab(a)iscas.ac.cn> clk: renesas: r9a06g032: Fix memory leak in error path Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Add context synchronization before enabling trace Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Extract the trace unit controlling Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Correct polling IDLE bit Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config unlock in nbd_genl_connect Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() Long Li <leo.lilong(a)huawei.com> macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix unpaired stwcx. on interrupt exit Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Edward Adam Davis <eadavis(a)qq.com> ntfs3: init run lock for extend inode Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties Ma Ke <make24(a)iscas.ac.cn> RDMA/rtrs: server: Fix error handling in get_or_create_srv Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> dt-bindings: PCI: amlogic: Fix the register name of the DBI region Johan Hovold <johan(a)kernel.org> staging: most: remove broken i2c driver Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> staging: most: i2c: Drop explicit initialization of struct i2c_device_id::driver_data to 0 Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Fix device resources accessed after device removal Haotian Zhang <vulab(a)iscas.ac.cn> scsi: stex: Fix reboot_notifier leak in probe error path Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config put in recv_work Gabor Juhos <j4g8y7(a)gmail.com> regulator: core: disable supply if enabling main regulator fails Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Correct large PEBS flag check Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the checking of quota files before moving extents Haotian Zhang <vulab(a)iscas.ac.cn> mfd: da9055: Fix missing regmap_del_irq_chip() in error path Usama Arif <usamaarif642(a)gmail.com> efi/libstub: Fix page table access in 5-level to 4-level paging transition Usama Arif <usamaarif642(a)gmail.com> x86/boot: Fix page table access in 5-level to 4-level paging transition Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible Yegor Yefremov <yegorslists(a)googlemail.com> ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix timeout handling Tingmao Wang <m(a)maowtm.org> fs/9p: Don't open remote file with APPEND mode when writeback cache is used Bart Van Assche <bvanassche(a)acm.org> scsi: target: Do not write NUL characters into ASCII configfs output Ahelenia Ziemiańska <nabijaczleweli(a)nabijaczleweli.xyz> power: supply: apm_power: only unset own apm_get_power_status Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: wm831x: Check wm831x_set_bits() return value Murad Masimov <m.masimov(a)mt-integration.ru> power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: cw2015: Check devm_delayed_work_autocancel() return code Shuai Xue <xueshuai(a)linux.alibaba.com> perf record: skip synthesize event when open evsel failed Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Load kernel map before lookup Ian Rogers <irogers(a)google.com> perf maps: Add maps__load_first() Kuan-Wei Chiu <visitorckw(a)gmail.com> interconnect: debugfs: Fix incorrect error handling for NULL path Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Prevent incomplete IBI transaction Frank Li <Frank.Li(a)nxp.com> i3c: fix refcount inconsistency in i3c_master_register Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: master: Inherit DMA masks and parameters from parent device Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: stm32: fix hwspinlock resource leak in probe function Haotian Zhang <vulab(a)iscas.ac.cn> soc: qcom: smem: fix hwspinlock resource leak in probe error paths Benjamin Berg <benjamin.berg(a)intel.com> tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Tengda Wu <wutengda(a)huaweicloud.com> x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Peter Zijlstra <peterz(a)infradead.org> task_work: Fix NMI race condition Haotian Zhang <vulab(a)iscas.ac.cn> mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove Aryan Srivastava <aryan.srivastava(a)alliedtelesis.co.nz> mtd: nand: relax ECC parameter validation check Aryan Srivastava <aryan.srivastava(a)alliedtelesis.co.nz> Revert "mtd: rawnand: marvell: fix layouts" Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: renesas: gose: Remove superfluous port property Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix null deref on srq->rq.queue after resize failure Kuniyuki Iwashima <kuniyu(a)google.com> sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix PTP for VSC8574 and VSC8572 Gergo Koteles <soyer(a)irl.hu> arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: fix OF node leak in Randolph Sapp <rs(a)ti.com> arm64: dts: ti: k3-am62p: Fix memory ranges for GPU Heiko Carstens <hca(a)linux.ibm.com> s390/ap: Don't leak debug feature files if AP instructions are not available Heiko Carstens <hca(a)linux.ibm.com> s390/smp: Fix fallback CPU detection Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath11k: fix peer HE MCS assignment nieweiqiang <nieweiqiang(a)huawei.com> crypto: hisilicon/qm - restore original qos values Thorsten Blum <thorsten.blum(a)linux.dev> crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Fix PLL config of PLL2 Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other Li Qiang <liqiang01(a)kylinos.cn> uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe Geert Uytterhoeven <geert+renesas(a)glider.be> PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mp-venice-gw702x: remove off-board uart Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> inet: Avoid ehash lookup race in inet_ehash_insert() Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() Sidharth Seela <sidharthseela(a)gmail.com> ntfs3: Fix uninit buffer allocated by __getname() Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> ntfs3: fix uninit memory after failed mi_read in mi_format_new Herbert Xu <herbert(a)gondor.apana.org.au> crypto: authenc - Correctly pass EINPROGRESS back up to the caller Johan Hovold <johan(a)kernel.org> irqchip/qcom-irq-combiner: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/imx-mu-msi: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-brcmstb-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7120-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7038-l1: Fix section mismatch Fernand Sieber <sieberf(a)amazon.com> sched/fair: Forfeit vruntime on yield Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix weak symbol detection Dylan Hatch <dylanbhatch(a)google.com> objtool: Fix standalone --hacks=jump_label Mavroudis Chatzilazaridis <mavchatz(a)protonmail.com> HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: renesas: cpg-mssr: Read back reset registers to assure values latched Thierry Bultel <thierry.bultel.yh(a)bp.renesas.com> clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: Use str_on_off() helper Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Use %x format specifier to print CLK_ON_R() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Remove critical area Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Simplify the logic in rzg2l_mod_clock_endisable() Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback Seungjin Bae <eeodqql09(a)gmail.com> USB: Fix descriptor count when handling invalid MBIM extended descriptor Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/vgem-fence: Fix potential deadlock on release Guido Günther <agx(a)sigxcpu.org> drm/panel: visionox-rm69299: Don't clear all mode flags Mainak Sen <msen(a)nvidia.com> gpu: host1x: Fix race in syncpt alloc/free Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: unprivileged task can create labels Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Zenm Chen <zenmchen(a)gmail.com> wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Linus Torvalds <torvalds(a)linux-foundation.org> samples: work around glibc redefining some of our defines wrong Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mask all interrupts during kexec/kdump Naoki Ueki <naoki25519(a)gmail.com> HID: elecom: Add support for ELECOM M-XT3URBK (018F) Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Antheas Kapenekakis <lkml(a)antheas.dev> platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list Jia Ston <ston.jia(a)outlook.com> platform/x86: huawei-wmi: add keys for HONOR models April Grimoire <april(a)aprilg.moe> HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore backlight event Praveen Talari <praveen.talari(a)oss.qualcomm.com> pinctrl: qcom: msm: Fix deadlock in pinmux configuration Keith Busch <kbusch(a)kernel.org> nvme: fix admin request_queue lifetime Mario Limonciello (AMD) <superm1(a)kernel.org> HID: hid-input: Extend Elan ignore battery quirk to USB Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bfs: Reconstruct file type when loading from disk Lushih Hsieh <bruce(a)mail.kh.edu.tw> ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Yiqi Sun <sunyiqixm(a)gmail.com> smb: fix invalid username check in smb3_fs_context_parse_param() Max Chou <max.chou(a)realtek.com> Bluetooth: btrtl: Avoid loading the config file on security chips Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Use kref in vmw_bo_dirty Robin Gong <yibin.gong(a)nxp.com> spi: imx: keep dma request disabled before dma transfer setup Alvaro Gamez Machado <alvaro.gamez(a)hazent.com> spi: xilinx: increase number of retries before declaring stall Song Liu <song(a)kernel.org> ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer Stefan Kalscheuer <stefan(a)stklcode.de> leds: spi-byte: Use devm_led_classdev_register_ext() Sabrina Dubroca <sd(a)queasysnail.net> xfrm: flush all states in xfrm_state_fini Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> Revert "xfrm: destroy xfrm_state synchronously on net exit path" Sabrina Dubroca <sd(a)queasysnail.net> xfrm: delete x->tunnel as we delete x ------------- Diffstat: .../devicetree/bindings/mmc/aspeed,sdhci.yaml | 2 +- .../devicetree/bindings/pci/amlogic,axg-pcie.yaml | 6 +- Documentation/driver-api/tty/tty_port.rst | 5 +- Documentation/process/2.Process.rst | 6 +- Makefile | 4 +- arch/arm/boot/dts/microchip/sama5d2.dtsi | 10 +- arch/arm/boot/dts/microchip/sama7g5.dtsi | 4 +- arch/arm/boot/dts/renesas/r8a7793-gose.dts | 1 - .../arm/boot/dts/renesas/r9a06g032-rzn1d400-db.dts | 2 - arch/arm/boot/dts/samsung/exynos4210-i9100.dts | 1 + arch/arm/boot/dts/samsung/exynos4210-trats.dts | 1 + .../boot/dts/samsung/exynos4210-universal_c210.dts | 1 + arch/arm/boot/dts/samsung/exynos4412-midas.dtsi | 1 + .../dts/st/stm32mp157c-phycore-stm32mp15-som.dtsi | 8 +- .../boot/dts/ti/omap/am335x-netcom-plus-2xx.dts | 8 +- arch/arm/boot/dts/ti/omap/omap3-beagle-xm.dts | 2 +- arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 +- arch/arm/include/asm/word-at-a-time.h | 10 +- .../boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 - .../boot/dts/freescale/imx8mp-venice-gw702x.dtsi | 51 --- .../boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 11 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 + .../arm64/boot/dts/qcom/sdm845-oneplus-common.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 15 +- arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 +- arch/arm64/net/bpf_jit_comp.c | 2 +- arch/loongarch/include/asm/pgtable.h | 4 +- arch/loongarch/kernel/machine_kexec.c | 24 ++ arch/loongarch/kernel/mcount_dyn.S | 14 +- arch/loongarch/kernel/relocate.c | 4 +- arch/loongarch/kernel/setup.c | 8 +- arch/loongarch/kernel/switch.S | 4 +- arch/loongarch/net/bpf_jit.c | 18 + arch/loongarch/net/bpf_jit.h | 26 ++ arch/loongarch/pci/pci.c | 2 + arch/mips/sgi-ip22/ip22-gio.c | 3 +- arch/parisc/kernel/asm-offsets.c | 2 + arch/parisc/kernel/entry.S | 16 +- arch/powerpc/boot/addnote.c | 7 +- arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 +- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/include/asm/kfence.h | 11 +- arch/powerpc/kernel/entry_32.S | 10 +- arch/powerpc/kernel/process.c | 5 - arch/powerpc/kexec/core_64.c | 19 ++ arch/powerpc/mm/book3s32/tlb.c | 9 + arch/powerpc/mm/book3s64/hash_utils.c | 10 +- arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/radix_pgtable.c | 84 ++++- arch/powerpc/mm/book3s64/slb.c | 88 ----- arch/powerpc/mm/init-common.c | 3 + arch/powerpc/mm/ptdump/hashpagetable.c | 6 + arch/powerpc/platforms/pseries/cmm.c | 5 +- arch/riscv/kvm/vcpu_insn.c | 22 ++ arch/s390/include/uapi/asm/ipl.h | 1 + arch/s390/kernel/ipl.c | 48 ++- arch/s390/kernel/smp.c | 1 + arch/x86/boot/compressed/pgtable_64.c | 11 +- arch/x86/crypto/blake2s-core.S | 4 +- arch/x86/entry/common.c | 72 ---- arch/x86/events/amd/core.c | 7 +- arch/x86/events/intel/core.c | 4 +- arch/x86/include/asm/kvm_host.h | 9 + arch/x86/include/asm/ptrace.h | 20 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/dumpstack.c | 23 +- arch/x86/kvm/lapic.c | 32 +- arch/x86/kvm/svm/nested.c | 26 +- arch/x86/kvm/svm/svm.c | 176 +++++----- arch/x86/kvm/svm/svm.h | 8 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 46 ++- arch/x86/xen/enlighten_pv.c | 69 ++++ block/blk-mq.c | 120 +++++-- block/genhd.c | 2 +- crypto/af_alg.c | 5 +- crypto/algif_hash.c | 3 +- crypto/algif_rng.c | 3 +- crypto/asymmetric_keys/asymmetric_type.c | 12 +- crypto/authenc.c | 75 +++-- crypto/seqiv.c | 8 +- drivers/acpi/acpi_pcc.c | 2 +- drivers/acpi/acpica/nswalk.c | 9 +- drivers/acpi/apei/ghes.c | 16 +- drivers/acpi/cppc_acpi.c | 3 +- drivers/acpi/processor_core.c | 2 +- drivers/acpi/property.c | 9 +- drivers/amba/tegra-ahb.c | 1 + drivers/base/power/runtime.c | 22 +- drivers/block/floppy.c | 2 +- drivers/block/nbd.c | 5 +- drivers/block/ps3disk.c | 4 + drivers/block/rnbd/rnbd-clt.c | 13 +- drivers/block/rnbd/rnbd-clt.h | 2 +- drivers/block/ublk_drv.c | 35 +- drivers/bluetooth/btrtl.c | 24 +- drivers/bluetooth/btusb.c | 16 +- drivers/bus/ti-sysc.c | 11 +- drivers/char/applicom.c | 5 +- drivers/char/ipmi/ipmi_msghandler.c | 20 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/char/tpm/tpm1-cmd.c | 5 - drivers/char/tpm/tpm2-cmd.c | 8 +- drivers/char/virtio_console.c | 2 +- drivers/clk/Makefile | 3 +- drivers/clk/mvebu/cp110-system-controller.c | 20 ++ drivers/clk/qcom/camcc-sm6350.c | 13 +- drivers/clk/renesas/r7s9210-cpg-mssr.c | 7 +- drivers/clk/renesas/r8a77970-cpg-mssr.c | 8 +- drivers/clk/renesas/r9a06g032-clocks.c | 6 +- drivers/clk/renesas/rcar-gen2-cpg.c | 5 +- drivers/clk/renesas/rcar-gen2-cpg.h | 3 +- drivers/clk/renesas/rcar-gen3-cpg.c | 6 +- drivers/clk/renesas/rcar-gen3-cpg.h | 3 +- drivers/clk/renesas/rcar-gen4-cpg.c | 6 +- drivers/clk/renesas/rcar-gen4-cpg.h | 3 +- drivers/clk/renesas/renesas-cpg-mssr.c | 150 +++++---- drivers/clk/renesas/renesas-cpg-mssr.h | 20 +- drivers/clk/renesas/rzg2l-cpg.c | 15 +- drivers/clk/samsung/clk-exynos-clkout.c | 2 +- drivers/comedi/comedi_fops.c | 42 ++- drivers/comedi/drivers/c6xdigio.c | 46 ++- drivers/comedi/drivers/multiq3.c | 9 + drivers/comedi/drivers/pcl818.c | 5 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 1 + drivers/cpufreq/cpufreq-nforce2.c | 3 + drivers/cpufreq/s5pv210-cpufreq.c | 6 +- drivers/cpuidle/governors/menu.c | 9 +- drivers/cpuidle/governors/teo.c | 7 +- drivers/crypto/caam/caamrng.c | 4 +- drivers/crypto/ccree/cc_buffer_mgr.c | 6 +- drivers/crypto/hisilicon/qm.c | 14 +- drivers/crypto/starfive/jh7110-hash.c | 6 +- drivers/firewire/nosy.c | 10 +- drivers/firmware/arm_scmi/notify.c | 1 + drivers/firmware/efi/cper-arm.c | 52 ++- drivers/firmware/efi/cper.c | 60 ++++ drivers/firmware/efi/libstub/x86-5lvl.c | 4 +- drivers/firmware/imx/imx-scu-irq.c | 8 +- drivers/firmware/stratix10-svc.c | 12 + drivers/gpio/gpio-regmap.c | 2 +- drivers/gpio/gpiolib-acpi.c | 22 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 9 +- drivers/gpu/drm/gma500/fbdev.c | 43 --- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 +- drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 +- drivers/gpu/drm/mediatek/mtk_dp.c | 1 + drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 22 +- drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h | 2 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 +- drivers/gpu/drm/mgag200/mgag200_mode.c | 25 ++ drivers/gpu/drm/msm/adreno/a2xx_gpu.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 10 +- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 + drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/fb/base.c | 2 +- drivers/gpu/drm/panel/panel-sony-td4353-jdi.c | 2 + drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 +- drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 +- drivers/gpu/drm/tilcdc/tilcdc_drv.c | 72 ++-- drivers/gpu/drm/tilcdc/tilcdc_drv.h | 2 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 + drivers/gpu/drm/vgem/vgem_fence.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 +- drivers/gpu/host1x/syncpt.c | 4 +- drivers/hid/hid-apple.c | 1 + drivers/hid/hid-elecom.c | 6 +- drivers/hid/hid-ids.h | 3 +- drivers/hid/hid-input.c | 23 +- drivers/hid/hid-logitech-dj.c | 56 ++- drivers/hid/hid-logitech-hidpp.c | 9 +- drivers/hid/hid-quirks.c | 3 +- drivers/hwmon/ibmpex.c | 9 +- drivers/hwmon/max16065.c | 7 +- drivers/hwmon/sy7636a-hwmon.c | 7 +- drivers/hwmon/tmp401.c | 2 +- drivers/hwmon/w83791d.c | 19 +- drivers/hwmon/w83l786ng.c | 26 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 130 ++++--- drivers/hwtracing/intel_th/core.c | 20 +- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 +- drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 7 + drivers/i3c/master.c | 12 +- drivers/i3c/master/svc-i3c-master.c | 22 +- drivers/iio/adc/ti_am335x_adc.c | 2 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 2 +- drivers/infiniband/core/addr.c | 33 +- drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/device.c | 6 + drivers/infiniband/core/verbs.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 2 +- drivers/infiniband/hw/efa/efa_verbs.c | 4 - drivers/infiniband/hw/irdma/cm.c | 2 +- drivers/infiniband/hw/irdma/ctrl.c | 3 + drivers/infiniband/hw/irdma/main.h | 2 +- drivers/infiniband/hw/irdma/pble.c | 6 +- drivers/infiniband/hw/irdma/utils.c | 3 +- drivers/infiniband/hw/irdma/verbs.c | 241 ++++++++++--- drivers/infiniband/hw/irdma/verbs.h | 3 + drivers/infiniband/sw/rxe/rxe.c | 22 +- drivers/infiniband/sw/rxe/rxe.h | 3 +- drivers/infiniband/sw/rxe/rxe_mcast.c | 22 +- drivers/infiniband/sw/rxe/rxe_net.c | 25 +- drivers/infiniband/sw/rxe/rxe_srq.c | 7 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 26 +- drivers/infiniband/sw/rxe/rxe_verbs.h | 11 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 + drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 +- drivers/input/serio/i8042-acpipnpio.h | 7 + drivers/input/touchscreen/ti_am335x_tsc.c | 2 +- drivers/interconnect/debugfs-client.c | 7 +- drivers/interconnect/qcom/msm8996.c | 1 + drivers/iommu/amd/init.c | 43 ++- drivers/iommu/apple-dart.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 +- drivers/iommu/arm/arm-smmu/qcom_iommu.c | 10 +- drivers/iommu/exynos-iommu.c | 9 +- drivers/iommu/iommu-sva.c | 3 + drivers/iommu/iommufd/selftest.c | 8 +- drivers/iommu/ipmmu-vmsa.c | 2 + drivers/iommu/mtk_iommu.c | 27 +- drivers/iommu/mtk_iommu_v1.c | 25 +- drivers/iommu/omap-iommu.c | 2 +- drivers/iommu/omap-iommu.h | 2 - drivers/iommu/sun50i-iommu.c | 2 + drivers/iommu/tegra-smmu.c | 5 +- drivers/irqchip/irq-bcm7038-l1.c | 8 +- drivers/irqchip/irq-bcm7120-l2.c | 17 +- drivers/irqchip/irq-brcmstb-l2.c | 12 +- drivers/irqchip/irq-imx-mu-msi.c | 14 +- drivers/irqchip/irq-mchp-eic.c | 2 +- drivers/irqchip/qcom-irq-combiner.c | 2 +- drivers/isdn/capi/capi.c | 8 +- drivers/leds/leds-lp50xx.c | 67 ++-- drivers/leds/leds-netxbig.c | 36 +- drivers/leds/leds-spi-byte.c | 11 +- drivers/macintosh/mac_hid.c | 3 +- drivers/md/dm-bufio.c | 10 +- drivers/md/dm-ebs-target.c | 2 +- drivers/md/dm-log-writes.c | 1 + drivers/md/dm-raid.c | 2 + drivers/md/raid5.c | 6 +- drivers/media/cec/core/cec-core.c | 1 + .../media/common/videobuf2/videobuf2-dma-contig.c | 1 + drivers/media/i2c/adv7604.c | 4 +- drivers/media/i2c/adv7842.c | 11 +- drivers/media/i2c/msp3400-kthreads.c | 2 + drivers/media/i2c/tda1997x.c | 1 - drivers/media/platform/amphion/vpu_malone.c | 35 +- drivers/media/platform/amphion/vpu_v4l2.c | 28 +- drivers/media/platform/amphion/vpu_v4l2.h | 18 - .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 14 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 12 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 5 +- .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 12 +- .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 +- .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 5 +- drivers/media/platform/renesas/rcar_drif.c | 1 + .../media/platform/samsung/exynos4-is/media-dev.c | 10 +- drivers/media/platform/ti/davinci/vpif_capture.c | 4 +- drivers/media/platform/ti/davinci/vpif_display.c | 4 +- drivers/media/platform/verisilicon/hantro.h | 2 + drivers/media/platform/verisilicon/hantro_g2.c | 98 +++++- .../platform/verisilicon/hantro_g2_hevc_dec.c | 35 +- .../media/platform/verisilicon/hantro_g2_regs.h | 13 + .../media/platform/verisilicon/hantro_g2_vp9_dec.c | 30 +- drivers/media/platform/verisilicon/hantro_hw.h | 4 + drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 + drivers/media/rc/st_rc.c | 2 +- drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 + drivers/media/usb/dvb-usb/dtv5100.c | 5 + drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 +- drivers/mfd/altera-sysmgr.c | 2 + drivers/mfd/da9055-core.c | 1 + drivers/mfd/max77620.c | 15 +- drivers/mfd/mt6358-irq.c | 1 + drivers/mfd/mt6397-irq.c | 1 + drivers/misc/vmw_balloon.c | 3 +- drivers/mmc/host/Kconfig | 4 +- drivers/mmc/host/sdhci-msm.c | 27 +- drivers/mtd/lpddr/lpddr_cmds.c | 8 +- drivers/mtd/nand/raw/lpc32xx_slc.c | 2 + drivers/mtd/nand/raw/marvell_nand.c | 13 +- drivers/mtd/nand/raw/nand_base.c | 13 +- drivers/mtd/nand/raw/renesas-nand-controller.c | 5 +- drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/sja1105/sja1105_static_config.c | 6 +- drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 2 + drivers/net/ethernet/broadcom/b44.c | 3 + drivers/net/ethernet/cadence/macb_main.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 7 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/iavf/iavf_main.c | 4 +- .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 + drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 5 + .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 97 +++++- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 1 + .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 59 +++- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 27 +- drivers/net/ethernet/microchip/lan743x_main.c | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/smsc/smc91x.c | 10 +- drivers/net/ethernet/stmicro/stmmac/dwmac5.c | 5 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 5 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 19 +- drivers/net/fjes/fjes_hw.c | 12 +- drivers/net/ipvlan/ipvlan_core.c | 3 + drivers/net/mdio/mdio-aspeed.c | 7 + drivers/net/phy/adin1100.c | 2 +- drivers/net/phy/mediatek-ge-soc.c | 2 +- drivers/net/phy/mscc/mscc_main.c | 6 +- drivers/net/team/team.c | 2 +- drivers/net/usb/asix_common.c | 5 + drivers/net/usb/rtl8150.c | 2 + drivers/net/usb/sr9700.c | 4 +- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 7 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 + drivers/net/wireless/mediatek/mt76/eeprom.c | 37 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 +- drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 +- drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 +- drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 + drivers/net/wireless/realtek/rtw88/sdio.c | 4 +- drivers/net/wireless/st/cw1200/bh.c | 6 +- drivers/nfc/pn533/usb.c | 2 +- drivers/nvme/host/auth.c | 2 +- drivers/nvme/host/core.c | 3 +- drivers/nvme/host/fc.c | 6 +- drivers/parisc/gsc.c | 4 +- drivers/pci/controller/Kconfig | 7 +- drivers/pci/controller/dwc/pci-keystone.c | 2 + drivers/pci/controller/dwc/pcie-designware.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 10 +- drivers/pci/pci-driver.c | 4 + drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 +- drivers/pinctrl/pinctrl-single.c | 25 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 2 +- drivers/platform/chrome/cros_ec_ishtp.c | 1 + drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 ++ drivers/platform/x86/asus-wmi.c | 8 +- .../platform/x86/hp/hp-bioscfg/enum-attributes.c | 4 +- .../platform/x86/hp/hp-bioscfg/int-attributes.c | 2 +- .../x86/hp/hp-bioscfg/order-list-attributes.c | 5 + .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 5 + .../platform/x86/hp/hp-bioscfg/string-attributes.c | 2 +- drivers/platform/x86/huawei-wmi.c | 4 + drivers/platform/x86/ibm_rtl.c | 2 +- drivers/platform/x86/intel/chtwc_int33fe.c | 29 +- drivers/platform/x86/intel/hid.c | 12 + drivers/platform/x86/msi-laptop.c | 3 + drivers/pmdomain/actions/owl-sps.c | 16 +- drivers/pmdomain/imx/gpc.c | 12 +- drivers/pmdomain/rockchip/pm-domains.c | 13 +- drivers/power/supply/apm_power.c | 3 +- drivers/power/supply/cw2015_battery.c | 8 +- drivers/power/supply/rt9467-charger.c | 6 +- drivers/power/supply/wm831x_power.c | 10 +- drivers/pwm/pwm-bcm2835.c | 28 +- drivers/pwm/pwm-stm32.c | 3 +- drivers/regulator/core.c | 37 +- drivers/remoteproc/qcom_q6v5_wcss.c | 8 +- drivers/rpmsg/qcom_glink_native.c | 8 + drivers/rtc/rtc-gamecube.c | 4 + drivers/s390/block/dasd_eckd.c | 8 + drivers/s390/crypto/ap_bus.c | 8 +- drivers/scsi/aic94xx/aic94xx_init.c | 3 + drivers/scsi/qla2xxx/qla_def.h | 1 - drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 32 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 + drivers/scsi/qla2xxx/qla_mid.c | 4 +- drivers/scsi/qla2xxx/qla_nvme.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 14 +- drivers/scsi/sim710.c | 2 + drivers/scsi/smartpqi/smartpqi_init.c | 19 ++ drivers/scsi/stex.c | 1 + drivers/soc/amlogic/meson-canvas.c | 5 +- drivers/soc/qcom/ocmem.c | 2 +- drivers/soc/qcom/smem.c | 3 +- drivers/spi/spi-cadence-quadspi.c | 4 +- drivers/spi/spi-fsl-spi.c | 2 +- drivers/spi/spi-imx.c | 15 +- drivers/spi/spi-tegra210-quad.c | 22 +- drivers/spi/spi-xilinx.c | 2 +- drivers/staging/fbtft/fbtft-core.c | 4 +- drivers/staging/greybus/uart.c | 7 +- drivers/staging/most/Kconfig | 2 - drivers/staging/most/Makefile | 1 - drivers/staging/most/i2c/Kconfig | 13 - drivers/staging/most/i2c/Makefile | 4 - drivers/staging/most/i2c/i2c.c | 374 --------------------- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 +- drivers/target/target_core_configfs.c | 1 - drivers/target/target_core_transport.c | 1 + drivers/tty/serial/8250/8250_pci.c | 37 ++ drivers/tty/serial/serial_core.c | 7 +- drivers/tty/serial/sprd_serial.c | 6 + drivers/tty/tty_port.c | 17 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/uio/uio_fsl_elbc_gpcm.c | 7 + drivers/usb/class/cdc-acm.c | 7 +- drivers/usb/core/message.c | 2 +- drivers/usb/dwc2/platform.c | 16 +- drivers/usb/dwc3/dwc3-of-simple.c | 7 +- drivers/usb/dwc3/gadget.c | 2 +- drivers/usb/dwc3/host.c | 2 +- drivers/usb/gadget/legacy/raw_gadget.c | 3 + drivers/usb/gadget/udc/lpc32xx_udc.c | 21 +- drivers/usb/gadget/udc/tegra-xudc.c | 6 - drivers/usb/host/ohci-nxp.c | 20 +- drivers/usb/host/xhci-dbgtty.c | 2 +- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/host/xhci-mem.c | 10 +- drivers/usb/host/xhci-ring.c | 8 +- drivers/usb/host/xhci.h | 16 +- drivers/usb/misc/chaoskey.c | 16 +- drivers/usb/phy/phy-fsl-usb.c | 1 + drivers/usb/phy/phy-isp1301.c | 7 +- drivers/usb/phy/phy.c | 4 + drivers/usb/renesas_usbhs/pipe.c | 2 + drivers/usb/serial/belkin_sa.c | 28 +- drivers/usb/serial/ftdi_sio.c | 72 ++-- drivers/usb/serial/kobil_sct.c | 18 +- drivers/usb/serial/option.c | 22 +- drivers/usb/serial/usb-serial.c | 7 +- drivers/usb/storage/unusual_uas.h | 2 +- drivers/usb/typec/ucsi/ucsi.c | 6 + drivers/usb/usbip/vhci_hcd.c | 6 +- drivers/vdpa/pds/vdpa_dev.c | 2 +- drivers/vhost/vsock.c | 15 +- drivers/video/backlight/led_bl.c | 13 + drivers/video/fbdev/gbefb.c | 5 +- drivers/video/fbdev/pxafb.c | 12 +- drivers/video/fbdev/ssd1307fb.c | 4 +- drivers/video/fbdev/tcx.c | 2 +- drivers/virtio/virtio_balloon.c | 4 +- drivers/virtio/virtio_vdpa.c | 2 +- drivers/watchdog/starfive-wdt.c | 4 +- drivers/watchdog/via_wdt.c | 1 + drivers/watchdog/wdat_wdt.c | 64 ++-- fs/9p/v9fs.c | 4 +- fs/9p/vfs_file.c | 11 +- fs/9p/vfs_inode.c | 3 +- fs/9p/vfs_inode_dotl.c | 2 +- fs/bfs/inode.c | 19 +- fs/btrfs/ctree.c | 2 +- fs/btrfs/inode.c | 1 + fs/btrfs/ioctl.c | 4 +- fs/btrfs/scrub.c | 5 + fs/btrfs/tree-log.c | 46 ++- fs/btrfs/volumes.c | 1 + fs/exfat/super.c | 19 +- fs/ext4/ext4.h | 1 + fs/ext4/ialloc.c | 1 - fs/ext4/inline.c | 14 +- fs/ext4/inode.c | 6 +- fs/ext4/mballoc.c | 58 ++-- fs/ext4/move_extent.c | 2 +- fs/ext4/orphan.c | 4 +- fs/ext4/super.c | 34 +- fs/ext4/xattr.c | 38 +-- fs/ext4/xattr.h | 10 + fs/f2fs/compress.c | 5 +- fs/f2fs/data.c | 17 + fs/f2fs/debug.c | 3 + fs/f2fs/extent_cache.c | 5 +- fs/f2fs/f2fs.h | 41 ++- fs/f2fs/file.c | 92 ++++- fs/f2fs/inode.c | 20 +- fs/f2fs/namei.c | 6 +- fs/f2fs/recovery.c | 23 +- fs/f2fs/segment.c | 9 +- fs/f2fs/super.c | 119 +++---- fs/f2fs/xattr.c | 30 +- fs/f2fs/xattr.h | 10 +- fs/fuse/file.c | 37 +- fs/gfs2/glops.c | 3 +- fs/gfs2/lops.c | 2 +- fs/gfs2/super.c | 4 +- fs/hfsplus/bnode.c | 4 +- fs/hfsplus/dir.c | 7 +- fs/hfsplus/inode.c | 32 +- fs/iomap/buffered-io.c | 41 ++- fs/iomap/direct-io.c | 79 +++-- fs/jbd2/journal.c | 20 +- fs/jbd2/transaction.c | 21 +- fs/lockd/svc4proc.c | 4 +- fs/lockd/svclock.c | 21 +- fs/lockd/svcproc.c | 5 +- fs/locks.c | 12 +- fs/nfs/client.c | 21 +- fs/nfs/dir.c | 27 +- fs/nfs/inode.c | 2 +- fs/nfs/internal.h | 3 +- fs/nfs/namespace.c | 11 +- fs/nfs/nfs4client.c | 18 +- fs/nfs/pnfs.c | 1 + fs/nfs/super.c | 33 +- fs/nfsd/blocklayout.c | 7 +- fs/nfsd/export.c | 2 +- fs/nfsd/nfs4state.c | 4 +- fs/nfsd/nfs4xdr.c | 5 + fs/nls/nls_base.c | 27 +- fs/notify/fsnotify.c | 9 +- fs/ntfs3/frecord.c | 43 ++- fs/ntfs3/fsntfs.c | 9 +- fs/ntfs3/inode.c | 2 + fs/ntfs3/ntfs_fs.h | 9 +- fs/ntfs3/run.c | 6 +- fs/ntfs3/super.c | 5 + fs/ocfs2/alloc.c | 1 - fs/ocfs2/move_extents.c | 8 +- fs/ocfs2/suballoc.c | 10 + fs/smb/client/fs_context.c | 4 +- fs/smb/server/mgmt/tree_connect.c | 18 +- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/mgmt/user_session.c | 4 +- fs/smb/server/smb2pdu.c | 20 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 5 +- fs/smb/server/vfs_cache.c | 88 +++-- fs/tracefs/event_inode.c | 3 +- fs/xfs/xfs_buf_item.c | 1 + include/linux/balloon_compaction.h | 43 +-- include/linux/blk_types.h | 5 +- include/linux/compiler_types.h | 13 + include/linux/cper.h | 12 +- include/linux/filter.h | 16 +- include/linux/genalloc.h | 1 + include/linux/ieee80211.h | 4 +- include/linux/if_bridge.h | 6 +- include/linux/jbd2.h | 6 + include/linux/kasan.h | 15 + include/linux/mm.h | 10 +- include/linux/nfs_fs_sb.h | 7 +- include/linux/nfs_xdr.h | 54 +-- include/linux/platform_data/lp855x.h | 4 +- include/linux/rculist_nulls.h | 59 ++++ include/linux/reset.h | 1 + include/linux/sched/topology.h | 3 + include/linux/tpm.h | 8 +- include/linux/tty_port.h | 21 +- include/linux/virtio_config.h | 6 +- include/media/v4l2-mem2mem.h | 3 +- include/net/ip6_fib.h | 46 ++- include/net/netfilter/nf_conntrack_count.h | 15 +- include/net/netfilter/nf_tables.h | 4 +- include/net/sock.h | 13 + include/net/xfrm.h | 13 +- include/rdma/ib_verbs.h | 2 + include/sound/snd_wavefront.h | 4 - include/uapi/linux/mptcp.h | 1 + include/uapi/sound/asound.h | 2 +- io_uring/openclose.c | 2 +- io_uring/poll.c | 9 +- kernel/bpf/hashtab.c | 10 +- kernel/bpf/syscall.c | 3 + kernel/bpf/trampoline.c | 7 +- kernel/cgroup/cpuset.c | 35 +- kernel/dma/pool.c | 2 +- kernel/irq/irq_sim.c | 2 +- kernel/kallsyms.c | 5 +- kernel/livepatch/core.c | 8 +- kernel/locking/spinlock_debug.c | 4 +- kernel/resource.c | 78 +++-- kernel/sched/core.c | 3 + kernel/sched/cpudeadline.c | 34 +- kernel/sched/cpudeadline.h | 4 +- kernel/sched/deadline.c | 8 +- kernel/sched/fair.c | 89 +++-- kernel/sched/features.h | 5 + kernel/sched/sched.h | 7 + kernel/sched/topology.c | 6 + kernel/scs.c | 2 +- kernel/task_work.c | 8 +- kernel/trace/ftrace.c | 40 ++- kernel/trace/trace_events.c | 2 + kernel/trace/trace_events_synth.c | 1 - lib/idr.c | 2 + lib/vsprintf.c | 6 +- mm/balloon_compaction.c | 9 +- mm/damon/core-test.h | 110 +++++- mm/damon/vaddr-test.h | 26 +- mm/kasan/common.c | 17 + mm/ksm.c | 18 +- mm/page-writeback.c | 4 +- mm/vmalloc.c | 4 +- net/bluetooth/rfcomm/tty.c | 7 +- net/bridge/br_ioctl.c | 36 +- net/bridge/br_private.h | 4 +- net/bridge/netfilter/nft_meta_bridge.c | 2 +- net/caif/cffrml.c | 9 +- net/ceph/osdmap.c | 116 +++---- net/core/dev.c | 172 +++++++--- net/core/dev_ioctl.c | 16 - net/core/filter.c | 9 +- net/core/page_pool.c | 27 +- net/ethtool/ioctl.c | 30 +- net/handshake/request.c | 8 +- net/hsr/hsr_forward.c | 2 + net/ipv4/fib_trie.c | 7 +- net/ipv4/inet_hashtables.c | 8 +- net/ipv4/ipcomp.c | 2 + net/ipv4/netfilter/nft_dup_ipv4.c | 4 +- net/ipv6/addrconf.c | 58 +++- net/ipv6/calipso.c | 3 +- net/ipv6/ip6_fib.c | 64 +++- net/ipv6/ip6_gre.c | 9 +- net/ipv6/ipcomp6.c | 2 + net/ipv6/ndisc.c | 10 +- net/ipv6/netfilter/nft_dup_ipv6.c | 4 +- net/ipv6/route.c | 14 +- net/ipv6/xfrm6_tunnel.c | 2 +- net/key/af_key.c | 2 +- net/mac80211/aes_cmac.c | 63 +++- net/mac80211/aes_cmac.h | 8 +- net/mac80211/cfg.c | 10 - net/mac80211/drop.h | 33 +- net/mac80211/rx.c | 57 ++-- net/mac80211/wep.c | 9 +- net/mac80211/wpa.c | 62 ++-- net/mptcp/options.c | 10 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 36 +- net/mptcp/protocol.h | 9 +- net/mptcp/subflow.c | 10 +- net/netfilter/ipvs/ip_vs_xmit.c | 3 + net/netfilter/nf_conncount.c | 208 ++++++++---- net/netfilter/nf_tables_api.c | 52 ++- net/netfilter/nft_bitwise.c | 4 +- net/netfilter/nft_byteorder.c | 2 +- net/netfilter/nft_cmp.c | 6 +- net/netfilter/nft_connlimit.c | 34 +- net/netfilter/nft_ct.c | 2 +- net/netfilter/nft_dup_netdev.c | 2 +- net/netfilter/nft_dynset.c | 4 +- net/netfilter/nft_exthdr.c | 2 +- net/netfilter/nft_flow_offload.c | 9 +- net/netfilter/nft_fwd_netdev.c | 6 +- net/netfilter/nft_hash.c | 2 +- net/netfilter/nft_lookup.c | 2 +- net/netfilter/nft_masq.c | 4 +- net/netfilter/nft_meta.c | 2 +- net/netfilter/nft_nat.c | 8 +- net/netfilter/nft_objref.c | 2 +- net/netfilter/nft_payload.c | 2 +- net/netfilter/nft_queue.c | 2 +- net/netfilter/nft_range.c | 2 +- net/netfilter/nft_redir.c | 4 +- net/netfilter/nft_tproxy.c | 4 +- net/netfilter/xt_connlimit.c | 14 +- net/netrom/nr_out.c | 4 +- net/nfc/core.c | 9 +- net/openvswitch/conntrack.c | 16 +- net/openvswitch/flow_netlink.c | 13 +- net/openvswitch/vport-netdev.c | 17 +- net/rose/af_rose.c | 2 +- net/sched/sch_cake.c | 60 ++-- net/sched/sch_ets.c | 6 +- net/sctp/socket.c | 5 +- net/socket.c | 19 +- net/sunrpc/auth_gss/svcauth_gss.c | 3 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 5 +- net/wireless/sme.c | 2 +- net/xfrm/xfrm_ipcomp.c | 1 - net/xfrm/xfrm_state.c | 125 ++++--- net/xfrm/xfrm_user.c | 2 +- samples/ftrace/ftrace-direct-modify.c | 8 +- samples/ftrace/ftrace-direct-multi-modify.c | 8 +- samples/ftrace/ftrace-direct-multi.c | 4 +- samples/ftrace/ftrace-direct-too.c | 4 +- samples/ftrace/ftrace-direct.c | 4 +- samples/vfs/test-statx.c | 6 + samples/watch_queue/watch_test.c | 6 + scripts/Makefile.modinst | 2 +- security/integrity/ima/ima_policy.c | 2 +- security/keys/trusted-keys/trusted_tpm2.c | 6 +- security/smack/smack_lsm.c | 41 ++- sound/firewire/dice/dice-extension.c | 4 +- sound/firewire/motu/motu-hwdep.c | 7 +- sound/isa/wavefront/wavefront.c | 61 ++-- sound/isa/wavefront/wavefront_fx.c | 36 +- sound/isa/wavefront/wavefront_midi.c | 146 ++++---- sound/isa/wavefront/wavefront_synth.c | 216 ++++++------ sound/pci/hda/cs35l41_hda.c | 2 + sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 +- sound/pcmcia/vx/vxpocket.c | 8 +- sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 +- sound/soc/codecs/ak4458.c | 10 +- sound/soc/codecs/ak5558.c | 10 +- sound/soc/fsl/fsl_xcvr.c | 2 +- sound/soc/intel/catpt/pcm.c | 4 +- sound/soc/qcom/qdsp6/q6adm.c | 146 ++++---- sound/soc/qcom/qdsp6/q6apm-dai.c | 2 + sound/soc/qcom/qdsp6/q6asm-dai.c | 7 +- sound/soc/stm/stm32_sai.c | 14 +- sound/soc/stm/stm32_sai_sub.c | 51 ++- sound/usb/mixer_us16x08.c | 20 +- sound/usb/quirks.c | 6 + tools/include/nolibc/stdio.h | 4 + tools/lib/perf/cpumap.c | 10 +- tools/mm/page_owner_sort.c | 6 +- tools/objtool/check.c | 3 +- tools/objtool/elf.c | 8 +- tools/perf/builtin-record.c | 2 +- .../util/arm-spe-decoder/arm-spe-pkt-decoder.c | 37 +- .../util/arm-spe-decoder/arm-spe-pkt-decoder.h | 26 +- tools/perf/util/bpf_lock_contention.c | 6 +- tools/perf/util/maps.c | 13 + tools/perf/util/maps.h | 2 + tools/perf/util/symbol.c | 4 +- tools/testing/ktest/config-bisect.pl | 4 +- tools/testing/nvdimm/test/nfit.c | 7 +- tools/testing/radix-tree/idr-test.c | 21 ++ .../selftests/bpf/prog_tests/perf_branches.c | 22 +- .../testing/selftests/bpf/prog_tests/send_signal.c | 5 + .../selftests/bpf/progs/test_perf_branches.c | 3 + .../testing/selftests/drivers/net/bonding/Makefile | 2 +- .../selftests/drivers/net/bonding/bond_macvlan.sh | 99 ------ .../drivers/net/bonding/bond_macvlan_ipvlan.sh | 97 ++++++ tools/testing/selftests/drivers/net/bonding/config | 9 + .../test.d/ftrace/func_traceonoff_triggers.tc | 5 +- .../testing/selftests/net/openvswitch/ovs-dpctl.py | 16 +- tools/testing/selftests/net/tap.c | 16 +- 754 files changed, 6987 insertions(+), 4373 deletions(-)

33 minutes

15
759
0 0

[PATCH v6] PCI: loongson: Override PCIe bridge supported speeds for Loongson-3C6000 series

by Ziyao Li via B4 Relay

From: Ziyao Li <liziyao(a)uniontech.com> Older steppings of the Loongson-3C6000 series incorrectly report the supported link speeds on their PCIe bridges (device IDs 0x3c19, 0x3c29) as only 2.5 GT/s, despite the upstream bus supporting speeds from 2.5 GT/s up to 16 GT/s. As a result, since commit 774c71c52aa4 ("PCI/bwctrl: Enable only if more than one speed is supported"), bwctrl will be disabled if there's only one 2.5 GT/s value in vector `supported_speeds`. Also, the amdgpu driver reads the value by pcie_get_speed_cap() in amdgpu_device_partner_bandwidth(), for its dynamic adjustment of PCIe clocks and lanes in power management. We hope this can prevent similar problems in future driver changes (similar checks may be implemented in other GPU, storage controller, NIC, etc. drivers). Manually override the `supported_speeds` field for affected PCIe bridges with those found on the upstream bus to correctly reflect the supported link speeds. This patch was originally found from AOSC OS[1]. Link: https://github.com/AOSC-Tracking/linux/pull/2 #1 Tested-by: Lain Fearyncess Yang <fsf(a)live.com> Tested-by: Ayden Meng <aydenmeng(a)yeah.net> Signed-off-by: Ayden Meng <aydenmeng(a)yeah.net> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> [Xi Ruoyao: Fix falling through logic and add kernel log output.] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Link: https://github.com/AOSC-Tracking/linux/commit/4392f441363abdf6fa0a0433d7317… [Ziyao Li: move from drivers/pci/quirks.c to drivers/pci/controller/pci-loongson.c] Signed-off-by: Ziyao Li <liziyao(a)uniontech.com> Tested-by: Mingcong Bai <jeffbai(a)aosc.io> Cc: stable(a)vger.kernel.org Reviewed-by: Huacai Chen <chenhuacai(a)loongson.cn> --- Changes in v6: - adjust commit message - Link to v5: https://lore.kernel.org/r/20260113-loongson-pci1-v5-1-264c9b4a90ab@uniontec… Changes in v5: - style adjust - Link to v4: https://lore.kernel.org/r/20260113-loongson-pci1-v4-1-1921d6479fe4@uniontec… Changes in v4: - rename subject - use 0x3c19/0x3c29 instead of 3c19/3c29 - Link to v3: https://lore.kernel.org/r/20260109-loongson-pci1-v3-1-5ddc5ae3ba93@uniontec… Changes in v3: - Adjust commit message - Make the program flow more intuitive - Link to v2: https://lore.kernel.org/r/20260104-loongson-pci1-v2-1-d151e57b6ef8@uniontec… Changes in v2: - Link to v1: https://lore.kernel.org/r/20250822-loongson-pci1-v1-1-39aabbd11fbd@uniontec… - Move from arch/loongarch/pci/pci.c to drivers/pci/controller/pci-loongson.c - Fix falling through logic and add kernel log output by Xi Ruoyao --- drivers/pci/controller/pci-loongson.c | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/drivers/pci/controller/pci-loongson.c b/drivers/pci/controller/pci-loongson.c index bc630ab8a283..a4250d7af1bf 100644 --- a/drivers/pci/controller/pci-loongson.c +++ b/drivers/pci/controller/pci-loongson.c @@ -176,6 +176,42 @@ static void loongson_pci_msi_quirk(struct pci_dev *dev) } DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_LOONGSON, DEV_LS7A_PCIE_PORT5, loongson_pci_msi_quirk); +/* + * Older steppings of the Loongson-3C6000 series incorrectly report the + * supported link speeds on their PCIe bridges (device IDs 0x3c19, + * 0x3c29) as only 2.5 GT/s, despite the upstream bus supporting speeds + * from 2.5 GT/s up to 16 GT/s. + */ +static void loongson_pci_bridge_speed_quirk(struct pci_dev *pdev) +{ + u8 old_supported_speeds = pdev->supported_speeds; + + switch (pdev->bus->max_bus_speed) { + case PCIE_SPEED_16_0GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_16_0GB; + fallthrough; + case PCIE_SPEED_8_0GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_8_0GB; + fallthrough; + case PCIE_SPEED_5_0GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_5_0GB; + fallthrough; + case PCIE_SPEED_2_5GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_2_5GB; + break; + default: + pci_warn(pdev, "unexpected max bus speed"); + + return; + } + + if (pdev->supported_speeds != old_supported_speeds) + pci_info(pdev, "fixing up supported link speeds: 0x%x => 0x%x", + old_supported_speeds, pdev->supported_speeds); +} +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_LOONGSON, 0x3c19, loongson_pci_bridge_speed_quirk); +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_LOONGSON, 0x3c29, loongson_pci_bridge_speed_quirk); + static struct loongson_pci *pci_bus_to_loongson_pci(struct pci_bus *bus) { struct pci_config_window *cfg; --- base-commit: ea1013c1539270e372fc99854bc6e4d94eaeff66 change-id: 20250822-loongson-pci1-4ded0d78f1bb Best regards, -- Ziyao Li <liziyao(a)uniontech.com>

41 minutes

1
0
0 0

[PATCH] mm/shmem, swap: fix race of truncate and swap entry split

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it gets the entry order before that using xa_get_order without lock protection. As a result the order could be a stalled value if the entry is split after the xa_get_order and before the xa_cmpxchg_irq. In fact that are more way for other races to occur during the time window. To fix that, open code the Xarray cmpxchg and put the order retrivial and value checking in the same critical section. Also ensure the order won't exceed the truncate border. I observed random swapoff hangs and swap entry leaks when stress testing ZSWAP with shmem. After applying this patch, the problem is resolved. Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Cc: stable(a)vger.kernel.org Signed-off-by: Kairui Song <kasong(a)tencent.com> --- mm/shmem.c | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index 0b4c8c70d017..e160da0cd30f 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -961,18 +961,28 @@ static void shmem_delete_from_page_cache(struct folio *folio, void *radswap) * the number of pages being freed. 0 means entry not found in XArray (0 pages * being freed). */ -static long shmem_free_swap(struct address_space *mapping, - pgoff_t index, void *radswap) +static long shmem_free_swap(struct address_space *mapping, pgoff_t index, + unsigned int max_nr, void *radswap) { - int order = xa_get_order(&mapping->i_pages, index); - void *old; + XA_STATE(xas, &mapping->i_pages, index); + unsigned int nr_pages = 0; + void *entry; - old = xa_cmpxchg_irq(&mapping->i_pages, index, radswap, NULL, 0); - if (old != radswap) - return 0; - swap_put_entries_direct(radix_to_swp_entry(radswap), 1 << order); + xas_lock_irq(&xas); + entry = xas_load(&xas); + if (entry == radswap) { + nr_pages = 1 << xas_get_order(&xas); + if (index == round_down(xas.xa_index, nr_pages) && nr_pages < max_nr) + xas_store(&xas, NULL); + else + nr_pages = 0; + } + xas_unlock_irq(&xas); + + if (nr_pages) + swap_put_entries_direct(radix_to_swp_entry(radswap), nr_pages); - return 1 << order; + return nr_pages; } /* @@ -1124,8 +1134,8 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, uoff_t lend, if (xa_is_value(folio)) { if (unfalloc) continue; - nr_swaps_freed += shmem_free_swap(mapping, - indices[i], folio); + nr_swaps_freed += shmem_free_swap(mapping, indices[i], + end - indices[i], folio); continue; } @@ -1195,7 +1205,8 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, uoff_t lend, if (unfalloc) continue; - swaps_freed = shmem_free_swap(mapping, indices[i], folio); + swaps_freed = shmem_free_swap(mapping, indices[i], + end - indices[i], folio); if (!swaps_freed) { /* Swap was replaced by page: retry */ index = indices[i]; --- base-commit: ab3d40bdac831c67e130fda12f3011505556500f change-id: 20260111-shmem-swap-fix-8d0e20a14b5d Best regards, -- Kairui Song <kasong(a)tencent.com>

1 hour

2
7
0 0

[PATCH v1 0/1] mm: Fix OOM killer and proc stats inaccuracy on large many-core systems

by Mathieu Desnoyers

Hi Andrew, This patch modifies the OOM killer and all proc RSS stats to use the precise for-each-possible-cpu sum to fix the inaccuracy issues. This approach was suggested by Michal Hocko as a straightforward fix for the inaccuracy issue by using more precise (but slower) RSS stats sum. With this, the hierarchical per-cpu counters become a simple optimization rather than a bug fix. I will post a new version of the HPCC soon which will be based on this patch. Feedback is welcome! Thanks, Mathieu Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Dennis Zhou <dennis(a)kernel.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Lameter <cl(a)linux.com> Cc: Martin Liu <liumartin(a)google.com> Cc: David Rientjes <rientjes(a)google.com> Cc: christian.koenig(a)amd.com Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: SeongJae Park <sj(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: "Liam R . Howlett" <liam.howlett(a)oracle.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Wei Yang <richard.weiyang(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: linux-mm(a)kvack.org Cc: stable(a)vger.kernel.org Cc: linux-trace-kernel(a)vger.kernel.org Cc: Yu Zhao <yuzhao(a)google.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Mathieu Desnoyers (1): mm: Fix OOM killer and proc stats inaccuracy on large many-core systems fs/proc/task_mmu.c | 14 +++++++------- include/linux/mm.h | 5 ----- 2 files changed, 7 insertions(+), 12 deletions(-) -- 2.39.5

1 hour, 11 minutes

2
6
0 0

[PATCH v6.6] riscv: uprobes: Add missing fence.i after building the XOL buffer

by Rahul Sharma

From: Björn Töpel <bjorn(a)rivosinc.com> [ Upstream commit 7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48 ] The XOL (execute out-of-line) buffer is used to single-step the replaced instruction(s) for uprobes. The RISC-V port was missing a proper fence.i (i$ flushing) after constructing the XOL buffer, which can result in incorrect execution of stale/broken instructions. This was found running the BPF selftests "test_progs: uprobe_autoattach, attach_probe" on the Spacemit K1/X60, where the uprobes tests randomly blew up. Reviewed-by: Guo Ren <guoren(a)kernel.org> Fixes: 74784081aac8 ("riscv: Add uprobes supported") Signed-off-by: Björn Töpel <bjorn(a)rivosinc.com> Link: https://lore.kernel.org/r/20250419111402.1660267-2-bjorn@kernel.org Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> Signed-off-by: Rahul Sharma <black.hawk(a)163.com> --- arch/riscv/kernel/probes/uprobes.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/arch/riscv/kernel/probes/uprobes.c b/arch/riscv/kernel/probes/uprobes.c index 4b3dc8beaf77..cc15f7ca6cc1 100644 --- a/arch/riscv/kernel/probes/uprobes.c +++ b/arch/riscv/kernel/probes/uprobes.c @@ -167,6 +167,7 @@ void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, /* Initialize the slot */ void *kaddr = kmap_atomic(page); void *dst = kaddr + (vaddr & ~PAGE_MASK); + unsigned long start = (unsigned long)dst; memcpy(dst, src, len); @@ -176,13 +177,6 @@ void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, *(uprobe_opcode_t *)dst = __BUG_INSN_32; } + flush_icache_range(start, start + len); kunmap_atomic(kaddr); - - /* - * We probably need flush_icache_user_page() but it needs vma. - * This should work on most of architectures by default. If - * architecture needs to do something different it can define - * its own version of the function. - */ - flush_dcache_page(page); } -- 2.34.1

1 hour, 28 minutes

1
0
0 0

+ kho-init-alloc-tags-when-restoring-pages-from-reserved-memory.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kho: init alloc tags when restoring pages from reserved memory has been added to the -mm mm-hotfixes-unstable branch. Its filename is kho-init-alloc-tags-when-restoring-pages-from-reserved-memory.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Subject: kho: init alloc tags when restoring pages from reserved memory Date: Fri, 9 Jan 2026 10:42:51 +0000 Memblock pages (including reserved memory) should have their allocation tags initialized to CODETAG_EMPTY via clear_page_tag_ref() before being released to the page allocator. When kho restores pages through kho_restore_page(), missing this call causes mismatched allocation/deallocation tracking and below warning message: alloc_tag was not set WARNING: include/linux/alloc_tag.h:164 at ___free_pages+0xb8/0x260, CPU#1: swapper/0/1 RIP: 0010:___free_pages+0xb8/0x260 kho_restore_vmalloc+0x187/0x2e0 kho_test_init+0x3c4/0xa30 do_one_initcall+0x62/0x2b0 kernel_init_freeable+0x25b/0x480 kernel_init+0x1a/0x1c0 ret_from_fork+0x2d1/0x360 Add missing clear_page_tag_ref() annotation in kho_restore_page() to fix this. Link: https://lkml.kernel.org/r/20260113033403.161869-1-ranxiaokai627@163.com Link: https://lkml.kernel.org/r/20260109104251.157767-1-ranxiaokai627@163.com Fixes: fc33e4b44b27 ("kexec: enable KHO support for memory preservation") Signed-off-by: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Alexander Graf <graf(a)amazon.com> Cc: Pratyush Yadav <pratyush(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/liveupdate/kexec_handover.c | 1 + 1 file changed, 1 insertion(+) --- a/kernel/liveupdate/kexec_handover.c~kho-init-alloc-tags-when-restoring-pages-from-reserved-memory +++ a/kernel/liveupdate/kexec_handover.c @@ -255,6 +255,7 @@ static struct page *kho_restore_page(phy if (is_folio && info.order) prep_compound_page(page, info.order); + clear_page_tag_ref(page); adjust_managed_page_count(page, nr_pages); return page; } _ Patches currently in -mm which might be from ran.xiaokai(a)zte.com.cn are kho-init-alloc-tags-when-restoring-pages-from-reserved-memory.patch

2 hours, 31 minutes

1
0
0 0

[PATCH] net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick

by Hamza Mahfooz

This is another one of those XGSPON ONU sticks that's using the X-ONU-SFPP internally, thus it also requires the potron quirk to avoid tx faults. So, add an entry for it in sfp_quirks[]. Cc: stable(a)vger.kernel.org Signed-off-by: Hamza Mahfooz <someguy(a)effective-light.com> --- drivers/net/phy/sfp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c index 84bef5099dda..47f095bd91ce 100644 --- a/drivers/net/phy/sfp.c +++ b/drivers/net/phy/sfp.c @@ -519,6 +519,8 @@ static const struct sfp_quirk sfp_quirks[] = { SFP_QUIRK_F("HALNy", "HL-GSFP", sfp_fixup_halny_gsfp), + SFP_QUIRK_F("H-COM", "SPP425H-GAB4", sfp_fixup_potron), + // HG MXPD-483II-F 2.5G supports 2500Base-X, but incorrectly reports // 2600MBd in their EERPOM SFP_QUIRK_S("HG GENUINE", "MXPD-483II", sfp_quirk_2500basex), -- 2.52.0

3 hours, 16 minutes

1
0
0 0

+ mm-memory-failure-teach-kill_accessing_process-to-accept-hugetlb-tail-page-pfn.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-teach-kill_accessing_process-to-accept-hugetlb-tail-page-pfn.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Jane Chu <jane.chu(a)oracle.com> Subject: mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn Date: Tue, 13 Jan 2026 01:07:51 -0700 When a hugetlb folio is being poisoned again, try_memory_failure_hugetlb() passed head pfn to kill_accessing_process(), that is not right. The precise pfn of the poisoned page should be used in order to determine the precise vaddr as the SIGBUS payload. This issue has already been taken care of in the normal path, that is, hwpoison_user_mappings(), see [1][2]. Further more, for [3] to work correctly in the hugetlb repoisoning case, it's essential to inform VM the precise poisoned page, not the head page. Link: https://lkml.kernel.org/r/20260113080751.2173497-2-jane.chu@oracle.com Link: https://lkml.kernel.org/r/20231218135837.3310403-1-willy@infradead.org [1] Link: https://lkml.kernel.org/r/20250224211445.2663312-1-jane.chu@oracle.com [2] Link: https://lore.kernel.org/lkml/20251116013223.1557158-1-jiaqiyan@google.com/ [3] Signed-off-by: Jane Chu <jane.chu(a)oracle.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: David Hildenbrand <david(a)kernel.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: William Roche <william.roche(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-teach-kill_accessing_process-to-accept-hugetlb-tail-page-pfn +++ a/mm/memory-failure.c @@ -692,6 +692,8 @@ static int check_hwpoisoned_entry(pte_t unsigned long poisoned_pfn, struct to_kill *tk) { unsigned long pfn = 0; + unsigned long hwpoison_vaddr; + unsigned long mask; if (pte_present(pte)) { pfn = pte_pfn(pte); @@ -702,10 +704,12 @@ static int check_hwpoisoned_entry(pte_t pfn = softleaf_to_pfn(entry); } - if (!pfn || pfn != poisoned_pfn) + mask = ~((1UL << (shift - PAGE_SHIFT)) - 1); + if (!pfn || ((pfn & mask) != (poisoned_pfn & mask))) return 0; - set_to_kill(tk, addr, shift); + hwpoison_vaddr = addr + ((poisoned_pfn - pfn) << PAGE_SHIFT); + set_to_kill(tk, hwpoison_vaddr, shift); return 1; } @@ -2049,10 +2053,8 @@ retry: return action_result(pfn, MF_MSG_GET_HWPOISON, MF_IGNORED); case MF_HUGETLB_FOLIO_PRE_POISONED: case MF_HUGETLB_PAGE_PRE_POISON: - if (flags & MF_ACTION_REQUIRED) { - folio = page_folio(p); - res = kill_accessing_process(current, folio_pfn(folio), flags); - } + if (flags & MF_ACTION_REQUIRED) + res = kill_accessing_process(current, pfn, flags); if (res == MF_HUGETLB_FOLIO_PRE_POISONED) action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); else _ Patches currently in -mm which might be from jane.chu(a)oracle.com are mm-memory-failure-fix-missing-mf_stats-count-in-hugetlb-poison.patch mm-memory-failure-teach-kill_accessing_process-to-accept-hugetlb-tail-page-pfn.patch

3 hours, 23 minutes

1
0
0 0

+ mm-memory-failure-fix-missing-mf_stats-count-in-hugetlb-poison.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix missing ->mf_stats count in hugetlb poison has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-missing-mf_stats-count-in-hugetlb-poison.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Jane Chu <jane.chu(a)oracle.com> Subject: mm/memory-failure: fix missing ->mf_stats count in hugetlb poison Date: Tue, 13 Jan 2026 01:07:50 -0700 When a newly poisoned subpage ends up in an already poisoned hugetlb folio, 'num_poisoned_pages' is incremented, but the per node ->mf_stats is not. Fix the inconsistency by designating action_result() to update them both. While at it, define __get_huge_page_for_hwpoison() return values in terms of symbol names for better readibility. Also rename folio_set_hugetlb_hwpoison() to hugetlb_update_hwpoison() since the function does more than the conventional bit setting and the fact three possible return values are expected. Link: https://lkml.kernel.org/r/20260113080751.2173497-1-jane.chu@oracle.com Fixes: 18f41fa616ee4 ("mm: memory-failure: bump memory failure stats to pglist_data") Signed-off-by: Jane Chu <jane.chu(a)oracle.com> Cc: David Hildenbrand <david(a)kernel.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Jiaqi Yan <jiaqiyan(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: William Roche <william.roche(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 75 +++++++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 30 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-missing-mf_stats-count-in-hugetlb-poison +++ a/mm/memory-failure.c @@ -1883,12 +1883,24 @@ static unsigned long __folio_free_raw_hw return count; } -static int folio_set_hugetlb_hwpoison(struct folio *folio, struct page *page) +#define MF_HUGETLB_FOLIO_PRE_POISONED 3 /* folio already poisoned */ +#define MF_HUGETLB_PAGE_PRE_POISON 4 /* exact page already poisoned */ +/* + * Set hugetlb folio as hwpoisoned, update folio private raw hwpoison list + * to keep track of the poisoned pages. + * Return: + * 0: folio was not already poisoned; + * MF_HUGETLB_FOLIO_PRE_POISONED: folio was already poisoned: either + * multiple pages being poisoned, or per page information unclear, + * MF_HUGETLB_PAGE_PRE_POISON: folio was already poisoned, an exact + * poisoned page is being consumed again. + */ +static int hugetlb_update_hwpoison(struct folio *folio, struct page *page) { struct llist_head *head; struct raw_hwp_page *raw_hwp; struct raw_hwp_page *p; - int ret = folio_test_set_hwpoison(folio) ? -EHWPOISON : 0; + int ret = folio_test_set_hwpoison(folio) ? MF_HUGETLB_FOLIO_PRE_POISONED : 0; /* * Once the hwpoison hugepage has lost reliable raw error info, @@ -1896,20 +1908,17 @@ static int folio_set_hugetlb_hwpoison(st * so skip to add additional raw error info. */ if (folio_test_hugetlb_raw_hwp_unreliable(folio)) - return -EHWPOISON; + return MF_HUGETLB_FOLIO_PRE_POISONED; head = raw_hwp_list_head(folio); llist_for_each_entry(p, head->first, node) { if (p->page == page) - return -EHWPOISON; + return MF_HUGETLB_PAGE_PRE_POISON; } raw_hwp = kmalloc(sizeof(struct raw_hwp_page), GFP_ATOMIC); if (raw_hwp) { raw_hwp->page = page; llist_add(&raw_hwp->node, head); - /* the first error event will be counted in action_result(). */ - if (ret) - num_poisoned_pages_inc(page_to_pfn(page)); } else { /* * Failed to save raw error info. We no longer trace all @@ -1955,44 +1964,43 @@ void folio_clear_hugetlb_hwpoison(struct folio_free_raw_hwp(folio, true); } +#define MF_HUGETLB_FREED 0 /* freed hugepage */ +#define MF_HUGETLB_IN_USED 1 /* in-use hugepage */ /* * Called from hugetlb code with hugetlb_lock held. - * - * Return values: - * 0 - free hugepage - * 1 - in-use hugepage - * 2 - not a hugepage - * -EBUSY - the hugepage is busy (try to retry) - * -EHWPOISON - the hugepage is already hwpoisoned */ int __get_huge_page_for_hwpoison(unsigned long pfn, int flags, bool *migratable_cleared) { struct page *page = pfn_to_page(pfn); struct folio *folio = page_folio(page); - int ret = 2; /* fallback to normal page handling */ + int ret = -EINVAL; bool count_increased = false; + int rc; if (!folio_test_hugetlb(folio)) goto out; if (flags & MF_COUNT_INCREASED) { - ret = 1; + ret = MF_HUGETLB_IN_USED; count_increased = true; } else if (folio_test_hugetlb_freed(folio)) { - ret = 0; + ret = MF_HUGETLB_FREED; } else if (folio_test_hugetlb_migratable(folio)) { - ret = folio_try_get(folio); - if (ret) + if (folio_try_get(folio)) { + ret = MF_HUGETLB_IN_USED; count_increased = true; + } else + ret = MF_HUGETLB_FREED; } else { ret = -EBUSY; if (!(flags & MF_NO_RETRY)) goto out; } - if (folio_set_hugetlb_hwpoison(folio, page)) { - ret = -EHWPOISON; + rc = hugetlb_update_hwpoison(folio, page); + if (rc >= MF_HUGETLB_FOLIO_PRE_POISONED) { + ret = rc; goto out; } @@ -2029,22 +2037,29 @@ static int try_memory_failure_hugetlb(un *hugetlb = 1; retry: res = get_huge_page_for_hwpoison(pfn, flags, &migratable_cleared); - if (res == 2) { /* fallback to normal page handling */ + switch (res) { + case -EINVAL: /* fallback to normal page handling */ *hugetlb = 0; return 0; - } else if (res == -EHWPOISON) { - if (flags & MF_ACTION_REQUIRED) { - folio = page_folio(p); - res = kill_accessing_process(current, folio_pfn(folio), flags); - } - action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); - return res; - } else if (res == -EBUSY) { + case -EBUSY: if (!(flags & MF_NO_RETRY)) { flags |= MF_NO_RETRY; goto retry; } return action_result(pfn, MF_MSG_GET_HWPOISON, MF_IGNORED); + case MF_HUGETLB_FOLIO_PRE_POISONED: + case MF_HUGETLB_PAGE_PRE_POISON: + if (flags & MF_ACTION_REQUIRED) { + folio = page_folio(p); + res = kill_accessing_process(current, folio_pfn(folio), flags); + } + if (res == MF_HUGETLB_FOLIO_PRE_POISONED) + action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); + else + action_result(pfn, MF_MSG_HUGE, MF_FAILED); + return res; + default: + break; } folio = page_folio(p); _ Patches currently in -mm which might be from jane.chu(a)oracle.com are mm-memory-failure-fix-missing-mf_stats-count-in-hugetlb-poison.patch mm-memory-failure-teach-kill_accessing_process-to-accept-hugetlb-tail-page-pfn.patch

3 hours, 23 minutes

1
0
0 0

[PATCH v4 1/2] mm/memory-failure: fix missing ->mf_stats count in hugetlb poison

by Jane Chu

When a newly poisoned subpage ends up in an already poisoned hugetlb folio, 'num_poisoned_pages' is incremented, but the per node ->mf_stats is not. Fix the inconsistency by designating action_result() to update them both. While at it, define __get_huge_page_for_hwpoison() return values in terms of symbol names for better readibility. Also rename folio_set_hugetlb_hwpoison() to hugetlb_update_hwpoison() since the function does more than the conventional bit setting and the fact three possible return values are expected. Fixes: 18f41fa616ee4 ("mm: memory-failure: bump memory failure stats to pglist_data") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jane Chu <jane.chu(a)oracle.com> --- v3 -> v4: incorporate/adapt David's suggestions. v2 -> v3: No change. v1 -> v2: adapted David and Liam's comment, define __get_huge_page_for_hwpoison() return values in terms of symbol names instead of naked integers for better readibility. #define instead of enum is used since the function has footprint outside MF, just try to limit the MF specifics local. also renamed folio_set_hugetlb_hwpoison() to hugetlb_update_hwpoison() since the function does more than the conventional bit setting and the fact three possible return values are expected. --- mm/memory-failure.c | 75 +++++++++++++++++++++++++++------------------ 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/mm/memory-failure.c b/mm/memory-failure.c index fbc5a01260c8..b3e27451d618 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1883,12 +1883,24 @@ static unsigned long __folio_free_raw_hwp(struct folio *folio, bool move_flag) return count; } -static int folio_set_hugetlb_hwpoison(struct folio *folio, struct page *page) +#define MF_HUGETLB_FOLIO_PRE_POISONED 3 /* folio already poisoned */ +#define MF_HUGETLB_PAGE_PRE_POISON 4 /* exact page already poisoned */ +/* + * Set hugetlb folio as hwpoisoned, update folio private raw hwpoison list + * to keep track of the poisoned pages. + * Return: + * 0: folio was not already poisoned; + * MF_HUGETLB_FOLIO_PRE_POISONED: folio was already poisoned: either + * multiple pages being poisoned, or per page information unclear, + * MF_HUGETLB_PAGE_PRE_POISON: folio was already poisoned, an exact + * poisoned page is being consumed again. + */ +static int hugetlb_update_hwpoison(struct folio *folio, struct page *page) { struct llist_head *head; struct raw_hwp_page *raw_hwp; struct raw_hwp_page *p; - int ret = folio_test_set_hwpoison(folio) ? -EHWPOISON : 0; + int ret = folio_test_set_hwpoison(folio) ? MF_HUGETLB_FOLIO_PRE_POISONED : 0; /* * Once the hwpoison hugepage has lost reliable raw error info, @@ -1896,20 +1908,17 @@ static int folio_set_hugetlb_hwpoison(struct folio *folio, struct page *page) * so skip to add additional raw error info. */ if (folio_test_hugetlb_raw_hwp_unreliable(folio)) - return -EHWPOISON; + return MF_HUGETLB_FOLIO_PRE_POISONED; head = raw_hwp_list_head(folio); llist_for_each_entry(p, head->first, node) { if (p->page == page) - return -EHWPOISON; + return MF_HUGETLB_PAGE_PRE_POISON; } raw_hwp = kmalloc(sizeof(struct raw_hwp_page), GFP_ATOMIC); if (raw_hwp) { raw_hwp->page = page; llist_add(&raw_hwp->node, head); - /* the first error event will be counted in action_result(). */ - if (ret) - num_poisoned_pages_inc(page_to_pfn(page)); } else { /* * Failed to save raw error info. We no longer trace all @@ -1955,44 +1964,43 @@ void folio_clear_hugetlb_hwpoison(struct folio *folio) folio_free_raw_hwp(folio, true); } +#define MF_HUGETLB_FREED 0 /* freed hugepage */ +#define MF_HUGETLB_IN_USED 1 /* in-use hugepage */ /* * Called from hugetlb code with hugetlb_lock held. - * - * Return values: - * 0 - free hugepage - * 1 - in-use hugepage - * 2 - not a hugepage - * -EBUSY - the hugepage is busy (try to retry) - * -EHWPOISON - the hugepage is already hwpoisoned */ int __get_huge_page_for_hwpoison(unsigned long pfn, int flags, bool *migratable_cleared) { struct page *page = pfn_to_page(pfn); struct folio *folio = page_folio(page); - int ret = 2; /* fallback to normal page handling */ + int ret = -EINVAL; bool count_increased = false; + int rc; if (!folio_test_hugetlb(folio)) goto out; if (flags & MF_COUNT_INCREASED) { - ret = 1; + ret = MF_HUGETLB_IN_USED; count_increased = true; } else if (folio_test_hugetlb_freed(folio)) { - ret = 0; + ret = MF_HUGETLB_FREED; } else if (folio_test_hugetlb_migratable(folio)) { - ret = folio_try_get(folio); - if (ret) + if (folio_try_get(folio)) { + ret = MF_HUGETLB_IN_USED; count_increased = true; + } else + ret = MF_HUGETLB_FREED; } else { ret = -EBUSY; if (!(flags & MF_NO_RETRY)) goto out; } - if (folio_set_hugetlb_hwpoison(folio, page)) { - ret = -EHWPOISON; + rc = hugetlb_update_hwpoison(folio, page); + if (rc >= MF_HUGETLB_FOLIO_PRE_POISONED) { + ret = rc; goto out; } @@ -2029,22 +2037,29 @@ static int try_memory_failure_hugetlb(unsigned long pfn, int flags, int *hugetlb *hugetlb = 1; retry: res = get_huge_page_for_hwpoison(pfn, flags, &migratable_cleared); - if (res == 2) { /* fallback to normal page handling */ + switch (res) { + case -EINVAL: /* fallback to normal page handling */ *hugetlb = 0; return 0; - } else if (res == -EHWPOISON) { - if (flags & MF_ACTION_REQUIRED) { - folio = page_folio(p); - res = kill_accessing_process(current, folio_pfn(folio), flags); - } - action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); - return res; - } else if (res == -EBUSY) { + case -EBUSY: if (!(flags & MF_NO_RETRY)) { flags |= MF_NO_RETRY; goto retry; } return action_result(pfn, MF_MSG_GET_HWPOISON, MF_IGNORED); + case MF_HUGETLB_FOLIO_PRE_POISONED: + case MF_HUGETLB_PAGE_PRE_POISON: + if (flags & MF_ACTION_REQUIRED) { + folio = page_folio(p); + res = kill_accessing_process(current, folio_pfn(folio), flags); + } + if (res == MF_HUGETLB_FOLIO_PRE_POISONED) + action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); + else + action_result(pfn, MF_MSG_HUGE, MF_FAILED); + return res; + default: + break; } folio = page_folio(p); -- 2.43.5

3 hours, 23 minutes

2
2
0 0

[PATCH] drm/amd/display: Add an hdmi_hpd_debounce_delay_ms module

by IVAN.LIPSKI＠amd.com

From: Ivan Lipski <ivan.lipski(a)amd.com> [Why&How] Right now, the HDMI HPD filter is enabled by default at 1500ms. We want to disable it by default, as most modern displays with HDMI do not require it for DPMS mode. The HPD can instead be enabled as a driver parameter with a custom delay value in ms (up to 5000ms). Fixes: c97da4785b3b ("drm/amd/display: Add an HPD filter for HDMI") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4859 Signed-off-by: Ivan Lipski <ivan.lipski(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +++++++++++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 ++++++++++++--- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 5 ++++- 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index 11a36c132905..9903da2d28b0 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -269,6 +269,8 @@ extern int amdgpu_rebar; extern int amdgpu_wbrf; extern int amdgpu_user_queue; +extern int amdgpu_hdmi_hpd_debounce_delay_ms; + #define AMDGPU_VM_MAX_NUM_CTX 4096 #define AMDGPU_SG_THRESHOLD (256*1024*1024) #define AMDGPU_WAIT_IDLE_TIMEOUT_IN_MS 3000 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index d67bbaa8ce02..771c89c84608 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -247,6 +247,7 @@ int amdgpu_damage_clips = -1; /* auto */ int amdgpu_umsch_mm_fwlog; int amdgpu_rebar = -1; /* auto */ int amdgpu_user_queue = -1; +uint amdgpu_hdmi_hpd_debounce_delay_ms; DECLARE_DYNDBG_CLASSMAP(drm_debug_classes, DD_CLASS_TYPE_DISJOINT_BITS, 0, "DRM_UT_CORE", @@ -1123,6 +1124,16 @@ module_param_named(rebar, amdgpu_rebar, int, 0444); MODULE_PARM_DESC(user_queue, "Enable user queues (-1 = auto (default), 0 = disable, 1 = enable, 2 = enable UQs and disable KQs)"); module_param_named(user_queue, amdgpu_user_queue, int, 0444); +/* + * DOC: hdmi_hpd_debounce_delay_ms (uint) + * HDMI HPD disconnect debounce delay in milliseconds. + * + * Used to filter short disconnect->reconnect HPD toggles some HDMI sinks + * generate while entering/leaving power save. Set to 0 to disable by default. + */ +MODULE_PARM_DESC(hdmi_hpd_debounce_delay_ms, "HDMI HPD disconnect debounce delay in milliseconds (0 to disable (by default), 1500 is common)"); +module_param_named(hdmi_hpd_debounce_delay_ms, amdgpu_hdmi_hpd_debounce_delay_ms, uint, 0644); + /* These devices are not supported by amdgpu. * They are supported by the mach64, r128, radeon drivers */ diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 354e359c4507..ba7e1f72fde1 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -8918,9 +8918,18 @@ void amdgpu_dm_connector_init_helper(struct amdgpu_display_manager *dm, mutex_init(&aconnector->hpd_lock); mutex_init(&aconnector->handle_mst_msg_ready); - aconnector->hdmi_hpd_debounce_delay_ms = AMDGPU_DM_HDMI_HPD_DEBOUNCE_MS; - INIT_DELAYED_WORK(&aconnector->hdmi_hpd_debounce_work, hdmi_hpd_debounce_work); - aconnector->hdmi_prev_sink = NULL; + /* + * If HDMI HPD debounce delay is set, use the minimum between selected + * value and AMDGPU_DM_MAX_HDMI_HPD_DEBOUNCE_MS + */ + if (amdgpu_hdmi_hpd_debounce_delay_ms) { + aconnector->hdmi_hpd_debounce_delay_ms = min(amdgpu_hdmi_hpd_debounce_delay_ms, + AMDGPU_DM_MAX_HDMI_HPD_DEBOUNCE_MS); + INIT_DELAYED_WORK(&aconnector->hdmi_hpd_debounce_work, hdmi_hpd_debounce_work); + aconnector->hdmi_prev_sink = NULL; + } else { + aconnector->hdmi_hpd_debounce_delay_ms = 0; + } /* * configure support HPD hot plug connector_>polled default value is 0 diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h index 7065b20aa2e6..6fe7f78b66c5 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h @@ -59,7 +59,10 @@ #define AMDGPU_HDR_MULT_DEFAULT (0x100000000LL) -#define AMDGPU_DM_HDMI_HPD_DEBOUNCE_MS 1500 +/* + * Maximum HDMI HPD debounce delay in milliseconds + */ +#define AMDGPU_DM_MAX_HDMI_HPD_DEBOUNCE_MS 5000 /* #include "include/amdgpu_dal_power_if.h" #include "amdgpu_dm_irq.h" -- 2.43.0

4 hours, 8 minutes

2
1
0 0

[PATCH iwl-net 1/2] ice: reintroduce retry mechanism for indirect AQ

by Dawid Osuchowski

From: Jakub Staniszewski <jakub.staniszewski(a)linux.intel.com> Add retry mechanism for indirect Admin Queue (AQ) commands. To do so we need to keep the command buffer. This technically reverts commit 43a630e37e25 ("ice: remove unused buffer copy code in ice_sq_send_cmd_retry()"), but combines it with a fix in the logic by using a kmemdup() call, making it more robust and less likely to break in the future due to programmer error. Cc: Michal Schmidt <mschmidt(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: 3056df93f7a8 ("ice: Re-send some AQ commands, as result of EBUSY AQ error") Signed-off-by: Jakub Staniszewski <jakub.staniszewski(a)linux.intel.com> Co-developed-by: Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> Signed-off-by: Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> --- Ccing Michal, given they are the author of the "reverted" commit. drivers/net/ethernet/intel/ice/ice_common.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_common.c b/drivers/net/ethernet/intel/ice/ice_common.c index a400bf4f239a..aab00c44e9b2 100644 --- a/drivers/net/ethernet/intel/ice/ice_common.c +++ b/drivers/net/ethernet/intel/ice/ice_common.c @@ -1879,34 +1879,40 @@ ice_sq_send_cmd_retry(struct ice_hw *hw, struct ice_ctl_q_info *cq, { struct libie_aq_desc desc_cpy; bool is_cmd_for_retry; + u8 *buf_cpy = NULL; u8 idx = 0; u16 opcode; int status; opcode = le16_to_cpu(desc->opcode); is_cmd_for_retry = ice_should_retry_sq_send_cmd(opcode); memset(&desc_cpy, 0, sizeof(desc_cpy)); if (is_cmd_for_retry) { - /* All retryable cmds are direct, without buf. */ - WARN_ON(buf); + if (buf) { + buf_cpy = kmemdup(buf, buf_size, GFP_KERNEL); + if (!buf_cpy) + return -ENOMEM; + } memcpy(&desc_cpy, desc, sizeof(desc_cpy)); } do { status = ice_sq_send_cmd(hw, cq, desc, buf, buf_size, cd); if (!is_cmd_for_retry || !status || hw->adminq.sq_last_status != LIBIE_AQ_RC_EBUSY) break; + if (buf_cpy) + memcpy(buf, buf_cpy, buf_size); memcpy(desc, &desc_cpy, sizeof(desc_cpy)); - msleep(ICE_SQ_SEND_DELAY_TIME_MS); } while (++idx < ICE_SQ_SEND_MAX_EXECUTE); + kfree(buf_cpy); return status; } -- 2.51.0

4 hours, 15 minutes

2
1
0 0

+ mm-kasan-fix-kasan-poisoning-in-vrealloc.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/kasan: fix KASAN poisoning in vrealloc() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-kasan-fix-kasan-poisoning-in-vrealloc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Subject: mm/kasan: fix KASAN poisoning in vrealloc() Date: Tue, 13 Jan 2026 20:15:15 +0100 A KASAN warning can be triggered when vrealloc() changes the requested size to a value that is not aligned to KASAN_GRANULE_SIZE. ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1 at mm/kasan/shadow.c:174 kasan_unpoison+0x40/0x48 ... pc : kasan_unpoison+0x40/0x48 lr : __kasan_unpoison_vmalloc+0x40/0x68 Call trace: kasan_unpoison+0x40/0x48 (P) vrealloc_node_align_noprof+0x200/0x320 bpf_patch_insn_data+0x90/0x2f0 convert_ctx_accesses+0x8c0/0x1158 bpf_check+0x1488/0x1900 bpf_prog_load+0xd20/0x1258 __sys_bpf+0x96c/0xdf0 __arm64_sys_bpf+0x50/0xa0 invoke_syscall+0x90/0x160 Introduce a dedicated kasan_vrealloc() helper that centralizes KASAN handling for vmalloc reallocations. The helper accounts for KASAN granule alignment when growing or shrinking an allocation and ensures that partial granules are handled correctly. Use this helper from vrealloc_node_align_noprof() to fix poisoning logic. Link: https://lkml.kernel.org/r/20260113191516.31015-1-ryabinin.a.a@gmail.com Fixes: d699440f58ce ("mm: fix vrealloc()'s KASAN poisoning logic") Signed-off-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Reported-by: Maciej ��enczykowski <maze(a)google.com> Reported-by: <joonki.min(a)samsung-slsi.corp-partner.google.com> Closes: https://lkml.kernel.org/r/CANP3RGeuRW53vukDy7WDO3FiVgu34-xVJYkfpm08oLO3odYF… Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Uladzislau Rezki <urezki(a)gmail.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 6 ++++++ mm/kasan/shadow.c | 24 ++++++++++++++++++++++++ mm/vmalloc.c | 7 ++----- 3 files changed, 32 insertions(+), 5 deletions(-) --- a/include/linux/kasan.h~mm-kasan-fix-kasan-poisoning-in-vrealloc +++ a/include/linux/kasan.h @@ -641,6 +641,9 @@ kasan_unpoison_vmap_areas(struct vm_stru __kasan_unpoison_vmap_areas(vms, nr_vms, flags); } +void kasan_vrealloc(const void *start, unsigned long old_size, + unsigned long new_size); + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -670,6 +673,9 @@ kasan_unpoison_vmap_areas(struct vm_stru kasan_vmalloc_flags_t flags) { } +static inline void kasan_vrealloc(const void *start, unsigned long old_size, + unsigned long new_size) { } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ --- a/mm/kasan/shadow.c~mm-kasan-fix-kasan-poisoning-in-vrealloc +++ a/mm/kasan/shadow.c @@ -651,6 +651,30 @@ void __kasan_poison_vmalloc(const void * kasan_poison(start, size, KASAN_VMALLOC_INVALID, false); } +void kasan_vrealloc(const void *addr, unsigned long old_size, + unsigned long new_size) +{ + if (!kasan_enabled()) + return; + + if (new_size < old_size) { + kasan_poison_last_granule(addr, new_size); + + new_size = round_up(new_size, KASAN_GRANULE_SIZE); + old_size = round_up(old_size, KASAN_GRANULE_SIZE); + if (new_size < old_size) + __kasan_poison_vmalloc(addr + new_size, + old_size - new_size); + } else if (new_size > old_size) { + old_size = round_down(old_size, KASAN_GRANULE_SIZE); + __kasan_unpoison_vmalloc(addr + old_size, + new_size - old_size, + KASAN_VMALLOC_PROT_NORMAL | + KASAN_VMALLOC_VM_ALLOC | + KASAN_VMALLOC_KEEP_TAG); + } +} + #else /* CONFIG_KASAN_VMALLOC */ int kasan_alloc_module_shadow(void *addr, size_t size, gfp_t gfp_mask) --- a/mm/vmalloc.c~mm-kasan-fix-kasan-poisoning-in-vrealloc +++ a/mm/vmalloc.c @@ -4322,7 +4322,7 @@ void *vrealloc_node_align_noprof(const v if (want_init_on_free() || want_init_on_alloc(flags)) memset((void *)p + size, 0, old_size - size); vm->requested_size = size; - kasan_poison_vmalloc(p + size, old_size - size); + kasan_vrealloc(p, old_size, size); return (void *)p; } @@ -4330,16 +4330,13 @@ void *vrealloc_node_align_noprof(const v * We already have the bytes available in the allocation; use them. */ if (size <= alloced_size) { - kasan_unpoison_vmalloc(p + old_size, size - old_size, - KASAN_VMALLOC_PROT_NORMAL | - KASAN_VMALLOC_VM_ALLOC | - KASAN_VMALLOC_KEEP_TAG); /* * No need to zero memory here, as unused memory will have * already been zeroed at initial allocation time or during * realloc shrink time. */ vm->requested_size = size; + kasan_vrealloc(p, old_size, size); return (void *)p; } _ Patches currently in -mm which might be from ryabinin.a.a(a)gmail.com are mm-kasan-fix-kasan-poisoning-in-vrealloc.patch

4 hours, 37 minutes

1
0
0 0

[PATCH v5] PCI: loongson: Override PCIe bridge supported speeds for Loongson-3C6000 series

by Ziyao Li via B4 Relay

From: Ziyao Li <liziyao(a)uniontech.com> Older steppings of the Loongson-3C6000 series incorrectly report the supported link speeds on their PCIe bridges (device IDs 0x3c19, 0x3c29) as only 2.5 GT/s, despite the upstream bus supporting speeds from 2.5 GT/s up to 16 GT/s. As a result, since commit 774c71c52aa4 ("PCI/bwctrl: Enable only if more than one speed is supported"), bwctrl will be disabled if there's only one 2.5 GT/s value in vector `supported_speeds`. Also, amdgpu reads the value by pcie_get_speed_cap() in amdgpu_device_ partner_bandwidth(), for its dynamic adjustment of PCIe clocks and lanes in power management. We hope this can prevent similar problems in future driver changes (similar checks may be implemented in other GPU, storage controller, NIC, etc. drivers). Manually override the `supported_speeds` field for affected PCIe bridges with those found on the upstream bus to correctly reflect the supported link speeds. This patch was originally found from AOSC OS[1]. Link: https://github.com/AOSC-Tracking/linux/pull/2 #1 Tested-by: Lain Fearyncess Yang <fsf(a)live.com> Tested-by: Ayden Meng <aydenmeng(a)yeah.net> Signed-off-by: Ayden Meng <aydenmeng(a)yeah.net> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> [Xi Ruoyao: Fix falling through logic and add kernel log output.] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Link: https://github.com/AOSC-Tracking/linux/commit/4392f441363abdf6fa0a0433d7317… [Ziyao Li: move from drivers/pci/quirks.c to drivers/pci/controller/pci-loongson.c] Signed-off-by: Ziyao Li <liziyao(a)uniontech.com> Tested-by: Mingcong Bai <jeffbai(a)aosc.io> Reviewed-by: Huacai Chen <chenhuacai(a)loongson.cn> --- Changes in v5: - style adjust - Link to v4: https://lore.kernel.org/r/20260113-loongson-pci1-v4-1-1921d6479fe4@uniontec… Changes in v4: - rename subject - use 0x3c19/0x3c29 instead of 3c19/3c29 - Link to v3: https://lore.kernel.org/r/20260109-loongson-pci1-v3-1-5ddc5ae3ba93@uniontec… Changes in v3: - Adjust commit message - Make the program flow more intuitive - Link to v2: https://lore.kernel.org/r/20260104-loongson-pci1-v2-1-d151e57b6ef8@uniontec… Changes in v2: - Link to v1: https://lore.kernel.org/r/20250822-loongson-pci1-v1-1-39aabbd11fbd@uniontec… - Move from arch/loongarch/pci/pci.c to drivers/pci/controller/pci-loongson.c - Fix falling through logic and add kernel log output by Xi Ruoyao --- drivers/pci/controller/pci-loongson.c | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/drivers/pci/controller/pci-loongson.c b/drivers/pci/controller/pci-loongson.c index bc630ab8a283..a4250d7af1bf 100644 --- a/drivers/pci/controller/pci-loongson.c +++ b/drivers/pci/controller/pci-loongson.c @@ -176,6 +176,42 @@ static void loongson_pci_msi_quirk(struct pci_dev *dev) } DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_LOONGSON, DEV_LS7A_PCIE_PORT5, loongson_pci_msi_quirk); +/* + * Older steppings of the Loongson-3C6000 series incorrectly report the + * supported link speeds on their PCIe bridges (device IDs 0x3c19, + * 0x3c29) as only 2.5 GT/s, despite the upstream bus supporting speeds + * from 2.5 GT/s up to 16 GT/s. + */ +static void loongson_pci_bridge_speed_quirk(struct pci_dev *pdev) +{ + u8 old_supported_speeds = pdev->supported_speeds; + + switch (pdev->bus->max_bus_speed) { + case PCIE_SPEED_16_0GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_16_0GB; + fallthrough; + case PCIE_SPEED_8_0GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_8_0GB; + fallthrough; + case PCIE_SPEED_5_0GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_5_0GB; + fallthrough; + case PCIE_SPEED_2_5GT: + pdev->supported_speeds |= PCI_EXP_LNKCAP2_SLS_2_5GB; + break; + default: + pci_warn(pdev, "unexpected max bus speed"); + + return; + } + + if (pdev->supported_speeds != old_supported_speeds) + pci_info(pdev, "fixing up supported link speeds: 0x%x => 0x%x", + old_supported_speeds, pdev->supported_speeds); +} +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_LOONGSON, 0x3c19, loongson_pci_bridge_speed_quirk); +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_LOONGSON, 0x3c29, loongson_pci_bridge_speed_quirk); + static struct loongson_pci *pci_bus_to_loongson_pci(struct pci_bus *bus) { struct pci_config_window *cfg; --- base-commit: ea1013c1539270e372fc99854bc6e4d94eaeff66 change-id: 20250822-loongson-pci1-4ded0d78f1bb Best regards, -- Ziyao Li <liziyao(a)uniontech.com>

4 hours, 40 minutes

2
1
0 0

[PATCH] perf Documentation: Correct branch stack sampling call-stack option

by Dapeng Mi

The correct call-stack option for branch stack sampling should be "stack" instead of "call_stack". Correct it. $perf record -e instructions -j call_stack -- sleep 1 unknown branch filter call_stack, check man page Usage: perf record [<options>] [<command>] or: perf record [<options>] -- <command> [<options>] -j, --branch-filter <branch filter mask> branch stack filter modes Cc: stable(a)vger.kernel.org Fixes: 955f6def5590 ("perf record: Add remaining branch filters: "no_cycles", "no_flags" & "hw_index"") Signed-off-by: Dapeng Mi <dapeng1.mi(a)linux.intel.com> --- tools/perf/Documentation/perf-record.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/Documentation/perf-record.txt b/tools/perf/Documentation/perf-record.txt index e8b9aadbbfa5..3d19e77c9c53 100644 --- a/tools/perf/Documentation/perf-record.txt +++ b/tools/perf/Documentation/perf-record.txt @@ -454,7 +454,7 @@ following filters are defined: - no_tx: only when the target is not in a hardware transaction - abort_tx: only when the target is a hardware transaction abort - cond: conditional branches - - call_stack: save call stack + - stack: save call stack - no_flags: don't save branch flags e.g prediction, misprediction etc - no_cycles: don't save branch cycles - hw_index: save branch hardware index base-commit: cb015814f8b6eebcbb8e46e111d108892c5e6821 -- 2.34.1

6 hours, 16 minutes

4
4
0 0

Apply 70740454377f1ba3ff32f5df4acd965db99d055b to linux-6.12.y

by Nathan Chancellor

Hi Greg and Sasha, Commit 70740454377f ("drm/amd/display: Apply e4479aecf658 to dml") was recently queued up for 6.18. This same change will be needed in 6.12 but it will need commit 820ccf8cb2b1 ("drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files") applied first for it to apply cleanly. Please let me know if there are any problems with this. Cheers, Nathan

6 hours, 44 minutes

2
1
0 0

[PATCH iwl-net 2/2] ice: fix retry for AQ command 0x06EE

by Dawid Osuchowski

From: Jakub Staniszewski <jakub.staniszewski(a)linux.intel.com> Executing ethtool -m can fail reporting a netlink I/O error while firmware link management holds the i2c bus used to communicate with the module. According to Intel(R) Ethernet Controller E810 Datasheet Rev 2.8 [1] Section 3.3.10.4 Read/Write SFF EEPROM (0x06EE) request should to be retried upon receiving EBUSY from firmware. Commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") implemented it only for part of ice_get_module_eeprom(), leaving all other calls to ice_aq_sff_eeprom() vulnerable to returning early on getting EBUSY without retrying. Remove the retry loop from ice_get_module_eeprom() and add Admin Queue (AQ) command with opcode 0x06EE to the list of commands that should be retried on receiving EBUSY from firmware. Cc: stable(a)vger.kernel.org Fixes: e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") Signed-off-by: Jakub Staniszewski <jakub.staniszewski(a)linux.intel.com> Co-developed-by: Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> Signed-off-by: Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Link: https://www.intel.com/content/www/us/en/content-details/613875/intel-ethern… [1] --- drivers/net/ethernet/intel/ice/ice_common.c | 1 + drivers/net/ethernet/intel/ice/ice_ethtool.c | 35 ++++++++------------ 2 files changed, 15 insertions(+), 21 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_common.c b/drivers/net/ethernet/intel/ice/ice_common.c index aab00c44e9b2..26eb8e05498b 100644 --- a/drivers/net/ethernet/intel/ice/ice_common.c +++ b/drivers/net/ethernet/intel/ice/ice_common.c @@ -1854,6 +1854,7 @@ static bool ice_should_retry_sq_send_cmd(u16 opcode) case ice_aqc_opc_lldp_stop: case ice_aqc_opc_lldp_start: case ice_aqc_opc_lldp_filter_ctrl: + case ice_aqc_opc_sff_eeprom: return true; } diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool.c b/drivers/net/ethernet/intel/ice/ice_ethtool.c index 3565a5d96c6d..478876908db1 100644 --- a/drivers/net/ethernet/intel/ice/ice_ethtool.c +++ b/drivers/net/ethernet/intel/ice/ice_ethtool.c @@ -4496,7 +4496,7 @@ ice_get_module_eeprom(struct net_device *netdev, u8 addr = ICE_I2C_EEPROM_DEV_ADDR; struct ice_hw *hw = &pf->hw; bool is_sfp = false; - unsigned int i, j; + unsigned int i; u16 offset = 0; u8 page = 0; int status; @@ -4538,26 +4538,19 @@ ice_get_module_eeprom(struct net_device *netdev, if (page == 0 || !(data[0x2] & 0x4)) { u32 copy_len; - /* If i2c bus is busy due to slow page change or - * link management access, call can fail. This is normal. - * So we retry this a few times. - */ - for (j = 0; j < 4; j++) { - status = ice_aq_sff_eeprom(hw, 0, addr, offset, page, - !is_sfp, value, - SFF_READ_BLOCK_SIZE, - 0, NULL); - netdev_dbg(netdev, "SFF %02X %02X %02X %X = %02X%02X%02X%02X.%02X%02X%02X%02X (%X)\n", - addr, offset, page, is_sfp, - value[0], value[1], value[2], value[3], - value[4], value[5], value[6], value[7], - status); - if (status) { - usleep_range(1500, 2500); - memset(value, 0, SFF_READ_BLOCK_SIZE); - continue; - } - break; + status = ice_aq_sff_eeprom(hw, 0, addr, offset, page, + !is_sfp, value, + SFF_READ_BLOCK_SIZE, + 0, NULL); + netdev_dbg(netdev, "SFF %02X %02X %02X %X = %02X%02X%02X%02X.%02X%02X%02X%02X (%pe)\n", + addr, offset, page, is_sfp, + value[0], value[1], value[2], value[3], + value[4], value[5], value[6], value[7], + ERR_PTR(status)); + if (status) { + netdev_err(netdev, "%s: error reading module EEPROM: status %pe\n", + __func__, ERR_PTR(status)); + return status; } /* Make sure we have enough room for the new block */ -- 2.51.0

7 hours, 8 minutes

1
0
0 0

[PATCH 1/2] mm/kasan: Fix KASAN poisoning in vrealloc()

by Andrey Ryabinin

A KASAN warning can be triggered when vrealloc() changes the requested size to a value that is not aligned to KASAN_GRANULE_SIZE. ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1 at mm/kasan/shadow.c:174 kasan_unpoison+0x40/0x48 ... pc : kasan_unpoison+0x40/0x48 lr : __kasan_unpoison_vmalloc+0x40/0x68 Call trace: kasan_unpoison+0x40/0x48 (P) vrealloc_node_align_noprof+0x200/0x320 bpf_patch_insn_data+0x90/0x2f0 convert_ctx_accesses+0x8c0/0x1158 bpf_check+0x1488/0x1900 bpf_prog_load+0xd20/0x1258 __sys_bpf+0x96c/0xdf0 __arm64_sys_bpf+0x50/0xa0 invoke_syscall+0x90/0x160 Introduce a dedicated kasan_vrealloc() helper that centralizes KASAN handling for vmalloc reallocations. The helper accounts for KASAN granule alignment when growing or shrinking an allocation and ensures that partial granules are handled correctly. Use this helper from vrealloc_node_align_noprof() to fix poisoning logic. Reported-by: Maciej Żenczykowski <maze(a)google.com> Reported-by: <joonki.min(a)samsung-slsi.corp-partner.google.com> Closes: https://lkml.kernel.org/r/CANP3RGeuRW53vukDy7WDO3FiVgu34-xVJYkfpm08oLO3odYF… Fixes: d699440f58ce ("mm: fix vrealloc()'s KASAN poisoning logic") Cc: stable(a)vger.kernel.org Signed-off-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> --- include/linux/kasan.h | 6 ++++++ mm/kasan/shadow.c | 24 ++++++++++++++++++++++++ mm/vmalloc.c | 7 ++----- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 9c6ac4b62eb9..ff27712dd3c8 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -641,6 +641,9 @@ kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, __kasan_unpoison_vmap_areas(vms, nr_vms, flags); } +void kasan_vrealloc(const void *start, unsigned long old_size, + unsigned long new_size); + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -670,6 +673,9 @@ kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms, kasan_vmalloc_flags_t flags) { } +static inline void kasan_vrealloc(const void *start, unsigned long old_size, + unsigned long new_size) { } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 32fbdf759ea2..e9b6b2d8e651 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -651,6 +651,30 @@ void __kasan_poison_vmalloc(const void *start, unsigned long size) kasan_poison(start, size, KASAN_VMALLOC_INVALID, false); } +void kasan_vrealloc(const void *addr, unsigned long old_size, + unsigned long new_size) +{ + if (!kasan_enabled()) + return; + + if (new_size < old_size) { + kasan_poison_last_granule(addr, new_size); + + new_size = round_up(new_size, KASAN_GRANULE_SIZE); + old_size = round_up(old_size, KASAN_GRANULE_SIZE); + if (new_size < old_size) + __kasan_poison_vmalloc(addr + new_size, + old_size - new_size); + } else if (new_size > old_size) { + old_size = round_down(old_size, KASAN_GRANULE_SIZE); + __kasan_unpoison_vmalloc(addr + old_size, + new_size - old_size, + KASAN_VMALLOC_PROT_NORMAL | + KASAN_VMALLOC_VM_ALLOC | + KASAN_VMALLOC_KEEP_TAG); + } +} + #else /* CONFIG_KASAN_VMALLOC */ int kasan_alloc_module_shadow(void *addr, size_t size, gfp_t gfp_mask) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 41dd01e8430c..2536d34df058 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4322,7 +4322,7 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align if (want_init_on_free() || want_init_on_alloc(flags)) memset((void *)p + size, 0, old_size - size); vm->requested_size = size; - kasan_poison_vmalloc(p + size, old_size - size); + kasan_vrealloc(p, old_size, size); return (void *)p; } @@ -4330,16 +4330,13 @@ void *vrealloc_node_align_noprof(const void *p, size_t size, unsigned long align * We already have the bytes available in the allocation; use them. */ if (size <= alloced_size) { - kasan_unpoison_vmalloc(p + old_size, size - old_size, - KASAN_VMALLOC_PROT_NORMAL | - KASAN_VMALLOC_VM_ALLOC | - KASAN_VMALLOC_KEEP_TAG); /* * No need to zero memory here, as unused memory will have * already been zeroed at initial allocation time or during * realloc shrink time. */ vm->requested_size = size; + kasan_vrealloc(p, old_size, size); return (void *)p; } -- 2.52.0

7 hours, 31 minutes

1
0
0 0

[PATCH v3] zstd: fixed possible 'rtbTable' underflow in FSE_normalizeCount()

by Ilya Krutskih

'rtbTable' may be underflowed because 'proba' is used without checking for a non-negative as index of rtbTable[]. Add check: proba >= 0 Cc: stable(a)vger.kernel.org # v5.10+ Fixes: e0c1b49f5b67 ("lib: zstd: Upgrade to latest upstream zstd version 1.4.10") Signed-off-by: Ilya Krutskih <devsec(a)tpz.ru> --- lib/zstd/compress/fse_compress.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/zstd/compress/fse_compress.c b/lib/zstd/compress/fse_compress.c index 44a3c10becf2..6b83f8bc943a 100644 --- a/lib/zstd/compress/fse_compress.c +++ b/lib/zstd/compress/fse_compress.c @@ -492,9 +492,10 @@ size_t FSE_normalizeCount (short* normalizedCounter, unsigned tableLog, stillToDistribute--; } else { short proba = (short)((count[s]*step) >> scale); - if (proba<8) { - U64 restToBeat = vStep * rtbTable[proba]; - proba += (count[s]*step) - ((U64)proba<<scale) > restToBeat; + if ((proba >= 0) && (proba < 8)) { + U64 restToBeat = vStep * rtbTable[proba]; + + proba += (count[s]*step) - ((U64)proba<<scale) > restToBeat; } if (proba > largestP) { largestP=proba; largest=s; } normalizedCounter[s] = proba; -- 2.43.0

7 hours, 48 minutes

2
1
0 0

[GIT PULL] gfs2 revert for 6.19-rc6

by Andreas Gruenbacher

Dear Linus, please consider pulling the following gfs2 revert for 6.19-rc6. I was originally assuming that there must be a bug in gfs2 because gfs2 chains bios in the opposite direction of what bio_chain_and_submit() expects. It turns out that the bio chains are set up in "reverse direction" intentionally so that the first bio's bi_end_io callback is invoked rather than the last bio's callback. We want the first bio's callback invoked for the following reason: The initial bio starts page aligned and covers one or more pages. When it terminates at a non-page-aligned offset, subsequent bios are added to handle the remaining portion of the final page. Upon completion of the bio chain, all affected pages need to be be marked as read, and only the first bio references all of these pages. Thanks, Andreas The following changes since commit 8f0b4cce4481fb22653697cced8d0d04027cb1e8: Linux 6.19-rc1 (2025-12-14 16:05:07 +1200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git tags/gfs2-for-6.19-rc6 for you to fetch changes up to 469d71512d135907bf5ea0972dfab8c420f57848: Revert "gfs2: Fix use of bio_chain" (2026-01-12 14:58:32 +0100) ---------------------------------------------------------------- gfs2 revert - Revert bad commit "gfs2: Fix use of bio_chain" ---------------------------------------------------------------- Andreas Gruenbacher (1): Revert "gfs2: Fix use of bio_chain" fs/gfs2/lops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

8 hours, 34 minutes

2
1
0 0

[PATCH v3 2/4] scripts/kernel-doc: avoid error_count overflows

by Mauro Carvalho Chehab

The glibc library limits the return code to 8 bits. We need to stick to this limit when using sys.exit(error_count). Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Cc: stable(a)vger.kernel.org --- scripts/kernel-doc.py | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/scripts/kernel-doc.py b/scripts/kernel-doc.py index 7a1eaf986bcd..5d2f29e90ebe 100755 --- a/scripts/kernel-doc.py +++ b/scripts/kernel-doc.py @@ -116,6 +116,8 @@ SRC_DIR = os.path.dirname(os.path.realpath(__file__)) sys.path.insert(0, os.path.join(SRC_DIR, LIB_DIR)) +WERROR_RETURN_CODE = 3 + DESC = """ Read C language source or header FILEs, extract embedded documentation comments, and print formatted documentation to standard output. @@ -176,7 +178,21 @@ class MsgFormatter(logging.Formatter): return logging.Formatter.format(self, record) def main(): - """Main program""" + """ + Main program + By default, the return value is: + + - 0: parsing warnings or Python version is not compatible with + kernel-doc. The rationale for the latter is to not break Linux + compilation on such cases; + + - 1: an abnormal condition happened; + + - 2: arparse issued an error; + + - 3: -Werror is used, and one or more unfiltered parse warnings + happened. + """ parser = argparse.ArgumentParser(formatter_class=argparse.RawTextHelpFormatter, description=DESC) @@ -323,16 +339,12 @@ def main(): if args.werror: print("%s warnings as errors" % error_count) # pylint: disable=C0209 - sys.exit(error_count) + sys.exit(WERROR_RETURN_CODE) if args.verbose: print("%s errors" % error_count) # pylint: disable=C0209 - if args.none: - sys.exit(0) - - sys.exit(error_count) - + sys.exit(0) # Call main method if __name__ == "__main__": -- 2.52.0

9 hours, 26 minutes

1
0
0 0

[PATCH v3 1/4] scripts/kernel-doc: fix logic to handle unissued warnings

by Mauro Carvalho Chehab

Changeset 469c1c9eb6c9 ("kernel-doc: Issue warnings that were silently discarded") didn't properly addressed the missing messages behavior, as it was calling directly python logger low-level function, instead of using the expected method to emit warnings. Basically, there are two methods to log messages: - self.config.log.warning() - This is the raw level to emit a warning. It just writes the a message at stderr, via python logging, as it is initialized as: self.config.log = logging.getLogger("kernel-doc") - self.config.warning() - This is where we actually consider a message as a warning, properly incrementing error count. Due to that, several parsing error messages are internally considered as success, causing -Werror to not work on such messages. While here, ensure that the last ignored entry will also be handled by adding an extra check at the end of the parse handler. Fixes: 469c1c9eb6c9 ("kernel-doc: Issue warnings that were silently discarded") Closes: https://lore.kernel.org/linux-doc/20260112091053.00cee29a@foz.lan/ Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Acked-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- tools/lib/python/kdoc/kdoc_parser.py | 31 ++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/tools/lib/python/kdoc/kdoc_parser.py b/tools/lib/python/kdoc/kdoc_parser.py index a9a37519145d..4ad7ce0b243e 100644 --- a/tools/lib/python/kdoc/kdoc_parser.py +++ b/tools/lib/python/kdoc/kdoc_parser.py @@ -448,18 +448,35 @@ class KernelDoc: self.config.log.debug("Output: %s:%s = %s", dtype, name, pformat(args)) + def emit_unused_warnings(self): + """ + When the parser fails to produce a valid entry, it places some + warnings under `entry.warnings` that will be discarded when resetting + the state. + + Ensure that those warnings are not lost. + + NOTE: Because we are calling `config.warning()` here, those + warnings are not filtered by the `-W` parameters: they will all + be produced even when `-Wreturn`, `-Wshort-desc`, and/or + `-Wcontents-before-sections` are used. + + Allowing those warnings to be filtered is complex, because it + would require storing them in a buffer and then filtering them + during the output step of the code, depending on the + selected symbols. + """ + if self.entry and self.entry not in self.entries: + for log_msg in self.entry.warnings: + self.config.warning(log_msg) + def reset_state(self, ln): """ Ancillary routine to create a new entry. It initializes all variables used by the state machine. """ - # - # Flush the warnings out before we proceed further - # - if self.entry and self.entry not in self.entries: - for log_msg in self.entry.warnings: - self.config.log.warning(log_msg) + self.emit_unused_warnings() self.entry = KernelEntry(self.config, self.fname, ln) @@ -1741,6 +1758,8 @@ class KernelDoc: # Hand this line to the appropriate state handler self.state_actions[self.state](self, ln, line) + self.emit_unused_warnings() + except OSError: self.config.log.error(f"Error: Cannot open file {self.fname}") -- 2.52.0

9 hours, 26 minutes

1
0
0 0

Re: Patch "gpiolib: rename GPIO chip printk macros" has been added to the 6.18-stable tree

by Bartosz Golaszewski

On Tue, Jan 13, 2026 at 5:42 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > gpiolib: rename GPIO chip printk macros > > to the 6.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gpiolib-rename-gpio-chip-printk-macros.patch > and it can be found in the queue-6.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > This is not a fix. I'd drop it from stable. Bart

9 hours, 59 minutes

1
0
0 0

Optimiza tu reclutamiento con PsicoSmart

by Valeria Pérez

Mejora tus contrataciones con PsicoSmart body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Evalúa talento de forma objetiva y mejora tus contrataciones con PsicoSmart. Hola, , ¿Te ha pasado que un candidato luce perfecto en entrevista, pero en el trabajo no encaja como esperabas? En selección, confiar solo en la percepción puede llevar a decisiones costosas. Por eso quiero presentarte PsicoSmart, una herramienta creada para que los equipos de Recursos Humanos tomen decisiones más objetivas y acertadas. Con PsicoSmart puedes: Aplicar 31 pruebas psicométricas que evalúan liderazgo, honestidad, comunicación e inteligencia. Validar conocimientos técnicos con más de 2,500 exámenes especializados. Supervisar la identidad de quien responde mediante captura fotográfica automática durante la evaluación. Gestionar todo desde una sola plataforma, accesible desde cualquier dispositivo. Si estás buscando mejorar tus contrataciones, podría ser una muy buena opción. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, -------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewiswqurseup">click aquí</a>

9 hours, 59 minutes

1
0
0 0

[PATCH v2] i2c: riic: Move suspend handling to NOIRQ phase

by Tommaso Merciai

Commit 53326135d0e0 ("i2c: riic: Add suspend/resume support") added suspend support for the Renesas I2C driver and following this change on RZ/G3E the following WARNING is seen on entering suspend ... [ 134.275704] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [ 134.285536] ------------[ cut here ]------------ [ 134.290298] i2c i2c-2: Transfer while suspended [ 134.295174] WARNING: drivers/i2c/i2c-core.h:56 at __i2c_smbus_xfer+0x1e4/0x214, CPU#0: systemd-sleep/388 [ 134.365507] Tainted: [W]=WARN [ 134.368485] Hardware name: Renesas SMARC EVK version 2 based on r9a09g047e57 (DT) [ 134.375961] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 134.382935] pc : __i2c_smbus_xfer+0x1e4/0x214 [ 134.387329] lr : __i2c_smbus_xfer+0x1e4/0x214 [ 134.391717] sp : ffff800083f23860 [ 134.395040] x29: ffff800083f23860 x28: 0000000000000000 x27: ffff800082ed5d60 [ 134.402226] x26: 0000001f4395fd74 x25: 0000000000000007 x24: 0000000000000001 [ 134.409408] x23: 0000000000000000 x22: 000000000000006f x21: ffff800083f23936 [ 134.416589] x20: ffff0000c090e140 x19: ffff0000c090e0d0 x18: 0000000000000006 [ 134.423771] x17: 6f63657320313030 x16: 2e30206465737061 x15: ffff800083f23280 [ 134.430953] x14: 0000000000000000 x13: ffff800082b16ce8 x12: 0000000000000f09 [ 134.438134] x11: 0000000000000503 x10: ffff800082b6ece8 x9 : ffff800082b16ce8 [ 134.445315] x8 : 00000000ffffefff x7 : ffff800082b6ece8 x6 : 80000000fffff000 [ 134.452495] x5 : 0000000000000504 x4 : 0000000000000000 x3 : 0000000000000000 [ 134.459672] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c9ee9e80 [ 134.466851] Call trace: [ 134.469311] __i2c_smbus_xfer+0x1e4/0x214 (P) [ 134.473715] i2c_smbus_xfer+0xbc/0x120 [ 134.477507] i2c_smbus_read_byte_data+0x4c/0x84 [ 134.482077] isl1208_i2c_read_time+0x44/0x178 [rtc_isl1208] [ 134.487703] isl1208_rtc_read_time+0x14/0x20 [rtc_isl1208] [ 134.493226] __rtc_read_time+0x44/0x88 [ 134.497012] rtc_read_time+0x3c/0x68 [ 134.500622] rtc_suspend+0x9c/0x170 The warning is triggered because I2C transfers can still be attempted while the controller is already suspended, due to inappropriate ordering of the system sleep callbacks. If the controller is autosuspended, there is no way to wake it up once runtime PM disabled (in suspend_late()). During system resume, the I2C controller will be available only after runtime PM is re-enabled (in resume_early()). However, this may be too late for some devices. Wake up the controller in the suspend() callback while runtime PM is still enabled. The I2C controller will remain available until the suspend_noirq() callback (pm_runtime_force_suspend()) is called. During resume, the I2C controller can be restored by the resume_noirq() callback (pm_runtime_force_resume()). Finally, the resume() callback re-enables autosuspend. As a result, the I2C controller can remain available until the system enters suspend_noirq() and from resume_noirq(). Cc: stable(a)vger.kernel.org Fixes: 53326135d0e0 ("i2c: riic: Add suspend/resume support") Signed-off-by: Tommaso Merciai <tommaso.merciai.xr(a)bp.renesas.com> --- v1->v2: - Taking as reference commit: 4262df2a69c3 ("i2c: imx-lpi2c: make controller available until the system enters suspend_noirq() and from resume_noirq().") reworked the patch with a similar approach. Updated commit body accordingly. drivers/i2c/busses/i2c-riic.c | 46 +++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/drivers/i2c/busses/i2c-riic.c b/drivers/i2c/busses/i2c-riic.c index 3e8f126cb7f7..9e3595b3623e 100644 --- a/drivers/i2c/busses/i2c-riic.c +++ b/drivers/i2c/busses/i2c-riic.c @@ -670,12 +670,39 @@ static const struct riic_of_data riic_rz_t2h_info = { static int riic_i2c_suspend(struct device *dev) { - struct riic_dev *riic = dev_get_drvdata(dev); - int ret; + /* + * Some I2C devices may need the I2C controller to remain active + * during resume_noirq() or suspend_noirq(). If the controller is + * autosuspended, there is no way to wake it up once runtime PM is + * disabled (in suspend_late()). + * + * During system resume, the I2C controller will be available only + * after runtime PM is re-enabled (in resume_early()). However, this + * may be too late for some devices. + * + * Wake up the controller in the suspend() callback while runtime PM + * is still enabled. The I2C controller will remain available until + * the suspend_noirq() callback (pm_runtime_force_suspend()) is + * called. During resume, the I2C controller can be restored by the + * resume_noirq() callback (pm_runtime_force_resume()). + * + * Finally, the resume() callback re-enables autosuspend, ensuring + * the I2C controller remains available until the system enters + * suspend_noirq() and from resume_noirq(). + */ + return pm_runtime_resume_and_get(dev); +} - ret = pm_runtime_resume_and_get(dev); - if (ret) - return ret; +static int riic_i2c_resume(struct device *dev) +{ + pm_runtime_put_autosuspend(dev); + + return 0; +} + +static int riic_i2c_suspend_noirq(struct device *dev) +{ + struct riic_dev *riic = dev_get_drvdata(dev); i2c_mark_adapter_suspended(&riic->adapter); @@ -683,12 +710,12 @@ static int riic_i2c_suspend(struct device *dev) riic_clear_set_bit(riic, ICCR1_ICE, 0, RIIC_ICCR1); pm_runtime_mark_last_busy(dev); - pm_runtime_put_sync(dev); + pm_runtime_force_suspend(dev); return reset_control_assert(riic->rstc); } -static int riic_i2c_resume(struct device *dev) +static int riic_i2c_resume_noirq(struct device *dev) { struct riic_dev *riic = dev_get_drvdata(dev); int ret; @@ -697,6 +724,10 @@ static int riic_i2c_resume(struct device *dev) if (ret) return ret; + ret = pm_runtime_force_resume(dev); + if (ret) + return ret; + ret = riic_init_hw(riic); if (ret) { /* @@ -714,6 +745,7 @@ static int riic_i2c_resume(struct device *dev) } static const struct dev_pm_ops riic_i2c_pm_ops = { + NOIRQ_SYSTEM_SLEEP_PM_OPS(riic_i2c_suspend_noirq, riic_i2c_resume_noirq) SYSTEM_SLEEP_PM_OPS(riic_i2c_suspend, riic_i2c_resume) }; -- 2.43.0

10 hours, 32 minutes

3
3
0 0

[PATCH] clk: mediatek: Drop __initconst from gates

by Sjoerd Simons

Since commit 8ceff24a754a ("clk: mediatek: clk-gate: Refactor mtk_clk_register_gate to use mtk_gate struct") the mtk_gate structs are no longer just used for initialization/registration, but also at runtime. So drop __initconst annotations. Fixes: 8ceff24a754a ("clk: mediatek: clk-gate: Refactor mtk_clk_register_gate to use mtk_gate struct") Signed-off-by: Sjoerd Simons <sjoerd(a)collabora.com> --- drivers/clk/mediatek/clk-mt7981-eth.c | 6 +++--- drivers/clk/mediatek/clk-mt8516.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/clk/mediatek/clk-mt7981-eth.c b/drivers/clk/mediatek/clk-mt7981-eth.c index 906aec9ddff5..0655ebb6c561 100644 --- a/drivers/clk/mediatek/clk-mt7981-eth.c +++ b/drivers/clk/mediatek/clk-mt7981-eth.c @@ -31,7 +31,7 @@ static const struct mtk_gate_regs sgmii0_cg_regs = { .ops = &mtk_clk_gate_ops_no_setclr_inv, \ } -static const struct mtk_gate sgmii0_clks[] __initconst = { +static const struct mtk_gate sgmii0_clks[] = { GATE_SGMII0(CLK_SGM0_TX_EN, "sgm0_tx_en", "usb_tx250m", 2), GATE_SGMII0(CLK_SGM0_RX_EN, "sgm0_rx_en", "usb_eq_rx250m", 3), GATE_SGMII0(CLK_SGM0_CK0_EN, "sgm0_ck0_en", "usb_ln0", 4), @@ -53,7 +53,7 @@ static const struct mtk_gate_regs sgmii1_cg_regs = { .ops = &mtk_clk_gate_ops_no_setclr_inv, \ } -static const struct mtk_gate sgmii1_clks[] __initconst = { +static const struct mtk_gate sgmii1_clks[] = { GATE_SGMII1(CLK_SGM1_TX_EN, "sgm1_tx_en", "usb_tx250m", 2), GATE_SGMII1(CLK_SGM1_RX_EN, "sgm1_rx_en", "usb_eq_rx250m", 3), GATE_SGMII1(CLK_SGM1_CK1_EN, "sgm1_ck1_en", "usb_ln0", 4), @@ -75,7 +75,7 @@ static const struct mtk_gate_regs eth_cg_regs = { .ops = &mtk_clk_gate_ops_no_setclr_inv, \ } -static const struct mtk_gate eth_clks[] __initconst = { +static const struct mtk_gate eth_clks[] = { GATE_ETH(CLK_ETH_FE_EN, "eth_fe_en", "netsys_2x", 6), GATE_ETH(CLK_ETH_GP2_EN, "eth_gp2_en", "sgm_325m", 7), GATE_ETH(CLK_ETH_GP1_EN, "eth_gp1_en", "sgm_325m", 8), diff --git a/drivers/clk/mediatek/clk-mt8516.c b/drivers/clk/mediatek/clk-mt8516.c index 21eb052b0a53..342a59019fea 100644 --- a/drivers/clk/mediatek/clk-mt8516.c +++ b/drivers/clk/mediatek/clk-mt8516.c @@ -544,7 +544,7 @@ static const struct mtk_gate_regs top5_cg_regs = { #define GATE_TOP5(_id, _name, _parent, _shift) \ GATE_MTK(_id, _name, _parent, &top5_cg_regs, _shift, &mtk_clk_gate_ops_setclr) -static const struct mtk_gate top_clks[] __initconst = { +static const struct mtk_gate top_clks[] = { /* TOP1 */ GATE_TOP1(CLK_TOP_THEM, "them", "ahb_infra_sel", 1), GATE_TOP1(CLK_TOP_APDMA, "apdma", "ahb_infra_sel", 2), --- base-commit: b927546677c876e26eba308550207c2ddf812a43 change-id: 20251223-mtk-gate-a98133ab80c9 Best regards, -- Sjoerd Simons <sjoerd(a)collabora.com>

10 hours, 32 minutes

4
3
0 0

[tip: x86/urgent] x86/resctrl: Add missing resctrl initialization for Hygon

by tip-bot2 for Xiaochen Shen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 6ee98aabdc700b5705e4f1833e2edc82a826b53b Gitweb: https://git.kernel.org/tip/6ee98aabdc700b5705e4f1833e2edc82a826b53b Author: Xiaochen Shen <shenxiaochen(a)open-hieco.net> AuthorDate: Tue, 09 Dec 2025 14:26:49 +08:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Tue, 13 Jan 2026 16:20:01 +01:00 x86/resctrl: Add missing resctrl initialization for Hygon Hygon CPUs supporting Platform QoS features currently undergo partial resctrl initialization through resctrl_cpu_detect() in the Hygon BSP init helper and AMD/Hygon common initialization code. However, several critical data structures remain uninitialized for Hygon CPUs in the following paths: - get_mem_config()-> __rdt_get_mem_config_amd(): rdt_resource::membw,alloc_capable hw_res::num_closid - rdt_init_res_defs()->rdt_init_res_defs_amd(): rdt_resource::cache hw_res::msr_base,msr_update Add the missing AMD/Hygon common initialization to ensure proper Platform QoS functionality on Hygon CPUs. Fixes: d8df126349da ("x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper") Signed-off-by: Xiaochen Shen <shenxiaochen(a)open-hieco.net> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251209062650.1536952-2-shenxiaochen@open-hieco.n… --- arch/x86/kernel/cpu/resctrl/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/resctrl/core.c b/arch/x86/kernel/cpu/resctrl/core.c index 3792ab4..10de159 100644 --- a/arch/x86/kernel/cpu/resctrl/core.c +++ b/arch/x86/kernel/cpu/resctrl/core.c @@ -825,7 +825,8 @@ static __init bool get_mem_config(void) if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) return __get_mem_config_intel(&hw_res->r_resctrl); - else if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) + else if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD || + boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) return __rdt_get_mem_config_amd(&hw_res->r_resctrl); return false; @@ -987,7 +988,8 @@ static __init void rdt_init_res_defs(void) { if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) rdt_init_res_defs_intel(); - else if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) + else if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD || + boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) rdt_init_res_defs_amd(); }

10 hours, 32 minutes

1
0
0 0

[tip: x86/urgent] x86/resctrl: Fix memory bandwidth counter width for Hygon

by tip-bot2 for Xiaochen Shen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 7517e899e1b87b4c22a92c7e40d8733c48e4ec3c Gitweb: https://git.kernel.org/tip/7517e899e1b87b4c22a92c7e40d8733c48e4ec3c Author: Xiaochen Shen <shenxiaochen(a)open-hieco.net> AuthorDate: Tue, 09 Dec 2025 14:26:50 +08:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Tue, 13 Jan 2026 16:44:26 +01:00 x86/resctrl: Fix memory bandwidth counter width for Hygon The memory bandwidth calculation relies on reading the hardware counter and measuring the delta between samples. To ensure accurate measurement, the software reads the counter frequently enough to prevent it from rolling over twice between reads. The default Memory Bandwidth Monitoring (MBM) counter width is 24 bits. Hygon CPUs provide a 32-bit width counter, but they do not support the MBM capability CPUID leaf (0xF.[ECX=1]:EAX) to report the width offset (from 24 bits). Consequently, the kernel falls back to the 24-bit default counter width, which causes incorrect overflow handling on Hygon CPUs. Fix this by explicitly setting the counter width offset to 8 bits (resulting in a 32-bit total counter width) for Hygon CPUs. Fixes: d8df126349da ("x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper") Signed-off-by: Xiaochen Shen <shenxiaochen(a)open-hieco.net> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251209062650.1536952-3-shenxiaochen@open-hieco.n… --- arch/x86/kernel/cpu/resctrl/core.c | 15 +++++++++++++-- arch/x86/kernel/cpu/resctrl/internal.h | 3 +++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/resctrl/core.c b/arch/x86/kernel/cpu/resctrl/core.c index 10de159..6ebff44 100644 --- a/arch/x86/kernel/cpu/resctrl/core.c +++ b/arch/x86/kernel/cpu/resctrl/core.c @@ -1021,8 +1021,19 @@ void resctrl_cpu_detect(struct cpuinfo_x86 *c) c->x86_cache_occ_scale = ebx; c->x86_cache_mbm_width_offset = eax & 0xff; - if (c->x86_vendor == X86_VENDOR_AMD && !c->x86_cache_mbm_width_offset) - c->x86_cache_mbm_width_offset = MBM_CNTR_WIDTH_OFFSET_AMD; + if (!c->x86_cache_mbm_width_offset) { + switch (c->x86_vendor) { + case X86_VENDOR_AMD: + c->x86_cache_mbm_width_offset = MBM_CNTR_WIDTH_OFFSET_AMD; + break; + case X86_VENDOR_HYGON: + c->x86_cache_mbm_width_offset = MBM_CNTR_WIDTH_OFFSET_HYGON; + break; + default: + /* Leave c->x86_cache_mbm_width_offset as 0 */ + break; + } + } } } diff --git a/arch/x86/kernel/cpu/resctrl/internal.h b/arch/x86/kernel/cpu/resctrl/internal.h index 4a916c8..79c1865 100644 --- a/arch/x86/kernel/cpu/resctrl/internal.h +++ b/arch/x86/kernel/cpu/resctrl/internal.h @@ -14,6 +14,9 @@ #define MBM_CNTR_WIDTH_OFFSET_AMD 20 +/* Hygon MBM counter width as an offset from MBM_CNTR_WIDTH_BASE */ +#define MBM_CNTR_WIDTH_OFFSET_HYGON 8 + #define RMID_VAL_ERROR BIT_ULL(63) #define RMID_VAL_UNAVAIL BIT_ULL(62)

10 hours, 32 minutes

1
0
0 0

[PATCH v8 2/2] PCI: dwc: Don't return error when wait for link up in dw_pcie_resume_noirq()

by Richard Zhu

When waiting for the PCIe link to come up, both link up and link down are valid results depending on the device state. Since the link may come up later and to get rid of the following mis-reported PM errors. Do not return an -ETIMEDOUT error, as the outcome has already been reported in dw_pcie_wait_for_link(). PM error logs introduced by the -ETIMEDOUT error return. imx6q-pcie 33800000.pcie: Phy link never came up imx6q-pcie 33800000.pcie: PM: dpm_run_callback(): genpd_resume_noirq returns -110 imx6q-pcie 33800000.pcie: PM: failed to resume noirq: error -110 Cc: stable(a)vger.kernel.org Fixes: 4774faf854f5 ("PCI: dwc: Implement generic suspend/resume functionality") Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pcie-designware-host.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c index 06cbfd9e1f1e..025e11ebd571 100644 --- a/drivers/pci/controller/dwc/pcie-designware-host.c +++ b/drivers/pci/controller/dwc/pcie-designware-host.c @@ -1245,10 +1245,9 @@ int dw_pcie_resume_noirq(struct dw_pcie *pci) if (ret) return ret; - ret = dw_pcie_wait_for_link(pci); - if (ret) - return ret; + /* Ignore errors, the link may come up later */ + dw_pcie_wait_for_link(pci); - return ret; + return 0; } EXPORT_SYMBOL_GPL(dw_pcie_resume_noirq); -- 2.37.1

11 hours, 16 minutes

2
1
0 0

[PATCH v8 1/2] PCI: dwc: Don't poll L2 if QUIRK_NOL2POLL_IN_PM is existing in suspend

by Richard Zhu

Refer to PCIe r6.0, sec 5.2, fig 5-1 Link Power Management State Flow Diagram. Both L0 and L2/L3 Ready can be transferred to LDn directly. It's harmless to let dw_pcie_suspend_noirq() proceed suspend after the PME_Turn_Off is sent out, whatever the LTSSM state is in L2 or L3 after a recommended 10ms max wait refer to PCIe r6.0, sec 5.3.3.2.1 PME Synchronization. The LTSSM states are inaccessible on i.MX6QP and i.MX7D after the PME_Turn_Off is sent out. To support this case, don't poll L2 state and apply a simple delay of PCIE_PME_TO_L2_TIMEOUT_US(10ms) if the QUIRK_NOL2POLL_IN_PM flag is set in suspend. Cc: stable(a)vger.kernel.org Fixes: 4774faf854f5 ("PCI: dwc: Implement generic suspend/resume functionality") Fixes: a528d1a72597 ("PCI: imx6: Use DWC common suspend resume method") Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pci-imx6.c | 4 +++ .../pci/controller/dwc/pcie-designware-host.c | 34 +++++++++++++------ drivers/pci/controller/dwc/pcie-designware.h | 4 +++ 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 4668fc9648bf..d84bfcd1079c 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -125,6 +125,7 @@ struct imx_pcie_drvdata { enum imx_pcie_variants variant; enum dw_pcie_device_mode mode; u32 flags; + u32 quirk; int dbi_length; const char *gpr; const u32 ltssm_off; @@ -1765,6 +1766,7 @@ static int imx_pcie_probe(struct platform_device *pdev) if (ret) return ret; + pci->quirk_flag = imx_pcie->drvdata->quirk; pci->use_parent_dt_ranges = true; if (imx_pcie->drvdata->mode == DW_PCIE_EP_TYPE) { ret = imx_add_pcie_ep(imx_pcie, pdev); @@ -1849,6 +1851,7 @@ static const struct imx_pcie_drvdata drvdata[] = { .enable_ref_clk = imx6q_pcie_enable_ref_clk, .core_reset = imx6qp_pcie_core_reset, .ops = &imx_pcie_host_ops, + .quirk = QUIRK_NOL2POLL_IN_PM, }, [IMX7D] = { .variant = IMX7D, @@ -1860,6 +1863,7 @@ static const struct imx_pcie_drvdata drvdata[] = { .mode_mask[0] = IMX6Q_GPR12_DEVICE_TYPE, .enable_ref_clk = imx7d_pcie_enable_ref_clk, .core_reset = imx7d_pcie_core_reset, + .quirk = QUIRK_NOL2POLL_IN_PM, }, [IMX8MQ] = { .variant = IMX8MQ, diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c index 43d091128ef7..06cbfd9e1f1e 100644 --- a/drivers/pci/controller/dwc/pcie-designware-host.c +++ b/drivers/pci/controller/dwc/pcie-designware-host.c @@ -1179,15 +1179,29 @@ int dw_pcie_suspend_noirq(struct dw_pcie *pci) return ret; } - ret = read_poll_timeout(dw_pcie_get_ltssm, val, - val == DW_PCIE_LTSSM_L2_IDLE || - val <= DW_PCIE_LTSSM_DETECT_WAIT, - PCIE_PME_TO_L2_TIMEOUT_US/10, - PCIE_PME_TO_L2_TIMEOUT_US, false, pci); - if (ret) { - /* Only log message when LTSSM isn't in DETECT or POLL */ - dev_err(pci->dev, "Timeout waiting for L2 entry! LTSSM: 0x%x\n", val); - return ret; + if (dwc_quirk(pci, QUIRK_NOL2POLL_IN_PM)) { + /* + * Add the QUIRK_NOL2_POLL_IN_PM case to avoid the read hang, + * when LTSSM is not powered in L2/L3/LDn properly. + * + * Refer to PCIe r6.0, sec 5.2, fig 5-1 Link Power Management + * State Flow Diagram. Both L0 and L2/L3 Ready can be + * transferred to LDn directly. On the LTSSM states poll broken + * platforms, add a max 10ms delay refer to PCIe r6.0, + * sec 5.3.3.2.1 PME Synchronization. + */ + mdelay(PCIE_PME_TO_L2_TIMEOUT_US/1000); + } else { + ret = read_poll_timeout(dw_pcie_get_ltssm, val, + val == DW_PCIE_LTSSM_L2_IDLE || + val <= DW_PCIE_LTSSM_DETECT_WAIT, + PCIE_PME_TO_L2_TIMEOUT_US/10, + PCIE_PME_TO_L2_TIMEOUT_US, false, pci); + if (ret) { + /* Only log message when LTSSM isn't in DETECT or POLL */ + dev_err(pci->dev, "Timeout waiting for L2 entry! LTSSM: 0x%x\n", val); + return ret; + } } /* @@ -1204,7 +1218,7 @@ int dw_pcie_suspend_noirq(struct dw_pcie *pci) pci->suspended = true; - return ret; + return 0; } EXPORT_SYMBOL_GPL(dw_pcie_suspend_noirq); diff --git a/drivers/pci/controller/dwc/pcie-designware.h b/drivers/pci/controller/dwc/pcie-designware.h index 31685951a080..dd760c17bdcc 100644 --- a/drivers/pci/controller/dwc/pcie-designware.h +++ b/drivers/pci/controller/dwc/pcie-designware.h @@ -305,6 +305,9 @@ /* Default eDMA LLP memory size */ #define DMA_LLP_MEM_SIZE PAGE_SIZE +#define QUIRK_NOL2POLL_IN_PM BIT(0) +#define dwc_quirk(pci, val) (pci->quirk_flag & val) + struct dw_pcie; struct dw_pcie_rp; struct dw_pcie_ep; @@ -520,6 +523,7 @@ struct dw_pcie { const struct dw_pcie_ops *ops; u32 version; u32 type; + u32 quirk_flag; unsigned long caps; int num_lanes; int max_link_speed; -- 2.37.1

11 hours, 19 minutes

2
1
0 0

[PATCH] USB: serial: ftdi_sio: add support for PICAXE AXE027 cable

by Ethan Nelson-Moore

The vendor provides instructions to write "0403 bd90" to /sys/bus/usb-serial/drivers/ftdi_sio/new_id; see: https://picaxe.com/docs/picaxe_linux_instructions.pdf Cc: stable(a)vger.kernel.org Signed-off-by: Ethan Nelson-Moore <enelsonmoore(a)gmail.com> --- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 2 ++ 2 files changed, 3 insertions(+) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index fe2f21d85737..acb48b1c83f7 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -848,6 +848,7 @@ static const struct usb_device_id id_table_combined[] = { { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, LMI_LM3S_DEVEL_BOARD_PID, 1) }, { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, LMI_LM3S_EVAL_BOARD_PID, 1) }, { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, LMI_LM3S_ICDI_BOARD_PID, 1) }, + { USB_DEVICE(FTDI_VID, FTDI_AXE027_PID) }, { USB_DEVICE_INTERFACE_NUMBER(FTDI_VID, FTDI_TURTELIZER_PID, 1) }, { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_USB60F) }, { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_SCU18) }, diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h index 2539b9e2f712..6c76cfebfd0e 100644 --- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -96,6 +96,8 @@ #define LMI_LM3S_EVAL_BOARD_PID 0xbcd9 #define LMI_LM3S_ICDI_BOARD_PID 0xbcda +#define FTDI_AXE027_PID 0xBD90 /* PICAXE AXE027 USB download cable */ + #define FTDI_TURTELIZER_PID 0xBDC8 /* JTAG/RS-232 adapter by egnite GmbH */ /* OpenDCC (www.opendcc.de) product id */ -- 2.43.0

11 hours, 56 minutes

2
1
0 0

[PATCH v3] misc: fastrpc: check qcom_scm_assign_mem() return in rpmsg_probe

by Xingjing Deng

In the SDSP probe path, qcom_scm_assign_mem() is used to assign the reserved memory to the configured VMIDs, but its return value was not checked. Fail the probe if the SCM call fails to avoid continuing with an unexpected/incorrect memory permission configuration Fixes: c3c0363bc72d4 ("misc: fastrpc: support complete DMA pool access to the DSP") Cc: stable(a)vger.kernel.org # 6.11-rc1 Signed-off-by: Xingjing Deng <xjdeng(a)buaa.edu.cn> --- v3: - Add missing linux-kernel(a)vger.kernel.org to cc list. - Standarlize changelog placement/format. v2: - Add Fixes: and Cc: stable tags. Link: https://lore.kernel.org/linux-arm-msm/20260113063618.e2ke47gy3hnfi67e@hu-mo… Link: https://lore.kernel.org/linux-arm-msm/20260113022550.4029635-1-xjdeng@buaa.… drivers/misc/fastrpc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index fb3b54e05928..cbb12db110b3 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -2338,8 +2338,13 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev) if (!err) { src_perms = BIT(QCOM_SCM_VMID_HLOS); - qcom_scm_assign_mem(res.start, resource_size(&res), &src_perms, + err = qcom_scm_assign_mem(res.start, resource_size(&res), &src_perms, data->vmperms, data->vmcount); + if (err) { + dev_err(rdev, "Failed to assign memory phys 0x%llx size 0x%llx err %d", + res.start, resource_size(&res), err); + goto err_free_data; + } } } -- 2.25.1

12 hours, 11 minutes

2
2
0 0

[PATCH v4] misc: fastrpc: check qcom_scm_assign_mem() return in rpmsg_probe

by Xingjing Deng

In the SDSP probe path, qcom_scm_assign_mem() is used to assign the reserved memory to the configured VMIDs, but its return value was not checked. Fail the probe if the SCM call fails to avoid continuing with an unexpected/incorrect memory permission configuration Fixes: c3c0363bc72d4 ("misc: fastrpc: support complete DMA pool access to the DSP") Cc: stable(a)vger.kernel.org # 6.11-rc1 Signed-off-by: Xingjing Deng <xjdeng(a)buaa.edu.cn> --- v4: - Format the indentation - Link to v3: https://lore.kernel.org/linux-arm-msm/20260113084352.72itrloj5w7qb5o3@hu-mo… v3: - Add missing linux-kernel(a)vger.kernel.org to cc list. - Standarlize changelog placement/format. - Link to v2: https://lore.kernel.org/linux-arm-msm/20260113063618.e2ke47gy3hnfi67e@hu-mo… v2: - Add Fixes: and Cc: stable tags. - Link to v1: https://lore.kernel.org/linux-arm-msm/20260113022550.4029635-1-xjdeng@buaa.… Signed-off-by: Xingjing Deng <xjdeng(a)buaa.edu.cn> --- drivers/misc/fastrpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index cbb12db110b3..9c41b51d80ee 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -2339,10 +2339,10 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev) src_perms = BIT(QCOM_SCM_VMID_HLOS); err = qcom_scm_assign_mem(res.start, resource_size(&res), &src_perms, - data->vmperms, data->vmcount); + data->vmperms, data->vmcount); if (err) { dev_err(rdev, "Failed to assign memory phys 0x%llx size 0x%llx err %d", - res.start, resource_size(&res), err); + res.start, resource_size(&res), err); goto err_free_data; } } -- 2.25.1

12 hours, 12 minutes

1
0
0 0

[PATCHv2] null_blk: fix kmemleak by releasing references to fault configfs items

by Nilay Shroff

When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example: unreferenced object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group. Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Kulkarni <kch(a)nvidia.com> Fixes: bb4c19e030f4 ("block: null_blk: make fault-injection dynamically configurable per device") Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> --- v1->v2: - Added fixes, stable abd reviewed-by tags --- drivers/block/null_blk/main.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c index c7c0fb79a6bf..4c0632ab4e1b 100644 --- a/drivers/block/null_blk/main.c +++ b/drivers/block/null_blk/main.c @@ -665,12 +665,22 @@ static void nullb_add_fault_config(struct nullb_device *dev) configfs_add_default_group(&dev->init_hctx_fault_config.group, &dev->group); } +static void nullb_del_fault_config(struct nullb_device *dev) +{ + config_item_put(&dev->init_hctx_fault_config.group.cg_item); + config_item_put(&dev->requeue_config.group.cg_item); + config_item_put(&dev->timeout_config.group.cg_item); +} + #else static void nullb_add_fault_config(struct nullb_device *dev) { } +static void nullb_del_fault_config(struct nullb_device *dev) +{ +} #endif static struct @@ -702,7 +712,7 @@ nullb_group_drop_item(struct config_group *group, struct config_item *item) null_del_dev(dev->nullb); mutex_unlock(&lock); } - + nullb_del_fault_config(dev); config_item_put(item); } -- 2.52.0

12 hours, 19 minutes

2
1
0 0

Performance regressions introduced via Revert "cpuidle: menu: Avoid discarding useful information" on 5.15 LTS

by Harshvardhan Jha

Hi there, While running performance benchmarks for the 5.15.196 LTS tags , it was observed that several regressions across different benchmarks is being introduced when compared to the previous 5.15.193 kernel tag. Running an automated bisect on both of them narrowed down the culprit commit to: - 5666bcc3c00f7 Revert "cpuidle: menu: Avoid discarding useful information" for 5.15 Regressions on 5.15.196 include: -9.3% : Phoronix pts/sqlite using 2 processes on OnPrem X6-2 -6.3% : Phoronix system/sqlite on OnPrem X6-2 -18% : rds-stress -M 1 (readonly rdma-mode) metrics with 1 depth & 1 thread & 1M buffer size on OnPrem X6-2 -4 -> -8% : rds-stress -M 2 (writeonly rdma-mode) metrics with 1 depth & 1 thread & 1M buffer size on OnPrem X6-2 Up to -30% : Some Netpipe metrics on OnPrem X5-2 The culprit commits' messages mention that these reverts were done due to performance regressions introduced in Intel Jasper Lake systems but this revert is causing issues in other systems unfortunately. I wanted to know the maintainers' opinion on how we should proceed in order to fix this. If we reapply it'll bring back the previous regressions on Jasper Lake systems and if we don't revert it then it's stuck with current regressions. If this problem has been reported before and a fix is in the works then please let me know I shall follow developments to that mail thread. Thanks & Regards, Harshvardhan

12 hours, 28 minutes

4
7
0 0

[PATCH v2 0/4] fs: add immutable rootfs

by Christian Brauner

Currently pivot_root() doesn't work on the real rootfs because it cannot be unmounted. Userspace has to do a recursive removal of the initramfs contents manually before continuing the boot. Really all we want from the real rootfs is to serve as the parent mount for anything that is actually useful such as the tmpfs or ramfs for initramfs unpacking or the rootfs itself. There's no need for the real rootfs to actually be anything meaningful or useful. Add a immutable rootfs called "nullfs" that can be selected via the "nullfs_rootfs" kernel command line option. The kernel will mount a tmpfs/ramfs on top of it, unpack the initramfs and fire up userspace which mounts the rootfs and can then just do: chdir(rootfs); pivot_root(".", "."); umount2(".", MNT_DETACH); and be done with it. (Ofc, userspace can also choose to retain the initramfs contents by using something like pivot_root(".", "/initramfs") without unmounting it.) Technically this also means that the rootfs mount in unprivileged namespaces doesn't need to become MNT_LOCKED anymore as it's guaranteed that the immutable rootfs remains permanently empty so there cannot be anything revealed by unmounting the covering mount. In the future this will also allow us to create completely empty mount namespaces without risking to leak anything. systemd already handles this all correctly as it tries to pivot_root() first and falls back to MS_MOVE only when that fails. This goes back to various discussion in previous years and a LPC 2024 presentation about this very topic. Now in vfs-7.0.nullfs. Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- Changes in v2: - Rename to "nullfs". - Update documentation. - Link to v1: https://patch.msgid.link/20260102-work-immutable-rootfs-v1-0-f2073b2d1602@k… --- Christian Brauner (4): fs: ensure that internal tmpfs mount gets mount id zero fs: add init_pivot_root() fs: add immutable rootfs docs: mention nullfs .../filesystems/ramfs-rootfs-initramfs.rst | 32 +++- fs/Makefile | 2 +- fs/init.c | 17 ++ fs/internal.h | 1 + fs/mount.h | 1 + fs/namespace.c | 181 ++++++++++++++------- fs/nullfs.c | 70 ++++++++ include/linux/init_syscalls.h | 1 + include/uapi/linux/magic.h | 1 + init/do_mounts.c | 14 ++ init/do_mounts.h | 1 + 11 files changed, 254 insertions(+), 67 deletions(-) --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20260102-work-immutable-rootfs-b5f23e0f5a27

12 hours, 29 minutes

2
3
0 0

[PATCH] drm/gud: fix NULL fb and crtc dereferences on USB disconnect

by Shenghao Yang

On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every display disconnect. Add guards for those dereferences. Cc: <stable(a)vger.kernel.org> # 6.18.x Signed-off-by: Shenghao Yang <me(a)shenghaoyang.info> --- drivers/gpu/drm/gud/gud_pipe.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/gud/gud_pipe.c b/drivers/gpu/drm/gud/gud_pipe.c index 76d77a736d84..4b77be94348d 100644 --- a/drivers/gpu/drm/gud/gud_pipe.c +++ b/drivers/gpu/drm/gud/gud_pipe.c @@ -457,27 +457,20 @@ int gud_plane_atomic_check(struct drm_plane *plane, struct drm_plane_state *old_plane_state = drm_atomic_get_old_plane_state(state, plane); struct drm_plane_state *new_plane_state = drm_atomic_get_new_plane_state(state, plane); struct drm_crtc *crtc = new_plane_state->crtc; - struct drm_crtc_state *crtc_state; + struct drm_crtc_state *crtc_state = NULL; const struct drm_display_mode *mode; struct drm_framebuffer *old_fb = old_plane_state->fb; struct drm_connector_state *connector_state = NULL; struct drm_framebuffer *fb = new_plane_state->fb; - const struct drm_format_info *format = fb->format; + const struct drm_format_info *format; struct drm_connector *connector; unsigned int i, num_properties; struct gud_state_req *req; int idx, ret; size_t len; - if (drm_WARN_ON_ONCE(plane->dev, !fb)) - return -EINVAL; - - if (drm_WARN_ON_ONCE(plane->dev, !crtc)) - return -EINVAL; - - crtc_state = drm_atomic_get_new_crtc_state(state, crtc); - - mode = &crtc_state->mode; + if (crtc) + crtc_state = drm_atomic_get_new_crtc_state(state, crtc); ret = drm_atomic_helper_check_plane_state(new_plane_state, crtc_state, DRM_PLANE_NO_SCALING, @@ -492,6 +485,9 @@ int gud_plane_atomic_check(struct drm_plane *plane, if (old_plane_state->rotation != new_plane_state->rotation) crtc_state->mode_changed = true; + mode = &crtc_state->mode; + format = fb->format; + if (old_fb && old_fb->format != format) crtc_state->mode_changed = true; @@ -598,7 +594,7 @@ void gud_plane_atomic_update(struct drm_plane *plane, struct drm_atomic_helper_damage_iter iter; int ret, idx; - if (crtc->state->mode_changed || !crtc->state->enable) { + if (!crtc || crtc->state->mode_changed || !crtc->state->enable) { cancel_work_sync(&gdrm->work); mutex_lock(&gdrm->damage_lock); if (gdrm->fb) { -- 2.52.0

12 hours, 41 minutes

3
9
0 0

[PATCH v2] mm/kfence: add reboot notifier to disable KFENCE on shutdown

by Breno Leitao

During system shutdown, KFENCE can cause IPI synchronization issues if it remains active through the reboot process. To prevent this, register a reboot notifier that disables KFENCE and cancels any pending timer work early in the shutdown sequence. This is only necessary when CONFIG_KFENCE_STATIC_KEYS is enabled, as this configuration sends IPIs that can interfere with shutdown. Without static keys, no IPIs are generated and KFENCE can safely remain active. The notifier uses maximum priority (INT_MAX) to ensure KFENCE shuts down before other subsystems that might still depend on stable memory allocation behavior. This fixes a late kexec CSD lockup[1] when kfence is trying to IPI a CPU that is busy in a IRQ-disabled context printing characters to the console. Link: https://lore.kernel.org/all/sqwajvt7utnt463tzxgwu2yctyn5m6bjwrslsnupfexeml6… [1] Cc: stable(a)vger.kernel.org Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Marco Elver <elver(a)google.com> Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure") --- Changes in v2: - Adding Fixes: tag and CCing stable (akpm) - Link to v1: https://patch.msgid.link/20251126-kfence-v1-1-5a6e1d7c681c@debian.org --- mm/kfence/core.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 727c20c94ac5..162a026871ab 100644 --- a/mm/kfence/core.c +++ b/mm/kfence/core.c @@ -26,6 +26,7 @@ #include <linux/panic_notifier.h> #include <linux/random.h> #include <linux/rcupdate.h> +#include <linux/reboot.h> #include <linux/sched/clock.h> #include <linux/seq_file.h> #include <linux/slab.h> @@ -820,6 +821,25 @@ static struct notifier_block kfence_check_canary_notifier = { static struct delayed_work kfence_timer; #ifdef CONFIG_KFENCE_STATIC_KEYS +static int kfence_reboot_callback(struct notifier_block *nb, + unsigned long action, void *data) +{ + /* + * Disable kfence to avoid static keys IPI synchronization during + * late shutdown/kexec + */ + WRITE_ONCE(kfence_enabled, false); + /* Cancel any pending timer work */ + cancel_delayed_work_sync(&kfence_timer); + + return NOTIFY_OK; +} + +static struct notifier_block kfence_reboot_notifier = { + .notifier_call = kfence_reboot_callback, + .priority = INT_MAX, /* Run early to stop timers ASAP */ +}; + /* Wait queue to wake up allocation-gate timer task. */ static DECLARE_WAIT_QUEUE_HEAD(allocation_wait); @@ -901,6 +921,10 @@ static void kfence_init_enable(void) if (kfence_check_on_panic) atomic_notifier_chain_register(&panic_notifier_list, &kfence_check_canary_notifier); +#ifdef CONFIG_KFENCE_STATIC_KEYS + register_reboot_notifier(&kfence_reboot_notifier); +#endif + WRITE_ONCE(kfence_enabled, true); queue_delayed_work(system_unbound_wq, &kfence_timer, 0); --- base-commit: ab084f0b8d6d2ee4b1c6a28f39a2a7430bdfa7f0 change-id: 20251126-kfence-42c93f9b3979 Best regards, -- Breno Leitao <leitao(a)debian.org>

12 hours, 44 minutes

2
1
0 0

[PATCH v2] xfs: set max_agbno to allow sparse alloc of last full inode chunk

by Brian Foster

Sparse inode cluster allocation sets min/max agbno values to avoid allocating an inode cluster that might map to an invalid inode chunk. For example, we can't have an inode record mapped to agbno 0 or that extends past the end of a runt AG of misaligned size. The initial calculation of max_agbno is unnecessarily conservative, however. This has triggered a corner case allocation failure where a small runt AG (i.e. 2063 blocks) is mostly full save for an extent to the EOFS boundary: [2050,13]. max_agbno is set to 2048 in this case, which happens to be the offset of the last possible valid inode chunk in the AG. In practice, we should be able to allocate the 4-block cluster at agbno 2052 to map to the parent inode record at agbno 2048, but the max_agbno value precludes it. Note that this can result in filesystem shutdown via dirty trans cancel on stable kernels prior to commit 9eb775968b68 ("xfs: walk all AGs if TRYLOCK passed to xfs_alloc_vextent_iterate_ags") because the tail AG selection by the allocator sets t_highest_agno on the transaction. If the inode allocator spins around and finds an inode chunk with free inodes in an earlier AG, the subsequent dir name creation path may still fail to allocate due to the AG restriction and cancel. To avoid this problem, update the max_agbno calculation to the agbno prior to the last chunk aligned agbno in the AG. This is not necessarily the last valid allocation target for a sparse chunk, but since inode chunks (i.e. records) are chunk aligned and sparse allocs are cluster sized/aligned, this allows the sb_spino_align alignment restriction to take over and round down the max effective agbno to within the last valid inode chunk in the AG. Note that even though the allocator improvements in the aforementioned commit seem to avoid this particular dirty trans cancel situation, the max_agbno logic improvement still applies as we should be able to allocate from an AG that has been appropriately selected. The more important target for this patch however are older/stable kernels prior to this allocator rework/improvement. Cc: <stable(a)vger.kernel.org> # v4.2 Fixes: 56d1115c9bc7 ("xfs: allocate sparse inode chunks on full chunk allocation failure") Signed-off-by: Brian Foster <bfoster(a)redhat.com> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> --- v2: - Added misc. commit log tags. v1: https://lore.kernel.org/linux-xfs/20260108141129.7765-1-bfoster@redhat.com/ fs/xfs/libxfs/xfs_ialloc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c index d97295eaebe6..c19d6d713780 100644 --- a/fs/xfs/libxfs/xfs_ialloc.c +++ b/fs/xfs/libxfs/xfs_ialloc.c @@ -848,15 +848,16 @@ xfs_ialloc_ag_alloc( * invalid inode records, such as records that start at agbno 0 * or extend beyond the AG. * - * Set min agbno to the first aligned, non-zero agbno and max to - * the last aligned agbno that is at least one full chunk from - * the end of the AG. + * Set min agbno to the first chunk aligned, non-zero agbno and + * max to one less than the last chunk aligned agbno from the + * end of the AG. We subtract 1 from max so that the cluster + * allocation alignment takes over and allows allocation within + * the last full inode chunk in the AG. */ args.min_agbno = args.mp->m_sb.sb_inoalignmt; args.max_agbno = round_down(xfs_ag_block_count(args.mp, pag_agno(pag)), - args.mp->m_sb.sb_inoalignmt) - - igeo->ialloc_blks; + args.mp->m_sb.sb_inoalignmt) - 1; error = xfs_alloc_vextent_near_bno(&args, xfs_agbno_to_fsb(pag, -- 2.52.0

13 hours, 36 minutes

2
1
0 0

[PATCH RFC v2 00/20] slab: replace cpu (partial) slabs with sheaves

by Vlastimil Babka

Percpu sheaves caching was introduced as opt-in but the goal was to eventually move all caches to them. This is the next step, enabling sheaves for all caches (except the two bootstrap ones) and then removing the per cpu (partial) slabs and lots of associated code. Besides (hopefully) improved performance, this removes the rather complicated code related to the lockless fastpaths (using this_cpu_try_cmpxchg128/64) and its complications with PREEMPT_RT or kmalloc_nolock(). The lockless slab freelist+counters update operation using try_cmpxchg128/64 remains and is crucial for freeing remote NUMA objects without repeating the "alien" array flushing of SLUB, and to allow flushing objects from sheaves to slabs mostly without the node list_lock. This v2 is the first non-RFC. I would consider exposing the series to linux-next at this point. Git branch for the v2: https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/linux.git/log/?h=she… Based on: https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/log/?h=slab… - includes a sheaves optimization that seemed minor but there was lkp test robot result with significant improvements: https://lore.kernel.org/all/202512291555.56ce2e53-lkp@intel.com/ (could be an uncommon corner case workload though) Significant (but not critical) remaining TODOs: - Integration of rcu sheaves handling with kfree_rcu batching. - Currently the kfree_rcu batching is almost completely bypassed. I'm thinking it could be adjusted to handle rcu sheaves in addition to individual objects, to get the best of both. - Performance evaluation. Petr Tesarik has been doing that on the RFC with some promising results (thanks!) and also found a memory leak. Note that as many things, this caching scheme change is a tradeoff, as summarized by Christoph: https://lore.kernel.org/all/f7c33974-e520-387e-9e2f-1e523bfe1545@gentwo.org/ - Objects allocated from sheaves should have better temporal locality (likely recently freed, thus cache hot) but worse spatial locality (likely from many different slabs, increasing memory usage and possibly TLB pressure on kernel's direct map). Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- Changes in v2: - Rebased to v6.19-rc1+slab.git slab/for-7.0/sheaves - Some of the preliminary patches from the RFC went in there. - Incorporate feedback/reports from many people (thanks!), including: - Make caches with sheaves mergeable. - Fix a major memory leak. - Cleanup of stat items. - Link to v1: https://patch.msgid.link/20251023-sheaves-for-all-v1-0-6ffa2c9941c0@suse.cz --- Vlastimil Babka (20): mm/slab: add rcu_barrier() to kvfree_rcu_barrier_on_cache() mm/slab: move and refactor __kmem_cache_alias() mm/slab: make caches with sheaves mergeable slab: add sheaves to most caches slab: introduce percpu sheaves bootstrap slab: make percpu sheaves compatible with kmalloc_nolock()/kfree_nolock() slab: handle kmalloc sheaves bootstrap slab: add optimized sheaf refill from partial list slab: remove cpu (partial) slabs usage from allocation paths slab: remove SLUB_CPU_PARTIAL slab: remove the do_slab_free() fastpath slab: remove defer_deactivate_slab() slab: simplify kmalloc_nolock() slab: remove struct kmem_cache_cpu slab: remove unused PREEMPT_RT specific macros slab: refill sheaves from all nodes slab: update overview comments slab: remove frozen slab checks from __slab_free() mm/slub: remove DEACTIVATE_TO_* stat items mm/slub: cleanup and repurpose some stat items include/linux/slab.h | 6 - mm/Kconfig | 11 - mm/internal.h | 1 + mm/page_alloc.c | 5 + mm/slab.h | 53 +- mm/slab_common.c | 56 +- mm/slub.c | 2591 +++++++++++++++++--------------------------------- 7 files changed, 950 insertions(+), 1773 deletions(-) --- base-commit: aff9fb2fffa1175bd5ae3b4630f3d4ae53af450b change-id: 20251002-sheaves-for-all-86ac13dc47a5 Best regards, -- Vlastimil Babka <vbabka(a)suse.cz>

13 hours, 37 minutes

2
6
0 0

FAILED: patch "[PATCH] ksm: use range-walk function to jump over holes in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f5548c318d6520d4fa3c5ed6003eeb710763cbc5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112001-kitten-trickily-a02d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5548c318d6520d4fa3c5ed6003eeb710763cbc5 Mon Sep 17 00:00:00 2001 From: Pedro Demarchi Gomes <pedrodemargomes(a)gmail.com> Date: Wed, 22 Oct 2025 12:30:59 -0300 Subject: [PATCH] ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Currently, scan_get_next_rmap_item() walks every page address in a VMA to locate mergeable pages. This becomes highly inefficient when scanning large virtual memory areas that contain mostly unmapped regions, causing ksmd to use large amount of cpu without deduplicating much pages. This patch replaces the per-address lookup with a range walk using walk_page_range(). The range walker allows KSM to skip over entire unmapped holes in a VMA, avoiding unnecessary lookups. This problem was previously discussed in [1]. Consider the following test program which creates a 32 TiB mapping in the virtual address space but only populates a single page: #include <unistd.h> #include <stdio.h> #include <sys/mman.h> /* 32 TiB */ const size_t size = 32ul * 1024 * 1024 * 1024 * 1024; int main() { char *area = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1, 0); if (area == MAP_FAILED) { perror("mmap() failed\n"); return -1; } /* Populate a single page such that we get an anon_vma. */ *area = 0; /* Enable KSM. */ madvise(area, size, MADV_MERGEABLE); pause(); return 0; } $ ./ksm-sparse & $ echo 1 > /sys/kernel/mm/ksm/run Without this patch ksmd uses 100% of the cpu for a long time (more then 1 hour in my test machine) scanning all the 32 TiB virtual address space that contain only one mapped page. This makes ksmd essentially deadlocked not able to deduplicate anything of value. With this patch ksmd walks only the one mapped page and skips the rest of the 32 TiB virtual address space, making the scan fast using little cpu. Link: https://lkml.kernel.org/r/20251023035841.41406-1-pedrodemargomes@gmail.com Link: https://lkml.kernel.org/r/20251022153059.22763-1-pedrodemargomes@gmail.com Link: https://lore.kernel.org/linux-mm/423de7a3-1c62-4e72-8e79-19a6413e420c@redha… [1] Fixes: 31dbd01f3143 ("ksm: Kernel SamePage Merging") Signed-off-by: Pedro Demarchi Gomes <pedrodemargomes(a)gmail.com> Co-developed-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: craftfever <craftfever(a)airmail.cc> Closes: https://lkml.kernel.org/r/020cf8de6e773bb78ba7614ef250129f11a63781@murena.io Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: xu xin <xu.xin16(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/ksm.c b/mm/ksm.c index 7bc726b50b2f..c4e730409949 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -2455,6 +2455,95 @@ static bool should_skip_rmap_item(struct folio *folio, return true; } +struct ksm_next_page_arg { + struct folio *folio; + struct page *page; + unsigned long addr; +}; + +static int ksm_next_page_pmd_entry(pmd_t *pmdp, unsigned long addr, unsigned long end, + struct mm_walk *walk) +{ + struct ksm_next_page_arg *private = walk->private; + struct vm_area_struct *vma = walk->vma; + pte_t *start_ptep = NULL, *ptep, pte; + struct mm_struct *mm = walk->mm; + struct folio *folio; + struct page *page; + spinlock_t *ptl; + pmd_t pmd; + + if (ksm_test_exit(mm)) + return 0; + + cond_resched(); + + pmd = pmdp_get_lockless(pmdp); + if (!pmd_present(pmd)) + return 0; + + if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) && pmd_leaf(pmd)) { + ptl = pmd_lock(mm, pmdp); + pmd = pmdp_get(pmdp); + + if (!pmd_present(pmd)) { + goto not_found_unlock; + } else if (pmd_leaf(pmd)) { + page = vm_normal_page_pmd(vma, addr, pmd); + if (!page) + goto not_found_unlock; + folio = page_folio(page); + + if (folio_is_zone_device(folio) || !folio_test_anon(folio)) + goto not_found_unlock; + + page += ((addr & (PMD_SIZE - 1)) >> PAGE_SHIFT); + goto found_unlock; + } + spin_unlock(ptl); + } + + start_ptep = pte_offset_map_lock(mm, pmdp, addr, &ptl); + if (!start_ptep) + return 0; + + for (ptep = start_ptep; addr < end; ptep++, addr += PAGE_SIZE) { + pte = ptep_get(ptep); + + if (!pte_present(pte)) + continue; + + page = vm_normal_page(vma, addr, pte); + if (!page) + continue; + folio = page_folio(page); + + if (folio_is_zone_device(folio) || !folio_test_anon(folio)) + continue; + goto found_unlock; + } + +not_found_unlock: + spin_unlock(ptl); + if (start_ptep) + pte_unmap(start_ptep); + return 0; +found_unlock: + folio_get(folio); + spin_unlock(ptl); + if (start_ptep) + pte_unmap(start_ptep); + private->page = page; + private->folio = folio; + private->addr = addr; + return 1; +} + +static struct mm_walk_ops ksm_next_page_ops = { + .pmd_entry = ksm_next_page_pmd_entry, + .walk_lock = PGWALK_RDLOCK, +}; + static struct ksm_rmap_item *scan_get_next_rmap_item(struct page **page) { struct mm_struct *mm; @@ -2542,21 +2631,27 @@ static struct ksm_rmap_item *scan_get_next_rmap_item(struct page **page) ksm_scan.address = vma->vm_end; while (ksm_scan.address < vma->vm_end) { + struct ksm_next_page_arg ksm_next_page_arg; struct page *tmp_page = NULL; - struct folio_walk fw; struct folio *folio; if (ksm_test_exit(mm)) break; - folio = folio_walk_start(&fw, vma, ksm_scan.address, 0); - if (folio) { - if (!folio_is_zone_device(folio) && - folio_test_anon(folio)) { - folio_get(folio); - tmp_page = fw.page; - } - folio_walk_end(&fw, vma); + int found; + + found = walk_page_range_vma(vma, ksm_scan.address, + vma->vm_end, + &ksm_next_page_ops, + &ksm_next_page_arg); + + if (found > 0) { + folio = ksm_next_page_arg.folio; + tmp_page = ksm_next_page_arg.page; + ksm_scan.address = ksm_next_page_arg.addr; + } else { + VM_WARN_ON_ONCE(found < 0); + ksm_scan.address = vma->vm_end - PAGE_SIZE; } if (tmp_page) {

13 hours, 44 minutes

2
2
0 0

[PATCH 1/2] irqchip/renesas-rzv2h: Prevent TINT spurious interrupt during resume

by Biju

From: Biju Das <biju.das.jz(a)bp.renesas.com> A glitch in the edge detection circuit can cause a spurious interrupt. The hardware manual recommends clearing the status flag after setting the ICU_TSSRk register as a countermeasure. Currently, a spurious IRQ is generated on the resume path of s2idle for the PMIC RTC TINT interrupt due to a glitch related to unnecessary enabling/disabling of the TINT enable bit. Fix this issue by not setting TSSR(TINT Source) and TITSR(TINT Detection Method Selection) registers if the values are the same as those set in these registers. Fixes: 0d7605e75ac2 ("irqchip: Add RZ/V2H(P) Interrupt Control Unit (ICU) driver") Cc: stable(a)vger.kernel.org Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> --- drivers/irqchip/irq-renesas-rzv2h.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/irqchip/irq-renesas-rzv2h.c b/drivers/irqchip/irq-renesas-rzv2h.c index 0c44b6109842..9b4565375e83 100644 --- a/drivers/irqchip/irq-renesas-rzv2h.c +++ b/drivers/irqchip/irq-renesas-rzv2h.c @@ -328,6 +328,7 @@ static int rzv2h_tint_set_type(struct irq_data *d, unsigned int type) u32 titsr, titsr_k, titsel_n, tien; struct rzv2h_icu_priv *priv; u32 tssr, tssr_k, tssel_n; + u32 titsr_cur, tssr_cur; unsigned int hwirq; u32 tint, sense; int tint_nr; @@ -376,12 +377,18 @@ static int rzv2h_tint_set_type(struct irq_data *d, unsigned int type) guard(raw_spinlock)(&priv->lock); tssr = readl_relaxed(priv->base + priv->info->t_offs + ICU_TSSR(tssr_k)); + titsr = readl_relaxed(priv->base + priv->info->t_offs + ICU_TITSR(titsr_k)); + + tssr_cur = field_get(ICU_TSSR_TSSEL_MASK(tssel_n, priv->info->field_width), tssr); + titsr_cur = field_get(ICU_TITSR_TITSEL_MASK(titsel_n), titsr); + if (tssr_cur == tint && titsr_cur == sense) + return 0; + tssr &= ~(ICU_TSSR_TSSEL_MASK(tssel_n, priv->info->field_width) | tien); tssr |= ICU_TSSR_TSSEL_PREP(tint, tssel_n, priv->info->field_width); writel_relaxed(tssr, priv->base + priv->info->t_offs + ICU_TSSR(tssr_k)); - titsr = readl_relaxed(priv->base + priv->info->t_offs + ICU_TITSR(titsr_k)); titsr &= ~ICU_TITSR_TITSEL_MASK(titsel_n); titsr |= ICU_TITSR_TITSEL_PREP(sense, titsel_n); -- 2.43.0

13 hours, 53 minutes

1
0
0 0

[PATCH] drm/imx: parallel-display: Prefer bus format set via legacy "interface-pix-fmt" DT property

by Marek Vasut

Prefer bus format set via legacy "interface-pix-fmt" DT property over panel bus format. This is necessary to retain support for DTs which configure the IPUv3 parallel output as 24bit DPI, but connect 18bit DPI panels to it with hardware swizzling. This used to work up to Linux 6.12, but stopped working in 6.13, reinstate the behavior to support old DTs. Cc: stable(a)vger.kernel.org Fixes: 5f6e56d3319d ("drm/imx: parallel-display: switch to drm_panel_bridge") Signed-off-by: Marek Vasut <marex(a)nabladev.com> --- Cc: David Airlie <airlied(a)gmail.com> Cc: Fabio Estevam <festevam(a)gmail.com> Cc: Pengutronix Kernel Team <kernel(a)pengutronix.de> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: Shawn Guo <shawnguo(a)kernel.org> Cc: Simona Vetter <simona(a)ffwll.ch> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: dri-devel(a)lists.freedesktop.org Cc: imx(a)lists.linux.dev Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-kernel(a)vger.kernel.org --- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/imx/ipuv3/parallel-display.c b/drivers/gpu/drm/imx/ipuv3/parallel-display.c index 6fbf505d2801d..02bb38a1ee4eb 100644 --- a/drivers/gpu/drm/imx/ipuv3/parallel-display.c +++ b/drivers/gpu/drm/imx/ipuv3/parallel-display.c @@ -110,8 +110,7 @@ imx_pd_bridge_atomic_get_input_bus_fmts(struct drm_bridge *bridge, output_fmt = imxpd->bus_format ? : MEDIA_BUS_FMT_RGB888_1X24; /* Now make sure the requested output format is supported. */ - if ((imxpd->bus_format && imxpd->bus_format != output_fmt) || - !imx_pd_format_supported(output_fmt)) { + if (!imx_pd_format_supported(output_fmt)) { *num_input_fmts = 0; return NULL; } @@ -121,7 +120,17 @@ imx_pd_bridge_atomic_get_input_bus_fmts(struct drm_bridge *bridge, if (!input_fmts) return NULL; - input_fmts[0] = output_fmt; + /* + * Prefer bus format set via legacy "interface-pix-fmt" DT property + * over panel bus format. This is necessary to retain support for + * DTs which configure the IPUv3 parallel output as 24bit, but + * connect 18bit DPI panels to it with hardware swizzling. + */ + if (imxpd->bus_format && imxpd->bus_format != output_fmt) + input_fmts[0] = imxpd->bus_format; + else + input_fmts[0] = output_fmt; + return input_fmts; } -- 2.51.0

15 hours, 15 minutes

2
1
0 0

[PATCH] hrtimer: Fix softirq base check in update_needs_ipi()

by Thomas Weißschuh

The 'clockid' field is not the correct way to check for a softirq base. Fix the check to correctly compare the base type instead of the clockid. Fixes: 1e7f7fbcd40c ("hrtimer: Avoid more SMP function calls in clock_was_set()") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- kernel/time/hrtimer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index f8ea8c8fc895..d0c59fc0beb4 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -913,7 +913,7 @@ static bool update_needs_ipi(struct hrtimer_cpu_base *cpu_base, return true; /* Extra check for softirq clock bases */ - if (base->clockid < HRTIMER_BASE_MONOTONIC_SOFT) + if (base->index < HRTIMER_BASE_MONOTONIC_SOFT) continue; if (cpu_base->softirq_activated) continue; --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20260105-hrtimer-clock-base-check-b91d586b70f7 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

16 hours, 39 minutes

2
1
0 0

[PATCH v2 0/4] Some fix patches for uvc gadget function

by Xu Yang

Recenly when test uvc gadget function I find some YUYV pixel format 720p and 1080p stream can't output normally. However, small resulution and MJPEG format stream works fine. The first patch#1 is to fix the issue. Patch#2 and #3 are small fix or improvement. For patch#4: it's a workaround for a long-term issue in videobuf2. With it, many device can work well and not solely based on the SG allocation method. Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> --- Changes in v2: - Link to v1: https://lore.kernel.org/r/20260108-uvc-gadget-fix-patch-v1-0-8b571e5033cc@n… --- Xu Yang (4): usb: gadget: uvc: fix req_payload_size calculation usb: gadget: uvc: fix interval_duration calculation usb: gadget: uvc: return error from uvcg_queue_init() usb: gadget: uvc: retry vb2_reqbufs() with vb_vmalloc_memops if use_sg fail drivers/usb/gadget/function/f_uvc.c | 4 ++++ drivers/usb/gadget/function/uvc.h | 3 ++- drivers/usb/gadget/function/uvc_queue.c | 23 +++++++++++++++++++---- drivers/usb/gadget/function/uvc_video.c | 14 +++++++------- 4 files changed, 32 insertions(+), 12 deletions(-) --- base-commit: 56a512a9b4107079f68701e7d55da8507eb963d9 change-id: 20260108-uvc-gadget-fix-patch-aa5996332bb5 Best regards, -- Xu Yang <xu.yang_2(a)nxp.com>

16 hours, 53 minutes

1
2
0 0

[PATCH] mfd: omap-usb-host: fix OF populate on driver rebind

by Johan Hovold

Since commit c6e126de43e7 ("of: Keep track of populated platform devices") child devices will not be created by of_platform_populate() if the devices had previously been deregistered individually so that the OF_POPULATED flag is still set in the corresponding OF nodes. Switch to using of_platform_depopulate() instead of open coding so that the child devices are created if the driver is rebound. Fixes: c6e126de43e7 ("of: Keep track of populated platform devices") Cc: stable(a)vger.kernel.org # 3.16 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mfd/omap-usb-host.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/mfd/omap-usb-host.c b/drivers/mfd/omap-usb-host.c index a77b6fc790f2..4d29a6e2ed87 100644 --- a/drivers/mfd/omap-usb-host.c +++ b/drivers/mfd/omap-usb-host.c @@ -819,8 +819,10 @@ static void usbhs_omap_remove(struct platform_device *pdev) { pm_runtime_disable(&pdev->dev); - /* remove children */ - device_for_each_child(&pdev->dev, NULL, usbhs_omap_remove_child); + if (pdev->dev.of_node) + of_platform_depopulate(&pdev->dev); + else + device_for_each_child(&pdev->dev, NULL, usbhs_omap_remove_child); } static const struct dev_pm_ops usbhsomap_dev_pm_ops = { -- 2.51.2

17 hours, 9 minutes

3
8
0 0

[PATCH] mfd: qcom-pm8xxx: fix OF populate on driver rebind

by Johan Hovold

Since commit c6e126de43e7 ("of: Keep track of populated platform devices") child devices will not be created by of_platform_populate() if the devices had previously been deregistered individually so that the OF_POPULATED flag is still set in the corresponding OF nodes. Switch to using of_platform_depopulate() instead of open coding so that the child devices are created if the driver is rebound. Fixes: c6e126de43e7 ("of: Keep track of populated platform devices") Cc: stable(a)vger.kernel.org # 3.16 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mfd/qcom-pm8xxx.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/drivers/mfd/qcom-pm8xxx.c b/drivers/mfd/qcom-pm8xxx.c index 1149f7102a36..0cf374c015ce 100644 --- a/drivers/mfd/qcom-pm8xxx.c +++ b/drivers/mfd/qcom-pm8xxx.c @@ -577,17 +577,11 @@ static int pm8xxx_probe(struct platform_device *pdev) return rc; } -static int pm8xxx_remove_child(struct device *dev, void *unused) -{ - platform_device_unregister(to_platform_device(dev)); - return 0; -} - static void pm8xxx_remove(struct platform_device *pdev) { struct pm_irq_chip *chip = platform_get_drvdata(pdev); - device_for_each_child(&pdev->dev, NULL, pm8xxx_remove_child); + of_platform_depopulate(&pdev->dev); irq_domain_remove(chip->irqdomain); } -- 2.51.2

17 hours, 22 minutes

4
4
0 0

[PATCH] drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel

by Marek Vasut

The connector type for the DataImage SCF0700C48GGU18 panel is missing and devm_drm_panel_bridge_add() requires connector type to be set. This leads to a warning and a backtrace in the kernel log and panel does not work: " WARNING: CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_drm_of_get_bridge+0xac/0xb8 " The warning is triggered by a check for valid connector type in devm_drm_panel_bridge_add(). If there is no valid connector type set for a panel, the warning is printed and panel is not added. Fill in the missing connector type to fix the warning and make the panel operational once again. Cc: stable(a)vger.kernel.org Fixes: 97ceb1fb08b6 ("drm/panel: simple: Add support for DataImage SCF0700C48GGU18") Signed-off-by: Marek Vasut <marex(a)nabladev.com> --- Cc: David Airlie <airlied(a)gmail.com> Cc: Jessica Zhang <jesszhan0024(a)gmail.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: Simona Vetter <simona(a)ffwll.ch> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: dri-devel(a)lists.freedesktop.org Cc: kernel(a)dh-electronics.com Cc: linux-kernel(a)vger.kernel.org --- drivers/gpu/drm/panel/panel-simple.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c index 3acc9f3dac16a..e33ee2308e715 100644 --- a/drivers/gpu/drm/panel/panel-simple.c +++ b/drivers/gpu/drm/panel/panel-simple.c @@ -1900,6 +1900,7 @@ static const struct panel_desc dataimage_scf0700c48ggu18 = { }, .bus_format = MEDIA_BUS_FMT_RGB888_1X24, .bus_flags = DRM_BUS_FLAG_DE_HIGH | DRM_BUS_FLAG_PIXDATA_DRIVE_POSEDGE, + .connector_type = DRM_MODE_CONNECTOR_DPI, }; static const struct display_timing dlc_dlc0700yzg_1_timing = { -- 2.51.0

17 hours, 32 minutes

2
2
0 0

[PATCH REGRESSION v3] drm/panel: simple: restore connector_type fallback

by Ludovic Desroches

The switch from devm_kzalloc() + drm_panel_init() to devm_drm_panel_alloc() introduced a regression. Several panel descriptors do not set connector_type. For those panels, panel_simple_probe() used to compute a connector type (currently DPI as a fallback) and pass that value to drm_panel_init(). After the conversion to devm_drm_panel_alloc(), the call unconditionally used desc->connector_type instead, ignoring the computed fallback and potentially passing DRM_MODE_CONNECTOR_Unknown, which drm_panel_bridge_add() does not allow. Move the connector_type validation / fallback logic before the devm_drm_panel_alloc() call and pass the computed connector_type to devm_drm_panel_alloc(), so panels without an explicit connector_type once again get the DPI default. Signed-off-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Fixes: de04bb0089a9 ("drm/panel/panel-simple: Use the new allocation in place of devm_kzalloc()") Cc: stable(a)vger.kernel.org --- Changes in v3: - Add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area. - Link to v2: https://lore.kernel.org/r/20251126-lcd_panel_connector_type_fix-v2-1-c15835… Changes in v2: - Fix a warning introduced by the code move. There is no need to jump to free_ddc, we can directly return from the function. - Link to v1: https://lore.kernel.org/r/20251121-lcd_panel_connector_type_fix-v1-1-fdbbef… --- drivers/gpu/drm/panel/panel-simple.c | 89 ++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 45 deletions(-) diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c index 0019de93be1b663f55b04160606363cd043ab38b..5fd75b3939c635ca3e5b293ea37a759f479fa3f8 100644 --- a/drivers/gpu/drm/panel/panel-simple.c +++ b/drivers/gpu/drm/panel/panel-simple.c @@ -623,49 +623,6 @@ static struct panel_simple *panel_simple_probe(struct device *dev) if (IS_ERR(desc)) return ERR_CAST(desc); - panel = devm_drm_panel_alloc(dev, struct panel_simple, base, - &panel_simple_funcs, desc->connector_type); - if (IS_ERR(panel)) - return ERR_CAST(panel); - - panel->desc = desc; - - panel->supply = devm_regulator_get(dev, "power"); - if (IS_ERR(panel->supply)) - return ERR_CAST(panel->supply); - - panel->enable_gpio = devm_gpiod_get_optional(dev, "enable", - GPIOD_OUT_LOW); - if (IS_ERR(panel->enable_gpio)) - return dev_err_cast_probe(dev, panel->enable_gpio, - "failed to request GPIO\n"); - - err = of_drm_get_panel_orientation(dev->of_node, &panel->orientation); - if (err) { - dev_err(dev, "%pOF: failed to get orientation %d\n", dev->of_node, err); - return ERR_PTR(err); - } - - ddc = of_parse_phandle(dev->of_node, "ddc-i2c-bus", 0); - if (ddc) { - panel->ddc = of_find_i2c_adapter_by_node(ddc); - of_node_put(ddc); - - if (!panel->ddc) - return ERR_PTR(-EPROBE_DEFER); - } - - if (!of_device_is_compatible(dev->of_node, "panel-dpi") && - !of_get_display_timing(dev->of_node, "panel-timing", &dt)) - panel_simple_parse_panel_timing_node(dev, panel, &dt); - - if (desc->connector_type == DRM_MODE_CONNECTOR_LVDS) { - /* Optional data-mapping property for overriding bus format */ - err = panel_simple_override_nondefault_lvds_datamapping(dev, panel); - if (err) - goto free_ddc; - } - connector_type = desc->connector_type; /* Catch common mistakes for panels. */ switch (connector_type) { @@ -690,8 +647,7 @@ static struct panel_simple *panel_simple_probe(struct device *dev) break; case DRM_MODE_CONNECTOR_eDP: dev_warn(dev, "eDP panels moved to panel-edp\n"); - err = -EINVAL; - goto free_ddc; + return ERR_PTR(-EINVAL); case DRM_MODE_CONNECTOR_DSI: if (desc->bpc != 6 && desc->bpc != 8) dev_warn(dev, "Expected bpc in {6,8} but got: %u\n", desc->bpc); @@ -720,6 +676,49 @@ static struct panel_simple *panel_simple_probe(struct device *dev) break; } + panel = devm_drm_panel_alloc(dev, struct panel_simple, base, + &panel_simple_funcs, connector_type); + if (IS_ERR(panel)) + return ERR_CAST(panel); + + panel->desc = desc; + + panel->supply = devm_regulator_get(dev, "power"); + if (IS_ERR(panel->supply)) + return ERR_CAST(panel->supply); + + panel->enable_gpio = devm_gpiod_get_optional(dev, "enable", + GPIOD_OUT_LOW); + if (IS_ERR(panel->enable_gpio)) + return dev_err_cast_probe(dev, panel->enable_gpio, + "failed to request GPIO\n"); + + err = of_drm_get_panel_orientation(dev->of_node, &panel->orientation); + if (err) { + dev_err(dev, "%pOF: failed to get orientation %d\n", dev->of_node, err); + return ERR_PTR(err); + } + + ddc = of_parse_phandle(dev->of_node, "ddc-i2c-bus", 0); + if (ddc) { + panel->ddc = of_find_i2c_adapter_by_node(ddc); + of_node_put(ddc); + + if (!panel->ddc) + return ERR_PTR(-EPROBE_DEFER); + } + + if (!of_device_is_compatible(dev->of_node, "panel-dpi") && + !of_get_display_timing(dev->of_node, "panel-timing", &dt)) + panel_simple_parse_panel_timing_node(dev, panel, &dt); + + if (desc->connector_type == DRM_MODE_CONNECTOR_LVDS) { + /* Optional data-mapping property for overriding bus format */ + err = panel_simple_override_nondefault_lvds_datamapping(dev, panel); + if (err) + goto free_ddc; + } + dev_set_drvdata(dev, panel); /* --- base-commit: ac3fd01e4c1efce8f2c054cdeb2ddd2fc0fb150d change-id: 20251121-lcd_panel_connector_type_fix-f00fe3766a42 Best regards, -- Ludovic Desroches <ludovic.desroches(a)microchip.com>

17 hours, 32 minutes

3
2
0 0

Integrated Systems Europe 2026 | OPT-IN list available

by Charlotte Ivy

Hi, With Integrated Systems Europe 2026 (ISE) approaching, I wanted to check if you’d be interested in accessing the verified attendee contact list for ISE, which includes 88,227 - 100% opt-in verified contacts. Each contact come's with: Name, Job Title, Email Address, Phone Number, Company Name, Website, Address, and Expo Name If this interests you, please let me know and I will share the pricing details Best regards, Charlotte Ivy Sr. Demand Generation Reply "Unsubscribe" to opt out.

18 hours, 16 minutes

1
0
0 0

[PATCH v1 0/3] mm: mm_cid static initialization fixes

by Mathieu Desnoyers

Hi Andrew, Here are 2 fixes for missing mm_cid fields for init_mm and efi_mm static initialization. The renaming of cpu_bitmap to flexible_array (patch 2) is needed for patch 3. Those are relevant for mainline, with CC stable. They are based on v6.19-rc2. Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Cc: linux-mm(a)kvack.org Mathieu Desnoyers (3): mm: Add missing static initializer for init_mm::mm_cid.lock mm: Rename cpu_bitmap field to flexible_array mm: Take into account mm_cid size for mm_struct static definitions drivers/firmware/efi/efi.c | 2 +- include/linux/mm_types.h | 18 +++++++++++++----- mm/init-mm.c | 5 ++++- 3 files changed, 18 insertions(+), 7 deletions(-) -- 2.39.5

18 hours, 28 minutes

2
4
0 0

[PATCH v2] phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()

by Wentao Liang

The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with the child_np has been released, the code will jump to the put_child label and will call the of_node_put() again if the devm_request_threaded_irq() fails. These cause a double free bug. Fix by returning directly to avoid the duplicate of_node_put(). Fixes: ed2b5a8e6b98 ("phy: phy-rockchip-inno-usb2: support muxed interrupts") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- Changes in v2: - Drop error jumping label. --- drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c index b0f23690ec30..fe97a26297af 100644 --- a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c +++ b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c @@ -1491,7 +1491,7 @@ static int rockchip_usb2phy_probe(struct platform_device *pdev) rphy); if (ret) { dev_err_probe(rphy->dev, ret, "failed to request usb2phy irq handle\n"); - goto put_child; + return ret; } } -- 2.34.1

18 hours, 39 minutes

2
1
0 0

Re: Patch "ipv6: Fix potential uninit-value access in __ip6_make_skb()" has been added to the 5.15-stable tree

by Shubham Kulkarni

Hi Greg, Thank you for accepting this patch in the 5.15-stable tree. I Just wanted to bring to your attention that the patch merged in the stable-queue contains the lines which I added for reference only (saying "Referred stable v6.1.y version" & the link). Also I thought this could be an explanation, if Sasha's bot points out the difference in the mainline patch & this submitted patch. My apologies if I have not followed the correct format here. But can you please recheck if this extra info is really needed in the actual merged patch in the stable kernel. On 08/01/26 9:28 pm, gregkh(a)linuxfoundation.org wrote: > Signed-off-by: Shubham Kulkarni<skulkarni(a)mvista.com> > Signed-off-by: Greg Kroah-Hartman<gregkh(a)linuxfoundation.org> > --- > Referred stable v6.1.y version of the patch to generate this one > [ v6.1 link:https://github.com/gregkh/linux/commit/ > a05c1ede50e9656f0752e523c7b54f3a3489e9a8 ] > Signed-off-by: Greg Kroah-Hartman<gregkh(a)linuxfoundation.org> > --- Thanks, Shubham

19 hours, 13 minutes

1
0
0 0

Re: Patch "ipv6: Fix potential uninit-value access in __ip6_make_skb()" has been added to the 5.10-stable tree

by Shubham Kulkarni

Hi Greg, Thank you for accepting this patch in the 5.10-stable tree. I Just wanted to bring to your attention that the patch merged in the stable-queue contains the lines which I added for reference only (saying "Referred stable v6.1.y version" & the link). Also I thought this could be an explanation, if Sasha's bot points out the difference in the mainline patch & this submitted patch. My apologies if I have not followed the correct format here. But can you please recheck if this extra info is really needed in the actual merged patch in the stable kernel. On 08/01/26 9:27 pm, gregkh(a)linuxfoundation.org wrote: > Signed-off-by: Shubham Kulkarni<skulkarni(a)mvista.com> > Signed-off-by: Greg Kroah-Hartman<gregkh(a)linuxfoundation.org> > --- > Referred stable v6.1.y version of the patch to generate this one > [ v6.1 link:https://github.com/gregkh/linux/commit/ > a05c1ede50e9656f0752e523c7b54f3a3489e9a8 ] > Signed-off-by: Greg Kroah-Hartman<gregkh(a)linuxfoundation.org> > --- Thanks, Shubham

19 hours, 14 minutes

1
0
0 0

Re: Patch "ipv4: Fix uninit-value access in __ip_make_skb()" has been added to the 5.15-stable tree

by Shubham Kulkarni

Hi Greg, Thank you for accepting this patch in the 5.15-stable tree. I Just wanted to bring to your attention that the patch merged in the stable-queue contains the lines which I added for reference only (saying "Referred stable v6.1.y version" & the link). Also I thought this could be an explanation, if Sasha's bot points out the difference in the mainline patch & this submitted patch. My apologies if I have not followed the correct format here. But can you please recheck if this extra info is really needed in the actual merged patch in stable kernel. On 08/01/26 9:28 pm, gregkh(a)linuxfoundation.org wrote: > Signed-off-by: Shubham Kulkarni<skulkarni(a)mvista.com> > Signed-off-by: Greg Kroah-Hartman<gregkh(a)linuxfoundation.org> > --- > Referred stable v6.1.y version of the patch to generate this one > [ v6.1 link:https://github.com/gregkh/linux/ > commit/55bf541e018b76b3750cb6c6ea18c46e1ac5562e ] > Signed-off-by: Greg Kroah-Hartman<gregkh(a)linuxfoundation.org> > --- Thanks, Shubham

19 hours, 18 minutes

1
0
0 0

[PATCH] usb: dwc3: apple: Ignore USB role switches to the active role

by Janne Grunau

Ignore USB role switches if dwc3-apple is already in the desired state. The USB-C port controller on M2 and M1/M2 Pro/Max/Ultra devices issues additional interrupts which result in USB role switches to the already active role. Ignore these USB role switches to ensure the USB-C port controller and dwc3-apple are always in a consistent state. This matches the behaviour in __dwc3_set_mode() in core.c. Fixes detecting USB 2.0 and 3.x devices on the affected systems. The reset caused by the additional role switch appears to leave the USB devices in a state which prevents detection when the phy and dwc3 is brought back up again. Fixes: 0ec946d32ef7 ("usb: dwc3: Add Apple Silicon DWC3 glue layer driver") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> --- drivers/usb/dwc3/dwc3-apple.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/usb/dwc3/dwc3-apple.c b/drivers/usb/dwc3/dwc3-apple.c index cc47cad232e397ac4498b09165dfdb5bd215ded7..35eadd1fa08049829ba40651a96eb122ed55460f 100644 --- a/drivers/usb/dwc3/dwc3-apple.c +++ b/drivers/usb/dwc3/dwc3-apple.c @@ -339,6 +339,22 @@ static int dwc3_usb_role_switch_set(struct usb_role_switch *sw, enum usb_role ro guard(mutex)(&appledwc->lock); + /* + * Skip role switches if appledwc is already in the desired state. The + * USB-C port controller on M2 and M1/M2 Pro/Max/Ultra devices issues + * additional interrupts which results in usb_role_switch_set_role() + * calls with the current role. + * Ignore those calls here to ensure the USB-C port controller and + * appledwc are in a consistent state. + * This matches the behaviour in __dwc3_set_mode(). + * Do no handle USB_ROLE_NONE for DWC3_APPLE_NO_CABLE and + * DWC3_APPLE_PROBE_PENDING since that is no-op anyway. + */ + if (appledwc->state == DWC3_APPLE_HOST && role == USB_ROLE_HOST) + return 0; + if (appledwc->state == DWC3_APPLE_DEVICE && role == USB_ROLE_DEVICE) + return 0; + /* * We need to tear all of dwc3 down and re-initialize it every time a cable is * connected or disconnected or when the mode changes. See the documentation for enum --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20260109-apple-dwc3-role-switch-1b684f73860c Best regards, -- Janne Grunau <j(a)jannau.net>

19 hours, 47 minutes

3
2
0 0

[PATCH v2] misc: fastrpc: check qcom_scm_assign_mem() return in rpmsg_probe

by Xingjing Deng

In the SDSP probe path, qcom_scm_assign_mem() is used to assign the reserved memory to the configured VMIDs, but its return value was not checked. Fail the probe if the SCM call fails to avoid continuing with an unexpected/incorrect memory permission configuration Fixes: c3c0363bc72d4 ("misc: fastrpc: support complete DMA pool access to the DSP") Cc: stable(a)vger.kernel.org # 6.11-rc1 Signed-off-by: Xingjing Deng <xjdeng(a)buaa.edu.cn> v2 changes: Add Fixes: and Cc: stable(a)vger.kernel.org. --- drivers/misc/fastrpc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index fb3b54e05928..cbb12db110b3 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -2338,8 +2338,13 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev) if (!err) { src_perms = BIT(QCOM_SCM_VMID_HLOS); - qcom_scm_assign_mem(res.start, resource_size(&res), &src_perms, + err = qcom_scm_assign_mem(res.start, resource_size(&res), &src_perms, data->vmperms, data->vmcount); + if (err) { + dev_err(rdev, "Failed to assign memory phys 0x%llx size 0x%llx err %d", + res.start, resource_size(&res), err); + goto err_free_data; + } } } -- 2.25.1

19 hours, 48 minutes

2
2
0 0

Re: Patch "bcache: fix improper use of bi_end_io" has been added to the 6.6-stable tree

by Kent Overstreet

On Mon, Jan 12, 2026 at 12:23:45PM -0500, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > bcache: fix improper use of bi_end_io > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bcache-fix-improper-use-of-bi_end_io.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Yeah, this is broken. Coly, please revert this. > > > > commit 81e7e43a810e8f40e163928d441de02d2816b073 > Author: Shida Zhang <zhangshida(a)kylinos.cn> > Date: Tue Dec 9 17:01:56 2025 +0800 > > bcache: fix improper use of bi_end_io > > [ Upstream commit 53280e398471f0bddbb17b798a63d41264651325 ] > > Don't call bio->bi_end_io() directly. Use the bio_endio() helper > function instead, which handles completion more safely and uniformly. > > Suggested-by: Christoph Hellwig <hch(a)infradead.org> > Reviewed-by: Christoph Hellwig <hch(a)lst.de> > Signed-off-by: Shida Zhang <zhangshida(a)kylinos.cn> > Signed-off-by: Jens Axboe <axboe(a)kernel.dk> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c > index a9b1f3896249b..b4059d2daa326 100644 > --- a/drivers/md/bcache/request.c > +++ b/drivers/md/bcache/request.c > @@ -1090,7 +1090,7 @@ static void detached_dev_end_io(struct bio *bio) > } > > kfree(ddip); > - bio->bi_end_io(bio); > + bio_endio(bio); > } > > static void detached_dev_do_request(struct bcache_device *d, struct bio *bio, > @@ -1107,7 +1107,7 @@ static void detached_dev_do_request(struct bcache_device *d, struct bio *bio, > ddip = kzalloc(sizeof(struct detached_dev_io_private), GFP_NOIO); > if (!ddip) { > bio->bi_status = BLK_STS_RESOURCE; > - bio->bi_end_io(bio); > + bio_endio(bio); > return; > } > > @@ -1122,7 +1122,7 @@ static void detached_dev_do_request(struct bcache_device *d, struct bio *bio, > > if ((bio_op(bio) == REQ_OP_DISCARD) && > !bdev_max_discard_sectors(dc->bdev)) > - bio->bi_end_io(bio); > + detached_dev_end_io(bio); > else > submit_bio_noacct(bio); > }

20 hours, 25 minutes

2
2
0 0

[PATCH V6 1/9] mm/slab: use unsigned long for orig_size to ensure proper metadata align

by Harry Yoo

When both KASAN and SLAB_STORE_USER are enabled, accesses to struct kasan_alloc_meta fields can be misaligned on 64-bit architectures. This occurs because orig_size is currently defined as unsigned int, which only guarantees 4-byte alignment. When struct kasan_alloc_meta is placed after orig_size, it may end up at a 4-byte boundary rather than the required 8-byte boundary on 64-bit systems. Note that 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS are assumed to require 64-bit accesses to be 64-bit aligned. See HAVE_64BIT_ALIGNED_ACCESS and commit adab66b71abf ("Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"") for more details. Change orig_size from unsigned int to unsigned long to ensure proper alignment for any subsequent metadata. This should not waste additional memory because kmalloc objects are already aligned to at least ARCH_KMALLOC_MINALIGN. Closes: https://lore.kernel.org/all/aPrLF0OUK651M4dk@hyeyoo Suggested-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 6edf2576a6cc ("mm/slub: enable debugging memory wasting of kmalloc") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- mm/slub.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 64d71a728d3d..2494ca8080f5 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -857,7 +857,7 @@ static inline bool slab_update_freelist(struct kmem_cache *s, struct slab *slab, * request size in the meta data area, for better debug and sanity check. */ static inline void set_orig_size(struct kmem_cache *s, - void *object, unsigned int orig_size) + void *object, unsigned long orig_size) { void *p = kasan_reset_tag(object); @@ -867,10 +867,10 @@ static inline void set_orig_size(struct kmem_cache *s, p += get_info_end(s); p += sizeof(struct track) * 2; - *(unsigned int *)p = orig_size; + *(unsigned long *)p = orig_size; } -static inline unsigned int get_orig_size(struct kmem_cache *s, void *object) +static inline unsigned long get_orig_size(struct kmem_cache *s, void *object) { void *p = kasan_reset_tag(object); @@ -883,7 +883,7 @@ static inline unsigned int get_orig_size(struct kmem_cache *s, void *object) p += get_info_end(s); p += sizeof(struct track) * 2; - return *(unsigned int *)p; + return *(unsigned long *)p; } #ifdef CONFIG_SLUB_DEBUG @@ -1198,7 +1198,7 @@ static void print_trailer(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (slub_debug_orig_size(s)) - off += sizeof(unsigned int); + off += sizeof(unsigned long); off += kasan_metadata_size(s, false); @@ -1410,7 +1410,7 @@ static int check_pad_bytes(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (s->flags & SLAB_KMALLOC) - off += sizeof(unsigned int); + off += sizeof(unsigned long); } off += kasan_metadata_size(s, false); @@ -7961,7 +7961,7 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s) /* Save the original kmalloc request size */ if (flags & SLAB_KMALLOC) - size += sizeof(unsigned int); + size += sizeof(unsigned long); } #endif -- 2.43.0

20 hours, 28 minutes

1
0
0 0

[PATCH] null_blk: fix kmemleak by releasing references to fault configfs items

by Nilay Shroff

When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example: unreferenced object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group. Cc: stable(a)vger.kernel.org Fixes: bb4c19e030f4 ("block: null_blk: make fault-injection dynamically configurable per device") Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> --- v1->v2: Added fixes and stable tags --- drivers/block/null_blk/main.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c index c7c0fb79a6bf..4c0632ab4e1b 100644 --- a/drivers/block/null_blk/main.c +++ b/drivers/block/null_blk/main.c @@ -665,12 +665,22 @@ static void nullb_add_fault_config(struct nullb_device *dev) configfs_add_default_group(&dev->init_hctx_fault_config.group, &dev->group); } +static void nullb_del_fault_config(struct nullb_device *dev) +{ + config_item_put(&dev->init_hctx_fault_config.group.cg_item); + config_item_put(&dev->requeue_config.group.cg_item); + config_item_put(&dev->timeout_config.group.cg_item); +} + #else static void nullb_add_fault_config(struct nullb_device *dev) { } +static void nullb_del_fault_config(struct nullb_device *dev) +{ +} #endif static struct @@ -702,7 +712,7 @@ nullb_group_drop_item(struct config_group *group, struct config_item *item) null_del_dev(dev->nullb); mutex_unlock(&lock); } - + nullb_del_fault_config(dev); config_item_put(item); } -- 2.52.0

21 hours, 18 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-numamemblock-include-asm-numah-for-numa_nodes_parsed.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: numa,memblock: include <asm/numa.h> for 'numa_nodes_parsed' has been removed from the -mm tree. Its filename was mm-numamemblock-include-asm-numah-for-numa_nodes_parsed.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ben Dooks <ben.dooks(a)codethink.co.uk> Subject: mm: numa,memblock: include <asm/numa.h> for 'numa_nodes_parsed' Date: Thu, 8 Jan 2026 10:15:39 +0000 The 'numa_nodes_parsed' is defined in <asm/numa.h> but this file is not included in mm/numa_memblks.c (build x86_64) so add this to the incldues to fix the following sparse warning: mm/numa_memblks.c:13:12: warning: symbol 'numa_nodes_parsed' was not declared. Should it be static? Link: https://lkml.kernel.org/r/20260108101539.229192-1-ben.dooks@codethink.co.uk Fixes: 87482708210f ("mm: introduce numa_memblks") Signed-off-by: Ben Dooks <ben.dooks(a)codethink.co.uk> Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Ben Dooks <ben.dooks(a)codethink.co.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/numa_memblks.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/numa_memblks.c~mm-numamemblock-include-asm-numah-for-numa_nodes_parsed +++ a/mm/numa_memblks.c @@ -7,6 +7,8 @@ #include <linux/numa.h> #include <linux/numa_memblks.h> +#include <asm/numa.h> + int numa_distance_cnt; static u8 *numa_distance; _ Patches currently in -mm which might be from ben.dooks(a)codethink.co.uk are

21 hours, 36 minutes

1
0
0 0

[merged mm-hotfixes-stable] tools-testing-selftests-fix-gup_longterm-for-unknown-fs.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: tools/testing/selftests: fix gup_longterm for unknown fs has been removed from the -mm tree. Its filename was tools-testing-selftests-fix-gup_longterm-for-unknown-fs.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: tools/testing/selftests: fix gup_longterm for unknown fs Date: Tue, 6 Jan 2026 15:45:47 +0000 Commit 66bce7afbaca ("selftests/mm: fix test result reporting in gup_longterm") introduced a small bug causing unknown filesystems to always result in a test failure. This is because do_test() was updated to use a common reporting path, but this case appears to have been missed. This is problematic for e.g. virtme-ng which uses an overlayfs file system, causing gup_longterm to appear to fail each time due to a test count mismatch: # Planned tests != run tests (50 != 46) # Totals: pass:24 fail:0 xfail:0 xpass:0 skip:22 error:0 The fix is to simply change the return into a break. Link: https://lkml.kernel.org/r/20260106154547.214907-1-lorenzo.stoakes@oracle.com Fixes: 66bce7afbaca ("selftests/mm: fix test result reporting in gup_longterm") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: David Hildenbrand (Red Hat) <david(a)kernel.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Cc: Mark Brown <broonie(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/gup_longterm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/gup_longterm.c~tools-testing-selftests-fix-gup_longterm-for-unknown-fs +++ a/tools/testing/selftests/mm/gup_longterm.c @@ -179,7 +179,7 @@ static void do_test(int fd, size_t size, if (rw && shared && fs_is_unknown(fs_type)) { ksft_print_msg("Unknown filesystem\n"); result = KSFT_SKIP; - return; + break; } /* * R/O pinning or pinning in a private mapping is always _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-vma-do-not-leak-memory-when-mmap_prepare-swaps-the-file.patch mm-rmap-improve-anon_vma_clone-unlink_anon_vmas-comments-add-asserts.patch mm-rmap-skip-unfaulted-vmas-on-anon_vma-clone-unlink.patch mm-rmap-remove-unnecessary-root-lock-dance-in-anon_vma-clone-unmap.patch mm-rmap-remove-anon_vma_merge-function.patch mm-rmap-make-anon_vma-functions-internal.patch mm-mmap_lock-add-vma_is_attached-helper.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible-fix.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone-fix.patch

21 hours, 36 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-prevent-pcp-corruption-with-smp=n.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: prevent pcp corruption with SMP=n has been removed from the -mm tree. Its filename was mm-page_alloc-prevent-pcp-corruption-with-smp=n.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm/page_alloc: prevent pcp corruption with SMP=n Date: Mon, 05 Jan 2026 16:08:56 +0100 The kernel test robot has reported: BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28 lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0 CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470 Call Trace: <IRQ> __dump_stack (lib/dump_stack.c:95) dump_stack_lvl (lib/dump_stack.c:123) dump_stack (lib/dump_stack.c:130) spin_dump (kernel/locking/spinlock_debug.c:71) do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?) _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138) __free_frozen_pages (mm/page_alloc.c:2973) ___free_pages (mm/page_alloc.c:5295) __free_pages (mm/page_alloc.c:5334) tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290) ? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289) ? rcu_core (kernel/rcu/tree.c:?) rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861) rcu_core_si (kernel/rcu/tree.c:2879) handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623) __irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725) irq_exit_rcu (kernel/softirq.c:741) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052) </IRQ> <TASK> RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) free_pcppages_bulk (mm/page_alloc.c:1494) drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632) __drain_all_pages (mm/page_alloc.c:2731) drain_all_pages (mm/page_alloc.c:2747) kcompactd (mm/compaction.c:3115) kthread (kernel/kthread.c:465) ? __cfi_kcompactd (mm/compaction.c:3166) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork (arch/x86/kernel/process.c:164) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork_asm (arch/x86/entry/entry_64.S:255) </TASK> Matthew has analyzed the report and identified that in drain_page_zone() we are in a section protected by spin_lock(&pcp->lock) and then get an interrupt that attempts spin_trylock() on the same lock. The code is designed to work this way without disabling IRQs and occasionally fail the trylock with a fallback. However, the SMP=n spinlock implementation assumes spin_trylock() will always succeed, and thus it's normally a no-op. Here the enabled lock debugging catches the problem, but otherwise it could cause a corruption of the pcp structure. The problem has been introduced by commit 574907741599 ("mm/page_alloc: leave IRQs enabled for per-cpu page allocations"). The pcp locking scheme recognizes the need for disabling IRQs to prevent nesting spin_trylock() sections on SMP=n, but the need to prevent the nesting in spin_lock() has not been recognized. Fix it by introducing local wrappers that change the spin_lock() to spin_lock_iqsave() with SMP=n and use them in all places that do spin_lock(&pcp->lock). [vbabka(a)suse.cz: add pcp_ prefix to the spin_lock_irqsave wrappers, per Steven] Link: https://lkml.kernel.org/r/20260105-fix-pcp-up-v1-1-5579662d2071@suse.cz Fixes: 574907741599 ("mm/page_alloc: leave IRQs enabled for per-cpu page allocations") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202512101320.e2f2dd6f-lkp@intel.com Analyzed-by: Matthew Wilcox <willy(a)infradead.org> Link: https://lore.kernel.org/all/aUW05pyc9nZkvY-1@casper.infradead.org/ Acked-by: Mel Gorman <mgorman(a)techsingularity.net> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 47 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 8 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-prevent-pcp-corruption-with-smp=n +++ a/mm/page_alloc.c @@ -167,6 +167,33 @@ static inline void __pcp_trylock_noop(un pcp_trylock_finish(UP_flags); \ }) +/* + * With the UP spinlock implementation, when we spin_lock(&pcp->lock) (for i.e. + * a potentially remote cpu drain) and get interrupted by an operation that + * attempts pcp_spin_trylock(), we can't rely on the trylock failure due to UP + * spinlock assumptions making the trylock a no-op. So we have to turn that + * spin_lock() to a spin_lock_irqsave(). This works because on UP there are no + * remote cpu's so we can only be locking the only existing local one. + */ +#if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT_RT) +static inline void __flags_noop(unsigned long *flags) { } +#define pcp_spin_lock_maybe_irqsave(ptr, flags) \ +({ \ + __flags_noop(&(flags)); \ + spin_lock(&(ptr)->lock); \ +}) +#define pcp_spin_unlock_maybe_irqrestore(ptr, flags) \ +({ \ + spin_unlock(&(ptr)->lock); \ + __flags_noop(&(flags)); \ +}) +#else +#define pcp_spin_lock_maybe_irqsave(ptr, flags) \ + spin_lock_irqsave(&(ptr)->lock, flags) +#define pcp_spin_unlock_maybe_irqrestore(ptr, flags) \ + spin_unlock_irqrestore(&(ptr)->lock, flags) +#endif + #ifdef CONFIG_USE_PERCPU_NUMA_NODE_ID DEFINE_PER_CPU(int, numa_node); EXPORT_PER_CPU_SYMBOL(numa_node); @@ -2556,6 +2583,7 @@ static int rmqueue_bulk(struct zone *zon bool decay_pcp_high(struct zone *zone, struct per_cpu_pages *pcp) { int high_min, to_drain, to_drain_batched, batch; + unsigned long UP_flags; bool todo = false; high_min = READ_ONCE(pcp->high_min); @@ -2575,9 +2603,9 @@ bool decay_pcp_high(struct zone *zone, s to_drain = pcp->count - pcp->high; while (to_drain > 0) { to_drain_batched = min(to_drain, batch); - spin_lock(&pcp->lock); + pcp_spin_lock_maybe_irqsave(pcp, UP_flags); free_pcppages_bulk(zone, to_drain_batched, pcp, 0); - spin_unlock(&pcp->lock); + pcp_spin_unlock_maybe_irqrestore(pcp, UP_flags); todo = true; to_drain -= to_drain_batched; @@ -2594,14 +2622,15 @@ bool decay_pcp_high(struct zone *zone, s */ void drain_zone_pages(struct zone *zone, struct per_cpu_pages *pcp) { + unsigned long UP_flags; int to_drain, batch; batch = READ_ONCE(pcp->batch); to_drain = min(pcp->count, batch); if (to_drain > 0) { - spin_lock(&pcp->lock); + pcp_spin_lock_maybe_irqsave(pcp, UP_flags); free_pcppages_bulk(zone, to_drain, pcp, 0); - spin_unlock(&pcp->lock); + pcp_spin_unlock_maybe_irqrestore(pcp, UP_flags); } } #endif @@ -2612,10 +2641,11 @@ void drain_zone_pages(struct zone *zone, static void drain_pages_zone(unsigned int cpu, struct zone *zone) { struct per_cpu_pages *pcp = per_cpu_ptr(zone->per_cpu_pageset, cpu); + unsigned long UP_flags; int count; do { - spin_lock(&pcp->lock); + pcp_spin_lock_maybe_irqsave(pcp, UP_flags); count = pcp->count; if (count) { int to_drain = min(count, @@ -2624,7 +2654,7 @@ static void drain_pages_zone(unsigned in free_pcppages_bulk(zone, to_drain, pcp, 0); count -= to_drain; } - spin_unlock(&pcp->lock); + pcp_spin_unlock_maybe_irqrestore(pcp, UP_flags); } while (count); } @@ -6109,6 +6139,7 @@ static void zone_pcp_update_cacheinfo(st { struct per_cpu_pages *pcp; struct cpu_cacheinfo *cci; + unsigned long UP_flags; pcp = per_cpu_ptr(zone->per_cpu_pageset, cpu); cci = get_cpu_cacheinfo(cpu); @@ -6119,12 +6150,12 @@ static void zone_pcp_update_cacheinfo(st * This can reduce zone lock contention without hurting * cache-hot pages sharing. */ - spin_lock(&pcp->lock); + pcp_spin_lock_maybe_irqsave(pcp, UP_flags); if ((cci->per_cpu_data_slice_size >> PAGE_SHIFT) > 3 * pcp->batch) pcp->flags |= PCPF_FREE_HIGH_BATCH; else pcp->flags &= ~PCPF_FREE_HIGH_BATCH; - spin_unlock(&pcp->lock); + pcp_spin_unlock_maybe_irqrestore(pcp, UP_flags); } void setup_pcp_cacheinfo(unsigned int cpu) _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-page_alloc-thp-prevent-reclaim-for-__gfp_thisnode-thp-allocations.patch mm-page_alloc-ignore-the-exact-initial-compaction-result.patch mm-page_alloc-refactor-the-initial-compaction-handling.patch mm-page_alloc-simplify-__alloc_pages_slowpath-flow.patch

21 hours, 36 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-kmsan-fix-poisoning-of-high-order-non-compound-pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: kmsan: fix poisoning of high-order non-compound pages has been removed from the -mm tree. Its filename was mm-kmsan-fix-poisoning-of-high-order-non-compound-pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: kmsan: fix poisoning of high-order non-compound pages Date: Sun, 4 Jan 2026 13:43:47 +0000 kmsan_free_page() is called by the page allocator's free_pages_prepare() during page freeing. Its job is to poison all the memory covered by the page. It can be called with an order-0 page, a compound high-order page or a non-compound high-order page. But page_size() only works for order-0 and compound pages. For a non-compound high-order page it will incorrectly return PAGE_SIZE. The implication is that the tail pages of a high-order non-compound page do not get poisoned at free, so any invalid access while they are free could go unnoticed. It looks like the pages will be poisoned again at allocation time, so that would bookend the window. Fix this by using the order parameter to calculate the size. Link: https://lkml.kernel.org/r/20260104134348.3544298-1-ryan.roberts@arm.com Fixes: b073d7f8aee4 ("mm: kmsan: maintain KMSAN metadata for page operations") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmsan/shadow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/kmsan/shadow.c~mm-kmsan-fix-poisoning-of-high-order-non-compound-pages +++ a/mm/kmsan/shadow.c @@ -207,7 +207,7 @@ void kmsan_free_page(struct page *page, if (!kmsan_enabled || kmsan_in_runtime()) return; kmsan_enter_runtime(); - kmsan_internal_poison_memory(page_address(page), page_size(page), + kmsan_internal_poison_memory(page_address(page), PAGE_SIZE << order, GFP_KERNEL & ~(__GFP_RECLAIM), KMSAN_POISON_CHECK | KMSAN_POISON_FREE); kmsan_leave_runtime(); _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] tools-testing-selftests-add-forked-un-faulted-vma-merge-tests.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: tools/testing/selftests: add forked (un)/faulted VMA merge tests has been removed from the -mm tree. Its filename was tools-testing-selftests-add-forked-un-faulted-vma-merge-tests.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: tools/testing/selftests: add forked (un)/faulted VMA merge tests Date: Mon, 5 Jan 2026 20:11:50 +0000 Now we correctly handle forked faulted/unfaulted merge on mremap(), exhaustively assert that we handle this correctly. Do this in the less duplicative way by adding a new merge_with_fork fixture and forked/unforked variants, and abstract the forking logic as necessary to avoid code duplication with this also. Link: https://lkml.kernel.org/r/1daf76d89fdb9d96f38a6a0152d8f3c2e9e30ac7.17676382… Fixes: 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: David Hildenbrand (Red Hat) <david(a)kernel.org> Cc: Jann Horn <jannh(a)google.com> Cc: Jeongjun Park <aha310510(a)gmail.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Pedro Falcato <pfalcato(a)suse.de> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yeoreum Yun <yeoreum.yun(a)arm.com> Cc: Harry Yoo <harry.yoo(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/merge.c | 180 ++++++++++++++++++++------- 1 file changed, 139 insertions(+), 41 deletions(-) --- a/tools/testing/selftests/mm/merge.c~tools-testing-selftests-add-forked-un-faulted-vma-merge-tests +++ a/tools/testing/selftests/mm/merge.c @@ -22,12 +22,37 @@ FIXTURE(merge) struct procmap_fd procmap; }; +static char *map_carveout(unsigned int page_size) +{ + return mmap(NULL, 30 * page_size, PROT_NONE, + MAP_ANON | MAP_PRIVATE, -1, 0); +} + +static pid_t do_fork(struct procmap_fd *procmap) +{ + pid_t pid = fork(); + + if (pid == -1) + return -1; + if (pid != 0) { + wait(NULL); + return pid; + } + + /* Reopen for child. */ + if (close_procmap(procmap)) + return -1; + if (open_self_procmap(procmap)) + return -1; + + return 0; +} + FIXTURE_SETUP(merge) { self->page_size = psize(); /* Carve out PROT_NONE region to map over. */ - self->carveout = mmap(NULL, 30 * self->page_size, PROT_NONE, - MAP_ANON | MAP_PRIVATE, -1, 0); + self->carveout = map_carveout(self->page_size); ASSERT_NE(self->carveout, MAP_FAILED); /* Setup PROCMAP_QUERY interface. */ ASSERT_EQ(open_self_procmap(&self->procmap), 0); @@ -36,7 +61,8 @@ FIXTURE_SETUP(merge) FIXTURE_TEARDOWN(merge) { ASSERT_EQ(munmap(self->carveout, 30 * self->page_size), 0); - ASSERT_EQ(close_procmap(&self->procmap), 0); + /* May fail for parent of forked process. */ + close_procmap(&self->procmap); /* * Clear unconditionally, as some tests set this. It is no issue if this * fails (KSM may be disabled for instance). @@ -44,6 +70,44 @@ FIXTURE_TEARDOWN(merge) prctl(PR_SET_MEMORY_MERGE, 0, 0, 0, 0); } +FIXTURE(merge_with_fork) +{ + unsigned int page_size; + char *carveout; + struct procmap_fd procmap; +}; + +FIXTURE_VARIANT(merge_with_fork) +{ + bool forked; +}; + +FIXTURE_VARIANT_ADD(merge_with_fork, forked) +{ + .forked = true, +}; + +FIXTURE_VARIANT_ADD(merge_with_fork, unforked) +{ + .forked = false, +}; + +FIXTURE_SETUP(merge_with_fork) +{ + self->page_size = psize(); + self->carveout = map_carveout(self->page_size); + ASSERT_NE(self->carveout, MAP_FAILED); + ASSERT_EQ(open_self_procmap(&self->procmap), 0); +} + +FIXTURE_TEARDOWN(merge_with_fork) +{ + ASSERT_EQ(munmap(self->carveout, 30 * self->page_size), 0); + ASSERT_EQ(close_procmap(&self->procmap), 0); + /* See above. */ + prctl(PR_SET_MEMORY_MERGE, 0, 0, 0, 0); +} + TEST_F(merge, mprotect_unfaulted_left) { unsigned int page_size = self->page_size; @@ -322,8 +386,8 @@ TEST_F(merge, forked_target_vma) unsigned int page_size = self->page_size; char *carveout = self->carveout; struct procmap_fd *procmap = &self->procmap; - pid_t pid; char *ptr, *ptr2; + pid_t pid; int i; /* @@ -344,19 +408,10 @@ TEST_F(merge, forked_target_vma) */ ptr[0] = 'x'; - pid = fork(); + pid = do_fork(&self->procmap); ASSERT_NE(pid, -1); - - if (pid != 0) { - wait(NULL); + if (pid != 0) return; - } - - /* Child process below: */ - - /* Reopen for child. */ - ASSERT_EQ(close_procmap(&self->procmap), 0); - ASSERT_EQ(open_self_procmap(&self->procmap), 0); /* unCOWing everything does not cause the AVC to go away. */ for (i = 0; i < 5 * page_size; i += page_size) @@ -386,8 +441,8 @@ TEST_F(merge, forked_source_vma) unsigned int page_size = self->page_size; char *carveout = self->carveout; struct procmap_fd *procmap = &self->procmap; - pid_t pid; char *ptr, *ptr2; + pid_t pid; int i; /* @@ -408,19 +463,10 @@ TEST_F(merge, forked_source_vma) */ ptr[0] = 'x'; - pid = fork(); + pid = do_fork(&self->procmap); ASSERT_NE(pid, -1); - - if (pid != 0) { - wait(NULL); + if (pid != 0) return; - } - - /* Child process below: */ - - /* Reopen for child. */ - ASSERT_EQ(close_procmap(&self->procmap), 0); - ASSERT_EQ(open_self_procmap(&self->procmap), 0); /* unCOWing everything does not cause the AVC to go away. */ for (i = 0; i < 5 * page_size; i += page_size) @@ -1171,10 +1217,11 @@ TEST_F(merge, mremap_correct_placed_faul ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size); } -TEST_F(merge, mremap_faulted_to_unfaulted_prev) +TEST_F(merge_with_fork, mremap_faulted_to_unfaulted_prev) { struct procmap_fd *procmap = &self->procmap; unsigned int page_size = self->page_size; + unsigned long offset; char *ptr_a, *ptr_b; /* @@ -1197,6 +1244,14 @@ TEST_F(merge, mremap_faulted_to_unfaulte /* Fault it in. */ ptr_a[0] = 'x'; + if (variant->forked) { + pid_t pid = do_fork(&self->procmap); + + ASSERT_NE(pid, -1); + if (pid != 0) + return; + } + /* * Now move it out of the way so we can place VMA B in position, * unfaulted. @@ -1220,16 +1275,19 @@ TEST_F(merge, mremap_faulted_to_unfaulte &self->carveout[page_size + 3 * page_size]); ASSERT_NE(ptr_a, MAP_FAILED); - /* The VMAs should have merged. */ + /* The VMAs should have merged, if not forked. */ ASSERT_TRUE(find_vma_procmap(procmap, ptr_b)); ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_b); - ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_b + 6 * page_size); + + offset = variant->forked ? 3 * page_size : 6 * page_size; + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_b + offset); } -TEST_F(merge, mremap_faulted_to_unfaulted_next) +TEST_F(merge_with_fork, mremap_faulted_to_unfaulted_next) { struct procmap_fd *procmap = &self->procmap; unsigned int page_size = self->page_size; + unsigned long offset; char *ptr_a, *ptr_b; /* @@ -1253,6 +1311,14 @@ TEST_F(merge, mremap_faulted_to_unfaulte /* Fault it in. */ ptr_a[0] = 'x'; + if (variant->forked) { + pid_t pid = do_fork(&self->procmap); + + ASSERT_NE(pid, -1); + if (pid != 0) + return; + } + /* * Now move it out of the way so we can place VMA B in position, * unfaulted. @@ -1276,16 +1342,18 @@ TEST_F(merge, mremap_faulted_to_unfaulte &self->carveout[page_size]); ASSERT_NE(ptr_a, MAP_FAILED); - /* The VMAs should have merged. */ + /* The VMAs should have merged, if not forked. */ ASSERT_TRUE(find_vma_procmap(procmap, ptr_a)); ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_a); - ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + 6 * page_size); + offset = variant->forked ? 3 * page_size : 6 * page_size; + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + offset); } -TEST_F(merge, mremap_faulted_to_unfaulted_prev_unfaulted_next) +TEST_F(merge_with_fork, mremap_faulted_to_unfaulted_prev_unfaulted_next) { struct procmap_fd *procmap = &self->procmap; unsigned int page_size = self->page_size; + unsigned long offset; char *ptr_a, *ptr_b, *ptr_c; /* @@ -1307,6 +1375,14 @@ TEST_F(merge, mremap_faulted_to_unfaulte /* Fault it in. */ ptr_b[0] = 'x'; + if (variant->forked) { + pid_t pid = do_fork(&self->procmap); + + ASSERT_NE(pid, -1); + if (pid != 0) + return; + } + /* * Now move it out of the way so we can place VMAs A, C in position, * unfaulted. @@ -1337,13 +1413,21 @@ TEST_F(merge, mremap_faulted_to_unfaulte &self->carveout[page_size + 3 * page_size]); ASSERT_NE(ptr_b, MAP_FAILED); - /* The VMAs should have merged. */ + /* The VMAs should have merged, if not forked. */ ASSERT_TRUE(find_vma_procmap(procmap, ptr_a)); ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_a); - ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + 9 * page_size); + offset = variant->forked ? 3 * page_size : 9 * page_size; + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + offset); + + /* If forked, B and C should also not have merged. */ + if (variant->forked) { + ASSERT_TRUE(find_vma_procmap(procmap, ptr_b)); + ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_b); + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_b + 3 * page_size); + } } -TEST_F(merge, mremap_faulted_to_unfaulted_prev_faulted_next) +TEST_F(merge_with_fork, mremap_faulted_to_unfaulted_prev_faulted_next) { struct procmap_fd *procmap = &self->procmap; unsigned int page_size = self->page_size; @@ -1373,6 +1457,14 @@ TEST_F(merge, mremap_faulted_to_unfaulte /* Fault it in. */ ptr_bc[0] = 'x'; + if (variant->forked) { + pid_t pid = do_fork(&self->procmap); + + ASSERT_NE(pid, -1); + if (pid != 0) + return; + } + /* * Now move VMA B out the way (splitting VMA BC) so we can place VMA A * in position, unfaulted, and leave the remainder of the VMA we just @@ -1397,10 +1489,16 @@ TEST_F(merge, mremap_faulted_to_unfaulte &self->carveout[page_size + 3 * page_size]); ASSERT_NE(ptr_b, MAP_FAILED); - /* The VMAs should have merged. */ - ASSERT_TRUE(find_vma_procmap(procmap, ptr_a)); - ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_a); - ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + 9 * page_size); + /* The VMAs should have merged. A,B,C if unforked, B, C if forked. */ + if (variant->forked) { + ASSERT_TRUE(find_vma_procmap(procmap, ptr_b)); + ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_b); + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_b + 6 * page_size); + } else { + ASSERT_TRUE(find_vma_procmap(procmap, ptr_a)); + ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_a); + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + 9 * page_size); + } } TEST_HARNESS_MAIN _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-vma-do-not-leak-memory-when-mmap_prepare-swaps-the-file.patch mm-rmap-improve-anon_vma_clone-unlink_anon_vmas-comments-add-asserts.patch mm-rmap-skip-unfaulted-vmas-on-anon_vma-clone-unlink.patch mm-rmap-remove-unnecessary-root-lock-dance-in-anon_vma-clone-unmap.patch mm-rmap-remove-anon_vma_merge-function.patch mm-rmap-make-anon_vma-functions-internal.patch mm-mmap_lock-add-vma_is_attached-helper.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible-fix.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-vma-enforce-vma-fork-limit-on-unfaultedfaulted-mremap-merge-too.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vma: enforce VMA fork limit on unfaulted,faulted mremap merge too has been removed from the -mm tree. Its filename was mm-vma-enforce-vma-fork-limit-on-unfaultedfaulted-mremap-merge-too.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/vma: enforce VMA fork limit on unfaulted,faulted mremap merge too Date: Mon, 5 Jan 2026 20:11:49 +0000 The is_mergeable_anon_vma() function uses vmg->middle as the source VMA. However when merging a new VMA, this field is NULL. In all cases except mremap(), the new VMA will either be newly established and thus lack an anon_vma, or will be an expansion of an existing VMA thus we do not care about whether VMA is CoW'd or not. In the case of an mremap(), we can end up in a situation where we can accidentally allow an unfaulted/faulted merge with a VMA that has been forked, violating the general rule that we do not permit this for reasons of anon_vma lock scalability. Now we have the ability to be aware of the fact we are copying a VMA and also know which VMA that is, we can explicitly check for this, so do so. This is pertinent since commit 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges"), as this patch permits unfaulted/faulted merges that were previously disallowed running afoul of this issue. While we are here, vma_had_uncowed_parents() is a confusing name, so make it simple and rename it to vma_is_fork_child(). Link: https://lkml.kernel.org/r/6e2b9b3024ae1220961c8b81d74296d4720eaf2b.17676382… Fixes: 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Reviewed-by: Jeongjun Park <aha310510(a)gmail.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: David Hildenbrand (Red Hat) <david(a)kernel.org> Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Pedro Falcato <pfalcato(a)suse.de> Cc: Rik van Riel <riel(a)surriel.com> Cc: Yeoreum Yun <yeoreum.yun(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vma.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) --- a/mm/vma.c~mm-vma-enforce-vma-fork-limit-on-unfaultedfaulted-mremap-merge-too +++ a/mm/vma.c @@ -67,18 +67,13 @@ struct mmap_state { .state = VMA_MERGE_START, \ } -/* - * If, at any point, the VMA had unCoW'd mappings from parents, it will maintain - * more than one anon_vma_chain connecting it to more than one anon_vma. A merge - * would mean a wider range of folios sharing the root anon_vma lock, and thus - * potential lock contention, we do not wish to encourage merging such that this - * scales to a problem. - */ -static bool vma_had_uncowed_parents(struct vm_area_struct *vma) +/* Was this VMA ever forked from a parent, i.e. maybe contains CoW mappings? */ +static bool vma_is_fork_child(struct vm_area_struct *vma) { /* * The list_is_singular() test is to avoid merging VMA cloned from - * parents. This can improve scalability caused by anon_vma lock. + * parents. This can improve scalability caused by the anon_vma root + * lock. */ return vma && vma->anon_vma && !list_is_singular(&vma->anon_vma_chain); } @@ -115,11 +110,19 @@ static bool is_mergeable_anon_vma(struct VM_WARN_ON(src && src_anon != src->anon_vma); /* Case 1 - we will dup_anon_vma() from src into tgt. */ - if (!tgt_anon && src_anon) - return !vma_had_uncowed_parents(src); + if (!tgt_anon && src_anon) { + struct vm_area_struct *copied_from = vmg->copied_from; + + if (vma_is_fork_child(src)) + return false; + if (vma_is_fork_child(copied_from)) + return false; + + return true; + } /* Case 2 - we will simply use tgt's anon_vma. */ if (tgt_anon && !src_anon) - return !vma_had_uncowed_parents(tgt); + return !vma_is_fork_child(tgt); /* Case 3 - the anon_vma's are already shared. */ return src_anon == tgt_anon; } _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-vma-do-not-leak-memory-when-mmap_prepare-swaps-the-file.patch mm-rmap-improve-anon_vma_clone-unlink_anon_vmas-comments-add-asserts.patch mm-rmap-skip-unfaulted-vmas-on-anon_vma-clone-unlink.patch mm-rmap-remove-unnecessary-root-lock-dance-in-anon_vma-clone-unmap.patch mm-rmap-remove-anon_vma_merge-function.patch mm-rmap-make-anon_vma-functions-internal.patch mm-mmap_lock-add-vma_is_attached-helper.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible-fix.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] tools-testing-selftests-add-tests-for-tgt-src-mremap-merges.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: tools/testing/selftests: add tests for !tgt, src mremap() merges has been removed from the -mm tree. Its filename was tools-testing-selftests-add-tests-for-tgt-src-mremap-merges.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: tools/testing/selftests: add tests for !tgt, src mremap() merges Date: Mon, 5 Jan 2026 20:11:48 +0000 Test that mremap()'ing a VMA into a position such that the target VMA on merge is unfaulted and the source faulted is correctly performed. We cover 4 cases: 1. Previous VMA unfaulted: copied -----| v |-----------|.............| | unfaulted |(faulted VMA)| |-----------|.............| prev target = prev, expand prev to cover. 2. Next VMA unfaulted: copied -----| v |.............|-----------| |(faulted VMA)| unfaulted | |.............|-----------| next target = next, expand next to cover. 3. Both adjacent VMAs unfaulted: copied -----| v |-----------|.............|-----------| | unfaulted |(faulted VMA)| unfaulted | |-----------|.............|-----------| prev next target = prev, expand prev to cover. 4. prev unfaulted, next faulted: copied -----| v |-----------|.............|-----------| | unfaulted |(faulted VMA)| faulted | |-----------|.............|-----------| prev next target = prev, expand prev to cover. Essentially equivalent to 3, but with additional requirement that next's anon_vma is the same as the copied VMA's. Each of these are performed with MREMAP_DONTUNMAP set, which will cause a KASAN assert for UAF or an assert on zero refcount anon_vma if a bug exists with correctly propagating anon_vma state in each scenario. Link: https://lkml.kernel.org/r/f903af2930c7c2c6e0948c886b58d0f42d8e8ba3.17676382… Fixes: 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: David Hildenbrand (Red Hat) <david(a)kernel.org> Cc: Jann Horn <jannh(a)google.com> Cc: Jeongjun Park <aha310510(a)gmail.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Pedro Falcato <pfalcato(a)suse.de> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yeoreum Yun <yeoreum.yun(a)arm.com> Cc: Harry Yoo <harry.yoo(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/merge.c | 232 +++++++++++++++++++++++++++ 1 file changed, 232 insertions(+) --- a/tools/testing/selftests/mm/merge.c~tools-testing-selftests-add-tests-for-tgt-src-mremap-merges +++ a/tools/testing/selftests/mm/merge.c @@ -1171,4 +1171,236 @@ TEST_F(merge, mremap_correct_placed_faul ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr + 15 * page_size); } +TEST_F(merge, mremap_faulted_to_unfaulted_prev) +{ + struct procmap_fd *procmap = &self->procmap; + unsigned int page_size = self->page_size; + char *ptr_a, *ptr_b; + + /* + * mremap() such that A and B merge: + * + * |------------| + * | \ | + * |-----------| | / |---------| + * | unfaulted | v \ | faulted | + * |-----------| / |---------| + * B \ A + */ + + /* Map VMA A into place. */ + ptr_a = mmap(&self->carveout[page_size + 3 * page_size], + 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_a, MAP_FAILED); + /* Fault it in. */ + ptr_a[0] = 'x'; + + /* + * Now move it out of the way so we can place VMA B in position, + * unfaulted. + */ + ptr_a = mremap(ptr_a, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE, &self->carveout[20 * page_size]); + ASSERT_NE(ptr_a, MAP_FAILED); + + /* Map VMA B into place. */ + ptr_b = mmap(&self->carveout[page_size], 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_b, MAP_FAILED); + + /* + * Now move VMA A into position with MREMAP_DONTUNMAP to catch incorrect + * anon_vma propagation. + */ + ptr_a = mremap(ptr_a, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE | MREMAP_DONTUNMAP, + &self->carveout[page_size + 3 * page_size]); + ASSERT_NE(ptr_a, MAP_FAILED); + + /* The VMAs should have merged. */ + ASSERT_TRUE(find_vma_procmap(procmap, ptr_b)); + ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_b); + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_b + 6 * page_size); +} + +TEST_F(merge, mremap_faulted_to_unfaulted_next) +{ + struct procmap_fd *procmap = &self->procmap; + unsigned int page_size = self->page_size; + char *ptr_a, *ptr_b; + + /* + * mremap() such that A and B merge: + * + * |---------------------------| + * | \ | + * | |-----------| / |---------| + * v | unfaulted | \ | faulted | + * |-----------| / |---------| + * B \ A + * + * Then unmap VMA A to trigger the bug. + */ + + /* Map VMA A into place. */ + ptr_a = mmap(&self->carveout[page_size], 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_a, MAP_FAILED); + /* Fault it in. */ + ptr_a[0] = 'x'; + + /* + * Now move it out of the way so we can place VMA B in position, + * unfaulted. + */ + ptr_a = mremap(ptr_a, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE, &self->carveout[20 * page_size]); + ASSERT_NE(ptr_a, MAP_FAILED); + + /* Map VMA B into place. */ + ptr_b = mmap(&self->carveout[page_size + 3 * page_size], 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_b, MAP_FAILED); + + /* + * Now move VMA A into position with MREMAP_DONTUNMAP to catch incorrect + * anon_vma propagation. + */ + ptr_a = mremap(ptr_a, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE | MREMAP_DONTUNMAP, + &self->carveout[page_size]); + ASSERT_NE(ptr_a, MAP_FAILED); + + /* The VMAs should have merged. */ + ASSERT_TRUE(find_vma_procmap(procmap, ptr_a)); + ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_a); + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + 6 * page_size); +} + +TEST_F(merge, mremap_faulted_to_unfaulted_prev_unfaulted_next) +{ + struct procmap_fd *procmap = &self->procmap; + unsigned int page_size = self->page_size; + char *ptr_a, *ptr_b, *ptr_c; + + /* + * mremap() with MREMAP_DONTUNMAP such that A, B and C merge: + * + * |---------------------------| + * | \ | + * |-----------| | |-----------| / |---------| + * | unfaulted | v | unfaulted | \ | faulted | + * |-----------| |-----------| / |---------| + * A C \ B + */ + + /* Map VMA B into place. */ + ptr_b = mmap(&self->carveout[page_size + 3 * page_size], 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_b, MAP_FAILED); + /* Fault it in. */ + ptr_b[0] = 'x'; + + /* + * Now move it out of the way so we can place VMAs A, C in position, + * unfaulted. + */ + ptr_b = mremap(ptr_b, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE, &self->carveout[20 * page_size]); + ASSERT_NE(ptr_b, MAP_FAILED); + + /* Map VMA A into place. */ + + ptr_a = mmap(&self->carveout[page_size], 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_a, MAP_FAILED); + + /* Map VMA C into place. */ + ptr_c = mmap(&self->carveout[page_size + 3 * page_size + 3 * page_size], + 3 * page_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_c, MAP_FAILED); + + /* + * Now move VMA B into position with MREMAP_DONTUNMAP to catch incorrect + * anon_vma propagation. + */ + ptr_b = mremap(ptr_b, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE | MREMAP_DONTUNMAP, + &self->carveout[page_size + 3 * page_size]); + ASSERT_NE(ptr_b, MAP_FAILED); + + /* The VMAs should have merged. */ + ASSERT_TRUE(find_vma_procmap(procmap, ptr_a)); + ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_a); + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + 9 * page_size); +} + +TEST_F(merge, mremap_faulted_to_unfaulted_prev_faulted_next) +{ + struct procmap_fd *procmap = &self->procmap; + unsigned int page_size = self->page_size; + char *ptr_a, *ptr_b, *ptr_bc; + + /* + * mremap() with MREMAP_DONTUNMAP such that A, B and C merge: + * + * |---------------------------| + * | \ | + * |-----------| | |-----------| / |---------| + * | unfaulted | v | faulted | \ | faulted | + * |-----------| |-----------| / |---------| + * A C \ B + */ + + /* + * Map VMA B and C into place. We have to map them together so their + * anon_vma is the same and the vma->vm_pgoff's are correctly aligned. + */ + ptr_bc = mmap(&self->carveout[page_size + 3 * page_size], + 3 * page_size + 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_bc, MAP_FAILED); + + /* Fault it in. */ + ptr_bc[0] = 'x'; + + /* + * Now move VMA B out the way (splitting VMA BC) so we can place VMA A + * in position, unfaulted, and leave the remainder of the VMA we just + * moved in place, faulted, as VMA C. + */ + ptr_b = mremap(ptr_bc, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE, &self->carveout[20 * page_size]); + ASSERT_NE(ptr_b, MAP_FAILED); + + /* Map VMA A into place. */ + ptr_a = mmap(&self->carveout[page_size], 3 * page_size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, -1, 0); + ASSERT_NE(ptr_a, MAP_FAILED); + + /* + * Now move VMA B into position with MREMAP_DONTUNMAP to catch incorrect + * anon_vma propagation. + */ + ptr_b = mremap(ptr_b, 3 * page_size, 3 * page_size, + MREMAP_FIXED | MREMAP_MAYMOVE | MREMAP_DONTUNMAP, + &self->carveout[page_size + 3 * page_size]); + ASSERT_NE(ptr_b, MAP_FAILED); + + /* The VMAs should have merged. */ + ASSERT_TRUE(find_vma_procmap(procmap, ptr_a)); + ASSERT_EQ(procmap->query.vma_start, (unsigned long)ptr_a); + ASSERT_EQ(procmap->query.vma_end, (unsigned long)ptr_a + 9 * page_size); +} + TEST_HARNESS_MAIN _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-vma-do-not-leak-memory-when-mmap_prepare-swaps-the-file.patch mm-rmap-improve-anon_vma_clone-unlink_anon_vmas-comments-add-asserts.patch mm-rmap-skip-unfaulted-vmas-on-anon_vma-clone-unlink.patch mm-rmap-remove-unnecessary-root-lock-dance-in-anon_vma-clone-unmap.patch mm-rmap-remove-anon_vma_merge-function.patch mm-rmap-make-anon_vma-functions-internal.patch mm-mmap_lock-add-vma_is_attached-helper.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible-fix.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-vma-fix-anon_vma-uaf-on-mremap-faulted-unfaulted-merge.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge has been removed from the -mm tree. Its filename was mm-vma-fix-anon_vma-uaf-on-mremap-faulted-unfaulted-merge.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge Date: Mon, 5 Jan 2026 20:11:47 +0000 Patch series "mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge", v2. Commit 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges") introduced the ability to merge previously unavailable VMA merge scenarios. However, it is handling merges incorrectly when it comes to mremap() of a faulted VMA adjacent to an unfaulted VMA. The issues arise in three cases: 1. Previous VMA unfaulted: copied -----| v |-----------|.............| | unfaulted |(faulted VMA)| |-----------|.............| prev 2. Next VMA unfaulted: copied -----| v |.............|-----------| |(faulted VMA)| unfaulted | |.............|-----------| next 3. Both adjacent VMAs unfaulted: copied -----| v |-----------|.............|-----------| | unfaulted |(faulted VMA)| unfaulted | |-----------|.............|-----------| prev next This series fixes each of these cases, and introduces self tests to assert that the issues are corrected. I also test a further case which was already handled, to assert that my changes continues to correctly handle it: 4. prev unfaulted, next faulted: copied -----| v |-----------|.............|-----------| | unfaulted |(faulted VMA)| faulted | |-----------|.............|-----------| prev next This bug was discovered via a syzbot report, linked to in the first patch in the series, I confirmed that this series fixes the bug. I also discovered that we are failing to check that the faulted VMA was not forked when merging a copied VMA in cases 1-3 above, an issue this series also addresses. I also added self tests to assert that this is resolved (and confirmed that the tests failed prior to this). I also cleaned up vma_expand() as part of this work, renamed vma_had_uncowed_parents() to vma_is_fork_child() as the previous name was unduly confusing, and simplified the comments around this function. This patch (of 4): Commit 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges") introduced the ability to merge previously unavailable VMA merge scenarios. The key piece of logic introduced was the ability to merge a faulted VMA immediately next to an unfaulted VMA, which relies upon dup_anon_vma() to correctly handle anon_vma state. In the case of the merge of an existing VMA (that is changing properties of a VMA and then merging if those properties are shared by adjacent VMAs), dup_anon_vma() is invoked correctly. However in the case of the merge of a new VMA, a corner case peculiar to mremap() was missed. The issue is that vma_expand() only performs dup_anon_vma() if the target (the VMA that will ultimately become the merged VMA): is not the next VMA, i.e. the one that appears after the range in which the new VMA is to be established. A key insight here is that in all other cases other than mremap(), a new VMA merge either expands an existing VMA, meaning that the target VMA will be that VMA, or would have anon_vma be NULL. Specifically: * __mmap_region() - no anon_vma in place, initial mapping. * do_brk_flags() - expanding an existing VMA. * vma_merge_extend() - expanding an existing VMA. * relocate_vma_down() - no anon_vma in place, initial mapping. In addition, we are in the unique situation of needing to duplicate anon_vma state from a VMA that is neither the previous or next VMA being merged with. dup_anon_vma() deals exclusively with the target=unfaulted, src=faulted case. This leaves four possibilities, in each case where the copied VMA is faulted: 1. Previous VMA unfaulted: copied -----| v |-----------|.............| | unfaulted |(faulted VMA)| |-----------|.............| prev target = prev, expand prev to cover. 2. Next VMA unfaulted: copied -----| v |.............|-----------| |(faulted VMA)| unfaulted | |.............|-----------| next target = next, expand next to cover. 3. Both adjacent VMAs unfaulted: copied -----| v |-----------|.............|-----------| | unfaulted |(faulted VMA)| unfaulted | |-----------|.............|-----------| prev next target = prev, expand prev to cover. 4. prev unfaulted, next faulted: copied -----| v |-----------|.............|-----------| | unfaulted |(faulted VMA)| faulted | |-----------|.............|-----------| prev next target = prev, expand prev to cover. Essentially equivalent to 3, but with additional requirement that next's anon_vma is the same as the copied VMA's. This is covered by the existing logic. To account for this very explicitly, we introduce vma_merge_copied_range(), which sets a newly introduced vmg->copied_from field, then invokes vma_merge_new_range() which handles the rest of the logic. We then update the key vma_expand() function to clean up the logic and make what's going on clearer, making the 'remove next' case less special, before invoking dup_anon_vma() unconditionally should we be copying from a VMA. Note that in case 3, the if (remove_next) ... branch will be a no-op, as next=src in this instance and src is unfaulted. In case 4, it won't be, but since in this instance next=src and it is faulted, this will have required tgt=faulted, src=faulted to be compatible, meaning that next->anon_vma == vmg->copied_from->anon_vma, and thus a single dup_anon_vma() of next suffices to copy anon_vma state for the copied-from VMA also. If we are copying from a VMA in a successful merge we must _always_ propagate anon_vma state. This issue can be observed most directly by invoked mremap() to move around a VMA and cause this kind of merge with the MREMAP_DONTUNMAP flag specified. This will result in unlink_anon_vmas() being called after failing to duplicate anon_vma state to the target VMA, which results in the anon_vma itself being freed with folios still possessing dangling pointers to the anon_vma and thus a use-after-free bug. This bug was discovered via a syzbot report, which this patch resolves. We further make a change to update the mergeable anon_vma check to assert the copied-from anon_vma did not have CoW parents, as otherwise dup_anon_vma() might incorrectly propagate CoW ancestors from the next VMA in case 4 despite the anon_vma's being identical for both VMAs. Link: https://lkml.kernel.org/r/cover.1767638272.git.lorenzo.stoakes@oracle.com Link: https://lkml.kernel.org/r/b7930ad2b1503a657e29fe928eb33061d7eadf5b.17676382… Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Fixes: 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges") Reported-by: syzbot+b165fc2e11771c66d8ba(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/694a2745.050a0220.19928e.0017.GAE@google.com/ Reported-by: syzbot+5272541ccbbb14e2ec30(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/694e3dc6.050a0220.35954c.0066.GAE@google.com/ Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Reviewed-by: Jeongjun Park <aha310510(a)gmail.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: David Hildenbrand (Red Hat) <david(a)kernel.org> Cc: Jann Horn <jannh(a)google.com> Cc: Yeoreum Yun <yeoreum.yun(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Cc: Pedro Falcato <pfalcato(a)suse.de> Cc: Rik van Riel <riel(a)surriel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vma.c | 84 +++++++++++++++++++++++++++++++++++++---------------- mm/vma.h | 3 + 2 files changed, 62 insertions(+), 25 deletions(-) --- a/mm/vma.c~mm-vma-fix-anon_vma-uaf-on-mremap-faulted-unfaulted-merge +++ a/mm/vma.c @@ -829,6 +829,8 @@ static __must_check struct vm_area_struc VM_WARN_ON_VMG(middle && !(vma_iter_addr(vmg->vmi) >= middle->vm_start && vma_iter_addr(vmg->vmi) < middle->vm_end), vmg); + /* An existing merge can never be used by the mremap() logic. */ + VM_WARN_ON_VMG(vmg->copied_from, vmg); vmg->state = VMA_MERGE_NOMERGE; @@ -1099,6 +1101,33 @@ struct vm_area_struct *vma_merge_new_ran } /* + * vma_merge_copied_range - Attempt to merge a VMA that is being copied by + * mremap() + * + * @vmg: Describes the VMA we are adding, in the copied-to range @vmg->start to + * @vmg->end (exclusive), which we try to merge with any adjacent VMAs if + * possible. + * + * vmg->prev, next, start, end, pgoff should all be relative to the COPIED TO + * range, i.e. the target range for the VMA. + * + * Returns: In instances where no merge was possible, NULL. Otherwise, a pointer + * to the VMA we expanded. + * + * ASSUMPTIONS: Same as vma_merge_new_range(), except vmg->middle must contain + * the copied-from VMA. + */ +static struct vm_area_struct *vma_merge_copied_range(struct vma_merge_struct *vmg) +{ + /* We must have a copied-from VMA. */ + VM_WARN_ON_VMG(!vmg->middle, vmg); + + vmg->copied_from = vmg->middle; + vmg->middle = NULL; + return vma_merge_new_range(vmg); +} + +/* * vma_expand - Expand an existing VMA * * @vmg: Describes a VMA expansion operation. @@ -1117,46 +1146,52 @@ struct vm_area_struct *vma_merge_new_ran int vma_expand(struct vma_merge_struct *vmg) { struct vm_area_struct *anon_dup = NULL; - bool remove_next = false; struct vm_area_struct *target = vmg->target; struct vm_area_struct *next = vmg->next; + bool remove_next = false; vm_flags_t sticky_flags; - - sticky_flags = vmg->vm_flags & VM_STICKY; - sticky_flags |= target->vm_flags & VM_STICKY; - - VM_WARN_ON_VMG(!target, vmg); + int ret = 0; mmap_assert_write_locked(vmg->mm); - vma_start_write(target); - if (next && (target != next) && (vmg->end == next->vm_end)) { - int ret; - sticky_flags |= next->vm_flags & VM_STICKY; + if (next && target != next && vmg->end == next->vm_end) remove_next = true; - /* This should already have been checked by this point. */ - VM_WARN_ON_VMG(!can_merge_remove_vma(next), vmg); - vma_start_write(next); - /* - * In this case we don't report OOM, so vmg->give_up_on_mm is - * safe. - */ - ret = dup_anon_vma(target, next, &anon_dup); - if (ret) - return ret; - } + /* We must have a target. */ + VM_WARN_ON_VMG(!target, vmg); + /* This should have already been checked by this point. */ + VM_WARN_ON_VMG(remove_next && !can_merge_remove_vma(next), vmg); /* Not merging but overwriting any part of next is not handled. */ VM_WARN_ON_VMG(next && !remove_next && next != target && vmg->end > next->vm_start, vmg); - /* Only handles expanding */ + /* Only handles expanding. */ VM_WARN_ON_VMG(target->vm_start < vmg->start || target->vm_end > vmg->end, vmg); + sticky_flags = vmg->vm_flags & VM_STICKY; + sticky_flags |= target->vm_flags & VM_STICKY; if (remove_next) - vmg->__remove_next = true; + sticky_flags |= next->vm_flags & VM_STICKY; + + /* + * If we are removing the next VMA or copying from a VMA + * (e.g. mremap()'ing), we must propagate anon_vma state. + * + * Note that, by convention, callers ignore OOM for this case, so + * we don't need to account for vmg->give_up_on_mm here. + */ + if (remove_next) + ret = dup_anon_vma(target, next, &anon_dup); + if (!ret && vmg->copied_from) + ret = dup_anon_vma(target, vmg->copied_from, &anon_dup); + if (ret) + return ret; + if (remove_next) { + vma_start_write(next); + vmg->__remove_next = true; + } if (commit_merge(vmg)) goto nomem; @@ -1828,10 +1863,9 @@ struct vm_area_struct *copy_vma(struct v if (new_vma && new_vma->vm_start < addr + len) return NULL; /* should never get here */ - vmg.middle = NULL; /* New VMA range. */ vmg.pgoff = pgoff; vmg.next = vma_iter_next_rewind(&vmi, NULL); - new_vma = vma_merge_new_range(&vmg); + new_vma = vma_merge_copied_range(&vmg); if (new_vma) { /* --- a/mm/vma.h~mm-vma-fix-anon_vma-uaf-on-mremap-faulted-unfaulted-merge +++ a/mm/vma.h @@ -106,6 +106,9 @@ struct vma_merge_struct { struct anon_vma_name *anon_name; enum vma_merge_state state; + /* If copied from (i.e. mremap()'d) the VMA from which we are copying. */ + struct vm_area_struct *copied_from; + /* Flags which callers can use to modify merge behaviour: */ /* _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-vma-do-not-leak-memory-when-mmap_prepare-swaps-the-file.patch mm-rmap-improve-anon_vma_clone-unlink_anon_vmas-comments-add-asserts.patch mm-rmap-skip-unfaulted-vmas-on-anon_vma-clone-unlink.patch mm-rmap-remove-unnecessary-root-lock-dance-in-anon_vma-clone-unmap.patch mm-rmap-remove-anon_vma_merge-function.patch mm-rmap-make-anon_vma-functions-internal.patch mm-mmap_lock-add-vma_is_attached-helper.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible.patch mm-rmap-allocate-anon_vma_chain-objects-unlocked-when-possible-fix.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone.patch mm-rmap-separate-out-fork-only-logic-on-anon_vma_clone-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-zswap-fix-error-pointer-free-in-zswap_cpu_comp_prepare.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() has been removed from the -mm tree. Its filename was mm-zswap-fix-error-pointer-free-in-zswap_cpu_comp_prepare.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Pavel Butsykin <pbutsykin(a)cloudlinux.com> Subject: mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() Date: Wed, 31 Dec 2025 11:46:38 +0400 crypto_alloc_acomp_node() may return ERR_PTR(), but the fail path checks only for NULL and can pass an error pointer to crypto_free_acomp(). Use IS_ERR_OR_NULL() to only free valid acomp instances. Link: https://lkml.kernel.org/r/20251231074638.2564302-1-pbutsykin@cloudlinux.com Fixes: 779b9955f643 ("mm: zswap: move allocations during CPU init outside the lock") Signed-off-by: Pavel Butsykin <pbutsykin(a)cloudlinux.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Acked-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/zswap.c~mm-zswap-fix-error-pointer-free-in-zswap_cpu_comp_prepare +++ a/mm/zswap.c @@ -787,7 +787,7 @@ static int zswap_cpu_comp_prepare(unsign return 0; fail: - if (acomp) + if (!IS_ERR_OR_NULL(acomp)) crypto_free_acomp(acomp); kfree(buffer); return ret; _ Patches currently in -mm which might be from pbutsykin(a)cloudlinux.com are

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-sysfs-scheme-cleanup-access_pattern-subdirs-on-scheme-dir-setup-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure has been removed from the -mm tree. Its filename was mm-damon-sysfs-scheme-cleanup-access_pattern-subdirs-on-scheme-dir-setup-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure Date: Wed, 24 Dec 2025 18:30:37 -0800 When a DAMOS-scheme DAMON sysfs directory setup fails after setup of access_pattern/ directory, subdirectories of access_pattern/ directory are not cleaned up. As a result, DAMON sysfs interface is nearly broken until the system reboots, and the memory for the unremoved directory is leaked. Cleanup the directories under such failures. Link: https://lkml.kernel.org/r/20251225023043.18579-5-sj@kernel.org Fixes: 9bbb820a5bd5 ("mm/damon/sysfs: support DAMOS quotas") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: chongjiapeng <jiapeng.chong(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> # 5.18.x Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs-schemes.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/mm/damon/sysfs-schemes.c~mm-damon-sysfs-scheme-cleanup-access_pattern-subdirs-on-scheme-dir-setup-failure +++ a/mm/damon/sysfs-schemes.c @@ -2152,7 +2152,7 @@ static int damon_sysfs_scheme_add_dirs(s return err; err = damos_sysfs_set_dests(scheme); if (err) - goto put_access_pattern_out; + goto rmdir_put_access_pattern_out; err = damon_sysfs_scheme_set_quotas(scheme); if (err) goto put_dests_out; @@ -2190,7 +2190,8 @@ rmdir_put_quotas_access_pattern_out: put_dests_out: kobject_put(&scheme->dests->kobj); scheme->dests = NULL; -put_access_pattern_out: +rmdir_put_access_pattern_out: + damon_sysfs_access_pattern_rm_dirs(scheme->access_pattern); kobject_put(&scheme->access_pattern->kobj); scheme->access_pattern = NULL; return err; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-introduce-nr_snapshots-damos-stat.patch mm-damon-sysfs-schemes-introduce-nr_snapshots-damos-stat-file.patch docs-mm-damon-design-update-for-nr_snapshots-damos-stat.patch docs-admin-guide-mm-damon-usage-update-for-nr_snapshots-damos-stat.patch docs-abi-damon-update-for-nr_snapshots-damos-stat.patch mm-damon-update-damos-kerneldoc-for-stat-field.patch mm-damon-core-implement-max_nr_snapshots.patch mm-damon-sysfs-schemes-implement-max_nr_snapshots-file.patch docs-mm-damon-design-update-for-max_nr_snapshots.patch docs-admin-guide-mm-damon-usage-update-for-max_nr_snapshots.patch docs-abi-damon-update-for-max_nr_snapshots.patch mm-damon-core-add-trace-point-for-damos-stat-per-apply-interval.patch mm-damon-tests-core-kunit-add-test-cases-for-multiple-regions-in-damon_test_split_regions_of-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-sysfs-scheme-cleanup-quotas-subdirs-on-scheme-dir-setup-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure has been removed from the -mm tree. Its filename was mm-damon-sysfs-scheme-cleanup-quotas-subdirs-on-scheme-dir-setup-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure Date: Wed, 24 Dec 2025 18:30:36 -0800 When a DAMOS-scheme DAMON sysfs directory setup fails after setup of quotas/ directory, subdirectories of quotas/ directory are not cleaned up. As a result, DAMON sysfs interface is nearly broken until the system reboots, and the memory for the unremoved directory is leaked. Cleanup the directories under such failures. Link: https://lkml.kernel.org/r/20251225023043.18579-4-sj@kernel.org Fixes: 1b32234ab087 ("mm/damon/sysfs: support DAMOS watermarks") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: chongjiapeng <jiapeng.chong(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> # 5.18.x Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs-schemes.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/mm/damon/sysfs-schemes.c~mm-damon-sysfs-scheme-cleanup-quotas-subdirs-on-scheme-dir-setup-failure +++ a/mm/damon/sysfs-schemes.c @@ -2158,7 +2158,7 @@ static int damon_sysfs_scheme_add_dirs(s goto put_dests_out; err = damon_sysfs_scheme_set_watermarks(scheme); if (err) - goto put_quotas_access_pattern_out; + goto rmdir_put_quotas_access_pattern_out; err = damos_sysfs_set_filter_dirs(scheme); if (err) goto put_watermarks_quotas_access_pattern_out; @@ -2183,7 +2183,8 @@ put_filters_watermarks_quotas_access_pat put_watermarks_quotas_access_pattern_out: kobject_put(&scheme->watermarks->kobj); scheme->watermarks = NULL; -put_quotas_access_pattern_out: +rmdir_put_quotas_access_pattern_out: + damon_sysfs_quotas_rm_dirs(scheme->quotas); kobject_put(&scheme->quotas->kobj); scheme->quotas = NULL; put_dests_out: _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-introduce-nr_snapshots-damos-stat.patch mm-damon-sysfs-schemes-introduce-nr_snapshots-damos-stat-file.patch docs-mm-damon-design-update-for-nr_snapshots-damos-stat.patch docs-admin-guide-mm-damon-usage-update-for-nr_snapshots-damos-stat.patch docs-abi-damon-update-for-nr_snapshots-damos-stat.patch mm-damon-update-damos-kerneldoc-for-stat-field.patch mm-damon-core-implement-max_nr_snapshots.patch mm-damon-sysfs-schemes-implement-max_nr_snapshots-file.patch docs-mm-damon-design-update-for-max_nr_snapshots.patch docs-admin-guide-mm-damon-usage-update-for-max_nr_snapshots.patch docs-abi-damon-update-for-max_nr_snapshots.patch mm-damon-core-add-trace-point-for-damos-stat-per-apply-interval.patch mm-damon-tests-core-kunit-add-test-cases-for-multiple-regions-in-damon_test_split_regions_of-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-sysfs-cleanup-attrs-subdirs-on-context-dir-setup-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure has been removed from the -mm tree. Its filename was mm-damon-sysfs-cleanup-attrs-subdirs-on-context-dir-setup-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure Date: Wed, 24 Dec 2025 18:30:35 -0800 When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. As a result, DAMON sysfs interface is nearly broken until the system reboots, and the memory for the unremoved directory is leaked. Cleanup the directories under such failures. Link: https://lkml.kernel.org/r/20251225023043.18579-3-sj@kernel.org Fixes: c951cd3b8901 ("mm/damon: implement a minimal stub for sysfs-based DAMON interface") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: chongjiapeng <jiapeng.chong(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> # 5.18.x Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/mm/damon/sysfs.c~mm-damon-sysfs-cleanup-attrs-subdirs-on-context-dir-setup-failure +++ a/mm/damon/sysfs.c @@ -950,7 +950,7 @@ static int damon_sysfs_context_add_dirs( err = damon_sysfs_context_set_targets(context); if (err) - goto put_attrs_out; + goto rmdir_put_attrs_out; err = damon_sysfs_context_set_schemes(context); if (err) @@ -960,7 +960,8 @@ static int damon_sysfs_context_add_dirs( put_targets_attrs_out: kobject_put(&context->targets->kobj); context->targets = NULL; -put_attrs_out: +rmdir_put_attrs_out: + damon_sysfs_attrs_rm_dirs(context->attrs); kobject_put(&context->attrs->kobj); context->attrs = NULL; return err; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-introduce-nr_snapshots-damos-stat.patch mm-damon-sysfs-schemes-introduce-nr_snapshots-damos-stat-file.patch docs-mm-damon-design-update-for-nr_snapshots-damos-stat.patch docs-admin-guide-mm-damon-usage-update-for-nr_snapshots-damos-stat.patch docs-abi-damon-update-for-nr_snapshots-damos-stat.patch mm-damon-update-damos-kerneldoc-for-stat-field.patch mm-damon-core-implement-max_nr_snapshots.patch mm-damon-sysfs-schemes-implement-max_nr_snapshots-file.patch docs-mm-damon-design-update-for-max_nr_snapshots.patch docs-admin-guide-mm-damon-usage-update-for-max_nr_snapshots.patch docs-abi-damon-update-for-max_nr_snapshots.patch mm-damon-core-add-trace-point-for-damos-stat-per-apply-interval.patch mm-damon-tests-core-kunit-add-test-cases-for-multiple-regions-in-damon_test_split_regions_of-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-sysfs-cleanup-intervals-subdirs-on-attrs-dir-setup-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/sysfs: cleanup intervals subdirs on attrs dir setup failure has been removed from the -mm tree. Its filename was mm-damon-sysfs-cleanup-intervals-subdirs-on-attrs-dir-setup-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs: cleanup intervals subdirs on attrs dir setup failure Date: Wed, 24 Dec 2025 18:30:34 -0800 Patch series "mm/damon/sysfs: free setup failures generated zombie sub-sub dirs". Some DAMON sysfs directory setup functions generates its sub and sub-sub directories. For example, 'monitoring_attrs/' directory setup creates 'intervals/' and 'intervals/intervals_goal/' directories under 'monitoring_attrs/' directory. When such sub-sub directories are successfully made but followup setup is failed, the setup function should recursively clean up the subdirectories. However, such setup functions are only dereferencing sub directory reference counters. As a result, under certain setup failures, the sub-sub directories keep having non-zero reference counters. It means the directories cannot be removed like zombies, and the memory for the directories cannot be freed. The user impact of this issue is limited due to the following reasons. When the issue happens, the zombie directories are still taking the path. Hence attempts to generate the directories again will fail, without additional memory leak. This means the upper bound memory leak is limited. Nonetheless this also implies controlling DAMON with a feature that requires the setup-failed sysfs files will be impossible until the system reboots. Also, the setup operations are quite simple. The certain failures would hence only rarely happen, and are difficult to artificially trigger. This patch (of 4): When attrs/ DAMON sysfs directory setup is failed after setup of intervals/ directory, intervals/intervals_goal/ directory is not cleaned up. As a result, DAMON sysfs interface is nearly broken until the system reboots, and the memory for the unremoved directory is leaked. Cleanup the directory under such failures. Link: https://lkml.kernel.org/r/20251225023043.18579-1-sj@kernel.org Link: https://lkml.kernel.org/r/20251225023043.18579-2-sj@kernel.org Fixes: 8fbbcbeaafeb ("mm/damon/sysfs: implement intervals tuning goal directory") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: chongjiapeng <jiapeng.chong(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> # 6.15.x Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/damon/sysfs.c~mm-damon-sysfs-cleanup-intervals-subdirs-on-attrs-dir-setup-failure +++ a/mm/damon/sysfs.c @@ -792,7 +792,7 @@ static int damon_sysfs_attrs_add_dirs(st nr_regions_range = damon_sysfs_ul_range_alloc(10, 1000); if (!nr_regions_range) { err = -ENOMEM; - goto put_intervals_out; + goto rmdir_put_intervals_out; } err = kobject_init_and_add(&nr_regions_range->kobj, @@ -806,6 +806,8 @@ static int damon_sysfs_attrs_add_dirs(st put_nr_regions_intervals_out: kobject_put(&nr_regions_range->kobj); attrs->nr_regions_range = NULL; +rmdir_put_intervals_out: + damon_sysfs_intervals_rm_dirs(intervals); put_intervals_out: kobject_put(&intervals->kobj); attrs->intervals = NULL; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-introduce-nr_snapshots-damos-stat.patch mm-damon-sysfs-schemes-introduce-nr_snapshots-damos-stat-file.patch docs-mm-damon-design-update-for-nr_snapshots-damos-stat.patch docs-admin-guide-mm-damon-usage-update-for-nr_snapshots-damos-stat.patch docs-abi-damon-update-for-nr_snapshots-damos-stat.patch mm-damon-update-damos-kerneldoc-for-stat-field.patch mm-damon-core-implement-max_nr_snapshots.patch mm-damon-sysfs-schemes-implement-max_nr_snapshots-file.patch docs-mm-damon-design-update-for-max_nr_snapshots.patch docs-admin-guide-mm-damon-usage-update-for-max_nr_snapshots.patch docs-abi-damon-update-for-max_nr_snapshots.patch mm-damon-core-add-trace-point-for-damos-stat-per-apply-interval.patch mm-damon-tests-core-kunit-add-test-cases-for-multiple-regions-in-damon_test_split_regions_of-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-remove-call_control-in-inactive-contexts.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: remove call_control in inactive contexts has been removed from the -mm tree. Its filename was mm-damon-core-remove-call_control-in-inactive-contexts.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: remove call_control in inactive contexts Date: Tue, 30 Dec 2025 17:23:13 -0800 If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping the damon_call_control object linked to the context's call_controls list. Let's suppose the object is deallocated after the damon_call(), and yet another damon_call() is executed against the same context. The function tries to add the new damon_call_control object to the call_controls list, which still has the pointer to the previous damon_call_control object, which is deallocated. As a result, use-after-free happens. This can actually be triggered using the DAMON sysfs interface. It is not easily exploitable since it requires the sysfs write permission and making a definitely weird file writes, though. Please refer to the report for more details about the issue reproduction steps. Fix the issue by making two changes. Firstly, move the final kdamond_call() for cancelling all existing damon_call() requests from terminating DAMON context to be done before the ctx->kdamond reset. This makes any code that sees NULL ctx->kdamond can safely assume the context may not access damon_call() requests anymore. Secondly, let damon_call() to cleanup the damon_call_control objects that were added to the already-terminated DAMON context, before returning the error. Link: https://lkml.kernel.org/r/20251231012315.75835-1-sj@kernel.org Fixes: 004ded6bee11 ("mm/damon: accept parallel damon_call() requests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: JaeJoon Jung <rgbi3307(a)gmail.com> Closes: https://lore.kernel.org/20251224094401.20384-1-rgbi3307@gmail.com Cc: <stable(a)vger.kernel.org> # 6.17.x Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) --- a/mm/damon/core.c~mm-damon-core-remove-call_control-in-inactive-contexts +++ a/mm/damon/core.c @@ -1431,6 +1431,35 @@ bool damon_is_running(struct damon_ctx * return running; } +/* + * damon_call_handle_inactive_ctx() - handle DAMON call request that added to + * an inactive context. + * @ctx: The inactive DAMON context. + * @control: Control variable of the call request. + * + * This function is called in a case that @control is added to @ctx but @ctx is + * not running (inactive). See if @ctx handled @control or not, and cleanup + * @control if it was not handled. + * + * Returns 0 if @control was handled by @ctx, negative error code otherwise. + */ +static int damon_call_handle_inactive_ctx( + struct damon_ctx *ctx, struct damon_call_control *control) +{ + struct damon_call_control *c; + + mutex_lock(&ctx->call_controls_lock); + list_for_each_entry(c, &ctx->call_controls, list) { + if (c == control) { + list_del(&control->list); + mutex_unlock(&ctx->call_controls_lock); + return -EINVAL; + } + } + mutex_unlock(&ctx->call_controls_lock); + return 0; +} + /** * damon_call() - Invoke a given function on DAMON worker thread (kdamond). * @ctx: DAMON context to call the function for. @@ -1461,7 +1490,7 @@ int damon_call(struct damon_ctx *ctx, st list_add_tail(&control->list, &ctx->call_controls); mutex_unlock(&ctx->call_controls_lock); if (!damon_is_running(ctx)) - return -EINVAL; + return damon_call_handle_inactive_ctx(ctx, control); if (control->repeat) return 0; wait_for_completion(&control->completion); @@ -2755,13 +2784,13 @@ done: if (ctx->ops.cleanup) ctx->ops.cleanup(ctx); kfree(ctx->regions_score_histogram); + kdamond_call(ctx, true); pr_debug("kdamond (%d) finishes\n", current->pid); mutex_lock(&ctx->kdamond_lock); ctx->kdamond = NULL; mutex_unlock(&ctx->kdamond_lock); - kdamond_call(ctx, true); damos_walk_cancel(ctx); mutex_lock(&damon_lock); _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-introduce-nr_snapshots-damos-stat.patch mm-damon-sysfs-schemes-introduce-nr_snapshots-damos-stat-file.patch docs-mm-damon-design-update-for-nr_snapshots-damos-stat.patch docs-admin-guide-mm-damon-usage-update-for-nr_snapshots-damos-stat.patch docs-abi-damon-update-for-nr_snapshots-damos-stat.patch mm-damon-update-damos-kerneldoc-for-stat-field.patch mm-damon-core-implement-max_nr_snapshots.patch mm-damon-sysfs-schemes-implement-max_nr_snapshots-file.patch docs-mm-damon-design-update-for-max_nr_snapshots.patch docs-admin-guide-mm-damon-usage-update-for-max_nr_snapshots.patch docs-abi-damon-update-for-max_nr_snapshots.patch mm-damon-core-add-trace-point-for-damos-stat-per-apply-interval.patch mm-damon-tests-core-kunit-add-test-cases-for-multiple-regions-in-damon_test_split_regions_of-fix.patch

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-make-percpu_pagelist_high_fraction-reads-lock-free.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free has been removed from the -mm tree. Its filename was mm-page_alloc-make-percpu_pagelist_high_fraction-reads-lock-free.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Subject: mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free Date: Mon, 1 Dec 2025 11:30:09 +0530 When page isolation loops indefinitely during memory offline, reading /proc/sys/vm/percpu_pagelist_high_fraction blocks on pcp_batch_high_lock, causing hung task warnings. Make procfs reads lock-free since percpu_pagelist_high_fraction is a simple integer with naturally atomic reads, writers still serialize via the mutex. This prevents hung task warnings when reading the procfs file during long-running memory offline operations. [akpm(a)linux-foundation.org: add comment, per Michal] Link: https://lkml.kernel.org/r/aS_y9AuJQFydLEXo@tiehlicka Link: https://lkml.kernel.org/r/20251201060009.1420792-1-aboorvad@linux.ibm.com Signed-off-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/mm/page_alloc.c~mm-page_alloc-make-percpu_pagelist_high_fraction-reads-lock-free +++ a/mm/page_alloc.c @@ -6667,11 +6667,19 @@ static int percpu_pagelist_high_fraction int old_percpu_pagelist_high_fraction; int ret; + /* + * Avoid using pcp_batch_high_lock for reads as the value is read + * atomically and a race with offlining is harmless. + */ + + if (!write) + return proc_dointvec_minmax(table, write, buffer, length, ppos); + mutex_lock(&pcp_batch_high_lock); old_percpu_pagelist_high_fraction = percpu_pagelist_high_fraction; ret = proc_dointvec_minmax(table, write, buffer, length, ppos); - if (!write || ret < 0) + if (ret < 0) goto out; /* Sanity checking to avoid pcp imbalance */ _ Patches currently in -mm which might be from aboorvad(a)linux.ibm.com are

21 hours, 37 minutes

1
0
0 0

[merged mm-hotfixes-stable] lib-buildid-use-__kernel_read-for-sleepable-context.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/buildid: use __kernel_read() for sleepable context has been removed from the -mm tree. Its filename was lib-buildid-use-__kernel_read-for-sleepable-context.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Shakeel Butt <shakeel.butt(a)linux.dev> Subject: lib/buildid: use __kernel_read() for sleepable context Date: Mon, 22 Dec 2025 12:58:59 -0800 Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio". For the sleepable context, convert freader to use __kernel_read() instead of direct page cache access via read_cache_folio(). This simplifies the faultable code path by using the standard kernel file reading interface which handles all the complexity of reading file data. At the moment we are not changing the code for non-sleepable context which uses filemap_get_folio() and only succeeds if the target folios are already in memory and up-to-date. The reason is to keep the patch simple and easier to backport to stable kernels. Syzbot repro does not crash the kernel anymore and the selftests run successfully. In the follow up we will make __kernel_read() with IOCB_NOWAIT work for non-sleepable contexts. In addition, I would like to replace the secretmem check with a more generic approach and will add fstest for the buildid code. Link: https://lkml.kernel.org/r/20251222205859.3968077-1-shakeel.butt@linux.dev Fixes: ad41251c290d ("lib/buildid: implement sleepable build_id_parse() API") Reported-by: syzbot+09b7d050e4806540153d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=09b7d050e4806540153d Signed-off-by: Shakeel Butt <shakeel.butt(a)linux.dev> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Tested-by: Jinchao Wang <wangjinchao600(a)gmail.com> Link: https://lkml.kernel.org/r/aUteBPWPYzVWIZFH@ndev Reviewed-by: Christian Brauner <brauner(a)kernel.org> Cc: Alexei Starovoitov <ast(a)kernel.org> Cc: Andrii Nakryiko <andrii(a)kernel.org> Cc: Daniel Borkman <daniel(a)iogearbox.net> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/buildid.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) --- a/lib/buildid.c~lib-buildid-use-__kernel_read-for-sleepable-context +++ a/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/fs.h> #include <linux/secretmem.h> #define BUILD_ID 3 @@ -46,20 +47,9 @@ static int freader_get_folio(struct frea freader_put_folio(r); - /* reject secretmem folios created with memfd_secret() */ - if (secretmem_mapping(r->file->f_mapping)) - return -EFAULT; - + /* only use page cache lookup - fail if not already cached */ r->folio = filemap_get_folio(r->file->f_mapping, file_off >> PAGE_SHIFT); - /* if sleeping is allowed, wait for the page, if necessary */ - if (r->may_fault && (IS_ERR(r->folio) || !folio_test_uptodate(r->folio))) { - filemap_invalidate_lock_shared(r->file->f_mapping); - r->folio = read_cache_folio(r->file->f_mapping, file_off >> PAGE_SHIFT, - NULL, r->file); - filemap_invalidate_unlock_shared(r->file->f_mapping); - } - if (IS_ERR(r->folio) || !folio_test_uptodate(r->folio)) { if (!IS_ERR(r->folio)) folio_put(r->folio); @@ -97,6 +87,24 @@ const void *freader_fetch(struct freader return r->data + file_off; } + /* reject secretmem folios created with memfd_secret() */ + if (secretmem_mapping(r->file->f_mapping)) { + r->err = -EFAULT; + return NULL; + } + + /* use __kernel_read() for sleepable context */ + if (r->may_fault) { + ssize_t ret; + + ret = __kernel_read(r->file, r->buf, sz, &file_off); + if (ret != sz) { + r->err = (ret < 0) ? ret : -EIO; + return NULL; + } + return r->buf; + } + /* fetch or reuse folio for given file offset */ r->err = freader_get_folio(r, file_off); if (r->err) _ Patches currently in -mm which might be from shakeel.butt(a)linux.dev are memcg-introduce-private-id-api-for-in-kernel-users.patch memcg-expose-mem_cgroup_ino-and-mem_cgroup_get_from_ino-unconditionally.patch memcg-mem_cgroup_get_from_ino-returns-null-on-error.patch memcg-use-cgroup_id-instead-of-cgroup_ino-for-memcg-id.patch mm-damon-use-cgroup-id-instead-of-private-memcg-id.patch mm-vmscan-use-cgroup-id-instead-of-private-memcg-id-in-lru_gen-interface.patch memcg-remove-unused-mem_cgroup_id-and-mem_cgroup_from_id.patch memcg-rename-mem_cgroup_ino-to-mem_cgroup_id.patch memcg-rename-mem_cgroup_ino-to-mem_cgroup_id-fix.patch

21 hours, 37 minutes

1
0
0 0

[PATCH v5 2/3] crypto: virtio: Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req

by Bibo Mao

With function virtio_crypto_skcipher_crypt_req(), there is already virtqueue_kick() call with spinlock held in function __virtio_crypto_skcipher_do_req(). Remove duplicated virtqueue_kick() function call here. Fixes: d79b5d0bbf2e ("crypto: virtio - support crypto engine framework") Cc: stable(a)vger.kernel.org Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> Acked-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/crypto/virtio/virtio_crypto_skcipher_algs.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/crypto/virtio/virtio_crypto_skcipher_algs.c b/drivers/crypto/virtio/virtio_crypto_skcipher_algs.c index 1b3fb21a2a7d..11053d1786d4 100644 --- a/drivers/crypto/virtio/virtio_crypto_skcipher_algs.c +++ b/drivers/crypto/virtio/virtio_crypto_skcipher_algs.c @@ -541,8 +541,6 @@ int virtio_crypto_skcipher_crypt_req( if (ret < 0) return ret; - virtqueue_kick(data_vq->vq); - return 0; } -- 2.39.3

23 hours, 40 minutes

1
0
0 0

[PATCH v5 1/3] crypto: virtio: Add spinlock protection with virtqueue notification

by Bibo Mao

When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well. Fixes: fed93fb62e05 ("crypto: virtio - Handle dataq logic with tasklet") Cc: stable(a)vger.kernel.org Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> Acked-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/crypto/virtio/virtio_crypto_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index 3d241446099c..ccc6b5c1b24b 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -75,15 +75,20 @@ static void virtcrypto_done_task(unsigned long data) struct data_queue *data_vq = (struct data_queue *)data; struct virtqueue *vq = data_vq->vq; struct virtio_crypto_request *vc_req; + unsigned long flags; unsigned int len; + spin_lock_irqsave(&data_vq->lock, flags); do { virtqueue_disable_cb(vq); while ((vc_req = virtqueue_get_buf(vq, &len)) != NULL) { + spin_unlock_irqrestore(&data_vq->lock, flags); if (vc_req->alg_cb) vc_req->alg_cb(vc_req, len); + spin_lock_irqsave(&data_vq->lock, flags); } } while (!virtqueue_enable_cb(vq)); + spin_unlock_irqrestore(&data_vq->lock, flags); } static void virtcrypto_dataq_callback(struct virtqueue *vq) -- 2.39.3

23 hours, 40 minutes

1
0
0 0

[PATCH v3] soc: ti: pruss: fix double free in pruss_clk_mux_setup()

by Wentao Liang

In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly calls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np) on the error path. However, after the devm_add_action_or_reset() returns, the of_node_put(clk_mux_np) is called again, causing a double free. Fix by returning directly, to avoid the duplicate of_node_put(). Fixes: ba59c9b43c86 ("soc: ti: pruss: support CORECLK_MUX and IEPCLK_MUX") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- Changes in v2: - Drop error jumping label. Changes in v3: - Omit curly brackets. --- drivers/soc/ti/pruss.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/soc/ti/pruss.c b/drivers/soc/ti/pruss.c index d7634bf5413a..0bc5122ee22b 100644 --- a/drivers/soc/ti/pruss.c +++ b/drivers/soc/ti/pruss.c @@ -366,12 +366,10 @@ static int pruss_clk_mux_setup(struct pruss *pruss, struct clk *clk_mux, ret = devm_add_action_or_reset(dev, pruss_of_free_clk_provider, clk_mux_np); - if (ret) { + if (ret) dev_err(dev, "failed to add clkmux free action %d", ret); - goto put_clk_mux_np; - } - return 0; + return ret; put_clk_mux_np: of_node_put(clk_mux_np); -- 2.34.1

1 day

1
0
0 0

[PATCH 1/2] ublk: cancel device on START_DEV failure

by Ming Lei

When ublk_ctrl_start_dev() fails after waiting for completion, the device needs to be properly cancelled to prevent leaving it in an inconsistent state. Without this, pending I/O commands may remain uncompleted and the device cannot be cleanly removed. Add ublk_cancel_dev() call in the error path to ensure proper cleanup when START_DEV fails. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- drivers/block/ublk_drv.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index f6e5a0766721..2d6250d61a7b 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -2953,8 +2953,10 @@ static int ublk_ctrl_start_dev(struct ublk_device *ub, if (wait_for_completion_interruptible(&ub->completion) != 0) return -EINTR; - if (ub->ublksrv_tgid != ublksrv_pid) - return -EINVAL; + if (ub->ublksrv_tgid != ublksrv_pid) { + ret = -EINVAL; + goto out; + } mutex_lock(&ub->mutex); if (ub->dev_info.state == UBLK_S_DEV_LIVE || @@ -3017,6 +3019,9 @@ static int ublk_ctrl_start_dev(struct ublk_device *ub, put_disk(disk); out_unlock: mutex_unlock(&ub->mutex); +out: + if (ret) + ublk_cancel_dev(ub); return ret; } -- 2.47.0

1 day, 1 hour

2
2
0 0

[PATCH 1/2] dt-bindings: usb: parade,ps5511: Disallow unevaluated properties

by Krzysztof Kozlowski

Review given to v2 [1] of commit fc259b024cb3 ("dt-bindings: usb: Add binding for PS5511 hub controller") asked to use unevaluatedProperties, but this was ignored by the author probably because current dtschema does not allow to use both additionalProperties and unevaluatedProperties. As an effect, this binding does not end with unevaluatedProperties and allows any properties to be added. Fix this by reverting the approach suggested at v2 review and using simpler definition of "reg" constraints. Link: https://lore.kernel.org/r/20250416180023.GB3327258-robh@kernel.org/ [1] Fixes: fc259b024cb3 ("dt-bindings: usb: Add binding for PS5511 hub controller") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)oss.qualcomm.com> --- .../devicetree/bindings/usb/parade,ps5511.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Documentation/devicetree/bindings/usb/parade,ps5511.yaml b/Documentation/devicetree/bindings/usb/parade,ps5511.yaml index 10d002f09db8..154d779e507a 100644 --- a/Documentation/devicetree/bindings/usb/parade,ps5511.yaml +++ b/Documentation/devicetree/bindings/usb/parade,ps5511.yaml @@ -15,6 +15,10 @@ properties: - usb1da0,5511 - usb1da0,55a1 + reg: + minimum: 1 + maximum: 5 + reset-gpios: items: - description: GPIO specifier for RESETB pin. @@ -41,12 +45,6 @@ properties: minimum: 1 maximum: 5 -additionalProperties: - properties: - reg: - minimum: 1 - maximum: 5 - required: - peer-hub @@ -67,6 +65,8 @@ allOf: patternProperties: '^.*@5$': false +unevaluatedProperties: false + examples: - | usb { -- 2.51.0

1 day, 3 hours

2
3
0 0

[PATCH 6.12] NFSD: net ref data still needs to be freed even if net hasn't startup

by Jay Wang

From: Edward Adam Davis <eadavis(a)qq.com> When the NFSD instance doesn't to startup, the net ref data memory is not properly reclaimed, which triggers the memory leak issue reported by syzbot [1]. To avoid the problem reported in [1], the net ref data memory reclamation action is moved outside of nfsd_net_up when the net is shutdown. [1] unreferenced object 0xffff88812a39dfc0 (size 64): backtrace (crc a2262fc6): percpu_ref_init+0x94/0x1e0 lib/percpu-refcount.c:76 nfsd_create_serv+0xbe/0x260 fs/nfsd/nfssvc.c:605 nfsd_nl_listener_set_doit+0x62/0xb00 fs/nfsd/nfsctl.c:1882 genl_family_rcv_msg_doit+0x11e/0x190 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x2fd/0x440 net/netlink/genetlink.c:1210 BUG: memory leak Reported-by: syzbot+6ee3b889bdeada0a6226(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=6ee3b889bdeada0a6226 Fixes: 39972494e318 ("nfsd: update percpu_ref to manage references on nfsd_net") Cc: stable(a)vger.kernel.org Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Jay Wang <wanjay(a)amazon.com> --- fs/nfsd/nfssvc.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c index cc185c00e309..88c15b49e4bd 100644 --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c @@ -434,26 +434,26 @@ static void nfsd_shutdown_net(struct net *net) { struct nfsd_net *nn = net_generic(net, nfsd_net_id); - if (!nn->nfsd_net_up) - return; - - percpu_ref_kill_and_confirm(&nn->nfsd_net_ref, nfsd_net_done); - wait_for_completion(&nn->nfsd_net_confirm_done); - - nfsd_export_flush(net); - nfs4_state_shutdown_net(net); - nfsd_reply_cache_shutdown(nn); - nfsd_file_cache_shutdown_net(net); - if (nn->lockd_up) { - lockd_down(net); - nn->lockd_up = false; + if (nn->nfsd_net_up) { + percpu_ref_kill_and_confirm(&nn->nfsd_net_ref, nfsd_net_done); + wait_for_completion(&nn->nfsd_net_confirm_done); + + nfsd_export_flush(net); + nfs4_state_shutdown_net(net); + nfsd_reply_cache_shutdown(nn); + nfsd_file_cache_shutdown_net(net); + if (nn->lockd_up) { + lockd_down(net); + nn->lockd_up = false; + } + wait_for_completion(&nn->nfsd_net_free_done); } - wait_for_completion(&nn->nfsd_net_free_done); percpu_ref_exit(&nn->nfsd_net_ref); + if (nn->nfsd_net_up) + nfsd_shutdown_generic(); nn->nfsd_net_up = false; - nfsd_shutdown_generic(); } static DEFINE_SPINLOCK(nfsd_notifier_lock); -- 2.47.3

1 day, 5 hours

2
1
0 0

+ mm-vmalloc-prevent-rcu-stalls-in-kasan_release_vmalloc_node.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node has been added to the -mm mm-new branch. Its filename is mm-vmalloc-prevent-rcu-stalls-in-kasan_release_vmalloc_node.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. The mm-new branch of mm.git is not included in linux-next Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Deepanshu Kartikey <kartikey406(a)gmail.com> Subject: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node Date: Mon, 12 Jan 2026 16:06:12 +0530 When CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large purge_list without rescheduling can cause the task to hold CPU for extended periods (10+ seconds), leading to RCU stalls and potential OOM conditions. The issue manifests in purge_vmap_node() -> kasan_release_vmalloc_node() where iterating through hundreds or thousands of vmap_area entries and freeing their associated shadow pages causes: rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6229/1:b..l ... task:kworker/0:17 state:R running task stack:28840 pid:6229 ... kasan_release_vmalloc_node+0x1ba/0xad0 mm/vmalloc.c:2299 purge_vmap_node+0x1ba/0xad0 mm/vmalloc.c:2299 Each call to kasan_release_vmalloc() can free many pages, and with page_owner tracking, each free triggers save_stack() which performs stack unwinding under RCU read lock. Without yielding, this creates an unbounded RCU critical section. Add periodic cond_resched() calls within the loop to allow: - RCU grace periods to complete - Other tasks to run - Scheduler to preempt when needed The fix uses need_resched() for immediate response under load, with a batch count of 32 as a guaranteed upper bound to prevent worst-case stalls even under light load. Link: https://lkml.kernel.org/r/20260112103612.627247-1-kartikey406@gmail.com Signed-off-by: Deepanshu Kartikey <kartikey406(a)gmail.com> Reported-by: syzbot+d8d4c31d40f868eaea30(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d8d4c31d40f868eaea30 Link: https://lore.kernel.org/all/20260112084723.622910-1-kartikey406@gmail.com/T/ [v1] Suggested-by: Uladzislau Rezki <urezki(a)gmail.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/vmalloc.c~mm-vmalloc-prevent-rcu-stalls-in-kasan_release_vmalloc_node +++ a/mm/vmalloc.c @@ -2273,11 +2273,14 @@ decay_va_pool_node(struct vmap_node *vn, reclaim_list_global(&decay_list); } +#define KASAN_RELEASE_BATCH_SIZE 32 + static void kasan_release_vmalloc_node(struct vmap_node *vn) { struct vmap_area *va; unsigned long start, end; + unsigned int batch_count = 0; start = list_first_entry(&vn->purge_list, struct vmap_area, list)->va_start; end = list_last_entry(&vn->purge_list, struct vmap_area, list)->va_end; @@ -2287,6 +2290,11 @@ kasan_release_vmalloc_node(struct vmap_n kasan_release_vmalloc(va->va_start, va->va_end, va->va_start, va->va_end, KASAN_VMALLOC_PAGE_RANGE); + + if (need_resched() || (++batch_count >= KASAN_RELEASE_BATCH_SIZE)) { + cond_resched(); + batch_count = 0; + } } kasan_release_vmalloc(start, end, start, end, KASAN_VMALLOC_TLB_FLUSH); _ Patches currently in -mm which might be from kartikey406(a)gmail.com are mm-swap_cgroup-fix-kernel-bug-in-swap_cgroup_record.patch mm-vmalloc-prevent-rcu-stalls-in-kasan_release_vmalloc_node.patch ocfs2-validate-i_refcount_loc-when-refcount-flag-is-set.patch ocfs2-validate-inline-data-i_size-during-inode-read.patch ocfs2-add-check-for-free-bits-before-allocation-in-ocfs2_move_extent.patch

1 day, 7 hours

1
0
0 0

[PATCH] ecryptfs: Add missing gotos in ecryptfs_read_metadata

by Thorsten Blum

Add two missing goto statements to exit ecryptfs_read_metadata() when an error occurs. The first goto is required; otherwise ECRYPTFS_METADATA_IN_XATTR may be set when xattr metadata is enabled even though parsing the metadata failed. The second goto is not strictly necessary, but it makes the error path explicit instead of relying on falling through to 'out'. Cc: stable(a)vger.kernel.org Fixes: dd2a3b7ad98f ("[PATCH] eCryptfs: Generalize metadata read/write") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- fs/ecryptfs/crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 260f8a4938b0..d49cdf7292ab 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -1328,6 +1328,7 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) "file xattr region either, inode %lu\n", ecryptfs_inode->i_ino); rc = -EINVAL; + goto out; } if (crypt_stat->mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) { @@ -1340,6 +1341,7 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) "this like an encrypted file, inode %lu\n", ecryptfs_inode->i_ino); rc = -EINVAL; + goto out; } } out: -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

1 day, 7 hours

3
4
0 0

FAILED: patch "[PATCH] pinctrl: qcom: lpass-lpi: mark the GPIO controller as" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ebc18e9854e5a2b62a041fb57b216a903af45b85 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011237-those-catatonic-066d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ebc18e9854e5a2b62a041fb57b216a903af45b85 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <brgl(a)kernel.org> Date: Wed, 26 Nov 2025 13:22:19 +0100 Subject: [PATCH] pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping The gpio_chip settings in this driver say the controller can't sleep but it actually uses a mutex for synchronization. This triggers the following BUG(): [ 9.233659] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:281 [ 9.233665] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 554, name: (udev-worker) [ 9.233669] preempt_count: 1, expected: 0 [ 9.233673] RCU nest depth: 0, expected: 0 [ 9.233688] Tainted: [W]=WARN [ 9.233690] Hardware name: Dell Inc. Latitude 7455/0FK7MX, BIOS 2.10.1 05/20/2025 [ 9.233694] Call trace: [ 9.233696] show_stack+0x24/0x38 (C) [ 9.233709] dump_stack_lvl+0x40/0x88 [ 9.233716] dump_stack+0x18/0x24 [ 9.233722] __might_resched+0x148/0x160 [ 9.233731] __might_sleep+0x38/0x98 [ 9.233736] mutex_lock+0x30/0xd8 [ 9.233749] lpi_config_set+0x2e8/0x3c8 [pinctrl_lpass_lpi] [ 9.233757] lpi_gpio_direction_output+0x58/0x90 [pinctrl_lpass_lpi] [ 9.233761] gpiod_direction_output_raw_commit+0x110/0x428 [ 9.233772] gpiod_direction_output_nonotify+0x234/0x358 [ 9.233779] gpiod_direction_output+0x38/0xd0 [ 9.233786] gpio_shared_proxy_direction_output+0xb8/0x2a8 [gpio_shared_proxy] [ 9.233792] gpiod_direction_output_raw_commit+0x110/0x428 [ 9.233799] gpiod_direction_output_nonotify+0x234/0x358 [ 9.233806] gpiod_configure_flags+0x2c0/0x580 [ 9.233812] gpiod_find_and_request+0x358/0x4f8 [ 9.233819] gpiod_get_index+0x7c/0x98 [ 9.233826] devm_gpiod_get+0x34/0xb0 [ 9.233829] reset_gpio_probe+0x58/0x128 [reset_gpio] [ 9.233836] auxiliary_bus_probe+0xb0/0xf0 [ 9.233845] really_probe+0x14c/0x450 [ 9.233853] __driver_probe_device+0xb0/0x188 [ 9.233858] driver_probe_device+0x4c/0x250 [ 9.233863] __driver_attach+0xf8/0x2a0 [ 9.233868] bus_for_each_dev+0xf8/0x158 [ 9.233872] driver_attach+0x30/0x48 [ 9.233876] bus_add_driver+0x158/0x2b8 [ 9.233880] driver_register+0x74/0x118 [ 9.233886] __auxiliary_driver_register+0x94/0xe8 [ 9.233893] init_module+0x34/0xfd0 [reset_gpio] [ 9.233898] do_one_initcall+0xec/0x300 [ 9.233903] do_init_module+0x64/0x260 [ 9.233910] load_module+0x16c4/0x1900 [ 9.233915] __arm64_sys_finit_module+0x24c/0x378 [ 9.233919] invoke_syscall+0x4c/0xe8 [ 9.233925] el0_svc_common+0x8c/0xf0 [ 9.233929] do_el0_svc+0x28/0x40 [ 9.233934] el0_svc+0x38/0x100 [ 9.233938] el0t_64_sync_handler+0x84/0x130 [ 9.233943] el0t_64_sync+0x17c/0x180 Mark the controller as sleeping. Fixes: 6e261d1090d6 ("pinctrl: qcom: Add sm8250 lpass lpi pinctrl driver") Cc: stable(a)vger.kernel.org Reported-by: Val Packett <val(a)packett.cool> Closes: https://lore.kernel.org/all/98c0f185-b0e0-49ea-896c-f3972dd011ca@packett.co… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Linus Walleij <linusw(a)kernel.org> diff --git a/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c b/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c index 1c97ec44aa5f..78212f992843 100644 --- a/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c +++ b/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c @@ -498,7 +498,7 @@ int lpi_pinctrl_probe(struct platform_device *pdev) pctrl->chip.base = -1; pctrl->chip.ngpio = data->npins; pctrl->chip.label = dev_name(dev); - pctrl->chip.can_sleep = false; + pctrl->chip.can_sleep = true; mutex_init(&pctrl->lock);

1 day, 8 hours

2
2
0 0

[PATCH v1 2/2] arm64: dts: ti: k3-am69-aquila-clover: change main_spi2 CS0 to GPIO mode

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> Change CS0 from hardware chip select to GPIO-based chip select to align with the base aquila device tree configuration. Fixes: 9f748a6177e1 ("arm64: dts: ti: am69-aquila: Add Clover") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- arch/arm64/boot/dts/ti/k3-am69-aquila-clover.dts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am69-aquila-clover.dts b/arch/arm64/boot/dts/ti/k3-am69-aquila-clover.dts index 55fd214a82e4..927d0877d7f8 100644 --- a/arch/arm64/boot/dts/ti/k3-am69-aquila-clover.dts +++ b/arch/arm64/boot/dts/ti/k3-am69-aquila-clover.dts @@ -208,7 +208,8 @@ &main_spi2 { pinctrl-0 = <&pinctrl_main_spi2>, <&pinctrl_main_spi2_cs0>, <&pinctrl_gpio_05>; - cs-gpios = <0>, <&wkup_gpio0 29 GPIO_ACTIVE_LOW>; + cs-gpios = <&main_gpio0 39 GPIO_ACTIVE_LOW>, + <&wkup_gpio0 29 GPIO_ACTIVE_LOW>; status = "okay"; tpm@1 { -- 2.52.0

1 day, 8 hours

1
0
0 0

[PATCH v1 1/2] arm64: dts: ti: k3-am69-aquila: change main_spi0/2 CS to GPIO mode

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> Hardware chip select does not work correctly on main_spi0 and main_spi2 controllers. Testing shows main_spi2 loses CS state during runtime PM suspend, while main_spi0 cannot drive CS HIGH when bus is idle. Use GPIO-based chip select for both controllers. Fixes: 39ac6623b1d8 ("arm64: dts: ti: Add Aquila AM69 Support") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- arch/arm64/boot/dts/ti/k3-am69-aquila.dtsi | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-am69-aquila.dtsi b/arch/arm64/boot/dts/ti/k3-am69-aquila.dtsi index 0866eb8a6f34..5119baf62a4c 100644 --- a/arch/arm64/boot/dts/ti/k3-am69-aquila.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am69-aquila.dtsi @@ -479,7 +479,7 @@ J784S4_IOPAD(0x0dc, PIN_OUTPUT, 0) /* (AM36) SPI0_D1 */ /* AQUILA D17 */ /* Aquila SPI_2 CS */ pinctrl_main_spi0_cs0: main-spi0-cs0-default-pins { pinctrl-single,pins = < - J784S4_IOPAD(0x0cc, PIN_OUTPUT, 0) /* (AM37) SPI0_CS0 */ /* AQUILA D16 */ + J784S4_IOPAD(0x0cc, PIN_OUTPUT, 7) /* (AM37) SPI0_CS0.GPIO0_51 */ /* AQUILA D16 */ >; }; @@ -495,7 +495,7 @@ J784S4_IOPAD(0x0ac, PIN_OUTPUT, 10) /* (AE34) MCASP0_AXR15.SPI2_D1 */ /* AQUILA /* Aquila SPI_1 CS */ pinctrl_main_spi2_cs0: main-spi2-cs0-default-pins { pinctrl-single,pins = < - J784S4_IOPAD(0x09c, PIN_OUTPUT, 10) /* (AF35) MCASP0_AXR11.SPI2_CS1 */ /* AQUILA D9 */ + J784S4_IOPAD(0x09c, PIN_OUTPUT, 7) /* (AF35) MCASP0_AXR11.GPIO0_39 */ /* AQUILA D9 */ >; }; @@ -1204,6 +1204,7 @@ &main_sdhci1 { &main_spi0 { pinctrl-names = "default"; pinctrl-0 = <&pinctrl_main_spi0>, <&pinctrl_main_spi0_cs0>; + cs-gpios = <&main_gpio0 51 GPIO_ACTIVE_LOW>; status = "disabled"; }; @@ -1211,6 +1212,7 @@ &main_spi0 { &main_spi2 { pinctrl-names = "default"; pinctrl-0 = <&pinctrl_main_spi2>, <&pinctrl_main_spi2_cs0>; + cs-gpios = <&main_gpio0 39 GPIO_ACTIVE_LOW>; status = "disabled"; }; -- 2.52.0

1 day, 8 hours

1
0
0 0

FAILED: patch "[PATCH] gpio: mpsse: fix reference leak in gpio_mpsse_probe() error" failed to apply to 6.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.18.y git checkout FETCH_HEAD git cherry-pick -x 1e876e5a0875e71e34148c9feb2eedd3bf6b2b43 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011202-scheming-operating-3cbb@gregkh' --subject-prefix 'PATCH 6.18.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e876e5a0875e71e34148c9feb2eedd3bf6b2b43 Mon Sep 17 00:00:00 2001 From: Abdun Nihaal <nihaal(a)cse.iitm.ac.in> Date: Fri, 26 Dec 2025 11:34:10 +0530 Subject: [PATCH] gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths The reference obtained by calling usb_get_dev() is not released in the gpio_mpsse_probe() error paths. Fix that by using device managed helper functions. Also remove the usb_put_dev() call in the disconnect function since now it will be released automatically. Cc: stable(a)vger.kernel.org Fixes: c46a74ff05c0 ("gpio: add support for FTDI's MPSSE as GPIO") Signed-off-by: Abdun Nihaal <nihaal(a)cse.iitm.ac.in> Link: https://lore.kernel.org/r/20251226060414.20785-1-nihaal@cse.iitm.ac.in Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com> diff --git a/drivers/gpio/gpio-mpsse.c b/drivers/gpio/gpio-mpsse.c index ace652ba4df1..12191aeb6566 100644 --- a/drivers/gpio/gpio-mpsse.c +++ b/drivers/gpio/gpio-mpsse.c @@ -548,6 +548,13 @@ static void gpio_mpsse_ida_remove(void *data) ida_free(&gpio_mpsse_ida, priv->id); } +static void gpio_mpsse_usb_put_dev(void *data) +{ + struct mpsse_priv *priv = data; + + usb_put_dev(priv->udev); +} + static int mpsse_init_valid_mask(struct gpio_chip *chip, unsigned long *valid_mask, unsigned int ngpios) @@ -592,6 +599,10 @@ static int gpio_mpsse_probe(struct usb_interface *interface, INIT_LIST_HEAD(&priv->workers); priv->udev = usb_get_dev(interface_to_usbdev(interface)); + err = devm_add_action_or_reset(dev, gpio_mpsse_usb_put_dev, priv); + if (err) + return err; + priv->intf = interface; priv->intf_id = interface->cur_altsetting->desc.bInterfaceNumber; @@ -713,7 +724,6 @@ static void gpio_mpsse_disconnect(struct usb_interface *intf) priv->intf = NULL; usb_set_intfdata(intf, NULL); - usb_put_dev(priv->udev); } static struct usb_driver gpio_mpsse_driver = {

1 day, 9 hours

2
3
0 0

Re: Patch "bcache: fix improper use of bi_end_io" has been added to the 6.6-stable tree

by Kent Overstreet

On Mon, Jan 12, 2026 at 12:23:45PM -0500, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > bcache: fix improper use of bi_end_io > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bcache-fix-improper-use-of-bi_end_io.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Has this code been tested? bio_endio() is not equivalent to calling bi_end_io; if the code is swapping out bi_end_io to pass it down the stack, then you have two completions on the same bio - you cannot call bio_endio() twice on the same bio. > > > > commit 81e7e43a810e8f40e163928d441de02d2816b073 > Author: Shida Zhang <zhangshida(a)kylinos.cn> > Date: Tue Dec 9 17:01:56 2025 +0800 > > bcache: fix improper use of bi_end_io > > [ Upstream commit 53280e398471f0bddbb17b798a63d41264651325 ] > > Don't call bio->bi_end_io() directly. Use the bio_endio() helper > function instead, which handles completion more safely and uniformly. > > Suggested-by: Christoph Hellwig <hch(a)infradead.org> > Reviewed-by: Christoph Hellwig <hch(a)lst.de> > Signed-off-by: Shida Zhang <zhangshida(a)kylinos.cn> > Signed-off-by: Jens Axboe <axboe(a)kernel.dk> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c > index a9b1f3896249b..b4059d2daa326 100644 > --- a/drivers/md/bcache/request.c > +++ b/drivers/md/bcache/request.c > @@ -1090,7 +1090,7 @@ static void detached_dev_end_io(struct bio *bio) > } > > kfree(ddip); > - bio->bi_end_io(bio); > + bio_endio(bio); > } > > static void detached_dev_do_request(struct bcache_device *d, struct bio *bio, > @@ -1107,7 +1107,7 @@ static void detached_dev_do_request(struct bcache_device *d, struct bio *bio, > ddip = kzalloc(sizeof(struct detached_dev_io_private), GFP_NOIO); > if (!ddip) { > bio->bi_status = BLK_STS_RESOURCE; > - bio->bi_end_io(bio); > + bio_endio(bio); > return; > } > > @@ -1122,7 +1122,7 @@ static void detached_dev_do_request(struct bcache_device *d, struct bio *bio, > > if ((bio_op(bio) == REQ_OP_DISCARD) && > !bdev_max_discard_sectors(dc->bdev)) > - bio->bi_end_io(bio); > + detached_dev_end_io(bio); > else > submit_bio_noacct(bio); > }

1 day, 9 hours

1
0
0 0

FAILED: patch "[PATCH] ALSA: ac97: fix a double free in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011239-rockband-chewable-857b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f Mon Sep 17 00:00:00 2001 From: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Date: Sat, 20 Dec 2025 00:28:45 +0800 Subject: [PATCH] ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_adapter_release() to do the cleanup. Found by code review. Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Link: https://patch.msgid.link/20251219162845.657525-1-lihaoxiang@isrc.iscas.ac.cn Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/ac97/bus.c b/sound/ac97/bus.c index f4254703d29f..bb9b795e0226 100644 --- a/sound/ac97/bus.c +++ b/sound/ac97/bus.c @@ -298,6 +298,7 @@ static void ac97_adapter_release(struct device *dev) idr_remove(&ac97_adapter_idr, ac97_ctrl->nr); dev_dbg(&ac97_ctrl->adap, "adapter unregistered by %s\n", dev_name(ac97_ctrl->parent)); + kfree(ac97_ctrl); } static const struct device_type ac97_adapter_type = { @@ -319,7 +320,9 @@ static int ac97_add_adapter(struct ac97_controller *ac97_ctrl) ret = device_register(&ac97_ctrl->adap); if (ret) put_device(&ac97_ctrl->adap); - } + } else + kfree(ac97_ctrl); + if (!ret) { list_add(&ac97_ctrl->controllers, &ac97_controllers); dev_dbg(&ac97_ctrl->adap, "adapter registered by %s\n", @@ -361,14 +364,11 @@ struct ac97_controller *snd_ac97_controller_register( ret = ac97_add_adapter(ac97_ctrl); if (ret) - goto err; + return ERR_PTR(ret); ac97_bus_reset(ac97_ctrl); ac97_bus_scan(ac97_ctrl); return ac97_ctrl; -err: - kfree(ac97_ctrl); - return ERR_PTR(ret); } EXPORT_SYMBOL_GPL(snd_ac97_controller_register);

1 day, 9 hours

2
2
0 0

FAILED: patch "[PATCH] counter: interrupt-cnt: Drop IRQF_NO_THREAD flag" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 23f9485510c338476b9735d516c1d4aacb810d46 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011244-unbaked-pajamas-9c74@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 23f9485510c338476b9735d516c1d4aacb810d46 Mon Sep 17 00:00:00 2001 From: Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Date: Tue, 18 Nov 2025 09:35:48 +0100 Subject: [PATCH] counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait context ] 6.18.0-rc1+git... #1 ----------------------------- some-user-space-process/1251 is trying to lock: (&counter->events_list_lock){....}-{3:3}, at: counter_push_event [counter] other info that might help us debug this: context-{2:2} no locks held by some-user-space-process/.... stack backtrace: CPU: 0 UID: 0 PID: 1251 Comm: some-user-space-process 6.18.0-rc1+git... #1 PREEMPT Call trace: show_stack (C) dump_stack_lvl dump_stack __lock_acquire lock_acquire _raw_spin_lock_irqsave counter_push_event [counter] interrupt_cnt_isr [interrupt_cnt] __handle_irq_event_percpu handle_irq_event handle_simple_irq handle_irq_desc generic_handle_domain_irq gpio_irq_handler handle_irq_desc generic_handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler el0_interrupt __el0_irq_handler_common el0t_64_irq_handler el0t_64_irq ... and Sebastian correctly points out. Remove IRQF_NO_THREAD as an alternative to switching to raw_spinlock_t, because the latter would limit all potential nested locks to raw_spinlock_t only. Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20251117151314.xwLAZrWY@linutronix.de/ Fixes: a55ebd47f21f ("counter: add IRQ or GPIO based counter") Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Reviewed-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Link: https://lore.kernel.org/r/20251118083603.778626-1-alexander.sverdlin@siemen… Signed-off-by: William Breathitt Gray <wbg(a)kernel.org> diff --git a/drivers/counter/interrupt-cnt.c b/drivers/counter/interrupt-cnt.c index 6c0c1d2d7027..e6100b5fb082 100644 --- a/drivers/counter/interrupt-cnt.c +++ b/drivers/counter/interrupt-cnt.c @@ -229,8 +229,7 @@ static int interrupt_cnt_probe(struct platform_device *pdev) irq_set_status_flags(priv->irq, IRQ_NOAUTOEN); ret = devm_request_irq(dev, priv->irq, interrupt_cnt_isr, - IRQF_TRIGGER_RISING | IRQF_NO_THREAD, - dev_name(dev), counter); + IRQF_TRIGGER_RISING, dev_name(dev), counter); if (ret) return ret;

1 day, 9 hours

2
1
0 0

FAILED: patch "[PATCH] ALSA: ac97: fix a double free in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011239-sustained-underpass-b703@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f Mon Sep 17 00:00:00 2001 From: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Date: Sat, 20 Dec 2025 00:28:45 +0800 Subject: [PATCH] ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_adapter_release() to do the cleanup. Found by code review. Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Link: https://patch.msgid.link/20251219162845.657525-1-lihaoxiang@isrc.iscas.ac.cn Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/ac97/bus.c b/sound/ac97/bus.c index f4254703d29f..bb9b795e0226 100644 --- a/sound/ac97/bus.c +++ b/sound/ac97/bus.c @@ -298,6 +298,7 @@ static void ac97_adapter_release(struct device *dev) idr_remove(&ac97_adapter_idr, ac97_ctrl->nr); dev_dbg(&ac97_ctrl->adap, "adapter unregistered by %s\n", dev_name(ac97_ctrl->parent)); + kfree(ac97_ctrl); } static const struct device_type ac97_adapter_type = { @@ -319,7 +320,9 @@ static int ac97_add_adapter(struct ac97_controller *ac97_ctrl) ret = device_register(&ac97_ctrl->adap); if (ret) put_device(&ac97_ctrl->adap); - } + } else + kfree(ac97_ctrl); + if (!ret) { list_add(&ac97_ctrl->controllers, &ac97_controllers); dev_dbg(&ac97_ctrl->adap, "adapter registered by %s\n", @@ -361,14 +364,11 @@ struct ac97_controller *snd_ac97_controller_register( ret = ac97_add_adapter(ac97_ctrl); if (ret) - goto err; + return ERR_PTR(ret); ac97_bus_reset(ac97_ctrl); ac97_bus_scan(ac97_ctrl); return ac97_ctrl; -err: - kfree(ac97_ctrl); - return ERR_PTR(ret); } EXPORT_SYMBOL_GPL(snd_ac97_controller_register);

1 day, 9 hours

2
2
0 0

FAILED: patch "[PATCH] ALSA: ac97: fix a double free in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011238-subduing-rural-1bbc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f Mon Sep 17 00:00:00 2001 From: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Date: Sat, 20 Dec 2025 00:28:45 +0800 Subject: [PATCH] ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_adapter_release() to do the cleanup. Found by code review. Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Link: https://patch.msgid.link/20251219162845.657525-1-lihaoxiang@isrc.iscas.ac.cn Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/ac97/bus.c b/sound/ac97/bus.c index f4254703d29f..bb9b795e0226 100644 --- a/sound/ac97/bus.c +++ b/sound/ac97/bus.c @@ -298,6 +298,7 @@ static void ac97_adapter_release(struct device *dev) idr_remove(&ac97_adapter_idr, ac97_ctrl->nr); dev_dbg(&ac97_ctrl->adap, "adapter unregistered by %s\n", dev_name(ac97_ctrl->parent)); + kfree(ac97_ctrl); } static const struct device_type ac97_adapter_type = { @@ -319,7 +320,9 @@ static int ac97_add_adapter(struct ac97_controller *ac97_ctrl) ret = device_register(&ac97_ctrl->adap); if (ret) put_device(&ac97_ctrl->adap); - } + } else + kfree(ac97_ctrl); + if (!ret) { list_add(&ac97_ctrl->controllers, &ac97_controllers); dev_dbg(&ac97_ctrl->adap, "adapter registered by %s\n", @@ -361,14 +364,11 @@ struct ac97_controller *snd_ac97_controller_register( ret = ac97_add_adapter(ac97_ctrl); if (ret) - goto err; + return ERR_PTR(ret); ac97_bus_reset(ac97_ctrl); ac97_bus_scan(ac97_ctrl); return ac97_ctrl; -err: - kfree(ac97_ctrl); - return ERR_PTR(ret); } EXPORT_SYMBOL_GPL(snd_ac97_controller_register);

1 day, 9 hours

2
2
0 0

[PATCH] comedi: dmm32at: serialize use of paged registers

by Ian Abbott

Some of the hardware registers of the DMM-32-AT board are multiplexed, using the least significant two bits of the Miscellaneous Control register to select the function of registers at offsets 12 to 15: 00 => 8254 timer/counter registers are accessible 01 => 8255 digital I/O registers are accessible 10 => Reserved 11 => Calibration registers are accessible The interrupt service routine (`dmm32at_isr()`) clobbers the bottom two bits of the register with value 00, which would interfere with access to the 8255 registers by the `dm32at_8255_io()` function (used for Comedi instruction handling on the digital I/O subdevice). Make use of the generic Comedi device spin-lock `dev->spinlock` (which is otherwise unused by this driver) to serialize access to the miscellaneous control register and paged registers. Fixes: 3c501880ac44 ("Staging: comedi: add dmm32at driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- drivers/comedi/drivers/dmm32at.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/drivers/comedi/drivers/dmm32at.c b/drivers/comedi/drivers/dmm32at.c index 644e3b643c79..910cd24b1bed 100644 --- a/drivers/comedi/drivers/dmm32at.c +++ b/drivers/comedi/drivers/dmm32at.c @@ -330,6 +330,7 @@ static int dmm32at_ai_cmdtest(struct comedi_device *dev, static void dmm32at_setaitimer(struct comedi_device *dev, unsigned int nansec) { + unsigned long irq_flags; unsigned char lo1, lo2, hi2; unsigned short both2; @@ -342,6 +343,9 @@ static void dmm32at_setaitimer(struct comedi_device *dev, unsigned int nansec) /* set counter clocks to 10MHz, disable all aux dio */ outb(0, dev->iobase + DMM32AT_CTRDIO_CFG_REG); + /* serialize access to control register and paged registers */ + spin_lock_irqsave(&dev->spinlock, irq_flags); + /* get access to the clock regs */ outb(DMM32AT_CTRL_PAGE_8254, dev->iobase + DMM32AT_CTRL_REG); @@ -354,6 +358,8 @@ static void dmm32at_setaitimer(struct comedi_device *dev, unsigned int nansec) outb(lo2, dev->iobase + DMM32AT_CLK2); outb(hi2, dev->iobase + DMM32AT_CLK2); + spin_unlock_irqrestore(&dev->spinlock, irq_flags); + /* enable the ai conversion interrupt and the clock to start scans */ outb(DMM32AT_INTCLK_ADINT | DMM32AT_INTCLK_CLKEN | DMM32AT_INTCLK_CLKSEL, @@ -363,13 +369,19 @@ static void dmm32at_setaitimer(struct comedi_device *dev, unsigned int nansec) static int dmm32at_ai_cmd(struct comedi_device *dev, struct comedi_subdevice *s) { struct comedi_cmd *cmd = &s->async->cmd; + unsigned long irq_flags; int ret; dmm32at_ai_set_chanspec(dev, s, cmd->chanlist[0], cmd->chanlist_len); + /* serialize access to control register and paged registers */ + spin_lock_irqsave(&dev->spinlock, irq_flags); + /* reset the interrupt just in case */ outb(DMM32AT_CTRL_INTRST, dev->iobase + DMM32AT_CTRL_REG); + spin_unlock_irqrestore(&dev->spinlock, irq_flags); + /* * wait for circuit to settle * we don't have the 'insn' here but it's not needed @@ -429,8 +441,13 @@ static irqreturn_t dmm32at_isr(int irq, void *d) comedi_handle_events(dev, s); } + /* serialize access to control register and paged registers */ + spin_lock(&dev->spinlock); + /* reset the interrupt */ outb(DMM32AT_CTRL_INTRST, dev->iobase + DMM32AT_CTRL_REG); + + spin_unlock(&dev->spinlock); return IRQ_HANDLED; } @@ -481,14 +498,25 @@ static int dmm32at_ao_insn_write(struct comedi_device *dev, static int dmm32at_8255_io(struct comedi_device *dev, int dir, int port, int data, unsigned long regbase) { + unsigned long irq_flags; + int ret; + + /* serialize access to control register and paged registers */ + spin_lock_irqsave(&dev->spinlock, irq_flags); + /* get access to the DIO regs */ outb(DMM32AT_CTRL_PAGE_8255, dev->iobase + DMM32AT_CTRL_REG); if (dir) { outb(data, dev->iobase + regbase + port); - return 0; + ret = 0; + } else { + ret = inb(dev->iobase + regbase + port); } - return inb(dev->iobase + regbase + port); + + spin_unlock_irqrestore(&dev->spinlock, irq_flags); + + return ret; } /* Make sure the board is there and put it to a known state */ -- 2.51.0

1 day, 10 hours

1
0
0 0

FAILED: patch "[PATCH] nfsd: provide locking for v4_end_grace" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2857bd59feb63fcf40fe4baf55401baea6b4feb4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011224-thesaurus-unmixed-7797@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2857bd59feb63fcf40fe4baf55401baea6b4feb4 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Sat, 13 Dec 2025 13:41:59 -0500 Subject: [PATCH] nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held. So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished. This resolves a race which can result in use-after-free. Reported-by: Li Lingfeng <lilingfeng3(a)huawei.com> Closes: https://lore.kernel.org/linux-nfs/20250623030015.2353515-1-neil@brown.name/… Fixes: 7f5ef2e900d9 ("nfsd: add a v4_end_grace file to /proc/fs/nfsd") Cc: stable(a)vger.kernel.org Signed-off-by: NeilBrown <neil(a)brown.name> Tested-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/netns.h b/fs/nfsd/netns.h index 3e2d0fde80a7..fe8338735e7c 100644 --- a/fs/nfsd/netns.h +++ b/fs/nfsd/netns.h @@ -66,6 +66,8 @@ struct nfsd_net { struct lock_manager nfsd4_manager; bool grace_ended; + bool grace_end_forced; + bool client_tracking_active; time64_t boot_time; struct dentry *nfsd_client_dir; diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 5b83cb33bf83..a1dccce8b99c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -84,7 +84,7 @@ static u64 current_sessionid = 1; /* forward declarations */ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); static void nfs4_free_ol_stateid(struct nfs4_stid *stid); -void nfsd4_end_grace(struct nfsd_net *nn); +static void nfsd4_end_grace(struct nfsd_net *nn); static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); static void nfsd4_file_hash_remove(struct nfs4_file *fi); static void deleg_reaper(struct nfsd_net *nn); @@ -6570,7 +6570,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, return nfs_ok; } -void +static void nfsd4_end_grace(struct nfsd_net *nn) { /* do nothing if grace period already ended */ @@ -6603,6 +6603,33 @@ nfsd4_end_grace(struct nfsd_net *nn) */ } +/** + * nfsd4_force_end_grace - forcibly end the NFSv4 grace period + * @nn: network namespace for the server instance to be updated + * + * Forces bypass of normal grace period completion, then schedules + * the laundromat to end the grace period immediately. Does not wait + * for the grace period to fully terminate before returning. + * + * Return values: + * %true: Grace termination schedule + * %false: No action was taken + */ +bool nfsd4_force_end_grace(struct nfsd_net *nn) +{ + if (!nn->client_tracking_ops) + return false; + spin_lock(&nn->client_lock); + if (nn->grace_ended || !nn->client_tracking_active) { + spin_unlock(&nn->client_lock); + return false; + } + WRITE_ONCE(nn->grace_end_forced, true); + mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); + spin_unlock(&nn->client_lock); + return true; +} + /* * If we've waited a lease period but there are still clients trying to * reclaim, wait a little longer to give them a chance to finish. @@ -6612,6 +6639,8 @@ static bool clients_still_reclaiming(struct nfsd_net *nn) time64_t double_grace_period_end = nn->boot_time + 2 * nn->nfsd4_lease; + if (READ_ONCE(nn->grace_end_forced)) + return false; if (nn->track_reclaim_completes && atomic_read(&nn->nr_reclaim_complete) == nn->reclaim_str_hashtbl_size) @@ -8931,6 +8960,8 @@ static int nfs4_state_create_net(struct net *net) nn->unconf_name_tree = RB_ROOT; nn->boot_time = ktime_get_real_seconds(); nn->grace_ended = false; + nn->grace_end_forced = false; + nn->client_tracking_active = false; nn->nfsd4_manager.block_opens = true; INIT_LIST_HEAD(&nn->nfsd4_manager.list); INIT_LIST_HEAD(&nn->client_lru); @@ -9011,6 +9042,10 @@ nfs4_state_start_net(struct net *net) return ret; locks_start_grace(net, &nn->nfsd4_manager); nfsd4_client_tracking_init(net); + /* safe for laundromat to run now */ + spin_lock(&nn->client_lock); + nn->client_tracking_active = true; + spin_unlock(&nn->client_lock); if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) goto skip_grace; printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", @@ -9059,6 +9094,9 @@ nfs4_state_shutdown_net(struct net *net) shrinker_free(nn->nfsd_client_shrinker); cancel_work_sync(&nn->nfsd_shrinker_work); + spin_lock(&nn->client_lock); + nn->client_tracking_active = false; + spin_unlock(&nn->client_lock); cancel_delayed_work_sync(&nn->laundromat_work); locks_end_grace(&nn->nfsd4_manager); diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 2b79129703d5..36ce3ca97d97 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1082,10 +1082,9 @@ static ssize_t write_v4_end_grace(struct file *file, char *buf, size_t size) case 'Y': case 'y': case '1': - if (!nn->nfsd_serv) + if (!nfsd4_force_end_grace(nn)) return -EBUSY; trace_nfsd_end_grace(netns(file)); - nfsd4_end_grace(nn); break; default: return -EINVAL; diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index 1e736f402426..50d2b2963390 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -849,7 +849,7 @@ static inline void nfsd4_revoke_states(struct net *net, struct super_block *sb) #endif /* grace period management */ -void nfsd4_end_grace(struct nfsd_net *nn); +bool nfsd4_force_end_grace(struct nfsd_net *nn); /* nfs4recover operations */ extern int nfsd4_client_tracking_init(struct net *net);

1 day, 10 hours

2
1
0 0

[PATCH] arm64/mm: Fix annotated branch unbootable kernel

by Breno Leitao

The arm64 kernel doesn't boot with annotated branches (PROFILE_ANNOTATED_BRANCHES) enabled and CONFIG_DEBUG_VIRTUAL together. Bisecting it, I found that disabling branch profiling in arch/arm64/mm solved the problem. Narrowing down a bit further, I found that physaddr.c is the file that needs to have branch profiling disabled to get the machine to boot. I suspect that it might invoke some ftrace helper very early in the boot process and ftrace is still not enabled(!?). Disable branch profiling for physaddr.o to allow booting an arm64 machine with CONFIG_PROFILE_ANNOTATED_BRANCHES and CONFIG_DEBUG_VIRTUAL together. Cc: stable(a)vger.kernel.org Fixes: ec6d06efb0bac ("arm64: Add support for CONFIG_DEBUG_VIRTUAL") Signed-off-by: Breno Leitao <leitao(a)debian.org> --- Another approach is to disable profiling on all arch/arm64 code, similarly to x86, where DISABLE_BRANCH_PROFILING is called for all arch/x86 code. See commit 2cbb20b008dba ("tracing: Disable branch profiling in noinstr code"). --- arch/arm64/mm/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index c26489cf96cd..8bfe2451ea26 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -14,5 +14,10 @@ obj-$(CONFIG_ARM64_MTE) += mteswap.o obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n +# Branch profiling isn't noinstr-safe +ifdef CONFIG_TRACE_BRANCH_PROFILING +CFLAGS_physaddr.o += -DDISABLE_BRANCH_PROFILING +endif + obj-$(CONFIG_KASAN) += kasan_init.o KASAN_SANITIZE_kasan_init.o := n --- base-commit: c8ebd433459bcbf068682b09544e830acd7ed222 change-id: 20251231-annotated-75de3f33cd7b Best regards, -- Breno Leitao <leitao(a)debian.org>

1 day, 10 hours

4
5
0 0

FAILED: patch "[PATCH] nfsd: provide locking for v4_end_grace" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2857bd59feb63fcf40fe4baf55401baea6b4feb4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011223-account-preteen-f696@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2857bd59feb63fcf40fe4baf55401baea6b4feb4 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Sat, 13 Dec 2025 13:41:59 -0500 Subject: [PATCH] nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held. So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished. This resolves a race which can result in use-after-free. Reported-by: Li Lingfeng <lilingfeng3(a)huawei.com> Closes: https://lore.kernel.org/linux-nfs/20250623030015.2353515-1-neil@brown.name/… Fixes: 7f5ef2e900d9 ("nfsd: add a v4_end_grace file to /proc/fs/nfsd") Cc: stable(a)vger.kernel.org Signed-off-by: NeilBrown <neil(a)brown.name> Tested-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/netns.h b/fs/nfsd/netns.h index 3e2d0fde80a7..fe8338735e7c 100644 --- a/fs/nfsd/netns.h +++ b/fs/nfsd/netns.h @@ -66,6 +66,8 @@ struct nfsd_net { struct lock_manager nfsd4_manager; bool grace_ended; + bool grace_end_forced; + bool client_tracking_active; time64_t boot_time; struct dentry *nfsd_client_dir; diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 5b83cb33bf83..a1dccce8b99c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -84,7 +84,7 @@ static u64 current_sessionid = 1; /* forward declarations */ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); static void nfs4_free_ol_stateid(struct nfs4_stid *stid); -void nfsd4_end_grace(struct nfsd_net *nn); +static void nfsd4_end_grace(struct nfsd_net *nn); static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); static void nfsd4_file_hash_remove(struct nfs4_file *fi); static void deleg_reaper(struct nfsd_net *nn); @@ -6570,7 +6570,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, return nfs_ok; } -void +static void nfsd4_end_grace(struct nfsd_net *nn) { /* do nothing if grace period already ended */ @@ -6603,6 +6603,33 @@ nfsd4_end_grace(struct nfsd_net *nn) */ } +/** + * nfsd4_force_end_grace - forcibly end the NFSv4 grace period + * @nn: network namespace for the server instance to be updated + * + * Forces bypass of normal grace period completion, then schedules + * the laundromat to end the grace period immediately. Does not wait + * for the grace period to fully terminate before returning. + * + * Return values: + * %true: Grace termination schedule + * %false: No action was taken + */ +bool nfsd4_force_end_grace(struct nfsd_net *nn) +{ + if (!nn->client_tracking_ops) + return false; + spin_lock(&nn->client_lock); + if (nn->grace_ended || !nn->client_tracking_active) { + spin_unlock(&nn->client_lock); + return false; + } + WRITE_ONCE(nn->grace_end_forced, true); + mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); + spin_unlock(&nn->client_lock); + return true; +} + /* * If we've waited a lease period but there are still clients trying to * reclaim, wait a little longer to give them a chance to finish. @@ -6612,6 +6639,8 @@ static bool clients_still_reclaiming(struct nfsd_net *nn) time64_t double_grace_period_end = nn->boot_time + 2 * nn->nfsd4_lease; + if (READ_ONCE(nn->grace_end_forced)) + return false; if (nn->track_reclaim_completes && atomic_read(&nn->nr_reclaim_complete) == nn->reclaim_str_hashtbl_size) @@ -8931,6 +8960,8 @@ static int nfs4_state_create_net(struct net *net) nn->unconf_name_tree = RB_ROOT; nn->boot_time = ktime_get_real_seconds(); nn->grace_ended = false; + nn->grace_end_forced = false; + nn->client_tracking_active = false; nn->nfsd4_manager.block_opens = true; INIT_LIST_HEAD(&nn->nfsd4_manager.list); INIT_LIST_HEAD(&nn->client_lru); @@ -9011,6 +9042,10 @@ nfs4_state_start_net(struct net *net) return ret; locks_start_grace(net, &nn->nfsd4_manager); nfsd4_client_tracking_init(net); + /* safe for laundromat to run now */ + spin_lock(&nn->client_lock); + nn->client_tracking_active = true; + spin_unlock(&nn->client_lock); if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) goto skip_grace; printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", @@ -9059,6 +9094,9 @@ nfs4_state_shutdown_net(struct net *net) shrinker_free(nn->nfsd_client_shrinker); cancel_work_sync(&nn->nfsd_shrinker_work); + spin_lock(&nn->client_lock); + nn->client_tracking_active = false; + spin_unlock(&nn->client_lock); cancel_delayed_work_sync(&nn->laundromat_work); locks_end_grace(&nn->nfsd4_manager); diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 2b79129703d5..36ce3ca97d97 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1082,10 +1082,9 @@ static ssize_t write_v4_end_grace(struct file *file, char *buf, size_t size) case 'Y': case 'y': case '1': - if (!nn->nfsd_serv) + if (!nfsd4_force_end_grace(nn)) return -EBUSY; trace_nfsd_end_grace(netns(file)); - nfsd4_end_grace(nn); break; default: return -EINVAL; diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index 1e736f402426..50d2b2963390 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -849,7 +849,7 @@ static inline void nfsd4_revoke_states(struct net *net, struct super_block *sb) #endif /* grace period management */ -void nfsd4_end_grace(struct nfsd_net *nn); +bool nfsd4_force_end_grace(struct nfsd_net *nn); /* nfs4recover operations */ extern int nfsd4_client_tracking_init(struct net *net);

1 day, 11 hours

2
1
0 0

FAILED: patch "[PATCH] nfsd: provide locking for v4_end_grace" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2857bd59feb63fcf40fe4baf55401baea6b4feb4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011222-abdomen-balsamic-f41c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2857bd59feb63fcf40fe4baf55401baea6b4feb4 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Sat, 13 Dec 2025 13:41:59 -0500 Subject: [PATCH] nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held. So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished. This resolves a race which can result in use-after-free. Reported-by: Li Lingfeng <lilingfeng3(a)huawei.com> Closes: https://lore.kernel.org/linux-nfs/20250623030015.2353515-1-neil@brown.name/… Fixes: 7f5ef2e900d9 ("nfsd: add a v4_end_grace file to /proc/fs/nfsd") Cc: stable(a)vger.kernel.org Signed-off-by: NeilBrown <neil(a)brown.name> Tested-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/netns.h b/fs/nfsd/netns.h index 3e2d0fde80a7..fe8338735e7c 100644 --- a/fs/nfsd/netns.h +++ b/fs/nfsd/netns.h @@ -66,6 +66,8 @@ struct nfsd_net { struct lock_manager nfsd4_manager; bool grace_ended; + bool grace_end_forced; + bool client_tracking_active; time64_t boot_time; struct dentry *nfsd_client_dir; diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 5b83cb33bf83..a1dccce8b99c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -84,7 +84,7 @@ static u64 current_sessionid = 1; /* forward declarations */ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); static void nfs4_free_ol_stateid(struct nfs4_stid *stid); -void nfsd4_end_grace(struct nfsd_net *nn); +static void nfsd4_end_grace(struct nfsd_net *nn); static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); static void nfsd4_file_hash_remove(struct nfs4_file *fi); static void deleg_reaper(struct nfsd_net *nn); @@ -6570,7 +6570,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, return nfs_ok; } -void +static void nfsd4_end_grace(struct nfsd_net *nn) { /* do nothing if grace period already ended */ @@ -6603,6 +6603,33 @@ nfsd4_end_grace(struct nfsd_net *nn) */ } +/** + * nfsd4_force_end_grace - forcibly end the NFSv4 grace period + * @nn: network namespace for the server instance to be updated + * + * Forces bypass of normal grace period completion, then schedules + * the laundromat to end the grace period immediately. Does not wait + * for the grace period to fully terminate before returning. + * + * Return values: + * %true: Grace termination schedule + * %false: No action was taken + */ +bool nfsd4_force_end_grace(struct nfsd_net *nn) +{ + if (!nn->client_tracking_ops) + return false; + spin_lock(&nn->client_lock); + if (nn->grace_ended || !nn->client_tracking_active) { + spin_unlock(&nn->client_lock); + return false; + } + WRITE_ONCE(nn->grace_end_forced, true); + mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); + spin_unlock(&nn->client_lock); + return true; +} + /* * If we've waited a lease period but there are still clients trying to * reclaim, wait a little longer to give them a chance to finish. @@ -6612,6 +6639,8 @@ static bool clients_still_reclaiming(struct nfsd_net *nn) time64_t double_grace_period_end = nn->boot_time + 2 * nn->nfsd4_lease; + if (READ_ONCE(nn->grace_end_forced)) + return false; if (nn->track_reclaim_completes && atomic_read(&nn->nr_reclaim_complete) == nn->reclaim_str_hashtbl_size) @@ -8931,6 +8960,8 @@ static int nfs4_state_create_net(struct net *net) nn->unconf_name_tree = RB_ROOT; nn->boot_time = ktime_get_real_seconds(); nn->grace_ended = false; + nn->grace_end_forced = false; + nn->client_tracking_active = false; nn->nfsd4_manager.block_opens = true; INIT_LIST_HEAD(&nn->nfsd4_manager.list); INIT_LIST_HEAD(&nn->client_lru); @@ -9011,6 +9042,10 @@ nfs4_state_start_net(struct net *net) return ret; locks_start_grace(net, &nn->nfsd4_manager); nfsd4_client_tracking_init(net); + /* safe for laundromat to run now */ + spin_lock(&nn->client_lock); + nn->client_tracking_active = true; + spin_unlock(&nn->client_lock); if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) goto skip_grace; printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", @@ -9059,6 +9094,9 @@ nfs4_state_shutdown_net(struct net *net) shrinker_free(nn->nfsd_client_shrinker); cancel_work_sync(&nn->nfsd_shrinker_work); + spin_lock(&nn->client_lock); + nn->client_tracking_active = false; + spin_unlock(&nn->client_lock); cancel_delayed_work_sync(&nn->laundromat_work); locks_end_grace(&nn->nfsd4_manager); diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 2b79129703d5..36ce3ca97d97 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1082,10 +1082,9 @@ static ssize_t write_v4_end_grace(struct file *file, char *buf, size_t size) case 'Y': case 'y': case '1': - if (!nn->nfsd_serv) + if (!nfsd4_force_end_grace(nn)) return -EBUSY; trace_nfsd_end_grace(netns(file)); - nfsd4_end_grace(nn); break; default: return -EINVAL; diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index 1e736f402426..50d2b2963390 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -849,7 +849,7 @@ static inline void nfsd4_revoke_states(struct net *net, struct super_block *sb) #endif /* grace period management */ -void nfsd4_end_grace(struct nfsd_net *nn); +bool nfsd4_force_end_grace(struct nfsd_net *nn); /* nfs4recover operations */ extern int nfsd4_client_tracking_init(struct net *net);

1 day, 11 hours

2
1
0 0

[PATCH] scsi: qla2xxx: edif: Fix dma_free_coherent() size

by Thomas Fourier

Earlier in the function, the ha->flt buffer is allocated with size sizeof(struct qla_flt_header) + FLT_REGIONS_SIZE but freed in the error path with size SFP_DEV_SIZE. Fixes: 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- drivers/scsi/qla2xxx/qla_os.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 16a44c0917e1..e939bc88e151 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -4489,7 +4489,7 @@ qla2x00_mem_alloc(struct qla_hw_data *ha, uint16_t req_len, uint16_t rsp_len, fail_elsrej: dma_pool_destroy(ha->purex_dma_pool); fail_flt: - dma_free_coherent(&ha->pdev->dev, SFP_DEV_SIZE, + dma_free_coherent(&ha->pdev->dev, sizeof(struct qla_flt_header) + FLT_REGIONS_SIZE, ha->flt, ha->flt_dma); fail_flt_buffer: -- 2.43.0

1 day, 11 hours

3
2
0 0

[PATCH AUTOSEL 6.18] HID: Elecom: Add support for ELECOM M-XT3DRBK (018C)

by Sasha Levin

From: Arnoud Willemsen <mail(a)lynthium.com> [ Upstream commit 12adb969658ec39265eb8c7ea9e1856867fb9ceb ] Wireless/new version of the Elecom trackball mouse M-XT3DRBK has a product id that differs from the existing M-XT3DRBK. The report descriptor format also seems to have changed and matches other (newer?) models instead (except for six buttons instead of eight). This patch follows the same format as the patch for the M-XT3URBK (018F) by Naoki Ueki (Nov 3rd 2025) to enable the sixth mouse button. dmesg output: [ 292.074664] usb 1-2: new full-speed USB device number 7 using xhci_hcd [ 292.218667] usb 1-2: New USB device found, idVendor=056e, idProduct=018c, bcdDevice= 1.00 [ 292.218676] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 292.218679] usb 1-2: Product: ELECOM TrackBall Mouse [ 292.218681] usb 1-2: Manufacturer: ELECOM usbhid-dump output: 001:006:000:DESCRIPTOR 1765072638.050578 05 01 09 02 A1 01 09 01 A1 00 85 01 05 09 19 01 29 05 15 00 25 01 95 08 75 01 81 02 95 01 75 00 81 01 05 01 09 30 09 31 16 00 80 26 FF 7F 75 10 95 02 81 06 C0 A1 00 05 01 09 38 15 81 25 7F 75 08 95 01 81 06 C0 A1 00 05 0C 0A 38 02 95 01 75 08 15 81 25 7F 81 06 C0 C0 06 01 FF 09 00 A1 01 85 02 09 00 15 00 26 FF 00 75 08 95 07 81 02 C0 05 0C 09 01 A1 01 85 05 15 00 26 3C 02 19 00 2A 3C 02 75 10 95 01 81 00 C0 05 01 09 80 A1 01 85 03 19 81 29 83 15 00 25 01 95 03 75 01 81 02 95 01 75 05 81 01 C0 06 BC FF 09 88 A1 01 85 04 95 01 75 08 15 00 26 FF 00 19 00 2A FF 00 81 00 C0 06 02 FF 09 02 A1 01 85 06 09 02 15 00 26 FF 00 75 08 95 07 B1 02 C0 Signed-off-by: Arnoud Willemsen <mail(a)lynthium.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## Analysis of HID: Elecom: Add support for ELECOM M-XT3DRBK (018C) ### 1. COMMIT MESSAGE ANALYSIS The commit adds support for a new USB product ID (0x018c) for a wireless variant of the ELECOM M-XT3DRBK trackball mouse. The message indicates: - It's a wireless/new version of an existing supported device - The report descriptor format differs from the older variant - The patch enables the sixth mouse button - dmesg output confirms the device identification ### 2. CODE CHANGE ANALYSIS **hid-ids.h:** - Renames `USB_DEVICE_ID_ELECOM_M_XT3DRBK` → `USB_DEVICE_ID_ELECOM_M_XT3DRBK_00FC` (clarifying the existing ID) - Adds new `USB_DEVICE_ID_ELECOM_M_XT3DRBK_018C` = 0x018c **hid-elecom.c:** - Updates references to use the renamed constant `_00FC` - Adds a new case in the switch statement for `_018C` calling `mouse_button_fixup()` with parameters specific to this device's HID report descriptor: `(22, 30, 24, 16, 6)` - Adds the new device ID to `elecom_devices[]` table **hid-quirks.c:** - Updates reference to use renamed constant - Adds new device ID to `hid_have_special_driver[]` ### 3. CLASSIFICATION This is a **NEW DEVICE ID** addition to an existing driver - one of the explicitly allowed categories for stable backports: - The driver (hid-elecom) already exists in stable trees - Only adding a USB product ID to enable new hardware - Uses existing `mouse_button_fixup()` infrastructure ### 4. SCOPE AND RISK ASSESSMENT - **Size:** ~15 lines added across 3 files - **Complexity:** Very low - follows identical patterns to existing devices - **Risk:** Minimal - change is isolated to this specific USB device ID - **Subsystem:** HID drivers are mature and this pattern is well- established ### 5. USER IMPACT - **Affected users:** Owners of wireless ELECOM M-XT3DRBK (018C) trackball mouse - **Without fix:** The sixth mouse button doesn't work - **With fix:** Full hardware functionality enabled - **Severity:** Functional hardware issue - extra button is non- functional without this fix ### 6. STABILITY INDICATORS - Signed off by Jiri Kosina (HID subsystem maintainer) - Follows exact same pattern as other Elecom devices - Includes device testing evidence (dmesg/usbhid-dump output) ### 7. DEPENDENCY CHECK - No dependencies on other patches - All required infrastructure (`mouse_button_fixup()`, `elecom_report_fixup()`) exists in stable trees - Self-contained change ### VERDICT This commit is a textbook example of what **IS** appropriate for stable backporting. It adds a new USB device ID to an existing driver to enable hardware support - explicitly allowed under stable rules. The change is: - Small and surgical - Low risk (isolated to specific hardware) - Uses existing patterns and infrastructure - Enables real hardware to work correctly - Has no behavioral changes to existing code paths The only modification beyond adding the new ID is renaming the existing `USB_DEVICE_ID_ELECOM_M_XT3DRBK` to `USB_DEVICE_ID_ELECOM_M_XT3DRBK_00FC` for clarity, which is a harmless naming change that doesn't affect functionality. **YES** drivers/hid/hid-elecom.c | 15 +++++++++++++-- drivers/hid/hid-ids.h | 3 ++- drivers/hid/hid-quirks.c | 3 ++- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/drivers/hid/hid-elecom.c b/drivers/hid/hid-elecom.c index 981d1b6e96589..2003d2dcda7cc 100644 --- a/drivers/hid/hid-elecom.c +++ b/drivers/hid/hid-elecom.c @@ -77,7 +77,7 @@ static const __u8 *elecom_report_fixup(struct hid_device *hdev, __u8 *rdesc, break; case USB_DEVICE_ID_ELECOM_M_XT3URBK_00FB: case USB_DEVICE_ID_ELECOM_M_XT3URBK_018F: - case USB_DEVICE_ID_ELECOM_M_XT3DRBK: + case USB_DEVICE_ID_ELECOM_M_XT3DRBK_00FC: case USB_DEVICE_ID_ELECOM_M_XT4DRBK: /* * Report descriptor format: @@ -102,6 +102,16 @@ static const __u8 *elecom_report_fixup(struct hid_device *hdev, __u8 *rdesc, */ mouse_button_fixup(hdev, rdesc, *rsize, 12, 30, 14, 20, 8); break; + case USB_DEVICE_ID_ELECOM_M_XT3DRBK_018C: + /* + * Report descriptor format: + * 22: button bit count + * 30: padding bit count + * 24: button report size + * 16: button usage maximum + */ + mouse_button_fixup(hdev, rdesc, *rsize, 22, 30, 24, 16, 6); + break; case USB_DEVICE_ID_ELECOM_M_DT2DRBK: case USB_DEVICE_ID_ELECOM_M_HT1DRBK_011C: /* @@ -122,7 +132,8 @@ static const struct hid_device_id elecom_devices[] = { { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XGL20DLBK) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3URBK_00FB) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3URBK_018F) }, - { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3DRBK) }, + { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3DRBK_00FC) }, + { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3DRBK_018C) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT4DRBK) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_DT1URBK) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_DT1DRBK) }, diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index bec913a005a5d..b75d9d2f4dc73 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -455,7 +455,8 @@ #define USB_DEVICE_ID_ELECOM_M_XGL20DLBK 0x00e6 #define USB_DEVICE_ID_ELECOM_M_XT3URBK_00FB 0x00fb #define USB_DEVICE_ID_ELECOM_M_XT3URBK_018F 0x018f -#define USB_DEVICE_ID_ELECOM_M_XT3DRBK 0x00fc +#define USB_DEVICE_ID_ELECOM_M_XT3DRBK_00FC 0x00fc +#define USB_DEVICE_ID_ELECOM_M_XT3DRBK_018C 0x018c #define USB_DEVICE_ID_ELECOM_M_XT4DRBK 0x00fd #define USB_DEVICE_ID_ELECOM_M_DT1URBK 0x00fe #define USB_DEVICE_ID_ELECOM_M_DT1DRBK 0x00ff diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c index d6e42125d9189..e823661389016 100644 --- a/drivers/hid/hid-quirks.c +++ b/drivers/hid/hid-quirks.c @@ -413,7 +413,8 @@ static const struct hid_device_id hid_have_special_driver[] = { { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XGL20DLBK) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3URBK_00FB) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3URBK_018F) }, - { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3DRBK) }, + { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3DRBK_00FC) }, + { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT3DRBK_018C) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_XT4DRBK) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_DT1URBK) }, { HID_USB_DEVICE(USB_VENDOR_ID_ELECOM, USB_DEVICE_ID_ELECOM_M_DT1DRBK) }, -- 2.51.0

1 day, 11 hours

1
24
0 0

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011242-empirical-gullible-4683@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

1 day, 11 hours

2
7
0 0

FAILED: patch "[PATCH] NFSD: Remove NFSERR_EAGAIN" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c6c209ceb87f64a6ceebe61761951dcbbf4a0baa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011223-capitol-diploma-75b9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6c209ceb87f64a6ceebe61761951dcbbf4a0baa Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Tue, 9 Dec 2025 19:28:49 -0500 Subject: [PATCH] NFSD: Remove NFSERR_EAGAIN I haven't found an NFSERR_EAGAIN in RFCs 1094, 1813, 7530, or 8881. None of these RFCs have an NFS status code that match the numeric value "11". Based on the meaning of the EAGAIN errno, I presume the use of this status in NFSD means NFS4ERR_DELAY. So replace the one usage of nfserr_eagain, and remove it from NFSD's NFS status conversion tables. As far as I can tell, NFSERR_EAGAIN has existed since the pre-git era, but was not actually used by any code until commit f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed."), at which time it become possible for NFSD to return a status code of 11 (which is not valid NFS protocol). Fixes: f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed.") Cc: stable(a)vger.kernel.org Reviewed-by: NeilBrown <neil(a)brown.name> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfs_common/common.c b/fs/nfs_common/common.c index af09aed09fd2..0778743ae2c2 100644 --- a/fs/nfs_common/common.c +++ b/fs/nfs_common/common.c @@ -17,7 +17,6 @@ static const struct { { NFSERR_NOENT, -ENOENT }, { NFSERR_IO, -EIO }, { NFSERR_NXIO, -ENXIO }, -/* { NFSERR_EAGAIN, -EAGAIN }, */ { NFSERR_ACCES, -EACCES }, { NFSERR_EXIST, -EEXIST }, { NFSERR_XDEV, -EXDEV }, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 7f7e6bb23a90..42a6b914c0fe 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1506,7 +1506,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); - return nfserr_eagain; + return nfserr_jukebox; } finish_wait(&nn->nfsd_ssc_waitq, &wait); goto try_again; diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h index 50be785f1d2c..b0283213a8f5 100644 --- a/fs/nfsd/nfsd.h +++ b/fs/nfsd/nfsd.h @@ -233,7 +233,6 @@ void nfsd_lockd_shutdown(void); #define nfserr_noent cpu_to_be32(NFSERR_NOENT) #define nfserr_io cpu_to_be32(NFSERR_IO) #define nfserr_nxio cpu_to_be32(NFSERR_NXIO) -#define nfserr_eagain cpu_to_be32(NFSERR_EAGAIN) #define nfserr_acces cpu_to_be32(NFSERR_ACCES) #define nfserr_exist cpu_to_be32(NFSERR_EXIST) #define nfserr_xdev cpu_to_be32(NFSERR_XDEV) diff --git a/include/trace/misc/nfs.h b/include/trace/misc/nfs.h index c82233e950ac..a394b4d38e18 100644 --- a/include/trace/misc/nfs.h +++ b/include/trace/misc/nfs.h @@ -16,7 +16,6 @@ TRACE_DEFINE_ENUM(NFSERR_PERM); TRACE_DEFINE_ENUM(NFSERR_NOENT); TRACE_DEFINE_ENUM(NFSERR_IO); TRACE_DEFINE_ENUM(NFSERR_NXIO); -TRACE_DEFINE_ENUM(NFSERR_EAGAIN); TRACE_DEFINE_ENUM(NFSERR_ACCES); TRACE_DEFINE_ENUM(NFSERR_EXIST); TRACE_DEFINE_ENUM(NFSERR_XDEV); @@ -52,7 +51,6 @@ TRACE_DEFINE_ENUM(NFSERR_JUKEBOX); { NFSERR_NXIO, "NXIO" }, \ { ECHILD, "CHILD" }, \ { ETIMEDOUT, "TIMEDOUT" }, \ - { NFSERR_EAGAIN, "AGAIN" }, \ { NFSERR_ACCES, "ACCES" }, \ { NFSERR_EXIST, "EXIST" }, \ { NFSERR_XDEV, "XDEV" }, \ diff --git a/include/uapi/linux/nfs.h b/include/uapi/linux/nfs.h index f356f2ba3814..71c7196d3281 100644 --- a/include/uapi/linux/nfs.h +++ b/include/uapi/linux/nfs.h @@ -49,7 +49,6 @@ NFSERR_NOENT = 2, /* v2 v3 v4 */ NFSERR_IO = 5, /* v2 v3 v4 */ NFSERR_NXIO = 6, /* v2 v3 v4 */ - NFSERR_EAGAIN = 11, /* v2 v3 */ NFSERR_ACCES = 13, /* v2 v3 v4 */ NFSERR_EXIST = 17, /* v2 v3 v4 */ NFSERR_XDEV = 18, /* v3 v4 */

1 day, 11 hours

2
3
0 0

[PATCH] USB: OHCI/UHCI: Add soft dependencies on ehci_platform

by Huacai Chen

Commit 9beeee6584b9aa4f ("USB: EHCI: log a warning if ehci-hcd is not loaded first") said that ehci-hcd should be loaded before ohci-hcd and uhci-hcd. However, commit 05c92da0c52494ca ("usb: ohci/uhci - add soft dependencies on ehci_pci") only makes ohci-pci/uhci-pci depend on ehci- pci, which is not enough and we may still see the warnings in boot log. To eliminate the warnings we should make ohci-hcd/uhci-hcd depend on ehci-hcd. But Alan said that the warning introduced by 9beeee6584b9aa4f is bogus, we only need the soft dependencies in the PCI level rather than the HCD level. However, there is really another neccessary soft dependencies between ohci-platform/uhci-platform and ehci-platform, which is added by this patch. The boot logs are below. 1. ohci-platform loaded before ehci-platform: ohci-platform 1f058000.usb: Generic Platform OHCI controller ohci-platform 1f058000.usb: new USB bus registered, assigned bus number 1 ohci-platform 1f058000.usb: irq 28, io mem 0x1f058000 hub 1-0:1.0: USB hub found hub 1-0:1.0: 4 ports detected Warning! ehci_hcd should always be loaded before uhci_hcd and ohci_hcd, not after usb 1-4: new low-speed USB device number 2 using ohci-platform ehci-platform 1f050000.usb: EHCI Host Controller ehci-platform 1f050000.usb: new USB bus registered, assigned bus number 2 ehci-platform 1f050000.usb: irq 29, io mem 0x1f050000 ehci-platform 1f050000.usb: USB 2.0 started, EHCI 1.00 usb 1-4: device descriptor read/all, error -62 hub 2-0:1.0: USB hub found hub 2-0:1.0: 4 ports detected usb 1-4: new low-speed USB device number 3 using ohci-platform input: YSPRINGTECH USB OPTICAL MOUSE as /devices/platform/bus@10000000/1f058000.usb/usb1/1-4/1-4:1.0/0003:10C4:8105.0001/input/input0 hid-generic 0003:10C4:8105.0001: input,hidraw0: USB HID v1.11 Mouse [YSPRINGTECH USB OPTICAL MOUSE] on usb-1f058000.usb-4/input0 2. ehci-platform loaded before ohci-platform: ehci-platform 1f050000.usb: EHCI Host Controller ehci-platform 1f050000.usb: new USB bus registered, assigned bus number 1 ehci-platform 1f050000.usb: irq 28, io mem 0x1f050000 ehci-platform 1f050000.usb: USB 2.0 started, EHCI 1.00 hub 1-0:1.0: USB hub found hub 1-0:1.0: 4 ports detected ohci-platform 1f058000.usb: Generic Platform OHCI controller ohci-platform 1f058000.usb: new USB bus registered, assigned bus number 2 ohci-platform 1f058000.usb: irq 29, io mem 0x1f058000 hub 2-0:1.0: USB hub found hub 2-0:1.0: 4 ports detected usb 2-4: new low-speed USB device number 2 using ohci-platform input: YSPRINGTECH USB OPTICAL MOUSE as /devices/platform/bus@10000000/1f058000.usb/usb2/2-4/2-4:1.0/0003:10C4:8105.0001/input/input0 hid-generic 0003:10C4:8105.0001: input,hidraw0: USB HID v1.11 Mouse [YSPRINGTECH USB OPTICAL MOUSE] on usb-1f058000.usb-4/input0 In the later case, there is no re-connection for USB-1.0/1.1 devices, which is expected. Cc: stable(a)vger.kernel.org Reported-by: Shengwen Xiao <atzlinux(a)sina.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/usb/host/ohci-platform.c | 1 + drivers/usb/host/uhci-platform.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/usb/host/ohci-platform.c b/drivers/usb/host/ohci-platform.c index 2e4bb5cc2165..c801527d5bd2 100644 --- a/drivers/usb/host/ohci-platform.c +++ b/drivers/usb/host/ohci-platform.c @@ -392,3 +392,4 @@ MODULE_DESCRIPTION(DRIVER_DESC); MODULE_AUTHOR("Hauke Mehrtens"); MODULE_AUTHOR("Alan Stern"); MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: ehci_platform"); diff --git a/drivers/usb/host/uhci-platform.c b/drivers/usb/host/uhci-platform.c index 5e02f2ceafb6..f4419d4526c4 100644 --- a/drivers/usb/host/uhci-platform.c +++ b/drivers/usb/host/uhci-platform.c @@ -211,3 +211,4 @@ static struct platform_driver uhci_platform_driver = { .of_match_table = platform_uhci_ids, }, }; +MODULE_SOFTDEP("pre: ehci_platform"); -- 2.47.3

1 day, 11 hours

2
1
0 0

[PATCH] fbdev: vt8500lcdfb: fix missing dma_free_coherent()

by Thomas Fourier

fbi->fb.screen_buffer is alloced with dma_free_coherent() but is not freed if the error path is reached. Fixes: e7b995371fe1 ("video: vt8500: Add devicetree support for vt8500-fb and wm8505-fb") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- drivers/video/fbdev/vt8500lcdfb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/vt8500lcdfb.c b/drivers/video/fbdev/vt8500lcdfb.c index b08a6fdc53fd..85c7a99a7d64 100644 --- a/drivers/video/fbdev/vt8500lcdfb.c +++ b/drivers/video/fbdev/vt8500lcdfb.c @@ -369,7 +369,7 @@ static int vt8500lcd_probe(struct platform_device *pdev) if (fbi->palette_cpu == NULL) { dev_err(&pdev->dev, "Failed to allocate palette buffer\n"); ret = -ENOMEM; - goto failed_free_io; + goto failed_free_mem_virt; } irq = platform_get_irq(pdev, 0); @@ -432,6 +432,9 @@ static int vt8500lcd_probe(struct platform_device *pdev) failed_free_palette: dma_free_coherent(&pdev->dev, fbi->palette_size, fbi->palette_cpu, fbi->palette_phys); +failed_free_mem_virt: + dma_free_coherent(&pdev->dev, fbi->fb.fix.smem_len, + fbi->fb.screen_buffer, fbi->fb.fix.smem_start); failed_free_io: iounmap(fbi->regbase); failed_free_res: -- 2.43.0

1 day, 12 hours

2
1
0 0

FAILED: patch "[PATCH] NFSD: Remove NFSERR_EAGAIN" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c6c209ceb87f64a6ceebe61761951dcbbf4a0baa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011223-dash-veal-39c7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6c209ceb87f64a6ceebe61761951dcbbf4a0baa Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Tue, 9 Dec 2025 19:28:49 -0500 Subject: [PATCH] NFSD: Remove NFSERR_EAGAIN I haven't found an NFSERR_EAGAIN in RFCs 1094, 1813, 7530, or 8881. None of these RFCs have an NFS status code that match the numeric value "11". Based on the meaning of the EAGAIN errno, I presume the use of this status in NFSD means NFS4ERR_DELAY. So replace the one usage of nfserr_eagain, and remove it from NFSD's NFS status conversion tables. As far as I can tell, NFSERR_EAGAIN has existed since the pre-git era, but was not actually used by any code until commit f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed."), at which time it become possible for NFSD to return a status code of 11 (which is not valid NFS protocol). Fixes: f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed.") Cc: stable(a)vger.kernel.org Reviewed-by: NeilBrown <neil(a)brown.name> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfs_common/common.c b/fs/nfs_common/common.c index af09aed09fd2..0778743ae2c2 100644 --- a/fs/nfs_common/common.c +++ b/fs/nfs_common/common.c @@ -17,7 +17,6 @@ static const struct { { NFSERR_NOENT, -ENOENT }, { NFSERR_IO, -EIO }, { NFSERR_NXIO, -ENXIO }, -/* { NFSERR_EAGAIN, -EAGAIN }, */ { NFSERR_ACCES, -EACCES }, { NFSERR_EXIST, -EEXIST }, { NFSERR_XDEV, -EXDEV }, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 7f7e6bb23a90..42a6b914c0fe 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1506,7 +1506,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); - return nfserr_eagain; + return nfserr_jukebox; } finish_wait(&nn->nfsd_ssc_waitq, &wait); goto try_again; diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h index 50be785f1d2c..b0283213a8f5 100644 --- a/fs/nfsd/nfsd.h +++ b/fs/nfsd/nfsd.h @@ -233,7 +233,6 @@ void nfsd_lockd_shutdown(void); #define nfserr_noent cpu_to_be32(NFSERR_NOENT) #define nfserr_io cpu_to_be32(NFSERR_IO) #define nfserr_nxio cpu_to_be32(NFSERR_NXIO) -#define nfserr_eagain cpu_to_be32(NFSERR_EAGAIN) #define nfserr_acces cpu_to_be32(NFSERR_ACCES) #define nfserr_exist cpu_to_be32(NFSERR_EXIST) #define nfserr_xdev cpu_to_be32(NFSERR_XDEV) diff --git a/include/trace/misc/nfs.h b/include/trace/misc/nfs.h index c82233e950ac..a394b4d38e18 100644 --- a/include/trace/misc/nfs.h +++ b/include/trace/misc/nfs.h @@ -16,7 +16,6 @@ TRACE_DEFINE_ENUM(NFSERR_PERM); TRACE_DEFINE_ENUM(NFSERR_NOENT); TRACE_DEFINE_ENUM(NFSERR_IO); TRACE_DEFINE_ENUM(NFSERR_NXIO); -TRACE_DEFINE_ENUM(NFSERR_EAGAIN); TRACE_DEFINE_ENUM(NFSERR_ACCES); TRACE_DEFINE_ENUM(NFSERR_EXIST); TRACE_DEFINE_ENUM(NFSERR_XDEV); @@ -52,7 +51,6 @@ TRACE_DEFINE_ENUM(NFSERR_JUKEBOX); { NFSERR_NXIO, "NXIO" }, \ { ECHILD, "CHILD" }, \ { ETIMEDOUT, "TIMEDOUT" }, \ - { NFSERR_EAGAIN, "AGAIN" }, \ { NFSERR_ACCES, "ACCES" }, \ { NFSERR_EXIST, "EXIST" }, \ { NFSERR_XDEV, "XDEV" }, \ diff --git a/include/uapi/linux/nfs.h b/include/uapi/linux/nfs.h index f356f2ba3814..71c7196d3281 100644 --- a/include/uapi/linux/nfs.h +++ b/include/uapi/linux/nfs.h @@ -49,7 +49,6 @@ NFSERR_NOENT = 2, /* v2 v3 v4 */ NFSERR_IO = 5, /* v2 v3 v4 */ NFSERR_NXIO = 6, /* v2 v3 v4 */ - NFSERR_EAGAIN = 11, /* v2 v3 */ NFSERR_ACCES = 13, /* v2 v3 v4 */ NFSERR_EXIST = 17, /* v2 v3 v4 */ NFSERR_XDEV = 18, /* v3 v4 */

1 day, 12 hours

2
3
0 0

[PATCH v1] mm: kmsan: Fix poisoning of high-order non-compound pages

by Ryan Roberts

kmsan_free_page() is called by the page allocator's free_pages_prepare() during page freeing. It's job is to poison all the memory covered by the page. It can be called with an order-0 page, a compound high-order page or a non-compound high-order page. But page_size() only works for order-0 and compound pages. For a non-compound high-order page it will incorrectly return PAGE_SIZE. The implication is that the tail pages of a high-order non-compound page do not get poisoned at free, so any invalid access while they are free could go unnoticed. It looks like the pages will be poisoned again at allocaiton time, so that would bookend the window. Fix this by using the order parameter to calculate the size. Fixes: b073d7f8aee4 ("mm: kmsan: maintain KMSAN metadata for page operations") Cc: stable(a)vger.kernel.org Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- Hi, I noticed this during code review, so perhaps I've just misunderstood the intent of the code. I don't have the means to compile and run on x86 with KMSAN enabled though, so punting this out hoping someone might be able to validate/test. I guess there is a small chance this could lead to KMSAN finding some new issues? Applies against today's mm-unstable (344d3580dacd). Thanks, Ryan mm/kmsan/shadow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kmsan/shadow.c b/mm/kmsan/shadow.c index e7f554a31bb4..9e1c5f2b7a41 100644 --- a/mm/kmsan/shadow.c +++ b/mm/kmsan/shadow.c @@ -207,7 +207,7 @@ void kmsan_free_page(struct page *page, unsigned int order) if (!kmsan_enabled || kmsan_in_runtime()) return; kmsan_enter_runtime(); - kmsan_internal_poison_memory(page_address(page), page_size(page), + kmsan_internal_poison_memory(page_address(page), PAGE_SIZE << order, GFP_KERNEL & ~(__GFP_RECLAIM), KMSAN_POISON_CHECK | KMSAN_POISON_FREE); kmsan_leave_runtime(); -- 2.43.0

1 day, 12 hours

3
2
0 0

FAILED: patch "[PATCH] NFSD: Remove NFSERR_EAGAIN" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c6c209ceb87f64a6ceebe61761951dcbbf4a0baa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011222-giggle-goofiness-bbd1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6c209ceb87f64a6ceebe61761951dcbbf4a0baa Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Tue, 9 Dec 2025 19:28:49 -0500 Subject: [PATCH] NFSD: Remove NFSERR_EAGAIN I haven't found an NFSERR_EAGAIN in RFCs 1094, 1813, 7530, or 8881. None of these RFCs have an NFS status code that match the numeric value "11". Based on the meaning of the EAGAIN errno, I presume the use of this status in NFSD means NFS4ERR_DELAY. So replace the one usage of nfserr_eagain, and remove it from NFSD's NFS status conversion tables. As far as I can tell, NFSERR_EAGAIN has existed since the pre-git era, but was not actually used by any code until commit f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed."), at which time it become possible for NFSD to return a status code of 11 (which is not valid NFS protocol). Fixes: f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed.") Cc: stable(a)vger.kernel.org Reviewed-by: NeilBrown <neil(a)brown.name> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfs_common/common.c b/fs/nfs_common/common.c index af09aed09fd2..0778743ae2c2 100644 --- a/fs/nfs_common/common.c +++ b/fs/nfs_common/common.c @@ -17,7 +17,6 @@ static const struct { { NFSERR_NOENT, -ENOENT }, { NFSERR_IO, -EIO }, { NFSERR_NXIO, -ENXIO }, -/* { NFSERR_EAGAIN, -EAGAIN }, */ { NFSERR_ACCES, -EACCES }, { NFSERR_EXIST, -EEXIST }, { NFSERR_XDEV, -EXDEV }, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 7f7e6bb23a90..42a6b914c0fe 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1506,7 +1506,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); - return nfserr_eagain; + return nfserr_jukebox; } finish_wait(&nn->nfsd_ssc_waitq, &wait); goto try_again; diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h index 50be785f1d2c..b0283213a8f5 100644 --- a/fs/nfsd/nfsd.h +++ b/fs/nfsd/nfsd.h @@ -233,7 +233,6 @@ void nfsd_lockd_shutdown(void); #define nfserr_noent cpu_to_be32(NFSERR_NOENT) #define nfserr_io cpu_to_be32(NFSERR_IO) #define nfserr_nxio cpu_to_be32(NFSERR_NXIO) -#define nfserr_eagain cpu_to_be32(NFSERR_EAGAIN) #define nfserr_acces cpu_to_be32(NFSERR_ACCES) #define nfserr_exist cpu_to_be32(NFSERR_EXIST) #define nfserr_xdev cpu_to_be32(NFSERR_XDEV) diff --git a/include/trace/misc/nfs.h b/include/trace/misc/nfs.h index c82233e950ac..a394b4d38e18 100644 --- a/include/trace/misc/nfs.h +++ b/include/trace/misc/nfs.h @@ -16,7 +16,6 @@ TRACE_DEFINE_ENUM(NFSERR_PERM); TRACE_DEFINE_ENUM(NFSERR_NOENT); TRACE_DEFINE_ENUM(NFSERR_IO); TRACE_DEFINE_ENUM(NFSERR_NXIO); -TRACE_DEFINE_ENUM(NFSERR_EAGAIN); TRACE_DEFINE_ENUM(NFSERR_ACCES); TRACE_DEFINE_ENUM(NFSERR_EXIST); TRACE_DEFINE_ENUM(NFSERR_XDEV); @@ -52,7 +51,6 @@ TRACE_DEFINE_ENUM(NFSERR_JUKEBOX); { NFSERR_NXIO, "NXIO" }, \ { ECHILD, "CHILD" }, \ { ETIMEDOUT, "TIMEDOUT" }, \ - { NFSERR_EAGAIN, "AGAIN" }, \ { NFSERR_ACCES, "ACCES" }, \ { NFSERR_EXIST, "EXIST" }, \ { NFSERR_XDEV, "XDEV" }, \ diff --git a/include/uapi/linux/nfs.h b/include/uapi/linux/nfs.h index f356f2ba3814..71c7196d3281 100644 --- a/include/uapi/linux/nfs.h +++ b/include/uapi/linux/nfs.h @@ -49,7 +49,6 @@ NFSERR_NOENT = 2, /* v2 v3 v4 */ NFSERR_IO = 5, /* v2 v3 v4 */ NFSERR_NXIO = 6, /* v2 v3 v4 */ - NFSERR_EAGAIN = 11, /* v2 v3 */ NFSERR_ACCES = 13, /* v2 v3 v4 */ NFSERR_EXIST = 17, /* v2 v3 v4 */ NFSERR_XDEV = 18, /* v3 v4 */

1 day, 12 hours

2
3
0 0

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 6.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.18.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011240-unreal-knee-7bf4@gregkh' --subject-prefix 'PATCH 6.18.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

1 day, 12 hours

2
3
0 0

[PATCH net v5] net: nfc: nci: Fix parameter validation for packet data

by Michael Thalmeier

Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct). Fixes: 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") Cc: stable(a)vger.kernel.org Signed-off-by: Michael Thalmeier <michael.thalmeier(a)hale.at> --- v5: - also check helper functions in nci_extract_rf_params_nfcf_passive_listen and nci_rf_discover_ntf_packet v4: - formatting fixes v3: - perform complete checks - replace magic numbers with offsetofend and sizeof v2: - Reference correct commit hash --- net/nfc/nci/ntf.c | 164 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 146 insertions(+), 18 deletions(-) diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c index 418b84e2b260..d9532ae9cd39 100644 --- a/net/nfc/nci/ntf.c +++ b/net/nfc/nci/ntf.c @@ -58,7 +58,7 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, struct nci_conn_info *conn_info; int i; - if (skb->len < sizeof(struct nci_core_conn_credit_ntf)) + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries)) return -EINVAL; ntf = (struct nci_core_conn_credit_ntf *)skb->data; @@ -68,6 +68,10 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, if (ntf->num_entries > NCI_MAX_NUM_CONN) ntf->num_entries = NCI_MAX_NUM_CONN; + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries) + + ntf->num_entries * sizeof(struct conn_credit_entry)) + return -EINVAL; + /* update the credits */ for (i = 0; i < ntf->num_entries; i++) { ntf->conn_entries[i].conn_id = @@ -138,23 +142,49 @@ static int nci_core_conn_intf_error_ntf_packet(struct nci_dev *ndev, static const __u8 * nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev, struct rf_tech_specific_params_nfca_poll *nfca_poll, - const __u8 *data) + const __u8 *data, size_t data_len) { + /* Check if we have enough data for sens_res (2 bytes) */ + if (data_len < 2) + return ERR_PTR(-EINVAL); + nfca_poll->sens_res = __le16_to_cpu(*((__le16 *)data)); data += 2; + data_len -= 2; + + /* Check if we have enough data for nfcid1_len (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE); + data_len--; pr_debug("sens_res 0x%x, nfcid1_len %d\n", nfca_poll->sens_res, nfca_poll->nfcid1_len); + /* Check if we have enough data for nfcid1 */ + if (data_len < nfca_poll->nfcid1_len) + return ERR_PTR(-EINVAL); + memcpy(nfca_poll->nfcid1, data, nfca_poll->nfcid1_len); data += nfca_poll->nfcid1_len; + data_len -= nfca_poll->nfcid1_len; + + /* Check if we have enough data for sel_res_len (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); nfca_poll->sel_res_len = *data++; + data_len--; + + if (nfca_poll->sel_res_len != 0) { + /* Check if we have enough data for sel_res (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); - if (nfca_poll->sel_res_len != 0) nfca_poll->sel_res = *data++; + data_len--; + } pr_debug("sel_res_len %d, sel_res 0x%x\n", nfca_poll->sel_res_len, @@ -166,14 +196,24 @@ nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev, static const __u8 * nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev, struct rf_tech_specific_params_nfcb_poll *nfcb_poll, - const __u8 *data) + const __u8 *data, size_t data_len) { + /* Check if we have enough data for sensb_res_len (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); + nfcb_poll->sensb_res_len = min_t(__u8, *data++, NFC_SENSB_RES_MAXSIZE); + data_len--; pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len); + /* Check if we have enough data for sensb_res */ + if (data_len < nfcb_poll->sensb_res_len) + return ERR_PTR(-EINVAL); + memcpy(nfcb_poll->sensb_res, data, nfcb_poll->sensb_res_len); data += nfcb_poll->sensb_res_len; + data_len -= nfcb_poll->sensb_res_len; return data; } @@ -181,16 +221,32 @@ nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev, static const __u8 * nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev, struct rf_tech_specific_params_nfcf_poll *nfcf_poll, - const __u8 *data) + const __u8 *data, size_t data_len) { + /* Check if we have enough data for bit_rate (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); + nfcf_poll->bit_rate = *data++; + data_len--; + + /* Check if we have enough data for sensf_res_len (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); + nfcf_poll->sensf_res_len = min_t(__u8, *data++, NFC_SENSF_RES_MAXSIZE); + data_len--; pr_debug("bit_rate %d, sensf_res_len %d\n", nfcf_poll->bit_rate, nfcf_poll->sensf_res_len); + /* Check if we have enough data for sensf_res */ + if (data_len < nfcf_poll->sensf_res_len) + return ERR_PTR(-EINVAL); + memcpy(nfcf_poll->sensf_res, data, nfcf_poll->sensf_res_len); data += nfcf_poll->sensf_res_len; + data_len -= nfcf_poll->sensf_res_len; return data; } @@ -198,24 +254,53 @@ nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev, static const __u8 * nci_extract_rf_params_nfcv_passive_poll(struct nci_dev *ndev, struct rf_tech_specific_params_nfcv_poll *nfcv_poll, - const __u8 *data) + const __u8 *data, size_t data_len) { + /* Skip 1 byte (reserved) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); + ++data; + data_len--; + + /* Check if we have enough data for dsfid (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); + nfcv_poll->dsfid = *data++; + data_len--; + + /* Check if we have enough data for uid (8 bytes) */ + if (data_len < NFC_ISO15693_UID_MAXSIZE) + return ERR_PTR(-EINVAL); + memcpy(nfcv_poll->uid, data, NFC_ISO15693_UID_MAXSIZE); data += NFC_ISO15693_UID_MAXSIZE; + data_len -= NFC_ISO15693_UID_MAXSIZE; + return data; } static const __u8 * nci_extract_rf_params_nfcf_passive_listen(struct nci_dev *ndev, struct rf_tech_specific_params_nfcf_listen *nfcf_listen, - const __u8 *data) + const __u8 *data, size_t data_len) { + /* Check if we have enough data for local_nfcid2_len (1 byte) */ + if (data_len < 1) + return ERR_PTR(-EINVAL); + nfcf_listen->local_nfcid2_len = min_t(__u8, *data++, NFC_NFCID2_MAXSIZE); + data_len--; + + /* Check if we have enough data for local_nfcid2 */ + if (data_len < nfcf_listen->local_nfcid2_len) + return ERR_PTR(-EINVAL); + memcpy(nfcf_listen->local_nfcid2, data, nfcf_listen->local_nfcid2_len); data += nfcf_listen->local_nfcid2_len; + data_len -= nfcf_listen->local_nfcid2_len; return data; } @@ -364,7 +449,7 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, const __u8 *data; bool add_target = true; - if (skb->len < sizeof(struct nci_rf_discover_ntf)) + if (skb->len < offsetofend(struct nci_rf_discover_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -380,26 +465,42 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, pr_debug("rf_tech_specific_params_len %d\n", ntf.rf_tech_specific_params_len); + if (skb->len < (data - skb->data) + + ntf.rf_tech_specific_params_len + sizeof(ntf.ntf_type)) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfca_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfca_poll), data); + &(ntf.rf_tech_specific_params.nfca_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return PTR_ERR(data); break; case NCI_NFC_B_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfcb_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfcb_poll), data); + &(ntf.rf_tech_specific_params.nfcb_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return PTR_ERR(data); break; case NCI_NFC_F_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfcf_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfcf_poll), data); + &(ntf.rf_tech_specific_params.nfcf_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return PTR_ERR(data); break; case NCI_NFC_V_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfcv_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfcv_poll), data); + &(ntf.rf_tech_specific_params.nfcv_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return PTR_ERR(data); break; default: @@ -596,7 +697,7 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, const __u8 *data; int err = NCI_STATUS_OK; - if (skb->len < sizeof(struct nci_rf_intf_activated_ntf)) + if (skb->len < offsetofend(struct nci_rf_intf_activated_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -628,26 +729,41 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, if (ntf.rf_interface == NCI_RF_INTERFACE_NFCEE_DIRECT) goto listen; + if (skb->len < (data - skb->data) + ntf.rf_tech_specific_params_len) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.activation_rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfca_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfca_poll), data); + &(ntf.rf_tech_specific_params.nfca_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return -EINVAL; break; case NCI_NFC_B_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfcb_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfcb_poll), data); + &(ntf.rf_tech_specific_params.nfcb_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return -EINVAL; break; case NCI_NFC_F_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfcf_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfcf_poll), data); + &(ntf.rf_tech_specific_params.nfcf_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return -EINVAL; break; case NCI_NFC_V_PASSIVE_POLL_MODE: data = nci_extract_rf_params_nfcv_passive_poll(ndev, - &(ntf.rf_tech_specific_params.nfcv_poll), data); + &(ntf.rf_tech_specific_params.nfcv_poll), data, + ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return -EINVAL; break; case NCI_NFC_A_PASSIVE_LISTEN_MODE: @@ -657,7 +773,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, case NCI_NFC_F_PASSIVE_LISTEN_MODE: data = nci_extract_rf_params_nfcf_passive_listen(ndev, &(ntf.rf_tech_specific_params.nfcf_listen), - data); + data, ntf.rf_tech_specific_params_len); + if (IS_ERR(data)) + return -EINVAL; break; default: @@ -668,6 +786,13 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, } } + if (skb->len < (data - skb->data) + + sizeof(ntf.data_exch_rf_tech_and_mode) + + sizeof(ntf.data_exch_tx_bit_rate) + + sizeof(ntf.data_exch_rx_bit_rate) + + sizeof(ntf.activation_params_len)) + return -EINVAL; + ntf.data_exch_rf_tech_and_mode = *data++; ntf.data_exch_tx_bit_rate = *data++; ntf.data_exch_rx_bit_rate = *data++; @@ -679,6 +804,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, pr_debug("data_exch_rx_bit_rate 0x%x\n", ntf.data_exch_rx_bit_rate); pr_debug("activation_params_len %d\n", ntf.activation_params_len); + if (skb->len < (data - skb->data) + ntf.activation_params_len) + return -EINVAL; + if (ntf.activation_params_len > 0) { switch (ntf.rf_interface) { case NCI_RF_INTERFACE_ISO_DEP: -- 2.52.0

1 day, 13 hours

1
0
0 0

[PATCH v2] misc: fastrpc: possible double-free of cctx->remote_heap

by Xingjing Deng

fastrpc_init_create_static_process() may free cctx->remote_heap on the err_map path but does not clear the pointer. Later, fastrpc_rpmsg_remove() frees cctx->remote_heap again if it is non-NULL, which can lead to a double-free if the INIT_CREATE_STATIC ioctl hits the error path and the rpmsg device is subsequently removed/unbound. Clear cctx->remote_heap after freeing it in the error path to prevent the later cleanup from freeing it again. Fixes: 0871561055e66 ("misc: fastrpc: Add support for audiopd") Cc: stable(a)vger.kernel.org # 6.2+ Signed-off-by: Xingjing Deng <xjdeng(a)buaa.edu.cn> v2 changes: Add Fixes: and Cc: stable(a)vger.kernel.org. --- drivers/misc/fastrpc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index ee652ef01534..fb3b54e05928 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -1370,6 +1370,7 @@ static int fastrpc_init_create_static_process(struct fastrpc_user *fl, } err_map: fastrpc_buf_free(fl->cctx->remote_heap); + fl->cctx->remote_heap = NULL; err_name: kfree(name); err: -- 2.25.1

1 day, 14 hours

1
0
0 0

[PATCH 6.1 000/633] 6.1.160-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.160 release. There are 633 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 12 Jan 2026 13:51:43 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.160-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.160-rc2 Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: mac80211: fix switch count in EMA beacons Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: fix puncturing bitmap policy Petr Tesarik <petr(a)tesarici.cz> net: stmmac: fix ethtool per-queue statistics Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: fix incorrect rxq|txq_stats reference Johan Hovold <johan(a)kernel.org> usb: gadget: lpc32xx_udc: fix clock imbalance in error path David Hildenbrand <david(a)redhat.com> mm: (un)track_pfn_copy() fix + doc improvements David Hildenbrand <david(a)redhat.com> kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() Su Hui <suhui(a)nfschina.com> net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "iommu/amd: Skip enabling command/event buffers for kdump" Amitai Gottlieb <amitaig(a)hailo.ai> firmware: arm_scmi: Fix unused notifier-block in unregister Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: fix tty_port_tty_*hangup() kernel-doc Ming Lei <ming.lei(a)redhat.com> blk-mq: setup queue ->tag_set before initializing hctx Sean Nyekjaer <sean(a)geanix.com> pwm: stm32: Always program polarity Gabriel Krisman Bertazi <krisman(a)suse.de> ext4: fix error message when rejecting the default hash Jason Yan <yanaijie(a)huawei.com> ext4: factor out ext4_hash_info_init() Lizhi Xu <lizhi.xu(a)windriver.com> ext4: filesystems without casefold feature cannot be mounted with siphash Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Apply the link chain quirk on NEC isoc endpoints Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: move link chain bit quirk checks into one helper function. Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix a null-ptr access in the cursor snooper Hugh Dickins <hughd(a)google.com> mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() Peter Xu <peterx(a)redhat.com> mm/mprotect: use long for page accountings and retval David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Ma Wupeng <mawupeng1(a)huawei.com> x86/mm/pat: clear VM_PAT if copy_p4d_range failed Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Remove improper idxd_free Justin Stitt <justinstitt(a)google.com> KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning Maximilian Immanuel Brandtner <maxbr(a)linux.ibm.com> virtio_console: fix order of fields cols and rows Johan Hovold <johan(a)kernel.org> iommu/qcom: fix device leak on of_xlate() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Index contexts by asid number to allow asid 0 AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Use the asid read from device-tree if specified Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/arm-smmu: Convert to platform remove callback returning void Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/arm-smmu: Drop if with an always false condition Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 file creation neglects setting ACL Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister: fixup Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: introduce and use tty_port_tty_vhangup() helper Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: Make uart_remove_one_port() return void Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Thomas Zimmermann <tzimmermann(a)suse.de> drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Christian König <christian.koenig(a)amd.com> drm/amdgpu: cleanup scheduler job initialization v2 Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand <david(a)redhat.com> mm: simplify folio_expected_ref_count() NeilBrown <neil(a)brown.name> lockd: fix vfs_test_lock() calls Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection Wentao Liang <vulab(a)iscas.ac.cn> pmdomain: imx: Fix reference count leak in imx_gpc_probe() Rob Herring <robh(a)kernel.org> pmdomain: Use device_get_match_data() Haoxiang Li <haoxiang_li2024(a)163.com> media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Remove vpu_vb_is_codecconfig Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: amphion: Make some vpu_v4l2 functions static Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Add a frame flush mode for decoder Dongli Zhang <dongli.zhang(a)oracle.com> KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: we cannot have isolated pages in the balloon list Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix disabling L0s capability Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix CPU stalls on G2 bus error Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix OF node leak on probe Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ASoC: stm: stm32_sai_sub: Convert to platform remove callback returning void Joanne Koong <joannelkoong(a)gmail.com> fuse: fix readahead reclaim deadlock Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix clk prepare imbalance on probe failure Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: stm32: sai: Use the devm_clk_get_optional() helper Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leaks on probe() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/mtk_iommu_v1: Convert to platform remove callback returning void Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix use-after-free on probe deferral Yong Wu <yong.wu(a)mediatek.com> iommu/mediatek: Improve safety for mediatek,smi property in larb nodes Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 Shivani Agarwal <shivani.agarwal(a)broadcom.com> crypto: af_alg - zero initialize memory allocated via sock_kmalloc Filipe Manana <fdmanana(a)suse.com> btrfs: don't log conflicting inode if it's a dir moved in the current transaction Joshua Rogers <linux(a)joshua.hu> SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap Chao Yu <chao(a)kernel.org> f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Chao Yu <chao(a)kernel.org> f2fs: use global inline_xattr_slab instead of per-sb slab cache Chao Yu <chao(a)kernel.org> f2fs: fix to propagate error from f2fs_enable_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating compression context during writeback Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: drop inode from the donation list when the last file is closed Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: keep POSIX_FADV_NOREUSE ranges Chao Yu <chao(a)kernel.org> f2fs: remove unused GC_FAILURE_PIN Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating zero-sized extent in extent cache Seunghwan Baek <sh8267.baek(a)samsung.com> scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Udipto Goswami <udipto.goswami(a)oss.qualcomm.com> usb: dwc3: keep susphy enabled during exit to avoid controller faults Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ignore unknown endpoint flags Johan Hovold <johan(a)kernel.org> usb: ohci-nxp: fix device leak on probe failure Zhang Zekun <zhangzekun11(a)huawei.com> usb: ohci-nxp: Use helper function devm_clk_get_enabled() Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid deadlock on fallback while reinjecting Fedor Pchelkin <pchelkin(a)ispras.ru> ext4: fix string copying in parse_apply_sb_mount_options() Ye Bin <yebin10(a)huawei.com> jbd2: fix the inconsistency between checksum and data in memory for journal sb Alexey Velichayshiy <a.velichayshiy(a)ispras.ru> gfs2: fix freeze error handling Josef Bacik <josef(a)toxicpanda.com> btrfs: don't rewrite ret from inode_permission Sven Eckelmann (Plasma Cloud) <se(a)simonwunderlich.de> wifi: mt76: Fix DTS power-limits on little endian systems Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_can_open(): fix error handling Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Fix integer overflow in sample size validation Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use standard print API Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Clear substream pointers on close Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use guard() for spin locks Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Use EMULTYPE flag to track write #PFs to shadow pages Dong Chenchen <dongchenchen2(a)huawei.com> page_pool: Fix use-after-free in page_pool_recycle_in_ring Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Baokun Li <libaokun1(a)huawei.com> fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Martin Nybo Andersen <tweek(a)tweek.dk> kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory failure from damon_test_target() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/64s/radix/kfence: map __kfence_pool at page granularity Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> tpm: Cap the number of PCR banks Ming Lei <ming.lei(a)redhat.com> blk-mq: add helper for checking if one CPU is mapped to specified hctx Lyude Paul <lyude(a)redhat.com> drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Krzysztof Niemiec <krzysztof.niemiec(a)intel.com> drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer René Rebe <rene(a)exactco.de> drm/mgag200: Fix big-endian support Simon Richter <Simon.Richter(a)hogyros.de> drm/ttm: Avoid NULL pointer deref for evicted BOs Miaoqian Lin <linmq006(a)gmail.com> drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Xiaolei Wang <xiaolei.wang(a)windriver.com> net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Deepanshu Kartikey <kartikey406(a)gmail.com> net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Ethan Nelson-Moore <enelsonmoore(a)gmail.com> net: usb: sr9700: fix incorrect command used to write single register Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> nfsd: Drop the client reference in client_states_open() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Zero-extend bpf_tail_call() index Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> fjes: Add missing iounmap in fjes_hw_init() Guangshuo Li <lgs201920130244(a)gmail.com> e1000: fix OOB in e1000_tbi_should_accept() Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/cm: Fix leaking the multicast GID table reference Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly Matthew Wilcox (Oracle) <willy(a)infradead.org> idr: fix idr_alloc() returning an ID out of range Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: refactor pcpu kasan vmalloc unpoison H. Peter Anvin <hpa(a)zytor.com> compiler_types.h: add "auto" as a macro for "__auto_type" WangYuli <wangyl5933(a)chinaunicom.cn> LoongArch: Use __pmd()/__pte() for swap entry conversions Qiang Ma <maqianga(a)uniontech.com> LoongArch: Correct the calculation logic of thread_count Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add new PCI ID for pci_fixup_vgadev() Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Cancel message work before releasing the VPU core Johan Hovold <johan(a)kernel.org> media: vpif_display: fix section mismatch Johan Hovold <johan(a)kernel.org> media: vpif_capture: fix section mismatch Haotian Zhang <vulab(a)iscas.ac.cn> media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Protect G2 HEVC decoder against invalid DPB index Duoming Zhou <duoming(a)zju.edu.cn> media: TDA1997x: Remove redundant cancel_delayed_work in probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: samsung: exynos4-is: fix potential ABBA deadlock on init Miaoqian Lin <linmq006(a)gmail.com> media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled Ivan Abramov <i.abramov(a)mt-integration.ru> media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Haotian Zhang <vulab(a)iscas.ac.cn> media: cec: Fix debugfs leak on bus_register() failure René Rebe <rene(a)exactco.de> fbdev: tcx.c fix mem_map to correct smem_start offset Thorsten Blum <thorsten.blum(a)linux.dev> fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Rene Rebe <rene(a)exactco.de> fbdev: gbefb: fix to use physical address instead of dma address Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: align write boundary on physical block size Uladzislau Rezki (Sony) <urezki(a)gmail.com> dm-ebs: Mark full buffer dirty even on partial write Mahesh Rao <mahesh.rao(a)altera.com> firmware: stratix10-svc: Add mutex in stratix10 memory management Ivan Abramov <i.abramov(a)mt-integration.ru> media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION Sven Schnelle <svens(a)stackframe.org> parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Sven Schnelle <svens(a)stackframe.org> parisc: entry.S: fix space adjustment on interruption for 64-bit userspace Haotian Zhang <vulab(a)iscas.ac.cn> media: rc: st_rc: Fix reset control resource leak Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77620: Fix potential IRQ chip conflict when probing two devices Johan Hovold <johan(a)kernel.org> mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Enable chip before any communication Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Allow LED 0 to be added to module bank Donet Tom <donettom(a)linux.ibm.com> powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dave Vasilevsky <dave(a)vasilevsky.ca> powerpc, mm: Fix mprotect on book3s 32-bit Lukas Wunner <lukas(a)wunner.de> PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Hans de Goede <johannes.goede(a)oss.qualcomm.com> HID: logitech-dj: Remove duplicate error logging Johan Hovold <johan(a)kernel.org> iommu/tegra: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/sun50i: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/omap: fix device leaks on probe_device() Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/ipmmu-vmsa: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/exynos: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/apple-dart: fix device leak on of_xlate() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6adm: the the copp device only during last instance Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6asm-dai: perform correct state check before closing Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix device leak on probe Matthew Wilcox (Oracle) <willy(a)infradead.org> ntfs: Do not overwrite uptodate pages Yipeng Zou <zouyipeng(a)huawei.com> selftests/ftrace: traceonoff_triggers: strip off names Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: skip CPU offline notify on unmapped hctx Ming Lei <ming.lei(a)redhat.com> blk-mq: don't schedule block kworker on isolated CPUs Frederic Weisbecker <frederic(a)kernel.org> sched/isolation: add cpu_is_isolated() API Thomas Fourier <fourier.thomas(a)gmail.com> RDMA/bnxt_re: fix dma_free_coherent() pointer Honggang LI <honggangli(a)163.com> RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to use correct page size for PDE table Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() Jang Ingyu <ingyujang25(a)korea.ac.kr> RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Remove possible negative shift Michal Schmidt <mschmidt(a)redhat.com> RDMA/irdma: avoid invalid read in irdma_net_event Pwnverse <stanksal(a)purdue.edu> net: rose: fix invalid array index in rose_kill_by_device() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix reference count leak when using error routes with nexthop objects Will Rosenberg <whrosenb(a)asu.edu> ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() Wei Fang <wei.fang(a)nxp.com> net: stmmac: fix the crash issue for zero copy XDP_TX action Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: use per-queue 64 bit statistics where necessary Teoh Ji Sheng <ji.sheng.teoh(a)intel.com> net: stmmac: xgmac: add ethtool per-queue irq statistic support Song Yoong Siang <yoong.siang.song(a)intel.com> net: stmmac: introduce wrapper for struct xdp_buff Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: dwmac4: Allow platforms to specify some DMA/MTL offsets Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Pass stmmac_priv in some callbacks Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Remove some unnecessary void pointers Revanth Kumar Uppala <ruppala(a)nvidia.com> net: stmmac: Power up SERDES after the PHY link Anshumali Gaur <agaur(a)marvell.com> octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Bagas Sanjaya <bagasdotme(a)gmail.com> net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Deepanshu Kartikey <kartikey406(a)gmail.com> net: usb: asix: validate PHY address before use Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: skip multicast entries for fdb_dump() Thomas Fourier <fourier.thomas(a)gmail.com> firewire: nosy: Fix dma_free_coherent() size Andrew Morton <akpm(a)linux-foundation.org> genalloc.h: fix htmldocs warning Yeoreum Yun <yeoreum.yun(a)arm.com> smc91x: fix broken irq-context in PREEMPT_RT Alice C. Munduruca <alice.munduruca(a)canonical.com> selftests: net: fix "buffer overflow detected" for tap.c Deepakkumar Karn <dkarn(a)redhat.com> net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Jiri Pirko <jiri(a)nvidia.com> team: fix check for port enabled in team_queue_override_port_prio_changed() Junrui Luo <moonafterrain(a)outlook.com> platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic Thomas Fourier <fourier.thomas(a)gmail.com> platform/x86: msi-laptop: add missing sysfs_remove_group() Eric Dumazet <edumazet(a)google.com> ip6_gre: make ip6gre_header() robust Toke Høiland-Jørgensen <toke(a)redhat.com> net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Jacky Chou <jacky_chou(a)aspeedtech.com> net: mdio: aspeed: add dummy read to avoid read-after-write issue Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: revert use of devm_kzalloc in btusb Herbert Xu <herbert(a)gondor.apana.org.au> crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Kohei Enju <enjuk(a)amazon.com> iavf: fix off-by-one issues in iavf_config_rss_reg() Gregory Herrero <gregory.herrero(a)oracle.com> i40e: validate ring_len parameter against hardware-specific values Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor argument of i40e_detect_recover_hung() Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor argument of several client notification functions Przemyslaw Korba <przemyslaw.korba(a)intel.com> i40e: fix scheduling in set_rx_mode Aloka Dixit <aloka.dixit(a)oss.qualcomm.com> wifi: mac80211: do not use old MBSSID elements Aloka Dixit <quic_alokad(a)quicinc.com> mac80211: support RNR for EMA AP Aloka Dixit <quic_alokad(a)quicinc.com> cfg80211: support RNR for EMA AP Aloka Dixit <quic_alokad(a)quicinc.com> wifi: mac80211: generate EMA beacons in AP mode Avraham Stern <avraham.stern(a)intel.com> wifi: nl80211: add a command to enable/disable HW timestamping Aloka Dixit <quic_alokad(a)quicinc.com> wifi: nl80211: validate and configure puncturing bitmap Aloka Dixit <quic_alokad(a)quicinc.com> wifi: cfg80211: move puncturing bitmap validation from mac80211 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mlme: handle EHT channel puncturing Vinayak Yadawad <vinayak.yadawad(a)broadcom.com> cfg80211: Update Transition Disable policy during port authorization Dan Carpenter <dan.carpenter(a)linaro.org> wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83791d) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (max16065) Use local variable to avoid TOCTOU Ma Ke <make24(a)iscas.ac.cn> i2c: amd-mp2: fix reference leak in MP2 PCI device Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> platform/x86: intel: chtwc_int33fe: don't dereference swnode args Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> rpmsg: glink: fix rpmsg device leak Johan Hovold <johan(a)kernel.org> soc: amlogic: canvas: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: qcom: ocmem: fix device leak on lookup Johan Hovold <johan(a)kernel.org> amba: tegra-ahb: Fix device leak on SMMU enable Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Prithvi Tambewagh <activprithvi(a)gmail.com> io_uring: fix filename leak in __io_openat_prep() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: correctly handle io_poll_add() return value on update Nysal Jan K.A. <nysal(a)linux.ibm.com> powerpc/kexec: Enable SMT before waking offline CPUs Joshua Rogers <linux(a)joshua.hu> svcrdma: return 0 on success from svc_rdma_copy_inline_range Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> nfsd: Mark variable __maybe_unused to avoid W=1 build break Amir Goldstein <amir73il(a)gmail.com> fsnotify: do not generate ACCESS/MODIFY events on child for special files René Rebe <rene(a)exactco.de> r8169: fix RTL8117 Wake-on-Lan in DASH mode Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Do not clear needs_force_resume with enabled runtime PM Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not register unsupported perf events Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> xfs: fix a memory leak in xfs_buf_item_init() Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() Sean Christopherson <seanjc(a)google.com> KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 Ilya Dryomov <idryomov(a)gmail.com> libceph: make decode_pool() more resilient against corrupted osdmaps Helge Deller <deller(a)gmx.de> parisc: Do not reprogram affinitiy on ASP chip Zhichi Lin <zhichi.lin(a)vivo.com> scs: fix a wrong parameter in __scs_magic Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Prithvi Tambewagh <activprithvi(a)gmail.com> ocfs2: fix kernel BUG in ocfs2_find_victim_chain Jeongjun Park <aha310510(a)gmail.com> media: vidtv: initialize local pointers upon transfer of memory ownership Alison Schofield <alison.schofield(a)intel.com> tools/testing/nvdimm: Use per-DIMM device handle Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_recover_fsync_data() Deepanshu Kartikey <kartikey406(a)gmail.com> f2fs: invalidate dentry cache on failed whiteout creation Andrey Vatoropin <a.vatoropin(a)crpt.ru> scsi: target: Reset t_task_cdb pointer in error case Dai Ngo <dai.ngo(a)oracle.com> NFSD: use correct reservation type in nfsd4_scsi_fence_client Junrui Luo <moonafterrain(a)outlook.com> scsi: aic94xx: fix use-after-free in device removal path Tony Battersby <tonyb(a)cybernetics.com> scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Miaoqian Lin <linmq006(a)gmail.com> cpufreq: nforce2: fix reference count leak in nforce2 Ma Ke <make24(a)iscas.ac.cn> intel_th: Fix error handling in intel_th_output_open Tianchu Chen <flynnnchen(a)tencent.com> char: applicom: fix NULL pointer dereference in ac_ioctl Haoxiang Li <haoxiang_li2024(a)163.com> usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() Miaoqian Lin <linmq006(a)gmail.com> usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe Johan Hovold <johan(a)kernel.org> usb: phy: isp1301: fix non-OF device reference imbalance Duoming Zhou <duoming(a)zju.edu.cn> usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal Ma Ke <make24(a)iscas.ac.cn> USB: lpc32xx_udc: Fix error handling in probe Johan Hovold <johan(a)kernel.org> phy: broadcom: bcm63xx-usbh: fix section mismatches Colin Ian King <colin.i.king(a)gmail.com> media: pvrusb2: Fix incorrect variable used in trace message Jeongjun Park <aha310510(a)gmail.com> media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-mem2mem: Fix outdated documentation Byungchul Park <byungchul(a)sk.com> jbd2: use a weaker annotation in journal handling Baokun Li <libaokun1(a)huawei.com> ext4: align max orphan file size with e2fsprogs limit Yongjian Sun <sunyongjian1(a)huawei.com> ext4: fix incorrect group number assertion in mb_check_buddy Haibo Chen <haibo.chen(a)nxp.com> ext4: clear i_state_flags when alloc inode Karina Yankevich <k.yankevich(a)omp.ru> ext4: xattr: fix null pointer deref in ext4_raw_inode() Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Fix uninitialized var in config-bisect.pl Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: fix mount failure for sparse runs in run_unpack() Zheng Yejian <zhengyejian(a)huaweicloud.com> kallsyms: Fix wrong "big" kernel symbol type read from procfs Rene Rebe <rene(a)exactco.de> floppy: fix for PAGE_SIZE != 4KB Li Chen <chenl311(a)chinatelecom.cn> block: rate-limit capacity change info log Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: Fix gendisk parent after copy pair swap Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Sarthak Garg <sarthak.garg(a)oss.qualcomm.com> mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix a memory leak in tpm2_load_cmd Stefano Garzarella <sgarzare(a)redhat.com> vhost/vsock: improve RCU read sections around vhost_vsock_get() Dan Carpenter <dan.carpenter(a)linaro.org> block: rnbd-clt: Fix signedness bug in init_dev() Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Daniel Wagner <wagi(a)kernel.org> nvme-fc: don't hold rport lock when putting ctrl Wenhua Lin <Wenhua.Lin(a)unisoc.com> serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: xhci: limit run_graceperiod for only usb 3.0 devices Pei Xiao <xiaopei01(a)kylinos.cn> iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Mark Pearson <mpearson-lenovo(a)squebb.ca> usb: typec: ucsi: Handle incorrect num_connectors capability Lizhi Xu <lizhi.xu(a)windriver.com> usbip: Fix locking bug in RT-enabled kernels Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix remount failure in different process environments Encrow Thorne <jyc0019(a)gmail.com> reset: fix BIT macro reference Li Qiang <liqiang01(a)kylinos.cn> via_wdt: fix critical boot hang due to unnamed resource allocation Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Use reinit_completion on mbx_intr_comp Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled Ben Collins <bcollins(a)kernel.org> powerpc/addnote: Fix overflow on 32-bit builds Josua Mayer <josua(a)solid-run.com> clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Matthias Schiffer <matthias.schiffer(a)tq-group.com> ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: Init workqueue before request mbox channel Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix __scan_channels() failing to rescan channels Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix the race between __scan_channels() and deliver_response() Shipei Qu <qu(a)darknavy.com> ALSA: usb-mixer: us16x08: validate meter packet indices Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: vxpocket: Fix resource leak in vxpocket_probe error path Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Jared Kangas <jkangas(a)redhat.com> mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Christophe Leroy <christophe.leroy(a)csgroup.eu> spi: fsl-cpm: Check length parity before switching to 16 bit mode Pengjie Zhang <zhangpengjie2(a)huawei.com> ACPI: CPPC: Fix missing PCC check for guaranteed_perf Christoffer Sandberg <cs(a)tuxedo.de> Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Junjie Cao <junjie.cao(a)intel.com> Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Ping Cheng <pinglinux(a)gmail.com> HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix buffer validation by including null terminator size in EA length Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Fix refcount leak when invalid session is found on session lookup Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: skip lock-range check on equal size to avoid size==0 underflow Thomas Fourier <fourier.thomas(a)gmail.com> block: rnbd-clt: Fix leaked ID in init_dev() Anurag Dutta <a-dutta(a)ti.com> spi: cadence-quadspi: Fix clock disable on probe failure path Yang Yingliang <yangyingliang(a)huawei.com> spi: cadence-quadspi: add missing clk_disable_unprepare() in cqspi_probe() William Qiu <william.qiu(a)starfivetech.com> spi: cadence-quadspi: Add clock configuration for StarFive JH7110 QSPI Brad Larson <blarson(a)amd.com> spi: cadence-quadspi: Add compatible for AMD Pensando Elba SoC William Qiu <william.qiu(a)starfivetech.com> spi: cadence-quadspi: Add support for StarFive JH7110 QSPI Juergen Gross <jgross(a)suse.com> x86/xen: Fix sparse warning in enlighten_pv.c Brian Gerst <brgerst(a)gmail.com> x86/xen: Move Xen upcall handler Haoxiang Li <haoxiang_li2024(a)163.com> MIPS: Fix a reference leak bug in ip22_check_gio() Alexey Simakov <bigalex934(a)gmail.com> hwmon: (tmp401) fix overflow caused by default conversion rate value Junrui Luo <moonafterrain(a)outlook.com> hwmon: (ibmpex) fix use-after-free in high/low store Jian Shen <shenjian15(a)huawei.com> net: hns3: add VLAN id validation before using Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps in the vf driver to apply for resources Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Handle escaped percent properly Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Validate format string parameters Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Add support for unrecognized string Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Drain firmware reset in shutdown callback Parav Pandit <parav(a)mellanox.com> net/mlx5: Create a new profile for SFs Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: fw reset, clear reset requested on drain_fw_reset Gal Pressman <gal(a)nvidia.com> ethtool: Avoid overflowing userspace buffer on stats query Daniil Tatianin <d-tatianin(a)yandex-team.ru> net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers Daniil Tatianin <d-tatianin(a)yandex-team.ru> net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats Dan Carpenter <dan.carpenter(a)linaro.org> nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() Victor Nogueira <victor(a)mojatatu.com> net/sched: ets: Remove drr class from the active list if it changes to strict Junrui Luo <moonafterrain(a)outlook.com> caif: fix integer underflow in cffrml_receive() Slavin Liu <slavin452(a)gmail.com> ipvs: fix ipv4 null-ptr-deref in route error path Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: fix leaked ct in error paths Alexey Simakov <bigalex934(a)gmail.com> broadcom: b44: prevent uninitialized value usage Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix middle attribute validation in push_nsh() action Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix neighbour use-after-free Dmitry Skorodumov <skorodumov.dmitry(a)huawei.com> ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Wang Liang <wangliang74(a)huawei.com> netrom: Fix memory leak in nr_sendmsg() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix use of bio_chain Gongwei Li <ligongwei(a)kylinos.cn> Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix return value of smb2_ioctl() Qu Wenruo <wqu(a)suse.com> btrfs: scrub: always update btrfs_scrub_progress::last_physical Hans de Goede <hansg(a)kernel.org> wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/073 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: Verify inode mode when loading from disk Yang Chenzhi <yang.chenzhi(a)vivo.com> hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/070 Mikhail Malyshev <mike.malyshev(a)gmail.com> kbuild: Use objtree for module signing key path Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Support timestamps prior to epoch Song Liu <song(a)kernel.org> livepatch: Match old_sympos 0 and 1 in klp_find_func() Shuhao Fu <sfual(a)cse.ust.hk> cpufreq: s5pv210: fix refcount leak Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Cryolitia PukNgae <cryolitia.pukngae(a)linux.dev> ACPICA: Avoid walking the Namespace if start_node is NULL Peter Zijlstra <peterz(a)infradead.org> x86/ptrace: Always inline trivial accessors Peter Zijlstra <peterz(a)infradead.org> sched/fair: Revert max_newidle_lb_cost bump Doug Berger <opendmb(a)gmail.com> sched/deadline: only set free_cpus for online runqueues George Kennedy <george.kennedy(a)oracle.com> perf/x86/amd: Check event before enable to avoid GPF Deepanshu Kartikey <kartikey406(a)gmail.com> btrfs: fix memory leak of fs_devices in degraded seed device path Ondrej Mosnacek <omosnace(a)redhat.com> bpf, arm64: Do not audit capability check in do_jit() Filipe Manana <fdmanana(a)suse.com> btrfs: do not skip logging new dentries when logging a new name Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: get channel status data when PHY is not exists Junrui Luo <moonafterrain(a)outlook.com> ALSA: dice: fix buffer overflow in detect_stream_formats() Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> usb: phy: Initialize struct usb_phy list_head Haotien Hsu <haotienh(a)nvidia.com> usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Allocate rings outside ZONE_DMA Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add machine_kexec_mask_interrupts() implementation Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix memory leak in ocfs2_merge_rec_left() Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Adjust infopfx size to accept an extra space Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Add a new helper function to print bitmasks Haotian Zhang <vulab(a)iscas.ac.cn> dm log-writes: Add missing set_freezable() for freezable kthread Alexey Simakov <bigalex934(a)gmail.com> dm-raid: fix possible NULL dereference with undefined raid type Liyuan Pang <pangliyuan1(a)huawei.com> ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: add bounds check in put_user loop for DSP events Haotian Zhang <vulab(a)iscas.ac.cn> rtc: gamecube: Check the return value of ioremap() Andres J Rosa <andyrosa(a)gmail.com> ALSA: uapi: Fix typo in asound.h comment Dave Kleikamp <dave.kleikamp(a)oracle.com> dma/pool: eliminate alloc_pages warning in atomic_pool_expand Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events shechenglong <shechenglong(a)xfusion.com> block: fix comment for op_is_zone_mgmt() to include RESET_ALL Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: Abort suspend when wakeup events are pending Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak5558: Disable regulator when error happens Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak4458: Disable regulator when error happens Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() Anton Khirnov <anton(a)khirnov.net> platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix inheritance of the block sizes when automounting Trond Myklebust <trond.myklebust(a)primarydata.com> Expand the type of nfs_fattr->valid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Ondrej Mosnacek <omosnace(a)redhat.com> fs_context: drop the unused lsm_flags member Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when mounting nfs" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: clear SB_RDONLY before getting superblock" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when remounting nfs" Jonathan Curley <jcurley(a)purestorage.com> NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in readdir and lookup Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix utf16 to utf8 conversion Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid changing nlink when file removes and attribute updates race Abdun Nihaal <nihaal(a)cse.iitm.ac.in> fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: single: Fix incorrect type for error return variable Matthijs Kooijman <matthijs(a)stdin.nl> pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix split kallsyms DSO counting Xiang Mei <xmei5(a)asu.edu> net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Yu Kuai <yukuai(a)fnnas.com> md/raid5: fix IO hang when array is broken with IO inflight Yu Kuai <yukuai3(a)huawei.com> md: export md_is_rdwr() and is_md_suspended() Alexandru Gagniuc <mr.nuke.me(a)gmail.com> remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Ivan Stepchenko <sid(a)itb.spb.ru> mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Haotian Zhang <vulab(a)iscas.ac.cn> mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: stmmac: fix rx limit check in stmmac_rx_zc() Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_connlimit: update the count if add was skipped Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: rework API to use sk_buff directly Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: check for maximum number of encapsulations in bridge vlan Ilias Stamatis <ilstam(a)amazon.com> Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: introduce is_type_match() helper and use it Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: replace open coded resource_intersection() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: Reuse for_each_resource() macro Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: Replace printk(KERN_WARNING) by pr_warn(), printk() by pr_info() sparkhuang <huangshaobo3(a)xiaomi.com> regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: catpt: Fix error path in hw_params() Michael S. Tsirkin <mst(a)redhat.com> virtio: fix virtqueue_set_affinity() docs Michael S. Tsirkin <mst(a)redhat.com> virtio: fix typo in virtio_device_ready() comment Alok Tiwari <alok.a.tiwari(a)oracle.com> virtio_vdpa: fix misleading return in void function Yongjian Sun <sunyongjian1(a)huawei.com> ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove unused return value of __mb_check_buddy René Rebe <rene(a)exactco.de> ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 Haotian Zhang <vulab(a)iscas.ac.cn> hwmon: sy7636a: Fix regulator_enable resource leak on error path Dan Carpenter <dan.carpenter(a)linaro.org> drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: clear the channel status control memory Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_xcvr: Add support for i.MX93 platform Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: Add Counter registers Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_sc_ccq_arm Stephan Gerhold <stephan.gerhold(a)linaro.org> iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Randy Dunlap <rdunlap(a)infradead.org> backlight: lp855x: Fix lp855x.h kernel-doc warnings Luca Ceresoli <luca.ceresoli(a)bootlin.com> backlight: led-bl: Add devlink to supplier LEDs Mans Rullgard <mans(a)mansr.com> backlight: led_bl: Take led_access lock when required Ria Thomas <ria.thomas(a)morsemicro.com> wifi: ieee80211: correct FILS status codes Shawn Lin <shawn.lin(a)rock-chips.com> PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Jianglei Nie <niejianglei2021(a)163.com> staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Dinh Nguyen <dinguyen(a)kernel.org> firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Zilin Guan <zilin(a)seu.edu.cn> mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() Fangyu Yu <fangyu.yu(a)linux.alibaba.com> RISC-V: KVM: Fix guest page fault within HLV* instructions Haotian Zhang <vulab(a)iscas.ac.cn> crypto: ccree - Correctly handle return of sg_nents_for_len Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: skip test_perf_branches_hw() on unsupported platforms Gopi Krishna Menon <krishnagopi487(a)gmail.com> usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during suspend if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during shutdown if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: disable platform lowlevel hw resources during shutdown Oliver Neukum <oneukum(a)suse.com> usb: chaoskey: fix locking for O_NONBLOCK Zhao Yipeng <zhaoyipeng5(a)huawei.com> ima: Handle error code returned by ima_filter_rule_match() Seungjin Bae <eeodqql09(a)gmail.com> wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Chen Ridong <chenridong(a)huawei.com> cpuset: Treat cpusets in attaching as populated Alexander Dahl <ada(a)thorsis.com> net: phy: adin1100: Fix software power-down ready condition Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6358-irq: Fix missing irq_domain_remove() in error path Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6397-irq: Fix missing irq_domain_remove() in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: bcm2835: Make sure the channel is enabled after pwm_request() Jay Liu <jay.liu(a)mediatek.com> drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Prevent memory leaks in add sub record Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: out1 also needs to put mi Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Pu Lehui <pulehui(a)huawei.com> bpf: Fix invalid prog->stats access when update_effective_progs fails Jose Fernandez <josef(a)netflix.com> bpf: Improve program stats run-time calculation Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD/blocklayout: Fix minlength check in proc_layoutget Haotian Zhang <vulab(a)iscas.ac.cn> watchdog: wdat_wdt: Fix ACPI table leak in probe function Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Check skb->transport_header is set in bpf_skb_check_mtu Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Fix failure paths in send_signal test Rene Rebe <rene(a)exactco.de> ps3disk: use memcpy_{from,to}_bvec index Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Exit ks_pcie_probe() for invalid mode Haotian Zhang <vulab(a)iscas.ac.cn> leds: netxbig: Fix GPIO descriptor leak in error paths Haotian Zhang <vulab(a)iscas.ac.cn> scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls Haotian Zhang <vulab(a)iscas.ac.cn> ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> lib/vsprintf: Check pointer before dereferencing in time_and_date() Haotian Zhang <vulab(a)iscas.ac.cn> clk: renesas: r9a06g032: Fix memory leak in error path Herve Codina <herve.codina(a)bootlin.com> soc: renesas: r9a06g032-sysctrl: Handle h2mode setting based on USBF presence Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Add context synchronization before enabling trace Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Extract the trace unit controlling Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Correct polling IDLE bit Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config unlock in nbd_genl_connect Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() Long Li <leo.lilong(a)huawei.com> macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix unpaired stwcx. on interrupt exit Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Edward Adam Davis <eadavis(a)qq.com> ntfs3: init run lock for extend inode Ma Ke <make24(a)iscas.ac.cn> RDMA/rtrs: server: Fix error handling in get_or_create_srv Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> dt-bindings: PCI: amlogic: Fix the register name of the DBI region Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Fix device resources accessed after device removal Kevin Barnett <kevin.barnett(a)microchip.com> scsi: smartpqi: Add abort handler Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Remove contention for raid_bypass_cnt Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Convert to host_tagset Haotian Zhang <vulab(a)iscas.ac.cn> scsi: stex: Fix reboot_notifier leak in probe error path Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config put in recv_work Gabor Juhos <j4g8y7(a)gmail.com> regulator: core: disable supply if enabling main regulator fails Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Correct large PEBS flag check Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the checking of quota files before moving extents Haotian Zhang <vulab(a)iscas.ac.cn> mfd: da9055: Fix missing regmap_del_irq_chip() in error path Usama Arif <usamaarif642(a)gmail.com> efi/libstub: Fix page table access in 5-level to 4-level paging transition Usama Arif <usamaarif642(a)gmail.com> x86/boot: Fix page table access in 5-level to 4-level paging transition Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix timeout handling Bart Van Assche <bvanassche(a)acm.org> scsi: target: Do not write NUL characters into ASCII configfs output Ahelenia Ziemiańska <nabijaczleweli(a)nabijaczleweli.xyz> power: supply: apm_power: only unset own apm_get_power_status Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: wm831x: Check wm831x_set_bits() return value Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: cw2015: Check devm_delayed_work_autocancel() return code Shuai Xue <xueshuai(a)linux.alibaba.com> perf record: skip synthesize event when open evsel failed Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Prevent incomplete IBI transaction Frank Li <Frank.Li(a)nxp.com> i3c: fix refcount inconsistency in i3c_master_register Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: master: Inherit DMA masks and parameters from parent device Jeremy Kerr <jk(a)codeconstruct.com.au> i3c: Allow OF-alias-based persistent bus numbering Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: stm32: fix hwspinlock resource leak in probe function Haotian Zhang <vulab(a)iscas.ac.cn> soc: qcom: smem: fix hwspinlock resource leak in probe error paths Benjamin Berg <benjamin.berg(a)intel.com> tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Tengda Wu <wutengda(a)huaweicloud.com> x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Kuniyuki Iwashima <kuniyu(a)google.com> sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix PTP for VSC8574 and VSC8572 Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: fix OF node leak in Heiko Carstens <hca(a)linux.ibm.com> s390/ap: Don't leak debug feature files if AP instructions are not available Heiko Carstens <hca(a)linux.ibm.com> s390/smp: Fix fallback CPU detection Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath11k: fix peer HE MCS assignment nieweiqiang <nieweiqiang(a)huawei.com> crypto: hisilicon/qm - restore original qos values Thorsten Blum <thorsten.blum(a)linux.dev> crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Li Qiang <liqiang01(a)kylinos.cn> uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> inet: Avoid ehash lookup race in inet_ehash_insert() Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() Sidharth Seela <sidharthseela(a)gmail.com> ntfs3: Fix uninit buffer allocated by __getname() Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> ntfs3: fix uninit memory after failed mi_read in mi_format_new Johan Hovold <johan(a)kernel.org> irqchip/qcom-irq-combiner: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/imx-mu-msi: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-brcmstb-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7120-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7038-l1: Fix section mismatch Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix weak symbol detection Peter Zijlstra <peterz(a)infradead.org> objtool: Fix find_{symbol,func}_containing() Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback Seungjin Bae <eeodqql09(a)gmail.com> USB: Fix descriptor count when handling invalid MBIM extended descriptor Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/vgem-fence: Fix potential deadlock on release Guido Günther <agx(a)sigxcpu.org> drm/panel: visionox-rm69299: Don't clear all mode flags Mainak Sen <msen(a)nvidia.com> gpu: host1x: Fix race in syncpt alloc/free Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: unprivileged task can create labels Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Linus Torvalds <torvalds(a)linux-foundation.org> samples: work around glibc redefining some of our defines wrong Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mask all interrupts during kexec/kdump Naoki Ueki <naoki25519(a)gmail.com> HID: elecom: Add support for ELECOM M-XT3URBK (018F) Jia Ston <ston.jia(a)outlook.com> platform/x86: huawei-wmi: add keys for HONOR models April Grimoire <april(a)aprilg.moe> HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore backlight event Praveen Talari <praveen.talari(a)oss.qualcomm.com> pinctrl: qcom: msm: Fix deadlock in pinmux configuration Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bfs: Reconstruct file type when loading from disk Lushih Hsieh <bruce(a)mail.kh.edu.tw> ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Yiqi Sun <sunyiqixm(a)gmail.com> smb: fix invalid username check in smb3_fs_context_parse_param() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Use kref in vmw_bo_dirty Robin Gong <yibin.gong(a)nxp.com> spi: imx: keep dma request disabled before dma transfer setup Alvaro Gamez Machado <alvaro.gamez(a)hazent.com> spi: xilinx: increase number of retries before declaring stall Song Liu <song(a)kernel.org> ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer Stefan Kalscheuer <stefan(a)stklcode.de> leds: spi-byte: Use devm_led_classdev_register_ext() Azeem Shaikh <azeemshaikh38(a)gmail.com> leds: Replace all non-returning strlcpy with strscpy Sabrina Dubroca <sd(a)queasysnail.net> xfrm: flush all states in xfrm_state_fini Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> Revert "xfrm: destroy xfrm_state synchronously on net exit path" Sabrina Dubroca <sd(a)queasysnail.net> xfrm: delete x->tunnel as we delete x ------------- Diffstat: .../devicetree/bindings/pci/amlogic,axg-pcie.yaml | 134 +++++++++++ .../devicetree/bindings/pci/amlogic,meson-pcie.txt | 70 ------ Documentation/driver-api/tty/tty_port.rst | 5 +- Documentation/filesystems/mount_api.rst | 1 - Documentation/process/2.Process.rst | 6 +- Makefile | 4 +- arch/arm/boot/dts/sama5d2.dtsi | 10 +- arch/arm/boot/dts/sama7g5.dtsi | 4 +- arch/arm/include/asm/word-at-a-time.h | 10 +- .../boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 - arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 +- arch/arm64/kvm/Makefile | 3 + arch/arm64/net/bpf_jit_comp.c | 2 +- arch/loongarch/include/asm/pgtable.h | 4 +- arch/loongarch/kernel/machine_kexec.c | 24 ++ arch/loongarch/kernel/setup.c | 8 +- arch/loongarch/net/bpf_jit.c | 2 + arch/loongarch/pci/pci.c | 2 + arch/mips/sgi-ip22/ip22-gio.c | 3 +- arch/parisc/kernel/asm-offsets.c | 2 + arch/parisc/kernel/entry.S | 16 +- arch/powerpc/boot/addnote.c | 7 +- arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 +- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/include/asm/kfence.h | 11 +- arch/powerpc/kernel/entry_32.S | 10 +- arch/powerpc/kernel/process.c | 5 - arch/powerpc/kexec/core_64.c | 19 ++ arch/powerpc/mm/book3s32/tlb.c | 9 + arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/radix_pgtable.c | 84 ++++++- arch/powerpc/mm/book3s64/slb.c | 88 ------- arch/powerpc/mm/init-common.c | 3 + arch/powerpc/mm/ptdump/hashpagetable.c | 6 + arch/powerpc/platforms/pseries/cmm.c | 5 +- arch/riscv/kvm/vcpu_insn.c | 22 ++ arch/s390/kernel/smp.c | 1 + arch/x86/boot/compressed/pgtable_64.c | 11 +- arch/x86/crypto/blake2s-core.S | 4 +- arch/x86/entry/common.c | 72 ------ arch/x86/events/amd/core.c | 7 +- arch/x86/events/intel/core.c | 4 +- arch/x86/include/asm/kvm_host.h | 46 ++-- arch/x86/include/asm/ptrace.h | 20 +- arch/x86/kernel/dumpstack.c | 23 +- arch/x86/kvm/lapic.c | 32 ++- arch/x86/kvm/mmu/mmu.c | 5 +- arch/x86/kvm/mmu/mmu_internal.h | 12 +- arch/x86/kvm/mmu/paging_tmpl.h | 4 +- arch/x86/kvm/svm/nested.c | 6 +- arch/x86/kvm/svm/svm.c | 78 +++--- arch/x86/kvm/svm/svm.h | 7 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 61 +++-- arch/x86/mm/pat/memtype.c | 50 ++-- arch/x86/xen/enlighten_pv.c | 69 ++++++ block/blk-mq.c | 103 ++++++-- block/genhd.c | 2 +- crypto/af_alg.c | 5 +- crypto/algif_hash.c | 3 +- crypto/algif_rng.c | 3 +- crypto/asymmetric_keys/asymmetric_type.c | 12 +- crypto/seqiv.c | 8 +- drivers/acpi/acpica/nswalk.c | 9 +- drivers/acpi/apei/ghes.c | 16 +- drivers/acpi/cppc_acpi.c | 3 +- drivers/acpi/processor_core.c | 2 +- drivers/acpi/property.c | 9 +- drivers/amba/tegra-ahb.c | 1 + drivers/base/power/runtime.c | 22 +- drivers/block/floppy.c | 2 +- drivers/block/nbd.c | 5 +- drivers/block/ps3disk.c | 4 + drivers/block/rnbd/rnbd-clt.c | 13 +- drivers/block/rnbd/rnbd-clt.h | 2 +- drivers/bluetooth/btusb.c | 14 +- drivers/bus/ti-sysc.c | 11 +- drivers/char/applicom.c | 5 +- drivers/char/ipmi/ipmi_msghandler.c | 20 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/char/tpm/tpm1-cmd.c | 5 - drivers/char/tpm/tpm2-cmd.c | 8 +- drivers/char/virtio_console.c | 2 +- drivers/clk/mvebu/cp110-system-controller.c | 20 ++ drivers/clk/renesas/r9a06g032-clocks.c | 34 ++- drivers/clk/renesas/renesas-cpg-mssr.c | 11 +- drivers/comedi/comedi_fops.c | 42 +++- drivers/comedi/drivers/c6xdigio.c | 46 +++- drivers/comedi/drivers/multiq3.c | 9 + drivers/comedi/drivers/pcl818.c | 5 +- drivers/cpufreq/cpufreq-nforce2.c | 3 + drivers/cpufreq/s5pv210-cpufreq.c | 6 +- drivers/crypto/ccree/cc_buffer_mgr.c | 6 +- drivers/crypto/hisilicon/qm.c | 14 +- drivers/dma/idxd/init.c | 1 - drivers/firewire/nosy.c | 10 +- drivers/firmware/arm_scmi/notify.c | 1 + drivers/firmware/efi/cper-arm.c | 52 ++-- drivers/firmware/efi/cper.c | 60 +++++ drivers/firmware/efi/libstub/x86-5lvl.c | 4 +- drivers/firmware/imx/imx-scu-irq.c | 8 +- drivers/firmware/stratix10-svc.c | 12 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 44 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 58 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 22 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 61 ++--- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 12 +- drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 17 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 +- drivers/gpu/drm/gma500/framebuffer.c | 42 ---- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 ++- drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 +- drivers/gpu/drm/mediatek/mtk_dp.c | 1 + drivers/gpu/drm/mgag200/mgag200_mode.c | 25 ++ drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 + drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 + drivers/gpu/drm/vgem/vgem_fence.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 +- drivers/gpu/host1x/syncpt.c | 4 +- drivers/hid/hid-apple.c | 1 + drivers/hid/hid-elecom.c | 6 +- drivers/hid/hid-ids.h | 3 +- drivers/hid/hid-input.c | 18 +- drivers/hid/hid-logitech-dj.c | 56 ++--- drivers/hid/hid-quirks.c | 3 +- drivers/hwmon/ibmpex.c | 9 +- drivers/hwmon/max16065.c | 7 +- drivers/hwmon/sy7636a-hwmon.c | 7 +- drivers/hwmon/tmp401.c | 2 +- drivers/hwmon/w83791d.c | 19 +- drivers/hwmon/w83l786ng.c | 26 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 130 ++++++---- drivers/hwtracing/intel_th/core.c | 20 +- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 +- drivers/i3c/master.c | 40 +++- drivers/i3c/master/svc-i3c-master.c | 22 +- drivers/iio/adc/ti_am335x_adc.c | 2 +- drivers/infiniband/core/addr.c | 33 +-- drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/device.c | 5 + drivers/infiniband/core/verbs.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 +- drivers/infiniband/hw/efa/efa_verbs.c | 4 - drivers/infiniband/hw/irdma/ctrl.c | 3 + drivers/infiniband/hw/irdma/pble.c | 6 +- drivers/infiniband/hw/irdma/utils.c | 3 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 + drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 +- drivers/input/serio/i8042-acpipnpio.h | 7 + drivers/input/touchscreen/ti_am335x_tsc.c | 2 +- drivers/interconnect/qcom/msm8996.c | 1 + drivers/iommu/amd/init.c | 43 ++-- drivers/iommu/apple-dart.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 ++- drivers/iommu/arm/arm-smmu/arm-smmu.c | 12 +- drivers/iommu/arm/arm-smmu/qcom_iommu.c | 56 +++-- drivers/iommu/exynos-iommu.c | 9 +- drivers/iommu/ipmmu-vmsa.c | 2 + drivers/iommu/mtk_iommu.c | 78 ++++-- drivers/iommu/mtk_iommu_v1.c | 30 ++- drivers/iommu/omap-iommu.c | 2 +- drivers/iommu/omap-iommu.h | 2 - drivers/iommu/sun50i-iommu.c | 2 + drivers/iommu/tegra-smmu.c | 5 +- drivers/irqchip/irq-bcm7038-l1.c | 8 +- drivers/irqchip/irq-bcm7120-l2.c | 17 +- drivers/irqchip/irq-brcmstb-l2.c | 12 +- drivers/irqchip/irq-imx-mu-msi.c | 14 +- drivers/irqchip/irq-mchp-eic.c | 2 +- drivers/irqchip/qcom-irq-combiner.c | 2 +- drivers/isdn/capi/capi.c | 8 +- drivers/leds/flash/leds-aat1290.c | 2 +- drivers/leds/led-class.c | 2 +- drivers/leds/leds-lp50xx.c | 67 ++++-- drivers/leds/leds-netxbig.c | 36 ++- drivers/leds/leds-spi-byte.c | 11 +- drivers/macintosh/mac_hid.c | 3 +- drivers/md/dm-bufio.c | 10 +- drivers/md/dm-ebs-target.c | 2 +- drivers/md/dm-log-writes.c | 1 + drivers/md/dm-raid.c | 2 + drivers/md/md.c | 16 -- drivers/md/md.h | 17 ++ drivers/md/raid5.c | 6 +- drivers/media/cec/core/cec-core.c | 1 + .../media/common/videobuf2/videobuf2-dma-contig.c | 1 + drivers/media/i2c/adv7604.c | 4 +- drivers/media/i2c/adv7842.c | 11 +- drivers/media/i2c/msp3400-kthreads.c | 2 + drivers/media/i2c/tda1997x.c | 1 - drivers/media/platform/amphion/vpu_malone.c | 35 ++- drivers/media/platform/amphion/vpu_v4l2.c | 28 +-- drivers/media/platform/amphion/vpu_v4l2.h | 18 -- .../platform/mediatek/vcodec/mtk_vcodec_fw_vpu.c | 4 +- drivers/media/platform/renesas/rcar_drif.c | 1 + .../media/platform/samsung/exynos4-is/media-dev.c | 10 +- drivers/media/platform/ti/davinci/vpif_capture.c | 4 +- drivers/media/platform/ti/davinci/vpif_display.c | 4 +- drivers/media/platform/verisilicon/hantro_g2.c | 84 +++++-- .../platform/verisilicon/hantro_g2_hevc_dec.c | 17 +- .../media/platform/verisilicon/hantro_g2_regs.h | 13 + .../media/platform/verisilicon/hantro_g2_vp9_dec.c | 2 - drivers/media/platform/verisilicon/hantro_hw.h | 1 + drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 + drivers/media/rc/st_rc.c | 2 +- drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 + drivers/media/usb/dvb-usb/dtv5100.c | 5 + drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 +- drivers/mfd/altera-sysmgr.c | 2 + drivers/mfd/da9055-core.c | 1 + drivers/mfd/max77620.c | 15 +- drivers/mfd/mt6358-irq.c | 1 + drivers/mfd/mt6397-irq.c | 1 + drivers/misc/vmw_balloon.c | 3 +- drivers/mmc/host/Kconfig | 4 +- drivers/mmc/host/sdhci-msm.c | 27 ++- drivers/mtd/lpddr/lpddr_cmds.c | 8 +- drivers/mtd/nand/raw/renesas-nand-controller.c | 5 +- drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/sja1105/sja1105_static_config.c | 6 +- drivers/net/ethernet/broadcom/b44.c | 3 + drivers/net/ethernet/cadence/macb_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 15 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 20 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 - drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 10 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 4 +- .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 122 ++++++++-- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 10 + .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 2 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 17 +- drivers/net/ethernet/microchip/lan743x_main.c | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/smsc/smc91x.c | 10 +- drivers/net/ethernet/stmicro/stmmac/chain_mode.c | 10 +- drivers/net/ethernet/stmicro/stmmac/common.h | 40 ++-- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 48 ++-- .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 3 +- .../net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 19 +- drivers/net/ethernet/stmicro/stmmac/dwmac100_dma.c | 17 +- drivers/net/ethernet/stmicro/stmmac/dwmac4.h | 101 ++++++-- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 50 ++-- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 16 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 201 +++++++++------- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 92 ++++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 120 ++++++---- drivers/net/ethernet/stmicro/stmmac/dwmac_dma.h | 22 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 30 ++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 9 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_descs.c | 4 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 83 ++++--- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 19 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 172 ++++++++------ drivers/net/ethernet/stmicro/stmmac/norm_desc.c | 15 +- drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 4 + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 118 +++++++-- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 253 +++++++++++++++----- drivers/net/fjes/fjes_hw.c | 12 +- drivers/net/ipvlan/ipvlan_core.c | 3 + drivers/net/mdio/mdio-aspeed.c | 7 + drivers/net/phy/adin1100.c | 2 +- drivers/net/phy/mscc/mscc_main.c | 6 +- drivers/net/team/team.c | 2 +- drivers/net/usb/asix_common.c | 5 + drivers/net/usb/rtl8150.c | 2 + drivers/net/usb/sr9700.c | 4 +- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 7 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 ++ drivers/net/wireless/mediatek/mt76/eeprom.c | 37 ++- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 +- drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 +- drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 ++- drivers/net/wireless/st/cw1200/bh.c | 6 +- drivers/nfc/pn533/usb.c | 2 +- drivers/nvme/host/fc.c | 6 +- drivers/parisc/gsc.c | 4 +- drivers/pci/controller/dwc/pci-keystone.c | 2 + drivers/pci/controller/dwc/pcie-designware.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 10 +- drivers/pci/pci-driver.c | 4 + drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 +- drivers/pinctrl/pinctrl-single.c | 25 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 2 +- drivers/platform/chrome/cros_ec_ishtp.c | 1 + drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/asus-wmi.c | 8 +- drivers/platform/x86/huawei-wmi.c | 4 + drivers/platform/x86/ibm_rtl.c | 2 +- drivers/platform/x86/intel/chtwc_int33fe.c | 29 ++- drivers/platform/x86/intel/hid.c | 12 + drivers/platform/x86/msi-laptop.c | 3 + drivers/power/supply/apm_power.c | 3 +- drivers/power/supply/cw2015_battery.c | 8 +- drivers/power/supply/wm831x_power.c | 10 +- drivers/pwm/pwm-bcm2835.c | 28 +-- drivers/pwm/pwm-stm32.c | 3 +- drivers/regulator/core.c | 37 ++- drivers/remoteproc/qcom_q6v5_wcss.c | 8 +- drivers/rpmsg/qcom_glink_native.c | 8 + drivers/rtc/rtc-gamecube.c | 4 + drivers/s390/block/dasd_eckd.c | 8 + drivers/s390/crypto/ap_bus.c | 8 +- drivers/scsi/aic94xx/aic94xx_init.c | 3 + drivers/scsi/qla2xxx/qla_def.h | 1 - drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 32 +-- drivers/scsi/qla2xxx/qla_mbx.c | 2 + drivers/scsi/qla2xxx/qla_mid.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 14 +- drivers/scsi/sim710.c | 2 + drivers/scsi/smartpqi/smartpqi.h | 19 +- drivers/scsi/smartpqi/smartpqi_init.c | 264 ++++++++++++++++----- drivers/scsi/stex.c | 1 + drivers/soc/actions/owl-sps.c | 16 +- drivers/soc/amlogic/meson-canvas.c | 5 +- drivers/soc/imx/gpc.c | 12 +- drivers/soc/qcom/ocmem.c | 2 +- drivers/soc/qcom/smem.c | 3 +- drivers/soc/rockchip/pm_domains.c | 13 +- drivers/spi/Kconfig | 2 +- drivers/spi/spi-cadence-quadspi.c | 113 ++++++++- drivers/spi/spi-fsl-spi.c | 2 +- drivers/spi/spi-imx.c | 15 +- drivers/spi/spi-tegra210-quad.c | 22 +- drivers/spi/spi-xilinx.c | 2 +- drivers/staging/fbtft/fbtft-core.c | 4 +- drivers/staging/greybus/uart.c | 7 +- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 +- drivers/target/target_core_configfs.c | 1 - drivers/target/target_core_transport.c | 1 + drivers/tty/serial/8250/8250_pci.c | 37 +++ drivers/tty/serial/atmel_serial.c | 5 +- drivers/tty/serial/clps711x.c | 4 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 5 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/lantiq.c | 4 +- drivers/tty/serial/serial_core.c | 13 +- drivers/tty/serial/sprd_serial.c | 6 + drivers/tty/serial/st-asc.c | 4 +- drivers/tty/serial/uartlite.c | 12 +- drivers/tty/serial/xilinx_uartps.c | 5 +- drivers/tty/tty_port.c | 17 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/uio/uio_fsl_elbc_gpcm.c | 7 + drivers/usb/class/cdc-acm.c | 7 +- drivers/usb/core/message.c | 2 +- drivers/usb/dwc2/platform.c | 16 +- drivers/usb/dwc3/dwc3-of-simple.c | 7 +- drivers/usb/dwc3/gadget.c | 2 +- drivers/usb/dwc3/host.c | 2 +- drivers/usb/gadget/legacy/raw_gadget.c | 3 + drivers/usb/gadget/udc/lpc32xx_udc.c | 20 +- drivers/usb/gadget/udc/tegra-xudc.c | 6 - drivers/usb/host/ohci-nxp.c | 20 +- drivers/usb/host/xhci-dbgtty.c | 2 +- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/host/xhci-mem.c | 10 +- drivers/usb/host/xhci-ring.c | 8 +- drivers/usb/host/xhci.h | 16 +- drivers/usb/misc/chaoskey.c | 16 +- drivers/usb/phy/phy-fsl-usb.c | 1 + drivers/usb/phy/phy-isp1301.c | 7 +- drivers/usb/phy/phy.c | 4 + drivers/usb/renesas_usbhs/pipe.c | 2 + drivers/usb/serial/belkin_sa.c | 28 ++- drivers/usb/serial/ftdi_sio.c | 72 ++---- drivers/usb/serial/kobil_sct.c | 18 +- drivers/usb/serial/option.c | 22 +- drivers/usb/serial/usb-serial.c | 7 +- drivers/usb/storage/unusual_uas.h | 2 +- drivers/usb/typec/ucsi/ucsi.c | 6 + drivers/usb/usbip/vhci_hcd.c | 6 +- drivers/vhost/vsock.c | 15 +- drivers/video/backlight/led_bl.c | 18 +- drivers/video/fbdev/gbefb.c | 5 +- drivers/video/fbdev/pxafb.c | 12 +- drivers/video/fbdev/ssd1307fb.c | 4 +- drivers/video/fbdev/tcx.c | 2 +- drivers/virtio/virtio_balloon.c | 4 +- drivers/virtio/virtio_vdpa.c | 2 +- drivers/watchdog/via_wdt.c | 1 + drivers/watchdog/wdat_wdt.c | 64 +++-- fs/bfs/inode.c | 19 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/scrub.c | 5 + fs/btrfs/tree-log.c | 46 +++- fs/btrfs/volumes.c | 1 + fs/exfat/super.c | 19 +- fs/ext4/ext4.h | 1 + fs/ext4/ialloc.c | 1 - fs/ext4/inline.c | 14 +- fs/ext4/inode.c | 1 - fs/ext4/mballoc.c | 58 +++-- fs/ext4/move_extent.c | 2 +- fs/ext4/orphan.c | 4 +- fs/ext4/super.c | 70 ++++-- fs/ext4/xattr.c | 6 +- fs/f2fs/data.c | 17 ++ fs/f2fs/debug.c | 3 + fs/f2fs/f2fs.h | 34 +-- fs/f2fs/file.c | 89 +++++-- fs/f2fs/inode.c | 20 +- fs/f2fs/namei.c | 6 +- fs/f2fs/recovery.c | 12 +- fs/f2fs/super.c | 56 +++-- fs/f2fs/xattr.c | 30 +-- fs/f2fs/xattr.h | 10 +- fs/fscache/main.c | 1 + fs/fuse/file.c | 26 +- fs/gfs2/lops.c | 2 +- fs/gfs2/super.c | 4 +- fs/hfsplus/bnode.c | 4 +- fs/hfsplus/dir.c | 7 +- fs/hfsplus/inode.c | 32 ++- fs/jbd2/journal.c | 14 ++ fs/jbd2/transaction.c | 21 +- fs/lockd/svc4proc.c | 4 +- fs/lockd/svclock.c | 21 +- fs/lockd/svcproc.c | 5 +- fs/locks.c | 13 +- fs/nfs/client.c | 21 +- fs/nfs/dir.c | 27 ++- fs/nfs/inode.c | 2 +- fs/nfs/internal.h | 3 +- fs/nfs/namespace.c | 11 +- fs/nfs/nfs4client.c | 18 +- fs/nfs/pnfs.c | 1 + fs/nfs/super.c | 36 +-- fs/nfsd/blocklayout.c | 7 +- fs/nfsd/export.c | 2 +- fs/nfsd/nfs4state.c | 4 +- fs/nfsd/nfs4xdr.c | 5 + fs/nfsd/vfs.c | 2 +- fs/nls/nls_base.c | 27 ++- fs/notify/fsnotify.c | 9 +- fs/ntfs3/frecord.c | 43 +++- fs/ntfs3/fsntfs.c | 9 +- fs/ntfs3/inode.c | 2 + fs/ntfs3/ntfs_fs.h | 9 +- fs/ntfs3/run.c | 6 +- fs/ocfs2/alloc.c | 1 - fs/ocfs2/move_extents.c | 8 +- fs/ocfs2/suballoc.c | 10 + fs/smb/client/fs_context.c | 2 +- fs/smb/server/mgmt/tree_connect.c | 18 +- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/mgmt/user_session.c | 4 +- fs/smb/server/smb2pdu.c | 16 +- fs/smb/server/smbacl.c | 16 ++ fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 5 +- fs/xfs/xfs_buf_item.c | 1 + include/linux/balloon_compaction.h | 43 ++-- include/linux/blk_types.h | 5 +- include/linux/compiler_types.h | 13 + include/linux/cper.h | 12 +- include/linux/filter.h | 16 +- include/linux/fs_context.h | 1 - include/linux/genalloc.h | 1 + include/linux/hugetlb.h | 4 +- include/linux/ieee80211.h | 4 +- include/linux/if_bridge.h | 6 +- include/linux/kasan.h | 15 ++ include/linux/mlx5/driver.h | 1 + include/linux/mm.h | 12 +- include/linux/nfs_fs_sb.h | 7 +- include/linux/nfs_xdr.h | 54 ++--- include/linux/pgtable.h | 34 ++- include/linux/platform_data/lp855x.h | 4 +- include/linux/rculist_nulls.h | 59 +++++ include/linux/reset.h | 1 + include/linux/sched/isolation.h | 12 + include/linux/sched/topology.h | 3 + include/linux/security.h | 2 +- include/linux/serial_core.h | 2 +- include/linux/stmmac.h | 20 ++ include/linux/tpm.h | 8 +- include/linux/tty_port.h | 21 +- include/linux/virtio_config.h | 4 +- include/media/v4l2-mem2mem.h | 3 +- include/net/cfg80211.h | 70 +++++- include/net/mac80211.h | 73 +++++- include/net/netfilter/nf_conntrack_count.h | 15 +- include/net/sock.h | 13 + include/net/xfrm.h | 13 +- include/sound/snd_wavefront.h | 4 - include/uapi/linux/mptcp.h | 1 + include/uapi/linux/nl80211.h | 49 ++++ include/uapi/sound/asound.h | 2 +- io_uring/openclose.c | 2 +- io_uring/poll.c | 9 +- kernel/bpf/syscall.c | 3 + kernel/bpf/trampoline.c | 3 +- kernel/cgroup/cpuset.c | 35 ++- kernel/dma/pool.c | 2 +- kernel/fork.c | 5 + kernel/kallsyms.c | 5 +- kernel/livepatch/core.c | 8 +- kernel/locking/spinlock_debug.c | 4 +- kernel/resource.c | 95 ++++---- kernel/sched/core.c | 3 + kernel/sched/cpudeadline.c | 34 +-- kernel/sched/cpudeadline.h | 4 +- kernel/sched/deadline.c | 8 +- kernel/sched/fair.c | 75 ++++-- kernel/sched/features.h | 5 + kernel/sched/sched.h | 7 + kernel/sched/topology.c | 6 + kernel/scs.c | 2 +- kernel/trace/ftrace.c | 40 +++- kernel/trace/trace_events.c | 2 + lib/idr.c | 2 + lib/vsprintf.c | 6 +- mm/balloon_compaction.c | 9 +- mm/damon/core-test.h | 88 ++++++- mm/damon/vaddr-test.h | 26 +- mm/hugetlb.c | 4 +- mm/kasan/common.c | 17 ++ mm/memory.c | 10 +- mm/mempolicy.c | 2 +- mm/mprotect.c | 125 +++++----- mm/mremap.c | 2 +- mm/vmalloc.c | 4 +- net/bluetooth/rfcomm/tty.c | 7 +- net/bridge/br_ioctl.c | 36 ++- net/bridge/br_private.h | 4 +- net/caif/cffrml.c | 9 +- net/ceph/osdmap.c | 116 ++++----- net/core/dev_ioctl.c | 16 -- net/core/filter.c | 9 +- net/core/page_pool.c | 27 ++- net/ethtool/ioctl.c | 134 +++++++---- net/hsr/hsr_forward.c | 2 + net/ipv4/fib_trie.c | 7 +- net/ipv4/inet_hashtables.c | 8 +- net/ipv4/ipcomp.c | 2 + net/ipv6/calipso.c | 3 +- net/ipv6/ip6_gre.c | 9 +- net/ipv6/ipcomp6.c | 2 + net/ipv6/xfrm6_tunnel.c | 2 +- net/key/af_key.c | 2 +- net/mac80211/cfg.c | 70 +++++- net/mac80211/chan.c | 2 +- net/mac80211/ieee80211_i.h | 27 ++- net/mac80211/mlme.c | 163 ++++++++++++- net/mac80211/rx.c | 5 + net/mac80211/tx.c | 146 +++++++++++- net/mptcp/options.c | 10 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 16 +- net/mptcp/protocol.h | 5 +- net/mptcp/subflow.c | 9 - net/netfilter/ipvs/ip_vs_xmit.c | 3 + net/netfilter/nf_conncount.c | 208 ++++++++++------ net/netfilter/nft_connlimit.c | 34 ++- net/netfilter/nft_flow_offload.c | 9 +- net/netfilter/xt_connlimit.c | 14 +- net/netrom/nr_out.c | 4 +- net/nfc/core.c | 9 +- net/openvswitch/conntrack.c | 16 +- net/openvswitch/flow_netlink.c | 13 +- net/openvswitch/vport-netdev.c | 17 +- net/rose/af_rose.c | 2 +- net/sched/sch_cake.c | 60 ++--- net/sched/sch_ets.c | 6 +- net/sctp/socket.c | 5 +- net/socket.c | 19 +- net/sunrpc/auth_gss/svcauth_gss.c | 3 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 +- net/wireless/chan.c | 69 ++++++ net/wireless/core.h | 5 +- net/wireless/nl80211.c | 162 ++++++++++++- net/wireless/nl80211.h | 3 +- net/wireless/rdev-ops.h | 17 ++ net/wireless/sme.c | 14 +- net/wireless/trace.h | 25 ++ net/wireless/util.c | 4 +- net/xfrm/xfrm_ipcomp.c | 1 - net/xfrm/xfrm_state.c | 41 ++-- net/xfrm/xfrm_user.c | 2 +- samples/vfs/test-statx.c | 6 + samples/watch_queue/watch_test.c | 6 + scripts/Makefile.modinst | 4 +- security/integrity/ima/ima_policy.c | 2 +- security/keys/trusted-keys/trusted_tpm2.c | 6 +- security/smack/smack_lsm.c | 41 ++-- sound/firewire/dice/dice-extension.c | 4 +- sound/firewire/motu/motu-hwdep.c | 7 +- sound/isa/wavefront/wavefront.c | 61 ++--- sound/isa/wavefront/wavefront_fx.c | 36 +-- sound/isa/wavefront/wavefront_midi.c | 146 +++++------- sound/isa/wavefront/wavefront_synth.c | 216 ++++++++--------- sound/pci/hda/cs35l41_hda.c | 2 + sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 +- sound/pcmcia/vx/vxpocket.c | 8 +- sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 +- sound/soc/codecs/ak4458.c | 10 +- sound/soc/codecs/ak5558.c | 10 +- sound/soc/fsl/fsl_xcvr.c | 197 +++++++++++---- sound/soc/fsl/fsl_xcvr.h | 28 +++ sound/soc/intel/catpt/pcm.c | 4 +- sound/soc/qcom/qdsp6/q6adm.c | 146 ++++++------ sound/soc/qcom/qdsp6/q6apm-dai.c | 2 + sound/soc/qcom/qdsp6/q6asm-dai.c | 7 +- sound/soc/stm/stm32_sai.c | 14 +- sound/soc/stm/stm32_sai_sub.c | 58 +++-- sound/usb/mixer_us16x08.c | 20 +- sound/usb/quirks.c | 6 + tools/include/linux/interval_tree_generic.h | 187 +++++++++++++++ tools/include/nolibc/stdio.h | 4 + tools/objtool/elf.c | 101 ++++---- tools/objtool/include/objtool/elf.h | 3 +- tools/perf/builtin-record.c | 2 +- tools/perf/util/symbol.c | 4 +- tools/testing/ktest/config-bisect.pl | 4 +- tools/testing/nvdimm/test/nfit.c | 7 +- tools/testing/radix-tree/idr-test.c | 21 ++ .../selftests/bpf/prog_tests/perf_branches.c | 22 +- .../testing/selftests/bpf/prog_tests/send_signal.c | 5 + .../selftests/bpf/progs/test_perf_branches.c | 3 + .../test.d/ftrace/func_traceonoff_triggers.tc | 5 +- tools/testing/selftests/net/tap.c | 16 +- 660 files changed, 8151 insertions(+), 4082 deletions(-)

1 day, 14 hours

7
6
0 0

[PATCH v5.10-v5.15] blk-throttle: Set BIO_THROTTLED when bio has been throttled

by Keerthana K

From: Laibin Qiu <qiulaibin(a)huawei.com> [ Upstream commit 5a011f889b4832aa80c2a872a5aade5c48d2756f ] 1.In current process, all bio will set the BIO_THROTTLED flag after __blk_throtl_bio(). 2.If bio needs to be throttled, it will start the timer and stop submit bio directly. Bio will submit in blk_throtl_dispatch_work_fn() when the timer expires.But in the current process, if bio is throttled. The BIO_THROTTLED will be set to bio after timer start. If the bio has been completed, it may cause use-after-free blow. BUG: KASAN: use-after-free in blk_throtl_bio+0x12f0/0x2c70 Read of size 2 at addr ffff88801b8902d4 by task fio/26380 dump_stack+0x9b/0xce print_address_description.constprop.6+0x3e/0x60 kasan_report.cold.9+0x22/0x3a blk_throtl_bio+0x12f0/0x2c70 submit_bio_checks+0x701/0x1550 submit_bio_noacct+0x83/0xc80 submit_bio+0xa7/0x330 mpage_readahead+0x380/0x500 read_pages+0x1c1/0xbf0 page_cache_ra_unbounded+0x471/0x6f0 do_page_cache_ra+0xda/0x110 ondemand_readahead+0x442/0xae0 page_cache_async_ra+0x210/0x300 generic_file_buffered_read+0x4d9/0x2130 generic_file_read_iter+0x315/0x490 blkdev_read_iter+0x113/0x1b0 aio_read+0x2ad/0x450 io_submit_one+0xc8e/0x1d60 __se_sys_io_submit+0x125/0x350 do_syscall_64+0x2d/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Allocated by task 26380: kasan_save_stack+0x19/0x40 __kasan_kmalloc.constprop.2+0xc1/0xd0 kmem_cache_alloc+0x146/0x440 mempool_alloc+0x125/0x2f0 bio_alloc_bioset+0x353/0x590 mpage_alloc+0x3b/0x240 do_mpage_readpage+0xddf/0x1ef0 mpage_readahead+0x264/0x500 read_pages+0x1c1/0xbf0 page_cache_ra_unbounded+0x471/0x6f0 do_page_cache_ra+0xda/0x110 ondemand_readahead+0x442/0xae0 page_cache_async_ra+0x210/0x300 generic_file_buffered_read+0x4d9/0x2130 generic_file_read_iter+0x315/0x490 blkdev_read_iter+0x113/0x1b0 aio_read+0x2ad/0x450 io_submit_one+0xc8e/0x1d60 __se_sys_io_submit+0x125/0x350 do_syscall_64+0x2d/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 0: kasan_save_stack+0x19/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x1b/0x30 __kasan_slab_free+0x111/0x160 kmem_cache_free+0x94/0x460 mempool_free+0xd6/0x320 bio_free+0xe0/0x130 bio_put+0xab/0xe0 bio_endio+0x3a6/0x5d0 blk_update_request+0x590/0x1370 scsi_end_request+0x7d/0x400 scsi_io_completion+0x1aa/0xe50 scsi_softirq_done+0x11b/0x240 blk_mq_complete_request+0xd4/0x120 scsi_mq_done+0xf0/0x200 virtscsi_vq_done+0xbc/0x150 vring_interrupt+0x179/0x390 __handle_irq_event_percpu+0xf7/0x490 handle_irq_event_percpu+0x7b/0x160 handle_irq_event+0xcc/0x170 handle_edge_irq+0x215/0xb20 common_interrupt+0x60/0x120 asm_common_interrupt+0x1e/0x40 Fix this by move BIO_THROTTLED set into the queue_lock. Signed-off-by: Laibin Qiu <qiulaibin(a)huawei.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20220301123919.2381579-1-qiulaibin@huawei.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [ Keerthana: Remove 'out' and handle return with reference to commit 81c7a63 ] Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- block/blk-throttle.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/block/blk-throttle.c b/block/blk-throttle.c index 4bf514a7b..4d3436cd6 100644 --- a/block/blk-throttle.c +++ b/block/blk-throttle.c @@ -2216,8 +2216,10 @@ bool blk_throtl_bio(struct bio *bio) rcu_read_lock(); /* see throtl_charge_bio() */ - if (bio_flagged(bio, BIO_THROTTLED)) - goto out; + if (bio_flagged(bio, BIO_THROTTLED)) { + rcu_read_unlock(); + return false; + } if (!cgroup_subsys_on_dfl(io_cgrp_subsys)) { blkg_rwstat_add(&tg->stat_bytes, bio->bi_opf, @@ -2225,8 +2227,10 @@ bool blk_throtl_bio(struct bio *bio) blkg_rwstat_add(&tg->stat_ios, bio->bi_opf, 1); } - if (!tg->has_rules[rw]) - goto out; + if (!tg->has_rules[rw]) { + rcu_read_unlock(); + return false; + } spin_lock_irq(&q->queue_lock); @@ -2310,14 +2314,14 @@ bool blk_throtl_bio(struct bio *bio) } out_unlock: - spin_unlock_irq(&q->queue_lock); -out: bio_set_flag(bio, BIO_THROTTLED); #ifdef CONFIG_BLK_DEV_THROTTLING_LOW if (throttled || !td->track_bio_latency) bio->bi_issue.value |= BIO_ISSUE_THROTL_SKIP_LATENCY; #endif + spin_unlock_irq(&q->queue_lock); + rcu_read_unlock(); return throttled; } -- 2.40.4

1 day, 15 hours

1
0
0 0

[PATCH 6.6-stable] x86/microcode/AMD: Select which microcode patch to load

by Borislav Petkov

From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Commit 8d171045069c804e5ffaa18be590c42c6af0cf3f upstream. All microcode patches up to the proper BIOS Entrysign fix are loaded only after the sha256 signature carried in the driver has been verified. Microcode patches after the Entrysign fix has been applied, do not need that signature verification anymore. In order to not abandon machines which haven't received the BIOS update yet, add the capability to select which microcode patch to load. The corresponding microcode container supplied through firmware-linux has been modified to carry two patches per CPU type (family/model/stepping) so that the proper one gets selected. Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Waiman Long <longman(a)redhat.com> Link: https://patch.msgid.link/20251027133818.4363-1-bp@kernel.org --- arch/x86/kernel/cpu/microcode/amd.c | 104 ++++++++++++++++++---------- 1 file changed, 67 insertions(+), 37 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 9952c774eaa6..82ca8278219e 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -176,50 +176,61 @@ static u32 cpuid_to_ucode_rev(unsigned int val) return p.ucode_rev; } +static u32 get_cutoff_revision(u32 rev) +{ + switch (rev >> 8) { + case 0x80012: return 0x8001277; break; + case 0x80082: return 0x800820f; break; + case 0x83010: return 0x830107c; break; + case 0x86001: return 0x860010e; break; + case 0x86081: return 0x8608108; break; + case 0x87010: return 0x8701034; break; + case 0x8a000: return 0x8a0000a; break; + case 0xa0010: return 0xa00107a; break; + case 0xa0011: return 0xa0011da; break; + case 0xa0012: return 0xa001243; break; + case 0xa0082: return 0xa00820e; break; + case 0xa1011: return 0xa101153; break; + case 0xa1012: return 0xa10124e; break; + case 0xa1081: return 0xa108109; break; + case 0xa2010: return 0xa20102f; break; + case 0xa2012: return 0xa201212; break; + case 0xa4041: return 0xa404109; break; + case 0xa5000: return 0xa500013; break; + case 0xa6012: return 0xa60120a; break; + case 0xa7041: return 0xa704109; break; + case 0xa7052: return 0xa705208; break; + case 0xa7080: return 0xa708009; break; + case 0xa70c0: return 0xa70C009; break; + case 0xaa001: return 0xaa00116; break; + case 0xaa002: return 0xaa00218; break; + case 0xb0021: return 0xb002146; break; + case 0xb0081: return 0xb008111; break; + case 0xb1010: return 0xb101046; break; + case 0xb2040: return 0xb204031; break; + case 0xb4040: return 0xb404031; break; + case 0xb4041: return 0xb404101; break; + case 0xb6000: return 0xb600031; break; + case 0xb6080: return 0xb608031; break; + case 0xb7000: return 0xb700031; break; + default: break; + + } + return 0; +} + static bool need_sha_check(u32 cur_rev) { + u32 cutoff; + if (!cur_rev) { cur_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax); pr_info_once("No current revision, generating the lowest one: 0x%x\n", cur_rev); } - switch (cur_rev >> 8) { - case 0x80012: return cur_rev <= 0x8001277; break; - case 0x80082: return cur_rev <= 0x800820f; break; - case 0x83010: return cur_rev <= 0x830107c; break; - case 0x86001: return cur_rev <= 0x860010e; break; - case 0x86081: return cur_rev <= 0x8608108; break; - case 0x87010: return cur_rev <= 0x8701034; break; - case 0x8a000: return cur_rev <= 0x8a0000a; break; - case 0xa0010: return cur_rev <= 0xa00107a; break; - case 0xa0011: return cur_rev <= 0xa0011da; break; - case 0xa0012: return cur_rev <= 0xa001243; break; - case 0xa0082: return cur_rev <= 0xa00820e; break; - case 0xa1011: return cur_rev <= 0xa101153; break; - case 0xa1012: return cur_rev <= 0xa10124e; break; - case 0xa1081: return cur_rev <= 0xa108109; break; - case 0xa2010: return cur_rev <= 0xa20102f; break; - case 0xa2012: return cur_rev <= 0xa201212; break; - case 0xa4041: return cur_rev <= 0xa404109; break; - case 0xa5000: return cur_rev <= 0xa500013; break; - case 0xa6012: return cur_rev <= 0xa60120a; break; - case 0xa7041: return cur_rev <= 0xa704109; break; - case 0xa7052: return cur_rev <= 0xa705208; break; - case 0xa7080: return cur_rev <= 0xa708009; break; - case 0xa70c0: return cur_rev <= 0xa70C009; break; - case 0xaa001: return cur_rev <= 0xaa00116; break; - case 0xaa002: return cur_rev <= 0xaa00218; break; - case 0xb0021: return cur_rev <= 0xb002146; break; - case 0xb0081: return cur_rev <= 0xb008111; break; - case 0xb1010: return cur_rev <= 0xb101046; break; - case 0xb2040: return cur_rev <= 0xb204031; break; - case 0xb4040: return cur_rev <= 0xb404031; break; - case 0xb4041: return cur_rev <= 0xb404101; break; - case 0xb6000: return cur_rev <= 0xb600031; break; - case 0xb6080: return cur_rev <= 0xb608031; break; - case 0xb7000: return cur_rev <= 0xb700031; break; - default: break; - } + cutoff = get_cutoff_revision(cur_rev); + if (cutoff) + return cur_rev <= cutoff; pr_info("You should not be seeing this. Please send the following couple of lines to x86-<at>-kernel.org\n"); pr_info("CPUID(1).EAX: 0x%x, current revision: 0x%x\n", bsp_cpuid_1_eax, cur_rev); @@ -473,6 +484,7 @@ static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size) { u8 family = x86_family(bsp_cpuid_1_eax); struct microcode_header_amd *mc_hdr; + u32 cur_rev, cutoff, patch_rev; u32 sh_psize; u16 proc_id; u8 patch_fam; @@ -514,6 +526,24 @@ static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size) if (patch_fam != family) return 1; + cur_rev = get_patch_level(); + + /* No cutoff revision means old/unaffected by signing algorithm weakness => matches */ + cutoff = get_cutoff_revision(cur_rev); + if (!cutoff) + goto ok; + + patch_rev = mc_hdr->patch_id; + + if (cur_rev <= cutoff && patch_rev <= cutoff) + goto ok; + + if (cur_rev > cutoff && patch_rev > cutoff) + goto ok; + + return 1; +ok: + return 0; } -- 2.51.0

1 day, 15 hours

1
0
0 0

[PATCH v6.6.y 0/2] Backport fixes for CVE-2025-40149

by Keerthana K

Following commit is a pre-requisite for the commit c65f27b9c - 1dbf1d590 (net: Add locking to protect skb->dev access in ip_output) Kuniyuki Iwashima (1): tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Sharath Chandra Vurukala (1): net: Add locking to protect skb->dev access in ip_output include/net/dst.h | 12 ++++++++++++ net/ipv4/ip_output.c | 17 ++++++++++++----- net/tls/tls_device.c | 17 ++++++++++------- 3 files changed, 34 insertions(+), 12 deletions(-) -- 2.43.7

1 day, 15 hours

2
4
0 0

FAILED: patch "[PATCH] NFSD: NFSv4 file creation neglects setting ACL" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 913f7cf77bf14c13cfea70e89bcb6d0b22239562 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025122941-civic-revered-b250@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 913f7cf77bf14c13cfea70e89bcb6d0b22239562 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Tue, 18 Nov 2025 19:51:19 -0500 Subject: [PATCH] NFSD: NFSv4 file creation neglects setting ACL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL (based on the mode bits) and not the ACL that was requested during file creation. This violates RFC 8881 section 6.4.1.3: "the ACL attribute is set as given". The issue occurs in nfsd_create_setattr(), which calls nfsd_attrs_valid() to determine whether to call nfsd_setattr(). However, nfsd_attrs_valid() checks only for iattr changes and security labels, but not POSIX ACLs. When only an ACL is present, the function returns false, nfsd_setattr() is skipped, and the POSIX ACL is never applied to the inode. Subsequently, when the client retrieves the ACL, the server finds no POSIX ACL on the inode and returns one generated from the file's mode bits rather than returning the originally-specified ACL. Reported-by: Aurélien Couderc <aurelien.couderc2002(a)gmail.com> Fixes: c0cbe70742f4 ("NFSD: add posix ACLs to struct nfsd_attrs") Cc: Roland Mainz <roland.mainz(a)nrubsig.org> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h index fa46f8b5f132..1dd3ae3ceb3a 100644 --- a/fs/nfsd/vfs.h +++ b/fs/nfsd/vfs.h @@ -67,7 +67,8 @@ static inline bool nfsd_attrs_valid(struct nfsd_attrs *attrs) struct iattr *iap = attrs->na_iattr; return (iap->ia_valid || (attrs->na_seclabel && - attrs->na_seclabel->len)); + attrs->na_seclabel->len) || + attrs->na_pacl || attrs->na_dpacl); } __be32 nfserrno (int errno);

1 day, 15 hours

3
23
0 0

FAILED: patch "[PATCH] pinctrl: qcom: lpass-lpi: mark the GPIO controller as" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ebc18e9854e5a2b62a041fb57b216a903af45b85 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011236-imaginary-sweep-d796@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ebc18e9854e5a2b62a041fb57b216a903af45b85 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <brgl(a)kernel.org> Date: Wed, 26 Nov 2025 13:22:19 +0100 Subject: [PATCH] pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping The gpio_chip settings in this driver say the controller can't sleep but it actually uses a mutex for synchronization. This triggers the following BUG(): [ 9.233659] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:281 [ 9.233665] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 554, name: (udev-worker) [ 9.233669] preempt_count: 1, expected: 0 [ 9.233673] RCU nest depth: 0, expected: 0 [ 9.233688] Tainted: [W]=WARN [ 9.233690] Hardware name: Dell Inc. Latitude 7455/0FK7MX, BIOS 2.10.1 05/20/2025 [ 9.233694] Call trace: [ 9.233696] show_stack+0x24/0x38 (C) [ 9.233709] dump_stack_lvl+0x40/0x88 [ 9.233716] dump_stack+0x18/0x24 [ 9.233722] __might_resched+0x148/0x160 [ 9.233731] __might_sleep+0x38/0x98 [ 9.233736] mutex_lock+0x30/0xd8 [ 9.233749] lpi_config_set+0x2e8/0x3c8 [pinctrl_lpass_lpi] [ 9.233757] lpi_gpio_direction_output+0x58/0x90 [pinctrl_lpass_lpi] [ 9.233761] gpiod_direction_output_raw_commit+0x110/0x428 [ 9.233772] gpiod_direction_output_nonotify+0x234/0x358 [ 9.233779] gpiod_direction_output+0x38/0xd0 [ 9.233786] gpio_shared_proxy_direction_output+0xb8/0x2a8 [gpio_shared_proxy] [ 9.233792] gpiod_direction_output_raw_commit+0x110/0x428 [ 9.233799] gpiod_direction_output_nonotify+0x234/0x358 [ 9.233806] gpiod_configure_flags+0x2c0/0x580 [ 9.233812] gpiod_find_and_request+0x358/0x4f8 [ 9.233819] gpiod_get_index+0x7c/0x98 [ 9.233826] devm_gpiod_get+0x34/0xb0 [ 9.233829] reset_gpio_probe+0x58/0x128 [reset_gpio] [ 9.233836] auxiliary_bus_probe+0xb0/0xf0 [ 9.233845] really_probe+0x14c/0x450 [ 9.233853] __driver_probe_device+0xb0/0x188 [ 9.233858] driver_probe_device+0x4c/0x250 [ 9.233863] __driver_attach+0xf8/0x2a0 [ 9.233868] bus_for_each_dev+0xf8/0x158 [ 9.233872] driver_attach+0x30/0x48 [ 9.233876] bus_add_driver+0x158/0x2b8 [ 9.233880] driver_register+0x74/0x118 [ 9.233886] __auxiliary_driver_register+0x94/0xe8 [ 9.233893] init_module+0x34/0xfd0 [reset_gpio] [ 9.233898] do_one_initcall+0xec/0x300 [ 9.233903] do_init_module+0x64/0x260 [ 9.233910] load_module+0x16c4/0x1900 [ 9.233915] __arm64_sys_finit_module+0x24c/0x378 [ 9.233919] invoke_syscall+0x4c/0xe8 [ 9.233925] el0_svc_common+0x8c/0xf0 [ 9.233929] do_el0_svc+0x28/0x40 [ 9.233934] el0_svc+0x38/0x100 [ 9.233938] el0t_64_sync_handler+0x84/0x130 [ 9.233943] el0t_64_sync+0x17c/0x180 Mark the controller as sleeping. Fixes: 6e261d1090d6 ("pinctrl: qcom: Add sm8250 lpass lpi pinctrl driver") Cc: stable(a)vger.kernel.org Reported-by: Val Packett <val(a)packett.cool> Closes: https://lore.kernel.org/all/98c0f185-b0e0-49ea-896c-f3972dd011ca@packett.co… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Linus Walleij <linusw(a)kernel.org> diff --git a/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c b/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c index 1c97ec44aa5f..78212f992843 100644 --- a/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c +++ b/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c @@ -498,7 +498,7 @@ int lpi_pinctrl_probe(struct platform_device *pdev) pctrl->chip.base = -1; pctrl->chip.ngpio = data->npins; pctrl->chip.label = dev_name(dev); - pctrl->chip.can_sleep = false; + pctrl->chip.can_sleep = true; mutex_init(&pctrl->lock);

1 day, 15 hours

3
2
0 0

[PATCH AUTOSEL 6.18-6.17] ALSA: hda/realtek: Add support for ASUS UM3406GA

by Sasha Levin

From: Stefan Binding <sbinding(a)opensource.cirrus.com> [ Upstream commit 826c0b1ed09e5335abcae07292440ce72346e578 ] Laptops use 2 CS35L41 Amps with HDA, using External boost, with I2C Signed-off-by: Stefan Binding <sbinding(a)opensource.cirrus.com> Link: https://patch.msgid.link/20251205150614.49590-3-sbinding@opensource.cirrus.… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## Commit Analysis: ALSA: hda/realtek: Add support for ASUS UM3406GA ### 1. COMMIT MESSAGE ANALYSIS The commit message is straightforward: it adds support for a specific ASUS laptop model (UM3406GA) that uses 2 CS35L41 amplifiers connected via I2C with external boost. The message describes the hardware configuration, which is standard for such device ID additions. No Fixes: or Cc: stable tags are present, but as noted, this is expected for commits requiring manual review. ### 2. CODE CHANGE ANALYSIS The entire change is a single line addition: ```c SND_PCI_QUIRK(0x1043, 0x1584, "ASUS UM3406GA ", ALC287_FIXUP_CS35L41_I2C_2), ``` This adds: - Vendor ID: 0x1043 (ASUS) - Device/Subsystem ID: 0x1584 (ASUS UM3406GA) - Fixup: `ALC287_FIXUP_CS35L41_I2C_2` (an **existing** fixup already used by many other ASUS models) Looking at the surrounding code, multiple other ASUS laptops use the same fixup: - ASUS PM3406CKA (0x1454) - ASUS G513PI/PU/PV (0x14e3) - ASUS G733PY/PZ/PZV/PYV (0x1503) - ASUS GV302XA/XJ/XQ/XU/XV/XI (0x1533) - ASUS UM3402YAR (0x1683) ### 3. CLASSIFICATION This is a **NEW DEVICE ID** addition - explicitly listed as an exception that IS appropriate for stable backporting. The driver infrastructure and fixup code already exist; this merely adds an ID to enable the existing fix for new hardware. ### 4. SCOPE AND RISK ASSESSMENT - **Lines changed**: 1 line - **Files touched**: 1 file - **Complexity**: Zero - table entry addition only - **Risk**: Extremely low - this cannot affect any other hardware - **No new code paths**: Uses pre-existing `ALC287_FIXUP_CS35L41_I2C_2` fixup ### 5. USER IMPACT - **Who is affected**: Owners of ASUS UM3406GA laptops - **Problem without fix**: Audio (specifically the CS35L41 amplifiers) won't function properly - **Severity**: Non-working audio is a significant user-facing issue for laptop users ### 6. STABILITY INDICATORS - Signed-off by Takashi Iwai (ALSA maintainer at SUSE) - Standard quirk addition pattern used extensively throughout this file - Follows exact same format as dozens of other ASUS quirk entries ### 7. DEPENDENCY CHECK - The fixup `ALC287_FIXUP_CS35L41_I2C_2` has been in the kernel for some time, supporting multiple other ASUS models - No other commits are required for this to work - This should apply cleanly to stable trees that have the CS35L41 support infrastructure ### CONCLUSION This commit is a textbook example of what should be backported to stable trees: 1. **Falls under explicit exception**: Adding device IDs to existing drivers is explicitly allowed 2. **Minimal change**: Single line, single table entry 3. **Zero regression risk**: Cannot affect any hardware except the targeted laptop 4. **Uses existing infrastructure**: The fixup is already well-tested on similar ASUS models 5. **Fixes real user problem**: Enables audio on a production laptop 6. **Obviously correct**: Identical pattern to surrounding entries The risk-benefit analysis strongly favors backporting: virtually zero risk with clear user benefit (working audio on a specific laptop model). **YES** sound/hda/codecs/realtek/alc269.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/hda/codecs/realtek/alc269.c b/sound/hda/codecs/realtek/alc269.c index b45fcc9a3785e..008bf9d5148e1 100644 --- a/sound/hda/codecs/realtek/alc269.c +++ b/sound/hda/codecs/realtek/alc269.c @@ -6752,6 +6752,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x1043, 0x1517, "Asus Zenbook UX31A", ALC269VB_FIXUP_ASUS_ZENBOOK_UX31A), SND_PCI_QUIRK(0x1043, 0x1533, "ASUS GV302XA/XJ/XQ/XU/XV/XI", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x1043, 0x1573, "ASUS GZ301VV/VQ/VU/VJ/VA/VC/VE/VVC/VQC/VUC/VJC/VEC/VCC", ALC285_FIXUP_ASUS_HEADSET_MIC), + SND_PCI_QUIRK(0x1043, 0x1584, "ASUS UM3406GA ", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x1043, 0x1652, "ASUS ROG Zephyrus Do 15 SE", ALC289_FIXUP_ASUS_ZEPHYRUS_DUAL_SPK), SND_PCI_QUIRK(0x1043, 0x1662, "ASUS GV301QH", ALC294_FIXUP_ASUS_DUAL_SPK), SND_PCI_QUIRK(0x1043, 0x1663, "ASUS GU603ZI/ZJ/ZQ/ZU/ZV", ALC285_FIXUP_ASUS_HEADSET_MIC), -- 2.51.0

1 day, 15 hours

3
15
0 0

[PATCH v2 v6.12] usbnet: Fix using smp_processor_id() in preemptible code warnings

by Rahul Sharma

From: Zqiang <qiang.zhang(a)linux.dev> [ Upstream commit 327cd4b68b4398b6c24f10eb2b2533ffbfc10185 ] Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 CPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary) Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 check_preemption_disabled+0xd0/0xe0 lib/smp_processor_id.c:49 usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 usbnet_resume_rx+0x4b/0x170 drivers/net/usb/usbnet.c:708 usbnet_change_mtu+0x1be/0x220 drivers/net/usb/usbnet.c:417 __dev_set_mtu net/core/dev.c:9443 [inline] netif_set_mtu_ext+0x369/0x5c0 net/core/dev.c:9496 netif_set_mtu+0xb0/0x160 net/core/dev.c:9520 dev_set_mtu+0xae/0x170 net/core/dev_api.c:247 dev_ifsioc+0xa31/0x18d0 net/core/dev_ioctl.c:572 dev_ioctl+0x223/0x10e0 net/core/dev_ioctl.c:821 sock_do_ioctl+0x19d/0x280 net/socket.c:1204 sock_ioctl+0x42f/0x6a0 net/socket.c:1311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f For historical and portability reasons, the netif_rx() is usually run in the softirq or interrupt context, this commit therefore add local_bh_disable/enable() protection in the usbnet_resume_rx(). Fixes: 43daa96b166c ("usbnet: Stop RX Q on MTU change") Link: https://syzkaller.appspot.com/bug?id=81f55dfa587ee544baaaa5a359a060512228c1… Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Zqiang <qiang.zhang(a)linux.dev> Link: https://patch.msgid.link/20251011070518.7095-1-qiang.zhang@linux.dev Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> [ The context change is due to the commit 2c04d279e857 ("net: usb: Convert tasklet API to new bottom half workqueue mechanism") in v6.17 which is irrelevant to the logic of this patch.] Signed-off-by: Rahul Sharma <black.hawk(a)163.com> --- v1->v2: Add the upstream commit id in the commit message per Greg's comment. --- drivers/net/usb/usbnet.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index 0ff7357c3c91..f1f61d85d949 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -702,6 +702,7 @@ void usbnet_resume_rx(struct usbnet *dev) struct sk_buff *skb; int num = 0; + local_bh_disable(); clear_bit(EVENT_RX_PAUSED, &dev->flags); while ((skb = skb_dequeue(&dev->rxq_pause)) != NULL) { @@ -710,6 +711,7 @@ void usbnet_resume_rx(struct usbnet *dev) } tasklet_schedule(&dev->bh); + local_bh_enable(); netif_dbg(dev, rx_status, dev->net, "paused rx queue disabled, %d skbs requeued\n", num); -- 2.34.1

1 day, 15 hours

2
1
0 0

FAILED: patch "[PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x df27c03b9e3ef2baa9e9c9f56a771d463a84489d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011224-stopper-facing-f62e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df27c03b9e3ef2baa9e9c9f56a771d463a84489d Mon Sep 17 00:00:00 2001 From: Bjorn Helgaas <bhelgaas(a)google.com> Date: Mon, 3 Nov 2025 16:19:26 -0600 Subject: [PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1 states Previously meson_pcie_link_up() only returned true if the link was in the L0 state. This was incorrect because hardware autonomously manages transitions between L0, L0s, and L1 while both components on the link stay in D0. Those states should all be treated as "link is active". Returning false when the device was in L0s or L1 broke config accesses because dw_pcie_other_conf_map_bus() fails if the link is down, which caused errors like this: meson-pcie fc000000.pcie: error: wait linkup timeout pci 0000:01:00.0: BAR 0: error updating (0xfc700004 != 0xffffffff) Remove the LTSSM state check, timeout, speed check, and error message from meson_pcie_link_up(), the dw_pcie_ops.link_up() method, so it is a simple boolean check of whether the link is active. Timeouts and error messages are handled at a higher level, e.g., dw_pcie_wait_for_link(). Fixes: 9c0ef6d34fdb ("PCI: amlogic: Add the Amlogic Meson PCIe controller driver") Reported-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Closes: https://lore.kernel.org/r/DM4PR05MB102707B8CDF84D776C39F22F2C7F0A@DM4PR05MB… [bhelgaas: squash removal of unused WAIT_LINKUP_TIMEOUT by Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google…] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> # on BananaPi M2S Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251103221930.1831376-1-helgaas@kernel.org Link: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google… diff --git a/drivers/pci/controller/dwc/pci-meson.c b/drivers/pci/controller/dwc/pci-meson.c index 54b6a4196f17..0694084f612b 100644 --- a/drivers/pci/controller/dwc/pci-meson.c +++ b/drivers/pci/controller/dwc/pci-meson.c @@ -37,7 +37,6 @@ #define PCIE_CFG_STATUS17 0x44 #define PM_CURRENT_STATE(x) (((x) >> 7) & 0x1) -#define WAIT_LINKUP_TIMEOUT 4000 #define PORT_CLK_RATE 100000000UL #define MAX_PAYLOAD_SIZE 256 #define MAX_READ_REQ_SIZE 256 @@ -350,40 +349,10 @@ static struct pci_ops meson_pci_ops = { static bool meson_pcie_link_up(struct dw_pcie *pci) { struct meson_pcie *mp = to_meson_pcie(pci); - struct device *dev = pci->dev; - u32 speed_okay = 0; - u32 cnt = 0; - u32 state12, state17, smlh_up, ltssm_up, rdlh_up; + u32 state12; - do { - state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); - state17 = meson_cfg_readl(mp, PCIE_CFG_STATUS17); - smlh_up = IS_SMLH_LINK_UP(state12); - rdlh_up = IS_RDLH_LINK_UP(state12); - ltssm_up = IS_LTSSM_UP(state12); - - if (PM_CURRENT_STATE(state17) < PCIE_GEN3) - speed_okay = 1; - - if (smlh_up) - dev_dbg(dev, "smlh_link_up is on\n"); - if (rdlh_up) - dev_dbg(dev, "rdlh_link_up is on\n"); - if (ltssm_up) - dev_dbg(dev, "ltssm_up is on\n"); - if (speed_okay) - dev_dbg(dev, "speed_okay\n"); - - if (smlh_up && rdlh_up && ltssm_up && speed_okay) - return true; - - cnt++; - - udelay(10); - } while (cnt < WAIT_LINKUP_TIMEOUT); - - dev_err(dev, "error: wait linkup timeout\n"); - return false; + state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); + return IS_SMLH_LINK_UP(state12) && IS_RDLH_LINK_UP(state12); } static int meson_pcie_host_init(struct dw_pcie_rp *pp)

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x df27c03b9e3ef2baa9e9c9f56a771d463a84489d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011223-encircle-gala-94fd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df27c03b9e3ef2baa9e9c9f56a771d463a84489d Mon Sep 17 00:00:00 2001 From: Bjorn Helgaas <bhelgaas(a)google.com> Date: Mon, 3 Nov 2025 16:19:26 -0600 Subject: [PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1 states Previously meson_pcie_link_up() only returned true if the link was in the L0 state. This was incorrect because hardware autonomously manages transitions between L0, L0s, and L1 while both components on the link stay in D0. Those states should all be treated as "link is active". Returning false when the device was in L0s or L1 broke config accesses because dw_pcie_other_conf_map_bus() fails if the link is down, which caused errors like this: meson-pcie fc000000.pcie: error: wait linkup timeout pci 0000:01:00.0: BAR 0: error updating (0xfc700004 != 0xffffffff) Remove the LTSSM state check, timeout, speed check, and error message from meson_pcie_link_up(), the dw_pcie_ops.link_up() method, so it is a simple boolean check of whether the link is active. Timeouts and error messages are handled at a higher level, e.g., dw_pcie_wait_for_link(). Fixes: 9c0ef6d34fdb ("PCI: amlogic: Add the Amlogic Meson PCIe controller driver") Reported-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Closes: https://lore.kernel.org/r/DM4PR05MB102707B8CDF84D776C39F22F2C7F0A@DM4PR05MB… [bhelgaas: squash removal of unused WAIT_LINKUP_TIMEOUT by Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google…] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> # on BananaPi M2S Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251103221930.1831376-1-helgaas@kernel.org Link: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google… diff --git a/drivers/pci/controller/dwc/pci-meson.c b/drivers/pci/controller/dwc/pci-meson.c index 54b6a4196f17..0694084f612b 100644 --- a/drivers/pci/controller/dwc/pci-meson.c +++ b/drivers/pci/controller/dwc/pci-meson.c @@ -37,7 +37,6 @@ #define PCIE_CFG_STATUS17 0x44 #define PM_CURRENT_STATE(x) (((x) >> 7) & 0x1) -#define WAIT_LINKUP_TIMEOUT 4000 #define PORT_CLK_RATE 100000000UL #define MAX_PAYLOAD_SIZE 256 #define MAX_READ_REQ_SIZE 256 @@ -350,40 +349,10 @@ static struct pci_ops meson_pci_ops = { static bool meson_pcie_link_up(struct dw_pcie *pci) { struct meson_pcie *mp = to_meson_pcie(pci); - struct device *dev = pci->dev; - u32 speed_okay = 0; - u32 cnt = 0; - u32 state12, state17, smlh_up, ltssm_up, rdlh_up; + u32 state12; - do { - state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); - state17 = meson_cfg_readl(mp, PCIE_CFG_STATUS17); - smlh_up = IS_SMLH_LINK_UP(state12); - rdlh_up = IS_RDLH_LINK_UP(state12); - ltssm_up = IS_LTSSM_UP(state12); - - if (PM_CURRENT_STATE(state17) < PCIE_GEN3) - speed_okay = 1; - - if (smlh_up) - dev_dbg(dev, "smlh_link_up is on\n"); - if (rdlh_up) - dev_dbg(dev, "rdlh_link_up is on\n"); - if (ltssm_up) - dev_dbg(dev, "ltssm_up is on\n"); - if (speed_okay) - dev_dbg(dev, "speed_okay\n"); - - if (smlh_up && rdlh_up && ltssm_up && speed_okay) - return true; - - cnt++; - - udelay(10); - } while (cnt < WAIT_LINKUP_TIMEOUT); - - dev_err(dev, "error: wait linkup timeout\n"); - return false; + state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); + return IS_SMLH_LINK_UP(state12) && IS_RDLH_LINK_UP(state12); } static int meson_pcie_host_init(struct dw_pcie_rp *pp)

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x df27c03b9e3ef2baa9e9c9f56a771d463a84489d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011221-exploit-unglazed-3e32@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df27c03b9e3ef2baa9e9c9f56a771d463a84489d Mon Sep 17 00:00:00 2001 From: Bjorn Helgaas <bhelgaas(a)google.com> Date: Mon, 3 Nov 2025 16:19:26 -0600 Subject: [PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1 states Previously meson_pcie_link_up() only returned true if the link was in the L0 state. This was incorrect because hardware autonomously manages transitions between L0, L0s, and L1 while both components on the link stay in D0. Those states should all be treated as "link is active". Returning false when the device was in L0s or L1 broke config accesses because dw_pcie_other_conf_map_bus() fails if the link is down, which caused errors like this: meson-pcie fc000000.pcie: error: wait linkup timeout pci 0000:01:00.0: BAR 0: error updating (0xfc700004 != 0xffffffff) Remove the LTSSM state check, timeout, speed check, and error message from meson_pcie_link_up(), the dw_pcie_ops.link_up() method, so it is a simple boolean check of whether the link is active. Timeouts and error messages are handled at a higher level, e.g., dw_pcie_wait_for_link(). Fixes: 9c0ef6d34fdb ("PCI: amlogic: Add the Amlogic Meson PCIe controller driver") Reported-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Closes: https://lore.kernel.org/r/DM4PR05MB102707B8CDF84D776C39F22F2C7F0A@DM4PR05MB… [bhelgaas: squash removal of unused WAIT_LINKUP_TIMEOUT by Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google…] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> # on BananaPi M2S Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251103221930.1831376-1-helgaas@kernel.org Link: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google… diff --git a/drivers/pci/controller/dwc/pci-meson.c b/drivers/pci/controller/dwc/pci-meson.c index 54b6a4196f17..0694084f612b 100644 --- a/drivers/pci/controller/dwc/pci-meson.c +++ b/drivers/pci/controller/dwc/pci-meson.c @@ -37,7 +37,6 @@ #define PCIE_CFG_STATUS17 0x44 #define PM_CURRENT_STATE(x) (((x) >> 7) & 0x1) -#define WAIT_LINKUP_TIMEOUT 4000 #define PORT_CLK_RATE 100000000UL #define MAX_PAYLOAD_SIZE 256 #define MAX_READ_REQ_SIZE 256 @@ -350,40 +349,10 @@ static struct pci_ops meson_pci_ops = { static bool meson_pcie_link_up(struct dw_pcie *pci) { struct meson_pcie *mp = to_meson_pcie(pci); - struct device *dev = pci->dev; - u32 speed_okay = 0; - u32 cnt = 0; - u32 state12, state17, smlh_up, ltssm_up, rdlh_up; + u32 state12; - do { - state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); - state17 = meson_cfg_readl(mp, PCIE_CFG_STATUS17); - smlh_up = IS_SMLH_LINK_UP(state12); - rdlh_up = IS_RDLH_LINK_UP(state12); - ltssm_up = IS_LTSSM_UP(state12); - - if (PM_CURRENT_STATE(state17) < PCIE_GEN3) - speed_okay = 1; - - if (smlh_up) - dev_dbg(dev, "smlh_link_up is on\n"); - if (rdlh_up) - dev_dbg(dev, "rdlh_link_up is on\n"); - if (ltssm_up) - dev_dbg(dev, "ltssm_up is on\n"); - if (speed_okay) - dev_dbg(dev, "speed_okay\n"); - - if (smlh_up && rdlh_up && ltssm_up && speed_okay) - return true; - - cnt++; - - udelay(10); - } while (cnt < WAIT_LINKUP_TIMEOUT); - - dev_err(dev, "error: wait linkup timeout\n"); - return false; + state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); + return IS_SMLH_LINK_UP(state12) && IS_RDLH_LINK_UP(state12); } static int meson_pcie_host_init(struct dw_pcie_rp *pp)

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x df27c03b9e3ef2baa9e9c9f56a771d463a84489d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011222-viability-foe-9ac3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df27c03b9e3ef2baa9e9c9f56a771d463a84489d Mon Sep 17 00:00:00 2001 From: Bjorn Helgaas <bhelgaas(a)google.com> Date: Mon, 3 Nov 2025 16:19:26 -0600 Subject: [PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1 states Previously meson_pcie_link_up() only returned true if the link was in the L0 state. This was incorrect because hardware autonomously manages transitions between L0, L0s, and L1 while both components on the link stay in D0. Those states should all be treated as "link is active". Returning false when the device was in L0s or L1 broke config accesses because dw_pcie_other_conf_map_bus() fails if the link is down, which caused errors like this: meson-pcie fc000000.pcie: error: wait linkup timeout pci 0000:01:00.0: BAR 0: error updating (0xfc700004 != 0xffffffff) Remove the LTSSM state check, timeout, speed check, and error message from meson_pcie_link_up(), the dw_pcie_ops.link_up() method, so it is a simple boolean check of whether the link is active. Timeouts and error messages are handled at a higher level, e.g., dw_pcie_wait_for_link(). Fixes: 9c0ef6d34fdb ("PCI: amlogic: Add the Amlogic Meson PCIe controller driver") Reported-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Closes: https://lore.kernel.org/r/DM4PR05MB102707B8CDF84D776C39F22F2C7F0A@DM4PR05MB… [bhelgaas: squash removal of unused WAIT_LINKUP_TIMEOUT by Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google…] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> # on BananaPi M2S Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251103221930.1831376-1-helgaas@kernel.org Link: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google… diff --git a/drivers/pci/controller/dwc/pci-meson.c b/drivers/pci/controller/dwc/pci-meson.c index 54b6a4196f17..0694084f612b 100644 --- a/drivers/pci/controller/dwc/pci-meson.c +++ b/drivers/pci/controller/dwc/pci-meson.c @@ -37,7 +37,6 @@ #define PCIE_CFG_STATUS17 0x44 #define PM_CURRENT_STATE(x) (((x) >> 7) & 0x1) -#define WAIT_LINKUP_TIMEOUT 4000 #define PORT_CLK_RATE 100000000UL #define MAX_PAYLOAD_SIZE 256 #define MAX_READ_REQ_SIZE 256 @@ -350,40 +349,10 @@ static struct pci_ops meson_pci_ops = { static bool meson_pcie_link_up(struct dw_pcie *pci) { struct meson_pcie *mp = to_meson_pcie(pci); - struct device *dev = pci->dev; - u32 speed_okay = 0; - u32 cnt = 0; - u32 state12, state17, smlh_up, ltssm_up, rdlh_up; + u32 state12; - do { - state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); - state17 = meson_cfg_readl(mp, PCIE_CFG_STATUS17); - smlh_up = IS_SMLH_LINK_UP(state12); - rdlh_up = IS_RDLH_LINK_UP(state12); - ltssm_up = IS_LTSSM_UP(state12); - - if (PM_CURRENT_STATE(state17) < PCIE_GEN3) - speed_okay = 1; - - if (smlh_up) - dev_dbg(dev, "smlh_link_up is on\n"); - if (rdlh_up) - dev_dbg(dev, "rdlh_link_up is on\n"); - if (ltssm_up) - dev_dbg(dev, "ltssm_up is on\n"); - if (speed_okay) - dev_dbg(dev, "speed_okay\n"); - - if (smlh_up && rdlh_up && ltssm_up && speed_okay) - return true; - - cnt++; - - udelay(10); - } while (cnt < WAIT_LINKUP_TIMEOUT); - - dev_err(dev, "error: wait linkup timeout\n"); - return false; + state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); + return IS_SMLH_LINK_UP(state12) && IS_RDLH_LINK_UP(state12); } static int meson_pcie_host_init(struct dw_pcie_rp *pp)

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x df27c03b9e3ef2baa9e9c9f56a771d463a84489d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011221-paltry-pasture-8e14@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df27c03b9e3ef2baa9e9c9f56a771d463a84489d Mon Sep 17 00:00:00 2001 From: Bjorn Helgaas <bhelgaas(a)google.com> Date: Mon, 3 Nov 2025 16:19:26 -0600 Subject: [PATCH] PCI: meson: Report that link is up while in ASPM L0s and L1 states Previously meson_pcie_link_up() only returned true if the link was in the L0 state. This was incorrect because hardware autonomously manages transitions between L0, L0s, and L1 while both components on the link stay in D0. Those states should all be treated as "link is active". Returning false when the device was in L0s or L1 broke config accesses because dw_pcie_other_conf_map_bus() fails if the link is down, which caused errors like this: meson-pcie fc000000.pcie: error: wait linkup timeout pci 0000:01:00.0: BAR 0: error updating (0xfc700004 != 0xffffffff) Remove the LTSSM state check, timeout, speed check, and error message from meson_pcie_link_up(), the dw_pcie_ops.link_up() method, so it is a simple boolean check of whether the link is active. Timeouts and error messages are handled at a higher level, e.g., dw_pcie_wait_for_link(). Fixes: 9c0ef6d34fdb ("PCI: amlogic: Add the Amlogic Meson PCIe controller driver") Reported-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Closes: https://lore.kernel.org/r/DM4PR05MB102707B8CDF84D776C39F22F2C7F0A@DM4PR05MB… [bhelgaas: squash removal of unused WAIT_LINKUP_TIMEOUT by Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google…] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Tested-by: Linnaea Lavia <linnaea-von-lavia(a)live.com> Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> # on BananaPi M2S Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20251103221930.1831376-1-helgaas@kernel.org Link: https://patch.msgid.link/20260105125625.239497-1-martin.blumenstingl@google… diff --git a/drivers/pci/controller/dwc/pci-meson.c b/drivers/pci/controller/dwc/pci-meson.c index 54b6a4196f17..0694084f612b 100644 --- a/drivers/pci/controller/dwc/pci-meson.c +++ b/drivers/pci/controller/dwc/pci-meson.c @@ -37,7 +37,6 @@ #define PCIE_CFG_STATUS17 0x44 #define PM_CURRENT_STATE(x) (((x) >> 7) & 0x1) -#define WAIT_LINKUP_TIMEOUT 4000 #define PORT_CLK_RATE 100000000UL #define MAX_PAYLOAD_SIZE 256 #define MAX_READ_REQ_SIZE 256 @@ -350,40 +349,10 @@ static struct pci_ops meson_pci_ops = { static bool meson_pcie_link_up(struct dw_pcie *pci) { struct meson_pcie *mp = to_meson_pcie(pci); - struct device *dev = pci->dev; - u32 speed_okay = 0; - u32 cnt = 0; - u32 state12, state17, smlh_up, ltssm_up, rdlh_up; + u32 state12; - do { - state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); - state17 = meson_cfg_readl(mp, PCIE_CFG_STATUS17); - smlh_up = IS_SMLH_LINK_UP(state12); - rdlh_up = IS_RDLH_LINK_UP(state12); - ltssm_up = IS_LTSSM_UP(state12); - - if (PM_CURRENT_STATE(state17) < PCIE_GEN3) - speed_okay = 1; - - if (smlh_up) - dev_dbg(dev, "smlh_link_up is on\n"); - if (rdlh_up) - dev_dbg(dev, "rdlh_link_up is on\n"); - if (ltssm_up) - dev_dbg(dev, "ltssm_up is on\n"); - if (speed_okay) - dev_dbg(dev, "speed_okay\n"); - - if (smlh_up && rdlh_up && ltssm_up && speed_okay) - return true; - - cnt++; - - udelay(10); - } while (cnt < WAIT_LINKUP_TIMEOUT); - - dev_err(dev, "error: wait linkup timeout\n"); - return false; + state12 = meson_cfg_readl(mp, PCIE_CFG_STATUS12); + return IS_SMLH_LINK_UP(state12) && IS_RDLH_LINK_UP(state12); } static int meson_pcie_host_init(struct dw_pcie_rp *pp)

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] gpio: rockchip: mark the GPIO controller as sleeping" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 20cf2aed89ac6d78a0122e31c875228e15247194 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011253-undone-entwine-9232@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 20cf2aed89ac6d78a0122e31c875228e15247194 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com> Date: Tue, 6 Jan 2026 10:00:11 +0100 Subject: [PATCH] gpio: rockchip: mark the GPIO controller as sleeping The GPIO controller is configured as non-sleeping but it uses generic pinctrl helpers which use a mutex for synchronization. This can cause the following lockdep splat with shared GPIOs enabled on boards which have multiple devices using the same GPIO: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:591 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 12, name: kworker/u16:0 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 6 locks held by kworker/u16:0/12: #0: ffff0001f0018d48 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x18c/0x604 #1: ffff8000842dbdf0 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work+0x1b4/0x604 #2: ffff0001f18498f8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x38/0x1b0 #3: ffff0001f75f1e90 (&gdev->srcu){.+.?}-{0:0}, at: gpiod_direction_output_raw_commit+0x0/0x360 #4: ffff0001f46e3db8 (&shared_desc->spinlock){....}-{3:3}, at: gpio_shared_proxy_direction_output+0xd0/0x144 [gpio_shared_proxy] #5: ffff0001f180ee90 (&gdev->srcu){.+.?}-{0:0}, at: gpiod_direction_output_raw_commit+0x0/0x360 irq event stamp: 81450 hardirqs last enabled at (81449): [<ffff8000813acba4>] _raw_spin_unlock_irqrestore+0x74/0x78 hardirqs last disabled at (81450): [<ffff8000813abfb8>] _raw_spin_lock_irqsave+0x84/0x88 softirqs last enabled at (79616): [<ffff8000811455fc>] __alloc_skb+0x17c/0x1e8 softirqs last disabled at (79614): [<ffff8000811455fc>] __alloc_skb+0x17c/0x1e8 CPU: 2 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.19.0-rc4-next-20260105+ #11975 PREEMPT Hardware name: Hardkernel ODROID-M1 (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: show_stack+0x18/0x24 (C) dump_stack_lvl+0x90/0xd0 dump_stack+0x18/0x24 __might_resched+0x144/0x248 __might_sleep+0x48/0x98 __mutex_lock+0x5c/0x894 mutex_lock_nested+0x24/0x30 pinctrl_get_device_gpio_range+0x44/0x128 pinctrl_gpio_direction+0x3c/0xe0 pinctrl_gpio_direction_output+0x14/0x20 rockchip_gpio_direction_output+0xb8/0x19c gpiochip_direction_output+0x38/0x94 gpiod_direction_output_raw_commit+0x1d8/0x360 gpiod_direction_output_nonotify+0x7c/0x230 gpiod_direction_output+0x34/0xf8 gpio_shared_proxy_direction_output+0xec/0x144 [gpio_shared_proxy] gpiochip_direction_output+0x38/0x94 gpiod_direction_output_raw_commit+0x1d8/0x360 gpiod_direction_output_nonotify+0x7c/0x230 gpiod_configure_flags+0xbc/0x480 gpiod_find_and_request+0x1a0/0x574 gpiod_get_index+0x58/0x84 devm_gpiod_get_index+0x20/0xb4 devm_gpiod_get_optional+0x18/0x30 rockchip_pcie_probe+0x98/0x380 platform_probe+0x5c/0xac really_probe+0xbc/0x298 Fixes: 936ee2675eee ("gpio/rockchip: add driver for rockchip gpio") Cc: stable(a)vger.kernel.org Reported-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Closes: https://lore.kernel.org/all/d035fc29-3b03-4cd6-b8ec-001f93540bc6@samsung.co… Acked-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://lore.kernel.org/r/20260106090011.21603-1-bartosz.golaszewski@oss.qu… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com> diff --git a/drivers/gpio/gpio-rockchip.c b/drivers/gpio/gpio-rockchip.c index 47174eb3ba76..bae2061f15fc 100644 --- a/drivers/gpio/gpio-rockchip.c +++ b/drivers/gpio/gpio-rockchip.c @@ -593,6 +593,7 @@ static int rockchip_gpiolib_register(struct rockchip_pin_bank *bank) gc->ngpio = bank->nr_pins; gc->label = bank->name; gc->parent = bank->dev; + gc->can_sleep = true; ret = gpiochip_add_data(gc, bank); if (ret) {

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] ALSA: ac97: fix a double free in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011239-handled-worried-ca90@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f Mon Sep 17 00:00:00 2001 From: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Date: Sat, 20 Dec 2025 00:28:45 +0800 Subject: [PATCH] ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_adapter_release() to do the cleanup. Found by code review. Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Link: https://patch.msgid.link/20251219162845.657525-1-lihaoxiang@isrc.iscas.ac.cn Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/ac97/bus.c b/sound/ac97/bus.c index f4254703d29f..bb9b795e0226 100644 --- a/sound/ac97/bus.c +++ b/sound/ac97/bus.c @@ -298,6 +298,7 @@ static void ac97_adapter_release(struct device *dev) idr_remove(&ac97_adapter_idr, ac97_ctrl->nr); dev_dbg(&ac97_ctrl->adap, "adapter unregistered by %s\n", dev_name(ac97_ctrl->parent)); + kfree(ac97_ctrl); } static const struct device_type ac97_adapter_type = { @@ -319,7 +320,9 @@ static int ac97_add_adapter(struct ac97_controller *ac97_ctrl) ret = device_register(&ac97_ctrl->adap); if (ret) put_device(&ac97_ctrl->adap); - } + } else + kfree(ac97_ctrl); + if (!ret) { list_add(&ac97_ctrl->controllers, &ac97_controllers); dev_dbg(&ac97_ctrl->adap, "adapter registered by %s\n", @@ -361,14 +364,11 @@ struct ac97_controller *snd_ac97_controller_register( ret = ac97_add_adapter(ac97_ctrl); if (ret) - goto err; + return ERR_PTR(ret); ac97_bus_reset(ac97_ctrl); ac97_bus_scan(ac97_ctrl); return ac97_ctrl; -err: - kfree(ac97_ctrl); - return ERR_PTR(ret); } EXPORT_SYMBOL_GPL(snd_ac97_controller_register);

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] ALSA: ac97: fix a double free in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011240-gaming-kiln-4da4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830988b6cf197e6dcffdfe2008c5738e6c6c3c0f Mon Sep 17 00:00:00 2001 From: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Date: Sat, 20 Dec 2025 00:28:45 +0800 Subject: [PATCH] ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_adapter_release() to do the cleanup. Found by code review. Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> Link: https://patch.msgid.link/20251219162845.657525-1-lihaoxiang@isrc.iscas.ac.cn Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/ac97/bus.c b/sound/ac97/bus.c index f4254703d29f..bb9b795e0226 100644 --- a/sound/ac97/bus.c +++ b/sound/ac97/bus.c @@ -298,6 +298,7 @@ static void ac97_adapter_release(struct device *dev) idr_remove(&ac97_adapter_idr, ac97_ctrl->nr); dev_dbg(&ac97_ctrl->adap, "adapter unregistered by %s\n", dev_name(ac97_ctrl->parent)); + kfree(ac97_ctrl); } static const struct device_type ac97_adapter_type = { @@ -319,7 +320,9 @@ static int ac97_add_adapter(struct ac97_controller *ac97_ctrl) ret = device_register(&ac97_ctrl->adap); if (ret) put_device(&ac97_ctrl->adap); - } + } else + kfree(ac97_ctrl); + if (!ret) { list_add(&ac97_ctrl->controllers, &ac97_controllers); dev_dbg(&ac97_ctrl->adap, "adapter registered by %s\n", @@ -361,14 +364,11 @@ struct ac97_controller *snd_ac97_controller_register( ret = ac97_add_adapter(ac97_ctrl); if (ret) - goto err; + return ERR_PTR(ret); ac97_bus_reset(ac97_ctrl); ac97_bus_scan(ac97_ctrl); return ac97_ctrl; -err: - kfree(ac97_ctrl); - return ERR_PTR(ret); } EXPORT_SYMBOL_GPL(snd_ac97_controller_register);

1 day, 16 hours

1
0
0 0

[PATCH 01/12] drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl

by Tvrtko Ursulin

Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: a292fdecd728 ("drm/amdgpu: Implement userqueue signal/wait IOCTL") Cc: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: <stable(a)vger.kernel.org> # v6.16+ --- drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c index eba9fb359047..13c5d4462be6 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c @@ -865,6 +865,7 @@ int amdgpu_userq_wait_ioctl(struct drm_device *dev, void *data, dma_fence_unwrap_for_each(f, &iter, fence) { if (WARN_ON_ONCE(num_fences >= wait_info->num_fences)) { r = -EINVAL; + dma_fence_put(fence); goto free_fences; } @@ -889,6 +890,7 @@ int amdgpu_userq_wait_ioctl(struct drm_device *dev, void *data, if (WARN_ON_ONCE(num_fences >= wait_info->num_fences)) { r = -EINVAL; + dma_fence_put(fence); goto free_fences; } -- 2.51.1

1 day, 16 hours

2
3
0 0

[BUG] misc: fastrpc: possible double-free of cctx->remote_heap

by Xingjing Deng

While reviewing drivers/misc/fastrpc.c, I noticed a potential lifetime issue around struct fastrpc_buf *remote_heap; In fastrpc_init_create_static_process(), the error path err_map: frees fl->cctx->remote_heap but does not clear the pointer(set to NULL). Later, in fastrpc_rpmsg_remove(), the code frees cctx->remote_heap again if it is non-NULL. Call paths (as I understand them) 1) First free (ioctl error path): fastrpc_fops.unlocked_ioctl → fastrpc_device_ioctl() FASTRPC_IOCTL_INIT_CREATE_STATIC → fastrpc_init_create_static_process() err_map: → fastrpc_buf_free(fl->cctx->remote_heap) (pointer not cleared) 2) Second free (rpmsg remove path): rpmsg driver .remove → fastrpc_rpmsg_remove() if (cctx->remote_heap) fastrpc_buf_free(cctx->remote_heap);

1 day, 16 hours

2
2
0 0

FAILED: patch "[PATCH] tracing: Add recursion protection in kernel stack trace" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011224-giggly-chuck-b53b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Mon, 5 Jan 2026 20:31:41 -0500 Subject: [PATCH] tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, interrupt and NMI). Have the stack trace code use the interrupt context to protect against recursion. Note, the bug showed an issue in both the RCU code as well as the tracing stacktrace code. This only handles the tracing stack trace side of the bug. The RCU fix will be handled separately. Link: https://lore.kernel.org/all/20260102122807.7025fc87@gandalf.local.home/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Joel Fernandes <joel(a)joelfernandes.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Link: https://patch.msgid.link/20260105203141.515cd49f@gandalf.local.home Reported-by: Yao Kai <yaokai34(a)huawei.com> Tested-by: Yao Kai <yaokai34(a)huawei.com> Fixes: 5f5fa7ea89dc ("rcu: Don't use negative nesting depth in __rcu_read_unlock()") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/include/linux/trace_recursion.h b/include/linux/trace_recursion.h index ae04054a1be3..e6ca052b2a85 100644 --- a/include/linux/trace_recursion.h +++ b/include/linux/trace_recursion.h @@ -34,6 +34,13 @@ enum { TRACE_INTERNAL_SIRQ_BIT, TRACE_INTERNAL_TRANSITION_BIT, + /* Internal event use recursion bits */ + TRACE_INTERNAL_EVENT_BIT, + TRACE_INTERNAL_EVENT_NMI_BIT, + TRACE_INTERNAL_EVENT_IRQ_BIT, + TRACE_INTERNAL_EVENT_SIRQ_BIT, + TRACE_INTERNAL_EVENT_TRANSITION_BIT, + TRACE_BRANCH_BIT, /* * Abuse of the trace_recursion. @@ -58,6 +65,8 @@ enum { #define TRACE_LIST_START TRACE_INTERNAL_BIT +#define TRACE_EVENT_START TRACE_INTERNAL_EVENT_BIT + #define TRACE_CONTEXT_MASK ((1 << (TRACE_LIST_START + TRACE_CONTEXT_BITS)) - 1) /* diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 6f2148df14d9..aef9058537d5 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3012,6 +3012,11 @@ static void __ftrace_trace_stack(struct trace_array *tr, struct ftrace_stack *fstack; struct stack_entry *entry; int stackidx; + int bit; + + bit = trace_test_and_set_recursion(_THIS_IP_, _RET_IP_, TRACE_EVENT_START); + if (bit < 0) + return; /* * Add one, for this function and the call to save_stack_trace() @@ -3080,6 +3085,7 @@ static void __ftrace_trace_stack(struct trace_array *tr, /* Again, don't let gcc optimize things here */ barrier(); __this_cpu_dec(ftrace_stack_reserve); + trace_clear_recursion(bit); } static inline void ftrace_trace_stack(struct trace_array *tr,

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] tracing: Add recursion protection in kernel stack trace" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011223-daydream-scolding-50ce@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Mon, 5 Jan 2026 20:31:41 -0500 Subject: [PATCH] tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, interrupt and NMI). Have the stack trace code use the interrupt context to protect against recursion. Note, the bug showed an issue in both the RCU code as well as the tracing stacktrace code. This only handles the tracing stack trace side of the bug. The RCU fix will be handled separately. Link: https://lore.kernel.org/all/20260102122807.7025fc87@gandalf.local.home/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Joel Fernandes <joel(a)joelfernandes.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Link: https://patch.msgid.link/20260105203141.515cd49f@gandalf.local.home Reported-by: Yao Kai <yaokai34(a)huawei.com> Tested-by: Yao Kai <yaokai34(a)huawei.com> Fixes: 5f5fa7ea89dc ("rcu: Don't use negative nesting depth in __rcu_read_unlock()") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/include/linux/trace_recursion.h b/include/linux/trace_recursion.h index ae04054a1be3..e6ca052b2a85 100644 --- a/include/linux/trace_recursion.h +++ b/include/linux/trace_recursion.h @@ -34,6 +34,13 @@ enum { TRACE_INTERNAL_SIRQ_BIT, TRACE_INTERNAL_TRANSITION_BIT, + /* Internal event use recursion bits */ + TRACE_INTERNAL_EVENT_BIT, + TRACE_INTERNAL_EVENT_NMI_BIT, + TRACE_INTERNAL_EVENT_IRQ_BIT, + TRACE_INTERNAL_EVENT_SIRQ_BIT, + TRACE_INTERNAL_EVENT_TRANSITION_BIT, + TRACE_BRANCH_BIT, /* * Abuse of the trace_recursion. @@ -58,6 +65,8 @@ enum { #define TRACE_LIST_START TRACE_INTERNAL_BIT +#define TRACE_EVENT_START TRACE_INTERNAL_EVENT_BIT + #define TRACE_CONTEXT_MASK ((1 << (TRACE_LIST_START + TRACE_CONTEXT_BITS)) - 1) /* diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 6f2148df14d9..aef9058537d5 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3012,6 +3012,11 @@ static void __ftrace_trace_stack(struct trace_array *tr, struct ftrace_stack *fstack; struct stack_entry *entry; int stackidx; + int bit; + + bit = trace_test_and_set_recursion(_THIS_IP_, _RET_IP_, TRACE_EVENT_START); + if (bit < 0) + return; /* * Add one, for this function and the call to save_stack_trace() @@ -3080,6 +3085,7 @@ static void __ftrace_trace_stack(struct trace_array *tr, /* Again, don't let gcc optimize things here */ barrier(); __this_cpu_dec(ftrace_stack_reserve); + trace_clear_recursion(bit); } static inline void ftrace_trace_stack(struct trace_array *tr,

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] tracing: Add recursion protection in kernel stack trace" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011223-watch-majestic-5e5d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Mon, 5 Jan 2026 20:31:41 -0500 Subject: [PATCH] tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, interrupt and NMI). Have the stack trace code use the interrupt context to protect against recursion. Note, the bug showed an issue in both the RCU code as well as the tracing stacktrace code. This only handles the tracing stack trace side of the bug. The RCU fix will be handled separately. Link: https://lore.kernel.org/all/20260102122807.7025fc87@gandalf.local.home/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Joel Fernandes <joel(a)joelfernandes.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Link: https://patch.msgid.link/20260105203141.515cd49f@gandalf.local.home Reported-by: Yao Kai <yaokai34(a)huawei.com> Tested-by: Yao Kai <yaokai34(a)huawei.com> Fixes: 5f5fa7ea89dc ("rcu: Don't use negative nesting depth in __rcu_read_unlock()") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/include/linux/trace_recursion.h b/include/linux/trace_recursion.h index ae04054a1be3..e6ca052b2a85 100644 --- a/include/linux/trace_recursion.h +++ b/include/linux/trace_recursion.h @@ -34,6 +34,13 @@ enum { TRACE_INTERNAL_SIRQ_BIT, TRACE_INTERNAL_TRANSITION_BIT, + /* Internal event use recursion bits */ + TRACE_INTERNAL_EVENT_BIT, + TRACE_INTERNAL_EVENT_NMI_BIT, + TRACE_INTERNAL_EVENT_IRQ_BIT, + TRACE_INTERNAL_EVENT_SIRQ_BIT, + TRACE_INTERNAL_EVENT_TRANSITION_BIT, + TRACE_BRANCH_BIT, /* * Abuse of the trace_recursion. @@ -58,6 +65,8 @@ enum { #define TRACE_LIST_START TRACE_INTERNAL_BIT +#define TRACE_EVENT_START TRACE_INTERNAL_EVENT_BIT + #define TRACE_CONTEXT_MASK ((1 << (TRACE_LIST_START + TRACE_CONTEXT_BITS)) - 1) /* diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 6f2148df14d9..aef9058537d5 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3012,6 +3012,11 @@ static void __ftrace_trace_stack(struct trace_array *tr, struct ftrace_stack *fstack; struct stack_entry *entry; int stackidx; + int bit; + + bit = trace_test_and_set_recursion(_THIS_IP_, _RET_IP_, TRACE_EVENT_START); + if (bit < 0) + return; /* * Add one, for this function and the call to save_stack_trace() @@ -3080,6 +3085,7 @@ static void __ftrace_trace_stack(struct trace_array *tr, /* Again, don't let gcc optimize things here */ barrier(); __this_cpu_dec(ftrace_stack_reserve); + trace_clear_recursion(bit); } static inline void ftrace_trace_stack(struct trace_array *tr,

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] tracing: Add recursion protection in kernel stack trace" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011222-murmuring-promoter-9231@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Mon, 5 Jan 2026 20:31:41 -0500 Subject: [PATCH] tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, interrupt and NMI). Have the stack trace code use the interrupt context to protect against recursion. Note, the bug showed an issue in both the RCU code as well as the tracing stacktrace code. This only handles the tracing stack trace side of the bug. The RCU fix will be handled separately. Link: https://lore.kernel.org/all/20260102122807.7025fc87@gandalf.local.home/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Joel Fernandes <joel(a)joelfernandes.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Link: https://patch.msgid.link/20260105203141.515cd49f@gandalf.local.home Reported-by: Yao Kai <yaokai34(a)huawei.com> Tested-by: Yao Kai <yaokai34(a)huawei.com> Fixes: 5f5fa7ea89dc ("rcu: Don't use negative nesting depth in __rcu_read_unlock()") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/include/linux/trace_recursion.h b/include/linux/trace_recursion.h index ae04054a1be3..e6ca052b2a85 100644 --- a/include/linux/trace_recursion.h +++ b/include/linux/trace_recursion.h @@ -34,6 +34,13 @@ enum { TRACE_INTERNAL_SIRQ_BIT, TRACE_INTERNAL_TRANSITION_BIT, + /* Internal event use recursion bits */ + TRACE_INTERNAL_EVENT_BIT, + TRACE_INTERNAL_EVENT_NMI_BIT, + TRACE_INTERNAL_EVENT_IRQ_BIT, + TRACE_INTERNAL_EVENT_SIRQ_BIT, + TRACE_INTERNAL_EVENT_TRANSITION_BIT, + TRACE_BRANCH_BIT, /* * Abuse of the trace_recursion. @@ -58,6 +65,8 @@ enum { #define TRACE_LIST_START TRACE_INTERNAL_BIT +#define TRACE_EVENT_START TRACE_INTERNAL_EVENT_BIT + #define TRACE_CONTEXT_MASK ((1 << (TRACE_LIST_START + TRACE_CONTEXT_BITS)) - 1) /* diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 6f2148df14d9..aef9058537d5 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3012,6 +3012,11 @@ static void __ftrace_trace_stack(struct trace_array *tr, struct ftrace_stack *fstack; struct stack_entry *entry; int stackidx; + int bit; + + bit = trace_test_and_set_recursion(_THIS_IP_, _RET_IP_, TRACE_EVENT_START); + if (bit < 0) + return; /* * Add one, for this function and the call to save_stack_trace() @@ -3080,6 +3085,7 @@ static void __ftrace_trace_stack(struct trace_array *tr, /* Again, don't let gcc optimize things here */ barrier(); __this_cpu_dec(ftrace_stack_reserve); + trace_clear_recursion(bit); } static inline void ftrace_trace_stack(struct trace_array *tr,

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] tracing: Add recursion protection in kernel stack trace" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011216-preacher-swampland-24d3@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Mon, 5 Jan 2026 20:31:41 -0500 Subject: [PATCH] tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, interrupt and NMI). Have the stack trace code use the interrupt context to protect against recursion. Note, the bug showed an issue in both the RCU code as well as the tracing stacktrace code. This only handles the tracing stack trace side of the bug. The RCU fix will be handled separately. Link: https://lore.kernel.org/all/20260102122807.7025fc87@gandalf.local.home/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Joel Fernandes <joel(a)joelfernandes.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Link: https://patch.msgid.link/20260105203141.515cd49f@gandalf.local.home Reported-by: Yao Kai <yaokai34(a)huawei.com> Tested-by: Yao Kai <yaokai34(a)huawei.com> Fixes: 5f5fa7ea89dc ("rcu: Don't use negative nesting depth in __rcu_read_unlock()") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/include/linux/trace_recursion.h b/include/linux/trace_recursion.h index ae04054a1be3..e6ca052b2a85 100644 --- a/include/linux/trace_recursion.h +++ b/include/linux/trace_recursion.h @@ -34,6 +34,13 @@ enum { TRACE_INTERNAL_SIRQ_BIT, TRACE_INTERNAL_TRANSITION_BIT, + /* Internal event use recursion bits */ + TRACE_INTERNAL_EVENT_BIT, + TRACE_INTERNAL_EVENT_NMI_BIT, + TRACE_INTERNAL_EVENT_IRQ_BIT, + TRACE_INTERNAL_EVENT_SIRQ_BIT, + TRACE_INTERNAL_EVENT_TRANSITION_BIT, + TRACE_BRANCH_BIT, /* * Abuse of the trace_recursion. @@ -58,6 +65,8 @@ enum { #define TRACE_LIST_START TRACE_INTERNAL_BIT +#define TRACE_EVENT_START TRACE_INTERNAL_EVENT_BIT + #define TRACE_CONTEXT_MASK ((1 << (TRACE_LIST_START + TRACE_CONTEXT_BITS)) - 1) /* diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 6f2148df14d9..aef9058537d5 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3012,6 +3012,11 @@ static void __ftrace_trace_stack(struct trace_array *tr, struct ftrace_stack *fstack; struct stack_entry *entry; int stackidx; + int bit; + + bit = trace_test_and_set_recursion(_THIS_IP_, _RET_IP_, TRACE_EVENT_START); + if (bit < 0) + return; /* * Add one, for this function and the call to save_stack_trace() @@ -3080,6 +3085,7 @@ static void __ftrace_trace_stack(struct trace_array *tr, /* Again, don't let gcc optimize things here */ barrier(); __this_cpu_dec(ftrace_stack_reserve); + trace_clear_recursion(bit); } static inline void ftrace_trace_stack(struct trace_array *tr,

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011247-sharper-eel-d578@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011245-mummified-entree-046b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011243-manor-perkiness-7a2a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

1 day, 16 hours

1
0
0 0

FAILED: patch "[PATCH] NFSD: Remove NFSERR_EAGAIN" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c6c209ceb87f64a6ceebe61761951dcbbf4a0baa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011224-freezing-captive-52e7@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6c209ceb87f64a6ceebe61761951dcbbf4a0baa Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Tue, 9 Dec 2025 19:28:49 -0500 Subject: [PATCH] NFSD: Remove NFSERR_EAGAIN I haven't found an NFSERR_EAGAIN in RFCs 1094, 1813, 7530, or 8881. None of these RFCs have an NFS status code that match the numeric value "11". Based on the meaning of the EAGAIN errno, I presume the use of this status in NFSD means NFS4ERR_DELAY. So replace the one usage of nfserr_eagain, and remove it from NFSD's NFS status conversion tables. As far as I can tell, NFSERR_EAGAIN has existed since the pre-git era, but was not actually used by any code until commit f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed."), at which time it become possible for NFSD to return a status code of 11 (which is not valid NFS protocol). Fixes: f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed.") Cc: stable(a)vger.kernel.org Reviewed-by: NeilBrown <neil(a)brown.name> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfs_common/common.c b/fs/nfs_common/common.c index af09aed09fd2..0778743ae2c2 100644 --- a/fs/nfs_common/common.c +++ b/fs/nfs_common/common.c @@ -17,7 +17,6 @@ static const struct { { NFSERR_NOENT, -ENOENT }, { NFSERR_IO, -EIO }, { NFSERR_NXIO, -ENXIO }, -/* { NFSERR_EAGAIN, -EAGAIN }, */ { NFSERR_ACCES, -EACCES }, { NFSERR_EXIST, -EEXIST }, { NFSERR_XDEV, -EXDEV }, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 7f7e6bb23a90..42a6b914c0fe 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1506,7 +1506,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); - return nfserr_eagain; + return nfserr_jukebox; } finish_wait(&nn->nfsd_ssc_waitq, &wait); goto try_again; diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h index 50be785f1d2c..b0283213a8f5 100644 --- a/fs/nfsd/nfsd.h +++ b/fs/nfsd/nfsd.h @@ -233,7 +233,6 @@ void nfsd_lockd_shutdown(void); #define nfserr_noent cpu_to_be32(NFSERR_NOENT) #define nfserr_io cpu_to_be32(NFSERR_IO) #define nfserr_nxio cpu_to_be32(NFSERR_NXIO) -#define nfserr_eagain cpu_to_be32(NFSERR_EAGAIN) #define nfserr_acces cpu_to_be32(NFSERR_ACCES) #define nfserr_exist cpu_to_be32(NFSERR_EXIST) #define nfserr_xdev cpu_to_be32(NFSERR_XDEV) diff --git a/include/trace/misc/nfs.h b/include/trace/misc/nfs.h index c82233e950ac..a394b4d38e18 100644 --- a/include/trace/misc/nfs.h +++ b/include/trace/misc/nfs.h @@ -16,7 +16,6 @@ TRACE_DEFINE_ENUM(NFSERR_PERM); TRACE_DEFINE_ENUM(NFSERR_NOENT); TRACE_DEFINE_ENUM(NFSERR_IO); TRACE_DEFINE_ENUM(NFSERR_NXIO); -TRACE_DEFINE_ENUM(NFSERR_EAGAIN); TRACE_DEFINE_ENUM(NFSERR_ACCES); TRACE_DEFINE_ENUM(NFSERR_EXIST); TRACE_DEFINE_ENUM(NFSERR_XDEV); @@ -52,7 +51,6 @@ TRACE_DEFINE_ENUM(NFSERR_JUKEBOX); { NFSERR_NXIO, "NXIO" }, \ { ECHILD, "CHILD" }, \ { ETIMEDOUT, "TIMEDOUT" }, \ - { NFSERR_EAGAIN, "AGAIN" }, \ { NFSERR_ACCES, "ACCES" }, \ { NFSERR_EXIST, "EXIST" }, \ { NFSERR_XDEV, "XDEV" }, \ diff --git a/include/uapi/linux/nfs.h b/include/uapi/linux/nfs.h index f356f2ba3814..71c7196d3281 100644 --- a/include/uapi/linux/nfs.h +++ b/include/uapi/linux/nfs.h @@ -49,7 +49,6 @@ NFSERR_NOENT = 2, /* v2 v3 v4 */ NFSERR_IO = 5, /* v2 v3 v4 */ NFSERR_NXIO = 6, /* v2 v3 v4 */ - NFSERR_EAGAIN = 11, /* v2 v3 */ NFSERR_ACCES = 13, /* v2 v3 v4 */ NFSERR_EXIST = 17, /* v2 v3 v4 */ NFSERR_XDEV = 18, /* v3 v4 */

1 day, 16 hours

1
0
0 0

[PATCH 6.1 000/634] 6.1.160-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.160 release. There are 634 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.160-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.160-rc1 Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: mac80211: fix switch count in EMA beacons Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: fix puncturing bitmap policy Petr Tesarik <petr(a)tesarici.cz> net: stmmac: protect updates of 64-bit statistics counters Petr Tesarik <petr(a)tesarici.cz> net: stmmac: fix ethtool per-queue statistics Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: fix incorrect rxq|txq_stats reference Johan Hovold <johan(a)kernel.org> usb: gadget: lpc32xx_udc: fix clock imbalance in error path David Hildenbrand <david(a)redhat.com> mm: (un)track_pfn_copy() fix + doc improvements David Hildenbrand <david(a)redhat.com> kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() Su Hui <suhui(a)nfschina.com> net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "iommu/amd: Skip enabling command/event buffers for kdump" Amitai Gottlieb <amitaig(a)hailo.ai> firmware: arm_scmi: Fix unused notifier-block in unregister Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: fix tty_port_tty_*hangup() kernel-doc Ming Lei <ming.lei(a)redhat.com> blk-mq: setup queue ->tag_set before initializing hctx Sean Nyekjaer <sean(a)geanix.com> pwm: stm32: Always program polarity Gabriel Krisman Bertazi <krisman(a)suse.de> ext4: fix error message when rejecting the default hash Jason Yan <yanaijie(a)huawei.com> ext4: factor out ext4_hash_info_init() Lizhi Xu <lizhi.xu(a)windriver.com> ext4: filesystems without casefold feature cannot be mounted with siphash Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Apply the link chain quirk on NEC isoc endpoints Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: move link chain bit quirk checks into one helper function. Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix a null-ptr access in the cursor snooper Hugh Dickins <hughd(a)google.com> mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() Peter Xu <peterx(a)redhat.com> mm/mprotect: use long for page accountings and retval David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Ma Wupeng <mawupeng1(a)huawei.com> x86/mm/pat: clear VM_PAT if copy_p4d_range failed Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Remove improper idxd_free Justin Stitt <justinstitt(a)google.com> KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning Maximilian Immanuel Brandtner <maxbr(a)linux.ibm.com> virtio_console: fix order of fields cols and rows Johan Hovold <johan(a)kernel.org> iommu/qcom: fix device leak on of_xlate() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Index contexts by asid number to allow asid 0 AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Use the asid read from device-tree if specified Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/arm-smmu: Convert to platform remove callback returning void Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/arm-smmu: Drop if with an always false condition Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 file creation neglects setting ACL Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister: fixup Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: introduce and use tty_port_tty_vhangup() helper Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: Make uart_remove_one_port() return void Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Thomas Zimmermann <tzimmermann(a)suse.de> drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Christian König <christian.koenig(a)amd.com> drm/amdgpu: cleanup scheduler job initialization v2 Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand <david(a)redhat.com> mm: simplify folio_expected_ref_count() NeilBrown <neil(a)brown.name> lockd: fix vfs_test_lock() calls Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection Wentao Liang <vulab(a)iscas.ac.cn> pmdomain: imx: Fix reference count leak in imx_gpc_probe() Rob Herring <robh(a)kernel.org> pmdomain: Use device_get_match_data() Haoxiang Li <haoxiang_li2024(a)163.com> media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Remove vpu_vb_is_codecconfig Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: amphion: Make some vpu_v4l2 functions static Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Add a frame flush mode for decoder Dongli Zhang <dongli.zhang(a)oracle.com> KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: we cannot have isolated pages in the balloon list Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix disabling L0s capability Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix CPU stalls on G2 bus error Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix OF node leak on probe Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ASoC: stm: stm32_sai_sub: Convert to platform remove callback returning void Joanne Koong <joannelkoong(a)gmail.com> fuse: fix readahead reclaim deadlock Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix clk prepare imbalance on probe failure Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: stm32: sai: Use the devm_clk_get_optional() helper Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leaks on probe() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/mtk_iommu_v1: Convert to platform remove callback returning void Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix use-after-free on probe deferral Yong Wu <yong.wu(a)mediatek.com> iommu/mediatek: Improve safety for mediatek,smi property in larb nodes Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 Shivani Agarwal <shivani.agarwal(a)broadcom.com> crypto: af_alg - zero initialize memory allocated via sock_kmalloc Filipe Manana <fdmanana(a)suse.com> btrfs: don't log conflicting inode if it's a dir moved in the current transaction Joshua Rogers <linux(a)joshua.hu> SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap Chao Yu <chao(a)kernel.org> f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Chao Yu <chao(a)kernel.org> f2fs: use global inline_xattr_slab instead of per-sb slab cache Chao Yu <chao(a)kernel.org> f2fs: fix to propagate error from f2fs_enable_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating compression context during writeback Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: drop inode from the donation list when the last file is closed Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: keep POSIX_FADV_NOREUSE ranges Chao Yu <chao(a)kernel.org> f2fs: remove unused GC_FAILURE_PIN Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating zero-sized extent in extent cache Seunghwan Baek <sh8267.baek(a)samsung.com> scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Udipto Goswami <udipto.goswami(a)oss.qualcomm.com> usb: dwc3: keep susphy enabled during exit to avoid controller faults Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ignore unknown endpoint flags Johan Hovold <johan(a)kernel.org> usb: ohci-nxp: fix device leak on probe failure Zhang Zekun <zhangzekun11(a)huawei.com> usb: ohci-nxp: Use helper function devm_clk_get_enabled() Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid deadlock on fallback while reinjecting Fedor Pchelkin <pchelkin(a)ispras.ru> ext4: fix string copying in parse_apply_sb_mount_options() Ye Bin <yebin10(a)huawei.com> jbd2: fix the inconsistency between checksum and data in memory for journal sb Alexey Velichayshiy <a.velichayshiy(a)ispras.ru> gfs2: fix freeze error handling Josef Bacik <josef(a)toxicpanda.com> btrfs: don't rewrite ret from inode_permission Sven Eckelmann (Plasma Cloud) <se(a)simonwunderlich.de> wifi: mt76: Fix DTS power-limits on little endian systems Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_can_open(): fix error handling Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Fix integer overflow in sample size validation Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use standard print API Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Clear substream pointers on close Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use guard() for spin locks Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Use EMULTYPE flag to track write #PFs to shadow pages Dong Chenchen <dongchenchen2(a)huawei.com> page_pool: Fix use-after-free in page_pool_recycle_in_ring Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Baokun Li <libaokun1(a)huawei.com> fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Martin Nybo Andersen <tweek(a)tweek.dk> kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory failure from damon_test_target() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/64s/radix/kfence: map __kfence_pool at page granularity Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> tpm: Cap the number of PCR banks Ming Lei <ming.lei(a)redhat.com> blk-mq: add helper for checking if one CPU is mapped to specified hctx Lyude Paul <lyude(a)redhat.com> drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Krzysztof Niemiec <krzysztof.niemiec(a)intel.com> drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer René Rebe <rene(a)exactco.de> drm/mgag200: Fix big-endian support Simon Richter <Simon.Richter(a)hogyros.de> drm/ttm: Avoid NULL pointer deref for evicted BOs Miaoqian Lin <linmq006(a)gmail.com> drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Xiaolei Wang <xiaolei.wang(a)windriver.com> net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Deepanshu Kartikey <kartikey406(a)gmail.com> net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Ethan Nelson-Moore <enelsonmoore(a)gmail.com> net: usb: sr9700: fix incorrect command used to write single register Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> nfsd: Drop the client reference in client_states_open() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Zero-extend bpf_tail_call() index Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> fjes: Add missing iounmap in fjes_hw_init() Guangshuo Li <lgs201920130244(a)gmail.com> e1000: fix OOB in e1000_tbi_should_accept() Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/cm: Fix leaking the multicast GID table reference Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly Matthew Wilcox (Oracle) <willy(a)infradead.org> idr: fix idr_alloc() returning an ID out of range Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: refactor pcpu kasan vmalloc unpoison H. Peter Anvin <hpa(a)zytor.com> compiler_types.h: add "auto" as a macro for "__auto_type" WangYuli <wangyl5933(a)chinaunicom.cn> LoongArch: Use __pmd()/__pte() for swap entry conversions Qiang Ma <maqianga(a)uniontech.com> LoongArch: Correct the calculation logic of thread_count Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add new PCI ID for pci_fixup_vgadev() Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Cancel message work before releasing the VPU core Johan Hovold <johan(a)kernel.org> media: vpif_display: fix section mismatch Johan Hovold <johan(a)kernel.org> media: vpif_capture: fix section mismatch Haotian Zhang <vulab(a)iscas.ac.cn> media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Protect G2 HEVC decoder against invalid DPB index Duoming Zhou <duoming(a)zju.edu.cn> media: TDA1997x: Remove redundant cancel_delayed_work in probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: samsung: exynos4-is: fix potential ABBA deadlock on init Miaoqian Lin <linmq006(a)gmail.com> media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled Ivan Abramov <i.abramov(a)mt-integration.ru> media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Haotian Zhang <vulab(a)iscas.ac.cn> media: cec: Fix debugfs leak on bus_register() failure René Rebe <rene(a)exactco.de> fbdev: tcx.c fix mem_map to correct smem_start offset Thorsten Blum <thorsten.blum(a)linux.dev> fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Rene Rebe <rene(a)exactco.de> fbdev: gbefb: fix to use physical address instead of dma address Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: align write boundary on physical block size Uladzislau Rezki (Sony) <urezki(a)gmail.com> dm-ebs: Mark full buffer dirty even on partial write Mahesh Rao <mahesh.rao(a)altera.com> firmware: stratix10-svc: Add mutex in stratix10 memory management Ivan Abramov <i.abramov(a)mt-integration.ru> media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION Sven Schnelle <svens(a)stackframe.org> parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Sven Schnelle <svens(a)stackframe.org> parisc: entry.S: fix space adjustment on interruption for 64-bit userspace Haotian Zhang <vulab(a)iscas.ac.cn> media: rc: st_rc: Fix reset control resource leak Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77620: Fix potential IRQ chip conflict when probing two devices Johan Hovold <johan(a)kernel.org> mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Enable chip before any communication Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Allow LED 0 to be added to module bank Donet Tom <donettom(a)linux.ibm.com> powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dave Vasilevsky <dave(a)vasilevsky.ca> powerpc, mm: Fix mprotect on book3s 32-bit Lukas Wunner <lukas(a)wunner.de> PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Hans de Goede <johannes.goede(a)oss.qualcomm.com> HID: logitech-dj: Remove duplicate error logging Johan Hovold <johan(a)kernel.org> iommu/tegra: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/sun50i: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/omap: fix device leaks on probe_device() Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/ipmmu-vmsa: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/exynos: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/apple-dart: fix device leak on of_xlate() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6adm: the the copp device only during last instance Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6asm-dai: perform correct state check before closing Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix device leak on probe Matthew Wilcox (Oracle) <willy(a)infradead.org> ntfs: Do not overwrite uptodate pages Yipeng Zou <zouyipeng(a)huawei.com> selftests/ftrace: traceonoff_triggers: strip off names Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: skip CPU offline notify on unmapped hctx Ming Lei <ming.lei(a)redhat.com> blk-mq: don't schedule block kworker on isolated CPUs Frederic Weisbecker <frederic(a)kernel.org> sched/isolation: add cpu_is_isolated() API Thomas Fourier <fourier.thomas(a)gmail.com> RDMA/bnxt_re: fix dma_free_coherent() pointer Honggang LI <honggangli(a)163.com> RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to use correct page size for PDE table Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() Jang Ingyu <ingyujang25(a)korea.ac.kr> RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Remove possible negative shift Michal Schmidt <mschmidt(a)redhat.com> RDMA/irdma: avoid invalid read in irdma_net_event Pwnverse <stanksal(a)purdue.edu> net: rose: fix invalid array index in rose_kill_by_device() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix reference count leak when using error routes with nexthop objects Will Rosenberg <whrosenb(a)asu.edu> ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() Wei Fang <wei.fang(a)nxp.com> net: stmmac: fix the crash issue for zero copy XDP_TX action Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: use per-queue 64 bit statistics where necessary Teoh Ji Sheng <ji.sheng.teoh(a)intel.com> net: stmmac: xgmac: add ethtool per-queue irq statistic support Song Yoong Siang <yoong.siang.song(a)intel.com> net: stmmac: introduce wrapper for struct xdp_buff Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: dwmac4: Allow platforms to specify some DMA/MTL offsets Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Pass stmmac_priv in some callbacks Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Remove some unnecessary void pointers Revanth Kumar Uppala <ruppala(a)nvidia.com> net: stmmac: Power up SERDES after the PHY link Anshumali Gaur <agaur(a)marvell.com> octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Bagas Sanjaya <bagasdotme(a)gmail.com> net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Deepanshu Kartikey <kartikey406(a)gmail.com> net: usb: asix: validate PHY address before use Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: skip multicast entries for fdb_dump() Thomas Fourier <fourier.thomas(a)gmail.com> firewire: nosy: Fix dma_free_coherent() size Andrew Morton <akpm(a)linux-foundation.org> genalloc.h: fix htmldocs warning Yeoreum Yun <yeoreum.yun(a)arm.com> smc91x: fix broken irq-context in PREEMPT_RT Alice C. Munduruca <alice.munduruca(a)canonical.com> selftests: net: fix "buffer overflow detected" for tap.c Deepakkumar Karn <dkarn(a)redhat.com> net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Jiri Pirko <jiri(a)nvidia.com> team: fix check for port enabled in team_queue_override_port_prio_changed() Junrui Luo <moonafterrain(a)outlook.com> platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic Thomas Fourier <fourier.thomas(a)gmail.com> platform/x86: msi-laptop: add missing sysfs_remove_group() Eric Dumazet <edumazet(a)google.com> ip6_gre: make ip6gre_header() robust Toke Høiland-Jørgensen <toke(a)redhat.com> net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Jacky Chou <jacky_chou(a)aspeedtech.com> net: mdio: aspeed: add dummy read to avoid read-after-write issue Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: revert use of devm_kzalloc in btusb Herbert Xu <herbert(a)gondor.apana.org.au> crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Kohei Enju <enjuk(a)amazon.com> iavf: fix off-by-one issues in iavf_config_rss_reg() Gregory Herrero <gregory.herrero(a)oracle.com> i40e: validate ring_len parameter against hardware-specific values Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor argument of i40e_detect_recover_hung() Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor argument of several client notification functions Przemyslaw Korba <przemyslaw.korba(a)intel.com> i40e: fix scheduling in set_rx_mode Aloka Dixit <aloka.dixit(a)oss.qualcomm.com> wifi: mac80211: do not use old MBSSID elements Aloka Dixit <quic_alokad(a)quicinc.com> mac80211: support RNR for EMA AP Aloka Dixit <quic_alokad(a)quicinc.com> cfg80211: support RNR for EMA AP Aloka Dixit <quic_alokad(a)quicinc.com> wifi: mac80211: generate EMA beacons in AP mode Avraham Stern <avraham.stern(a)intel.com> wifi: nl80211: add a command to enable/disable HW timestamping Aloka Dixit <quic_alokad(a)quicinc.com> wifi: nl80211: validate and configure puncturing bitmap Aloka Dixit <quic_alokad(a)quicinc.com> wifi: cfg80211: move puncturing bitmap validation from mac80211 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mlme: handle EHT channel puncturing Vinayak Yadawad <vinayak.yadawad(a)broadcom.com> cfg80211: Update Transition Disable policy during port authorization Dan Carpenter <dan.carpenter(a)linaro.org> wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83791d) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (max16065) Use local variable to avoid TOCTOU Ma Ke <make24(a)iscas.ac.cn> i2c: amd-mp2: fix reference leak in MP2 PCI device Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> platform/x86: intel: chtwc_int33fe: don't dereference swnode args Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> rpmsg: glink: fix rpmsg device leak Johan Hovold <johan(a)kernel.org> soc: amlogic: canvas: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: qcom: ocmem: fix device leak on lookup Johan Hovold <johan(a)kernel.org> amba: tegra-ahb: Fix device leak on SMMU enable Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Prithvi Tambewagh <activprithvi(a)gmail.com> io_uring: fix filename leak in __io_openat_prep() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: correctly handle io_poll_add() return value on update Nysal Jan K.A. <nysal(a)linux.ibm.com> powerpc/kexec: Enable SMT before waking offline CPUs Joshua Rogers <linux(a)joshua.hu> svcrdma: return 0 on success from svc_rdma_copy_inline_range Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> nfsd: Mark variable __maybe_unused to avoid W=1 build break Amir Goldstein <amir73il(a)gmail.com> fsnotify: do not generate ACCESS/MODIFY events on child for special files René Rebe <rene(a)exactco.de> r8169: fix RTL8117 Wake-on-Lan in DASH mode Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Do not clear needs_force_resume with enabled runtime PM Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not register unsupported perf events Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> xfs: fix a memory leak in xfs_buf_item_init() Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() Sean Christopherson <seanjc(a)google.com> KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 Ilya Dryomov <idryomov(a)gmail.com> libceph: make decode_pool() more resilient against corrupted osdmaps Helge Deller <deller(a)gmx.de> parisc: Do not reprogram affinitiy on ASP chip Zhichi Lin <zhichi.lin(a)vivo.com> scs: fix a wrong parameter in __scs_magic Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Prithvi Tambewagh <activprithvi(a)gmail.com> ocfs2: fix kernel BUG in ocfs2_find_victim_chain Jeongjun Park <aha310510(a)gmail.com> media: vidtv: initialize local pointers upon transfer of memory ownership Alison Schofield <alison.schofield(a)intel.com> tools/testing/nvdimm: Use per-DIMM device handle Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_recover_fsync_data() Deepanshu Kartikey <kartikey406(a)gmail.com> f2fs: invalidate dentry cache on failed whiteout creation Andrey Vatoropin <a.vatoropin(a)crpt.ru> scsi: target: Reset t_task_cdb pointer in error case Dai Ngo <dai.ngo(a)oracle.com> NFSD: use correct reservation type in nfsd4_scsi_fence_client Junrui Luo <moonafterrain(a)outlook.com> scsi: aic94xx: fix use-after-free in device removal path Tony Battersby <tonyb(a)cybernetics.com> scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Miaoqian Lin <linmq006(a)gmail.com> cpufreq: nforce2: fix reference count leak in nforce2 Ma Ke <make24(a)iscas.ac.cn> intel_th: Fix error handling in intel_th_output_open Tianchu Chen <flynnnchen(a)tencent.com> char: applicom: fix NULL pointer dereference in ac_ioctl Haoxiang Li <haoxiang_li2024(a)163.com> usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() Miaoqian Lin <linmq006(a)gmail.com> usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe Johan Hovold <johan(a)kernel.org> usb: phy: isp1301: fix non-OF device reference imbalance Duoming Zhou <duoming(a)zju.edu.cn> usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal Ma Ke <make24(a)iscas.ac.cn> USB: lpc32xx_udc: Fix error handling in probe Johan Hovold <johan(a)kernel.org> phy: broadcom: bcm63xx-usbh: fix section mismatches Colin Ian King <colin.i.king(a)gmail.com> media: pvrusb2: Fix incorrect variable used in trace message Jeongjun Park <aha310510(a)gmail.com> media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-mem2mem: Fix outdated documentation Byungchul Park <byungchul(a)sk.com> jbd2: use a weaker annotation in journal handling Baokun Li <libaokun1(a)huawei.com> ext4: align max orphan file size with e2fsprogs limit Yongjian Sun <sunyongjian1(a)huawei.com> ext4: fix incorrect group number assertion in mb_check_buddy Haibo Chen <haibo.chen(a)nxp.com> ext4: clear i_state_flags when alloc inode Karina Yankevich <k.yankevich(a)omp.ru> ext4: xattr: fix null pointer deref in ext4_raw_inode() Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Fix uninitialized var in config-bisect.pl Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: fix mount failure for sparse runs in run_unpack() Zheng Yejian <zhengyejian(a)huaweicloud.com> kallsyms: Fix wrong "big" kernel symbol type read from procfs Rene Rebe <rene(a)exactco.de> floppy: fix for PAGE_SIZE != 4KB Li Chen <chenl311(a)chinatelecom.cn> block: rate-limit capacity change info log Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: Fix gendisk parent after copy pair swap Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Sarthak Garg <sarthak.garg(a)oss.qualcomm.com> mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix a memory leak in tpm2_load_cmd Stefano Garzarella <sgarzare(a)redhat.com> vhost/vsock: improve RCU read sections around vhost_vsock_get() Dan Carpenter <dan.carpenter(a)linaro.org> block: rnbd-clt: Fix signedness bug in init_dev() Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Daniel Wagner <wagi(a)kernel.org> nvme-fc: don't hold rport lock when putting ctrl Wenhua Lin <Wenhua.Lin(a)unisoc.com> serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: xhci: limit run_graceperiod for only usb 3.0 devices Pei Xiao <xiaopei01(a)kylinos.cn> iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Mark Pearson <mpearson-lenovo(a)squebb.ca> usb: typec: ucsi: Handle incorrect num_connectors capability Lizhi Xu <lizhi.xu(a)windriver.com> usbip: Fix locking bug in RT-enabled kernels Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix remount failure in different process environments Encrow Thorne <jyc0019(a)gmail.com> reset: fix BIT macro reference Li Qiang <liqiang01(a)kylinos.cn> via_wdt: fix critical boot hang due to unnamed resource allocation Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Use reinit_completion on mbx_intr_comp Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled Ben Collins <bcollins(a)kernel.org> powerpc/addnote: Fix overflow on 32-bit builds Josua Mayer <josua(a)solid-run.com> clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Matthias Schiffer <matthias.schiffer(a)tq-group.com> ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: Init workqueue before request mbox channel Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix __scan_channels() failing to rescan channels Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix the race between __scan_channels() and deliver_response() Shipei Qu <qu(a)darknavy.com> ALSA: usb-mixer: us16x08: validate meter packet indices Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: vxpocket: Fix resource leak in vxpocket_probe error path Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Jared Kangas <jkangas(a)redhat.com> mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Christophe Leroy <christophe.leroy(a)csgroup.eu> spi: fsl-cpm: Check length parity before switching to 16 bit mode Pengjie Zhang <zhangpengjie2(a)huawei.com> ACPI: CPPC: Fix missing PCC check for guaranteed_perf Christoffer Sandberg <cs(a)tuxedo.de> Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Junjie Cao <junjie.cao(a)intel.com> Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Ping Cheng <pinglinux(a)gmail.com> HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix buffer validation by including null terminator size in EA length Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Fix refcount leak when invalid session is found on session lookup Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: skip lock-range check on equal size to avoid size==0 underflow Thomas Fourier <fourier.thomas(a)gmail.com> block: rnbd-clt: Fix leaked ID in init_dev() Anurag Dutta <a-dutta(a)ti.com> spi: cadence-quadspi: Fix clock disable on probe failure path Yang Yingliang <yangyingliang(a)huawei.com> spi: cadence-quadspi: add missing clk_disable_unprepare() in cqspi_probe() William Qiu <william.qiu(a)starfivetech.com> spi: cadence-quadspi: Add clock configuration for StarFive JH7110 QSPI Brad Larson <blarson(a)amd.com> spi: cadence-quadspi: Add compatible for AMD Pensando Elba SoC William Qiu <william.qiu(a)starfivetech.com> spi: cadence-quadspi: Add support for StarFive JH7110 QSPI Juergen Gross <jgross(a)suse.com> x86/xen: Fix sparse warning in enlighten_pv.c Brian Gerst <brgerst(a)gmail.com> x86/xen: Move Xen upcall handler Haoxiang Li <haoxiang_li2024(a)163.com> MIPS: Fix a reference leak bug in ip22_check_gio() Alexey Simakov <bigalex934(a)gmail.com> hwmon: (tmp401) fix overflow caused by default conversion rate value Junrui Luo <moonafterrain(a)outlook.com> hwmon: (ibmpex) fix use-after-free in high/low store Jian Shen <shenjian15(a)huawei.com> net: hns3: add VLAN id validation before using Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps in the vf driver to apply for resources Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Handle escaped percent properly Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Validate format string parameters Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Add support for unrecognized string Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Drain firmware reset in shutdown callback Parav Pandit <parav(a)mellanox.com> net/mlx5: Create a new profile for SFs Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: fw reset, clear reset requested on drain_fw_reset Gal Pressman <gal(a)nvidia.com> ethtool: Avoid overflowing userspace buffer on stats query Daniil Tatianin <d-tatianin(a)yandex-team.ru> net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers Daniil Tatianin <d-tatianin(a)yandex-team.ru> net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats Dan Carpenter <dan.carpenter(a)linaro.org> nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() Victor Nogueira <victor(a)mojatatu.com> net/sched: ets: Remove drr class from the active list if it changes to strict Junrui Luo <moonafterrain(a)outlook.com> caif: fix integer underflow in cffrml_receive() Slavin Liu <slavin452(a)gmail.com> ipvs: fix ipv4 null-ptr-deref in route error path Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: fix leaked ct in error paths Alexey Simakov <bigalex934(a)gmail.com> broadcom: b44: prevent uninitialized value usage Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix middle attribute validation in push_nsh() action Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix neighbour use-after-free Dmitry Skorodumov <skorodumov.dmitry(a)huawei.com> ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Wang Liang <wangliang74(a)huawei.com> netrom: Fix memory leak in nr_sendmsg() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix use of bio_chain Gongwei Li <ligongwei(a)kylinos.cn> Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix return value of smb2_ioctl() Qu Wenruo <wqu(a)suse.com> btrfs: scrub: always update btrfs_scrub_progress::last_physical Hans de Goede <hansg(a)kernel.org> wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/073 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: Verify inode mode when loading from disk Yang Chenzhi <yang.chenzhi(a)vivo.com> hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/070 Mikhail Malyshev <mike.malyshev(a)gmail.com> kbuild: Use objtree for module signing key path Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Support timestamps prior to epoch Song Liu <song(a)kernel.org> livepatch: Match old_sympos 0 and 1 in klp_find_func() Shuhao Fu <sfual(a)cse.ust.hk> cpufreq: s5pv210: fix refcount leak Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Cryolitia PukNgae <cryolitia.pukngae(a)linux.dev> ACPICA: Avoid walking the Namespace if start_node is NULL Peter Zijlstra <peterz(a)infradead.org> x86/ptrace: Always inline trivial accessors Peter Zijlstra <peterz(a)infradead.org> sched/fair: Revert max_newidle_lb_cost bump Doug Berger <opendmb(a)gmail.com> sched/deadline: only set free_cpus for online runqueues George Kennedy <george.kennedy(a)oracle.com> perf/x86/amd: Check event before enable to avoid GPF Deepanshu Kartikey <kartikey406(a)gmail.com> btrfs: fix memory leak of fs_devices in degraded seed device path Ondrej Mosnacek <omosnace(a)redhat.com> bpf, arm64: Do not audit capability check in do_jit() Filipe Manana <fdmanana(a)suse.com> btrfs: do not skip logging new dentries when logging a new name Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: get channel status data when PHY is not exists Junrui Luo <moonafterrain(a)outlook.com> ALSA: dice: fix buffer overflow in detect_stream_formats() Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> usb: phy: Initialize struct usb_phy list_head Haotien Hsu <haotienh(a)nvidia.com> usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Allocate rings outside ZONE_DMA Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add machine_kexec_mask_interrupts() implementation Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix memory leak in ocfs2_merge_rec_left() Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Adjust infopfx size to accept an extra space Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Add a new helper function to print bitmasks Haotian Zhang <vulab(a)iscas.ac.cn> dm log-writes: Add missing set_freezable() for freezable kthread Alexey Simakov <bigalex934(a)gmail.com> dm-raid: fix possible NULL dereference with undefined raid type Liyuan Pang <pangliyuan1(a)huawei.com> ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: add bounds check in put_user loop for DSP events Haotian Zhang <vulab(a)iscas.ac.cn> rtc: gamecube: Check the return value of ioremap() Andres J Rosa <andyrosa(a)gmail.com> ALSA: uapi: Fix typo in asound.h comment Dave Kleikamp <dave.kleikamp(a)oracle.com> dma/pool: eliminate alloc_pages warning in atomic_pool_expand Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events shechenglong <shechenglong(a)xfusion.com> block: fix comment for op_is_zone_mgmt() to include RESET_ALL Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: Abort suspend when wakeup events are pending Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak5558: Disable regulator when error happens Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak4458: Disable regulator when error happens Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() Anton Khirnov <anton(a)khirnov.net> platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix inheritance of the block sizes when automounting Trond Myklebust <trond.myklebust(a)primarydata.com> Expand the type of nfs_fattr->valid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Ondrej Mosnacek <omosnace(a)redhat.com> fs_context: drop the unused lsm_flags member Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when mounting nfs" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: clear SB_RDONLY before getting superblock" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when remounting nfs" Jonathan Curley <jcurley(a)purestorage.com> NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in readdir and lookup Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix utf16 to utf8 conversion Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid changing nlink when file removes and attribute updates race Abdun Nihaal <nihaal(a)cse.iitm.ac.in> fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: single: Fix incorrect type for error return variable Matthijs Kooijman <matthijs(a)stdin.nl> pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix split kallsyms DSO counting Xiang Mei <xmei5(a)asu.edu> net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Yu Kuai <yukuai(a)fnnas.com> md/raid5: fix IO hang when array is broken with IO inflight Yu Kuai <yukuai3(a)huawei.com> md: export md_is_rdwr() and is_md_suspended() Alexandru Gagniuc <mr.nuke.me(a)gmail.com> remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Ivan Stepchenko <sid(a)itb.spb.ru> mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Haotian Zhang <vulab(a)iscas.ac.cn> mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: stmmac: fix rx limit check in stmmac_rx_zc() Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_connlimit: update the count if add was skipped Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: rework API to use sk_buff directly Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: check for maximum number of encapsulations in bridge vlan Ilias Stamatis <ilstam(a)amazon.com> Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: introduce is_type_match() helper and use it Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: replace open coded resource_intersection() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: Reuse for_each_resource() macro Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: Replace printk(KERN_WARNING) by pr_warn(), printk() by pr_info() sparkhuang <huangshaobo3(a)xiaomi.com> regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: catpt: Fix error path in hw_params() Michael S. Tsirkin <mst(a)redhat.com> virtio: fix virtqueue_set_affinity() docs Michael S. Tsirkin <mst(a)redhat.com> virtio: fix typo in virtio_device_ready() comment Alok Tiwari <alok.a.tiwari(a)oracle.com> virtio_vdpa: fix misleading return in void function Yongjian Sun <sunyongjian1(a)huawei.com> ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove unused return value of __mb_check_buddy René Rebe <rene(a)exactco.de> ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 Haotian Zhang <vulab(a)iscas.ac.cn> hwmon: sy7636a: Fix regulator_enable resource leak on error path Dan Carpenter <dan.carpenter(a)linaro.org> drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: clear the channel status control memory Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_xcvr: Add support for i.MX93 platform Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: Add Counter registers Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_sc_ccq_arm Stephan Gerhold <stephan.gerhold(a)linaro.org> iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Randy Dunlap <rdunlap(a)infradead.org> backlight: lp855x: Fix lp855x.h kernel-doc warnings Luca Ceresoli <luca.ceresoli(a)bootlin.com> backlight: led-bl: Add devlink to supplier LEDs Mans Rullgard <mans(a)mansr.com> backlight: led_bl: Take led_access lock when required Ria Thomas <ria.thomas(a)morsemicro.com> wifi: ieee80211: correct FILS status codes Shawn Lin <shawn.lin(a)rock-chips.com> PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Jianglei Nie <niejianglei2021(a)163.com> staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Dinh Nguyen <dinguyen(a)kernel.org> firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Zilin Guan <zilin(a)seu.edu.cn> mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() Fangyu Yu <fangyu.yu(a)linux.alibaba.com> RISC-V: KVM: Fix guest page fault within HLV* instructions Haotian Zhang <vulab(a)iscas.ac.cn> crypto: ccree - Correctly handle return of sg_nents_for_len Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: skip test_perf_branches_hw() on unsupported platforms Gopi Krishna Menon <krishnagopi487(a)gmail.com> usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during suspend if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during shutdown if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: disable platform lowlevel hw resources during shutdown Oliver Neukum <oneukum(a)suse.com> usb: chaoskey: fix locking for O_NONBLOCK Zhao Yipeng <zhaoyipeng5(a)huawei.com> ima: Handle error code returned by ima_filter_rule_match() Seungjin Bae <eeodqql09(a)gmail.com> wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Chen Ridong <chenridong(a)huawei.com> cpuset: Treat cpusets in attaching as populated Alexander Dahl <ada(a)thorsis.com> net: phy: adin1100: Fix software power-down ready condition Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6358-irq: Fix missing irq_domain_remove() in error path Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6397-irq: Fix missing irq_domain_remove() in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: bcm2835: Make sure the channel is enabled after pwm_request() Jay Liu <jay.liu(a)mediatek.com> drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Prevent memory leaks in add sub record Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: out1 also needs to put mi Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Pu Lehui <pulehui(a)huawei.com> bpf: Fix invalid prog->stats access when update_effective_progs fails Jose Fernandez <josef(a)netflix.com> bpf: Improve program stats run-time calculation Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD/blocklayout: Fix minlength check in proc_layoutget Haotian Zhang <vulab(a)iscas.ac.cn> watchdog: wdat_wdt: Fix ACPI table leak in probe function Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Check skb->transport_header is set in bpf_skb_check_mtu Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Fix failure paths in send_signal test Rene Rebe <rene(a)exactco.de> ps3disk: use memcpy_{from,to}_bvec index Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Exit ks_pcie_probe() for invalid mode Haotian Zhang <vulab(a)iscas.ac.cn> leds: netxbig: Fix GPIO descriptor leak in error paths Haotian Zhang <vulab(a)iscas.ac.cn> scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls Haotian Zhang <vulab(a)iscas.ac.cn> ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> lib/vsprintf: Check pointer before dereferencing in time_and_date() Haotian Zhang <vulab(a)iscas.ac.cn> clk: renesas: r9a06g032: Fix memory leak in error path Herve Codina <herve.codina(a)bootlin.com> soc: renesas: r9a06g032-sysctrl: Handle h2mode setting based on USBF presence Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Add context synchronization before enabling trace Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Extract the trace unit controlling Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Correct polling IDLE bit Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config unlock in nbd_genl_connect Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() Long Li <leo.lilong(a)huawei.com> macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix unpaired stwcx. on interrupt exit Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Edward Adam Davis <eadavis(a)qq.com> ntfs3: init run lock for extend inode Ma Ke <make24(a)iscas.ac.cn> RDMA/rtrs: server: Fix error handling in get_or_create_srv Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> dt-bindings: PCI: amlogic: Fix the register name of the DBI region Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Fix device resources accessed after device removal Kevin Barnett <kevin.barnett(a)microchip.com> scsi: smartpqi: Add abort handler Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Remove contention for raid_bypass_cnt Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Convert to host_tagset Haotian Zhang <vulab(a)iscas.ac.cn> scsi: stex: Fix reboot_notifier leak in probe error path Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config put in recv_work Gabor Juhos <j4g8y7(a)gmail.com> regulator: core: disable supply if enabling main regulator fails Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Correct large PEBS flag check Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the checking of quota files before moving extents Haotian Zhang <vulab(a)iscas.ac.cn> mfd: da9055: Fix missing regmap_del_irq_chip() in error path Usama Arif <usamaarif642(a)gmail.com> efi/libstub: Fix page table access in 5-level to 4-level paging transition Usama Arif <usamaarif642(a)gmail.com> x86/boot: Fix page table access in 5-level to 4-level paging transition Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix timeout handling Bart Van Assche <bvanassche(a)acm.org> scsi: target: Do not write NUL characters into ASCII configfs output Ahelenia Ziemiańska <nabijaczleweli(a)nabijaczleweli.xyz> power: supply: apm_power: only unset own apm_get_power_status Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: wm831x: Check wm831x_set_bits() return value Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: cw2015: Check devm_delayed_work_autocancel() return code Shuai Xue <xueshuai(a)linux.alibaba.com> perf record: skip synthesize event when open evsel failed Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Prevent incomplete IBI transaction Frank Li <Frank.Li(a)nxp.com> i3c: fix refcount inconsistency in i3c_master_register Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: master: Inherit DMA masks and parameters from parent device Jeremy Kerr <jk(a)codeconstruct.com.au> i3c: Allow OF-alias-based persistent bus numbering Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: stm32: fix hwspinlock resource leak in probe function Haotian Zhang <vulab(a)iscas.ac.cn> soc: qcom: smem: fix hwspinlock resource leak in probe error paths Benjamin Berg <benjamin.berg(a)intel.com> tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Tengda Wu <wutengda(a)huaweicloud.com> x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Kuniyuki Iwashima <kuniyu(a)google.com> sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix PTP for VSC8574 and VSC8572 Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: fix OF node leak in Heiko Carstens <hca(a)linux.ibm.com> s390/ap: Don't leak debug feature files if AP instructions are not available Heiko Carstens <hca(a)linux.ibm.com> s390/smp: Fix fallback CPU detection Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath11k: fix peer HE MCS assignment nieweiqiang <nieweiqiang(a)huawei.com> crypto: hisilicon/qm - restore original qos values Thorsten Blum <thorsten.blum(a)linux.dev> crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Li Qiang <liqiang01(a)kylinos.cn> uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> inet: Avoid ehash lookup race in inet_ehash_insert() Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() Sidharth Seela <sidharthseela(a)gmail.com> ntfs3: Fix uninit buffer allocated by __getname() Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> ntfs3: fix uninit memory after failed mi_read in mi_format_new Johan Hovold <johan(a)kernel.org> irqchip/qcom-irq-combiner: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/imx-mu-msi: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-brcmstb-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7120-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7038-l1: Fix section mismatch Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix weak symbol detection Peter Zijlstra <peterz(a)infradead.org> objtool: Fix find_{symbol,func}_containing() Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback Seungjin Bae <eeodqql09(a)gmail.com> USB: Fix descriptor count when handling invalid MBIM extended descriptor Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/vgem-fence: Fix potential deadlock on release Guido Günther <agx(a)sigxcpu.org> drm/panel: visionox-rm69299: Don't clear all mode flags Mainak Sen <msen(a)nvidia.com> gpu: host1x: Fix race in syncpt alloc/free Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: unprivileged task can create labels Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Linus Torvalds <torvalds(a)linux-foundation.org> samples: work around glibc redefining some of our defines wrong Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mask all interrupts during kexec/kdump Naoki Ueki <naoki25519(a)gmail.com> HID: elecom: Add support for ELECOM M-XT3URBK (018F) Jia Ston <ston.jia(a)outlook.com> platform/x86: huawei-wmi: add keys for HONOR models April Grimoire <april(a)aprilg.moe> HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore backlight event Praveen Talari <praveen.talari(a)oss.qualcomm.com> pinctrl: qcom: msm: Fix deadlock in pinmux configuration Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bfs: Reconstruct file type when loading from disk Lushih Hsieh <bruce(a)mail.kh.edu.tw> ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Yiqi Sun <sunyiqixm(a)gmail.com> smb: fix invalid username check in smb3_fs_context_parse_param() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Use kref in vmw_bo_dirty Robin Gong <yibin.gong(a)nxp.com> spi: imx: keep dma request disabled before dma transfer setup Alvaro Gamez Machado <alvaro.gamez(a)hazent.com> spi: xilinx: increase number of retries before declaring stall Song Liu <song(a)kernel.org> ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer Stefan Kalscheuer <stefan(a)stklcode.de> leds: spi-byte: Use devm_led_classdev_register_ext() Azeem Shaikh <azeemshaikh38(a)gmail.com> leds: Replace all non-returning strlcpy with strscpy Sabrina Dubroca <sd(a)queasysnail.net> xfrm: flush all states in xfrm_state_fini Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> Revert "xfrm: destroy xfrm_state synchronously on net exit path" Sabrina Dubroca <sd(a)queasysnail.net> xfrm: delete x->tunnel as we delete x ------------- Diffstat: .../devicetree/bindings/pci/amlogic,axg-pcie.yaml | 134 +++++++++++ .../devicetree/bindings/pci/amlogic,meson-pcie.txt | 70 ------ Documentation/driver-api/tty/tty_port.rst | 5 +- Documentation/filesystems/mount_api.rst | 1 - Documentation/process/2.Process.rst | 6 +- Makefile | 4 +- arch/arm/boot/dts/sama5d2.dtsi | 10 +- arch/arm/boot/dts/sama7g5.dtsi | 4 +- arch/arm/include/asm/word-at-a-time.h | 10 +- .../boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 - arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 +- arch/arm64/kvm/Makefile | 3 + arch/arm64/net/bpf_jit_comp.c | 2 +- arch/loongarch/include/asm/pgtable.h | 4 +- arch/loongarch/kernel/machine_kexec.c | 24 ++ arch/loongarch/kernel/setup.c | 8 +- arch/loongarch/net/bpf_jit.c | 2 + arch/loongarch/pci/pci.c | 2 + arch/mips/sgi-ip22/ip22-gio.c | 3 +- arch/parisc/kernel/asm-offsets.c | 2 + arch/parisc/kernel/entry.S | 16 +- arch/powerpc/boot/addnote.c | 7 +- arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 +- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/include/asm/kfence.h | 11 +- arch/powerpc/kernel/entry_32.S | 10 +- arch/powerpc/kernel/process.c | 5 - arch/powerpc/kexec/core_64.c | 19 ++ arch/powerpc/mm/book3s32/tlb.c | 9 + arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/radix_pgtable.c | 84 ++++++- arch/powerpc/mm/book3s64/slb.c | 88 ------- arch/powerpc/mm/init-common.c | 3 + arch/powerpc/mm/ptdump/hashpagetable.c | 6 + arch/powerpc/platforms/pseries/cmm.c | 5 +- arch/riscv/kvm/vcpu_insn.c | 22 ++ arch/s390/kernel/smp.c | 1 + arch/x86/boot/compressed/pgtable_64.c | 11 +- arch/x86/crypto/blake2s-core.S | 4 +- arch/x86/entry/common.c | 72 ------ arch/x86/events/amd/core.c | 7 +- arch/x86/events/intel/core.c | 4 +- arch/x86/include/asm/kvm_host.h | 46 ++-- arch/x86/include/asm/ptrace.h | 20 +- arch/x86/kernel/dumpstack.c | 23 +- arch/x86/kvm/lapic.c | 32 ++- arch/x86/kvm/mmu/mmu.c | 5 +- arch/x86/kvm/mmu/mmu_internal.h | 12 +- arch/x86/kvm/mmu/paging_tmpl.h | 4 +- arch/x86/kvm/svm/nested.c | 6 +- arch/x86/kvm/svm/svm.c | 78 +++--- arch/x86/kvm/svm/svm.h | 7 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 61 +++-- arch/x86/mm/pat/memtype.c | 50 ++-- arch/x86/xen/enlighten_pv.c | 69 ++++++ block/blk-mq.c | 103 ++++++-- block/genhd.c | 2 +- crypto/af_alg.c | 5 +- crypto/algif_hash.c | 3 +- crypto/algif_rng.c | 3 +- crypto/asymmetric_keys/asymmetric_type.c | 12 +- crypto/seqiv.c | 8 +- drivers/acpi/acpica/nswalk.c | 9 +- drivers/acpi/apei/ghes.c | 16 +- drivers/acpi/cppc_acpi.c | 3 +- drivers/acpi/processor_core.c | 2 +- drivers/acpi/property.c | 9 +- drivers/amba/tegra-ahb.c | 1 + drivers/base/power/runtime.c | 22 +- drivers/block/floppy.c | 2 +- drivers/block/nbd.c | 5 +- drivers/block/ps3disk.c | 4 + drivers/block/rnbd/rnbd-clt.c | 13 +- drivers/block/rnbd/rnbd-clt.h | 2 +- drivers/bluetooth/btusb.c | 14 +- drivers/bus/ti-sysc.c | 11 +- drivers/char/applicom.c | 5 +- drivers/char/ipmi/ipmi_msghandler.c | 20 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/char/tpm/tpm1-cmd.c | 5 - drivers/char/tpm/tpm2-cmd.c | 8 +- drivers/char/virtio_console.c | 2 +- drivers/clk/mvebu/cp110-system-controller.c | 20 ++ drivers/clk/renesas/r9a06g032-clocks.c | 34 ++- drivers/clk/renesas/renesas-cpg-mssr.c | 11 +- drivers/comedi/comedi_fops.c | 42 +++- drivers/comedi/drivers/c6xdigio.c | 46 +++- drivers/comedi/drivers/multiq3.c | 9 + drivers/comedi/drivers/pcl818.c | 5 +- drivers/cpufreq/cpufreq-nforce2.c | 3 + drivers/cpufreq/s5pv210-cpufreq.c | 6 +- drivers/crypto/ccree/cc_buffer_mgr.c | 6 +- drivers/crypto/hisilicon/qm.c | 14 +- drivers/dma/idxd/init.c | 1 - drivers/firewire/nosy.c | 10 +- drivers/firmware/arm_scmi/notify.c | 1 + drivers/firmware/efi/cper-arm.c | 52 ++-- drivers/firmware/efi/cper.c | 60 +++++ drivers/firmware/efi/libstub/x86-5lvl.c | 4 +- drivers/firmware/imx/imx-scu-irq.c | 8 +- drivers/firmware/stratix10-svc.c | 12 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 44 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 58 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 22 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 61 ++--- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 12 +- drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 17 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 +- drivers/gpu/drm/gma500/framebuffer.c | 42 ---- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 ++- drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 +- drivers/gpu/drm/mediatek/mtk_dp.c | 1 + drivers/gpu/drm/mgag200/mgag200_mode.c | 25 ++ drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 + drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 + drivers/gpu/drm/vgem/vgem_fence.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 +- drivers/gpu/host1x/syncpt.c | 4 +- drivers/hid/hid-apple.c | 1 + drivers/hid/hid-elecom.c | 6 +- drivers/hid/hid-ids.h | 3 +- drivers/hid/hid-input.c | 18 +- drivers/hid/hid-logitech-dj.c | 56 ++--- drivers/hid/hid-quirks.c | 3 +- drivers/hwmon/ibmpex.c | 9 +- drivers/hwmon/max16065.c | 7 +- drivers/hwmon/sy7636a-hwmon.c | 7 +- drivers/hwmon/tmp401.c | 2 +- drivers/hwmon/w83791d.c | 19 +- drivers/hwmon/w83l786ng.c | 26 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 130 ++++++---- drivers/hwtracing/intel_th/core.c | 20 +- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 +- drivers/i3c/master.c | 40 +++- drivers/i3c/master/svc-i3c-master.c | 22 +- drivers/iio/adc/ti_am335x_adc.c | 2 +- drivers/infiniband/core/addr.c | 33 +-- drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/device.c | 5 + drivers/infiniband/core/verbs.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 +- drivers/infiniband/hw/efa/efa_verbs.c | 4 - drivers/infiniband/hw/irdma/ctrl.c | 3 + drivers/infiniband/hw/irdma/pble.c | 6 +- drivers/infiniband/hw/irdma/utils.c | 3 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 + drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 +- drivers/input/serio/i8042-acpipnpio.h | 7 + drivers/input/touchscreen/ti_am335x_tsc.c | 2 +- drivers/interconnect/qcom/msm8996.c | 1 + drivers/iommu/amd/init.c | 43 ++-- drivers/iommu/apple-dart.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 ++- drivers/iommu/arm/arm-smmu/arm-smmu.c | 12 +- drivers/iommu/arm/arm-smmu/qcom_iommu.c | 56 +++-- drivers/iommu/exynos-iommu.c | 9 +- drivers/iommu/ipmmu-vmsa.c | 2 + drivers/iommu/mtk_iommu.c | 78 ++++-- drivers/iommu/mtk_iommu_v1.c | 30 ++- drivers/iommu/omap-iommu.c | 2 +- drivers/iommu/omap-iommu.h | 2 - drivers/iommu/sun50i-iommu.c | 2 + drivers/iommu/tegra-smmu.c | 5 +- drivers/irqchip/irq-bcm7038-l1.c | 8 +- drivers/irqchip/irq-bcm7120-l2.c | 17 +- drivers/irqchip/irq-brcmstb-l2.c | 12 +- drivers/irqchip/irq-imx-mu-msi.c | 14 +- drivers/irqchip/irq-mchp-eic.c | 2 +- drivers/irqchip/qcom-irq-combiner.c | 2 +- drivers/isdn/capi/capi.c | 8 +- drivers/leds/flash/leds-aat1290.c | 2 +- drivers/leds/led-class.c | 2 +- drivers/leds/leds-lp50xx.c | 67 ++++-- drivers/leds/leds-netxbig.c | 36 ++- drivers/leds/leds-spi-byte.c | 11 +- drivers/macintosh/mac_hid.c | 3 +- drivers/md/dm-bufio.c | 10 +- drivers/md/dm-ebs-target.c | 2 +- drivers/md/dm-log-writes.c | 1 + drivers/md/dm-raid.c | 2 + drivers/md/md.c | 16 -- drivers/md/md.h | 17 ++ drivers/md/raid5.c | 6 +- drivers/media/cec/core/cec-core.c | 1 + .../media/common/videobuf2/videobuf2-dma-contig.c | 1 + drivers/media/i2c/adv7604.c | 4 +- drivers/media/i2c/adv7842.c | 11 +- drivers/media/i2c/msp3400-kthreads.c | 2 + drivers/media/i2c/tda1997x.c | 1 - drivers/media/platform/amphion/vpu_malone.c | 35 ++- drivers/media/platform/amphion/vpu_v4l2.c | 28 +-- drivers/media/platform/amphion/vpu_v4l2.h | 18 -- .../platform/mediatek/vcodec/mtk_vcodec_fw_vpu.c | 4 +- drivers/media/platform/renesas/rcar_drif.c | 1 + .../media/platform/samsung/exynos4-is/media-dev.c | 10 +- drivers/media/platform/ti/davinci/vpif_capture.c | 4 +- drivers/media/platform/ti/davinci/vpif_display.c | 4 +- drivers/media/platform/verisilicon/hantro_g2.c | 84 +++++-- .../platform/verisilicon/hantro_g2_hevc_dec.c | 17 +- .../media/platform/verisilicon/hantro_g2_regs.h | 13 + .../media/platform/verisilicon/hantro_g2_vp9_dec.c | 2 - drivers/media/platform/verisilicon/hantro_hw.h | 1 + drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 + drivers/media/rc/st_rc.c | 2 +- drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 + drivers/media/usb/dvb-usb/dtv5100.c | 5 + drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 +- drivers/mfd/altera-sysmgr.c | 2 + drivers/mfd/da9055-core.c | 1 + drivers/mfd/max77620.c | 15 +- drivers/mfd/mt6358-irq.c | 1 + drivers/mfd/mt6397-irq.c | 1 + drivers/misc/vmw_balloon.c | 3 +- drivers/mmc/host/Kconfig | 4 +- drivers/mmc/host/sdhci-msm.c | 27 ++- drivers/mtd/lpddr/lpddr_cmds.c | 8 +- drivers/mtd/nand/raw/renesas-nand-controller.c | 5 +- drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/sja1105/sja1105_static_config.c | 6 +- drivers/net/ethernet/broadcom/b44.c | 3 + drivers/net/ethernet/cadence/macb_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 15 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 20 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 - drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 10 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 4 +- .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 122 ++++++++-- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 10 + .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 2 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 17 +- drivers/net/ethernet/microchip/lan743x_main.c | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/smsc/smc91x.c | 10 +- drivers/net/ethernet/stmicro/stmmac/chain_mode.c | 10 +- drivers/net/ethernet/stmicro/stmmac/common.h | 60 +++-- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 47 ++-- .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 3 +- .../net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 19 +- drivers/net/ethernet/stmicro/stmmac/dwmac100_dma.c | 17 +- drivers/net/ethernet/stmicro/stmmac/dwmac4.h | 101 ++++++-- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 50 ++-- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 16 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 201 +++++++++------- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 92 ++++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 119 ++++++---- drivers/net/ethernet/stmicro/stmmac/dwmac_dma.h | 22 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 29 ++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 9 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_descs.c | 4 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 82 ++++--- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 19 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 172 ++++++++------ drivers/net/ethernet/stmicro/stmmac/norm_desc.c | 15 +- drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 4 + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 175 +++++++++++--- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 252 +++++++++++++++----- drivers/net/fjes/fjes_hw.c | 12 +- drivers/net/ipvlan/ipvlan_core.c | 3 + drivers/net/mdio/mdio-aspeed.c | 7 + drivers/net/phy/adin1100.c | 2 +- drivers/net/phy/mscc/mscc_main.c | 6 +- drivers/net/team/team.c | 2 +- drivers/net/usb/asix_common.c | 5 + drivers/net/usb/rtl8150.c | 2 + drivers/net/usb/sr9700.c | 4 +- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 7 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 ++ drivers/net/wireless/mediatek/mt76/eeprom.c | 37 ++- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 +- drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 +- drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 ++- drivers/net/wireless/st/cw1200/bh.c | 6 +- drivers/nfc/pn533/usb.c | 2 +- drivers/nvme/host/fc.c | 6 +- drivers/parisc/gsc.c | 4 +- drivers/pci/controller/dwc/pci-keystone.c | 2 + drivers/pci/controller/dwc/pcie-designware.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 10 +- drivers/pci/pci-driver.c | 4 + drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 +- drivers/pinctrl/pinctrl-single.c | 25 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 2 +- drivers/platform/chrome/cros_ec_ishtp.c | 1 + drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/asus-wmi.c | 8 +- drivers/platform/x86/huawei-wmi.c | 4 + drivers/platform/x86/ibm_rtl.c | 2 +- drivers/platform/x86/intel/chtwc_int33fe.c | 29 ++- drivers/platform/x86/intel/hid.c | 12 + drivers/platform/x86/msi-laptop.c | 3 + drivers/power/supply/apm_power.c | 3 +- drivers/power/supply/cw2015_battery.c | 8 +- drivers/power/supply/wm831x_power.c | 10 +- drivers/pwm/pwm-bcm2835.c | 28 +-- drivers/pwm/pwm-stm32.c | 3 +- drivers/regulator/core.c | 37 ++- drivers/remoteproc/qcom_q6v5_wcss.c | 8 +- drivers/rpmsg/qcom_glink_native.c | 8 + drivers/rtc/rtc-gamecube.c | 4 + drivers/s390/block/dasd_eckd.c | 8 + drivers/s390/crypto/ap_bus.c | 8 +- drivers/scsi/aic94xx/aic94xx_init.c | 3 + drivers/scsi/qla2xxx/qla_def.h | 1 - drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 32 +-- drivers/scsi/qla2xxx/qla_mbx.c | 2 + drivers/scsi/qla2xxx/qla_mid.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 14 +- drivers/scsi/sim710.c | 2 + drivers/scsi/smartpqi/smartpqi.h | 19 +- drivers/scsi/smartpqi/smartpqi_init.c | 264 ++++++++++++++++----- drivers/scsi/stex.c | 1 + drivers/soc/actions/owl-sps.c | 16 +- drivers/soc/amlogic/meson-canvas.c | 5 +- drivers/soc/imx/gpc.c | 12 +- drivers/soc/qcom/ocmem.c | 2 +- drivers/soc/qcom/smem.c | 3 +- drivers/soc/rockchip/pm_domains.c | 13 +- drivers/spi/Kconfig | 2 +- drivers/spi/spi-cadence-quadspi.c | 113 ++++++++- drivers/spi/spi-fsl-spi.c | 2 +- drivers/spi/spi-imx.c | 15 +- drivers/spi/spi-tegra210-quad.c | 22 +- drivers/spi/spi-xilinx.c | 2 +- drivers/staging/fbtft/fbtft-core.c | 4 +- drivers/staging/greybus/uart.c | 7 +- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 +- drivers/target/target_core_configfs.c | 1 - drivers/target/target_core_transport.c | 1 + drivers/tty/serial/8250/8250_pci.c | 37 +++ drivers/tty/serial/atmel_serial.c | 5 +- drivers/tty/serial/clps711x.c | 4 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 5 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/lantiq.c | 4 +- drivers/tty/serial/serial_core.c | 13 +- drivers/tty/serial/sprd_serial.c | 6 + drivers/tty/serial/st-asc.c | 4 +- drivers/tty/serial/uartlite.c | 12 +- drivers/tty/serial/xilinx_uartps.c | 5 +- drivers/tty/tty_port.c | 17 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/uio/uio_fsl_elbc_gpcm.c | 7 + drivers/usb/class/cdc-acm.c | 7 +- drivers/usb/core/message.c | 2 +- drivers/usb/dwc2/platform.c | 16 +- drivers/usb/dwc3/dwc3-of-simple.c | 7 +- drivers/usb/dwc3/gadget.c | 2 +- drivers/usb/dwc3/host.c | 2 +- drivers/usb/gadget/legacy/raw_gadget.c | 3 + drivers/usb/gadget/udc/lpc32xx_udc.c | 20 +- drivers/usb/gadget/udc/tegra-xudc.c | 6 - drivers/usb/host/ohci-nxp.c | 20 +- drivers/usb/host/xhci-dbgtty.c | 2 +- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/host/xhci-mem.c | 10 +- drivers/usb/host/xhci-ring.c | 8 +- drivers/usb/host/xhci.h | 16 +- drivers/usb/misc/chaoskey.c | 16 +- drivers/usb/phy/phy-fsl-usb.c | 1 + drivers/usb/phy/phy-isp1301.c | 7 +- drivers/usb/phy/phy.c | 4 + drivers/usb/renesas_usbhs/pipe.c | 2 + drivers/usb/serial/belkin_sa.c | 28 ++- drivers/usb/serial/ftdi_sio.c | 72 ++---- drivers/usb/serial/kobil_sct.c | 18 +- drivers/usb/serial/option.c | 22 +- drivers/usb/serial/usb-serial.c | 7 +- drivers/usb/storage/unusual_uas.h | 2 +- drivers/usb/typec/ucsi/ucsi.c | 6 + drivers/usb/usbip/vhci_hcd.c | 6 +- drivers/vhost/vsock.c | 15 +- drivers/video/backlight/led_bl.c | 18 +- drivers/video/fbdev/gbefb.c | 5 +- drivers/video/fbdev/pxafb.c | 12 +- drivers/video/fbdev/ssd1307fb.c | 4 +- drivers/video/fbdev/tcx.c | 2 +- drivers/virtio/virtio_balloon.c | 4 +- drivers/virtio/virtio_vdpa.c | 2 +- drivers/watchdog/via_wdt.c | 1 + drivers/watchdog/wdat_wdt.c | 64 +++-- fs/bfs/inode.c | 19 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/scrub.c | 5 + fs/btrfs/tree-log.c | 46 +++- fs/btrfs/volumes.c | 1 + fs/exfat/super.c | 19 +- fs/ext4/ext4.h | 1 + fs/ext4/ialloc.c | 1 - fs/ext4/inline.c | 14 +- fs/ext4/inode.c | 1 - fs/ext4/mballoc.c | 58 +++-- fs/ext4/move_extent.c | 2 +- fs/ext4/orphan.c | 4 +- fs/ext4/super.c | 70 ++++-- fs/ext4/xattr.c | 6 +- fs/f2fs/data.c | 17 ++ fs/f2fs/debug.c | 3 + fs/f2fs/f2fs.h | 34 +-- fs/f2fs/file.c | 89 +++++-- fs/f2fs/inode.c | 20 +- fs/f2fs/namei.c | 6 +- fs/f2fs/recovery.c | 12 +- fs/f2fs/super.c | 56 +++-- fs/f2fs/xattr.c | 30 +-- fs/f2fs/xattr.h | 10 +- fs/fscache/main.c | 1 + fs/fuse/file.c | 26 +- fs/gfs2/lops.c | 2 +- fs/gfs2/super.c | 4 +- fs/hfsplus/bnode.c | 4 +- fs/hfsplus/dir.c | 7 +- fs/hfsplus/inode.c | 32 ++- fs/jbd2/journal.c | 14 ++ fs/jbd2/transaction.c | 21 +- fs/lockd/svc4proc.c | 4 +- fs/lockd/svclock.c | 21 +- fs/lockd/svcproc.c | 5 +- fs/locks.c | 13 +- fs/nfs/client.c | 21 +- fs/nfs/dir.c | 27 ++- fs/nfs/inode.c | 2 +- fs/nfs/internal.h | 3 +- fs/nfs/namespace.c | 11 +- fs/nfs/nfs4client.c | 18 +- fs/nfs/pnfs.c | 1 + fs/nfs/super.c | 36 +-- fs/nfsd/blocklayout.c | 7 +- fs/nfsd/export.c | 2 +- fs/nfsd/nfs4state.c | 4 +- fs/nfsd/nfs4xdr.c | 5 + fs/nfsd/vfs.c | 2 +- fs/nls/nls_base.c | 27 ++- fs/notify/fsnotify.c | 9 +- fs/ntfs3/frecord.c | 43 +++- fs/ntfs3/fsntfs.c | 9 +- fs/ntfs3/inode.c | 2 + fs/ntfs3/ntfs_fs.h | 9 +- fs/ntfs3/run.c | 6 +- fs/ocfs2/alloc.c | 1 - fs/ocfs2/move_extents.c | 8 +- fs/ocfs2/suballoc.c | 10 + fs/smb/client/fs_context.c | 2 +- fs/smb/server/mgmt/tree_connect.c | 18 +- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/mgmt/user_session.c | 4 +- fs/smb/server/smb2pdu.c | 16 +- fs/smb/server/smbacl.c | 16 ++ fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 5 +- fs/xfs/xfs_buf_item.c | 1 + include/linux/balloon_compaction.h | 43 ++-- include/linux/blk_types.h | 5 +- include/linux/compiler_types.h | 13 + include/linux/cper.h | 12 +- include/linux/filter.h | 16 +- include/linux/fs_context.h | 1 - include/linux/genalloc.h | 1 + include/linux/hugetlb.h | 4 +- include/linux/ieee80211.h | 4 +- include/linux/if_bridge.h | 6 +- include/linux/kasan.h | 15 ++ include/linux/mlx5/driver.h | 1 + include/linux/mm.h | 12 +- include/linux/nfs_fs_sb.h | 7 +- include/linux/nfs_xdr.h | 54 ++--- include/linux/pgtable.h | 34 ++- include/linux/platform_data/lp855x.h | 4 +- include/linux/rculist_nulls.h | 59 +++++ include/linux/reset.h | 1 + include/linux/sched/isolation.h | 12 + include/linux/sched/topology.h | 3 + include/linux/security.h | 2 +- include/linux/serial_core.h | 2 +- include/linux/stmmac.h | 20 ++ include/linux/tpm.h | 8 +- include/linux/tty_port.h | 21 +- include/linux/virtio_config.h | 4 +- include/media/v4l2-mem2mem.h | 3 +- include/net/cfg80211.h | 70 +++++- include/net/mac80211.h | 73 +++++- include/net/netfilter/nf_conntrack_count.h | 15 +- include/net/sock.h | 13 + include/net/xfrm.h | 13 +- include/sound/snd_wavefront.h | 4 - include/uapi/linux/mptcp.h | 1 + include/uapi/linux/nl80211.h | 49 ++++ include/uapi/sound/asound.h | 2 +- io_uring/openclose.c | 2 +- io_uring/poll.c | 9 +- kernel/bpf/syscall.c | 3 + kernel/bpf/trampoline.c | 3 +- kernel/cgroup/cpuset.c | 35 ++- kernel/dma/pool.c | 2 +- kernel/fork.c | 5 + kernel/kallsyms.c | 5 +- kernel/livepatch/core.c | 8 +- kernel/locking/spinlock_debug.c | 4 +- kernel/resource.c | 95 ++++---- kernel/sched/core.c | 3 + kernel/sched/cpudeadline.c | 34 +-- kernel/sched/cpudeadline.h | 4 +- kernel/sched/deadline.c | 8 +- kernel/sched/fair.c | 75 ++++-- kernel/sched/features.h | 5 + kernel/sched/sched.h | 7 + kernel/sched/topology.c | 6 + kernel/scs.c | 2 +- kernel/trace/ftrace.c | 40 +++- kernel/trace/trace_events.c | 2 + lib/idr.c | 2 + lib/vsprintf.c | 6 +- mm/balloon_compaction.c | 9 +- mm/damon/core-test.h | 88 ++++++- mm/damon/vaddr-test.h | 26 +- mm/hugetlb.c | 4 +- mm/kasan/common.c | 17 ++ mm/memory.c | 10 +- mm/mempolicy.c | 2 +- mm/mprotect.c | 125 +++++----- mm/mremap.c | 2 +- mm/vmalloc.c | 4 +- net/bluetooth/rfcomm/tty.c | 7 +- net/bridge/br_ioctl.c | 36 ++- net/bridge/br_private.h | 4 +- net/caif/cffrml.c | 9 +- net/ceph/osdmap.c | 116 ++++----- net/core/dev_ioctl.c | 16 -- net/core/filter.c | 9 +- net/core/page_pool.c | 27 ++- net/ethtool/ioctl.c | 134 +++++++---- net/hsr/hsr_forward.c | 2 + net/ipv4/fib_trie.c | 7 +- net/ipv4/inet_hashtables.c | 8 +- net/ipv4/ipcomp.c | 2 + net/ipv6/calipso.c | 3 +- net/ipv6/ip6_gre.c | 9 +- net/ipv6/ipcomp6.c | 2 + net/ipv6/xfrm6_tunnel.c | 2 +- net/key/af_key.c | 2 +- net/mac80211/cfg.c | 70 +++++- net/mac80211/chan.c | 2 +- net/mac80211/ieee80211_i.h | 27 ++- net/mac80211/mlme.c | 163 ++++++++++++- net/mac80211/rx.c | 5 + net/mac80211/tx.c | 146 +++++++++++- net/mptcp/options.c | 10 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 16 +- net/mptcp/protocol.h | 5 +- net/mptcp/subflow.c | 9 - net/netfilter/ipvs/ip_vs_xmit.c | 3 + net/netfilter/nf_conncount.c | 208 ++++++++++------ net/netfilter/nft_connlimit.c | 34 ++- net/netfilter/nft_flow_offload.c | 9 +- net/netfilter/xt_connlimit.c | 14 +- net/netrom/nr_out.c | 4 +- net/nfc/core.c | 9 +- net/openvswitch/conntrack.c | 16 +- net/openvswitch/flow_netlink.c | 13 +- net/openvswitch/vport-netdev.c | 17 +- net/rose/af_rose.c | 2 +- net/sched/sch_cake.c | 60 ++--- net/sched/sch_ets.c | 6 +- net/sctp/socket.c | 5 +- net/socket.c | 19 +- net/sunrpc/auth_gss/svcauth_gss.c | 3 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 +- net/wireless/chan.c | 69 ++++++ net/wireless/core.h | 5 +- net/wireless/nl80211.c | 162 ++++++++++++- net/wireless/nl80211.h | 3 +- net/wireless/rdev-ops.h | 17 ++ net/wireless/sme.c | 14 +- net/wireless/trace.h | 25 ++ net/wireless/util.c | 4 +- net/xfrm/xfrm_ipcomp.c | 1 - net/xfrm/xfrm_state.c | 41 ++-- net/xfrm/xfrm_user.c | 2 +- samples/vfs/test-statx.c | 6 + samples/watch_queue/watch_test.c | 6 + scripts/Makefile.modinst | 4 +- security/integrity/ima/ima_policy.c | 2 +- security/keys/trusted-keys/trusted_tpm2.c | 6 +- security/smack/smack_lsm.c | 41 ++-- sound/firewire/dice/dice-extension.c | 4 +- sound/firewire/motu/motu-hwdep.c | 7 +- sound/isa/wavefront/wavefront.c | 61 ++--- sound/isa/wavefront/wavefront_fx.c | 36 +-- sound/isa/wavefront/wavefront_midi.c | 146 +++++------- sound/isa/wavefront/wavefront_synth.c | 216 ++++++++--------- sound/pci/hda/cs35l41_hda.c | 2 + sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 +- sound/pcmcia/vx/vxpocket.c | 8 +- sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 +- sound/soc/codecs/ak4458.c | 10 +- sound/soc/codecs/ak5558.c | 10 +- sound/soc/fsl/fsl_xcvr.c | 197 +++++++++++---- sound/soc/fsl/fsl_xcvr.h | 28 +++ sound/soc/intel/catpt/pcm.c | 4 +- sound/soc/qcom/qdsp6/q6adm.c | 146 ++++++------ sound/soc/qcom/qdsp6/q6apm-dai.c | 2 + sound/soc/qcom/qdsp6/q6asm-dai.c | 7 +- sound/soc/stm/stm32_sai.c | 14 +- sound/soc/stm/stm32_sai_sub.c | 58 +++-- sound/usb/mixer_us16x08.c | 20 +- sound/usb/quirks.c | 6 + tools/include/linux/interval_tree_generic.h | 187 +++++++++++++++ tools/include/nolibc/stdio.h | 4 + tools/objtool/elf.c | 101 ++++---- tools/objtool/include/objtool/elf.h | 3 +- tools/perf/builtin-record.c | 2 +- tools/perf/util/symbol.c | 4 +- tools/testing/ktest/config-bisect.pl | 4 +- tools/testing/nvdimm/test/nfit.c | 7 +- tools/testing/radix-tree/idr-test.c | 21 ++ .../selftests/bpf/prog_tests/perf_branches.c | 22 +- .../testing/selftests/bpf/prog_tests/send_signal.c | 5 + .../selftests/bpf/progs/test_perf_branches.c | 3 + .../test.d/ftrace/func_traceonoff_triggers.tc | 5 +- tools/testing/selftests/net/tap.c | 16 +- 660 files changed, 8219 insertions(+), 4086 deletions(-)

1 day, 16 hours

12
648
0 0

[PATCH 6.12 00/16] 6.12.65-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.65 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.65-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.65-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "iommu/amd: Skip enabling command/event buffers for kdump" Sean Nyekjaer <sean(a)geanix.com> pwm: stm32: Always program polarity Maximilian Immanuel Brandtner <maxbr(a)linux.ibm.com> virtio_console: fix order of fields cols and rows Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Richa Bharti <richa.bharti(a)siemens.com> cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes Natalie Vock <natalie.vock(a)gmx.de> drm/amdgpu: Forward VMID reservation errors Miaoqian Lin <linmq006(a)gmail.com> net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure context reset on disconnect() Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand <david(a)redhat.com> mm: simplify folio_expected_ref_count() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/page_alloc: change all pageblocks migrate type on coalescing Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection ------------- Diffstat: Makefile | 4 +-- drivers/char/virtio_console.c | 2 +- drivers/cpufreq/intel_pstate.c | 9 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 ++-- drivers/iommu/amd/init.c | 28 +++++---------- drivers/net/phy/mediatek-ge-soc.c | 2 +- drivers/pwm/pwm-stm32.c | 3 +- include/linux/if_bridge.h | 6 ++-- include/linux/mm.h | 10 +++--- include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 65 +++++++++++++++++++++++++++------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 ++++ mm/page_alloc.c | 24 ++++++------- net/bridge/br_ioctl.c | 36 +++++++++++++++++-- net/bridge/br_private.h | 3 +- net/core/dev_ioctl.c | 16 --------- net/mac80211/rx.c | 5 +++ net/mptcp/options.c | 10 ++++++ net/mptcp/protocol.c | 8 +++-- net/mptcp/protocol.h | 9 +++-- net/mptcp/subflow.c | 10 +----- net/socket.c | 19 +++++----- 25 files changed, 186 insertions(+), 113 deletions(-)

1 day, 16 hours

15
30
0 0

[PATCH 6.18 0/5] 6.18.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.5 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.5-rc1 Mike Snitzer <snitzer(a)kernel.org> nfs/localio: fix regression due to out-of-order __put_cred Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure context reset on disconnect() ------------- Diffstat: Makefile | 4 +-- fs/nfs/localio.c | 12 ++++---- include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 65 ++++++++++++++++++++++++++++++++++-------- kernel/sched/features.h | 5 ++++ kernel/sched/sched.h | 7 +++++ kernel/sched/topology.c | 6 ++++ net/mptcp/protocol.c | 8 ++++-- net/mptcp/protocol.h | 3 +- 10 files changed, 92 insertions(+), 24 deletions(-)

1 day, 16 hours

16
20
0 0

[6.12.64 lts] [amdgpu]: regression: broken multi-monitor USB4 dock after suspend on Ryzen 7840U & random panics

by Péter Bohner

After my previous issue (https://lore.kernel.org/all/9444c2d3-2aaf-4982-9f75-23dc814c3885@student.ki…) was fixed in 6.12.64 (Revert "drm/amd/display: Fix pbn to kbps Conversion"), I upgraded to find my displays broken again, this time only after suspend. hardware (same as previous regression): Framework 13 AMD (7840U / 780M) & Dynabook Thunderbolt 4 Dock with two monitors attached (4k over DP, 1200p over HDMI) The system was stable with <=6.12.59 and with 6.12.61+the revert above, now getting the monitors to light up at all takes many more tries of plugging them in and out, and after resuming from suspend, the monitors never light up, and two `WARNING`s can be seen in the dmesg below. [ 3426.190935] WARNING: CPU: 14 PID: 3018 at drivers/gpu/drm/amd/amdgpu/../display/dc/link/hwss/link_hwss_dpia.c:49 update_dpia_stream_allocation_table+0xf2/0x100 [amdgpu] [34340.602938] WARNING: CPU: 15 PID: 3018 at drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_helpers.c:197 fill_dc_mst_payload_table_from_drm+0x92/0x130 [amdgpu] this line used to be spammed way fewer times in the past: [drm] DMUB HPD RX IRQ callback: link_index=5 and this spammed line is new as well: [drm] DPIA AUX failed on 0x0(1), error 7 (see dmesg in previous thread) I have also experienced 2 kernel panics with 6.12.64 (can't recall that ever happening) upon plugging in the thunderbolt dock, for which no dmesg could be found in the journal. I've created a drm/amd issue as well https://gitlab.freedesktop.org/drm/amd/-/issues/4870, but I am not sure if this is only amdgpu related. I don't think I'll have time to bisect this, as I am quite busy at the moment. kind regards, thanks in advance and a happy new year, Peter Full dmesg: [ 35.937471] pci 0000:04:00.0: PCI bridge to [bus 05] [ 35.937476] pci 0000:04:00.0: bridge window [mem 0x78000000-0x780fffff] [ 35.937481] pci 0000:04:00.0: bridge window [mem 0x7800000000-0x78000fffff 64bit pref] [ 35.937488] pci 0000:04:01.0: PCI bridge to [bus 06-24] [ 35.937493] pci 0000:04:01.0: bridge window [mem 0x78100000-0x7fffffff] [ 35.937497] pci 0000:04:01.0: bridge window [mem 0x7800100000-0x7d554fffff 64bit pref] [ 35.937504] pci 0000:04:02.0: PCI bridge to [bus 25-43] [ 35.937509] pci 0000:04:02.0: bridge window [mem 0x80000000-0x87efffff] [ 35.937513] pci 0000:04:02.0: bridge window [mem 0x7d55500000-0x82aa8fffff 64bit pref] [ 35.937520] pci 0000:04:03.0: PCI bridge to [bus 44-60] [ 35.937525] pci 0000:04:03.0: bridge window [mem 0x87f00000-0x8fdfffff] [ 35.937529] pci 0000:04:03.0: bridge window [mem 0x82aa900000-0x87ffcfffff 64bit pref] [ 35.937536] pci 0000:04:04.0: PCI bridge to [bus 61] [ 35.937542] pci 0000:04:04.0: bridge window [mem 0x8fe00000-0x8fefffff] [ 35.937546] pci 0000:04:04.0: bridge window [mem 0x87ffd00000-0x87ffdfffff 64bit pref] [ 35.937552] pci 0000:03:00.0: PCI bridge to [bus 04-61] [ 35.937558] pci 0000:03:00.0: bridge window [mem 0x78000000-0x8fffffff] [ 35.937561] pci 0000:03:00.0: bridge window [mem 0x7800000000-0x87ffffffff 64bit pref] [ 35.937568] pcieport 0000:00:03.1: PCI bridge to [bus 03-61] [ 35.937570] pcieport 0000:00:03.1: bridge window [io 0x6000-0x9fff] [ 35.937574] pcieport 0000:00:03.1: bridge window [mem 0x78000000-0x8fffffff] [ 35.937576] pcieport 0000:00:03.1: bridge window [mem 0x7800000000-0x87ffffffff 64bit pref] [ 35.937588] PCI: No. 2 try to assign unassigned res [ 35.937590] pcieport 0000:00:03.1: resource 13 [io 0x6000-0x9fff] released [ 35.937592] pcieport 0000:00:03.1: PCI bridge to [bus 03-61] [ 35.937607] pcieport 0000:00:03.1: bridge window [io 0x6000-0xafff]: assigned [ 35.937608] pci 0000:03:00.0: bridge window [io 0x6000-0xafff]: assigned [ 35.937610] pci 0000:04:00.0: bridge window [io 0x6000-0x6fff]: assigned [ 35.937611] pci 0000:04:01.0: bridge window [io 0x7000-0x7fff]: assigned [ 35.937613] pci 0000:04:02.0: bridge window [io 0x8000-0x8fff]: assigned [ 35.937614] pci 0000:04:03.0: bridge window [io 0x9000-0x9fff]: assigned [ 35.937615] pci 0000:04:04.0: bridge window [io 0xa000-0xafff]: assigned [ 35.937617] pci 0000:04:00.0: PCI bridge to [bus 05] [ 35.937619] pci 0000:04:00.0: bridge window [io 0x6000-0x6fff] [ 35.937625] pci 0000:04:00.0: bridge window [mem 0x78000000-0x780fffff] [ 35.937629] pci 0000:04:00.0: bridge window [mem 0x7800000000-0x78000fffff 64bit pref] [ 35.937636] pci 0000:04:01.0: PCI bridge to [bus 06-24] [ 35.937638] pci 0000:04:01.0: bridge window [io 0x7000-0x7fff] [ 35.937644] pci 0000:04:01.0: bridge window [mem 0x78100000-0x7fffffff] [ 35.937648] pci 0000:04:01.0: bridge window [mem 0x7800100000-0x7d554fffff 64bit pref] [ 35.937654] pci 0000:04:02.0: PCI bridge to [bus 25-43] [ 35.937657] pci 0000:04:02.0: bridge window [io 0x8000-0x8fff] [ 35.937662] pci 0000:04:02.0: bridge window [mem 0x80000000-0x87efffff] [ 35.937666] pci 0000:04:02.0: bridge window [mem 0x7d55500000-0x82aa8fffff 64bit pref] [ 35.937673] pci 0000:04:03.0: PCI bridge to [bus 44-60] [ 35.937676] pci 0000:04:03.0: bridge window [io 0x9000-0x9fff] [ 35.937681] pci 0000:04:03.0: bridge window [mem 0x87f00000-0x8fdfffff] [ 35.937685] pci 0000:04:03.0: bridge window [mem 0x82aa900000-0x87ffcfffff 64bit pref] [ 35.937692] pci 0000:04:04.0: PCI bridge to [bus 61] [ 35.937694] pci 0000:04:04.0: bridge window [io 0xa000-0xafff] [ 35.937700] pci 0000:04:04.0: bridge window [mem 0x8fe00000-0x8fefffff] [ 35.937704] pci 0000:04:04.0: bridge window [mem 0x87ffd00000-0x87ffdfffff 64bit pref] [ 35.937710] pci 0000:03:00.0: PCI bridge to [bus 04-61] [ 35.937713] pci 0000:03:00.0: bridge window [io 0x6000-0xafff] [ 35.937718] pci 0000:03:00.0: bridge window [mem 0x78000000-0x8fffffff] [ 35.937722] pci 0000:03:00.0: bridge window [mem 0x7800000000-0x87ffffffff 64bit pref] [ 35.937729] pcieport 0000:00:03.1: PCI bridge to [bus 03-61] [ 35.937730] pcieport 0000:00:03.1: bridge window [io 0x6000-0xafff] [ 35.937733] pcieport 0000:00:03.1: bridge window [mem 0x78000000-0x8fffffff] [ 35.937736] pcieport 0000:00:03.1: bridge window [mem 0x7800000000-0x87ffffffff 64bit pref] [ 35.938042] pcieport 0000:03:00.0: enabling device (0000 -> 0003) [ 35.938287] pcieport 0000:04:00.0: enabling device (0000 -> 0003) [ 35.938588] pcieport 0000:04:01.0: enabling device (0000 -> 0003) [ 35.938871] pcieport 0000:04:01.0: pciehp: Slot #1 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 35.939114] pcieport 0000:04:02.0: enabling device (0000 -> 0003) [ 35.939417] pcieport 0000:04:02.0: pciehp: Slot #2 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 35.939615] pcieport 0000:04:03.0: enabling device (0000 -> 0003) [ 35.939783] pcieport 0000:04:03.0: pciehp: Slot #3 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 35.939974] pcieport 0000:04:04.0: enabling device (0000 -> 0003) [ 35.945571] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 35.951291] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 35.962557] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 35.968763] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 35.974783] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 35.986444] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 35.998435] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.004389] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.010314] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.021392] [drm] Downstream port present 1, type 0 [ 36.033300] [drm] pre_validate_dsc:1701 MST_DSC crtc[1] needs mode_change [ 36.049064] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.059864] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.082927] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.089571] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.095715] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.101657] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.107602] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.113471] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.116072] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.122313] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.128572] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.137374] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.143599] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.152910] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.153901] usb 6-1: new SuperSpeed Plus Gen 2x1 USB device number 2 using xhci_hcd [ 36.159168] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.161617] [drm] pre_validate_dsc:1706 MST_DSC no mode changed for stream 0x0000000021394bb3 [ 36.165182] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.170771] usb 6-1: New USB device found, idVendor=8087, idProduct=0b40, bcdDevice=12.34 [ 36.170775] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 36.170778] usb 6-1: Product: USB3.0 Hub [ 36.170780] usb 6-1: Manufacturer: Intel Corporation. [ 36.171289] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.188444] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.195259] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.201406] hub 6-1:1.0: USB hub found [ 36.201450] hub 6-1:1.0: 4 ports detected [ 36.201510] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.210398] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.216610] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.225921] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.231263] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.234115] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.234117] [drm] DMUB notification skipped due to no handler: type=NO_DATA [ 36.236873] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.243031] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.258736] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.265736] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.272052] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.280669] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.286805] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.296180] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.302499] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.308865] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.314110] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.316937] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.330741] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.341800] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.347961] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.356706] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.362023] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.364834] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.399894] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.406359] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.412356] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.418488] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.437135] usb 5-1.1: new low-speed USB device number 3 using xhci_hcd [ 36.442213] [drm] DMUB notification skipped due to no handler: type=NO_DATA [ 36.442232] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.449854] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.455989] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.464694] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.470931] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.480285] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.486535] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.492089] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.507440] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.532978] [drm] DMUB notification skipped due to no handler: type=NO_DATA [ 36.533001] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.539204] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.544853] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.551025] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.557046] usb 5-1.1: New USB device found, idVendor=0451, idProduct=ace1, bcdDevice= 1.50 [ 36.557053] usb 5-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.557055] usb 5-1.1: Product: TPS DMC Family [ 36.557057] usb 5-1.1: Manufacturer: Texas Instruments Inc [ 36.557059] usb 5-1.1: SerialNumber: 6F03401608BA75BD0440D2CEDE55E56 [ 36.562666] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.568916] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.575223] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.581553] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.588670] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.594380] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.605972] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.611996] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.617925] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.625151] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.637117] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.642757] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.647131] usb 5-1.2: new high-speed USB device number 4 using xhci_hcd [ 36.666351] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.672434] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.677094] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.682994] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.688521] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.699238] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.722277] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.742134] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.748154] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.748622] usb 5-1.2: New USB device found, idVendor=2109, idProduct=2822, bcdDevice= 7.d3 [ 36.748628] usb 5-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.748631] usb 5-1.2: Product: USB2.0 Hub [ 36.748634] usb 5-1.2: Manufacturer: VIA Labs, Inc. [ 36.748636] usb 5-1.2: SerialNumber: 000000001 [ 36.754234] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.754235] [drm] DMUB notification skipped due to no handler: type=NO_DATA [ 36.762144] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.809155] hub 5-1.2:1.0: USB hub found [ 36.809621] hub 5-1.2:1.0: 4 ports detected [ 36.820347] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 36.821269] amdgpu 0000:c1:00.0: [drm] *ERROR* dpia_query_hpd_status: for link(5) dpia(0) failed with status(1), current_hpd_status(1) new_hpd_status(0) [ 36.840728] usb 6-1.4: new SuperSpeed Plus Gen 2x1 USB device number 3 using xhci_hcd [ 36.915604] [drm] DMUB notification skipped due to no handler: type=SET_CONFIGC_REPLY [ 37.007044] usb 6-1.4: New USB device found, idVendor=2109, idProduct=0822, bcdDevice= 7.d3 [ 37.007051] usb 6-1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.007054] usb 6-1.4: Product: USB3.1 Hub [ 37.007056] usb 6-1.4: Manufacturer: VIA Labs, Inc. [ 37.007058] usb 6-1.4: SerialNumber: 000000001 [ 37.032945] hub 6-1.4:1.0: USB hub found [ 37.033205] hub 6-1.4:1.0: 4 ports detected [ 37.594494] usb 5-1.2.4: new high-speed USB device number 5 using xhci_hcd [ 37.742275] usb 5-1.2.4: New USB device found, idVendor=2109, idProduct=2822, bcdDevice= 7.e4 [ 37.742282] usb 5-1.2.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.742285] usb 5-1.2.4: Product: USB2.0 Hub [ 37.742287] usb 5-1.2.4: Manufacturer: VIA Labs, Inc. [ 37.742289] usb 5-1.2.4: SerialNumber: 000000001 [ 37.800861] hub 5-1.2.4:1.0: USB hub found [ 37.801254] hub 5-1.2.4:1.0: 4 ports detected [ 37.832877] usb 6-1.4.1: new SuperSpeed USB device number 4 using xhci_hcd [ 37.851246] usb 6-1.4.1: New USB device found, idVendor=05e3, idProduct=0764, bcdDevice= 0.01 [ 37.851252] usb 6-1.4.1: New USB device strings: Mfr=3, Product=4, SerialNumber=2 [ 37.851254] usb 6-1.4.1: Product: USB Storage [ 37.851255] usb 6-1.4.1: Manufacturer: Generic [ 37.851256] usb 6-1.4.1: SerialNumber: 000000002959 [ 37.957251] usb 6-1.4.4: new SuperSpeed Plus Gen 2x1 USB device number 5 using xhci_hcd [ 38.016318] usb 6-1.4.4: New USB device found, idVendor=2109, idProduct=0822, bcdDevice= 7.e4 [ 38.016323] usb 6-1.4.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.016325] usb 6-1.4.4: Product: USB3.1 Hub [ 38.016327] usb 6-1.4.4: Manufacturer: VIA Labs, Inc. [ 38.016328] usb 6-1.4.4: SerialNumber: 000000001 [ 38.040992] hub 6-1.4.4:1.0: USB hub found [ 38.041246] hub 6-1.4.4:1.0: 4 ports detected [ 38.165394] usb-storage 6-1.4.1:1.0: USB Mass Storage device detected [ 38.165578] scsi host0: usb-storage 6-1.4.1:1.0 [ 38.165658] usbcore: registered new interface driver usb-storage [ 38.168254] usbcore: registered new interface driver uas [ 38.577144] usb 5-1.2.4.2: new high-speed USB device number 6 using xhci_hcd [ 38.712256] usb 5-1.2.4.2: New USB device found, idVendor=2109, idProduct=2822, bcdDevice= 7.d3 [ 38.712265] usb 5-1.2.4.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.712268] usb 5-1.2.4.2: Product: USB2.0 Hub [ 38.712270] usb 5-1.2.4.2: Manufacturer: VIA Labs, Inc. [ 38.712272] usb 5-1.2.4.2: SerialNumber: 000000001 [ 38.760873] hub 5-1.2.4.2:1.0: USB hub found [ 38.761276] hub 5-1.2.4.2:1.0: 4 ports detected [ 38.792894] usb 6-1.4.4.2: new SuperSpeed Plus Gen 2x1 USB device number 6 using xhci_hcd [ 38.956002] usb 6-1.4.4.2: New USB device found, idVendor=2109, idProduct=0822, bcdDevice= 7.d3 [ 38.956010] usb 6-1.4.4.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.956012] usb 6-1.4.4.2: Product: USB3.1 Hub [ 38.956015] usb 6-1.4.4.2: Manufacturer: VIA Labs, Inc. [ 38.956016] usb 6-1.4.4.2: SerialNumber: 000000001 [ 38.986265] hub 6-1.4.4.2:1.0: USB hub found [ 38.986539] hub 6-1.4.4.2:1.0: 4 ports detected [ 39.158585] usb 6-1.4.4.4: new SuperSpeed USB device number 7 using xhci_hcd [ 39.175286] usb 6-1.4.4.4: New USB device found, idVendor=30f3, idProduct=0419, bcdDevice=31.01 [ 39.175293] usb 6-1.4.4.4: New USB device strings: Mfr=1, Product=2, SerialNumber=6 [ 39.175296] usb 6-1.4.4.4: Product: USB 10/100/1000 LAN [ 39.175298] usb 6-1.4.4.4: Manufacturer: Realtek [ 39.175300] usb 6-1.4.4.4: SerialNumber: 1014E0A6A [ 39.176503] scsi 0:0:0:0: Direct-Access Generic MassStorageClass 0001 PQ: 0 ANSI: 6 [ 39.178458] scsi 0:0:0:1: Direct-Access Generic MassStorageClass 0001 PQ: 0 ANSI: 6 [ 39.193018] sd 0:0:0:0: [sda] Media removed, stopped polling [ 39.193262] sd 0:0:0:0: [sda] Attached SCSI removable disk [ 39.194001] sd 0:0:0:1: [sdb] Media removed, stopped polling [ 39.194317] sd 0:0:0:1: [sdb] Attached SCSI removable disk [ 39.223218] cdc_ether 6-1.4.4.4:2.0 eth0: register 'cdc_ether' at usb-0000:c3:00.3-1.4.4.4, CDC Ethernet Device, 80:6d:97:4e:0a:6a [ 39.223246] usbcore: registered new interface driver cdc_ether [ 39.567885] usb 5-1.2.4.2.2: new high-speed USB device number 7 using xhci_hcd [ 39.723779] usb 5-1.2.4.2.2: New USB device found, idVendor=1397, idProduct=00d4, bcdDevice= 1.01 [ 39.723786] usb 5-1.2.4.2.2: New USB device strings: Mfr=12, Product=7, SerialNumber=13 [ 39.723789] usb 5-1.2.4.2.2: Product: X18/XR18 [ 39.723792] usb 5-1.2.4.2.2: Manufacturer: BEHRINGER [ 39.723794] usb 5-1.2.4.2.2: SerialNumber: 592C3096 [ 39.790812] usb 6-1.4.4.2.3: new SuperSpeed USB device number 8 using xhci_hcd [ 40.044191] usb 6-1.4.4.2.3: New USB device found, idVendor=2109, idProduct=0812, bcdDevice= d.a1 [ 40.044199] usb 6-1.4.4.2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 40.044202] usb 6-1.4.4.2.3: Product: USB3.0 Hub [ 40.044204] usb 6-1.4.4.2.3: Manufacturer: VIA Labs, Inc. [ 40.073704] hub 6-1.4.4.2.3:1.0: USB hub found [ 40.074068] hub 6-1.4.4.2.3:1.0: 4 ports detected [ 40.161093] usb 5-1.2.4.2.3: new high-speed USB device number 8 using xhci_hcd [ 40.312459] usb 5-1.2.4.2.3: New USB device found, idVendor=2109, idProduct=2812, bcdDevice= d.a0 [ 40.312467] usb 5-1.2.4.2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 40.312470] usb 5-1.2.4.2.3: Product: USB2.0 Hub [ 40.312472] usb 5-1.2.4.2.3: Manufacturer: VIA Labs, Inc. [ 40.361608] hub 5-1.2.4.2.3:1.0: USB hub found [ 40.362688] hub 5-1.2.4.2.3:1.0: 4 ports detected [ 40.511291] usb 5-1.2.4.2.4: new high-speed USB device number 9 using xhci_hcd [ 40.663047] usb 5-1.2.4.2.4: New USB device found, idVendor=046d, idProduct=08e5, bcdDevice= 0.0c [ 40.663056] usb 5-1.2.4.2.4: New USB device strings: Mfr=0, Product=2, SerialNumber=0 [ 40.663060] usb 5-1.2.4.2.4: Product: HD Pro Webcam C920 [ 40.730481] usb 5-1.2.4.2.3.2: new full-speed USB device number 10 using xhci_hcd [ 40.732907] mc: Linux media interface: v0.10 [ 40.743793] videodev: Linux video capture interface: v2.00 [ 40.763419] usb 5-1.2.4.2.4: Found UVC 1.00 device HD Pro Webcam C920 (046d:08e5) [ 40.808657] uvcvideo 5-1.2.4.2.4:1.1: Failed to set UVC probe control : -32 (exp. 26). [ 40.809783] usbcore: registered new interface driver uvcvideo [ 40.873366] usb 5-1.2.4.2.2: Quirk or no altset; falling back to MIDI 1.0 [ 40.920823] usb 5-1.2.4.2.3.2: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice=12.11 [ 40.920829] usb 5-1.2.4.2.3.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 40.920832] usb 5-1.2.4.2.3.2: Product: USB Receiver [ 40.920834] usb 5-1.2.4.2.3.2: Manufacturer: Logitech [ 41.293274] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.2/5-1.2.4.2.3.2:1.0/0003:046D:C52B.0006/input/input19 [ 41.326960] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 24000 [ 41.523895] hid-generic 0003:046D:C52B.0006: input,hidraw5: USB HID v1.11 Keyboard [Logitech USB Receiver] on usb-0000:c3:00.3-1.2.4.2.3.2/input0 [ 41.527898] input: Logitech USB Receiver Mouse as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.2/5-1.2.4.2.3.2:1.1/0003:046D:C52B.0007/input/input20 [ 41.528012] input: Logitech USB Receiver Consumer Control as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.2/5-1.2.4.2.3.2:1.1/0003:046D:C52B.0007/input/input21 [ 41.542538] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [ 41.580564] input: Logitech USB Receiver System Control as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.2/5-1.2.4.2.3.2:1.1/0003:046D:C52B.0007/input/input22 [ 41.580684] hid-generic 0003:046D:C52B.0007: input,hiddev97,hidraw6: USB HID v1.11 Mouse [Logitech USB Receiver] on usb-0000:c3:00.3-1.2.4.2.3.2/input1 [ 41.583883] hid-generic 0003:046D:C52B.0008: hiddev98,hidraw7: USB HID v1.11 Device [Logitech USB Receiver] on usb-0000:c3:00.3-1.2.4.2.3.2/input2 [ 41.670590] usb 5-1.2.4.2.3.4: new full-speed USB device number 11 using xhci_hcd [ 41.679175] usbcore: registered new interface driver snd-usb-audio [ 41.790648] usb 5-1.2.4.2.3.4: New USB device found, idVendor=24f0, idProduct=0140, bcdDevice= 1.00 [ 41.790655] usb 5-1.2.4.2.3.4: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 41.790658] usb 5-1.2.4.2.3.4: Product: Das Keyboard [ 41.790660] usb 5-1.2.4.2.3.4: Manufacturer: Metadot - Das Keyboard [ 41.894922] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [ 42.095856] input: Metadot - Das Keyboard Das Keyboard as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.4/5-1.2.4.2.3.4:1.0/0003:24F0:0140.0009/input/input24 [ 42.277137] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [ 42.290558] hid-generic 0003:24F0:0140.0009: input,hidraw8: USB HID v1.10 Keyboard [Metadot - Das Keyboard Das Keyboard] on usb-0000:c3:00.3-1.2.4.2.3.4/input0 [ 42.297775] input: Metadot - Das Keyboard Das Keyboard System Control as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.4/5-1.2.4.2.3.4:1.1/0003:24F0:0140.000A/input/input25 [ 42.350535] input: Metadot - Das Keyboard Das Keyboard Consumer Control as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.4/5-1.2.4.2.3.4:1.1/0003:24F0:0140.000A/input/input26 [ 42.350604] hid-generic 0003:24F0:0140.000A: input,hidraw9: USB HID v1.10 Device [Metadot - Das Keyboard Das Keyboard] on usb-0000:c3:00.3-1.2.4.2.3.4/input1 [ 42.597134] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [ 42.927966] logitech-djreceiver 0003:046D:C52B.0008: hiddev97,hidraw5: USB HID v1.11 Device [Logitech USB Receiver] on usb-0000:c3:00.3-1.2.4.2.3.2/input2 [ 43.052295] input: Logitech MX Master 3 as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.2/5-1.2.4.2.3.2:1.2/0003:046D:C52B.0008/0003:046D:4082.000B/input/input27 [ 43.187630] logitech-hidpp-device 0003:046D:4082.000B: input,hidraw6: USB HID v1.11 Keyboard [Logitech MX Master 3] on usb-0000:c3:00.3-1.2.4.2.3.2/input2:1 [ 47.090468] [drm:amdgpu_dm_process_dmub_set_config_sync [amdgpu]] *ERROR* wait_for_completion_timeout timeout! [ 47.140597] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.167285] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.202266] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.350775] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.363337] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.419310] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.479056] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.535449] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.581029] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.607858] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.646297] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.704704] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.766976] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.844158] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.864374] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.903447] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.939946] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 47.995489] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.052259] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.117484] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.140524] usb 5-1.2.4.2.4: reset high-speed USB device number 9 using xhci_hcd [ 48.182679] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.218882] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.279094] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.338889] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.404150] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.462619] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.536005] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.593145] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.665845] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.723287] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 48.796354] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.094078] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.155019] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.207140] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.265807] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.330924] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.402801] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.442953] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.499180] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.555627] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.688323] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.743861] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.785681] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.842658] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.900312] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 49.957162] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.017820] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.069263] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.127309] [drm] DMUB notification skipped due to no handler: type=NO_DATA [ 50.127344] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.187862] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.247055] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.330046] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.413716] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.495578] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.576778] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.660155] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.741442] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.833674] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 50.923444] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.034409] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.140831] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.248669] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.356783] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.464485] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.572726] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.681358] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.788525] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 51.895990] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.001203] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.108528] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.214885] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.322209] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.428644] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.534846] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.644310] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.753118] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.859692] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 52.985899] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 53.105505] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 53.242689] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 53.378255] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 53.535188] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 53.694345] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 53.857687] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.014497] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.124527] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.237726] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.346103] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.452601] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.562687] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.683673] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.794595] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 54.903307] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.007988] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.123117] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.229195] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.336032] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.444690] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.553090] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.657956] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.771046] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 55.934817] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.341615] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.401744] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.453209] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.510623] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.576042] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.650572] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.688200] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.710627] cros-ec-dev cros-ec-dev.1.auto: Some logs may have been dropped... [ 56.748366] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.808212] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.867805] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.937455] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 56.981333] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.038037] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.094300] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.154718] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.214995] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.289752] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.337655] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.377670] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.424301] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.473390] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.534579] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.611466] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.655970] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.788723] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 57.947896] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 58.105381] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 58.261483] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 58.424472] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 58.589655] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 58.746601] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 58.909598] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.072685] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.150659] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.496012] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.558360] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.611800] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.669335] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.735450] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.803628] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.843088] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.902291] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 59.963606] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.028288] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.097909] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.137242] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.201584] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.259312] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.264850] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.325732] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.400669] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.448017] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.483226] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.533683] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.585148] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.641612] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.662997] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.718583] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.767254] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.792181] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.858394] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 60.979155] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.103814] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.211380] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.318962] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.409940] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.502988] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.587226] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.672934] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 61.750780] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3255.218916] perf: interrupt took too long (2505 > 2500), lowering kernel.perf_event_max_sample_rate to 79800 [ 3425.996642] [drm] DMUB HPD IRQ callback: link_index=5 [ 3425.996683] [drm] DM_MST: stopping TM on aconnector: 0000000059a6282d [id: 122] [ 3426.190930] ------------[ cut here ]------------ [ 3426.190935] WARNING: CPU: 14 PID: 3018 at drivers/gpu/drm/amd/amdgpu/../display/dc/link/hwss/link_hwss_dpia.c:49 update_dpia_stream_allocation_table+0xf2/0x100 [amdgpu] [ 3426.191246] Modules linked in: hid_logitech_dj snd_seq_midi snd_seq_midi_event uvcvideo videobuf2_vmalloc uvc videobuf2_memops snd_usb_audio videobuf2_v4l2 videobuf2_common snd_usbmidi_lib snd_ump videodev snd_rawmidi mc cdc_ether usbnet mii uas usb_storage hid_logitech_hidpp ccm rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device tun ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_multiport xt_cgroup xt_mark xt_owner xt_tcpudp ip6table_raw iptable_raw ip6table_mangle iptable_mangle ip6table_nat iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc32c_generic ip6table_filter ip6_tables iptable_filter ip_tables x_tables uhid cmac algif_hash algif_skcipher af_alg bnep vfat fat amd_atl intel_rapl_msr intel_rapl_common snd_sof_amd_acp70 snd_sof_amd_acp63 snd_soc_acpi_amd_match snd_sof_amd_vangogh snd_sof_amd_rembrandt snd_sof_amd_renoir snd_sof_amd_acp snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_pci_ps snd_amd_sdw_acpi mt7921e soundwire_amd kvm_amd mt7921_common [ 3426.191318] snd_hda_codec_realtek soundwire_generic_allocation hid_sensor_als snd_hda_codec_generic soundwire_bus mt792x_lib hid_sensor_trigger snd_hda_scodec_component kvm mt76_connac_lib snd_hda_codec_hdmi industrialio_triggered_buffer mousedev kfifo_buf snd_soc_core mt76 irqbypass hid_sensor_iio_common leds_cros_ec snd_hda_intel snd_compress crct10dif_pclmul industrialio cros_ec_sysfs cros_ec_hwmon led_class_multicolor mac80211 cros_ec_chardev cros_kbd_led_backlight ac97_bus snd_intel_dspcfg gpio_cros_ec cros_charge_control cros_ec_debugfs crc32_pclmul snd_intel_sdw_acpi crc32c_intel snd_pcm_dmaengine polyval_clmulni snd_hda_codec libarc4 snd_rpl_pci_acp6x polyval_generic ghash_clmulni_intel snd_hda_core snd_acp_pci spd5118 snd_acp_legacy_common joydev sha512_ssse3 hid_multitouch hid_sensor_hub cros_ec_dev sha256_ssse3 btusb snd_pci_acp6x snd_hwdep sha1_ssse3 cfg80211 btrtl snd_pcm aesni_intel snd_pci_acp5x btintel snd_rn_pci_acp3x sp5100_tco gf128mul snd_timer btbcm amd_pmf snd_acp_config ucsi_acpi crypto_simd [ 3426.191380] snd snd_soc_acpi btmtk amdtee cryptd i2c_piix4 typec_ucsi bluetooth rapl wmi_bmof pcspkr typec thunderbolt rfkill soundcore snd_pci_acp3x ccp k10temp i2c_smbus roles amd_sfh cros_ec_lpcs platform_profile i2c_hid_acpi tee amd_pmc i2c_hid cros_ec mac_hid i2c_dev crypto_user nfnetlink bpf_preload hid_generic usbhid amdgpu zfs(POE) crc16 spl(OE) amdxcp i2c_algo_bit drm_ttm_helper serio_raw ttm drm_exec atkbd gpu_sched libps2 vivaldi_fmap drm_suballoc_helper nvme drm_buddy i8042 drm_display_helper nvme_core video serio cec nvme_auth wmi [ 3426.191434] CPU: 14 UID: 1000 PID: 3018 Comm: kwin_wayland Tainted: P OE 6.12.64-1-lts #1 8c2629090c0c373070c59d027e89ff0b1ee80aa2 [ 3426.191439] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [ 3426.191440] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.16 07/25/2025 [ 3426.191442] RIP: 0010:update_dpia_stream_allocation_table+0xf2/0x100 [amdgpu] [ 3426.191709] Code: d0 0f 1f 00 48 8b 44 24 08 65 48 2b 04 25 28 00 00 00 75 1a 48 83 c4 10 5b 5d 41 5c 41 5d e9 10 68 89 d7 31 db e9 6f ff ff ff <0f> 0b eb 8a e8 b5 85 68 d7 0f 1f 44 00 00 90 90 90 90 90 90 90 90 [ 3426.191711] RSP: 0018:ffffcbb8a436b3a0 EFLAGS: 00010206 [ 3426.191714] RAX: 0000000000000018 RBX: 0000000000000026 RCX: 0000000000000e80 [ 3426.191716] RDX: 0000000000000018 RSI: ffffcbb8a436b348 RDI: ffff8b768dba9a08 [ 3426.191717] RBP: ffff8b7691272388 R08: 0000000000000018 R09: 0000000000000e80 [ 3426.191718] R10: ffffcbb8c0ef9900 R11: ffff8b768dba9800 R12: ffff8b768d8a2e00 [ 3426.191720] R13: ffff8b7691272000 R14: ffff8b77cd5e0000 R15: ffff8b76916185f0 [ 3426.191722] FS: 00007529ee520b80(0000) GS:ffff8b841e100000(0000) knlGS:0000000000000000 [ 3426.191723] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3426.191725] CR2: 0000055c0557f080 CR3: 0000000125364000 CR4: 0000000000f50ef0 [ 3426.191727] PKRU: 55555554 [ 3426.191728] Call Trace: [ 3426.191732] <TASK> [ 3426.191735] link_set_dpms_off+0x61f/0x790 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.191989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.191995] dcn31_reset_hw_ctx_wrap+0x232/0x450 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.192231] dce110_apply_ctx_to_hw+0x63/0x2e0 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.192467] ? dcn10_setup_stereo+0xe0/0x170 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.192692] dc_commit_state_no_check+0x63d/0xeb0 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.192935] dc_commit_streams+0x296/0x490 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.193176] amdgpu_dm_atomic_commit_tail+0x6a1/0x3a10 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.193429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193435] ? psi_task_switch+0x113/0x2a0 [ 3426.193439] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193445] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193449] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193452] ? schedule+0x27/0xf0 [ 3426.193456] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193459] ? schedule_timeout+0x133/0x170 [ 3426.193461] ? drm_gem_plane_helper_prepare_fb+0x90/0x1f0 [ 3426.193467] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193469] ? dma_fence_default_wait+0x8b/0x230 [ 3426.193472] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193475] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193478] ? wait_for_completion_timeout+0x12e/0x180 [ 3426.193481] ? __pfx_dma_fence_default_wait_cb+0x10/0x10 [ 3426.193483] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193486] ? kvfree_call_rcu+0x21a/0x370 [ 3426.193493] commit_tail+0xae/0x140 [ 3426.193498] drm_atomic_helper_commit+0x13c/0x180 [ 3426.193502] drm_atomic_commit+0xa6/0xe0 [ 3426.193507] ? __pfx___drm_printfn_info+0x10/0x10 [ 3426.193512] drm_mode_atomic_ioctl+0xa60/0xcd0 [ 3426.193518] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 3426.193522] drm_ioctl_kernel+0xad/0x100 [ 3426.193528] drm_ioctl+0x286/0x500 [ 3426.193531] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 3426.193538] amdgpu_drm_ioctl+0x4a/0x80 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [ 3426.193749] __x64_sys_ioctl+0x91/0xd0 [ 3426.193755] do_syscall_64+0x7b/0x190 [ 3426.193759] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193764] ? drain_obj_stock+0xb9/0x250 [ 3426.193772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193775] ? filp_flush+0x4e/0x80 [ 3426.193779] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193782] ? syscall_exit_to_user_mode+0x37/0x1c0 [ 3426.193785] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193788] ? do_syscall_64+0x87/0x190 [ 3426.193791] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193794] ? syscall_exit_to_user_mode+0x37/0x1c0 [ 3426.193797] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193800] ? do_syscall_64+0x87/0x190 [ 3426.193803] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193806] ? do_syscall_64+0x87/0x190 [ 3426.193809] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193812] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193815] ? syscall_exit_to_user_mode+0x37/0x1c0 [ 3426.193818] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193821] ? do_syscall_64+0x87/0x190 [ 3426.193823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193826] ? syscall_exit_to_user_mode+0x37/0x1c0 [ 3426.193829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193831] ? do_syscall_64+0x87/0x190 [ 3426.193834] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3426.193837] ? irqentry_exit_to_user_mode+0x2c/0x1b0 [ 3426.193840] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 3426.193844] RIP: 0033:0x7529f528f70d [ 3426.193879] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 [ 3426.193881] RSP: 002b:00007ffdbc86a0b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3426.193885] RAX: ffffffffffffffda RBX: 00005dd5cdd87100 RCX: 00007529f528f70d [ 3426.193887] RDX: 00007ffdbc86a1a0 RSI: 00000000c03864bc RDI: 0000000000000013 [ 3426.193889] RBP: 00007ffdbc86a100 R08: 00005dd5ce7a35d8 R09: 00005dd5cd4d00a0 [ 3426.193891] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdbc86a1a0 [ 3426.193893] R13: 00000000c03864bc R14: 0000000000000013 R15: 00005dd5ce7a34c0 [ 3426.193898] </TASK> [ 3426.193899] ---[ end trace 0000000000000000 ]--- [ 3427.691139] [drm] DMUB HPD IRQ callback: link_index=5 [ 3427.747625] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [ 3427.751278] [drm] DM_MST: DP14, 4-lane link detected [ 3427.753948] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3427.808834] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3427.867176] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3427.924571] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3427.988102] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.032590] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.094804] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.161771] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.217907] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.289909] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.326514] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.383695] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.439627] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.496123] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.549989] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.613821] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.669738] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.729882] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.787109] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.843481] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.900151] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3428.956631] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.017344] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.087370] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.143215] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.199921] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.257150] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.316626] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.373864] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.430415] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.486712] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.543612] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.615052] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.669412] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.726628] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.786545] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.843696] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.900318] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3429.956967] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.016866] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.077386] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.147734] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.202425] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.260011] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.316899] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.373747] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.430421] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.486628] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.546384] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.606752] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.673289] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.730256] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.786604] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.843403] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.908143] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3430.963128] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3431.019824] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3431.076967] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3431.136780] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3431.192942] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3431.570611] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.492359] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.604878] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.646368] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.702614] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.762979] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.824563] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.893581] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.933989] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3432.992743] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.049536] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.110889] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.166171] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.283109] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.380647] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.493026] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.590848] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.703374] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.808868] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3433.926605] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3435.070461] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3435.183183] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3546.444159] [drm] DMUB HPD IRQ callback: link_index=5 [ 3546.444207] [drm] DM_MST: stopping TM on aconnector: 0000000059a6282d [id: 122] [ 3548.207700] [drm] DMUB HPD IRQ callback: link_index=5 [ 3548.263351] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [ 3548.267032] [drm] DM_MST: DP14, 4-lane link detected [ 3548.269689] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.327811] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.382135] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.443822] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.501327] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.559195] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.627372] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.675334] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.687885] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.735908] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.741478] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.798314] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.853927] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.901945] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3548.958608] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.021207] [drm] Downstream port present 1, type 0 [ 3549.050981] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.107128] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.175641] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.211985] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.268948] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.325594] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.381961] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.439072] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.500075] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.556106] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.614988] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.669454] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.729236] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.785927] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.841979] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.898907] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3549.977605] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.031028] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.089007] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.151605] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.205259] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.264863] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.319059] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.376318] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.432438] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.502480] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.554672] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.609410] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.668494] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.725599] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.785549] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.842436] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.898984] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3550.956091] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.028846] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.085027] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.143220] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.202563] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.259160] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.322675] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.378931] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.438892] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.495815] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.566442] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.622561] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.682376] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.744754] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.802263] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.865385] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.925850] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3551.982196] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.042257] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.114914] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.169190] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.229199] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.285987] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.346265] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.401856] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.461045] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.515573] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.575096] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.628708] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.685292] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.742169] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.812505] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.869060] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.925072] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3552.978676] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3553.070594] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3553.125320] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3553.188492] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3553.242556] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3553.634409] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3553.927002] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.384430] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.444033] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.491840] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.548160] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.606651] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.667829] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.735476] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.770617] [drm] DMUB notification skipped due to no handler: type=NO_DATA [ 3554.772114] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.828001] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.884847] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3554.949426] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.015317] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.055136] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.114974] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.196999] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.236709] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.286190] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.349289] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.421730] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.468051] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.505163] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.555730] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.600099] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.661244] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.804077] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.817770] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3555.973831] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3556.132934] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3556.290313] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3556.446552] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3556.600235] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3556.756354] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3556.912183] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3557.070185] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3557.227033] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3557.387836] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3557.546841] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3557.702996] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3557.856795] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3558.017167] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3558.174135] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3558.333204] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3558.491026] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3558.646342] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3558.800023] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3558.956605] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3559.119577] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3559.192554] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3560.384313] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 3560.459054] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 4588.960757] Bluetooth: hci0: Opcode 0x0401 failed: -16 [ 6197.065936] wlp1s0: deauthenticating from ac:8b:a9:48:29:8b by local choice (Reason: 3=DEAUTH_LEAVING) [ 6197.258285] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 6197.317463] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 6197.374431] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 6197.435157] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 6197.928056] PM: suspend entry (s2idle) [ 6202.155137] Filesystems sync: 4.227 seconds [ 6202.158478] Freezing user space processes [ 6202.159332] Freezing user space processes aborted after 0.000 seconds (70 tasks refusing to freeze, wq_busy=0): [ 6202.159397] OOM killer enabled. [ 6202.159399] Restarting tasks ... done. [ 6202.160126] random: crng reseeded on system resumption [ 6202.162298] PM: suspend exit [ 6202.162338] PM: suspend entry (s2idle) [ 6202.164247] Filesystems sync: 0.001 seconds [ 6202.165839] Freezing user space processes [ 6202.167824] Freezing user space processes completed (elapsed 0.001 seconds) [ 6202.167827] OOM killer disabled. [ 6202.167827] Freezing remaining freezable tasks [ 6202.196136] Freezing remaining freezable tasks completed (elapsed 0.028 seconds) [ 6202.196145] printk: Suspending console(s) (use no_console_suspend to debug) [ 6202.550932] queueing ieee80211 work while going to suspend [ 6202.713747] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 6202.802342] [drm] DMUB HPD RX IRQ callback: link_index=5 [ 6202.885671] pcieport 0000:00:08.3: quirk: disabling D3cold for suspend [ 6202.886638] ACPI: EC: interrupt blocked [34333.654256] ACPI: EC: interrupt unblocked [34334.451512] nvme nvme0: 16/0/0 default/read/poll queues [34334.452253] [drm] PCIE GART of 512M enabled (table at 0x00000081FFD00000). [34334.452431] amdgpu 0000:c1:00.0: amdgpu: SMU is resuming... [34334.456828] amdgpu 0000:c1:00.0: amdgpu: SMU is resumed successfully! [34334.461596] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.461597] [drm] Skip DMUB HPD IRQ callback in suspend/resume [34334.461600] [drm] Skip DMUB HPD IRQ callback in suspend/resume [34334.461601] [drm] Skip DMUB HPD IRQ callback in suspend/resume [34334.462262] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.462915] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.463559] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.464224] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.464871] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.465536] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.466190] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.466850] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.467583] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.468238] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.468928] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.469583] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.470233] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.470894] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.471550] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.472211] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.472868] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.473608] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.474272] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.474930] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.475586] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.476242] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.476892] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.477559] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.478283] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.478932] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.479599] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.480271] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.480839] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.481490] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.482161] [drm] DPIA AUX failed on 0x0(1), error 7 [34334.571446] [drm] DM_MST: stopping TM on aconnector: 0000000059a6282d [id: 122] [34334.936504] usb 6-1: reset SuperSpeed Plus Gen 2x1 USB device number 2 using xhci_hcd [34335.066573] usb 5-1: reset high-speed USB device number 2 using xhci_hcd [34335.239619] amdgpu 0000:c1:00.0: [drm] enabling link 5 failed: 15 [34335.536557] usb 6-1.4: reset SuperSpeed Plus Gen 2x1 USB device number 3 using xhci_hcd [34335.889607] amdgpu 0000:c1:00.0: [drm] enabling link 5 failed: 15 [34335.946363] amdgpu 0000:c1:00.0: amdgpu: ring gfx_0.0.0 uses VM inv eng 0 on hub 0 [34335.946367] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.0.0 uses VM inv eng 1 on hub 0 [34335.946370] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.1.0 uses VM inv eng 4 on hub 0 [34335.946372] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.2.0 uses VM inv eng 6 on hub 0 [34335.946374] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.3.0 uses VM inv eng 7 on hub 0 [34335.946376] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.0.1 uses VM inv eng 8 on hub 0 [34335.946378] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.1.1 uses VM inv eng 9 on hub 0 [34335.946379] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.2.1 uses VM inv eng 10 on hub 0 [34335.946381] amdgpu 0000:c1:00.0: amdgpu: ring comp_1.3.1 uses VM inv eng 11 on hub 0 [34335.946383] amdgpu 0000:c1:00.0: amdgpu: ring sdma0 uses VM inv eng 12 on hub 0 [34335.946385] amdgpu 0000:c1:00.0: amdgpu: ring vcn_unified_0 uses VM inv eng 0 on hub 8 [34335.946387] amdgpu 0000:c1:00.0: amdgpu: ring jpeg_dec uses VM inv eng 1 on hub 8 [34335.946389] amdgpu 0000:c1:00.0: amdgpu: ring mes_kiq_3.1.0 uses VM inv eng 13 on hub 0 [34335.956107] [drm] ring gfx_32814.1.1 was added [34335.956848] [drm] ring compute_32814.2.2 was added [34335.957575] [drm] ring sdma_32814.3.3 was added [34335.957605] [drm] ring gfx_32814.1.1 ib test pass [34335.957638] [drm] ring compute_32814.2.2 ib test pass [34335.957752] [drm] ring sdma_32814.3.3 ib test pass [34335.989632] usb 5-1.1: reset low-speed USB device number 3 using xhci_hcd [34335.991883] [drm] DMUB HPD IRQ callback: link_index=5 [34336.032709] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.033543] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.034234] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.034995] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.035676] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.036328] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.037020] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.037704] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.038544] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.039241] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.039938] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.040742] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.041440] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.042188] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.042885] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.043583] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.044447] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.045120] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.045793] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.046454] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.047113] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.047842] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.048502] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.049238] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.049898] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.050578] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.051237] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.051897] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.052604] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.053266] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.053967] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.054628] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.054658] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.055367] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.056028] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.056689] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.057404] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.058065] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.058769] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.059430] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.060168] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.060829] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.061491] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.062207] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.062868] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.063571] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.064232] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.064969] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.065630] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.066294] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.067010] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.067653] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.068371] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.069034] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.069675] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.070338] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.071009] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.071671] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.072333] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.073046] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.073710] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.074450] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.075112] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.075792] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.075825] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.076489] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.077154] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.077875] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.078539] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.079275] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.079941] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.080613] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.081278] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.081943] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.082676] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.083343] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.083998] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.084652] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.085378] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.086025] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.086673] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.087320] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.087987] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.088681] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.089342] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.090005] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.090672] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.091320] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.091988] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.092637] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.093306] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.093964] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.094682] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.095352] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.096082] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.096743] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.096781] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.097430] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.098098] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.098750] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.099419] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.100080] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.100805] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.101474] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.102123] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.102791] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.103462] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.104112] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.104781] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.105488] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.106153] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.106824] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.107482] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.108183] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.108848] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.109500] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.110227] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.110896] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.111547] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.112219] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.112946] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.113609] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.114265] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.114936] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.115587] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.116262] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.116926] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.117664] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.117778] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.118443] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.119099] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.119831] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.120509] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.121162] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.121835] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.122571] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.123235] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.123905] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.124569] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.125228] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.125982] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.126655] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.127311] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.127984] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.128637] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.129295] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.129937] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.130595] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.131236] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.131972] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.132631] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.133273] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.133930] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.134591] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.135254] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.135894] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.136552] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.137198] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.137900] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.138541] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.138570] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.139230] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.139882] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.140585] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.141245] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.141887] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.142603] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.143261] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.143904] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.144566] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.145277] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.145939] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.146601] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.147244] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.147905] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.148547] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.149208] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.149905] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.150564] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.151293] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.151946] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.152604] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.153268] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.153914] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.154645] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.155303] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.156008] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.156667] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.157326] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.157971] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.158625] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.159283] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.159314] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.159978] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.160709] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.161358] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.162025] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.162680] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.163381] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.164046] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.164696] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.165413] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.166077] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.166723] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.167389] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.168112] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.168759] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.169426] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.170084] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.170746] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.171412] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.172059] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.172803] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.173470] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.174117] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.174784] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.175433] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.176100] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.176759] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.177490] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.178153] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.178861] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.179510] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.180175] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.180213] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.180881] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.181540] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.182257] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.182925] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.183594] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.184245] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.184914] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.185562] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.186231] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.186892] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.187557] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.188221] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.188872] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.189621] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.190288] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.190985] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.191653] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.192314] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.193023] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.193694] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.194354] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.195007] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.195724] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.196304] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.196975] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.197629] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.198295] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.198957] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.199624] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.200327] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.200983] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.201026] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.201679] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.202352] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.202988] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.203661] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.204316] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.205029] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.205702] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.206305] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.206975] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.207703] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.208371] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.209036] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.209645] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.210310] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.211031] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.211689] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.212329] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.212961] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.213670] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.214329] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.214987] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.215648] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.216281] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.216941] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.217587] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.218248] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.218899] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.219634] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.220294] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.220982] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.221640] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.221669] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.222330] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.223035] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.223691] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.224343] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.224999] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.225727] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.226293] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.226951] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.227596] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.228249] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.228905] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.229570] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.230277] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.230934] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.231599] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.232241] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.232940] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.233593] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.234250] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.234903] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.235561] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.236223] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.236868] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.237588] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.238242] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.238970] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.239632] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.240276] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.241026] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.241690] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.242340] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.242390] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242424] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242459] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242494] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242526] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242558] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242590] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242622] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242654] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242687] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242720] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242753] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242787] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242820] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242854] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242887] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242920] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242953] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.242988] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243023] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243058] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243092] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243126] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243160] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243195] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243231] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243267] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243302] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243338] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243374] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243410] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243450] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243485] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243520] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243554] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243591] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243628] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243664] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243699] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243734] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243771] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243806] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243843] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243879] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243915] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243952] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.243988] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244024] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244060] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244098] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244136] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244172] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244209] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244247] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244283] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244321] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244359] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244398] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244434] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244470] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244508] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244546] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244583] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244621] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244659] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244697] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244736] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244774] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244815] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244853] [drm] DPIA AUX failed on 0x50(0), error 7 [34336.244854] amdgpu 0000:c1:00.0: [drm] *ERROR* No EDID read. [34336.244895] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.245560] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.246220] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.246876] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.247550] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.248267] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.248922] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.249595] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.250264] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.250904] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.251563] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.252212] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.252868] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.253511] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.254168] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.254813] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.255549] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.256201] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.256844] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.257502] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.258184] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.258844] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.259486] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.260223] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.260884] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.261534] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.262195] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.262930] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.263581] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.264237] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.264880] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.265522] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.265552] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.266212] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.266861] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.267518] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.268178] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.268824] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.269488] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.270184] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.270831] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.271474] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.272182] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.272939] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.273656] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.274308] [drm] DPIA AUX failed on 0x0(1), error 7 [34336.276303] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [34336.282952] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.283599] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.284247] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.284894] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.285599] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.286253] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.286964] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.287612] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.288261] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.288915] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.289564] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.290217] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.290868] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.291522] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.292185] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.292901] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.293550] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.294208] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.294872] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.295535] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.296264] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.296927] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.297585] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.298246] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.298966] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.299626] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.300288] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.300998] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.301646] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.302370] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.302954] [drm] DPIA AUX failed on 0x111(1), error 7 [34336.302956] [drm:dm_helpers_dp_mst_start_top_mgr.cold [amdgpu]] *ERROR* DM_MST: Failed to set the device into MST mode! [34336.303331] [drm] DMUB HPD IRQ callback: link_index=5 [34336.303391] [drm] DMUB HPD IRQ callback: link_index=5 [34336.303428] [drm] DMUB HPD IRQ callback: link_index=5 [34336.303429] [drm] DMUB reported hpd status unchanged. link_index=5 [34336.349639] usb 5-1.2: reset high-speed USB device number 4 using xhci_hcd [34336.373659] [drm] DMUB HPD IRQ callback: link_index=5 [34336.432814] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [34336.432818] [drm] DM_MST: DP13, 4-lane link detected [34336.517199] usb 6-1.4.1: reset SuperSpeed USB device number 4 using xhci_hcd [34336.673842] usb 6-1.4.4: reset SuperSpeed Plus Gen 2x1 USB device number 5 using xhci_hcd [34337.206884] usb 5-1.2.4: reset high-speed USB device number 5 using xhci_hcd [34337.420459] usb 6-1.4.4.4: reset SuperSpeed USB device number 7 using xhci_hcd [34337.570612] usb 6-1.4.4.2: reset SuperSpeed Plus Gen 2x1 USB device number 6 using xhci_hcd [34338.130207] usb 5-1.2.4.2: reset high-speed USB device number 6 using xhci_hcd [34338.346687] usb 6-1.4.4.2.3: reset SuperSpeed USB device number 8 using xhci_hcd [34339.053561] usb 5-1.2.4.2.3: reset high-speed USB device number 8 using xhci_hcd [34339.316859] usb 5-1.2.4.2.4: reset high-speed USB device number 9 using xhci_hcd [34339.590158] usb 5-1.2.4.2.2: reset high-speed USB device number 7 using xhci_hcd [34339.817034] usb 5-1.2.4.2.3.2: reset full-speed USB device number 10 using xhci_hcd [34340.016112] usb 5-1.2.4.2.3.4: reset full-speed USB device number 11 using xhci_hcd [34340.227471] OOM killer enabled. [34340.227472] Restarting tasks ... done. [34340.228605] random: crng reseeded on system resumption [34340.370606] PM: suspend exit [34340.602933] ------------[ cut here ]------------ [34340.602938] WARNING: CPU: 15 PID: 3018 at drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_helpers.c:197 fill_dc_mst_payload_table_from_drm+0x92/0x130 [amdgpu] [34340.603241] Modules linked in: hid_logitech_dj snd_seq_midi snd_seq_midi_event uvcvideo videobuf2_vmalloc uvc videobuf2_memops snd_usb_audio videobuf2_v4l2 videobuf2_common snd_usbmidi_lib snd_ump videodev snd_rawmidi mc cdc_ether usbnet mii uas usb_storage hid_logitech_hidpp ccm rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device tun ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_multiport xt_cgroup xt_mark xt_owner xt_tcpudp ip6table_raw iptable_raw ip6table_mangle iptable_mangle ip6table_nat iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc32c_generic ip6table_filter ip6_tables iptable_filter ip_tables x_tables uhid cmac algif_hash algif_skcipher af_alg bnep vfat fat amd_atl intel_rapl_msr intel_rapl_common snd_sof_amd_acp70 snd_sof_amd_acp63 snd_soc_acpi_amd_match snd_sof_amd_vangogh snd_sof_amd_rembrandt snd_sof_amd_renoir snd_sof_amd_acp snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_pci_ps snd_amd_sdw_acpi mt7921e soundwire_amd kvm_amd mt7921_common [34340.603311] snd_hda_codec_realtek soundwire_generic_allocation hid_sensor_als snd_hda_codec_generic soundwire_bus mt792x_lib hid_sensor_trigger snd_hda_scodec_component kvm mt76_connac_lib snd_hda_codec_hdmi industrialio_triggered_buffer mousedev kfifo_buf snd_soc_core mt76 irqbypass hid_sensor_iio_common leds_cros_ec snd_hda_intel snd_compress crct10dif_pclmul industrialio cros_ec_sysfs cros_ec_hwmon led_class_multicolor mac80211 cros_ec_chardev cros_kbd_led_backlight ac97_bus snd_intel_dspcfg gpio_cros_ec cros_charge_control cros_ec_debugfs crc32_pclmul snd_intel_sdw_acpi crc32c_intel snd_pcm_dmaengine polyval_clmulni snd_hda_codec libarc4 snd_rpl_pci_acp6x polyval_generic ghash_clmulni_intel snd_hda_core snd_acp_pci spd5118 snd_acp_legacy_common joydev sha512_ssse3 hid_multitouch hid_sensor_hub cros_ec_dev sha256_ssse3 btusb snd_pci_acp6x snd_hwdep sha1_ssse3 cfg80211 btrtl snd_pcm aesni_intel snd_pci_acp5x btintel snd_rn_pci_acp3x sp5100_tco gf128mul snd_timer btbcm amd_pmf snd_acp_config ucsi_acpi crypto_simd [34340.603372] snd snd_soc_acpi btmtk amdtee cryptd i2c_piix4 typec_ucsi bluetooth rapl wmi_bmof pcspkr typec thunderbolt rfkill soundcore snd_pci_acp3x ccp k10temp i2c_smbus roles amd_sfh cros_ec_lpcs platform_profile i2c_hid_acpi tee amd_pmc i2c_hid cros_ec mac_hid i2c_dev crypto_user nfnetlink bpf_preload hid_generic usbhid amdgpu zfs(POE) crc16 spl(OE) amdxcp i2c_algo_bit drm_ttm_helper serio_raw ttm drm_exec atkbd gpu_sched libps2 vivaldi_fmap drm_suballoc_helper nvme drm_buddy i8042 drm_display_helper nvme_core video serio cec nvme_auth wmi [34340.603425] CPU: 15 UID: 1000 PID: 3018 Comm: kwin_wayland Tainted: P W OE 6.12.64-1-lts #1 8c2629090c0c373070c59d027e89ff0b1ee80aa2 [34340.603430] Tainted: [P]=PROPRIETARY_MODULE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [34340.603432] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.16 07/25/2025 [34340.603433] RIP: 0010:fill_dc_mst_payload_table_from_drm+0x92/0x130 [amdgpu] [34340.603677] Code: 31 d2 48 89 c1 eb 0c 90 83 c2 01 48 83 c1 18 39 d6 74 17 40 38 39 75 f0 48 63 ca 31 ff 48 8d 0c 49 66 89 7c cc 28 39 d6 75 1c <0f> 0b eb 18 0f b6 4a 09 8b 52 0c 48 8d 04 76 88 4c c4 28 88 54 c4 [34340.603679] RSP: 0018:ffffcbb8a436b290 EFLAGS: 00010246 [34340.603682] RAX: ffffcbb8a436b2b8 RBX: 0000000000000000 RCX: 0000000000000000 [34340.603684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffcbb8a436b338 [34340.603685] RBP: ffff8b7aca2a8000 R08: ffffcbb8a436b414 R09: 0000000000000000 [34340.603687] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8b768e800000 [34340.603688] R13: ffff8b7aca2a8000 R14: ffff8b768f1ba8b8 R15: ffffcbb8a436b414 [34340.603690] FS: 00007529ee520b80(0000) GS:ffff8b841e180000(0000) knlGS:0000000000000000 [34340.603692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [34340.603693] CR2: 00001e94027b3300 CR3: 0000000125364000 CR4: 0000000000f50ef0 [34340.603695] PKRU: 55555554 [34340.603696] Call Trace: [34340.603700] <TASK> [34340.603706] dm_helpers_dp_mst_write_payload_allocation_table+0x181/0x1c0 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.603931] link_set_dpms_off+0x693/0x790 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.604187] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.604193] ? optc31_set_drr+0x12b/0x1e0 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.604441] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.604445] dcn31_reset_hw_ctx_wrap+0x232/0x450 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.604688] dce110_apply_ctx_to_hw+0x63/0x2e0 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.604925] ? dcn10_setup_stereo+0xe0/0x170 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.605147] dc_commit_state_no_check+0x63d/0xeb0 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.605378] dc_commit_streams+0x296/0x490 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.605610] amdgpu_dm_atomic_commit_tail+0x6a1/0x3a10 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.605856] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605859] ? psi_task_switch+0x113/0x2a0 [34340.605863] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605868] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605872] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605874] ? schedule+0x27/0xf0 [34340.605878] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605880] ? schedule_timeout+0x133/0x170 [34340.605883] ? drm_gem_plane_helper_prepare_fb+0x90/0x1f0 [34340.605888] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605890] ? dma_fence_default_wait+0x8b/0x230 [34340.605893] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605896] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605898] ? wait_for_completion_timeout+0x12e/0x180 [34340.605901] ? __pfx_dma_fence_default_wait_cb+0x10/0x10 [34340.605903] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.605905] ? kvfree_call_rcu+0x21a/0x370 [34340.605912] commit_tail+0xae/0x140 [34340.605917] drm_atomic_helper_commit+0x13c/0x180 [34340.605920] drm_atomic_commit+0xa6/0xe0 [34340.605925] ? __pfx___drm_printfn_info+0x10/0x10 [34340.605929] drm_mode_atomic_ioctl+0xa60/0xcd0 [34340.605935] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [34340.605938] drm_ioctl_kernel+0xad/0x100 [34340.605942] drm_ioctl+0x286/0x500 [34340.605945] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [34340.605951] amdgpu_drm_ioctl+0x4a/0x80 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.606146] __x64_sys_ioctl+0x91/0xd0 [34340.606152] do_syscall_64+0x7b/0x190 [34340.606157] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606159] ? syscall_exit_to_user_mode+0x37/0x1c0 [34340.606162] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606165] ? do_syscall_64+0x87/0x190 [34340.606175] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606178] ? do_syscall_64+0x87/0x190 [34340.606181] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606183] ? __x64_sys_poll+0xc6/0x190 [34340.606187] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606189] ? syscall_exit_to_user_mode+0x37/0x1c0 [34340.606192] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606194] ? do_syscall_64+0x87/0x190 [34340.606197] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606199] ? syscall_exit_to_user_mode+0x37/0x1c0 [34340.606202] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606204] ? do_syscall_64+0x87/0x190 [34340.606206] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606208] ? syscall_exit_to_user_mode+0x37/0x1c0 [34340.606211] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606213] ? do_syscall_64+0x87/0x190 [34340.606215] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606218] ? amdgpu_drm_ioctl+0x6c/0x80 [amdgpu 1db18b2c20c34172e0247ae61f7924a8e693e3f2] [34340.606411] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606414] ? __x64_sys_ioctl+0xac/0xd0 [34340.606416] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606418] ? syscall_exit_to_user_mode+0x37/0x1c0 [34340.606421] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606423] ? do_syscall_64+0x87/0x190 [34340.606426] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606428] ? srso_alias_return_thunk+0x5/0xfbef5 [34340.606431] ? irqentry_exit_to_user_mode+0x2c/0x1b0 [34340.606434] entry_SYSCALL_64_after_hwframe+0x76/0x7e [34340.606437] RIP: 0033:0x7529f528f70d [34340.606470] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 [34340.606472] RSP: 002b:00007ffdbc86a0b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [34340.606475] RAX: ffffffffffffffda RBX: 00005dd5ce7effd0 RCX: 00007529f528f70d [34340.606477] RDX: 00007ffdbc86a1a0 RSI: 00000000c03864bc RDI: 0000000000000013 [34340.606478] RBP: 00007ffdbc86a100 R08: 00005dd5cdd72ce8 R09: 0000000000000064 [34340.606480] R10: 00005dd5cbf3b010 R11: 0000000000000246 R12: 00007ffdbc86a1a0 [34340.606481] R13: 00000000c03864bc R14: 0000000000000013 R15: 00005dd5cdd72bd0 [34340.606485] </TASK> [34340.606487] ---[ end trace 0000000000000000 ]--- [34343.349940] wlp1s0: authenticate with ac:8b:a9:28:2a:9a (local address=a8:3b:76:72:df:d5) [34343.498901] wlp1s0: send auth to ac:8b:a9:28:2a:9a (try 1/3) [34343.612136] wlp1s0: authenticated [34343.612833] wlp1s0: associate with ac:8b:a9:28:2a:9a (try 1/3) [34343.643951] wlp1s0: RX AssocResp from ac:8b:a9:28:2a:9a (capab=0x1431 status=0 aid=2) [34343.675780] wlp1s0: associated [34343.751182] wlp1s0: Limiting TX power to 20 (20 - 0) dBm as advertised by ac:8b:a9:28:2a:9a [34379.924613] usb 5-1: USB disconnect, device number 2 [34379.924619] usb 5-1.1: USB disconnect, device number 3 [34379.924843] usb 5-1.2: USB disconnect, device number 4 [34379.924846] usb 5-1.2.4: USB disconnect, device number 5 [34379.924848] usb 5-1.2.4.2: USB disconnect, device number 6 [34379.924850] usb 5-1.2.4.2.2: USB disconnect, device number 7 [34379.924860] thunderbolt 0-0:2.1: retimer disconnected [34379.924871] pcieport 0000:00:03.1: pciehp: Slot(0): Link Down [34379.924873] pcieport 0000:00:03.1: pciehp: Slot(0): Card not present [34379.925114] pcieport 0000:00:03.1: PME: Spurious native interrupt! [34379.925133] pcieport 0000:00:03.1: PME: Spurious native interrupt! [34379.925773] usb 5-1.2.4.2.3: USB disconnect, device number 8 [34379.925775] usb 5-1.2.4.2.3.2: USB disconnect, device number 10 [34379.925944] pci_bus 0000:05: busn_res: [bus 05] is released [34379.926005] pci_bus 0000:06: busn_res: [bus 06-24] is released [34379.926101] pci_bus 0000:25: busn_res: [bus 25-43] is released [34379.926263] pci_bus 0000:44: busn_res: [bus 44-60] is released [34379.926371] pci_bus 0000:61: busn_res: [bus 61] is released [34379.926420] pci_bus 0000:04: busn_res: [bus 04-61] is released [34379.927019] [drm] DMUB HPD IRQ callback: link_index=5 [34379.927058] [drm] DM_MST: stopping TM on aconnector: 0000000059a6282d [id: 122] [34379.929752] thunderbolt 0-2: device disconnected [34379.949653] usb 6-1: USB disconnect, device number 2 [34379.949659] usb 6-1.4: USB disconnect, device number 3 [34379.949661] usb 6-1.4.1: USB disconnect, device number 4 [34380.236752] usb 6-1.4.4: USB disconnect, device number 5 [34380.236766] usb 6-1.4.4.2: USB disconnect, device number 6 [34380.236773] usb 6-1.4.4.2.3: USB disconnect, device number 8 [34380.256263] usb 6-1.4.4.4: USB disconnect, device number 7 [34380.256320] cdc_ether 6-1.4.4.4:2.0 eth0: unregister 'cdc_ether' usb-0000:c3:00.3-1.4.4.4, CDC Ethernet Device [34380.351517] usb 5-1.2.4.2.3.4: USB disconnect, device number 11 [34380.913343] usb 5-1.2.4.2.4: USB disconnect, device number 9 [34383.110242] ucsi_acpi USBC000:00: unknown error 0 [34383.110260] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-5) [34385.197651] thunderbolt 0-2: new device found, vendor=0x236 device=0x22 [34385.197659] thunderbolt 0-2: Dynabook Thunderbolt 4 Dock [34385.434885] thunderbolt 0-0:2.1: new retimer found, vendor=0x7fea device=0x1032 [34385.695483] usb 5-1: new high-speed USB device number 12 using xhci_hcd [34385.828491] usb 5-1: New USB device found, idVendor=1d5c, idProduct=5801, bcdDevice= 1.01 [34385.828497] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [34385.828500] usb 5-1: Product: USB2.0 Hub [34385.828502] usb 5-1: Manufacturer: Fresco Logic, Inc. [34385.892268] hub 5-1:1.0: USB hub found [34385.892472] hub 5-1:1.0: 6 ports detected [34385.910023] pcieport 0000:00:03.1: pciehp: Slot(0): Card present [34385.910026] pcieport 0000:00:03.1: pciehp: Slot(0): Link Up [34385.929388] [drm] DMUB HPD IRQ callback: link_index=5 [34385.986770] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [34385.990623] [drm] DM_MST: DP14, 4-lane link detected [34385.993317] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.035582] pci 0000:03:00.0: [8086:0b26] type 01 class 0x060400 PCIe Switch Upstream Port [34386.035628] pci 0000:03:00.0: PCI bridge to [bus 00] [34386.035643] pci 0000:03:00.0: bridge window [io 0x0000-0x0fff] [34386.035649] pci 0000:03:00.0: bridge window [mem 0x00000000-0x000fffff] [34386.035665] pci 0000:03:00.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] [34386.035684] pci 0000:03:00.0: enabling Extended Tags [34386.035874] pci 0000:03:00.0: supports D1 D2 [34386.035876] pci 0000:03:00.0: PME# supported from D0 D1 D2 D3hot D3cold [34386.036056] pci 0000:03:00.0: 2.000 Gb/s available PCIe bandwidth, limited by 2.5 GT/s PCIe x1 link at 0000:00:03.1 (capable of 8.000 Gb/s with 2.5 GT/s PCIe x4 link) [34386.036371] pci 0000:03:00.0: Adding to iommu group 4 [34386.036449] pcieport 0000:00:03.1: ASPM: current common clock configuration is inconsistent, reconfiguring [34386.042219] pci 0000:03:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring [34386.042433] pci 0000:04:00.0: [8086:0b26] type 01 class 0x060400 PCIe Switch Downstream Port [34386.042470] pci 0000:04:00.0: PCI bridge to [bus 00] [34386.042482] pci 0000:04:00.0: bridge window [io 0x0000-0x0fff] [34386.042488] pci 0000:04:00.0: bridge window [mem 0x00000000-0x000fffff] [34386.042503] pci 0000:04:00.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] [34386.042523] pci 0000:04:00.0: enabling Extended Tags [34386.042694] pci 0000:04:00.0: supports D1 D2 [34386.042696] pci 0000:04:00.0: PME# supported from D0 D1 D2 D3hot D3cold [34386.043015] pci 0000:04:00.0: Adding to iommu group 4 [34386.043102] pci 0000:04:01.0: [8086:0b26] type 01 class 0x060400 PCIe Switch Downstream Port [34386.043137] pci 0000:04:01.0: PCI bridge to [bus 00] [34386.043147] pci 0000:04:01.0: bridge window [io 0x0000-0x0fff] [34386.043152] pci 0000:04:01.0: bridge window [mem 0x00000000-0x000fffff] [34386.043167] pci 0000:04:01.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] [34386.043193] pci 0000:04:01.0: enabling Extended Tags [34386.043346] pci 0000:04:01.0: supports D1 D2 [34386.043348] pci 0000:04:01.0: PME# supported from D0 D1 D2 D3hot D3cold [34386.043786] pci 0000:04:01.0: Adding to iommu group 4 [34386.043866] pci 0000:04:02.0: [8086:0b26] type 01 class 0x060400 PCIe Switch Downstream Port [34386.043902] pci 0000:04:02.0: PCI bridge to [bus 00] [34386.043912] pci 0000:04:02.0: bridge window [io 0x0000-0x0fff] [34386.043916] pci 0000:04:02.0: bridge window [mem 0x00000000-0x000fffff] [34386.043931] pci 0000:04:02.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] [34386.043951] pci 0000:04:02.0: enabling Extended Tags [34386.044109] pci 0000:04:02.0: supports D1 D2 [34386.044111] pci 0000:04:02.0: PME# supported from D0 D1 D2 D3hot D3cold [34386.044455] pci 0000:04:02.0: Adding to iommu group 4 [34386.044535] pci 0000:04:03.0: [8086:0b26] type 01 class 0x060400 PCIe Switch Downstream Port [34386.044573] pci 0000:04:03.0: PCI bridge to [bus 00] [34386.044583] pci 0000:04:03.0: bridge window [io 0x0000-0x0fff] [34386.044588] pci 0000:04:03.0: bridge window [mem 0x00000000-0x000fffff] [34386.044604] pci 0000:04:03.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] [34386.044625] pci 0000:04:03.0: enabling Extended Tags [34386.044797] pci 0000:04:03.0: supports D1 D2 [34386.044799] pci 0000:04:03.0: PME# supported from D0 D1 D2 D3hot D3cold [34386.045127] pci 0000:04:03.0: Adding to iommu group 4 [34386.045205] pci 0000:04:04.0: [8086:0b26] type 01 class 0x060400 PCIe Switch Downstream Port [34386.045241] pci 0000:04:04.0: PCI bridge to [bus 00] [34386.045251] pci 0000:04:04.0: bridge window [io 0x0000-0x0fff] [34386.045256] pci 0000:04:04.0: bridge window [mem 0x00000000-0x000fffff] [34386.045272] pci 0000:04:04.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] [34386.045293] pci 0000:04:04.0: enabling Extended Tags [34386.045463] pci 0000:04:04.0: supports D1 D2 [34386.045465] pci 0000:04:04.0: PME# supported from D0 D1 D2 D3hot D3cold [34386.045845] pci 0000:04:04.0: Adding to iommu group 4 [34386.045931] pci 0000:03:00.0: PCI bridge to [bus 04-61] [34386.045956] pci 0000:04:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring [34386.045966] pci 0000:04:01.0: bridge configuration invalid ([bus 00-00]), reconfiguring [34386.045977] pci 0000:04:02.0: bridge configuration invalid ([bus 00-00]), reconfiguring [34386.045987] pci 0000:04:03.0: bridge configuration invalid ([bus 00-00]), reconfiguring [34386.045998] pci 0000:04:04.0: bridge configuration invalid ([bus 00-00]), reconfiguring [34386.046077] pci 0000:04:00.0: PCI bridge to [bus 05-61] [34386.046094] pci_bus 0000:05: busn_res: [bus 05-61] end is updated to 05 [34386.046171] pci 0000:04:01.0: PCI bridge to [bus 06-61] [34386.046189] pci_bus 0000:06: busn_res: [bus 06-61] end is updated to 24 [34386.046358] pci 0000:04:02.0: PCI bridge to [bus 25-61] [34386.046376] pci_bus 0000:25: busn_res: [bus 25-61] end is updated to 43 [34386.046494] pci 0000:04:03.0: PCI bridge to [bus 44-61] [34386.046512] pci_bus 0000:44: busn_res: [bus 44-61] end is updated to 60 [34386.046591] pci 0000:04:04.0: PCI bridge to [bus 61] [34386.046609] pci_bus 0000:61: busn_res: [bus 61] end is updated to 61 [34386.046616] pci_bus 0000:04: busn_res: [bus 04-61] end is updated to 61 [34386.046626] pci 0000:04:01.0: bridge window [mem 0x00100000-0x001fffff 64bit pref] to [bus 06-24] add_size 100000 add_align 100000 [34386.046631] pci 0000:04:01.0: bridge window [mem 0x00100000-0x001fffff] to [bus 06-24] add_size 100000 add_align 100000 [34386.046634] pci 0000:04:02.0: bridge window [mem 0x00100000-0x001fffff 64bit pref] to [bus 25-43] add_size 100000 add_align 100000 [34386.046637] pci 0000:04:02.0: bridge window [mem 0x00100000-0x001fffff] to [bus 25-43] add_size 100000 add_align 100000 [34386.046640] pci 0000:04:03.0: bridge window [mem 0x00100000-0x001fffff 64bit pref] to [bus 44-60] add_size 100000 add_align 100000 [34386.046643] pci 0000:04:03.0: bridge window [mem 0x00100000-0x001fffff] to [bus 44-60] add_size 100000 add_align 100000 [34386.046648] pci 0000:03:00.0: bridge window [mem 0x00100000-0x005fffff 64bit pref] to [bus 04-61] add_size 300000 add_align 100000 [34386.046652] pci 0000:03:00.0: bridge window [mem 0x00100000-0x005fffff] to [bus 04-61] add_size 300000 add_align 100000 [34386.046661] pci 0000:03:00.0: bridge window [mem 0x78000000-0x8fffffff]: assigned [34386.046664] pci 0000:03:00.0: bridge window [mem 0x7800000000-0x87ffffffff 64bit pref]: assigned [34386.046666] pci 0000:03:00.0: bridge window [io 0x6000-0xafff]: assigned [34386.046671] pci 0000:04:00.0: bridge window [mem 0x78000000-0x780fffff]: assigned [34386.046673] pci 0000:04:00.0: bridge window [mem 0x7800000000-0x78000fffff 64bit pref]: assigned [34386.046676] pci 0000:04:01.0: bridge window [mem 0x78100000-0x7fffffff]: assigned [34386.046678] pci 0000:04:01.0: bridge window [mem 0x7800100000-0x7d554fffff 64bit pref]: assigned [34386.046681] pci 0000:04:02.0: bridge window [mem 0x80000000-0x87efffff]: assigned [34386.046683] pci 0000:04:02.0: bridge window [mem 0x7d55500000-0x82aa8fffff 64bit pref]: assigned [34386.046685] pci 0000:04:03.0: bridge window [mem 0x87f00000-0x8fdfffff]: assigned [34386.046688] pci 0000:04:03.0: bridge window [mem 0x82aa900000-0x87ffcfffff 64bit pref]: assigned [34386.046690] pci 0000:04:04.0: bridge window [mem 0x8fe00000-0x8fefffff]: assigned [34386.046692] pci 0000:04:04.0: bridge window [mem 0x87ffd00000-0x87ffdfffff 64bit pref]: assigned [34386.046695] pci 0000:04:00.0: bridge window [io 0x6000-0x6fff]: assigned [34386.046697] pci 0000:04:01.0: bridge window [io 0x7000-0x7fff]: assigned [34386.046699] pci 0000:04:02.0: bridge window [io 0x8000-0x8fff]: assigned [34386.046701] pci 0000:04:03.0: bridge window [io 0x9000-0x9fff]: assigned [34386.046703] pci 0000:04:04.0: bridge window [io 0xa000-0xafff]: assigned [34386.046706] pci 0000:04:00.0: PCI bridge to [bus 05] [34386.046715] pci 0000:04:00.0: bridge window [io 0x6000-0x6fff] [34386.046722] pci 0000:04:00.0: bridge window [mem 0x78000000-0x780fffff] [34386.046727] pci 0000:04:00.0: bridge window [mem 0x7800000000-0x78000fffff 64bit pref] [34386.046735] pci 0000:04:01.0: PCI bridge to [bus 06-24] [34386.046739] pci 0000:04:01.0: bridge window [io 0x7000-0x7fff] [34386.046745] pci 0000:04:01.0: bridge window [mem 0x78100000-0x7fffffff] [34386.046750] pci 0000:04:01.0: bridge window [mem 0x7800100000-0x7d554fffff 64bit pref] [34386.046759] pci 0000:04:02.0: PCI bridge to [bus 25-43] [34386.046762] pci 0000:04:02.0: bridge window [io 0x8000-0x8fff] [34386.046769] pci 0000:04:02.0: bridge window [mem 0x80000000-0x87efffff] [34386.046774] pci 0000:04:02.0: bridge window [mem 0x7d55500000-0x82aa8fffff 64bit pref] [34386.046783] pci 0000:04:03.0: PCI bridge to [bus 44-60] [34386.046786] pci 0000:04:03.0: bridge window [io 0x9000-0x9fff] [34386.046793] pci 0000:04:03.0: bridge window [mem 0x87f00000-0x8fdfffff] [34386.046798] pci 0000:04:03.0: bridge window [mem 0x82aa900000-0x87ffcfffff 64bit pref] [34386.046807] pci 0000:04:04.0: PCI bridge to [bus 61] [34386.046810] pci 0000:04:04.0: bridge window [io 0xa000-0xafff] [34386.046817] pci 0000:04:04.0: bridge window [mem 0x8fe00000-0x8fefffff] [34386.046822] pci 0000:04:04.0: bridge window [mem 0x87ffd00000-0x87ffdfffff 64bit pref] [34386.046831] pci 0000:03:00.0: PCI bridge to [bus 04-61] [34386.046835] pci 0000:03:00.0: bridge window [io 0x6000-0xafff] [34386.046841] pci 0000:03:00.0: bridge window [mem 0x78000000-0x8fffffff] [34386.046847] pci 0000:03:00.0: bridge window [mem 0x7800000000-0x87ffffffff 64bit pref] [34386.046855] pcieport 0000:00:03.1: PCI bridge to [bus 03-61] [34386.046858] pcieport 0000:00:03.1: bridge window [io 0x6000-0xafff] [34386.046862] pcieport 0000:00:03.1: bridge window [mem 0x78000000-0x8fffffff] [34386.046866] pcieport 0000:00:03.1: bridge window [mem 0x7800000000-0x87ffffffff 64bit pref] [34386.047375] pcieport 0000:03:00.0: enabling device (0000 -> 0003) [34386.047659] pcieport 0000:04:00.0: enabling device (0000 -> 0003) [34386.047876] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.047943] pcieport 0000:04:01.0: enabling device (0000 -> 0003) [34386.048087] pcieport 0000:04:01.0: pciehp: Slot #1 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [34386.048364] pcieport 0000:04:02.0: enabling device (0000 -> 0003) [34386.048514] pcieport 0000:04:02.0: pciehp: Slot #2 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [34386.048893] pcieport 0000:04:03.0: enabling device (0000 -> 0003) [34386.049048] pcieport 0000:04:03.0: pciehp: Slot #3 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [34386.049256] pcieport 0000:04:04.0: enabling device (0000 -> 0003) [34386.104216] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.163230] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.215601] usb 6-1: new SuperSpeed Plus Gen 2x1 USB device number 9 using xhci_hcd [34386.217286] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.232470] usb 6-1: New USB device found, idVendor=8087, idProduct=0b40, bcdDevice=12.34 [34386.232476] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [34386.232479] usb 6-1: Product: USB3.0 Hub [34386.232482] usb 6-1: Manufacturer: Intel Corporation. [34386.260862] hub 6-1:1.0: USB hub found [34386.260921] hub 6-1:1.0: 4 ports detected [34386.274306] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.292653] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.331244] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.344481] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.394401] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.399318] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.407674] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.460879] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.468066] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.513089] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.518788] usb 5-1.1: new low-speed USB device number 13 using xhci_hcd [34386.523747] [drm] DMUB HPD RX IRQ callback: link_index=5 [34386.523758] [drm] Downstream port present 1, type 0 [34386.614181] [drm] DMUB HPD IRQ callback: link_index=5 [34386.614222] [drm] DPIA AUX failed on 0x0(1), error 7 [34386.638661] usb 5-1.1: New USB device found, idVendor=0451, idProduct=ace1, bcdDevice= 1.50 [34386.638666] usb 5-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [34386.638669] usb 5-1.1: Product: TPS DMC Family [34386.638672] usb 5-1.1: Manufacturer: Texas Instruments Inc [34386.638674] usb 5-1.1: SerialNumber: 6F03401608BA75BD0440D2CEDE55E56 [34386.728796] usb 5-1.2: new high-speed USB device number 14 using xhci_hcd [34386.826968] usb 5-1.2: New USB device found, idVendor=2109, idProduct=2822, bcdDevice= 7.d3 [34386.826973] usb 5-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [34386.826976] usb 5-1.2: Product: USB2.0 Hub [34386.826979] usb 5-1.2: Manufacturer: VIA Labs, Inc. [34386.826981] usb 5-1.2: SerialNumber: 000000001 [34386.883791] hub 5-1.2:1.0: USB hub found [34386.884241] hub 5-1.2:1.0: 4 ports detected [34386.908812] amdgpu 0000:c1:00.0: [drm] enabling link 5 failed: 15 [34386.915861] usb 6-1.4: new SuperSpeed Plus Gen 2x1 USB device number 10 using xhci_hcd [34387.014579] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.015232] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.015962] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.016607] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.017253] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.017904] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.018566] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.019219] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.019882] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.020708] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.021356] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.022032] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.022688] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.023345] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.024005] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.024667] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.025367] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.026024] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.026680] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.027347] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.028009] [drm] DPIA AUX failed on 0x80(16), error 7 [34387.044584] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [34387.044587] [drm] DM_MST: DP14, 4-lane link detected [34387.044591] [drm] DMUB HPD IRQ callback: link_index=5 [34387.044592] [drm] DMUB reported hpd status unchanged. link_index=5 [34387.078623] usb 6-1.4: New USB device found, idVendor=2109, idProduct=0822, bcdDevice= 7.d3 [34387.078629] usb 6-1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [34387.078632] usb 6-1.4: Product: USB3.1 Hub [34387.078634] usb 6-1.4: Manufacturer: VIA Labs, Inc. [34387.078636] usb 6-1.4: SerialNumber: 000000001 [34387.105779] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [34387.105785] [drm] DM_MST: DP14, 4-lane link detected [34387.105791] [drm] DMUB HPD IRQ callback: link_index=5 [34387.107897] hub 6-1.4:1.0: USB hub found [34387.108135] hub 6-1.4:1.0: 4 ports detected [34387.163951] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [34387.163961] [drm] DM_MST: DP14, 4-lane link detected [34387.163970] [drm] DMUB HPD IRQ callback: link_index=5 [34387.163971] [drm] DMUB reported hpd status unchanged. link_index=5 [34387.220431] [drm] DM_MST: starting TM on aconnector: 0000000059a6282d [id: 122] [34387.220440] [drm] DM_MST: DP14, 4-lane link detected [34387.679335] usb 5-1.2.4: new high-speed USB device number 15 using xhci_hcd [34387.814952] usb 5-1.2.4: New USB device found, idVendor=2109, idProduct=2822, bcdDevice= 7.e4 [34387.814960] usb 5-1.2.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [34387.814963] usb 5-1.2.4: Product: USB2.0 Hub [34387.814965] usb 5-1.2.4: Manufacturer: VIA Labs, Inc. [34387.814967] usb 5-1.2.4: SerialNumber: 000000001 [34387.875991] hub 5-1.2.4:1.0: USB hub found [34387.876416] hub 5-1.2.4:1.0: 4 ports detected [34387.907850] usb 6-1.4.1: new SuperSpeed USB device number 11 using xhci_hcd [34387.926018] usb 6-1.4.1: New USB device found, idVendor=05e3, idProduct=0764, bcdDevice= 0.01 [34387.926026] usb 6-1.4.1: New USB device strings: Mfr=3, Product=4, SerialNumber=2 [34387.926029] usb 6-1.4.1: Product: USB Storage [34387.926031] usb 6-1.4.1: Manufacturer: Generic [34387.926033] usb 6-1.4.1: SerialNumber: 000000002959 [34387.940975] usb-storage 6-1.4.1:1.0: USB Mass Storage device detected [34387.941359] scsi host0: usb-storage 6-1.4.1:1.0 [34388.034268] usb 6-1.4.4: new SuperSpeed Plus Gen 2x1 USB device number 12 using xhci_hcd [34388.094278] usb 6-1.4.4: New USB device found, idVendor=2109, idProduct=0822, bcdDevice= 7.e4 [34388.094284] usb 6-1.4.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [34388.094286] usb 6-1.4.4: Product: USB3.1 Hub [34388.094288] usb 6-1.4.4: Manufacturer: VIA Labs, Inc. [34388.094289] usb 6-1.4.4: SerialNumber: 000000001 [34388.116580] hub 6-1.4.4:1.0: USB hub found [34388.117021] hub 6-1.4.4:1.0: 4 ports detected [34388.682353] usb 5-1.2.4.2: new high-speed USB device number 16 using xhci_hcd [34388.830452] usb 5-1.2.4.2: New USB device found, idVendor=2109, idProduct=2822, bcdDevice= 7.d3 [34388.830460] usb 5-1.2.4.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [34388.830463] usb 5-1.2.4.2: Product: USB2.0 Hub [34388.830466] usb 5-1.2.4.2: Manufacturer: VIA Labs, Inc. [34388.830467] usb 5-1.2.4.2: SerialNumber: 000000001 [34388.867828] hub 5-1.2.4.2:1.0: USB hub found [34388.868091] hub 5-1.2.4.2:1.0: 4 ports detected [34388.899862] usb 6-1.4.4.2: new SuperSpeed Plus Gen 2x1 USB device number 13 using xhci_hcd [34388.947946] scsi 0:0:0:0: Direct-Access Generic MassStorageClass 0001 PQ: 0 ANSI: 6 [34388.949927] scsi 0:0:0:1: Direct-Access Generic MassStorageClass 0001 PQ: 0 ANSI: 6 [34388.951151] sd 0:0:0:0: [sda] Media removed, stopped polling [34388.951525] sd 0:0:0:0: [sda] Attached SCSI removable disk [34388.952094] sd 0:0:0:1: [sdb] Media removed, stopped polling [34388.952494] sd 0:0:0:1: [sdb] Attached SCSI removable disk [34389.062870] usb 6-1.4.4.2: New USB device found, idVendor=2109, idProduct=0822, bcdDevice= 7.d3 [34389.062877] usb 6-1.4.4.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [34389.062879] usb 6-1.4.4.2: Product: USB3.1 Hub [34389.062881] usb 6-1.4.4.2: Manufacturer: VIA Labs, Inc. [34389.062882] usb 6-1.4.4.2: SerialNumber: 000000001 [34389.091963] hub 6-1.4.4.2:1.0: USB hub found [34389.092300] hub 6-1.4.4.2:1.0: 4 ports detected [34389.266290] usb 6-1.4.4.4: new SuperSpeed USB device number 14 using xhci_hcd [34389.281550] usb 6-1.4.4.4: New USB device found, idVendor=30f3, idProduct=0419, bcdDevice=31.01 [34389.281562] usb 6-1.4.4.4: New USB device strings: Mfr=1, Product=2, SerialNumber=6 [34389.281564] usb 6-1.4.4.4: Product: USB 10/100/1000 LAN [34389.281566] usb 6-1.4.4.4: Manufacturer: Realtek [34389.281567] usb 6-1.4.4.4: SerialNumber: 1014E0A6A [34389.300692] cdc_ether 6-1.4.4.4:2.0 eth0: register 'cdc_ether' at usb-0000:c3:00.3-1.4.4.4, CDC Ethernet Device, 80:6d:97:4e:0a:6a [34389.662101] usb 5-1.2.4.2.2: new high-speed USB device number 17 using xhci_hcd [34389.795718] usb 5-1.2.4.2.2: New USB device found, idVendor=1397, idProduct=00d4, bcdDevice= 1.01 [34389.795730] usb 5-1.2.4.2.2: New USB device strings: Mfr=12, Product=7, SerialNumber=13 [34389.795735] usb 5-1.2.4.2.2: Product: X18/XR18 [34389.795737] usb 5-1.2.4.2.2: Manufacturer: BEHRINGER [34389.795740] usb 5-1.2.4.2.2: SerialNumber: 592C3096 [34389.859793] usb 6-1.4.4.2.3: new SuperSpeed USB device number 15 using xhci_hcd [34389.925895] usb 5-1.2.4.2.2: Quirk or no altset; falling back to MIDI 1.0 [34390.109788] usb 6-1.4.4.2.3: New USB device found, idVendor=2109, idProduct=0812, bcdDevice= d.a1 [34390.109797] usb 6-1.4.4.2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [34390.109800] usb 6-1.4.4.2.3: Product: USB3.0 Hub [34390.109803] usb 6-1.4.4.2.3: Manufacturer: VIA Labs, Inc. [34390.131928] hub 6-1.4.4.2.3:1.0: USB hub found [34390.132081] hub 6-1.4.4.2.3:1.0: 4 ports detected [34390.228738] usb 5-1.2.4.2.3: new high-speed USB device number 18 using xhci_hcd [34390.372848] usb 5-1.2.4.2.3: New USB device found, idVendor=2109, idProduct=2812, bcdDevice= d.a0 [34390.372857] usb 5-1.2.4.2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [34390.372859] usb 5-1.2.4.2.3: Product: USB2.0 Hub [34390.372862] usb 5-1.2.4.2.3: Manufacturer: VIA Labs, Inc. [34390.436084] hub 5-1.2.4.2.3:1.0: USB hub found [34390.437569] hub 5-1.2.4.2.3:1.0: 4 ports detected [34390.572152] usb 5-1.2.4.2.4: new high-speed USB device number 19 using xhci_hcd [34390.741857] usb 5-1.2.4.2.4: New USB device found, idVendor=046d, idProduct=08e5, bcdDevice= 0.0c [34390.741866] usb 5-1.2.4.2.4: New USB device strings: Mfr=0, Product=2, SerialNumber=0 [34390.741869] usb 5-1.2.4.2.4: Product: HD Pro Webcam C920 [34390.791412] usb 5-1.2.4.2.4: Found UVC 1.00 device HD Pro Webcam C920 (046d:08e5) [34390.806020] uvcvideo 5-1.2.4.2.4:1.1: Failed to set UVC probe control : -32 (exp. 26). [34390.808739] usb 5-1.2.4.2.3.2: new full-speed USB device number 20 using xhci_hcd [34390.941583] usb 5-1.2.4.2.3.2: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice=12.11 [34390.941592] usb 5-1.2.4.2.3.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [34390.941595] usb 5-1.2.4.2.3.2: Product: USB Receiver [34390.941598] usb 5-1.2.4.2.3.2: Manufacturer: Logitech [34391.242059] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 24000 [34391.302093] logitech-djreceiver 0003:046D:C52B.000E: hiddev97,hidraw4: USB HID v1.11 Device [Logitech USB Receiver] on usb-0000:c3:00.3-1.2.4.2.3.2/input2 [34391.423939] input: Logitech MX Master 3 as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.2/5-1.2.4.2.3.2:1.2/0003:046D:C52B.000E/0003:046D:4082.000F/input/input28 [34391.456499] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [34391.498993] usb 5-1.2.4.2.3.4: new full-speed USB device number 21 using xhci_hcd [34391.598872] logitech-hidpp-device 0003:046D:4082.000F: input,hidraw5: USB HID v1.11 Keyboard [Logitech MX Master 3] on usb-0000:c3:00.3-1.2.4.2.3.2/input2:1 [34391.615590] usb 5-1.2.4.2.3.4: New USB device found, idVendor=24f0, idProduct=0140, bcdDevice= 1.00 [34391.615598] usb 5-1.2.4.2.3.4: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [34391.615600] usb 5-1.2.4.2.3.4: Product: Das Keyboard [34391.615602] usb 5-1.2.4.2.3.4: Manufacturer: Metadot - Das Keyboard [34391.905327] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [34391.907921] input: Metadot - Das Keyboard Das Keyboard as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.4/5-1.2.4.2.3.4:1.0/0003:24F0:0140.0010/input/input29 [34391.978646] [drm] DMUB HPD RX IRQ callback: link_index=5 [34392.004686] [drm] DMUB HPD RX IRQ callback: link_index=5 [34392.132370] hid-generic 0003:24F0:0140.0010: input,hidraw6: USB HID v1.10 Keyboard [Metadot - Das Keyboard Das Keyboard] on usb-0000:c3:00.3-1.2.4.2.3.4/input0 [34392.139815] input: Metadot - Das Keyboard Das Keyboard System Control as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.4/5-1.2.4.2.3.4:1.1/0003:24F0:0140.0011/input/input30 [34392.192233] input: Metadot - Das Keyboard Das Keyboard Consumer Control as /devices/pci0000:00/0000:00:08.3/0000:c3:00.3/usb5/5-1/5-1.2/5-1.2.4/5-1.2.4.2/5-1.2.4.2.3/5-1.2.4.2.3.4/5-1.2.4.2.3.4:1.1/0003:24F0:0140.0011/input/input31 [34392.192325] hid-generic 0003:24F0:0140.0011: input,hidraw7: USB HID v1.10 Device [Metadot - Das Keyboard Das Keyboard] on usb-0000:c3:00.3-1.2.4.2.3.4/input1 [34392.225353] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [34392.513340] usb 5-1.2.4.2.4: current rate 16000 is different from the runtime rate 32000 [34393.024581] [drm] DMUB HPD RX IRQ callback: link_index=5 [34393.058723] [drm] DMUB HPD RX IRQ callback: link_index=5 [34393.107042] [drm] DMUB HPD RX IRQ callback: link_index=5 [34393.111600] [drm] DMUB HPD RX IRQ callback: link_index=5 [34397.103664] [drm] DMUB HPD RX IRQ callback: link_index=5 [34401.087234] [drm] DMUB HPD RX IRQ callback: link_index=5 [34401.104809] amdgpu 0000:c1:00.0: [drm] *ERROR* failed to lookup MSTB with lct 2, rad 00 [34401.106950] [drm] DMUB HPD RX IRQ callback: link_index=5 [34401.109590] amdgpu 0000:c1:00.0: [drm] *ERROR* failed to lookup MSTB with lct 2, rad 00 [34405.099183] [drm] DMUB HPD RX IRQ callback: link_index=5 [34409.059932] [drm] DMUB HPD RX IRQ callback: link_index=5 [34409.115495] EDID block 0 is all zeroes [34409.115500] [drm:link_add_remote_sink [amdgpu]] *ERROR* Bad EDID, status3! [34412.052608] [drm] DMUB HPD RX IRQ callback: link_index=5 [34412.069851] [drm] DMUB HPD RX IRQ callback: link_index=5 [34416.058980] [drm] DMUB HPD RX IRQ callback: link_index=5 [34416.071695] [drm] DMUB HPD RX IRQ callback: link_index=5 [34418.121897] [drm] DMUB HPD RX IRQ callback: link_index=5 [34418.143828] [drm] DMUB HPD RX IRQ callback: link_index=5 [34422.132221] [drm] DMUB HPD RX IRQ callback: link_index=5 [34422.144947] [drm] DMUB HPD RX IRQ callback: link_index=5 [34424.193145] [drm] DMUB HPD RX IRQ callback: link_index=5 [34424.213118] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.205473] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.250823] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.308784] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.311542] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.333216] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.391887] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.440701] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.445765] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.498174] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.553433] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.613225] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.667162] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.725137] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.771768] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.787186] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.847450] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.904678] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.926341] [drm] DMUB HPD RX IRQ callback: link_index=5 [34428.962714] [drm] DMUB HPD RX IRQ callback: link_index=5 [34429.016435] [drm] DMUB HPD RX IRQ callback: link_index=5 [34429.074925] [drm] DMUB HPD RX IRQ callback: link_index=5 [34431.082613] [drm] DMUB HPD RX IRQ callback: link_index=5 [34431.100957] [drm] DMUB HPD RX IRQ callback: link_index=5 [34435.068096] [drm] DMUB HPD RX IRQ callback: link_index=5 [34435.096107] [drm] DMUB HPD RX IRQ callback: link_index=5 [34437.105940] [drm] DMUB HPD RX IRQ callback: link_index=5 [34437.150271] [drm] DMUB HPD RX IRQ callback: link_index=5 [34441.145175] [drm] DMUB HPD RX IRQ callback: link_index=5 [34441.147139] amdgpu 0000:c1:00.0: [drm] *ERROR* failed to lookup MSTB with lct 2, rad 00 [34441.149235] [drm] DMUB HPD RX IRQ callback: link_index=5 [34441.188643] [drm] DMUB HPD RX IRQ callback: link_index=5 [34441.202840] amdgpu 0000:c1:00.0: [drm] *ERROR* failed to lookup MSTB with lct 2, rad 00 [34441.205145] [drm] DMUB HPD RX IRQ callback: link_index=5 [34443.741859] usb 5-1: USB disconnect, device number 12 [34443.741886] usb 5-1.1: USB disconnect, device number 13 [34443.742197] usb 5-1.2: USB disconnect, device number 14 [34443.742200] usb 5-1.2.4: USB disconnect, device number 15 [34443.742202] usb 5-1.2.4.2: USB disconnect, device number 16 [34443.742204] usb 5-1.2.4.2.2: USB disconnect, device number 17 [34443.743820] usb 5-1.2.4.2.3: USB disconnect, device number 18 [34443.743823] usb 5-1.2.4.2.3.2: USB disconnect, device number 20 [34443.749894] thunderbolt 0-0:2.1: retimer disconnected [34443.752247] [drm] DMUB HPD IRQ callback: link_index=5 [34443.752373] [drm] DM_MST: stopping TM on aconnector: 0000000059a6282d [id: 122] [34443.755273] thunderbolt 0-2: device disconnected [34443.778961] usb 6-1: USB disconnect, device number 9 [34443.778966] usb 6-1.4: USB disconnect, device number 10 [34443.778969] usb 6-1.4.1: USB disconnect, device number 11 [34443.844632] pcieport 0000:00:03.1: pciehp: Slot(0): Card not present [34443.846724] pci_bus 0000:05: busn_res: [bus 05] is released [34443.846837] pci_bus 0000:06: busn_res: [bus 06-24] is released [34443.846923] pci_bus 0000:25: busn_res: [bus 25-43] is released [34443.846986] pci_bus 0000:44: busn_res: [bus 44-60] is released [34443.847033] pci_bus 0000:61: busn_res: [bus 61] is released [34443.847094] pci_bus 0000:04: busn_res: [bus 04-61] is released [34444.045660] usb 6-1.4.4: USB disconnect, device number 12 [34444.045671] usb 6-1.4.4.2: USB disconnect, device number 13 [34444.045678] usb 6-1.4.4.2.3: USB disconnect, device number 15 [34444.068284] usb 6-1.4.4.4: USB disconnect, device number 14 [34444.069389] cdc_ether 6-1.4.4.4:2.0 eth0: unregister 'cdc_ether' usb-0000:c3:00.3-1.4.4.4, CDC Ethernet Device [34444.196121] usb 5-1.2.4.2.3.4: USB disconnect, device number 21 [34444.772936] usb 5-1.2.4.2.4: USB disconnect, device number 19 [34446.141641] usb 1-4: reset full-speed USB device number 3 using xhci_hcd [34446.444981] usb 1-4: reset full-speed USB device number 3 using xhci_hcd [34450.798642] wlp1s0: disconnect from AP ac:8b:a9:28:2a:9a for new auth to ac:8b:a9:48:29:8b [34451.082073] wlp1s0: authenticate with ac:8b:a9:48:29:8b (local address=a8:3b:76:72:df:d5) [34451.098747] wlp1s0: send auth to ac:8b:a9:48:29:8b (try 1/3) [34451.106261] wlp1s0: authenticated [34451.127830] wlp1s0: associate with ac:8b:a9:48:29:8b (try 1/3) [34451.192119] wlp1s0: RX ReassocResp from ac:8b:a9:48:29:8b (capab=0x1111 status=0 aid=3) [34451.230509] wlp1s0: associated [34451.230601] wlp1s0: Limiting TX power to 23 (23 - 0) dBm as advertised by ac:8b:a9:48:29:8b PS: I've cc'd the folks who worked on the previous issue, as it's the same harware and software. Sorry, if I bothered you PPS: I hope me writing here does not have to become a regular thing xD

1 day, 16 hours

1
0
0 0

[PATCH] reset: gpio: suppress bind attributes in sysfs

by Bartosz Golaszewski

This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle. Fixes: cee544a40e44 ("reset: gpio: Add GPIO-based reset controller") Cc: stable(a)vger.kernel.org Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com> --- drivers/reset/reset-gpio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/reset/reset-gpio.c b/drivers/reset/reset-gpio.c index e5512b3b596b..626c4c639c15 100644 --- a/drivers/reset/reset-gpio.c +++ b/drivers/reset/reset-gpio.c @@ -111,6 +111,7 @@ static struct auxiliary_driver reset_gpio_driver = { .id_table = reset_gpio_ids, .driver = { .name = "reset-gpio", + .suppress_bind_attrs = true, }, }; module_auxiliary_driver(reset_gpio_driver); -- 2.51.0

1 day, 16 hours

3
6
0 0

[PATCH v2 0/2] Fix vm.dirtytime_expire_seconds=0 causing 100% CPU

by Laveesh Bansal

Setting vm.dirtytime_expire_seconds to 0 causes wakeup_dirtytime_writeback() to reschedule itself with a delay of 0, creating an infinite busy loop that spins kworker at 100% CPU. This series: - Patch 1: Fixes the bug by handling interval=0 as "disable writeback" (consistent with dirty_writeback_centisecs behavior) - Patch 2: Documents that setting the value to 0 disables writeback Tested by booting kernels in QEMU with virtme-ng: - Buggy kernel: kworker CPU spikes to ~73% when interval set to 0 - Fixed kernel: CPU remains normal, writeback correctly disabled - Re-enabling (0 -> non-zero): writeback resumes correctly v2: - Added Reviewed-by from Jan Kara (no code changes) Laveesh Bansal (2): writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 docs: clarify that dirtytime_expire_seconds=0 disables writeback Documentation/admin-guide/sysctl/vm.rst | 2 ++ fs/fs-writeback.c | 14 ++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) -- 2.43.0

1 day, 16 hours

2
3
0 0

[PATCH 0/4] Some fix patches for uvc gadget function

by Xu Yang

Recenly when test uvc gadget function I find some YUYV pixel format 720p and 1080p stream can't output normally. However, small resulution and MJPEG format stream works fine. The first patch#1 is to fix the issue. Patch#2 and #3 are small fix or improvement. For patch#4: it's a workaround for a long-term issue in videobuf2. With it, many device can work well and not solely based on the SG allocation method. Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> --- Xu Yang (4): usb: gadget: uvc: fix req_payload_size calculation usb: gadget: uvc: fix interval_duration calculation usb: gadget: uvc: improve error handling in uvcg_video_init() usb: gadget: uvc: retry vb2_reqbufs() with vb_vmalloc_memops if use_sg fail drivers/usb/gadget/function/f_uvc.c | 4 ++++ drivers/usb/gadget/function/uvc.h | 3 ++- drivers/usb/gadget/function/uvc_queue.c | 23 +++++++++++++++++++---- drivers/usb/gadget/function/uvc_video.c | 14 +++++++------- 4 files changed, 32 insertions(+), 12 deletions(-) --- base-commit: 56a512a9b4107079f68701e7d55da8507eb963d9 change-id: 20260108-uvc-gadget-fix-patch-aa5996332bb5 Best regards, -- Xu Yang <xu.yang_2(a)nxp.com>

1 day, 17 hours

2
5
0 0

[PATCH v2] arm64: fix cleared E0POE bit after cpu_suspend()/resume()

by Yeoreum Yun

TCR2_ELx.E0POE is set during smp_init(). However, this bit is not reprogrammed when the CPU enters suspension and later resumes via cpu_resume(), as __cpu_setup() does not re-enable E0POE and there is no save/restore logic for the TCR2_ELx system register. As a result, the E0POE feature no longer works after cpu_resume(). To address this, save and restore TCR2_EL1 in the cpu_suspend()/cpu_resume() path, rather than adding related logic to __cpu_setup(), taking into account possible future extensions of the TCR2_ELx feature. Cc: stable(a)vger.kernel.org Fixes: bf83dae90fbc ("arm64: enable the Permission Overlay Extension for EL0") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> --- Patch History ============== from v1 to v2: - following @Kevin Brodsky suggestion. - https://lore.kernel.org/all/20260105200707.2071169-1-yeoreum.yun@arm.com/ NOTE: This patch based on v6.19-rc4 --- arch/arm64/include/asm/suspend.h | 2 +- arch/arm64/mm/proc.S | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/suspend.h b/arch/arm64/include/asm/suspend.h index e65f33edf9d6..e9ce68d50ba4 100644 --- a/arch/arm64/include/asm/suspend.h +++ b/arch/arm64/include/asm/suspend.h @@ -2,7 +2,7 @@ #ifndef __ASM_SUSPEND_H #define __ASM_SUSPEND_H -#define NR_CTX_REGS 13 +#define NR_CTX_REGS 14 #define NR_CALLEE_SAVED_REGS 12 /* diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 01e868116448..5d907ce3b6d3 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -110,6 +110,10 @@ SYM_FUNC_START(cpu_do_suspend) * call stack. */ str x18, [x0, #96] +alternative_if ARM64_HAS_TCR2 + mrs x2, REG_TCR2_EL1 + str x2, [x0, #104] +alternative_else_nop_endif ret SYM_FUNC_END(cpu_do_suspend) @@ -144,6 +148,10 @@ SYM_FUNC_START(cpu_do_resume) msr tcr_el1, x8 msr vbar_el1, x9 msr mdscr_el1, x10 +alternative_if ARM64_HAS_TCR2 + ldr x2, [x0, #104] + msr REG_TCR2_EL1, x2 +alternative_else_nop_endif msr sctlr_el1, x12 set_this_cpu_offset x13 -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

1 day, 17 hours

4
5
0 0

[PATCH v3] drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS()

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> The deprecated UNIVERSAL_DEV_PM_OPS() macro uses the provided callbacks for both runtime PM and system sleep. This causes the DSI clocks to be disabled twice: once during runtime suspend and again during system suspend, resulting in a WARN message from the clock framework when attempting to disable already-disabled clocks. [ 84.384540] clk:231:5 already disabled [ 84.388314] WARNING: CPU: 2 PID: 531 at /drivers/clk/clk.c:1181 clk_core_disable+0xa4/0xac ... [ 84.579183] Call trace: [ 84.581624] clk_core_disable+0xa4/0xac [ 84.585457] clk_disable+0x30/0x4c [ 84.588857] cdns_dsi_suspend+0x20/0x58 [cdns_dsi] [ 84.593651] pm_generic_suspend+0x2c/0x44 [ 84.597661] ti_sci_pd_suspend+0xbc/0x15c [ 84.601670] dpm_run_callback+0x8c/0x14c [ 84.605588] __device_suspend+0x1a0/0x56c [ 84.609594] dpm_suspend+0x17c/0x21c [ 84.613165] dpm_suspend_start+0xa0/0xa8 [ 84.617083] suspend_devices_and_enter+0x12c/0x634 [ 84.621872] pm_suspend+0x1fc/0x368 To address this issue, replace UNIVERSAL_DEV_PM_OPS() with SET_RUNTIME_PM_OPS(), enabling suspend/resume handling through the _enable()/_disable() hooks managed by the DRM framework for both runtime and system-wide PM. Cc: <stable(a)vger.kernel.org> # 6.1.x Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- v2 -> v3 - Fix warning: 'cdns_dsi_suspend' defined but not used [-Wunused-function] - Fix warning: 'cdns_dsi_resume' defined but not used [-Wunused-function] v1 -> v2 - Rely only on SET_RUNTIME_PM_OPS() for the PM. drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index b022dd6e6b6e..6429d541889c 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -1258,7 +1258,7 @@ static const struct mipi_dsi_host_ops cdns_dsi_ops = { .transfer = cdns_dsi_transfer, }; -static int __maybe_unused cdns_dsi_resume(struct device *dev) +static int cdns_dsi_resume(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1269,7 +1269,7 @@ static int __maybe_unused cdns_dsi_resume(struct device *dev) return 0; } -static int __maybe_unused cdns_dsi_suspend(struct device *dev) +static int cdns_dsi_suspend(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1279,8 +1279,9 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) return 0; } -static UNIVERSAL_DEV_PM_OPS(cdns_dsi_pm_ops, cdns_dsi_suspend, cdns_dsi_resume, - NULL); +static const struct dev_pm_ops cdns_dsi_pm_ops = { + RUNTIME_PM_OPS(cdns_dsi_suspend, cdns_dsi_resume, NULL) +}; static int cdns_dsi_drm_probe(struct platform_device *pdev) { @@ -1427,7 +1428,7 @@ static struct platform_driver cdns_dsi_platform_driver = { .driver = { .name = "cdns-dsi", .of_match_table = cdns_dsi_of_match, - .pm = &cdns_dsi_pm_ops, + .pm = pm_ptr(&cdns_dsi_pm_ops), }, }; module_platform_driver(cdns_dsi_platform_driver); -- 2.34.1

1 day, 17 hours

3
6
0 0

[PATCH v3] media: v4l2-flash: Enter LED off state after file handle closed

by cy_huang＠richtek.com

From: ChiYuan Huang <cy_huang(a)richtek.com> To make sure LED enter off state after file handle is closed, initiatively configure LED_MODE to NONE. This can guarantee whatever the previous state is torch or strobe mode, the final state will be off. Cc: stable(a)vger.kernel.org Fixes: 42bd6f59ae90 ("media: Add registration helpers for V4L2 flash sub-devices") Signed-off-by: ChiYuan Huang <cy_huang(a)richtek.com> --- Still cannot pass patch integration check, send v3 patch to fix all. v3 - Remove 'Reported-by' tag - Fix identation check for patch integration v2 - Fix commit message redudant space cause patch robot parsing error Hi, We encounter an issue. When the upper layer camera process is crashed, if the new process did not reinit the LED, it will keeps the previous state whatever it's in torch or strobe mode OS will handle the resource management. So when the process is crashed or terminated, the 'close' API will be called to release resources. That's why we add the initiative action to trigger LED off in file handle close is called. --- drivers/media/v4l2-core/v4l2-flash-led-class.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/media/v4l2-core/v4l2-flash-led-class.c b/drivers/media/v4l2-core/v4l2-flash-led-class.c index 355595a0fefa..46606f5cc192 100644 --- a/drivers/media/v4l2-core/v4l2-flash-led-class.c +++ b/drivers/media/v4l2-core/v4l2-flash-led-class.c @@ -623,6 +623,12 @@ static int v4l2_flash_close(struct v4l2_subdev *sd, struct v4l2_subdev_fh *fh) return 0; if (led_cdev) { + /* If file handle is released, make sure LED enter off state */ + ret = v4l2_ctrl_s_ctrl(v4l2_flash->ctrls[LED_MODE], + V4L2_FLASH_LED_MODE_NONE); + if (ret) + return ret; + mutex_lock(&led_cdev->led_access); if (v4l2_flash->ctrls[STROBE_SOURCE]) base-commit: 8ac28a6642d1cc8bac0632222e66add800b027fa -- 2.34.1

1 day, 17 hours

1
0
0 0

[PATCH] gpio: rockchip: mark the GPIO controller as sleeping

by Bartosz Golaszewski

The GPIO controller is configured as non-sleeping but it uses generic pinctrl helpers which use a mutex for synchronization. This can cause the following lockdep splat with shared GPIOs enabled on boards which have multiple devices using the same GPIO: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:591 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 12, name: kworker/u16:0 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 6 locks held by kworker/u16:0/12: #0: ffff0001f0018d48 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x18c/0x604 #1: ffff8000842dbdf0 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work+0x1b4/0x604 #2: ffff0001f18498f8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x38/0x1b0 #3: ffff0001f75f1e90 (&gdev->srcu){.+.?}-{0:0}, at: gpiod_direction_output_raw_commit+0x0/0x360 #4: ffff0001f46e3db8 (&shared_desc->spinlock){....}-{3:3}, at: gpio_shared_proxy_direction_output+0xd0/0x144 [gpio_shared_proxy] #5: ffff0001f180ee90 (&gdev->srcu){.+.?}-{0:0}, at: gpiod_direction_output_raw_commit+0x0/0x360 irq event stamp: 81450 hardirqs last enabled at (81449): [<ffff8000813acba4>] _raw_spin_unlock_irqrestore+0x74/0x78 hardirqs last disabled at (81450): [<ffff8000813abfb8>] _raw_spin_lock_irqsave+0x84/0x88 softirqs last enabled at (79616): [<ffff8000811455fc>] __alloc_skb+0x17c/0x1e8 softirqs last disabled at (79614): [<ffff8000811455fc>] __alloc_skb+0x17c/0x1e8 CPU: 2 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.19.0-rc4-next-20260105+ #11975 PREEMPT Hardware name: Hardkernel ODROID-M1 (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: show_stack+0x18/0x24 (C) dump_stack_lvl+0x90/0xd0 dump_stack+0x18/0x24 __might_resched+0x144/0x248 __might_sleep+0x48/0x98 __mutex_lock+0x5c/0x894 mutex_lock_nested+0x24/0x30 pinctrl_get_device_gpio_range+0x44/0x128 pinctrl_gpio_direction+0x3c/0xe0 pinctrl_gpio_direction_output+0x14/0x20 rockchip_gpio_direction_output+0xb8/0x19c gpiochip_direction_output+0x38/0x94 gpiod_direction_output_raw_commit+0x1d8/0x360 gpiod_direction_output_nonotify+0x7c/0x230 gpiod_direction_output+0x34/0xf8 gpio_shared_proxy_direction_output+0xec/0x144 [gpio_shared_proxy] gpiochip_direction_output+0x38/0x94 gpiod_direction_output_raw_commit+0x1d8/0x360 gpiod_direction_output_nonotify+0x7c/0x230 gpiod_configure_flags+0xbc/0x480 gpiod_find_and_request+0x1a0/0x574 gpiod_get_index+0x58/0x84 devm_gpiod_get_index+0x20/0xb4 devm_gpiod_get_optional+0x18/0x30 rockchip_pcie_probe+0x98/0x380 platform_probe+0x5c/0xac really_probe+0xbc/0x298 Fixes: 936ee2675eee ("gpio/rockchip: add driver for rockchip gpio") Cc: stable(a)vger.kernel.org Reported-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Closes: https://lore.kernel.org/all/d035fc29-3b03-4cd6-b8ec-001f93540bc6@samsung.co… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com> --- drivers/gpio/gpio-rockchip.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpio/gpio-rockchip.c b/drivers/gpio/gpio-rockchip.c index 47174eb3ba76..bae2061f15fc 100644 --- a/drivers/gpio/gpio-rockchip.c +++ b/drivers/gpio/gpio-rockchip.c @@ -593,6 +593,7 @@ static int rockchip_gpiolib_register(struct rockchip_pin_bank *bank) gc->ngpio = bank->nr_pins; gc->label = bank->name; gc->parent = bank->dev; + gc->can_sleep = true; ret = gpiochip_add_data(gc, bank); if (ret) { -- 2.47.3

1 day, 17 hours

4
4
0 0

دعوة لنشر الأبحاث والمقالات العلمية

by مجلة زكا للع لوم المالية والاقتصادي ة والإدارية

[ View in browser](https://7m8ue.r.ag.d.sendibm3.com/mk/mr/sh/7nVTPdZCTJDXOxg5wYo2dj3… مجلة زكا للعلوم المالية والاقتصادية والإدارية ============================================= مجلة علمية ، محكمة، فصلية ، مفتوحة الوصول ، تصدر عن مركز فكر للدراسات والتطوير **زكا** اسمٌ مستلهم من **الزكاء**، ليجسّد جوهر المجلة في **التحليل المالي الرصين، والفكر الاقتصادي المتوازن، والقرار الإداري القائم على البحث العلمي**. #### السادة أعضاء الهيئات التدريسية، الباحثون الكرام السادة أعضاء الهيئات التدريسية، الباحثون والباحثات الأفاضل، تحية طيبة وبعد، يسرّ **مجلة زكا للعلوم المالية والاقتصادية والإدارية** *(Zaca Journal of Financial Sciences, Economics & Business Administration)* — وهي مجلة علمية محكّمة، ربع سنوية، تصدر عن **مركز فكر للدراسات والتطوير** — أن تُعلن عن فتح باب استقبال الأبحاث العلمية الأصيلة للنشر في **العدد الخامس**. ###عن مجلة زكا تهدف مجلة زكا إلى دعم البحث العلمي الرصين في مجالات **الاقتصاد، العلوم المالية، والإدارة**، وتوفير منصة أكاديمية موثوقة تواكب المستجدات العلمية والعملية، وفق معايير تحكيم دقيقة وجودة عالية في النشر، بما يعزّز حضور الباحثين في الأوساط الأكاديمية العربية والدولية. ###مزايا النشر في مجلة زكا 🔹 **تحكيم يصنع الفارق** تحكيم علمي مهني وشفاف، يركّز على الأصالة، المتانة المنهجية، والقيمة العلمية والتطبيقية للأبحاث في مجالات الاقتصاد والعلوم المالية والإدارية. 🔹 **سرعة تحكيم تُقدّر وقت الباحث** تلتزم المجلة بتسليم **نتائج التحكيم والملاحظات خلال 7 أيام فقط**، بما يتيح للباحثين التخطيط الأكاديمي السليم دون تأخير. 🔹 **انتشار بلا حدود (Open Access)** نمط وصول مفتوح يضمن إتاحة الأبحاث للباحثين وصنّاع القرار دون قيود، ما يعزّز فرص الاقتباس والتأثير العلمي والعملي. 🔹 **فهرسة دولية واسعة وانتشار عالمي** مجلة زكا مفهرسة دوليًا في أكثر من **40 قاعدة بيانات**، ضمن شبكات فهرسة أكاديمية متعدّدة تدعم ظهور الأبحاث في محركات البحث والمنصّات العلمية العالمية. 🔹 **معامل تأثير قوي وحضور أكاديمي متنامٍ** تعتمد المجلة سياسة جودة صارمة ومعايير تقييم دقيقة، بما يعزّز **معامل التأثير** ويرفع من القيمة الأكاديمية للنشر ضمن ملفات الباحثين العلمية والترقيات الأكاديمية. 🔹 **توثيق علمي عالمي (DOI)** تخصيص **DOI دولي مستقل لكل مقال** يضمن حماية الملكية الفكرية، وسهولة التتبع والاستشهاد، وزيادة الحضور العلمي عالميًا. 🔹 **تعدّد لغوي = جمهور أوسع** النشر بثلاث لغات (**العربية – الإنجليزية – التركية**) يوسّع دائرة الاستفادة، ويمنح الأبحاث حضورًا إقليميًا ودوليًا أوسع. 🔹 **موثوقية أكاديمية موثّقة** رقم معياري دولي **ISSN: 3104-7289**، وهوية تحريرية واضحة، وانتظام في الإصدار يعزّزان مصداقية السجل البحثي للباحث. 🔹 **تجربة نشر احترافية متكاملة** بوابة إلكترونية حديثة لتقديم الأبحاث ومتابعتها، مع إخراج فني ولغوي احترافي يواكب المعايير الدولية للنشر العلمي. 🔹 **رسوم نشر عادلة وتنافسية** رسوم نشر **50 دولارًا أمريكيًا فقط** تشمل التحكيم العلمي والإخراج الفني، في إطار سياسة داعمة للباحثين دون المساس بالجودة. 🔹 **رؤية تتجاوز النشر** مجلة زكا ليست مجرد منصة نشر، بل **منصة معرفية تطبيقية** تربط البحث الأكاديمي بالواقع الاقتصادي والمالي والإداري، وتسهم في دعم صُنّاع القرار وتعزيز التنمية المبنية على المعرفة. ###مجالات النشر تستقبل المجلة الأبحاث العلمية الأصيلة في المجالات التالية: • إدارة الأعمال • الاقتصاد • التجارة • التسويق • العلوم المالية والمصرفية • المحاسبة • الإدارة العامة • الاقتصاد الإسلامي ###المواعيد المجلة مفتوحة لاستقبال الأبحاث **طوال العام**، وتُنشر الأعداد بشكل دوري ومنتظم. ###آلية التقديم والتواصل 📄 **تقديم المخطوطات عبر الرابط التالي:** [https://7m8ue.r.ag.d.sendibm3.com/mk/cl/f/sh/7nVU1aA2nfsTSeWOzmWNvJm5IIiZEZ… 🌐 **موقع المجلة:** [https://7m8ue.r.ag.d.sendibm3.com/mk/cl/f/sh/7nVU1aA2nfuMSB1hyLkpxg5tSfDLyV… 📧 **البريد الإلكتروني:** [info@zaca-journal.org](mailto:info@zaca-journal.org) 📲 **التواصل عبر واتساب:** [https://7m8ue.r.ag.d.sendibm3.com/mk/cl/f/sh/7nVU1aA2nfwFRhX0wuzI02Phd1i8iS… **هيئة تحرير مجلة زكا للعلوم المالية والاقتصادية والإدارية** *مجلة زكا… حيث تتحوّل الأبحاث إلى أثر علمي حقيقي.* [ Read the whole story](https://7m8ue.r.ag.d.sendibm3.com/mk/cl/f/sh/7nVU1aA2nfy8RE2JvUDk2Oj… **fiker for research and development** يمكن متابعة المجلة من خلال الاتصال الموضحة. الموقع: [https://7m8ue.r.ag.d.sendibm3.com/mk/cl/f/sh/7nVU1aA2ng01QkXcu3SC4l3JxkhiCL… || البريد الإلكتروني: info(a)zaca-journal.org هاتف: 00905306601496 You've received it because you've subscribed to our newsletter. [Unsubscribe](https://7m8ue.r.ag.d.sendibm3.com/mk/un/v2/sh/7nVTPdbLJ2bPbEmD…

1 day, 17 hours

1
0
0 0

[PATCH net v4] net: nfc: nci: Fix parameter validation for packet data

by Michael Thalmeier

Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct). Fixes: 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") Cc: stable(a)vger.kernel.org Signed-off-by: Michael Thalmeier <michael.thalmeier(a)hale.at> --- v4: - formatting fixes v3: - perform complete checks - replace magic numbers with offsetofend and sizeof v2: - Reference correct commit hash --- net/nfc/nci/ntf.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c index 418b84e2b260..a5cafcd10cc3 100644 --- a/net/nfc/nci/ntf.c +++ b/net/nfc/nci/ntf.c @@ -58,7 +58,7 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, struct nci_conn_info *conn_info; int i; - if (skb->len < sizeof(struct nci_core_conn_credit_ntf)) + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries)) return -EINVAL; ntf = (struct nci_core_conn_credit_ntf *)skb->data; @@ -68,6 +68,10 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, if (ntf->num_entries > NCI_MAX_NUM_CONN) ntf->num_entries = NCI_MAX_NUM_CONN; + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries) + + ntf->num_entries * sizeof(struct conn_credit_entry)) + return -EINVAL; + /* update the credits */ for (i = 0; i < ntf->num_entries; i++) { ntf->conn_entries[i].conn_id = @@ -364,7 +368,7 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, const __u8 *data; bool add_target = true; - if (skb->len < sizeof(struct nci_rf_discover_ntf)) + if (skb->len < offsetofend(struct nci_rf_discover_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -380,6 +384,10 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, pr_debug("rf_tech_specific_params_len %d\n", ntf.rf_tech_specific_params_len); + if (skb->len < (data - skb->data) + + ntf.rf_tech_specific_params_len + sizeof(ntf.ntf_type)) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: @@ -596,7 +604,7 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, const __u8 *data; int err = NCI_STATUS_OK; - if (skb->len < sizeof(struct nci_rf_intf_activated_ntf)) + if (skb->len < offsetofend(struct nci_rf_intf_activated_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -628,6 +636,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, if (ntf.rf_interface == NCI_RF_INTERFACE_NFCEE_DIRECT) goto listen; + if (skb->len < (data - skb->data) + ntf.rf_tech_specific_params_len) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.activation_rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: @@ -668,6 +679,13 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, } } + if (skb->len < (data - skb->data) + + sizeof(ntf.data_exch_rf_tech_and_mode) + + sizeof(ntf.data_exch_tx_bit_rate) + + sizeof(ntf.data_exch_rx_bit_rate) + + sizeof(ntf.activation_params_len)) + return -EINVAL; + ntf.data_exch_rf_tech_and_mode = *data++; ntf.data_exch_tx_bit_rate = *data++; ntf.data_exch_rx_bit_rate = *data++; @@ -679,6 +697,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, pr_debug("data_exch_rx_bit_rate 0x%x\n", ntf.data_exch_rx_bit_rate); pr_debug("activation_params_len %d\n", ntf.activation_params_len); + if (skb->len < (data - skb->data) + ntf.activation_params_len) + return -EINVAL; + if (ntf.activation_params_len > 0) { switch (ntf.rf_interface) { case NCI_RF_INTERFACE_ISO_DEP: -- 2.52.0

1 day, 17 hours

3
5
0 0

[PATCH v6.12.y] tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

by Keerthana K

From: Kuniyuki Iwashima <kuniyu(a)google.com> [ Upstream commit c65f27b9c3be2269918e1cbad6d8884741f835c5 ] get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the only ->ndo_sk_get_lower_dev() user is bond_sk_get_lower_dev(), which uses RCU. Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure") Signed-off-by: Kuniyuki Iwashima <kuniyu(a)google.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://patch.msgid.link/20250916214758.650211-6-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [ Keerthana: Backport to v6.12.y ] Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> --- net/tls/tls_device.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 0af7b3c52..99d503e03 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -123,17 +123,19 @@ static void tls_device_queue_ctx_destruction(struct tls_context *ctx) /* We assume that the socket is already connected */ static struct net_device *get_netdev_for_sock(struct sock *sk) { - struct dst_entry *dst = sk_dst_get(sk); - struct net_device *netdev = NULL; + struct net_device *dev, *lowest_dev = NULL; + struct dst_entry *dst; - if (likely(dst)) { - netdev = netdev_sk_get_lowest_dev(dst->dev, sk); - dev_hold(netdev); + rcu_read_lock(); + dst = __sk_dst_get(sk); + dev = dst ? dst_dev_rcu(dst) : NULL; + if (likely(dev)) { + lowest_dev = netdev_sk_get_lowest_dev(dev, sk); + dev_hold(lowest_dev); } + rcu_read_unlock(); - dst_release(dst); - - return netdev; + return lowest_dev; } static void destroy_record(struct tls_record_info *record) -- 2.43.7

1 day, 19 hours

1
0
0 0

[PATCH v5.15-v6.1 0/2] Backport fixes for CVE-2025-40149

by Keerthana K

Following commit is a pre-requisite for the commit c65f27b9c - 1dbf1d590 (net: Add locking to protect skb->dev access in ip_output) Kuniyuki Iwashima (1): tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Sharath Chandra Vurukala (1): net: Add locking to protect skb->dev access in ip_output include/net/dst.h | 12 ++++++++++++ net/ipv4/ip_output.c | 16 +++++++++++----- net/tls/tls_device.c | 17 ++++++++++------- 3 files changed, 33 insertions(+), 12 deletions(-) -- 2.43.7

1 day, 20 hours

1
2
0 0

[PATCH v5.10.y 0/3] Backport fixes for CVE-2025-40149

by Keerthana K

Following commits are pre-requisite for the commit c65f27b9c - 1dbf1d590 (net: Add locking to protect skb->dev access in ip_output) - 719a402cf (net: netdevice: Add operation ndo_sk_get_lower_dev) Kuniyuki Iwashima (1): tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Sharath Chandra Vurukala (1): net: Add locking to protect skb->dev access in ip_output Tariq Toukan (1): net: netdevice: Add operation ndo_sk_get_lower_dev include/linux/netdevice.h | 4 ++++ include/net/dst.h | 12 ++++++++++++ net/core/dev.c | 33 +++++++++++++++++++++++++++++++++ net/ipv4/ip_output.c | 16 +++++++++++----- net/tls/tls_device.c | 18 ++++++++++-------- 5 files changed, 70 insertions(+), 13 deletions(-) -- 2.43.7

1 day, 20 hours

1
3
0 0

[PATCH V5 1/8] mm/slab: use unsigned long for orig_size to ensure proper metadata align

by Harry Yoo

When both KASAN and SLAB_STORE_USER are enabled, accesses to struct kasan_alloc_meta fields can be misaligned on 64-bit architectures. This occurs because orig_size is currently defined as unsigned int, which only guarantees 4-byte alignment. When struct kasan_alloc_meta is placed after orig_size, it may end up at a 4-byte boundary rather than the required 8-byte boundary on 64-bit systems. Note that 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS are assumed to require 64-bit accesses to be 64-bit aligned. See HAVE_64BIT_ALIGNED_ACCESS and commit adab66b71abf ("Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"") for more details. Change orig_size from unsigned int to unsigned long to ensure proper alignment for any subsequent metadata. This should not waste additional memory because kmalloc objects are already aligned to at least ARCH_KMALLOC_MINALIGN. Suggested-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 6edf2576a6cc ("mm/slub: enable debugging memory wasting of kmalloc") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- mm/slub.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index ad71f01571f0..1c747435a6ab 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -857,7 +857,7 @@ static inline bool slab_update_freelist(struct kmem_cache *s, struct slab *slab, * request size in the meta data area, for better debug and sanity check. */ static inline void set_orig_size(struct kmem_cache *s, - void *object, unsigned int orig_size) + void *object, unsigned long orig_size) { void *p = kasan_reset_tag(object); @@ -867,10 +867,10 @@ static inline void set_orig_size(struct kmem_cache *s, p += get_info_end(s); p += sizeof(struct track) * 2; - *(unsigned int *)p = orig_size; + *(unsigned long *)p = orig_size; } -static inline unsigned int get_orig_size(struct kmem_cache *s, void *object) +static inline unsigned long get_orig_size(struct kmem_cache *s, void *object) { void *p = kasan_reset_tag(object); @@ -883,7 +883,7 @@ static inline unsigned int get_orig_size(struct kmem_cache *s, void *object) p += get_info_end(s); p += sizeof(struct track) * 2; - return *(unsigned int *)p; + return *(unsigned long *)p; } #ifdef CONFIG_SLUB_DEBUG @@ -1198,7 +1198,7 @@ static void print_trailer(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (slub_debug_orig_size(s)) - off += sizeof(unsigned int); + off += sizeof(unsigned long); off += kasan_metadata_size(s, false); @@ -1394,7 +1394,7 @@ static int check_pad_bytes(struct kmem_cache *s, struct slab *slab, u8 *p) off += 2 * sizeof(struct track); if (s->flags & SLAB_KMALLOC) - off += sizeof(unsigned int); + off += sizeof(unsigned long); } off += kasan_metadata_size(s, false); @@ -7949,7 +7949,7 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s) /* Save the original kmalloc request size */ if (flags & SLAB_KMALLOC) - size += sizeof(unsigned int); + size += sizeof(unsigned long); } #endif -- 2.43.0

1 day, 20 hours

3
6
0 0

[PATCH v5 3/3] KVM: x86: Add x2APIC "features" to control EOI broadcast suppression

by Khushit Shah

Add two flags for KVM_CAP_X2APIC_API to allow userspace to control support for Suppress EOI Broadcasts, which KVM completely mishandles. When x2APIC support was first added, KVM incorrectly advertised and "enabled" Suppress EOI Broadcast, without fully supporting the I/O APIC side of the equation, i.e. without adding directed EOI to KVM's in-kernel I/O APIC. That flaw was carried over to split IRQCHIP support, i.e. KVM advertised support for Suppress EOI Broadcasts irrespective of whether or not the userspace I/O APIC implementation supported directed EOIs. Even worse, KVM didn't actually suppress EOI broadcasts, i.e. userspace VMMs without support for directed EOI came to rely on the "spurious" broadcasts. KVM "fixed" the in-kernel I/O APIC implementation by completely disabling support for Suppress EOI Broadcasts in commit 0bcc3fb95b97 ("KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use"), but didn't do anything to remedy userspace I/O APIC implementations. KVM's bogus handling of Suppress EOI Broadcast is problematic when the guest relies on interrupts being masked in the I/O APIC until well after the initial local APIC EOI. E.g. Windows with Credential Guard enabled handles interrupts in the following order: 1. Interrupt for L2 arrives. 2. L1 APIC EOIs the interrupt. 3. L1 resumes L2 and injects the interrupt. 4. L2 EOIs after servicing. 5. L1 performs the I/O APIC EOI. Because KVM EOIs the I/O APIC at step #2, the guest can get an interrupt storm, e.g. if the IRQ line is still asserted and userspace reacts to the EOI by re-injecting the IRQ, because the guest doesn't de-assert the line until step #4, and doesn't expect the interrupt to be re-enabled until step #5. Unfortunately, simply "fixing" the bug isn't an option, as KVM has no way of knowing if the userspace I/O APIC supports directed EOIs, i.e. suppressing EOI broadcasts would result in interrupts being stuck masked in the userspace I/O APIC due to step #5 being ignored by userspace. And fully disabling support for Suppress EOI Broadcast is also undesirable, as picking up the fix would require a guest reboot, *and* more importantly would change the virtual CPU model exposed to the guest without any buy-in from userspace. Add KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST and KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST flags to allow userspace to explicitly enable or disable support for Suppress EOI Broadcasts. This gives userspace control over the virtual CPU model exposed to the guest, as KVM should never have enabled support for Suppress EOI Broadcast without userspace opt-in. Not setting either flag will result in legacy quirky behavior for backward compatibility. When KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST is set and using in-kernel IRQCHIP mode, KVM will use I/O APIC version 0x20, which includes support for the EOI Register. Note, Suppress EOI Broadcasts is defined only in Intel's SDM, not in AMD's APM. But the bit is writable on some AMD CPUs, e.g. Turin, and KVM's ABI is to support Directed EOI (KVM's name) irrespective of guest CPU vendor. Fixes: 7543a635aa09 ("KVM: x86: Add KVM exit for IOAPIC EOIs") Closes: https://lore.kernel.org/kvm/7D497EF1-607D-4D37-98E7-DAF95F099342@nutanix.com Cc: stable(a)vger.kernel.org Suggested-by: David Woodhouse <dwmw2(a)infradead.org> Co-developed-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Khushit Shah <khushit.shah(a)nutanix.com> --- Documentation/virt/kvm/api.rst | 28 +++++++++++++-- arch/x86/include/asm/kvm_host.h | 7 ++++ arch/x86/include/uapi/asm/kvm.h | 6 ++-- arch/x86/kvm/lapic.c | 64 ++++++++++++++++++++++----------- arch/x86/kvm/x86.c | 15 ++++++-- 5 files changed, 93 insertions(+), 27 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 57061fa29e6a..ad15ca519afc 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7800,8 +7800,10 @@ Will return -EBUSY if a VCPU has already been created. Valid feature flags in args[0] are:: - #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) - #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) + #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) + #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) + #define KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST (1ULL << 2) + #define KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST (1ULL << 3) Enabling KVM_X2APIC_API_USE_32BIT_IDS changes the behavior of KVM_SET_GSI_ROUTING, KVM_SIGNAL_MSI, KVM_SET_LAPIC, and KVM_GET_LAPIC, @@ -7814,6 +7816,28 @@ as a broadcast even in x2APIC mode in order to support physical x2APIC without interrupt remapping. This is undesirable in logical mode, where 0xff represents CPUs 0-7 in cluster 0. +Setting KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST instructs KVM to enable +Suppress EOI Broadcasts. KVM will advertise support for Suppress EOI +Broadcast to the guest and suppress LAPIC EOI broadcasts when the guest +sets the Suppress EOI Broadcast bit in the SPIV register. When using +in-kernel IRQCHIP mode, enabling this capability will cause KVM to use +I/O APIC version 0x20, which includes support for the EOI Register for +directed EOI. + +Setting KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST disables support for +Suppress EOI Broadcasts entirely, i.e. instructs KVM to NOT advertise +support to the guest. + +Modern VMMs should either enable KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST +or KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST. If not, legacy quirky +behavior will be used by KVM: in split IRQCHIP mode, KVM will advertise +support for Suppress EOI Broadcasts but not actually suppress EOI +broadcasts; for in-kernel IRQCHIP mode, KVM will not advertise support for +Suppress EOI Broadcasts. + +Setting both KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST and +KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST will fail with an EINVAL error. + 7.8 KVM_CAP_S390_USER_INSTR0 ---------------------------- diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 48598d017d6f..4a6d94dc7a2a 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1229,6 +1229,12 @@ enum kvm_irqchip_mode { KVM_IRQCHIP_SPLIT, /* created with KVM_CAP_SPLIT_IRQCHIP */ }; +enum kvm_suppress_eoi_broadcast_mode { + KVM_SUPPRESS_EOI_BROADCAST_QUIRKED, /* Legacy behavior */ + KVM_SUPPRESS_EOI_BROADCAST_ENABLED, /* Enable Suppress EOI broadcast */ + KVM_SUPPRESS_EOI_BROADCAST_DISABLED /* Disable Suppress EOI broadcast */ +}; + struct kvm_x86_msr_filter { u8 count; bool default_allow:1; @@ -1480,6 +1486,7 @@ struct kvm_arch { bool x2apic_format; bool x2apic_broadcast_quirk_disabled; + enum kvm_suppress_eoi_broadcast_mode suppress_eoi_broadcast_mode; bool has_mapped_host_mmio; bool guest_can_read_msr_platform_info; diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index d420c9c066d4..d30241429fa8 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -913,8 +913,10 @@ struct kvm_sev_snp_launch_finish { __u64 pad1[4]; }; -#define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) -#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) +#define KVM_X2APIC_API_USE_32BIT_IDS (_BITULL(0)) +#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (_BITULL(1)) +#define KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST (_BITULL(2)) +#define KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST (_BITULL(3)) struct kvm_hyperv_eventfd { __u32 conn_id; diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 2c24fd8d815f..36a5af218802 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -107,21 +107,31 @@ bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector) bool kvm_lapic_advertise_suppress_eoi_broadcast(struct kvm *kvm) { - /* - * The default in-kernel I/O APIC emulates the 82093AA and does not - * implement an EOI register. Some guests (e.g. Windows with the - * Hyper-V role enabled) disable LAPIC EOI broadcast without checking - * the I/O APIC version, which can cause level-triggered interrupts to - * never be EOI'd. - * - * To avoid this, KVM must not advertise Suppress EOI Broadcast support - * when using the default in-kernel I/O APIC. - * - * Historically, in split IRQCHIP mode, KVM always advertised Suppress - * EOI Broadcast support but did not actually suppress EOIs, resulting - * in quirky behavior. - */ - return !ioapic_in_kernel(kvm); + switch (kvm->arch.suppress_eoi_broadcast_mode) { + case KVM_SUPPRESS_EOI_BROADCAST_ENABLED: + return true; + case KVM_SUPPRESS_EOI_BROADCAST_DISABLED: + return false; + case KVM_SUPPRESS_EOI_BROADCAST_QUIRKED: + /* + * The default in-kernel I/O APIC emulates the 82093AA and does not + * implement an EOI register. Some guests (e.g. Windows with the + * Hyper-V role enabled) disable LAPIC EOI broadcast without + * checking the I/O APIC version, which can cause level-triggered + * interrupts to never be EOI'd. + * + * To avoid this, KVM must not advertise Suppress EOI Broadcast + * support when using the default in-kernel I/O APIC. + * + * Historically, in split IRQCHIP mode, KVM always advertised + * Suppress EOI Broadcast support but did not actually suppress + * EOIs, resulting in quirky behavior. + */ + return !ioapic_in_kernel(kvm); + default: + WARN_ON_ONCE(1); + return false; + } } bool kvm_lapic_respect_suppress_eoi_broadcast(struct kvm *kvm) @@ -129,13 +139,25 @@ bool kvm_lapic_respect_suppress_eoi_broadcast(struct kvm *kvm) /* * Returns true if KVM should honor the guest's request to suppress EOI * broadcasts, i.e. actually implement Suppress EOI Broadcast. - * - * Historically, in split IRQCHIP mode, KVM ignored the suppress EOI - * broadcast bit set by the guest and broadcasts EOIs to the userspace - * I/O APIC. For In-kernel I/O APIC, the support itself is not - * advertised, but if bit was set by the guest, it was respected. */ - return ioapic_in_kernel(kvm); + switch (kvm->arch.suppress_eoi_broadcast_mode) { + case KVM_SUPPRESS_EOI_BROADCAST_ENABLED: + return true; + case KVM_SUPPRESS_EOI_BROADCAST_DISABLED: + return false; + case KVM_SUPPRESS_EOI_BROADCAST_QUIRKED: + /* + * Historically, in split IRQCHIP mode, KVM ignored the suppress + * EOI broadcast bit set by the guest and broadcasts EOIs to the + * userspace I/O APIC. For In-kernel I/O APIC, the support itself + * is not advertised, but if bit was set by the guest, it was + * respected. + */ + return ioapic_in_kernel(kvm); + default: + WARN_ON_ONCE(1); + return false; + } } __read_mostly DEFINE_STATIC_KEY_FALSE(kvm_has_noapic_vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c9c2aa6f4705..5d56b0384dcc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -121,8 +121,10 @@ static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE); #define KVM_CAP_PMU_VALID_MASK KVM_PMU_CAP_DISABLE -#define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \ - KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK) +#define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \ + KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK | \ + KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST | \ + KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST) static void update_cr8_intercept(struct kvm_vcpu *vcpu); static void process_nmi(struct kvm_vcpu *vcpu); @@ -6778,11 +6780,20 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, if (cap->args[0] & ~KVM_X2APIC_API_VALID_FLAGS) break; + if ((cap->args[0] & KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST) && + (cap->args[0] & KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST)) + break; + if (cap->args[0] & KVM_X2APIC_API_USE_32BIT_IDS) kvm->arch.x2apic_format = true; if (cap->args[0] & KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK) kvm->arch.x2apic_broadcast_quirk_disabled = true; + if (cap->args[0] & KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST) + kvm->arch.suppress_eoi_broadcast_mode = KVM_SUPPRESS_EOI_BROADCAST_ENABLED; + if (cap->args[0] & KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST) + kvm->arch.suppress_eoi_broadcast_mode = KVM_SUPPRESS_EOI_BROADCAST_DISABLED; + r = 0; break; case KVM_CAP_X86_DISABLE_EXITS: -- 2.39.3

1 day, 23 hours

2
2
0 0

[PATCH] xen/scsiback: fix potential memory leak in scsiback_remove()

by Abdun Nihaal

Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove(). Cc: stable(a)vger.kernel.org Fixes: d9d660f6e562 ("xen-scsiback: Add Xen PV SCSI backend driver") Signed-off-by: Abdun Nihaal <nihaal(a)cse.iitm.ac.in> --- Compile tested only. Issue found using static analysis. drivers/xen/xen-scsiback.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c index 0c51edfd13dc..7d5117e5efe0 100644 --- a/drivers/xen/xen-scsiback.c +++ b/drivers/xen/xen-scsiback.c @@ -1262,6 +1262,7 @@ static void scsiback_remove(struct xenbus_device *dev) gnttab_page_cache_shrink(&info->free_pages, 0); dev_set_drvdata(&dev->dev, NULL); + kfree(info); } static int scsiback_probe(struct xenbus_device *dev, -- 2.43.0

1 day, 23 hours

3
2
0 0

[PATCH v2] media: v4l2-flash: Enter LED off state after file handle closed

by cy_huang＠richtek.com

From: ChiYuan Huang <cy_huang(a)richtek.com> To make sure LED enter off state after file handle is closed, initiatively configure LED_MODE to NONE. This can guarantee whatever the previous state is torch or strobe mode, the final state will be off. Cc: stable(a)vger.kernel.org Fixes: 42bd6f59ae90 ("media: Add registration helpers for V4L2 flash sub-devices") Reported-by: Roger Wang <roger-hy.wang(a)mediatek.com> Signed-off-by: ChiYuan Huang <cy_huang(a)richtek.com> --- v2 - Fix commit message redudant space cause patch robot parsing error Hi, We encounter an issue. When the upper layer camera process is crashed, if the new process did not reinit the LED, it will keeps the previous state whatever it's in torch or strobe mode OS will handle the resource management. So when the process is crashed or terminated, the 'close' API will be called to release resources. That's why we add the initiative action to trigger LED off in file handle close is called. --- drivers/media/v4l2-core/v4l2-flash-led-class.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/media/v4l2-core/v4l2-flash-led-class.c b/drivers/media/v4l2-core/v4l2-flash-led-class.c index 355595a0fefa..347b37f3ef69 100644 --- a/drivers/media/v4l2-core/v4l2-flash-led-class.c +++ b/drivers/media/v4l2-core/v4l2-flash-led-class.c @@ -623,6 +623,12 @@ static int v4l2_flash_close(struct v4l2_subdev *sd, struct v4l2_subdev_fh *fh) return 0; if (led_cdev) { + /* If file handle is released, make sure LED enter off state */ + ret = v4l2_ctrl_s_ctrl(v4l2_flash->ctrls[LED_MODE], + V4L2_FLASH_LED_MODE_NONE); + if (ret) + return ret; + mutex_lock(&led_cdev->led_access); if (v4l2_flash->ctrls[STROBE_SOURCE]) base-commit: 8ac28a6642d1cc8bac0632222e66add800b027fa -- 2.34.1

2 days

1
0
0 0

[PATCH v3] serial: 8250_pci: Fix broken RS485 for F81504/508/512

by Marnix Rijnart

Fintek F81504/508/512 can support both RTS_ON_SEND and RTS_AFTER_SEND, but pci_fintek_rs485_supported only announces the former. This makes it impossible to unset SER_RS485_RTS_ON_SEND from userspace because of uart_sanitize_serial_rs485(). Some devices with these chips need RTS low on TX, so they are effectively broken. Fix this by announcing the support for SER_RS485_RTS_AFTER_SEND, similar to commit 068d35a7be65 ("serial: sc16is7xx: announce support for SER_RS485_RTS_ON_SEND"). Fixes: 4afeced55baa ("serial: core: fix sanitizing check for RTS settings") Cc: stable(a)vger.kernel.org Signed-off-by: Marnix Rijnart <marnix.rijnart(a)iwell.eu> --- Changes in v3: - Rewrite commit message to clarify problem - Use longer commit hashes - v2: https://patch.msgid.link/20260111135933.31316-1-marnix.rijnart@iwell.eu Changes in v2: - Added fixes tags - Cc stable - v1: https://patch.msgid.link/20250923221756.26770-1-marnix.rijnart@iwell.eu --- drivers/tty/serial/8250/8250_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c index 152f914c599d..a9da222bd174 100644 --- a/drivers/tty/serial/8250/8250_pci.c +++ b/drivers/tty/serial/8250/8250_pci.c @@ -1645,7 +1645,7 @@ static int pci_fintek_rs485_config(struct uart_port *port, struct ktermios *term } static const struct serial_rs485 pci_fintek_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND, /* F81504/508/512 does not support RTS delay before or after send */ }; -- 2.52.0

2 days, 2 hours

1
0
0 0

[SRU][Q][PATCH 2/2] drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace

by Mario Limonciello

This is important for userspace to avoid hardcoding VGPR size. BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2134491 Reviewed-by: Kent Russell <kent.russell(a)amd.com> Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 71776e0965f9f730af19c5f548827f2a7c91f5a8) Cc: stable(a)vger.kernel.org (cherry picked from commit 8fc2796dea6f1210e1a01573961d5836a7ce531e) Signed-off-by: Mario Limonciello (AMD) <superm1(a)kernel.org> --- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c index 720b20e842ba4..af704f8731c5e 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c @@ -491,6 +491,10 @@ static ssize_t node_show(struct kobject *kobj, struct attribute *attr, dev->node_props.num_sdma_queues_per_engine); sysfs_show_32bit_prop(buffer, offs, "num_cp_queues", dev->node_props.num_cp_queues); + sysfs_show_32bit_prop(buffer, offs, "cwsr_size", + dev->node_props.cwsr_size); + sysfs_show_32bit_prop(buffer, offs, "ctl_stack_size", + dev->node_props.ctl_stack_size); if (dev->gpu) { log_max_watch_addr = -- 2.43.0

2 days, 7 hours

3
2
0 0

[char-misc v3] mei: trace: treat reg parameter as string

by Alexander Usyskin

The commit afd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format") forbids to emit event with a plain char* without a wrapper. The reg parameter always passed as static string and wrapper is not strictly required, contrary to dev parameter. Use the string wrapper anyway to check sanity of the reg parameters, store it value independently and prevent internal kernel data leaks. Since some code refactoring has taken place, explicit backporting may be needed for kernels older than 6.10. Cc: <stable(a)vger.kernel.org> # v6.11+ Fixes: a0a927d06d79 ("mei: me: add io register tracing") Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> --- V3: reword commit message limit Fixes to 6.11+ V2: reword commit message add Fixes and stable drivers/misc/mei/mei-trace.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/misc/mei/mei-trace.h b/drivers/misc/mei/mei-trace.h index 5312edbf5190..24fa321d88bd 100644 --- a/drivers/misc/mei/mei-trace.h +++ b/drivers/misc/mei/mei-trace.h @@ -21,18 +21,18 @@ TRACE_EVENT(mei_reg_read, TP_ARGS(dev, reg, offs, val), TP_STRUCT__entry( __string(dev, dev_name(dev)) - __field(const char *, reg) + __string(reg, reg) __field(u32, offs) __field(u32, val) ), TP_fast_assign( __assign_str(dev); - __entry->reg = reg; + __assign_str(reg); __entry->offs = offs; __entry->val = val; ), TP_printk("[%s] read %s:[%#x] = %#x", - __get_str(dev), __entry->reg, __entry->offs, __entry->val) + __get_str(dev), __get_str(reg), __entry->offs, __entry->val) ); TRACE_EVENT(mei_reg_write, @@ -40,18 +40,18 @@ TRACE_EVENT(mei_reg_write, TP_ARGS(dev, reg, offs, val), TP_STRUCT__entry( __string(dev, dev_name(dev)) - __field(const char *, reg) + __string(reg, reg) __field(u32, offs) __field(u32, val) ), TP_fast_assign( __assign_str(dev); - __entry->reg = reg; + __assign_str(reg); __entry->offs = offs; __entry->val = val; ), TP_printk("[%s] write %s[%#x] = %#x", - __get_str(dev), __entry->reg, __entry->offs, __entry->val) + __get_str(dev), __get_str(reg), __entry->offs, __entry->val) ); TRACE_EVENT(mei_pci_cfg_read, @@ -59,18 +59,18 @@ TRACE_EVENT(mei_pci_cfg_read, TP_ARGS(dev, reg, offs, val), TP_STRUCT__entry( __string(dev, dev_name(dev)) - __field(const char *, reg) + __string(reg, reg) __field(u32, offs) __field(u32, val) ), TP_fast_assign( __assign_str(dev); - __entry->reg = reg; + __assign_str(reg); __entry->offs = offs; __entry->val = val; ), TP_printk("[%s] pci cfg read %s:[%#x] = %#x", - __get_str(dev), __entry->reg, __entry->offs, __entry->val) + __get_str(dev), __get_str(reg), __entry->offs, __entry->val) ); #endif /* _MEI_TRACE_H_ */ -- 2.43.0

2 days, 11 hours

1
0
0 0

Linux 6.18.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.18.5 kernel. All users of the 6.18 kernel series must upgrade. The updated 6.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.18.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - fs/nfs/localio.c | 12 +++---- include/linux/sched/topology.h | 3 + kernel/sched/core.c | 3 + kernel/sched/fair.c | 65 +++++++++++++++++++++++++++++++++-------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 +++ net/mptcp/protocol.c | 8 +++-- net/mptcp/protocol.h | 3 + 10 files changed, 91 insertions(+), 23 deletions(-) Greg Kroah-Hartman (1): Linux 6.18.5 Mike Snitzer (1): nfs/localio: fix regression due to out-of-order __put_cred Paolo Abeni (1): mptcp: ensure context reset on disconnect() Peter Zijlstra (3): sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance

2 days, 12 hours

1
1
0 0

Linux 6.12.65

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.65 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/char/virtio_console.c | 2 - drivers/cpufreq/intel_pstate.c | 9 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 ++- drivers/iommu/amd/init.c | 28 ++++---------- drivers/net/phy/mediatek-ge-soc.c | 2 - drivers/pwm/pwm-stm32.c | 3 - include/linux/if_bridge.h | 6 +-- include/linux/mm.h | 10 ++--- include/linux/sched/topology.h | 3 + kernel/sched/core.c | 3 + kernel/sched/fair.c | 65 ++++++++++++++++++++++++++------- kernel/sched/features.h | 5 ++ kernel/sched/sched.h | 7 +++ kernel/sched/topology.c | 6 +++ mm/page_alloc.c | 24 ++++++------ net/bridge/br_ioctl.c | 36 ++++++++++++++++-- net/bridge/br_private.h | 3 - net/core/dev_ioctl.c | 16 -------- net/mac80211/rx.c | 5 ++ net/mptcp/options.c | 10 +++++ net/mptcp/protocol.c | 8 ++-- net/mptcp/protocol.h | 9 ++-- net/mptcp/subflow.c | 10 ----- net/socket.c | 19 ++++----- 25 files changed, 185 insertions(+), 112 deletions(-) Alexander Gordeev (1): mm/page_alloc: change all pageblocks migrate type on coalescing Bijan Tabatabai (1): mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand (1): mm: simplify folio_expected_ref_count() Greg Kroah-Hartman (2): Revert "iommu/amd: Skip enabling command/event buffers for kdump" Linux 6.12.65 Jouni Malinen (1): wifi: mac80211: Discard Beacon frames to non-broadcast address Maximilian Immanuel Brandtner (1): virtio_console: fix order of fields cols and rows Miaoqian Lin (1): net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Natalie Vock (1): drm/amdgpu: Forward VMID reservation errors Paolo Abeni (2): mptcp: fallback earlier on simult connection mptcp: ensure context reset on disconnect() Peter Zijlstra (3): sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance Richa Bharti (1): cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes Sean Nyekjaer (1): pwm: stm32: Always program polarity Thadeu Lima de Souza Cascardo (1): net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.

2 days, 12 hours

1
1
0 0

Linux 6.6.120

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.120 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/mmc/aspeed,sdhci.yaml | 2 Documentation/devicetree/bindings/pci/amlogic,axg-pcie.yaml | 6 Documentation/driver-api/tty/tty_port.rst | 5 Documentation/process/2.Process.rst | 6 Makefile | 2 arch/arm/boot/dts/microchip/sama5d2.dtsi | 10 arch/arm/boot/dts/microchip/sama7g5.dtsi | 4 arch/arm/boot/dts/renesas/r8a7793-gose.dts | 1 arch/arm/boot/dts/renesas/r9a06g032-rzn1d400-db.dts | 2 arch/arm/boot/dts/samsung/exynos4210-i9100.dts | 1 arch/arm/boot/dts/samsung/exynos4210-trats.dts | 1 arch/arm/boot/dts/samsung/exynos4210-universal_c210.dts | 1 arch/arm/boot/dts/samsung/exynos4412-midas.dtsi | 1 arch/arm/boot/dts/st/stm32mp157c-phycore-stm32mp15-som.dtsi | 8 arch/arm/boot/dts/ti/omap/am335x-netcom-plus-2xx.dts | 8 arch/arm/boot/dts/ti/omap/omap3-beagle-xm.dts | 2 arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 arch/arm/include/asm/word-at-a-time.h | 10 arch/arm64/boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 arch/arm64/boot/dts/freescale/imx8mp-venice-gw702x.dtsi | 51 - arch/arm64/boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 11 arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 arch/arm64/boot/dts/qcom/sdm845-oneplus-common.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 15 arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 arch/arm64/net/bpf_jit_comp.c | 2 arch/loongarch/include/asm/pgtable.h | 4 arch/loongarch/kernel/machine_kexec.c | 24 arch/loongarch/kernel/mcount_dyn.S | 14 arch/loongarch/kernel/relocate.c | 4 arch/loongarch/kernel/setup.c | 8 arch/loongarch/kernel/switch.S | 4 arch/loongarch/net/bpf_jit.c | 18 arch/loongarch/net/bpf_jit.h | 26 arch/loongarch/pci/pci.c | 2 arch/mips/sgi-ip22/ip22-gio.c | 3 arch/parisc/kernel/asm-offsets.c | 2 arch/parisc/kernel/entry.S | 16 arch/powerpc/boot/addnote.c | 7 arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 arch/powerpc/include/asm/kfence.h | 11 arch/powerpc/kernel/entry_32.S | 10 arch/powerpc/kernel/process.c | 5 arch/powerpc/kexec/core_64.c | 19 arch/powerpc/mm/book3s32/tlb.c | 9 arch/powerpc/mm/book3s64/hash_utils.c | 10 arch/powerpc/mm/book3s64/internal.h | 2 arch/powerpc/mm/book3s64/mmu_context.c | 2 arch/powerpc/mm/book3s64/radix_pgtable.c | 84 ++ arch/powerpc/mm/book3s64/slb.c | 88 -- arch/powerpc/mm/init-common.c | 3 arch/powerpc/mm/ptdump/hashpagetable.c | 6 arch/powerpc/platforms/pseries/cmm.c | 5 arch/riscv/kvm/vcpu_insn.c | 22 arch/s390/include/uapi/asm/ipl.h | 1 arch/s390/kernel/ipl.c | 48 - arch/s390/kernel/smp.c | 1 arch/x86/boot/compressed/pgtable_64.c | 11 arch/x86/crypto/blake2s-core.S | 4 arch/x86/entry/common.c | 72 - arch/x86/events/amd/core.c | 7 arch/x86/events/intel/core.c | 4 arch/x86/include/asm/kvm_host.h | 9 arch/x86/include/asm/ptrace.h | 20 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/dumpstack.c | 23 arch/x86/kvm/lapic.c | 32 arch/x86/kvm/svm/nested.c | 26 arch/x86/kvm/svm/svm.c | 162 ++-- arch/x86/kvm/svm/svm.h | 8 arch/x86/kvm/vmx/nested.c | 2 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 46 - arch/x86/xen/enlighten_pv.c | 69 + block/blk-mq.c | 120 ++- block/genhd.c | 2 crypto/af_alg.c | 5 crypto/algif_hash.c | 3 crypto/algif_rng.c | 3 crypto/asymmetric_keys/asymmetric_type.c | 14 crypto/authenc.c | 75 +- crypto/seqiv.c | 8 drivers/acpi/acpi_pcc.c | 2 drivers/acpi/acpica/nswalk.c | 9 drivers/acpi/apei/ghes.c | 16 drivers/acpi/cppc_acpi.c | 3 drivers/acpi/processor_core.c | 2 drivers/acpi/property.c | 9 drivers/amba/tegra-ahb.c | 1 drivers/base/power/runtime.c | 22 drivers/block/floppy.c | 2 drivers/block/nbd.c | 5 drivers/block/ps3disk.c | 4 drivers/block/rnbd/rnbd-clt.c | 13 drivers/block/rnbd/rnbd-clt.h | 2 drivers/block/ublk_drv.c | 35 drivers/bluetooth/btrtl.c | 24 drivers/bluetooth/btusb.c | 16 drivers/bus/ti-sysc.c | 11 drivers/char/applicom.c | 5 drivers/char/ipmi/ipmi_msghandler.c | 20 drivers/char/tpm/tpm-chip.c | 1 drivers/char/tpm/tpm1-cmd.c | 5 drivers/char/tpm/tpm2-cmd.c | 8 drivers/char/virtio_console.c | 2 drivers/clk/Makefile | 3 drivers/clk/mvebu/cp110-system-controller.c | 20 drivers/clk/qcom/camcc-sm6350.c | 13 drivers/clk/renesas/r7s9210-cpg-mssr.c | 7 drivers/clk/renesas/r8a77970-cpg-mssr.c | 8 drivers/clk/renesas/r9a06g032-clocks.c | 6 drivers/clk/renesas/rcar-gen2-cpg.c | 5 drivers/clk/renesas/rcar-gen2-cpg.h | 3 drivers/clk/renesas/rcar-gen3-cpg.c | 6 drivers/clk/renesas/rcar-gen3-cpg.h | 3 drivers/clk/renesas/rcar-gen4-cpg.c | 6 drivers/clk/renesas/rcar-gen4-cpg.h | 3 drivers/clk/renesas/renesas-cpg-mssr.c | 150 ++-- drivers/clk/renesas/renesas-cpg-mssr.h | 20 drivers/clk/renesas/rzg2l-cpg.c | 15 drivers/clk/samsung/clk-exynos-clkout.c | 2 drivers/comedi/comedi_fops.c | 42 - drivers/comedi/drivers/c6xdigio.c | 46 - drivers/comedi/drivers/multiq3.c | 9 drivers/comedi/drivers/pcl818.c | 5 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/cpufreq-dt-platdev.c | 1 drivers/cpufreq/cpufreq-nforce2.c | 3 drivers/cpufreq/s5pv210-cpufreq.c | 6 drivers/cpuidle/governors/menu.c | 9 drivers/cpuidle/governors/teo.c | 7 drivers/crypto/caam/caamrng.c | 4 drivers/crypto/ccree/cc_buffer_mgr.c | 6 drivers/crypto/hisilicon/qm.c | 14 drivers/crypto/starfive/jh7110-hash.c | 6 drivers/firewire/nosy.c | 10 drivers/firmware/arm_scmi/notify.c | 1 drivers/firmware/efi/cper-arm.c | 52 - drivers/firmware/efi/cper.c | 60 + drivers/firmware/efi/libstub/x86-5lvl.c | 4 drivers/firmware/imx/imx-scu-irq.c | 8 drivers/firmware/stratix10-svc.c | 12 drivers/gpio/gpio-regmap.c | 2 drivers/gpio/gpiolib-acpi.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 9 drivers/gpu/drm/gma500/fbdev.c | 43 - drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 drivers/gpu/drm/mediatek/mtk_dp.c | 1 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 22 drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h | 2 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 drivers/gpu/drm/mgag200/mgag200_mode.c | 25 drivers/gpu/drm/msm/adreno/a2xx_gpu.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 10 drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/fb/base.c | 2 drivers/gpu/drm/panel/panel-sony-td4353-jdi.c | 2 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 drivers/gpu/drm/tilcdc/tilcdc_drv.c | 72 + drivers/gpu/drm/tilcdc/tilcdc_drv.h | 2 drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 drivers/gpu/drm/vgem/vgem_fence.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 drivers/gpu/host1x/syncpt.c | 4 drivers/hid/hid-apple.c | 1 drivers/hid/hid-elecom.c | 6 drivers/hid/hid-ids.h | 3 drivers/hid/hid-input.c | 23 drivers/hid/hid-logitech-dj.c | 56 - drivers/hid/hid-logitech-hidpp.c | 9 drivers/hid/hid-quirks.c | 3 drivers/hwmon/ibmpex.c | 9 drivers/hwmon/max16065.c | 7 drivers/hwmon/sy7636a-hwmon.c | 7 drivers/hwmon/tmp401.c | 2 drivers/hwmon/w83791d.c | 17 drivers/hwmon/w83l786ng.c | 26 drivers/hwtracing/coresight/coresight-etm4x-core.c | 130 ++- drivers/hwtracing/intel_th/core.c | 20 drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 drivers/i2c/busses/i2c-designware-core.h | 1 drivers/i2c/busses/i2c-designware-master.c | 7 drivers/i3c/master.c | 12 drivers/i3c/master/svc-i3c-master.c | 22 drivers/iio/adc/ti_am335x_adc.c | 2 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 2 drivers/infiniband/core/addr.c | 33 drivers/infiniband/core/cma.c | 3 drivers/infiniband/core/device.c | 6 drivers/infiniband/core/verbs.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 2 drivers/infiniband/hw/efa/efa_verbs.c | 4 drivers/infiniband/hw/irdma/cm.c | 2 drivers/infiniband/hw/irdma/ctrl.c | 3 drivers/infiniband/hw/irdma/main.h | 2 drivers/infiniband/hw/irdma/pble.c | 6 drivers/infiniband/hw/irdma/utils.c | 3 drivers/infiniband/hw/irdma/verbs.c | 241 +++++- drivers/infiniband/hw/irdma/verbs.h | 3 drivers/infiniband/sw/rxe/rxe.c | 22 drivers/infiniband/sw/rxe/rxe.h | 3 drivers/infiniband/sw/rxe/rxe_mcast.c | 22 drivers/infiniband/sw/rxe/rxe_net.c | 25 drivers/infiniband/sw/rxe/rxe_srq.c | 7 drivers/infiniband/sw/rxe/rxe_verbs.c | 26 drivers/infiniband/sw/rxe/rxe_verbs.h | 11 drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 drivers/input/serio/i8042-acpipnpio.h | 7 drivers/input/touchscreen/ti_am335x_tsc.c | 2 drivers/interconnect/debugfs-client.c | 7 drivers/interconnect/qcom/msm8996.c | 1 drivers/iommu/amd/init.c | 43 - drivers/iommu/apple-dart.c | 2 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 drivers/iommu/arm/arm-smmu/qcom_iommu.c | 10 drivers/iommu/exynos-iommu.c | 9 drivers/iommu/iommu-sva.c | 3 drivers/iommu/iommufd/selftest.c | 8 drivers/iommu/ipmmu-vmsa.c | 2 drivers/iommu/mtk_iommu.c | 27 drivers/iommu/mtk_iommu_v1.c | 25 drivers/iommu/omap-iommu.c | 2 drivers/iommu/omap-iommu.h | 2 drivers/iommu/sun50i-iommu.c | 2 drivers/iommu/tegra-smmu.c | 5 drivers/irqchip/irq-bcm7038-l1.c | 8 drivers/irqchip/irq-bcm7120-l2.c | 17 drivers/irqchip/irq-brcmstb-l2.c | 12 drivers/irqchip/irq-imx-mu-msi.c | 14 drivers/irqchip/irq-mchp-eic.c | 2 drivers/irqchip/qcom-irq-combiner.c | 2 drivers/isdn/capi/capi.c | 8 drivers/leds/leds-lp50xx.c | 67 + drivers/leds/leds-netxbig.c | 36 drivers/leds/leds-spi-byte.c | 11 drivers/macintosh/mac_hid.c | 3 drivers/md/dm-bufio.c | 10 drivers/md/dm-ebs-target.c | 2 drivers/md/dm-log-writes.c | 1 drivers/md/dm-raid.c | 2 drivers/md/raid5.c | 6 drivers/media/cec/core/cec-core.c | 1 drivers/media/common/videobuf2/videobuf2-dma-contig.c | 1 drivers/media/i2c/adv7604.c | 4 drivers/media/i2c/adv7842.c | 11 drivers/media/i2c/msp3400-kthreads.c | 2 drivers/media/i2c/tda1997x.c | 1 drivers/media/platform/amphion/vpu_malone.c | 35 drivers/media/platform/amphion/vpu_v4l2.c | 28 drivers/media/platform/amphion/vpu_v4l2.h | 18 drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 14 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 12 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 5 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 12 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 5 drivers/media/platform/renesas/rcar_drif.c | 1 drivers/media/platform/samsung/exynos4-is/media-dev.c | 10 drivers/media/platform/ti/davinci/vpif_capture.c | 4 drivers/media/platform/ti/davinci/vpif_display.c | 4 drivers/media/platform/verisilicon/hantro.h | 2 drivers/media/platform/verisilicon/hantro_g2.c | 102 ++ drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 35 drivers/media/platform/verisilicon/hantro_g2_regs.h | 13 drivers/media/platform/verisilicon/hantro_g2_vp9_dec.c | 30 drivers/media/platform/verisilicon/hantro_hw.h | 4 drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 drivers/media/rc/st_rc.c | 2 drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 drivers/media/usb/dvb-usb/dtv5100.c | 5 drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 drivers/mfd/altera-sysmgr.c | 2 drivers/mfd/da9055-core.c | 1 drivers/mfd/max77620.c | 15 drivers/mfd/mt6358-irq.c | 1 drivers/mfd/mt6397-irq.c | 1 drivers/misc/vmw_balloon.c | 3 drivers/mmc/host/Kconfig | 4 drivers/mmc/host/sdhci-msm.c | 27 drivers/mtd/lpddr/lpddr_cmds.c | 8 drivers/mtd/nand/raw/lpc32xx_slc.c | 2 drivers/mtd/nand/raw/marvell_nand.c | 13 drivers/mtd/nand/raw/nand_base.c | 13 drivers/mtd/nand/raw/renesas-nand-controller.c | 5 drivers/net/can/usb/gs_usb.c | 2 drivers/net/dsa/b53/b53_common.c | 3 drivers/net/dsa/sja1105/sja1105_static_config.c | 6 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 2 drivers/net/ethernet/broadcom/b44.c | 3 drivers/net/ethernet/cadence/macb_main.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 3 drivers/net/ethernet/freescale/fec_main.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 drivers/net/ethernet/intel/e1000/e1000_main.c | 10 drivers/net/ethernet/intel/i40e/i40e_main.c | 1 drivers/net/ethernet/intel/iavf/iavf_main.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 5 drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 97 ++ drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 1 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 6 drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 59 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h | 1 drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 27 drivers/net/ethernet/microchip/lan743x_main.c | 3 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/smsc/smc91x.c | 10 drivers/net/ethernet/stmicro/stmmac/dwmac5.c | 5 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 19 drivers/net/fjes/fjes_hw.c | 12 drivers/net/ipvlan/ipvlan_core.c | 3 drivers/net/mdio/mdio-aspeed.c | 7 drivers/net/phy/adin1100.c | 2 drivers/net/phy/mediatek-ge-soc.c | 2 drivers/net/phy/mscc/mscc_main.c | 6 drivers/net/team/team.c | 2 drivers/net/usb/asix_common.c | 5 drivers/net/usb/rtl8150.c | 2 drivers/net/usb/sr9700.c | 4 drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/wmi.c | 7 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 drivers/net/wireless/mediatek/mt76/eeprom.c | 37 drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 drivers/net/wireless/realtek/rtw88/rtw8822cu.c | 2 drivers/net/wireless/realtek/rtw88/sdio.c | 4 drivers/net/wireless/st/cw1200/bh.c | 6 drivers/nfc/pn533/usb.c | 2 drivers/nvme/host/auth.c | 2 drivers/nvme/host/core.c | 3 drivers/nvme/host/fc.c | 6 drivers/parisc/gsc.c | 4 drivers/pci/controller/Kconfig | 7 drivers/pci/controller/dwc/pci-keystone.c | 2 drivers/pci/controller/dwc/pcie-designware.h | 2 drivers/pci/controller/pcie-brcmstb.c | 10 drivers/pci/pci-driver.c | 4 drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 drivers/pinctrl/pinctrl-single.c | 25 drivers/pinctrl/qcom/pinctrl-msm.c | 2 drivers/pinctrl/stm32/pinctrl-stm32.c | 2 drivers/platform/chrome/cros_ec_ishtp.c | 1 drivers/platform/x86/acer-wmi.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 drivers/platform/x86/asus-wmi.c | 8 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c | 4 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c | 2 drivers/platform/x86/hp/hp-bioscfg/order-list-attributes.c | 5 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c | 5 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c | 2 drivers/platform/x86/huawei-wmi.c | 4 drivers/platform/x86/ibm_rtl.c | 2 drivers/platform/x86/intel/chtwc_int33fe.c | 29 drivers/platform/x86/intel/hid.c | 12 drivers/platform/x86/msi-laptop.c | 3 drivers/pmdomain/actions/owl-sps.c | 16 drivers/pmdomain/imx/gpc.c | 12 drivers/pmdomain/rockchip/pm-domains.c | 13 drivers/power/supply/apm_power.c | 3 drivers/power/supply/cw2015_battery.c | 8 drivers/power/supply/rt9467-charger.c | 6 drivers/power/supply/wm831x_power.c | 10 drivers/pwm/pwm-bcm2835.c | 28 drivers/pwm/pwm-stm32.c | 3 drivers/regulator/core.c | 37 drivers/remoteproc/qcom_q6v5_wcss.c | 8 drivers/rpmsg/qcom_glink_native.c | 8 drivers/rtc/rtc-gamecube.c | 4 drivers/s390/block/dasd_eckd.c | 8 drivers/s390/crypto/ap_bus.c | 8 drivers/scsi/aic94xx/aic94xx_init.c | 3 drivers/scsi/qla2xxx/qla_def.h | 1 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_isr.c | 32 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_mid.c | 4 drivers/scsi/qla2xxx/qla_nvme.c | 2 drivers/scsi/qla2xxx/qla_os.c | 14 drivers/scsi/sim710.c | 2 drivers/scsi/smartpqi/smartpqi_init.c | 19 drivers/scsi/stex.c | 1 drivers/soc/amlogic/meson-canvas.c | 5 drivers/soc/qcom/ocmem.c | 2 drivers/soc/qcom/smem.c | 3 drivers/spi/spi-cadence-quadspi.c | 4 drivers/spi/spi-fsl-spi.c | 2 drivers/spi/spi-imx.c | 15 drivers/spi/spi-tegra210-quad.c | 22 drivers/spi/spi-xilinx.c | 2 drivers/staging/fbtft/fbtft-core.c | 4 drivers/staging/greybus/uart.c | 7 drivers/staging/most/Kconfig | 2 drivers/staging/most/Makefile | 1 drivers/staging/most/i2c/Kconfig | 13 drivers/staging/most/i2c/Makefile | 4 drivers/staging/most/i2c/i2c.c | 374 ---------- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 drivers/target/target_core_configfs.c | 1 drivers/target/target_core_transport.c | 1 drivers/tty/serial/8250/8250_pci.c | 37 drivers/tty/serial/serial_core.c | 7 drivers/tty/serial/sprd_serial.c | 6 drivers/tty/tty_port.c | 17 drivers/ufs/core/ufshcd.c | 7 drivers/uio/uio_fsl_elbc_gpcm.c | 7 drivers/usb/class/cdc-acm.c | 7 drivers/usb/core/message.c | 2 drivers/usb/dwc2/platform.c | 16 drivers/usb/dwc3/dwc3-of-simple.c | 7 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 3 drivers/usb/gadget/udc/lpc32xx_udc.c | 21 drivers/usb/gadget/udc/tegra-xudc.c | 6 drivers/usb/host/ohci-nxp.c | 20 drivers/usb/host/xhci-dbgtty.c | 2 drivers/usb/host/xhci-hub.c | 2 drivers/usb/host/xhci-mem.c | 10 drivers/usb/host/xhci-ring.c | 8 drivers/usb/host/xhci.h | 16 drivers/usb/misc/chaoskey.c | 16 drivers/usb/phy/phy-fsl-usb.c | 1 drivers/usb/phy/phy-isp1301.c | 7 drivers/usb/phy/phy.c | 4 drivers/usb/renesas_usbhs/pipe.c | 2 drivers/usb/serial/belkin_sa.c | 28 drivers/usb/serial/ftdi_sio.c | 72 - drivers/usb/serial/kobil_sct.c | 18 drivers/usb/serial/option.c | 22 drivers/usb/serial/usb-serial.c | 7 drivers/usb/storage/unusual_uas.h | 2 drivers/usb/typec/ucsi/ucsi.c | 6 drivers/usb/usbip/vhci_hcd.c | 6 drivers/vdpa/pds/vdpa_dev.c | 2 drivers/vhost/vsock.c | 15 drivers/video/backlight/led_bl.c | 13 drivers/video/fbdev/gbefb.c | 5 drivers/video/fbdev/pxafb.c | 12 drivers/video/fbdev/ssd1307fb.c | 4 drivers/video/fbdev/tcx.c | 2 drivers/virtio/virtio_balloon.c | 4 drivers/virtio/virtio_vdpa.c | 2 drivers/watchdog/starfive-wdt.c | 4 drivers/watchdog/via_wdt.c | 1 drivers/watchdog/wdat_wdt.c | 64 + fs/9p/v9fs.c | 4 fs/9p/vfs_file.c | 11 fs/9p/vfs_inode.c | 3 fs/9p/vfs_inode_dotl.c | 2 fs/bfs/inode.c | 19 fs/btrfs/ctree.c | 2 fs/btrfs/inode.c | 1 fs/btrfs/ioctl.c | 4 fs/btrfs/scrub.c | 5 fs/btrfs/tree-log.c | 46 + fs/btrfs/volumes.c | 1 fs/exfat/super.c | 19 fs/ext4/ext4.h | 1 fs/ext4/ialloc.c | 1 fs/ext4/inline.c | 14 fs/ext4/inode.c | 6 fs/ext4/mballoc.c | 58 - fs/ext4/move_extent.c | 2 fs/ext4/orphan.c | 4 fs/ext4/super.c | 26 fs/ext4/xattr.c | 38 - fs/ext4/xattr.h | 10 fs/f2fs/compress.c | 5 fs/f2fs/data.c | 17 fs/f2fs/debug.c | 3 fs/f2fs/extent_cache.c | 5 fs/f2fs/f2fs.h | 41 - fs/f2fs/file.c | 92 ++ fs/f2fs/inode.c | 20 fs/f2fs/namei.c | 6 fs/f2fs/recovery.c | 23 fs/f2fs/segment.c | 9 fs/f2fs/super.c | 119 +-- fs/f2fs/xattr.c | 30 fs/f2fs/xattr.h | 10 fs/fuse/file.c | 37 fs/gfs2/glops.c | 3 fs/gfs2/lops.c | 2 fs/gfs2/super.c | 4 fs/hfsplus/bnode.c | 4 fs/hfsplus/dir.c | 7 fs/hfsplus/inode.c | 32 fs/iomap/buffered-io.c | 41 - fs/iomap/direct-io.c | 77 +- fs/jbd2/journal.c | 20 fs/jbd2/transaction.c | 21 fs/lockd/svc4proc.c | 4 fs/lockd/svclock.c | 21 fs/lockd/svcproc.c | 5 fs/locks.c | 12 fs/nfs/client.c | 21 fs/nfs/dir.c | 27 fs/nfs/inode.c | 2 fs/nfs/internal.h | 3 fs/nfs/namespace.c | 11 fs/nfs/nfs4client.c | 18 fs/nfs/pnfs.c | 1 fs/nfs/super.c | 33 fs/nfsd/blocklayout.c | 7 fs/nfsd/export.c | 2 fs/nfsd/nfs4state.c | 4 fs/nfsd/nfs4xdr.c | 5 fs/nls/nls_base.c | 27 fs/notify/fsnotify.c | 9 fs/ntfs3/frecord.c | 43 - fs/ntfs3/fsntfs.c | 9 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs_fs.h | 9 fs/ntfs3/run.c | 6 fs/ntfs3/super.c | 5 fs/ocfs2/alloc.c | 1 fs/ocfs2/move_extents.c | 8 fs/ocfs2/suballoc.c | 10 fs/smb/client/fs_context.c | 4 fs/smb/server/mgmt/tree_connect.c | 18 fs/smb/server/mgmt/tree_connect.h | 1 fs/smb/server/mgmt/user_session.c | 4 fs/smb/server/smb2pdu.c | 20 fs/smb/server/transport_ipc.c | 7 fs/smb/server/vfs.c | 5 fs/smb/server/vfs_cache.c | 88 +- fs/tracefs/event_inode.c | 3 fs/xfs/xfs_buf_item.c | 1 include/linux/balloon_compaction.h | 43 - include/linux/blk_types.h | 5 include/linux/compiler_types.h | 13 include/linux/cper.h | 12 include/linux/filter.h | 16 include/linux/genalloc.h | 1 include/linux/ieee80211.h | 4 include/linux/if_bridge.h | 6 include/linux/jbd2.h | 6 include/linux/kasan.h | 15 include/linux/mm.h | 10 include/linux/nfs_fs_sb.h | 7 include/linux/nfs_xdr.h | 54 - include/linux/platform_data/lp855x.h | 4 include/linux/rculist_nulls.h | 59 + include/linux/reset.h | 1 include/linux/sched/topology.h | 3 include/linux/tpm.h | 8 include/linux/tty_port.h | 21 include/linux/virtio_config.h | 6 include/media/v4l2-mem2mem.h | 3 include/net/ip6_fib.h | 46 + include/net/netfilter/nf_conntrack_count.h | 17 include/net/netfilter/nf_tables.h | 4 include/net/sock.h | 13 include/net/xfrm.h | 13 include/rdma/ib_verbs.h | 2 include/sound/snd_wavefront.h | 4 include/uapi/linux/mptcp.h | 1 include/uapi/sound/asound.h | 2 io_uring/openclose.c | 2 io_uring/poll.c | 9 kernel/bpf/hashtab.c | 10 kernel/bpf/syscall.c | 3 kernel/bpf/trampoline.c | 7 kernel/cgroup/cpuset.c | 35 kernel/dma/pool.c | 2 kernel/irq/irq_sim.c | 2 kernel/kallsyms.c | 5 kernel/livepatch/core.c | 8 kernel/locking/spinlock_debug.c | 4 kernel/resource.c | 78 +- kernel/sched/core.c | 3 kernel/sched/cpudeadline.c | 34 kernel/sched/cpudeadline.h | 4 kernel/sched/deadline.c | 8 kernel/sched/fair.c | 89 +- kernel/sched/features.h | 5 kernel/sched/sched.h | 7 kernel/sched/topology.c | 6 kernel/scs.c | 2 kernel/task_work.c | 8 kernel/trace/ftrace.c | 40 - kernel/trace/trace_events.c | 2 kernel/trace/trace_events_synth.c | 1 lib/idr.c | 2 lib/vsprintf.c | 6 mm/balloon_compaction.c | 9 mm/damon/core-test.h | 110 ++ mm/damon/vaddr-test.h | 26 mm/kasan/common.c | 17 mm/ksm.c | 18 mm/page-writeback.c | 4 mm/vmalloc.c | 4 net/bluetooth/rfcomm/tty.c | 7 net/bridge/br_ioctl.c | 36 net/bridge/br_private.h | 4 net/bridge/netfilter/nft_meta_bridge.c | 2 net/caif/cffrml.c | 9 net/ceph/osdmap.c | 116 +-- net/core/dev.c | 162 +++- net/core/dev_ioctl.c | 16 net/core/filter.c | 9 net/core/page_pool.c | 27 net/ethtool/ioctl.c | 30 net/handshake/request.c | 8 net/hsr/hsr_forward.c | 2 net/ipv4/fib_trie.c | 7 net/ipv4/inet_hashtables.c | 8 net/ipv4/ipcomp.c | 2 net/ipv4/netfilter/nft_dup_ipv4.c | 4 net/ipv6/addrconf.c | 52 + net/ipv6/calipso.c | 3 net/ipv6/ip6_fib.c | 64 + net/ipv6/ip6_gre.c | 9 net/ipv6/ipcomp6.c | 2 net/ipv6/ndisc.c | 10 net/ipv6/netfilter/nft_dup_ipv6.c | 4 net/ipv6/route.c | 14 net/ipv6/xfrm6_tunnel.c | 2 net/key/af_key.c | 2 net/mac80211/aes_cmac.c | 63 + net/mac80211/aes_cmac.h | 8 net/mac80211/cfg.c | 10 net/mac80211/drop.h | 33 net/mac80211/rx.c | 57 - net/mac80211/wep.c | 9 net/mac80211/wpa.c | 62 - net/mptcp/options.c | 10 net/mptcp/pm_netlink.c | 3 net/mptcp/protocol.c | 36 net/mptcp/protocol.h | 9 net/mptcp/subflow.c | 10 net/netfilter/ipvs/ip_vs_xmit.c | 3 net/netfilter/nf_conncount.c | 200 +++-- net/netfilter/nf_tables_api.c | 52 - net/netfilter/nft_bitwise.c | 4 net/netfilter/nft_byteorder.c | 2 net/netfilter/nft_cmp.c | 6 net/netfilter/nft_connlimit.c | 34 net/netfilter/nft_ct.c | 2 net/netfilter/nft_dup_netdev.c | 2 net/netfilter/nft_dynset.c | 4 net/netfilter/nft_exthdr.c | 2 net/netfilter/nft_flow_offload.c | 9 net/netfilter/nft_fwd_netdev.c | 6 net/netfilter/nft_hash.c | 2 net/netfilter/nft_lookup.c | 2 net/netfilter/nft_masq.c | 4 net/netfilter/nft_meta.c | 2 net/netfilter/nft_nat.c | 8 net/netfilter/nft_objref.c | 2 net/netfilter/nft_payload.c | 2 net/netfilter/nft_queue.c | 2 net/netfilter/nft_range.c | 2 net/netfilter/nft_redir.c | 4 net/netfilter/nft_tproxy.c | 4 net/netfilter/xt_connlimit.c | 14 net/netrom/nr_out.c | 4 net/nfc/core.c | 9 net/openvswitch/conntrack.c | 16 net/openvswitch/flow_netlink.c | 13 net/openvswitch/vport-netdev.c | 17 net/rose/af_rose.c | 2 net/sched/sch_cake.c | 58 - net/sched/sch_ets.c | 6 net/sctp/socket.c | 5 net/socket.c | 19 net/sunrpc/auth_gss/svcauth_gss.c | 3 net/sunrpc/xprtrdma/svc_rdma_rw.c | 5 net/wireless/sme.c | 2 net/xfrm/xfrm_ipcomp.c | 1 net/xfrm/xfrm_state.c | 125 ++- net/xfrm/xfrm_user.c | 2 samples/ftrace/ftrace-direct-modify.c | 8 samples/ftrace/ftrace-direct-multi-modify.c | 8 samples/ftrace/ftrace-direct-multi.c | 4 samples/ftrace/ftrace-direct-too.c | 4 samples/ftrace/ftrace-direct.c | 4 samples/vfs/test-statx.c | 6 samples/watch_queue/watch_test.c | 6 scripts/Makefile.modinst | 2 security/integrity/ima/ima_policy.c | 2 security/keys/trusted-keys/trusted_tpm2.c | 6 security/smack/smack_lsm.c | 41 - sound/firewire/dice/dice-extension.c | 4 sound/firewire/motu/motu-hwdep.c | 7 sound/isa/wavefront/wavefront.c | 61 - sound/isa/wavefront/wavefront_fx.c | 36 sound/isa/wavefront/wavefront_midi.c | 148 +-- sound/isa/wavefront/wavefront_synth.c | 216 ++--- sound/pci/hda/cs35l41_hda.c | 2 sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 sound/pcmcia/vx/vxpocket.c | 8 sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 sound/soc/codecs/ak4458.c | 10 sound/soc/codecs/ak5558.c | 10 sound/soc/fsl/fsl_xcvr.c | 2 sound/soc/intel/catpt/pcm.c | 4 sound/soc/qcom/qdsp6/q6adm.c | 146 +-- sound/soc/qcom/qdsp6/q6apm-dai.c | 2 sound/soc/qcom/qdsp6/q6asm-dai.c | 7 sound/soc/stm/stm32_sai.c | 14 sound/soc/stm/stm32_sai_sub.c | 51 - sound/usb/mixer_us16x08.c | 20 sound/usb/quirks.c | 6 tools/include/nolibc/stdio.h | 4 tools/lib/perf/cpumap.c | 10 tools/mm/page_owner_sort.c | 6 tools/objtool/check.c | 3 tools/objtool/elf.c | 8 tools/perf/builtin-record.c | 2 tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c | 37 tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.h | 26 tools/perf/util/bpf_lock_contention.c | 6 tools/perf/util/maps.c | 13 tools/perf/util/maps.h | 2 tools/perf/util/symbol.c | 4 tools/testing/ktest/config-bisect.pl | 4 tools/testing/nvdimm/test/nfit.c | 7 tools/testing/radix-tree/idr-test.c | 21 tools/testing/selftests/bpf/prog_tests/perf_branches.c | 22 tools/testing/selftests/bpf/prog_tests/send_signal.c | 5 tools/testing/selftests/bpf/progs/test_perf_branches.c | 3 tools/testing/selftests/drivers/net/bonding/Makefile | 2 tools/testing/selftests/drivers/net/bonding/bond_macvlan.sh | 99 -- tools/testing/selftests/drivers/net/bonding/bond_macvlan_ipvlan.sh | 97 ++ tools/testing/selftests/drivers/net/bonding/config | 9 tools/testing/selftests/ftrace/test.d/ftrace/func_traceonoff_triggers.tc | 5 tools/testing/selftests/net/openvswitch/ovs-dpctl.py | 16 tools/testing/selftests/net/tap.c | 16 754 files changed, 6961 insertions(+), 4355 deletions(-) Abdun Nihaal (3): wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Aboorva Devarajan (1): cpuidle: menu: Use residency threshold in polling state override decisions Adrian Moreno (1): selftests: openvswitch: Fix escape chars in regexp. Ahelenia Ziemiańska (1): power: supply: apm_power: only unset own apm_get_power_status Akhil P Oommen (1): drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Al Viro (1): tracefs: fix a leak in eventfs_create_events_dir() Alex Deucher (1): drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Alexander Dahl (1): net: phy: adin1100: Fix software power-down ready condition Alexander Sverdlin (1): locking/spinlock/debug: Fix data-race in do_raw_write_lock Alexandru Gagniuc (1): remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Alexei Starovoitov (1): selftests/bpf: Fix failure paths in send_signal test Alexey Kodanev (1): net: stmmac: fix rx limit check in stmmac_rx_zc() Alexey Nepomnyashih (1): ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexey Simakov (3): dm-raid: fix possible NULL dereference with undefined raid type broadcom: b44: prevent uninitialized value usage hwmon: (tmp401) fix overflow caused by default conversion rate value Alexey Velichayshiy (1): gfs2: fix freeze error handling Alexis Lothoré (1): net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alice C. Munduruca (1): selftests: net: fix "buffer overflow detected" for tap.c Alison Schofield (1): tools/testing/nvdimm: Use per-DIMM device handle Alok Tiwari (4): virtio_vdpa: fix misleading return in void function vdpa/pds: use %pe for ERR_PTR() in event handler registration RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Aloka Dixit (1): wifi: mac80211: do not use old MBSSID elements Alvaro Gamez Machado (1): spi: xilinx: increase number of retries before declaring stall Amir Goldstein (1): fsnotify: do not generate ACCESS/MODIFY events on child for special files Amitai Gottlieb (1): firmware: arm_scmi: Fix unused notifier-block in unregister Andreas Gruenbacher (2): gfs2: fix remote evict for read-only filesystems gfs2: Fix use of bio_chain Andres J Rosa (1): ALSA: uapi: Fix typo in asound.h comment Andrew Jeffery (1): dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml Andrew Morton (1): genalloc.h: fix htmldocs warning Andrey Vatoropin (1): scsi: target: Reset t_task_cdb pointer in error case Andy Shevchenko (5): lib/vsprintf: Check pointer before dereferencing in time_and_date() resource: Reuse for_each_resource() macro resource: replace open coded resource_intersection() resource: introduce is_type_match() helper and use it nfsd: Mark variable __maybe_unused to avoid W=1 build break Anshumali Gaur (1): octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Antheas Kapenekakis (2): platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Anton Khirnov (1): platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Anurag Dutta (1): spi: cadence-quadspi: Fix clock disable on probe failure path April Grimoire (1): HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf (3): platform/x86: acer-wmi: Ignore backlight event fs/nls: Fix utf16 to utf8 conversion fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Aryan Srivastava (2): Revert "mtd: rawnand: marvell: fix layouts" mtd: nand: relax ECC parameter validation check Askar Safin (1): gpiolib: acpi: Add quirk for Dell Precision 7780 Aurabindo Pillai (1): drm/amd/display: Fix null pointer deref in dcn20_resource.c Bagas Sanjaya (2): Documentation: process: Also mention Sasha Levin as stable tree maintainer net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Baochen Qiang (1): wifi: ath11k: fix peer HE MCS assignment Baokun Li (1): ext4: align max orphan file size with e2fsprogs limit Bart Van Assche (1): scsi: target: Do not write NUL characters into ASCII configfs output Bartosz Golaszewski (1): platform/x86: intel: chtwc_int33fe: don't dereference swnode args Bean Huo (1): scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Ben Collins (1): powerpc/addnote: Fix overflow on 32-bit builds Benjamin Berg (1): tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Benjamin Gaignard (2): media: verisilicon: Store chroma and motion vectors offset media: verisilicon: g2: Use common helpers to compute chroma and mv offsets Benjamin Poirier (1): selftests: bonding: Add more missing config options Bernd Schubert (2): fuse: Always flush the page cache before FOPEN_DIRECT_IO write fuse: Invalidate the page cache after FOPEN_DIRECT_IO write Bijan Tabatabai (1): mm: consider non-anon swap cache folios in folio_expected_ref_count() Brian Gerst (1): x86/xen: Move Xen upcall handler Byungchul Park (1): jbd2: use a weaker annotation in journal handling Caleb Sander Mateos (1): ublk: complete command synchronously on error Cezary Rojewski (1): ASoC: Intel: catpt: Fix error path in hw_params() Chao Yu (9): f2fs: fix to avoid updating zero-sized extent in extent cache f2fs: fix return value of f2fs_recover_fsync_data() f2fs: use f2fs_err_ratelimited() to avoid redundant logs f2fs: fix to avoid potential deadlock f2fs: remove unused GC_FAILURE_PIN f2fs: fix to avoid updating compression context during writeback f2fs: fix to propagate error from f2fs_enable_checkpoint() f2fs: use global inline_xattr_slab instead of per-sb slab cache f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Chen Changcheng (2): usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Chen Ridong (1): cpuset: Treat cpusets in attaching as populated Chen-Yu Tsai (1): media: mediatek: vcodec: Use spinlock for context list protection lock ChenXiaoSong (1): smb/server: fix return value of smb2_ioctl() Chenghao Duan (2): samples/ftrace: Adjust LoongArch register restore order in direct calls LoongArch: Refactor register restoration in ftrace_common_return Chia-Lin Kao (AceLan) (1): platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Chien Wong (1): wifi: mac80211: fix CMAC functions not handling errors Chingbin Li (1): Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV Christian Hitz (3): leds: leds-lp50xx: Allow LED 0 to be added to module bank leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs leds: leds-lp50xx: Enable chip before any communication Christoffer Sandberg (1): Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Christoph Hellwig (2): iomap: factor out a iomap_dio_done helper iomap: always run error completions in user context Christophe JAILLET (1): phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() Christophe Leroy (2): powerpc/32: Fix unpaired stwcx. on interrupt exit spi: fsl-cpm: Check length parity before switching to 16 bit mode Chuck Lever (1): NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap Claudiu Beznea (3): clk: renesas: rzg2l: Simplify the logic in rzg2l_mod_clock_endisable() clk: renesas: rzg2l: Remove critical area clk: renesas: rzg2l: Use %x format specifier to print CLK_ON_R() Colin Ian King (1): media: pvrusb2: Fix incorrect variable used in trace message Cong Zhang (2): blk-mq: Abort suspend when wakeup events are pending blk-mq: skip CPU offline notify on unmapped hctx Cryolitia PukNgae (1): ACPICA: Avoid walking the Namespace if start_node is NULL Dai Ngo (1): NFSD: use correct reservation type in nfsd4_scsi_fence_client Dan Carpenter (5): drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() block: rnbd-clt: Fix signedness bug in init_dev() wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Daniel Wagner (1): nvme-fc: don't hold rport lock when putting ctrl Dapeng Mi (1): perf/x86/intel: Correct large PEBS flag check Dave Kleikamp (1): dma/pool: eliminate alloc_pages warning in atomic_pool_expand Dave Vasilevsky (1): powerpc, mm: Fix mprotect on book3s 32-bit David Hildenbrand (5): powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION mm: simplify folio_expected_ref_count() mm/balloon_compaction: we cannot have isolated pages in the balloon list mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages Deepakkumar Karn (1): net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Deepanshu Kartikey (5): ext4: refresh inline data size before write operations btrfs: fix memory leak of fs_devices in degraded seed device path f2fs: invalidate dentry cache on failed whiteout creation net: usb: asix: validate PHY address before use net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Denis Arefev (1): ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Dinh Nguyen (1): firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Diogo Ivo (1): usb: phy: Initialize struct usb_phy list_head Dmitry Antipov (2): ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() ocfs2: fix memory leak in ocfs2_merge_rec_left() Dmitry Baryshkov (3): interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller drm/msm/a2xx: stop over-complaining about the legacy firmware Dmitry Skorodumov (1): ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Donet Tom (1): powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dongli Zhang (1): KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit Doug Berger (1): sched/deadline: only set free_cpus for online runqueues Duoming Zhou (4): usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal media: TDA1997x: Remove redundant cancel_delayed_work in probe media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Dylan Hatch (1): objtool: Fix standalone --hacks=jump_label Edward Adam Davis (3): ntfs3: init run lock for extend inode fs/ntfs3: out1 also needs to put mi fs/ntfs3: Prevent memory leaks in add sub record Encrow Thorne (1): reset: fix BIT macro reference Eric Biggers (1): lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Eric Dumazet (2): ipv6: avoid possible NULL deref in modify_prefix_route() ip6_gre: make ip6gre_header() robust Eric Sandeen (1): 9p: fix cache/debug options printing in v9fs_show_options Ethan Nelson-Moore (1): net: usb: sr9700: fix incorrect command used to write single register Etienne Champetier (1): selftests: bonding: add ipvlan over bond testing FUKAUMI Naoki (2): arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FE910C04 new compositions USB: serial: option: move Telit 0x10c7 composition in the right place Fangyu Yu (1): RISC-V: KVM: Fix guest page fault within HLV* instructions Fedor Pchelkin (1): ext4: fix string copying in parse_apply_sb_mount_options() Fernand Sieber (1): sched/fair: Forfeit vruntime on yield Fernando Fernandez Mancera (4): ipv6: clear RA flags when adding a static route netfilter: nf_conncount: rework API to use sk_buff directly netfilter: nft_connlimit: update the count if add was skipped netfilter: nf_conncount: fix leaked ct in error paths Filipe Manana (3): btrfs: fix leaf leak in an error path in btrfs_del_items() btrfs: do not skip logging new dentries when logging a new name btrfs: don't log conflicting inode if it's a dir moved in the current transaction Florian Westphal (3): netfilter: nf_tables: pass context structure to nft_parse_register_load netfilter: nf_tables: allow loads only when register is initialized xfrm: state: fix out-of-bounds read during lookup Francesco Lavra (1): iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member Frank Li (1): i3c: fix refcount inconsistency in i3c_master_register Gabor Juhos (1): regulator: core: disable supply if enabling main regulator fails Gabriel Krisman Bertazi (1): ext4: fix error message when rejecting the default hash Gal Pressman (1): ethtool: Avoid overflowing userspace buffer on stats query Gautham R. Shenoy (1): cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs Geert Uytterhoeven (2): clk: renesas: Use str_on_off() helper PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 George Kennedy (1): perf/x86/amd: Check event before enable to avoid GPF Gergo Koteles (1): arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider Gongwei Li (1): Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Gopi Krishna Menon (1): usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Greg Kroah-Hartman (2): Revert "iommu/amd: Skip enabling command/event buffers for kdump" Linux 6.6.120 Guangshuo Li (2): crypto: caam - Add check for kcalloc() in test_len() e1000: fix OOB in e1000_tbi_should_accept() Gui-Dong Han (3): hwmon: (max16065) Use local variable to avoid TOCTOU hwmon: (w83791d) Convert macros to functions to avoid TOCTOU hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Guido Günther (1): drm/panel: visionox-rm69299: Don't clear all mode flags Gyeyoung Baek (1): genirq/irq_sim: Initialize work context pointers properly H. Peter Anvin (1): compiler_types.h: add "auto" as a macro for "__auto_type" Haibo Chen (1): ext4: clear i_state_flags when alloc inode Hal Feng (1): cpufreq: dt-platdev: Add JH7110S SOC to the allowlist Hangbin Liu (1): selftests: bonding: add delay before each xvlan_over_bond connectivity check Hans de Goede (2): wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet HID: logitech-dj: Remove duplicate error logging Haotian Zhang (26): mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove soc: qcom: smem: fix hwspinlock resource leak in probe error paths pinctrl: stm32: fix hwspinlock resource leak in probe function mfd: da9055: Fix missing regmap_del_irq_chip() in error path scsi: stex: Fix reboot_notifier leak in probe error path clk: renesas: r9a06g032: Fix memory leak in error path ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls leds: netxbig: Fix GPIO descriptor leak in error paths watchdog: wdat_wdt: Fix ACPI table leak in probe function watchdog: starfive: Fix resource leak in probe error path mfd: mt6397-irq: Fix missing irq_domain_remove() in error path mfd: mt6358-irq: Fix missing irq_domain_remove() in error path crypto: starfive - Correctly handle return of sg_nents_for_len crypto: ccree - Correctly handle return of sg_nents_for_len hwmon: sy7636a: Fix regulator_enable resource leak on error path mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors pinctrl: single: Fix incorrect type for error return variable ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() rtc: gamecube: Check the return value of ioremap() dm log-writes: Add missing set_freezable() for freezable kthread ALSA: vxpocket: Fix resource leak in vxpocket_probe error path ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path media: rc: st_rc: Fix reset control resource leak media: cec: Fix debugfs leak on bus_register() failure media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Haotien Hsu (1): usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Haoxiang Li (6): MIPS: Fix a reference leak bug in ip22_check_gio() usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() xfs: fix a memory leak in xfs_buf_item_init() media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() fjes: Add missing iounmap in fjes_hw_init() nfsd: Drop the client reference in client_states_open() Hari Bathini (1): powerpc/64s/radix/kfence: map __kfence_pool at page granularity Heiko Carstens (2): s390/smp: Fix fallback CPU detection s390/ap: Don't leak debug feature files if AP instructions are not available Helge Deller (1): parisc: Do not reprogram affinitiy on ASP chip Hengqi Chen (2): LoongArch: BPF: Zero-extend bpf_tail_call() index LoongArch: BPF: Sign extend kfunc call arguments Herbert Xu (2): crypto: authenc - Correctly pass EINPROGRESS back up to the caller crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Honggang LI (1): RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Hongyu Xie (1): usb: xhci: limit run_graceperiod for only usb 3.0 devices Horatiu Vultur (1): phy: mscc: Fix PTP for VSC8574 and VSC8572 Huacai Chen (4): LoongArch: Mask all interrupts during kexec/kdump LoongArch: Add machine_kexec_mask_interrupts() implementation LoongArch: Add new PCI ID for pci_fixup_vgadev() LoongArch: Fix build errors for CONFIG_RANDSTRUCT Ian Abbott (1): comedi: c6xdigio: Fix invalid PNP driver unregistration Ian Forbes (1): drm/vmwgfx: Use kref in vmw_bo_dirty Ian Rogers (2): perf maps: Add maps__load_first() libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map Ido Schimmel (4): mlxsw: spectrum_router: Fix possible neighbour reference count leak mlxsw: spectrum_router: Fix neighbour use-after-free mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats ipv4: Fix reference count leak when using error routes with nexthop objects Ilias Stamatis (1): Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Ilya Dryomov (1): libceph: make decode_pool() more resilient against corrupted osdmaps Ilya Maximets (1): net: openvswitch: fix middle attribute validation in push_nsh() action Israel Rukshin (1): nvme-auth: use kvfree() for memory allocated with kvcalloc() Ivan Abramov (5): power: supply: cw2015: Check devm_delayed_work_autocancel() return code power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() power: supply: wm831x: Check wm831x_set_bits() return value media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Ivan Stepchenko (1): mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Jacky Chou (1): net: mdio: aspeed: add dummy read to avoid read-after-write issue Jacob Moroni (1): RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY Jaegeuk Kim (2): f2fs: keep POSIX_FADV_NOREUSE ranges f2fs: drop inode from the donation list when the last file is closed Jakub Kicinski (1): selftests: bonding: add missing build configs Jamal Hadi Salim (1): net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Jan Prusakowski (1): f2fs: ensure node page reads complete before f2fs_put_super() finishes Jang Ingyu (1): RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Janusz Krzysztofik (1): drm/vgem-fence: Fix potential deadlock on release Jared Kangas (1): mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Jarkko Nikula (1): i3c: master: Inherit DMA masks and parameters from parent device Jarkko Sakkinen (2): KEYS: trusted: Fix a memory leak in tpm2_load_cmd tpm: Cap the number of PCR banks Jason Gunthorpe (3): iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly RDMA/cm: Fix leaking the multicast GID table reference Jay Liu (1): drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Jens Axboe (1): io_uring/poll: correctly handle io_poll_add() return value on update Jeongjun Park (2): media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() media: vidtv: initialize local pointers upon transfer of memory ownership Jia Ston (1): platform/x86: huawei-wmi: add keys for HONOR models Jian Shen (3): net: hns3: using the num_tqps in the vf driver to apply for resources net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx net: hns3: add VLAN id validation before using Jianglei Nie (1): staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Jihed Chaibi (3): ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties Jim Mattson (2): KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Jim Quinlan (1): PCI: brcmstb: Fix disabling L0s capability Jingbo Xu (2): mm: fix arithmetic for bdi min_ratio mm: fix arithmetic for max_prop_frac when setting max_ratio Jinhui Guo (4): ipmi: Fix the race between __scan_channels() and deliver_response() ipmi: Fix __scan_channels() failing to rescan channels i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Jiri Pirko (1): team: fix check for port enabled in team_queue_override_port_prio_changed() Jiri Slaby (SUSE) (2): tty: introduce and use tty_port_tty_vhangup() helper tty: fix tty_port_tty_*hangup() kernel-doc Jisheng Zhang (3): usb: dwc2: disable platform lowlevel hw resources during shutdown usb: dwc2: fix hang during shutdown if set as peripheral usb: dwc2: fix hang during suspend if set as peripheral Joanne Koong (3): iomap: adjust read range correctly for non-block-aligned positions iomap: account for unaligned end offsets when truncating read range fuse: fix readahead reclaim deadlock Johan Hovold (36): USB: serial: ftdi_sio: match on interface number for jtag USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC irqchip/irq-bcm7038-l1: Fix section mismatch irqchip/irq-bcm7120-l2: Fix section mismatch irqchip/irq-brcmstb-l2: Fix section mismatch irqchip/imx-mu-msi: Fix section mismatch irqchip/qcom-irq-combiner: Fix section mismatch staging: most: remove broken i2c driver clk: keystone: fix compile testing phy: broadcom: bcm63xx-usbh: fix section mismatches usb: phy: isp1301: fix non-OF device reference imbalance amba: tegra-ahb: Fix device leak on SMMU enable soc: qcom: ocmem: fix device leak on lookup soc: amlogic: canvas: fix device leak on lookup iommu/mediatek: fix use-after-free on probe deferral ASoC: stm32: sai: fix device leak on probe ASoC: stm32: sai: fix clk prepare imbalance on probe failure ASoC: stm32: sai: fix OF node leak on probe iommu/apple-dart: fix device leak on of_xlate() iommu/exynos: fix device leak on of_xlate() iommu/ipmmu-vmsa: fix device leak on of_xlate() iommu/mediatek-v1: fix device leak on probe_device() iommu/mediatek-v1: fix device leaks on probe() iommu/mediatek: fix device leak on of_xlate() iommu/omap: fix device leaks on probe_device() iommu/qcom: fix device leak on of_xlate() iommu/sun50i: fix device leak on of_xlate() iommu/tegra: fix device leak on probe_device() mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup media: vpif_capture: fix section mismatch media: vpif_display: fix section mismatch usb: gadget: lpc32xx_udc: fix clock imbalance in error path usb: ohci-nxp: fix device leak on probe failure drm/mediatek: Fix probe memory leak drm/mediatek: Fix probe resource leaks Johannes Berg (1): wifi: mac80211: remove RX_DROP_UNUSABLE Jonas Gorski (1): net: dsa: b53: skip multicast entries for fdb_dump() Jonathan Curley (1): NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Jose Fernandez (1): bpf: Improve program stats run-time calculation Josef Bacik (1): btrfs: don't rewrite ret from inode_permission Josh Poimboeuf (1): objtool: Fix weak symbol detection Joshua Rogers (3): svcrdma: return 0 on success from svc_rdma_copy_inline_range SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf svcrdma: bound check rq_pages index in inline path Josua Mayer (1): clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Jouni Malinen (1): wifi: mac80211: Discard Beacon frames to non-broadcast address Juergen Gross (1): x86/xen: Fix sparse warning in enlighten_pv.c Junjie Cao (1): Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Junrui Luo (10): ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events ALSA: firewire-motu: add bounds check in put_user loop for DSP events ALSA: dice: fix buffer overflow in detect_stream_formats() caif: fix integer underflow in cffrml_receive() hwmon: (ibmpex) fix use-after-free in high/low store scsi: aic94xx: fix use-after-free in device removal path platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing ALSA: wavefront: Fix integer overflow in sample size validation ALSA: wavefront: Clear substream pointers on close Kalesh AP (1): RDMA/bnxt_re: Fix to use correct page size for PDE table Karina Yankevich (1): ext4: xattr: fix null pointer deref in ext4_raw_inode() Kaushlendra Kumar (1): tools/mm/page_owner_sort: fix timestamp comparison for stable sorting Keith Busch (1): nvme: fix admin request_queue lifetime Kemeng Shi (1): ext4: remove unused return value of __mb_check_buddy Kevin Brodsky (1): ublk: prevent invalid access with DEBUG Kohei Enju (1): iavf: fix off-by-one issues in iavf_config_rss_reg() Konstantin Andreev (1): smack: fix bug: unprivileged task can create labels Konstantin Komarov (2): fs/ntfs3: Support timestamps prior to epoch fs/ntfs3: fix mount failure for sparse runs in run_unpack() Kory Maincent (TI.com) (1): drm/tilcdc: Fix removal actions in case of failed probe Krzysztof Czurylo (2): RDMA/irdma: Fix data race in irdma_sc_ccq_arm RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Kozlowski (1): mfd: max77620: Fix potential IRQ chip conflict when probing two devices Krzysztof Niemiec (1): drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Kuan-Wei Chiu (1): interconnect: debugfs: Fix incorrect error handling for NULL path Kui-Feng Lee (1): net/ipv6: Remove expired routes with a separated list of routes. Kuniyuki Iwashima (2): sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Laurent Pinchart (2): media: v4l2-mem2mem: Fix outdated documentation media: amphion: Make some vpu_v4l2 functions static Leo Yan (5): coresight: etm4x: Correct polling IDLE bit coresight: etm4x: Extract the trace unit controlling coresight: etm4x: Add context synchronization before enabling trace perf arm-spe: Extend branch operations perf arm_spe: Fix memset subclass in operation Leon Hwang (1): bpf: Free special fields when update [lru_,]percpu_hash maps Li Chen (1): block: rate-limit capacity change info log Li Qiang (2): uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe via_wdt: fix critical boot hang due to unnamed resource allocation Linus Torvalds (1): samples: work around glibc redefining some of our defines wrong Liyuan Pang (1): ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Lizhi Xu (2): usbip: Fix locking bug in RT-enabled kernels ext4: filesystems without casefold feature cannot be mounted with siphash Long Li (1): macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Lu Baolu (1): iommu: disable SVA when CONFIG_X86 is set Luca Ceresoli (1): backlight: led-bl: Add devlink to supplier LEDs Luca Weiss (1): clk: qcom: camcc-sm6350: Fix PLL config of PLL2 Lukas Wunner (1): PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Lushih Hsieh (1): ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Lyude Paul (1): drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Ma Ke (4): RDMA/rtrs: server: Fix error handling in get_or_create_srv USB: lpc32xx_udc: Fix error handling in probe intel_th: Fix error handling in intel_th_output_open i2c: amd-mp2: fix reference leak in MP2 PCI device Maciej Wieczor-Retman (1): kasan: refactor pcpu kasan vmalloc unpoison Magne Bruno (1): serial: add support of CPCI cards Mahesh Rao (1): firmware: stratix10-svc: Add mutex in stratix10 memory management Mainak Sen (1): gpu: host1x: Fix race in syncpt alloc/free Manivannan Sadhasivam (1): dt-bindings: PCI: amlogic: Fix the register name of the DBI region Marc Kleine-Budde (1): can: gs_usb: gs_can_open(): fix error handling Marek Szyprowski (5): ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend media: samsung: exynos4-is: fix potential ABBA deadlock on init Marek Vasut (2): clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback clk: renesas: cpg-mssr: Read back reset registers to assure values latched Marijn Suijten (1): drm/panel: sony-td4353-jdi: Enable prepare_prev_first Mario Limonciello (AMD) (1): HID: hid-input: Extend Elan ignore battery quirk to USB Mark Pearson (1): usb: typec: ucsi: Handle incorrect num_connectors capability Martin KaFai Lau (1): bpf: Check skb->transport_header is set in bpf_skb_check_mtu Matt Bobrowski (2): selftests/bpf: skip test_perf_branches_hw() on unsupported platforms selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matthew Wilcox (Oracle) (2): ntfs: Do not overwrite uptodate pages idr: fix idr_alloc() returning an ID out of range Matthias Schiffer (1): ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Matthieu Baerts (NGI0) (1): mptcp: pm: ignore unknown endpoint flags Matthijs Kooijman (1): pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling Mauro Carvalho Chehab (3): efi/cper: Add a new helper function to print bitmasks efi/cper: Adjust infopfx size to accept an extra space efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Mavroudis Chatzilazaridis (1): HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() Max Chou (1): Bluetooth: btrtl: Avoid loading the config file on security chips Maxim Levitsky (1): KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Maximilian Immanuel Brandtner (1): virtio_console: fix order of fields cols and rows Menglong Dong (1): bpf: Handle return value of ftrace_set_filter_ip in register_fentry Miaoqian Lin (5): usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe cpufreq: nforce2: fix reference count leak in nforce2 media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Michael Margolin (1): RDMA/efa: Remove possible negative shift Michael S. Tsirkin (3): virtio: fix typo in virtio_device_ready() comment virtio: fix whitespace in virtio_config_ops virtio: fix virtqueue_set_affinity() docs Michal Pecio (1): usb: xhci: Apply the link chain quirk on NEC isoc endpoints Michal Schmidt (1): RDMA/irdma: avoid invalid read in irdma_net_event Mike McGowen (1): scsi: smartpqi: Fix device resources accessed after device removal Mikhail Malyshev (1): kbuild: Use objtree for module signing key path Mikulas Patocka (1): dm-bufio: align write boundary on physical block size Ming Lei (4): ublk: make sure io cmd handled in submitter task context blk-mq: don't schedule block kworker on isolated CPUs blk-mq: add helper for checking if one CPU is mapped to specified hctx blk-mq: setup queue ->tag_set before initializing hctx Ming Qian (3): media: amphion: Cancel message work before releasing the VPU core media: amphion: Add a frame flush mode for decoder media: amphion: Remove vpu_vb_is_codecconfig Mohamed Khalfella (1): block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock Moshe Shemesh (3): net/mlx5: fw reset, clear reset requested on drain_fw_reset net/mlx5: Drain firmware reset in shutdown callback net/mlx5: Skip HotPlug check on sync reset using hot reset Murad Masimov (1): power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() Namhyung Kim (2): perf lock contention: Load kernel map before lookup perf tools: Fix split kallsyms DSO counting Namjae Jeon (3): ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ksmbd: Fix refcount leak when invalid session is found on session lookup ksmbd: fix buffer validation by including null terminator size in EA length Naoki Ueki (1): HID: elecom: Add support for ELECOM M-XT3URBK (018F) Natalie Vock (1): drm/amdgpu: Forward VMID reservation errors Nathan Chancellor (1): clk: samsung: exynos-clkout: Assign .num before accessing .hws Navaneeth K (3): staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing NeilBrown (1): lockd: fix vfs_test_lock() calls Nicolas Dufresne (2): media: verisilicon: Protect G2 HEVC decoder against invalid DPB index media: verisilicon: Fix CPU stalls on G2 bus error Nicolas Ferre (2): ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Nikita Zhandarovich (3): comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() comedi: multiq3: sanitize config options in multiq3_attach() comedi: check device's attached status in compat ioctls Niklas Neronin (1): usb: xhci: move link chain bit quirk checks into one helper function. Nikolay Kuratov (1): drm/msm/dpu: Add missing NULL pointer check for pingpong interface Nysal Jan K.A. (1): powerpc/kexec: Enable SMT before waking offline CPUs Oliver Neukum (1): usb: chaoskey: fix locking for O_NONBLOCK Omar Sandoval (1): KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Ondrej Mosnacek (1): bpf, arm64: Do not audit capability check in do_jit() Pablo Neira Ayuso (2): netfilter: flowtable: check for maximum number of encapsulations in bridge vlan netfilter: nf_tables: remove redundant chain validation on register store Paolo Abeni (4): mptcp: schedule rtx timer only after pushing data mptcp: avoid deadlock on fallback while reinjecting mptcp: fallback earlier on simult connection mptcp: ensure context reset on disconnect() Pedro Demarchi Gomes (1): ntfs: set dummy blocksize to read boot_block when mounting Pei Xiao (1): iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Peng Fan (2): firmware: imx: scu-irq: fix OF node leak in firmware: imx: scu-irq: Init workqueue before request mbox channel Pengjie Zhang (2): ACPI: PCC: Fix race condition by removing static qualifier ACPI: CPPC: Fix missing PCC check for guaranteed_perf Peter Zijlstra (5): task_work: Fix NMI race condition sched/fair: Revert max_newidle_lb_cost bump x86/ptrace: Always inline trivial accessors sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra (Intel) (1): sched/fair: Proportional newidle balance Philipp Stanner (1): drm/tilcdc: request and mapp iomem with devres Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Ping Cheng (1): HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Ping-Ke Shih (1): wifi: rtw88: limit indirect IO under powered off for RTL8822CS Praveen Talari (1): pinctrl: qcom: msm: Fix deadlock in pinmux configuration Prithvi Tambewagh (2): io_uring: fix filename leak in __io_openat_prep() ocfs2: fix kernel BUG in ocfs2_find_victim_chain Przemyslaw Korba (1): i40e: fix scheduling in set_rx_mode Pu Lehui (1): bpf: Fix invalid prog->stats access when update_effective_progs fails Pwnverse (1): net: rose: fix invalid array index in rose_kill_by_device() Qianchang Zhao (3): ksmbd: ipc: fix use-after-free in ipc_msg_send_request ksmbd: vfs: fix race on m_flags in vfs_cache ksmbd: skip lock-range check on equal size to avoid size==0 underflow Qiang Ma (1): LoongArch: Correct the calculation logic of thread_count Qu Wenruo (2): btrfs: fix a potential path leak in print_data_reloc_error() btrfs: scrub: always update btrfs_scrub_progress::last_physical Rafael J. Wysocki (2): cpuidle: governors: teo: Drop misguided target residency check PM: runtime: Do not clear needs_force_resume with enabled runtime PM Raju Rangoju (1): amd-xgbe: reset retries and mode on RX adapt failures Randolph Sapp (1): arm64: dts: ti: k3-am62p: Fix memory ranges for GPU Randy Dunlap (1): backlight: lp855x: Fix lp855x.h kernel-doc warnings Raphael Pinsonneault-Thibeault (2): ntfs3: fix uninit memory after failed mi_read in mi_format_new Bluetooth: btusb: revert use of devm_kzalloc in btusb Rene Rebe (3): ps3disk: use memcpy_{from,to}_bvec index floppy: fix for PAGE_SIZE != 4KB fbdev: gbefb: fix to use physical address instead of dma address René Rebe (4): ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 r8169: fix RTL8117 Wake-on-Lan in DASH mode fbdev: tcx.c fix mem_map to correct smem_start offset drm/mgag200: Fix big-endian support Ria Thomas (1): wifi: ieee80211: correct FILS status codes Ritesh Harjani (IBM) (2): powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Rob Herring (1): pmdomain: Use device_get_match_data() Robin Gong (1): spi: imx: keep dma request disabled before dma transfer setup Rong Zhang (1): x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo Sabrina Dubroca (4): xfrm: delete x->tunnel as we delete x Revert "xfrm: destroy xfrm_state synchronously on net exit path" xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added xfrm: flush all states in xfrm_state_fini Sakari Ailus (1): ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Sarthak Garg (1): mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Scott Mayhew (1): net/handshake: duplicate handshake cancellations leak socket Sean Christopherson (3): KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits Sean Nyekjaer (1): pwm: stm32: Always program polarity Sebastian Andrzej Siewior (2): net: Remove conditional threaded-NAPI wakeup based on task state. net: Allow to use SMP threads for backlog NAPI. Selvin Xavier (1): RDMA/bnxt_re: Fix the inline size for GenP7 devices SeongJae Park (16): mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() mm/damon/tests/core-kunit: handle memory failure from damon_test_target() mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() Sergey Bashirov (1): NFSD/blocklayout: Fix minlength check in proc_layoutget Seunghwan Baek (1): scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Seungjin Bae (2): USB: Fix descriptor count when handling invalid MBIM extended descriptor wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Shaurya Rane (1): net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Shawn Lin (1): PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Shay Drory (3): net/mlx5: fw_tracer, Validate format string parameters net/mlx5: fw_tracer, Handle escaped percent properly net/mlx5: Serialize firmware reset with devlink Shengjiu Wang (3): ASoC: fsl_xcvr: clear the channel status control memory ASoC: ak4458: Disable regulator when error happens ASoC: ak5558: Disable regulator when error happens Shipei Qu (1): ALSA: usb-mixer: us16x08: validate meter packet indices Shivani Agarwal (1): crypto: af_alg - zero initialize memory allocated via sock_kmalloc Shuai Xue (1): perf record: skip synthesize event when open evsel failed Shuhao Fu (1): cpufreq: s5pv210: fix refcount leak Siddharth Vadapalli (2): PCI: keystone: Exit ks_pcie_probe() for invalid mode arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Sidharth Seela (1): ntfs3: Fix uninit buffer allocated by __getname() Simon Richter (1): drm/ttm: Avoid NULL pointer deref for evicted BOs Sindhu Devale (1): RDMA/irdma: Add support to re-register a memory region Slark Xiao (1): USB: serial: option: add Foxconn T99W760 Slavin Liu (1): ipvs: fix ipv4 null-ptr-deref in route error path Song Liu (2): ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() livepatch: Match old_sympos 0 and 1 in klp_find_func() Srinivas Kandagatla (5): rpmsg: glink: fix rpmsg device leak ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr ASoC: qcom: q6asm-dai: perform correct state check before closing ASoC: qcom: q6adm: the the copp device only during last instance ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Stanley Chu (1): i3c: master: svc: Prevent incomplete IBI transaction Stefan Haberland (1): s390/dasd: Fix gendisk parent after copy pair swap Stefan Kalscheuer (1): leds: spi-byte: Use devm_led_classdev_register_ext() Stefano Garzarella (1): vhost/vsock: improve RCU read sections around vhost_vsock_get() Stephan Gerhold (1): iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Steven Rostedt (3): ktest.pl: Fix uninitialized var in config-bisect.pl tracing: Do not register unsupported perf events tracing: Fix fixed array of synthetic event Sven Eckelmann (Plasma Cloud) (1): wifi: mt76: Fix DTS power-limits on little endian systems Sven Schnelle (3): s390/ipl: Clear SBP flag when bootprog is set parisc: entry.S: fix space adjustment on interruption for 64-bit userspace parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Takashi Iwai (2): ALSA: wavefront: Use standard print API ALSA: wavefront: Use guard() for spin locks Tengda Wu (1): x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Tetsuo Handa (3): bfs: Reconstruct file type when loading from disk hfsplus: Verify inode mode when loading from disk jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key Thadeu Lima de Souza Cascardo (1): net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Thangaraj Samynathan (1): net: lan743x: Allocate rings outside ZONE_DMA Thierry Bultel (1): clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register Thomas Fourier (4): block: rnbd-clt: Fix leaked ID in init_dev() platform/x86: msi-laptop: add missing sysfs_remove_group() firewire: nosy: Fix dma_free_coherent() size RDMA/bnxt_re: fix dma_free_coherent() pointer Thomas Zimmermann (1): drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Thorsten Blum (2): crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Tianchu Chen (1): char: applicom: fix NULL pointer dereference in ac_ioctl Tiezhu Yang (1): LoongArch: Use unsigned long for _end and _text Tim Harvey (4): arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl arm64: dts: imx8mp-venice-gw702x: remove off-board uart arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 Timur Tabi (1): drm/nouveau: restrict the flush page to a 32-bit address Tingmao Wang (1): fs/9p: Don't open remote file with APPEND mode when writeback cache is used Toke Høiland-Jørgensen (1): net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Tony Battersby (4): scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive scsi: qla2xxx: Use reinit_completion on mbx_intr_comp scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Trond Myklebust (9): NFS: Avoid changing nlink when file removes and attribute updates race NFS: Initialise verifiers for visible dentries in readdir and lookup NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Revert "nfs: ignore SB_RDONLY when remounting nfs" Revert "nfs: clear SB_RDONLY before getting superblock" Revert "nfs: ignore SB_RDONLY when mounting nfs" NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Expand the type of nfs_fattr->valid NFS: Fix inheritance of the block sizes when automounting Tzung-Bi Shih (1): platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Udipto Goswami (1): usb: dwc3: keep susphy enabled during exit to avoid controller faults Uladzislau Rezki (Sony) (1): dm-ebs: Mark full buffer dirty even on partial write Usama Arif (2): x86/boot: Fix page table access in 5-level to 4-level paging transition efi/libstub: Fix page table access in 5-level to 4-level paging transition Uwe Kleine-König (2): staging: most: i2c: Drop explicit initialization of struct i2c_device_id::driver_data to 0 pwm: bcm2835: Make sure the channel is enabled after pwm_request() Viacheslav Dubeyko (2): hfsplus: fix volume corruption issue for generic/070 hfsplus: fix volume corruption issue for generic/073 Victor Nogueira (1): net/sched: ets: Remove drr class from the active list if it changes to strict Vishwaroop A (1): spi: tegra210-quad: Fix timeout handling Vladimir Oltean (1): net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Vladimir Zapolskiy (1): clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other Wang Liang (1): netrom: Fix memory leak in nr_sendmsg() WangYuli (1): LoongArch: Use __pmd()/__pte() for swap entry conversions Wei Fang (3): net: fec: ERR007885 Workaround for XDP TX path net: enetc: do not transmit redirected XDP frames when the link is down net: stmmac: fix the crash issue for zero copy XDP_TX action Wenhua Lin (1): serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Wentao Guan (1): gpio: regmap: Fix memleak in error path in gpio_regmap_register() Wentao Liang (1): pmdomain: imx: Fix reference count leak in imx_gpc_probe() Will Rosenberg (1): ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() Wolfram Sang (2): ARM: dts: renesas: gose: Remove superfluous port property ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties Xiang Mei (1): net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Xiaole He (1): f2fs: fix age extent cache insertion skip on counter overflow Xiaolei Wang (1): net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Xin Long (1): ipv6: add exception routes to GC list in rt6_insert_exception Xuanqiang Luo (2): rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() inet: Avoid ehash lookup race in inet_ehash_insert() Yang Chenzhi (1): hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Ye Bin (4): jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted jbd2: fix the inconsistency between checksum and data in memory for journal sb ext4: introduce ITAIL helper ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() Yegor Yefremov (1): ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels Yeoreum Yun (1): smc91x: fix broken irq-context in PREEMPT_RT Yipeng Zou (1): selftests/ftrace: traceonoff_triggers: strip off names Yiqi Sun (1): smb: fix invalid username check in smb3_fs_context_parse_param() Yongjian Sun (2): ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation ext4: fix incorrect group number assertion in mb_check_buddy Yosry Ahmed (6): KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() KVM: nSVM: Fix and simplify LBR virtualization handling with nested KVM: SVM: Fix redundant updates of LBR MSR intercepts Yu Kuai (1): md/raid5: fix IO hang when array is broken with IO inflight Yuezhang Mo (1): exfat: fix remount failure in different process environments Zenm Chen (1): wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 Zhang Yi (1): ext4: correct the checking of quota files before moving extents Zhang Zekun (1): usb: ohci-nxp: Use helper function devm_clk_get_enabled() Zhao Yipeng (1): ima: Handle error code returned by ima_filter_rule_match() Zheng Qixing (2): nbd: defer config put in recv_work nbd: defer config unlock in nbd_genl_connect Zheng Yejian (1): kallsyms: Fix wrong "big" kernel symbol type read from procfs Zhichi Lin (1): scs: fix a wrong parameter in __scs_magic Zhu Yanjun (4): RDMA/rxe: Fix null deref on srq->rq.queue after resize failure RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem RDMA/rxe: Remove the direct link to net_device RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests Zilin Guan (4): scsi: qla2xxx: Fix improper freeing of purex item mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() cifs: Fix memory and information leak in smb3_reconfigure() ksmbd: Fix memory leak in get_file_all_info() caoping (1): net/handshake: restore destructor on submit failure fuqiang wang (2): KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer nieweiqiang (1): crypto: hisilicon/qm - restore original qos values shechenglong (1): block: fix comment for op_is_zone_mgmt() to include RESET_ALL sparkhuang (1): regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex xu xin (1): mm/ksm: fix exec/fork inheritance support for prctl Łukasz Bartosik (1): xhci: dbgtty: fix device unregister: fixup

2 days, 12 hours

1
1
0 0

Linux 6.1.160

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.160 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pci/amlogic,axg-pcie.yaml | 134 +++++ Documentation/devicetree/bindings/pci/amlogic,meson-pcie.txt | 70 -- Documentation/driver-api/tty/tty_port.rst | 5 Documentation/filesystems/mount_api.rst | 1 Documentation/process/2.Process.rst | 6 Makefile | 2 arch/arm/boot/dts/sama5d2.dtsi | 10 arch/arm/boot/dts/sama7g5.dtsi | 4 arch/arm/include/asm/word-at-a-time.h | 10 arch/arm64/boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 arch/arm64/kvm/Makefile | 3 arch/arm64/net/bpf_jit_comp.c | 2 arch/loongarch/include/asm/pgtable.h | 4 arch/loongarch/kernel/machine_kexec.c | 24 arch/loongarch/kernel/setup.c | 8 arch/loongarch/net/bpf_jit.c | 2 arch/loongarch/pci/pci.c | 2 arch/mips/sgi-ip22/ip22-gio.c | 3 arch/parisc/kernel/asm-offsets.c | 2 arch/parisc/kernel/entry.S | 16 arch/powerpc/boot/addnote.c | 7 arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 arch/powerpc/include/asm/kfence.h | 11 arch/powerpc/kernel/entry_32.S | 10 arch/powerpc/kernel/process.c | 5 arch/powerpc/kexec/core_64.c | 19 arch/powerpc/mm/book3s32/tlb.c | 9 arch/powerpc/mm/book3s64/internal.h | 2 arch/powerpc/mm/book3s64/mmu_context.c | 2 arch/powerpc/mm/book3s64/radix_pgtable.c | 84 +++ arch/powerpc/mm/book3s64/slb.c | 88 --- arch/powerpc/mm/init-common.c | 3 arch/powerpc/mm/ptdump/hashpagetable.c | 6 arch/powerpc/platforms/pseries/cmm.c | 5 arch/riscv/kvm/vcpu_insn.c | 22 arch/s390/kernel/smp.c | 1 arch/x86/boot/compressed/pgtable_64.c | 11 arch/x86/crypto/blake2s-core.S | 4 arch/x86/entry/common.c | 72 -- arch/x86/events/amd/core.c | 7 arch/x86/events/intel/core.c | 4 arch/x86/include/asm/kvm_host.h | 46 + arch/x86/include/asm/ptrace.h | 20 arch/x86/kernel/dumpstack.c | 23 arch/x86/kvm/lapic.c | 32 - arch/x86/kvm/mmu/mmu.c | 5 arch/x86/kvm/mmu/mmu_internal.h | 12 arch/x86/kvm/mmu/paging_tmpl.h | 4 arch/x86/kvm/svm/nested.c | 6 arch/x86/kvm/svm/svm.c | 68 +- arch/x86/kvm/svm/svm.h | 7 arch/x86/kvm/vmx/nested.c | 2 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 61 +- arch/x86/mm/pat/memtype.c | 50 + arch/x86/xen/enlighten_pv.c | 69 ++ block/blk-mq.c | 103 +++ block/genhd.c | 2 crypto/af_alg.c | 5 crypto/algif_hash.c | 3 crypto/algif_rng.c | 3 crypto/asymmetric_keys/asymmetric_type.c | 14 crypto/seqiv.c | 8 drivers/acpi/acpica/nswalk.c | 9 drivers/acpi/apei/ghes.c | 16 drivers/acpi/cppc_acpi.c | 3 drivers/acpi/processor_core.c | 2 drivers/acpi/property.c | 9 drivers/amba/tegra-ahb.c | 1 drivers/base/power/runtime.c | 22 drivers/block/floppy.c | 2 drivers/block/nbd.c | 5 drivers/block/ps3disk.c | 4 drivers/block/rnbd/rnbd-clt.c | 13 drivers/block/rnbd/rnbd-clt.h | 2 drivers/bluetooth/btusb.c | 14 drivers/bus/ti-sysc.c | 11 drivers/char/applicom.c | 5 drivers/char/ipmi/ipmi_msghandler.c | 20 drivers/char/tpm/tpm-chip.c | 1 drivers/char/tpm/tpm1-cmd.c | 5 drivers/char/tpm/tpm2-cmd.c | 8 drivers/char/virtio_console.c | 2 drivers/clk/mvebu/cp110-system-controller.c | 20 drivers/clk/renesas/r9a06g032-clocks.c | 34 + drivers/clk/renesas/renesas-cpg-mssr.c | 11 drivers/comedi/comedi_fops.c | 42 + drivers/comedi/drivers/c6xdigio.c | 46 + drivers/comedi/drivers/multiq3.c | 9 drivers/comedi/drivers/pcl818.c | 5 drivers/cpufreq/cpufreq-nforce2.c | 3 drivers/cpufreq/s5pv210-cpufreq.c | 6 drivers/crypto/ccree/cc_buffer_mgr.c | 6 drivers/crypto/hisilicon/qm.c | 14 drivers/dma/idxd/init.c | 1 drivers/firewire/nosy.c | 10 drivers/firmware/arm_scmi/notify.c | 1 drivers/firmware/efi/cper-arm.c | 52 - drivers/firmware/efi/cper.c | 60 ++ drivers/firmware/efi/libstub/x86-5lvl.c | 4 drivers/firmware/imx/imx-scu-irq.c | 8 drivers/firmware/stratix10-svc.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 44 - drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 58 -- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 61 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 12 drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 8 drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 12 drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 17 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 drivers/gpu/drm/gma500/framebuffer.c | 42 - drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 - drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 drivers/gpu/drm/mediatek/mtk_dp.c | 1 drivers/gpu/drm/mgag200/mgag200_mode.c | 25 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 drivers/gpu/drm/vgem/vgem_fence.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 drivers/gpu/host1x/syncpt.c | 4 drivers/hid/hid-apple.c | 1 drivers/hid/hid-elecom.c | 6 drivers/hid/hid-ids.h | 3 drivers/hid/hid-input.c | 18 drivers/hid/hid-logitech-dj.c | 56 -- drivers/hid/hid-quirks.c | 3 drivers/hwmon/ibmpex.c | 9 drivers/hwmon/max16065.c | 7 drivers/hwmon/sy7636a-hwmon.c | 7 drivers/hwmon/tmp401.c | 2 drivers/hwmon/w83791d.c | 17 drivers/hwmon/w83l786ng.c | 26 drivers/hwtracing/coresight/coresight-etm4x-core.c | 130 +++- drivers/hwtracing/intel_th/core.c | 20 drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 drivers/i3c/master.c | 40 + drivers/i3c/master/svc-i3c-master.c | 22 drivers/iio/adc/ti_am335x_adc.c | 2 drivers/infiniband/core/addr.c | 33 - drivers/infiniband/core/cma.c | 3 drivers/infiniband/core/device.c | 5 drivers/infiniband/core/verbs.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 drivers/infiniband/hw/efa/efa_verbs.c | 4 drivers/infiniband/hw/irdma/ctrl.c | 3 drivers/infiniband/hw/irdma/pble.c | 6 drivers/infiniband/hw/irdma/utils.c | 3 drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 drivers/input/serio/i8042-acpipnpio.h | 7 drivers/input/touchscreen/ti_am335x_tsc.c | 2 drivers/interconnect/qcom/msm8996.c | 1 drivers/iommu/amd/init.c | 43 - drivers/iommu/apple-dart.c | 2 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 - drivers/iommu/arm/arm-smmu/arm-smmu.c | 12 drivers/iommu/arm/arm-smmu/qcom_iommu.c | 56 +- drivers/iommu/exynos-iommu.c | 9 drivers/iommu/ipmmu-vmsa.c | 2 drivers/iommu/mtk_iommu.c | 78 ++ drivers/iommu/mtk_iommu_v1.c | 30 - drivers/iommu/omap-iommu.c | 2 drivers/iommu/omap-iommu.h | 2 drivers/iommu/sun50i-iommu.c | 2 drivers/iommu/tegra-smmu.c | 5 drivers/irqchip/irq-bcm7038-l1.c | 8 drivers/irqchip/irq-bcm7120-l2.c | 17 drivers/irqchip/irq-brcmstb-l2.c | 12 drivers/irqchip/irq-imx-mu-msi.c | 14 drivers/irqchip/irq-mchp-eic.c | 2 drivers/irqchip/qcom-irq-combiner.c | 2 drivers/isdn/capi/capi.c | 8 drivers/leds/flash/leds-aat1290.c | 2 drivers/leds/led-class.c | 2 drivers/leds/leds-lp50xx.c | 67 +- drivers/leds/leds-netxbig.c | 36 - drivers/leds/leds-spi-byte.c | 11 drivers/macintosh/mac_hid.c | 3 drivers/md/dm-bufio.c | 10 drivers/md/dm-ebs-target.c | 2 drivers/md/dm-log-writes.c | 1 drivers/md/dm-raid.c | 2 drivers/md/md.c | 16 drivers/md/md.h | 17 drivers/md/raid5.c | 6 drivers/media/cec/core/cec-core.c | 1 drivers/media/common/videobuf2/videobuf2-dma-contig.c | 1 drivers/media/i2c/adv7604.c | 4 drivers/media/i2c/adv7842.c | 11 drivers/media/i2c/msp3400-kthreads.c | 2 drivers/media/i2c/tda1997x.c | 1 drivers/media/platform/amphion/vpu_malone.c | 35 - drivers/media/platform/amphion/vpu_v4l2.c | 28 - drivers/media/platform/amphion/vpu_v4l2.h | 18 drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_vpu.c | 4 drivers/media/platform/renesas/rcar_drif.c | 1 drivers/media/platform/samsung/exynos4-is/media-dev.c | 10 drivers/media/platform/ti/davinci/vpif_capture.c | 4 drivers/media/platform/ti/davinci/vpif_display.c | 4 drivers/media/platform/verisilicon/hantro_g2.c | 88 ++- drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 17 drivers/media/platform/verisilicon/hantro_g2_regs.h | 13 drivers/media/platform/verisilicon/hantro_g2_vp9_dec.c | 2 drivers/media/platform/verisilicon/hantro_hw.h | 1 drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 drivers/media/rc/st_rc.c | 2 drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 drivers/media/usb/dvb-usb/dtv5100.c | 5 drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 drivers/mfd/altera-sysmgr.c | 2 drivers/mfd/da9055-core.c | 1 drivers/mfd/max77620.c | 15 drivers/mfd/mt6358-irq.c | 1 drivers/mfd/mt6397-irq.c | 1 drivers/misc/vmw_balloon.c | 3 drivers/mmc/host/Kconfig | 4 drivers/mmc/host/sdhci-msm.c | 27 - drivers/mtd/lpddr/lpddr_cmds.c | 8 drivers/mtd/nand/raw/renesas-nand-controller.c | 5 drivers/net/can/usb/gs_usb.c | 2 drivers/net/dsa/b53/b53_common.c | 3 drivers/net/dsa/sja1105/sja1105_static_config.c | 6 drivers/net/ethernet/broadcom/b44.c | 3 drivers/net/ethernet/cadence/macb_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 drivers/net/ethernet/intel/e1000/e1000_main.c | 10 drivers/net/ethernet/intel/i40e/i40e.h | 15 drivers/net/ethernet/intel/i40e/i40e_client.c | 20 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 drivers/net/ethernet/intel/i40e/i40e_main.c | 15 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 10 drivers/net/ethernet/intel/i40e/i40e_txrx.h | 2 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 drivers/net/ethernet/intel/iavf/iavf_main.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 122 ++++ drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 2 drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 3 drivers/net/ethernet/mellanox/mlx5/core/main.c | 10 drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 17 drivers/net/ethernet/microchip/lan743x_main.c | 3 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/smsc/smc91x.c | 10 drivers/net/ethernet/stmicro/stmmac/chain_mode.c | 10 drivers/net/ethernet/stmicro/stmmac/common.h | 40 - drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 48 + drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 3 drivers/net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 19 drivers/net/ethernet/stmicro/stmmac/dwmac100_dma.c | 17 drivers/net/ethernet/stmicro/stmmac/dwmac4.h | 101 +++ drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 50 + drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 16 drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 201 ++++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 92 ++- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 120 ++-- drivers/net/ethernet/stmicro/stmmac/dwmac_dma.h | 22 drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 30 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 9 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_descs.c | 4 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 83 ++- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 19 drivers/net/ethernet/stmicro/stmmac/hwif.h | 172 +++--- drivers/net/ethernet/stmicro/stmmac/norm_desc.c | 15 drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 10 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 118 +++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 253 +++++++-- drivers/net/fjes/fjes_hw.c | 12 drivers/net/ipvlan/ipvlan_core.c | 3 drivers/net/mdio/mdio-aspeed.c | 7 drivers/net/phy/adin1100.c | 2 drivers/net/phy/mscc/mscc_main.c | 6 drivers/net/team/team.c | 2 drivers/net/usb/asix_common.c | 5 drivers/net/usb/rtl8150.c | 2 drivers/net/usb/sr9700.c | 4 drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/wmi.c | 7 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 drivers/net/wireless/mediatek/mt76/eeprom.c | 37 - drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 - drivers/net/wireless/st/cw1200/bh.c | 6 drivers/nfc/pn533/usb.c | 2 drivers/nvme/host/fc.c | 6 drivers/parisc/gsc.c | 4 drivers/pci/controller/dwc/pci-keystone.c | 2 drivers/pci/controller/dwc/pcie-designware.h | 2 drivers/pci/controller/pcie-brcmstb.c | 10 drivers/pci/pci-driver.c | 4 drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 drivers/pinctrl/pinctrl-single.c | 25 drivers/pinctrl/qcom/pinctrl-msm.c | 2 drivers/pinctrl/stm32/pinctrl-stm32.c | 2 drivers/platform/chrome/cros_ec_ishtp.c | 1 drivers/platform/x86/acer-wmi.c | 4 drivers/platform/x86/asus-wmi.c | 8 drivers/platform/x86/huawei-wmi.c | 4 drivers/platform/x86/ibm_rtl.c | 2 drivers/platform/x86/intel/chtwc_int33fe.c | 29 - drivers/platform/x86/intel/hid.c | 12 drivers/platform/x86/msi-laptop.c | 3 drivers/power/supply/apm_power.c | 3 drivers/power/supply/cw2015_battery.c | 8 drivers/power/supply/wm831x_power.c | 10 drivers/pwm/pwm-bcm2835.c | 28 - drivers/pwm/pwm-stm32.c | 3 drivers/regulator/core.c | 37 - drivers/remoteproc/qcom_q6v5_wcss.c | 8 drivers/rpmsg/qcom_glink_native.c | 8 drivers/rtc/rtc-gamecube.c | 4 drivers/s390/block/dasd_eckd.c | 8 drivers/s390/crypto/ap_bus.c | 8 drivers/scsi/aic94xx/aic94xx_init.c | 3 drivers/scsi/qla2xxx/qla_def.h | 1 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_isr.c | 32 - drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_mid.c | 4 drivers/scsi/qla2xxx/qla_os.c | 14 drivers/scsi/sim710.c | 2 drivers/scsi/smartpqi/smartpqi.h | 19 drivers/scsi/smartpqi/smartpqi_init.c | 264 +++++++--- drivers/scsi/stex.c | 1 drivers/soc/actions/owl-sps.c | 16 drivers/soc/amlogic/meson-canvas.c | 5 drivers/soc/imx/gpc.c | 12 drivers/soc/qcom/ocmem.c | 2 drivers/soc/qcom/smem.c | 3 drivers/soc/rockchip/pm_domains.c | 13 drivers/spi/Kconfig | 2 drivers/spi/spi-cadence-quadspi.c | 113 ++++ drivers/spi/spi-fsl-spi.c | 2 drivers/spi/spi-imx.c | 15 drivers/spi/spi-tegra210-quad.c | 22 drivers/spi/spi-xilinx.c | 2 drivers/staging/fbtft/fbtft-core.c | 4 drivers/staging/greybus/uart.c | 7 drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 drivers/target/target_core_configfs.c | 1 drivers/target/target_core_transport.c | 1 drivers/tty/serial/8250/8250_pci.c | 37 + drivers/tty/serial/atmel_serial.c | 5 drivers/tty/serial/clps711x.c | 4 drivers/tty/serial/cpm_uart/cpm_uart_core.c | 5 drivers/tty/serial/imx.c | 4 drivers/tty/serial/lantiq.c | 4 drivers/tty/serial/serial_core.c | 13 drivers/tty/serial/sprd_serial.c | 6 drivers/tty/serial/st-asc.c | 4 drivers/tty/serial/uartlite.c | 12 drivers/tty/serial/xilinx_uartps.c | 5 drivers/tty/tty_port.c | 17 drivers/ufs/core/ufshcd.c | 7 drivers/uio/uio_fsl_elbc_gpcm.c | 7 drivers/usb/class/cdc-acm.c | 7 drivers/usb/core/message.c | 2 drivers/usb/dwc2/platform.c | 16 drivers/usb/dwc3/dwc3-of-simple.c | 7 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 3 drivers/usb/gadget/udc/lpc32xx_udc.c | 20 drivers/usb/gadget/udc/tegra-xudc.c | 6 drivers/usb/host/ohci-nxp.c | 20 drivers/usb/host/xhci-dbgtty.c | 2 drivers/usb/host/xhci-hub.c | 2 drivers/usb/host/xhci-mem.c | 10 drivers/usb/host/xhci-ring.c | 8 drivers/usb/host/xhci.h | 16 drivers/usb/misc/chaoskey.c | 16 drivers/usb/phy/phy-fsl-usb.c | 1 drivers/usb/phy/phy-isp1301.c | 7 drivers/usb/phy/phy.c | 4 drivers/usb/renesas_usbhs/pipe.c | 2 drivers/usb/serial/belkin_sa.c | 28 - drivers/usb/serial/ftdi_sio.c | 72 -- drivers/usb/serial/kobil_sct.c | 18 drivers/usb/serial/option.c | 22 drivers/usb/serial/usb-serial.c | 7 drivers/usb/storage/unusual_uas.h | 2 drivers/usb/typec/ucsi/ucsi.c | 6 drivers/usb/usbip/vhci_hcd.c | 6 drivers/vhost/vsock.c | 15 drivers/video/backlight/led_bl.c | 18 drivers/video/fbdev/gbefb.c | 5 drivers/video/fbdev/pxafb.c | 12 drivers/video/fbdev/ssd1307fb.c | 4 drivers/video/fbdev/tcx.c | 2 drivers/virtio/virtio_balloon.c | 4 drivers/virtio/virtio_vdpa.c | 2 drivers/watchdog/via_wdt.c | 1 drivers/watchdog/wdat_wdt.c | 64 +- fs/bfs/inode.c | 19 fs/btrfs/ioctl.c | 4 fs/btrfs/scrub.c | 5 fs/btrfs/tree-log.c | 46 + fs/btrfs/volumes.c | 1 fs/exfat/super.c | 19 fs/ext4/ext4.h | 1 fs/ext4/ialloc.c | 1 fs/ext4/inline.c | 14 fs/ext4/inode.c | 1 fs/ext4/mballoc.c | 58 +- fs/ext4/move_extent.c | 2 fs/ext4/orphan.c | 4 fs/ext4/super.c | 70 +- fs/ext4/xattr.c | 6 fs/f2fs/data.c | 17 fs/f2fs/debug.c | 3 fs/f2fs/f2fs.h | 34 - fs/f2fs/file.c | 89 ++- fs/f2fs/inode.c | 20 fs/f2fs/namei.c | 6 fs/f2fs/recovery.c | 12 fs/f2fs/super.c | 56 +- fs/f2fs/xattr.c | 30 - fs/f2fs/xattr.h | 10 fs/fscache/main.c | 1 fs/fuse/file.c | 26 fs/gfs2/lops.c | 2 fs/gfs2/super.c | 4 fs/hfsplus/bnode.c | 4 fs/hfsplus/dir.c | 7 fs/hfsplus/inode.c | 32 + fs/jbd2/journal.c | 14 fs/jbd2/transaction.c | 21 fs/lockd/svc4proc.c | 4 fs/lockd/svclock.c | 21 fs/lockd/svcproc.c | 5 fs/locks.c | 13 fs/nfs/client.c | 21 fs/nfs/dir.c | 27 - fs/nfs/inode.c | 2 fs/nfs/internal.h | 3 fs/nfs/namespace.c | 11 fs/nfs/nfs4client.c | 18 fs/nfs/pnfs.c | 1 fs/nfs/super.c | 36 - fs/nfsd/blocklayout.c | 7 fs/nfsd/export.c | 2 fs/nfsd/nfs4state.c | 4 fs/nfsd/nfs4xdr.c | 5 fs/nfsd/vfs.c | 2 fs/nls/nls_base.c | 27 - fs/notify/fsnotify.c | 9 fs/ntfs3/frecord.c | 43 + fs/ntfs3/fsntfs.c | 9 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs_fs.h | 9 fs/ntfs3/run.c | 6 fs/ocfs2/alloc.c | 1 fs/ocfs2/move_extents.c | 8 fs/ocfs2/suballoc.c | 10 fs/smb/client/fs_context.c | 2 fs/smb/server/mgmt/tree_connect.c | 18 fs/smb/server/mgmt/tree_connect.h | 1 fs/smb/server/mgmt/user_session.c | 4 fs/smb/server/smb2pdu.c | 16 fs/smb/server/smbacl.c | 16 fs/smb/server/transport_ipc.c | 7 fs/smb/server/vfs.c | 5 fs/xfs/xfs_buf_item.c | 1 include/linux/balloon_compaction.h | 43 - include/linux/blk_types.h | 5 include/linux/compiler_types.h | 13 include/linux/cper.h | 12 include/linux/filter.h | 16 include/linux/fs_context.h | 1 include/linux/genalloc.h | 1 include/linux/hugetlb.h | 4 include/linux/ieee80211.h | 4 include/linux/if_bridge.h | 6 include/linux/kasan.h | 15 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 12 include/linux/nfs_fs_sb.h | 7 include/linux/nfs_xdr.h | 54 +- include/linux/pgtable.h | 34 + include/linux/platform_data/lp855x.h | 4 include/linux/rculist_nulls.h | 59 ++ include/linux/reset.h | 1 include/linux/sched/isolation.h | 12 include/linux/sched/topology.h | 3 include/linux/security.h | 2 include/linux/serial_core.h | 2 include/linux/stmmac.h | 20 include/linux/tpm.h | 8 include/linux/tty_port.h | 21 include/linux/virtio_config.h | 4 include/media/v4l2-mem2mem.h | 3 include/net/cfg80211.h | 70 ++ include/net/mac80211.h | 73 ++ include/net/netfilter/nf_conntrack_count.h | 17 include/net/sock.h | 13 include/net/xfrm.h | 13 include/sound/snd_wavefront.h | 4 include/uapi/linux/mptcp.h | 1 include/uapi/linux/nl80211.h | 49 + include/uapi/sound/asound.h | 2 io_uring/openclose.c | 2 io_uring/poll.c | 9 kernel/bpf/syscall.c | 3 kernel/bpf/trampoline.c | 3 kernel/cgroup/cpuset.c | 35 + kernel/dma/pool.c | 2 kernel/fork.c | 5 kernel/kallsyms.c | 5 kernel/livepatch/core.c | 8 kernel/locking/spinlock_debug.c | 4 kernel/resource.c | 95 +-- kernel/sched/core.c | 3 kernel/sched/cpudeadline.c | 34 - kernel/sched/cpudeadline.h | 4 kernel/sched/deadline.c | 8 kernel/sched/fair.c | 75 +- kernel/sched/features.h | 5 kernel/sched/sched.h | 7 kernel/sched/topology.c | 6 kernel/scs.c | 2 kernel/trace/ftrace.c | 40 + kernel/trace/trace_events.c | 2 lib/idr.c | 2 lib/vsprintf.c | 6 mm/balloon_compaction.c | 9 mm/damon/core-test.h | 88 +++ mm/damon/vaddr-test.h | 26 mm/hugetlb.c | 4 mm/kasan/common.c | 17 mm/memory.c | 10 mm/mempolicy.c | 2 mm/mprotect.c | 125 ++-- mm/mremap.c | 2 mm/vmalloc.c | 4 net/bluetooth/rfcomm/tty.c | 7 net/bridge/br_ioctl.c | 36 + net/bridge/br_private.h | 4 net/caif/cffrml.c | 9 net/ceph/osdmap.c | 116 +--- net/core/dev_ioctl.c | 16 net/core/filter.c | 9 net/core/page_pool.c | 27 - net/ethtool/ioctl.c | 134 +++-- net/hsr/hsr_forward.c | 2 net/ipv4/fib_trie.c | 7 net/ipv4/inet_hashtables.c | 8 net/ipv4/ipcomp.c | 2 net/ipv6/calipso.c | 3 net/ipv6/ip6_gre.c | 9 net/ipv6/ipcomp6.c | 2 net/ipv6/xfrm6_tunnel.c | 2 net/key/af_key.c | 2 net/mac80211/cfg.c | 70 ++ net/mac80211/chan.c | 2 net/mac80211/ieee80211_i.h | 27 - net/mac80211/mlme.c | 163 ++++++ net/mac80211/rx.c | 5 net/mac80211/tx.c | 144 +++++ net/mptcp/options.c | 10 net/mptcp/pm_netlink.c | 3 net/mptcp/protocol.c | 16 net/mptcp/protocol.h | 5 net/mptcp/subflow.c | 9 net/netfilter/ipvs/ip_vs_xmit.c | 3 net/netfilter/nf_conncount.c | 200 +++++-- net/netfilter/nft_connlimit.c | 34 - net/netfilter/nft_flow_offload.c | 9 net/netfilter/xt_connlimit.c | 14 net/netrom/nr_out.c | 4 net/nfc/core.c | 9 net/openvswitch/conntrack.c | 16 net/openvswitch/flow_netlink.c | 13 net/openvswitch/vport-netdev.c | 17 net/rose/af_rose.c | 2 net/sched/sch_cake.c | 58 +- net/sched/sch_ets.c | 6 net/sctp/socket.c | 5 net/socket.c | 19 net/sunrpc/auth_gss/svcauth_gss.c | 3 net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 net/wireless/chan.c | 69 ++ net/wireless/core.h | 5 net/wireless/nl80211.c | 162 +++++- net/wireless/nl80211.h | 3 net/wireless/rdev-ops.h | 17 net/wireless/sme.c | 14 net/wireless/trace.h | 25 net/wireless/util.c | 4 net/xfrm/xfrm_ipcomp.c | 1 net/xfrm/xfrm_state.c | 41 - net/xfrm/xfrm_user.c | 2 samples/vfs/test-statx.c | 6 samples/watch_queue/watch_test.c | 6 scripts/Makefile.modinst | 4 security/integrity/ima/ima_policy.c | 2 security/keys/trusted-keys/trusted_tpm2.c | 6 security/smack/smack_lsm.c | 41 + sound/firewire/dice/dice-extension.c | 4 sound/firewire/motu/motu-hwdep.c | 7 sound/isa/wavefront/wavefront.c | 61 +- sound/isa/wavefront/wavefront_fx.c | 36 - sound/isa/wavefront/wavefront_midi.c | 148 ++--- sound/isa/wavefront/wavefront_synth.c | 216 ++++---- sound/pci/hda/cs35l41_hda.c | 2 sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 sound/pcmcia/vx/vxpocket.c | 8 sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 sound/soc/codecs/ak4458.c | 10 sound/soc/codecs/ak5558.c | 10 sound/soc/fsl/fsl_xcvr.c | 199 +++++-- sound/soc/fsl/fsl_xcvr.h | 28 + sound/soc/intel/catpt/pcm.c | 4 sound/soc/qcom/qdsp6/q6adm.c | 146 ++--- sound/soc/qcom/qdsp6/q6apm-dai.c | 2 sound/soc/qcom/qdsp6/q6asm-dai.c | 7 sound/soc/stm/stm32_sai.c | 14 sound/soc/stm/stm32_sai_sub.c | 58 +- sound/usb/mixer_us16x08.c | 20 sound/usb/quirks.c | 6 tools/include/linux/interval_tree_generic.h | 187 +++++++ tools/include/nolibc/stdio.h | 4 tools/objtool/elf.c | 99 +-- tools/objtool/include/objtool/elf.h | 3 tools/perf/builtin-record.c | 2 tools/perf/util/symbol.c | 4 tools/testing/ktest/config-bisect.pl | 4 tools/testing/nvdimm/test/nfit.c | 7 tools/testing/radix-tree/idr-test.c | 21 tools/testing/selftests/bpf/prog_tests/perf_branches.c | 22 tools/testing/selftests/bpf/prog_tests/send_signal.c | 5 tools/testing/selftests/bpf/progs/test_perf_branches.c | 3 tools/testing/selftests/ftrace/test.d/ftrace/func_traceonoff_triggers.tc | 5 tools/testing/selftests/net/tap.c | 16 660 files changed, 8143 insertions(+), 4074 deletions(-) Abdun Nihaal (3): wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Aditya Kumar Singh (1): wifi: mac80211: fix switch count in EMA beacons Ahelenia Ziemiańska (1): power: supply: apm_power: only unset own apm_get_power_status Akhil P Oommen (1): drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Alex Deucher (1): drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Alexander Dahl (1): net: phy: adin1100: Fix software power-down ready condition Alexander Sverdlin (1): locking/spinlock/debug: Fix data-race in do_raw_write_lock Alexandru Gagniuc (1): remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Alexei Starovoitov (1): selftests/bpf: Fix failure paths in send_signal test Alexey Kodanev (1): net: stmmac: fix rx limit check in stmmac_rx_zc() Alexey Nepomnyashih (1): ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexey Simakov (3): dm-raid: fix possible NULL dereference with undefined raid type broadcom: b44: prevent uninitialized value usage hwmon: (tmp401) fix overflow caused by default conversion rate value Alexey Velichayshiy (1): gfs2: fix freeze error handling Alice C. Munduruca (1): selftests: net: fix "buffer overflow detected" for tap.c Alison Schofield (1): tools/testing/nvdimm: Use per-DIMM device handle Alok Tiwari (3): virtio_vdpa: fix misleading return in void function RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Aloka Dixit (6): wifi: cfg80211: move puncturing bitmap validation from mac80211 wifi: nl80211: validate and configure puncturing bitmap wifi: mac80211: generate EMA beacons in AP mode cfg80211: support RNR for EMA AP mac80211: support RNR for EMA AP wifi: mac80211: do not use old MBSSID elements Alvaro Gamez Machado (1): spi: xilinx: increase number of retries before declaring stall Amir Goldstein (1): fsnotify: do not generate ACCESS/MODIFY events on child for special files Amitai Gottlieb (1): firmware: arm_scmi: Fix unused notifier-block in unregister Andreas Gruenbacher (1): gfs2: Fix use of bio_chain Andres J Rosa (1): ALSA: uapi: Fix typo in asound.h comment Andrew Halaney (3): net: stmmac: Remove some unnecessary void pointers net: stmmac: Pass stmmac_priv in some callbacks net: stmmac: dwmac4: Allow platforms to specify some DMA/MTL offsets Andrew Morton (1): genalloc.h: fix htmldocs warning Andrey Vatoropin (1): scsi: target: Reset t_task_cdb pointer in error case Andy Shevchenko (6): lib/vsprintf: Check pointer before dereferencing in time_and_date() resource: Replace printk(KERN_WARNING) by pr_warn(), printk() by pr_info() resource: Reuse for_each_resource() macro resource: replace open coded resource_intersection() resource: introduce is_type_match() helper and use it nfsd: Mark variable __maybe_unused to avoid W=1 build break AngeloGioacchino Del Regno (2): iommu/qcom: Use the asid read from device-tree if specified iommu/qcom: Index contexts by asid number to allow asid 0 Anshumali Gaur (1): octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Anton Khirnov (1): platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Anurag Dutta (1): spi: cadence-quadspi: Fix clock disable on probe failure path April Grimoire (1): HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf (3): platform/x86: acer-wmi: Ignore backlight event fs/nls: Fix utf16 to utf8 conversion fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Avraham Stern (1): wifi: nl80211: add a command to enable/disable HW timestamping Azeem Shaikh (1): leds: Replace all non-returning strlcpy with strscpy Bagas Sanjaya (2): Documentation: process: Also mention Sasha Levin as stable tree maintainer net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Baochen Qiang (1): wifi: ath11k: fix peer HE MCS assignment Baokun Li (2): ext4: align max orphan file size with e2fsprogs limit fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Bart Van Assche (1): scsi: target: Do not write NUL characters into ASCII configfs output Bartosz Golaszewski (1): platform/x86: intel: chtwc_int33fe: don't dereference swnode args Bean Huo (1): scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Ben Collins (1): powerpc/addnote: Fix overflow on 32-bit builds Benjamin Berg (1): tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Bijan Tabatabai (1): mm: consider non-anon swap cache folios in folio_expected_ref_count() Brad Larson (1): spi: cadence-quadspi: Add compatible for AMD Pensando Elba SoC Brian Gerst (1): x86/xen: Move Xen upcall handler Byungchul Park (1): jbd2: use a weaker annotation in journal handling Cezary Rojewski (1): ASoC: Intel: catpt: Fix error path in hw_params() Chancel Liu (1): ASoC: fsl_xcvr: Add support for i.MX93 platform Chao Yu (7): f2fs: fix return value of f2fs_recover_fsync_data() f2fs: fix to avoid updating zero-sized extent in extent cache f2fs: remove unused GC_FAILURE_PIN f2fs: fix to avoid updating compression context during writeback f2fs: fix to propagate error from f2fs_enable_checkpoint() f2fs: use global inline_xattr_slab instead of per-sb slab cache f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Chen Changcheng (2): usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Chen Ridong (1): cpuset: Treat cpusets in attaching as populated ChenXiaoSong (1): smb/server: fix return value of smb2_ioctl() Chia-Lin Kao (AceLan) (1): platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Christian Hitz (3): leds: leds-lp50xx: Allow LED 0 to be added to module bank leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs leds: leds-lp50xx: Enable chip before any communication Christian König (1): drm/amdgpu: cleanup scheduler job initialization v2 Christoffer Sandberg (1): Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Christophe JAILLET (2): phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() ASoC: stm32: sai: Use the devm_clk_get_optional() helper Christophe Leroy (2): powerpc/32: Fix unpaired stwcx. on interrupt exit spi: fsl-cpm: Check length parity before switching to 16 bit mode Chuck Lever (2): NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap NFSD: NFSv4 file creation neglects setting ACL Colin Ian King (1): media: pvrusb2: Fix incorrect variable used in trace message Cong Zhang (2): blk-mq: Abort suspend when wakeup events are pending blk-mq: skip CPU offline notify on unmapped hctx Cryolitia PukNgae (1): ACPICA: Avoid walking the Namespace if start_node is NULL Dai Ngo (1): NFSD: use correct reservation type in nfsd4_scsi_fence_client Dan Carpenter (5): drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() block: rnbd-clt: Fix signedness bug in init_dev() wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Daniel Wagner (1): nvme-fc: don't hold rport lock when putting ctrl Daniil Tatianin (2): net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers Dapeng Mi (1): perf/x86/intel: Correct large PEBS flag check Dave Kleikamp (1): dma/pool: eliminate alloc_pages warning in atomic_pool_expand Dave Vasilevsky (1): powerpc, mm: Fix mprotect on book3s 32-bit David Hildenbrand (8): powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION mm/balloon_compaction: we cannot have isolated pages in the balloon list mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages mm: simplify folio_expected_ref_count() x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() mm: (un)track_pfn_copy() fix + doc improvements Deepakkumar Karn (1): net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Deepanshu Kartikey (5): ext4: refresh inline data size before write operations btrfs: fix memory leak of fs_devices in degraded seed device path f2fs: invalidate dentry cache on failed whiteout creation net: usb: asix: validate PHY address before use net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Denis Arefev (1): ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Dinh Nguyen (1): firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Diogo Ivo (1): usb: phy: Initialize struct usb_phy list_head Dmitry Antipov (2): ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() ocfs2: fix memory leak in ocfs2_merge_rec_left() Dmitry Baryshkov (1): interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS Dmitry Skorodumov (1): ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Don Brace (1): scsi: smartpqi: Convert to host_tagset Donet Tom (1): powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dongli Zhang (1): KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit Doug Berger (1): sched/deadline: only set free_cpus for online runqueues Duoming Zhou (4): usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal media: TDA1997x: Remove redundant cancel_delayed_work in probe media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Edward Adam Davis (3): ntfs3: init run lock for extend inode fs/ntfs3: out1 also needs to put mi fs/ntfs3: Prevent memory leaks in add sub record Encrow Thorne (1): reset: fix BIT macro reference Eric Biggers (1): lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Eric Dumazet (1): ip6_gre: make ip6gre_header() robust Ethan Nelson-Moore (1): net: usb: sr9700: fix incorrect command used to write single register Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FE910C04 new compositions USB: serial: option: move Telit 0x10c7 composition in the right place Fangyu Yu (1): RISC-V: KVM: Fix guest page fault within HLV* instructions Fedor Pchelkin (1): ext4: fix string copying in parse_apply_sb_mount_options() Fernando Fernandez Mancera (3): netfilter: nf_conncount: rework API to use sk_buff directly netfilter: nft_connlimit: update the count if add was skipped netfilter: nf_conncount: fix leaked ct in error paths Filipe Manana (2): btrfs: do not skip logging new dentries when logging a new name btrfs: don't log conflicting inode if it's a dir moved in the current transaction Frank Li (1): i3c: fix refcount inconsistency in i3c_master_register Frederic Weisbecker (1): sched/isolation: add cpu_is_isolated() API Gabor Juhos (1): regulator: core: disable supply if enabling main regulator fails Gabriel Krisman Bertazi (1): ext4: fix error message when rejecting the default hash Gal Pressman (1): ethtool: Avoid overflowing userspace buffer on stats query George Kennedy (1): perf/x86/amd: Check event before enable to avoid GPF Gongwei Li (1): Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Gopi Krishna Menon (1): usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Greg Kroah-Hartman (2): Revert "iommu/amd: Skip enabling command/event buffers for kdump" Linux 6.1.160 Gregory Herrero (1): i40e: validate ring_len parameter against hardware-specific values Guangshuo Li (1): e1000: fix OOB in e1000_tbi_should_accept() Gui-Dong Han (3): hwmon: (max16065) Use local variable to avoid TOCTOU hwmon: (w83791d) Convert macros to functions to avoid TOCTOU hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Guido Günther (1): drm/panel: visionox-rm69299: Don't clear all mode flags H. Peter Anvin (1): compiler_types.h: add "auto" as a macro for "__auto_type" Haibo Chen (1): ext4: clear i_state_flags when alloc inode Hans de Goede (2): wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet HID: logitech-dj: Remove duplicate error logging Haotian Zhang (23): soc: qcom: smem: fix hwspinlock resource leak in probe error paths pinctrl: stm32: fix hwspinlock resource leak in probe function mfd: da9055: Fix missing regmap_del_irq_chip() in error path scsi: stex: Fix reboot_notifier leak in probe error path clk: renesas: r9a06g032: Fix memory leak in error path ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls leds: netxbig: Fix GPIO descriptor leak in error paths watchdog: wdat_wdt: Fix ACPI table leak in probe function mfd: mt6397-irq: Fix missing irq_domain_remove() in error path mfd: mt6358-irq: Fix missing irq_domain_remove() in error path crypto: ccree - Correctly handle return of sg_nents_for_len hwmon: sy7636a: Fix regulator_enable resource leak on error path mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors pinctrl: single: Fix incorrect type for error return variable ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() rtc: gamecube: Check the return value of ioremap() dm log-writes: Add missing set_freezable() for freezable kthread ALSA: vxpocket: Fix resource leak in vxpocket_probe error path ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path media: rc: st_rc: Fix reset control resource leak media: cec: Fix debugfs leak on bus_register() failure media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Haotien Hsu (1): usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Haoxiang Li (6): MIPS: Fix a reference leak bug in ip22_check_gio() usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() xfs: fix a memory leak in xfs_buf_item_init() fjes: Add missing iounmap in fjes_hw_init() nfsd: Drop the client reference in client_states_open() media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Hari Bathini (1): powerpc/64s/radix/kfence: map __kfence_pool at page granularity Heiko Carstens (2): s390/smp: Fix fallback CPU detection s390/ap: Don't leak debug feature files if AP instructions are not available Helge Deller (1): parisc: Do not reprogram affinitiy on ASP chip Hengqi Chen (1): LoongArch: BPF: Zero-extend bpf_tail_call() index Herbert Xu (1): crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Herve Codina (1): soc: renesas: r9a06g032-sysctrl: Handle h2mode setting based on USBF presence Honggang LI (1): RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Hongyu Xie (1): usb: xhci: limit run_graceperiod for only usb 3.0 devices Horatiu Vultur (1): phy: mscc: Fix PTP for VSC8574 and VSC8572 Huacai Chen (3): LoongArch: Mask all interrupts during kexec/kdump LoongArch: Add machine_kexec_mask_interrupts() implementation LoongArch: Add new PCI ID for pci_fixup_vgadev() Hugh Dickins (1): mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() Ian Abbott (1): comedi: c6xdigio: Fix invalid PNP driver unregistration Ian Forbes (1): drm/vmwgfx: Use kref in vmw_bo_dirty Ido Schimmel (3): mlxsw: spectrum_router: Fix neighbour use-after-free mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats ipv4: Fix reference count leak when using error routes with nexthop objects Ilias Stamatis (1): Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Ilya Dryomov (1): libceph: make decode_pool() more resilient against corrupted osdmaps Ilya Maximets (1): net: openvswitch: fix middle attribute validation in push_nsh() action Ivan Abramov (4): power: supply: cw2015: Check devm_delayed_work_autocancel() return code power: supply: wm831x: Check wm831x_set_bits() return value media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Ivan Stepchenko (1): mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Ivan Vecera (2): i40e: Refactor argument of several client notification functions i40e: Refactor argument of i40e_detect_recover_hung() Jacky Chou (1): net: mdio: aspeed: add dummy read to avoid read-after-write issue Jaegeuk Kim (2): f2fs: keep POSIX_FADV_NOREUSE ranges f2fs: drop inode from the donation list when the last file is closed Jamal Hadi Salim (1): net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Jang Ingyu (1): RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Janusz Krzysztofik (1): drm/vgem-fence: Fix potential deadlock on release Jared Kangas (1): mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Jarkko Nikula (1): i3c: master: Inherit DMA masks and parameters from parent device Jarkko Sakkinen (2): KEYS: trusted: Fix a memory leak in tpm2_load_cmd tpm: Cap the number of PCR banks Jason Gunthorpe (2): RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly RDMA/cm: Fix leaking the multicast GID table reference Jason Yan (1): ext4: factor out ext4_hash_info_init() Jay Liu (1): drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Jens Axboe (1): io_uring/poll: correctly handle io_poll_add() return value on update Jeongjun Park (2): media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() media: vidtv: initialize local pointers upon transfer of memory ownership Jeremy Kerr (1): i3c: Allow OF-alias-based persistent bus numbering Jia Ston (1): platform/x86: huawei-wmi: add keys for HONOR models Jian Shen (3): net: hns3: using the num_tqps in the vf driver to apply for resources net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx net: hns3: add VLAN id validation before using Jianglei Nie (1): staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Jim Mattson (2): KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Jim Quinlan (1): PCI: brcmstb: Fix disabling L0s capability Jinhui Guo (3): ipmi: Fix the race between __scan_channels() and deliver_response() ipmi: Fix __scan_channels() failing to rescan channels iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Jiri Pirko (1): team: fix check for port enabled in team_queue_override_port_prio_changed() Jiri Slaby (SUSE) (2): tty: introduce and use tty_port_tty_vhangup() helper tty: fix tty_port_tty_*hangup() kernel-doc Jisheng Zhang (5): usb: dwc2: disable platform lowlevel hw resources during shutdown usb: dwc2: fix hang during shutdown if set as peripheral usb: dwc2: fix hang during suspend if set as peripheral net: stmmac: use per-queue 64 bit statistics where necessary net: stmmac: fix incorrect rxq|txq_stats reference Joanne Koong (1): fuse: fix readahead reclaim deadlock Johan Hovold (32): USB: serial: ftdi_sio: match on interface number for jtag USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC irqchip/irq-bcm7038-l1: Fix section mismatch irqchip/irq-bcm7120-l2: Fix section mismatch irqchip/irq-brcmstb-l2: Fix section mismatch irqchip/imx-mu-msi: Fix section mismatch irqchip/qcom-irq-combiner: Fix section mismatch phy: broadcom: bcm63xx-usbh: fix section mismatches usb: phy: isp1301: fix non-OF device reference imbalance amba: tegra-ahb: Fix device leak on SMMU enable soc: qcom: ocmem: fix device leak on lookup soc: amlogic: canvas: fix device leak on lookup ASoC: stm32: sai: fix device leak on probe iommu/apple-dart: fix device leak on of_xlate() iommu/exynos: fix device leak on of_xlate() iommu/ipmmu-vmsa: fix device leak on of_xlate() iommu/mediatek-v1: fix device leak on probe_device() iommu/mediatek: fix device leak on of_xlate() iommu/omap: fix device leaks on probe_device() iommu/sun50i: fix device leak on of_xlate() iommu/tegra: fix device leak on probe_device() mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup media: vpif_capture: fix section mismatch media: vpif_display: fix section mismatch usb: ohci-nxp: fix device leak on probe failure iommu/mediatek: fix use-after-free on probe deferral iommu/mediatek-v1: fix device leaks on probe() ASoC: stm32: sai: fix clk prepare imbalance on probe failure ASoC: stm32: sai: fix OF node leak on probe iommu/qcom: fix device leak on of_xlate() usb: gadget: lpc32xx_udc: fix clock imbalance in error path Johannes Berg (2): wifi: mac80211: mlme: handle EHT channel puncturing wifi: nl80211: fix puncturing bitmap policy Jonas Gorski (1): net: dsa: b53: skip multicast entries for fdb_dump() Jonathan Curley (1): NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Jose Fernandez (1): bpf: Improve program stats run-time calculation Josef Bacik (1): btrfs: don't rewrite ret from inode_permission Josh Poimboeuf (1): objtool: Fix weak symbol detection Joshua Rogers (2): svcrdma: return 0 on success from svc_rdma_copy_inline_range SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf Josua Mayer (1): clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Jouni Malinen (1): wifi: mac80211: Discard Beacon frames to non-broadcast address Juergen Gross (1): x86/xen: Fix sparse warning in enlighten_pv.c Junjie Cao (1): Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Junrui Luo (9): ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events ALSA: firewire-motu: add bounds check in put_user loop for DSP events ALSA: dice: fix buffer overflow in detect_stream_formats() caif: fix integer underflow in cffrml_receive() hwmon: (ibmpex) fix use-after-free in high/low store scsi: aic94xx: fix use-after-free in device removal path platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic ALSA: wavefront: Clear substream pointers on close ALSA: wavefront: Fix integer overflow in sample size validation Justin Stitt (1): KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning Kalesh AP (1): RDMA/bnxt_re: Fix to use correct page size for PDE table Karina Yankevich (1): ext4: xattr: fix null pointer deref in ext4_raw_inode() Kemeng Shi (1): ext4: remove unused return value of __mb_check_buddy Kevin Barnett (1): scsi: smartpqi: Add abort handler Kohei Enju (1): iavf: fix off-by-one issues in iavf_config_rss_reg() Konstantin Andreev (1): smack: fix bug: unprivileged task can create labels Konstantin Komarov (2): fs/ntfs3: Support timestamps prior to epoch fs/ntfs3: fix mount failure for sparse runs in run_unpack() Krzysztof Czurylo (2): RDMA/irdma: Fix data race in irdma_sc_ccq_arm RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Kozlowski (1): mfd: max77620: Fix potential IRQ chip conflict when probing two devices Krzysztof Niemiec (1): drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Kuniyuki Iwashima (2): sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Laurent Pinchart (2): media: v4l2-mem2mem: Fix outdated documentation media: amphion: Make some vpu_v4l2 functions static Leo Yan (3): coresight: etm4x: Correct polling IDLE bit coresight: etm4x: Extract the trace unit controlling coresight: etm4x: Add context synchronization before enabling trace Li Chen (1): block: rate-limit capacity change info log Li Qiang (2): uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe via_wdt: fix critical boot hang due to unnamed resource allocation Linus Torvalds (1): samples: work around glibc redefining some of our defines wrong Liyuan Pang (1): ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Lizhi Xu (2): usbip: Fix locking bug in RT-enabled kernels ext4: filesystems without casefold feature cannot be mounted with siphash Long Li (1): macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Luca Ceresoli (1): backlight: led-bl: Add devlink to supplier LEDs Lukas Wunner (1): PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Lushih Hsieh (1): ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Lyude Paul (1): drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Ma Ke (4): RDMA/rtrs: server: Fix error handling in get_or_create_srv USB: lpc32xx_udc: Fix error handling in probe intel_th: Fix error handling in intel_th_output_open i2c: amd-mp2: fix reference leak in MP2 PCI device Ma Wupeng (1): x86/mm/pat: clear VM_PAT if copy_p4d_range failed Maciej Wieczor-Retman (1): kasan: refactor pcpu kasan vmalloc unpoison Magne Bruno (1): serial: add support of CPCI cards Mahesh Rao (1): firmware: stratix10-svc: Add mutex in stratix10 memory management Mainak Sen (1): gpu: host1x: Fix race in syncpt alloc/free Manivannan Sadhasivam (1): dt-bindings: PCI: amlogic: Fix the register name of the DBI region Mans Rullgard (1): backlight: led_bl: Take led_access lock when required Marc Kleine-Budde (1): can: gs_usb: gs_can_open(): fix error handling Marek Szyprowski (1): media: samsung: exynos4-is: fix potential ABBA deadlock on init Marek Vasut (1): clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback Mark Pearson (1): usb: typec: ucsi: Handle incorrect num_connectors capability Martin KaFai Lau (1): bpf: Check skb->transport_header is set in bpf_skb_check_mtu Martin Nybo Andersen (1): kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules Matt Bobrowski (2): selftests/bpf: skip test_perf_branches_hw() on unsupported platforms selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matthew Wilcox (Oracle) (2): ntfs: Do not overwrite uptodate pages idr: fix idr_alloc() returning an ID out of range Matthias Schiffer (1): ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Matthieu Baerts (NGI0) (1): mptcp: pm: ignore unknown endpoint flags Matthijs Kooijman (1): pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling Mauro Carvalho Chehab (3): efi/cper: Add a new helper function to print bitmasks efi/cper: Adjust infopfx size to accept an extra space efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Maxim Levitsky (1): KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Maximilian Immanuel Brandtner (1): virtio_console: fix order of fields cols and rows Miaoqian Lin (4): usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe cpufreq: nforce2: fix reference count leak in nforce2 media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Michael Margolin (1): RDMA/efa: Remove possible negative shift Michael S. Tsirkin (2): virtio: fix typo in virtio_device_ready() comment virtio: fix virtqueue_set_affinity() docs Michal Pecio (1): usb: xhci: Apply the link chain quirk on NEC isoc endpoints Michal Schmidt (1): RDMA/irdma: avoid invalid read in irdma_net_event Mike McGowen (2): scsi: smartpqi: Remove contention for raid_bypass_cnt scsi: smartpqi: Fix device resources accessed after device removal Mikhail Malyshev (1): kbuild: Use objtree for module signing key path Mikulas Patocka (1): dm-bufio: align write boundary on physical block size Ming Lei (3): blk-mq: don't schedule block kworker on isolated CPUs blk-mq: add helper for checking if one CPU is mapped to specified hctx blk-mq: setup queue ->tag_set before initializing hctx Ming Qian (3): media: amphion: Cancel message work before releasing the VPU core media: amphion: Add a frame flush mode for decoder media: amphion: Remove vpu_vb_is_codecconfig Moshe Shemesh (2): net/mlx5: fw reset, clear reset requested on drain_fw_reset net/mlx5: Drain firmware reset in shutdown callback Namhyung Kim (1): perf tools: Fix split kallsyms DSO counting Namjae Jeon (4): ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ksmbd: Fix refcount leak when invalid session is found on session lookup ksmbd: fix buffer validation by including null terminator size in EA length ksmbd: fix out-of-bounds in parse_sec_desc() Naoki Ueki (1): HID: elecom: Add support for ELECOM M-XT3URBK (018F) Navaneeth K (3): staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Neil Armstrong (1): dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema NeilBrown (1): lockd: fix vfs_test_lock() calls Nicolas Dufresne (2): media: verisilicon: Protect G2 HEVC decoder against invalid DPB index media: verisilicon: Fix CPU stalls on G2 bus error Nicolas Ferre (2): ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Nikita Zhandarovich (3): comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() comedi: multiq3: sanitize config options in multiq3_attach() comedi: check device's attached status in compat ioctls Niklas Neronin (1): usb: xhci: move link chain bit quirk checks into one helper function. Nysal Jan K.A. (1): powerpc/kexec: Enable SMT before waking offline CPUs Oliver Neukum (1): usb: chaoskey: fix locking for O_NONBLOCK Omar Sandoval (1): KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Ondrej Mosnacek (2): fs_context: drop the unused lsm_flags member bpf, arm64: Do not audit capability check in do_jit() Pablo Neira Ayuso (1): netfilter: flowtable: check for maximum number of encapsulations in bridge vlan Paolo Abeni (2): mptcp: avoid deadlock on fallback while reinjecting mptcp: fallback earlier on simult connection Parav Pandit (1): net/mlx5: Create a new profile for SFs Pei Xiao (1): iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Peng Fan (2): firmware: imx: scu-irq: fix OF node leak in firmware: imx: scu-irq: Init workqueue before request mbox channel Pengjie Zhang (1): ACPI: CPPC: Fix missing PCC check for guaranteed_perf Peter Xu (1): mm/mprotect: use long for page accountings and retval Peter Zijlstra (6): objtool: Fix find_{symbol,func}_containing() sched/fair: Revert max_newidle_lb_cost bump x86/ptrace: Always inline trivial accessors sched/fair: Small cleanup to sched_balance_newidle() sched/fair: Small cleanup to update_newidle_cost() sched/fair: Proportional newidle balance Petr Tesarik (1): net: stmmac: fix ethtool per-queue statistics Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Ping Cheng (1): HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Praveen Talari (1): pinctrl: qcom: msm: Fix deadlock in pinmux configuration Prithvi Tambewagh (2): ocfs2: fix kernel BUG in ocfs2_find_victim_chain io_uring: fix filename leak in __io_openat_prep() Przemyslaw Korba (1): i40e: fix scheduling in set_rx_mode Pu Lehui (1): bpf: Fix invalid prog->stats access when update_effective_progs fails Pwnverse (1): net: rose: fix invalid array index in rose_kill_by_device() Qianchang Zhao (2): ksmbd: ipc: fix use-after-free in ipc_msg_send_request ksmbd: skip lock-range check on equal size to avoid size==0 underflow Qiang Ma (1): LoongArch: Correct the calculation logic of thread_count Qu Wenruo (1): btrfs: scrub: always update btrfs_scrub_progress::last_physical Rafael J. Wysocki (1): PM: runtime: Do not clear needs_force_resume with enabled runtime PM Randy Dunlap (1): backlight: lp855x: Fix lp855x.h kernel-doc warnings Raphael Pinsonneault-Thibeault (2): ntfs3: fix uninit memory after failed mi_read in mi_format_new Bluetooth: btusb: revert use of devm_kzalloc in btusb Rene Rebe (3): ps3disk: use memcpy_{from,to}_bvec index floppy: fix for PAGE_SIZE != 4KB fbdev: gbefb: fix to use physical address instead of dma address René Rebe (4): ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 r8169: fix RTL8117 Wake-on-Lan in DASH mode fbdev: tcx.c fix mem_map to correct smem_start offset drm/mgag200: Fix big-endian support Revanth Kumar Uppala (1): net: stmmac: Power up SERDES after the PHY link Ria Thomas (1): wifi: ieee80211: correct FILS status codes Ritesh Harjani (IBM) (1): powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Rob Herring (1): pmdomain: Use device_get_match_data() Robin Gong (1): spi: imx: keep dma request disabled before dma transfer setup Sabrina Dubroca (4): xfrm: delete x->tunnel as we delete x Revert "xfrm: destroy xfrm_state synchronously on net exit path" xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added xfrm: flush all states in xfrm_state_fini Sakari Ailus (1): ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Sarthak Garg (1): mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Sean Christopherson (4): KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits KVM: x86/mmu: Use EMULTYPE flag to track write #PFs to shadow pages Sean Nyekjaer (1): pwm: stm32: Always program polarity SeongJae Park (11): mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() mm/damon/tests/core-kunit: handle memory failure from damon_test_target() mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() Sergey Bashirov (1): NFSD/blocklayout: Fix minlength check in proc_layoutget Seunghwan Baek (1): scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Seungjin Bae (2): USB: Fix descriptor count when handling invalid MBIM extended descriptor wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Shaurya Rane (1): net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Shawn Lin (1): PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Shay Drory (3): net/mlx5: fw_tracer, Add support for unrecognized string net/mlx5: fw_tracer, Validate format string parameters net/mlx5: fw_tracer, Handle escaped percent properly Shengjiu Wang (5): ASoC: fsl_xcvr: Add Counter registers ASoC: fsl_xcvr: clear the channel status control memory ASoC: ak4458: Disable regulator when error happens ASoC: ak5558: Disable regulator when error happens ASoC: fsl_xcvr: get channel status data when PHY is not exists Shipei Qu (1): ALSA: usb-mixer: us16x08: validate meter packet indices Shivani Agarwal (1): crypto: af_alg - zero initialize memory allocated via sock_kmalloc Shuai Xue (1): perf record: skip synthesize event when open evsel failed Shuhao Fu (1): cpufreq: s5pv210: fix refcount leak Siddharth Vadapalli (2): PCI: keystone: Exit ks_pcie_probe() for invalid mode arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Sidharth Seela (1): ntfs3: Fix uninit buffer allocated by __getname() Simon Richter (1): drm/ttm: Avoid NULL pointer deref for evicted BOs Slark Xiao (1): USB: serial: option: add Foxconn T99W760 Slavin Liu (1): ipvs: fix ipv4 null-ptr-deref in route error path Song Liu (2): ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() livepatch: Match old_sympos 0 and 1 in klp_find_func() Song Yoong Siang (1): net: stmmac: introduce wrapper for struct xdp_buff Srinivas Kandagatla (5): rpmsg: glink: fix rpmsg device leak ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr ASoC: qcom: q6asm-dai: perform correct state check before closing ASoC: qcom: q6adm: the the copp device only during last instance ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Stanley Chu (1): i3c: master: svc: Prevent incomplete IBI transaction Stefan Haberland (1): s390/dasd: Fix gendisk parent after copy pair swap Stefan Kalscheuer (1): leds: spi-byte: Use devm_led_classdev_register_ext() Stefano Garzarella (1): vhost/vsock: improve RCU read sections around vhost_vsock_get() Stephan Gerhold (1): iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Steven Rostedt (2): ktest.pl: Fix uninitialized var in config-bisect.pl tracing: Do not register unsupported perf events Su Hui (1): net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Sven Eckelmann (Plasma Cloud) (1): wifi: mt76: Fix DTS power-limits on little endian systems Sven Schnelle (2): parisc: entry.S: fix space adjustment on interruption for 64-bit userspace parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Takashi Iwai (2): ALSA: wavefront: Use guard() for spin locks ALSA: wavefront: Use standard print API Tengda Wu (1): x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Teoh Ji Sheng (1): net: stmmac: xgmac: add ethtool per-queue irq statistic support Tetsuo Handa (2): bfs: Reconstruct file type when loading from disk hfsplus: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Thangaraj Samynathan (1): net: lan743x: Allocate rings outside ZONE_DMA Thomas Fourier (4): block: rnbd-clt: Fix leaked ID in init_dev() platform/x86: msi-laptop: add missing sysfs_remove_group() firewire: nosy: Fix dma_free_coherent() size RDMA/bnxt_re: fix dma_free_coherent() pointer Thomas Zimmermann (1): drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Thorsten Blum (2): crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Tianchu Chen (1): char: applicom: fix NULL pointer dereference in ac_ioctl Tim Harvey (1): arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl Toke Høiland-Jørgensen (1): net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Tony Battersby (4): scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive scsi: qla2xxx: Use reinit_completion on mbx_intr_comp scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Trond Myklebust (9): NFS: Avoid changing nlink when file removes and attribute updates race NFS: Initialise verifiers for visible dentries in readdir and lookup NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Revert "nfs: ignore SB_RDONLY when remounting nfs" Revert "nfs: clear SB_RDONLY before getting superblock" Revert "nfs: ignore SB_RDONLY when mounting nfs" NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Expand the type of nfs_fattr->valid NFS: Fix inheritance of the block sizes when automounting Tzung-Bi Shih (1): platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Udipto Goswami (1): usb: dwc3: keep susphy enabled during exit to avoid controller faults Uladzislau Rezki (Sony) (1): dm-ebs: Mark full buffer dirty even on partial write Usama Arif (2): x86/boot: Fix page table access in 5-level to 4-level paging transition efi/libstub: Fix page table access in 5-level to 4-level paging transition Uwe Kleine-König (6): pwm: bcm2835: Make sure the channel is enabled after pwm_request() iommu/mtk_iommu_v1: Convert to platform remove callback returning void ASoC: stm: stm32_sai_sub: Convert to platform remove callback returning void serial: Make uart_remove_one_port() return void iommu/arm-smmu: Drop if with an always false condition iommu/arm-smmu: Convert to platform remove callback returning void Viacheslav Dubeyko (2): hfsplus: fix volume corruption issue for generic/070 hfsplus: fix volume corruption issue for generic/073 Victor Nogueira (1): net/sched: ets: Remove drr class from the active list if it changes to strict Vinayak Yadawad (1): cfg80211: Update Transition Disable policy during port authorization Vishwaroop A (1): spi: tegra210-quad: Fix timeout handling Vladimir Oltean (1): net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Wang Liang (1): netrom: Fix memory leak in nr_sendmsg() WangYuli (1): LoongArch: Use __pmd()/__pte() for swap entry conversions Wei Fang (1): net: stmmac: fix the crash issue for zero copy XDP_TX action Wenhua Lin (1): serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Wentao Liang (1): pmdomain: imx: Fix reference count leak in imx_gpc_probe() Will Rosenberg (1): ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() William Qiu (2): spi: cadence-quadspi: Add support for StarFive JH7110 QSPI spi: cadence-quadspi: Add clock configuration for StarFive JH7110 QSPI Xiang Mei (1): net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Xiaolei Wang (1): net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Xuanqiang Luo (2): rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() inet: Avoid ehash lookup race in inet_ehash_insert() Yang Chenzhi (1): hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Yang Yingliang (1): spi: cadence-quadspi: add missing clk_disable_unprepare() in cqspi_probe() Ye Bin (2): jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted jbd2: fix the inconsistency between checksum and data in memory for journal sb Yeoreum Yun (1): smc91x: fix broken irq-context in PREEMPT_RT Yi Sun (1): dmaengine: idxd: Remove improper idxd_free Yipeng Zou (1): selftests/ftrace: traceonoff_triggers: strip off names Yiqi Sun (1): smb: fix invalid username check in smb3_fs_context_parse_param() Yong Wu (1): iommu/mediatek: Improve safety for mediatek,smi property in larb nodes Yongjian Sun (2): ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation ext4: fix incorrect group number assertion in mb_check_buddy Yosry Ahmed (2): KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation Yu Kuai (2): md: export md_is_rdwr() and is_md_suspended() md/raid5: fix IO hang when array is broken with IO inflight Yuezhang Mo (1): exfat: fix remount failure in different process environments Zack Rusin (1): drm/vmwgfx: Fix a null-ptr access in the cursor snooper Zhang Yi (1): ext4: correct the checking of quota files before moving extents Zhang Zekun (1): usb: ohci-nxp: Use helper function devm_clk_get_enabled() Zhao Yipeng (1): ima: Handle error code returned by ima_filter_rule_match() Zheng Qixing (2): nbd: defer config put in recv_work nbd: defer config unlock in nbd_genl_connect Zheng Yejian (1): kallsyms: Fix wrong "big" kernel symbol type read from procfs Zhichi Lin (1): scs: fix a wrong parameter in __scs_magic Zhu Yanjun (1): RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Zilin Guan (1): mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() fuqiang wang (2): KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer nieweiqiang (1): crypto: hisilicon/qm - restore original qos values shechenglong (1): block: fix comment for op_is_zone_mgmt() to include RESET_ALL sparkhuang (1): regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Łukasz Bartosik (1): xhci: dbgtty: fix device unregister: fixup

2 days, 12 hours

1
1
0 0

[PATCH v2] serial: 8250_pci: Fix broken RS485 for F81504/508/512

by Marnix Rijnart

v1: https://patch.msgid.link/20250923221756.26770-1-marnix.rijnart@iwell.eu Changes: * Added fixes tags * Cc stable Commit 4afeced ("serial: core: fix sanitizing check for RTS settings") introduced a regression making it impossible to unset SER_RS485_RTS_ON_SEND from userspace if SER_RS485_RTS_AFTER_SEND is unsupported. Because these devices need RTS to be low on TX (fecf27a) they are effectively broken. The hardware supports both RTS_ON_SEND and RTS_AFTER_SEND, so fix this by announcing support for SER_RS485_RTS_AFTER_SEND, similar to commit 068d35a. Fixes: 4afeced55baa ("serial: core: fix sanitizing check for RTS settings") Fixes: fecf27a373f5 ("serial: 8250_pci: add RS485 for F81504/508/512") Cc: stable(a)vger.kernel.org Signed-off-by: Marnix Rijnart <marnix.rijnart(a)iwell.eu> --- drivers/tty/serial/8250/8250_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c index 152f914c599d..a9da222bd174 100644 --- a/drivers/tty/serial/8250/8250_pci.c +++ b/drivers/tty/serial/8250/8250_pci.c @@ -1645,7 +1645,7 @@ static int pci_fintek_rs485_config(struct uart_port *port, struct ktermios *term } static const struct serial_rs485 pci_fintek_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND, /* F81504/508/512 does not support RTS delay before or after send */ }; -- 2.52.0

2 days, 12 hours

2
2
0 0

[PATCH 6.18.y] ublk: reorder tag_set initialization before queue allocation

by Ming Lei

[ Upstream commit 011af85ccd871526df36988c7ff20ca375fb804d ] Upstream commit 529d4d632788 ("ublk: implement NUMA-aware memory allocation") is ported to linux-6.18.y, but it depends on commit 011af85ccd87 ("ublk: reorder tag_set initialization before queue allocation"). kernel panic is reported on 6.18.y: https://github.com/ublk-org/ublksrv/issues/174 Move ublk_add_tag_set() before ublk_init_queues() in the device initialization path. This allows us to use the blk-mq CPU-to-queue mapping established by the tag_set to determine the appropriate NUMA node for each queue allocation. The error handling paths are also reordered accordingly. Reviewed-by: Caleb Sander Mateos <csander(a)purestorage.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 23aba73d24dc..babb58d2dcaf 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -3280,17 +3280,17 @@ static int ublk_ctrl_add_dev(const struct ublksrv_ctrl_cmd *header) ub->dev_info.nr_hw_queues, nr_cpu_ids); ublk_align_max_io_size(ub); - ret = ublk_init_queues(ub); + ret = ublk_add_tag_set(ub); if (ret) goto out_free_dev_number; - ret = ublk_add_tag_set(ub); + ret = ublk_init_queues(ub); if (ret) - goto out_deinit_queues; + goto out_free_tag_set; ret = -EFAULT; if (copy_to_user(argp, &ub->dev_info, sizeof(info))) - goto out_free_tag_set; + goto out_deinit_queues; /* * Add the char dev so that ublksrv daemon can be setup. @@ -3299,10 +3299,10 @@ static int ublk_ctrl_add_dev(const struct ublksrv_ctrl_cmd *header) ret = ublk_add_chdev(ub); goto out_unlock; -out_free_tag_set: - blk_mq_free_tag_set(&ub->tag_set); out_deinit_queues: ublk_deinit_queues(ub); +out_free_tag_set: + blk_mq_free_tag_set(&ub->tag_set); out_free_dev_number: ublk_free_dev_number(ub); out_free_ub: -- 2.47.0

2 days, 12 hours

1
0
0 0

[PATCH v2] iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source

by Miaoqian Lin

When simple_write_to_buffer() succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null termination instead of the actual bytes copied. If count exceeds the buffer size, this leads to out-of-bounds write. Add a check for the count and use the return value as the index. The bug was validated using a demo module that mirrors the original code and was tested under QEMU. Pattern of the bug: - A fixed 64-byte stack buffer is filled using count. - If count > 64, the code still does buf[count] = '\0', causing an - out-of-bounds write on the stack. Steps for reproduce: - Opens the device node. - Writes 128 bytes of A to it. - This overflows the 64-byte stack buffer and KASAN reports the OOB. Found via static analysis. This is similar to the commit da9374819eb3 ("iio: backend: fix out-of-bound write") Fixes: b1c5d68ea66e ("iio: dac: ad3552r-hs: add support for internal ramp") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- changes in v2: - update commit message - v1 link: https://lore.kernel.org/all/20251027150713.59067-1-linmq006@gmail.com/ --- drivers/iio/dac/ad3552r-hs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/dac/ad3552r-hs.c b/drivers/iio/dac/ad3552r-hs.c index 41b96b48ba98..a9578afa7015 100644 --- a/drivers/iio/dac/ad3552r-hs.c +++ b/drivers/iio/dac/ad3552r-hs.c @@ -549,12 +549,15 @@ static ssize_t ad3552r_hs_write_data_source(struct file *f, guard(mutex)(&st->lock); + if (count >= sizeof(buf)) + return -ENOSPC; + ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); if (ret < 0) return ret; - buf[count] = '\0'; + buf[ret] = '\0'; ret = match_string(dbgfs_attr_source, ARRAY_SIZE(dbgfs_attr_source), buf); -- 2.39.5 (Apple Git-154)

2 days, 13 hours

4
3
0 0

[PATCH] iio: bmi270_i2c: Add MODULE_DEVICE_TABLE for BMI260/270

by Derek J. Clark

Currently BMI260 & BMI270 devices do not automatically load this driver. To fix this, add missing MODULE_DEVICE_TABLE for the i2c, acpi, and of device tables so the driver will load when the hardware is detected. Tested on my OneXPlayer F1 Pro. Signed-off-by: Derek J. Clark <derekjohn.clark(a)gmail.com> --- drivers/iio/imu/bmi270/bmi270_i2c.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iio/imu/bmi270/bmi270_i2c.c b/drivers/iio/imu/bmi270/bmi270_i2c.c index b909a421ad01..b92da4e0776f 100644 --- a/drivers/iio/imu/bmi270/bmi270_i2c.c +++ b/drivers/iio/imu/bmi270/bmi270_i2c.c @@ -37,6 +37,7 @@ static const struct i2c_device_id bmi270_i2c_id[] = { { "bmi270", (kernel_ulong_t)&bmi270_chip_info }, { } }; +MODULE_DEVICE_TABLE(i2c, bmi270_i2c_id); static const struct acpi_device_id bmi270_acpi_match[] = { /* GPD Win Mini, Aya Neo AIR Pro, OXP Mini Pro, etc. */ @@ -45,12 +46,14 @@ static const struct acpi_device_id bmi270_acpi_match[] = { { "BMI0260", (kernel_ulong_t)&bmi260_chip_info }, { } }; +MODULE_DEVICE_TABLE(acpi, bmi270_acpi_match); static const struct of_device_id bmi270_of_match[] = { { .compatible = "bosch,bmi260", .data = &bmi260_chip_info }, { .compatible = "bosch,bmi270", .data = &bmi270_chip_info }, { } }; +MODULE_DEVICE_TABLE(of, bmi270_of_match); static struct i2c_driver bmi270_i2c_driver = { .driver = { -- 2.51.2

2 days, 13 hours

3
2
0 0

[PATCH] fuse: Check for large folio with SPLICE_F_MOVE

by Bernd Schubert

xfstest generic/074 and generic/075 complain result in kernel warning messages / page dumps. This is easily reproducible (on 6.19) with CONFIG_TRANSPARENT_HUGEPAGE_SHMEM_HUGE_ALWAYS=y CONFIG_TRANSPARENT_HUGEPAGE_TMPFS_HUGE_ALWAYS=y This just adds a test for large folios fuse_try_move_folio with the same page copy fallback, but to avoid the warnings from fuse_check_folio(). Cc: stable(a)vger.kernel.org Signed-off-by: Bernd Schubert <bschubert(a)ddn.com> Signed-off-by: Horst Birthelmer <hbirthelmer(a)ddn.com> --- fs/fuse/dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 6d59cbc877c6ad06deb6b02eba05a9015228cd05..1f1071d621441b334573ab42b6d820d996bdb00d 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1011,6 +1011,9 @@ static int fuse_try_move_folio(struct fuse_copy_state *cs, struct folio **foliop folio_clear_uptodate(newfolio); folio_clear_mappedtodisk(newfolio); + if (folio_test_large(newfolio)) + goto out_fallback_unlock; + if (fuse_check_folio(newfolio) != 0) goto out_fallback_unlock; --- base-commit: 755bc1335e3b116b702205b72eb57b7b8aef2bb2 change-id: 20260111-fuse_try_move_folio-check-large-folio-823b995dc06c Best regards, -- Bernd Schubert <bschubert(a)ddn.com>

2 days, 14 hours

1
0
0 0

Re: [PATCH v2] fbdev: bitblit: bound-check glyph index in bit_putcs*

by Vitaly Chikunov

Dear linux-fbdev, stable, On Mon, Oct 20, 2025 at 09:47:01PM +0800, Junjie Cao wrote: > bit_putcs_aligned()/unaligned() derived the glyph pointer from the > character value masked by 0xff/0x1ff, which may exceed the actual font's > glyph count and read past the end of the built-in font array. > Clamp the index to the actual glyph count before computing the address. > > This fixes a global out-of-bounds read reported by syzbot. > > Reported-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 > Tested-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com > Signed-off-by: Junjie Cao <junjie.cao(a)intel.com> This commit is applied to v5.10.247 and causes a regression: when switching VT with ctrl-alt-f2 the screen is blank or completely filled with angle characters, then new text is not appearing (or not visible). This commit is found with git bisect from v5.10.246 to v5.10.247: 0998a6cb232674408a03e8561dc15aa266b2f53b is the first bad commit commit 0998a6cb232674408a03e8561dc15aa266b2f53b Author: Junjie Cao <junjie.cao(a)intel.com> AuthorDate: 2025-10-20 21:47:01 +0800 Commit: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CommitDate: 2025-12-07 06:08:07 +0900 fbdev: bitblit: bound-check glyph index in bit_putcs* commit 18c4ef4e765a798b47980555ed665d78b71aeadf upstream. bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot. Reported-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 Tested-by: syzbot+793cf822d213be1a74f2(a)syzkaller.appspotmail.com Signed-off-by: Junjie Cao <junjie.cao(a)intel.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> drivers/video/fbdev/core/bitblit.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) The minimal reproducer in cli, after kernel is booted: date >/dev/tty2; chvt 2 and the date does not appear. Thanks, #regzbot introduced: 0998a6cb232674408a03e8561dc15aa266b2f53b > --- > v1: https://lore.kernel.org/linux-fbdev/5d237d1a-a528-4205-a4d8-71709134f1e1@su… > v1 -> v2: > - Fix indentation and add blank line after declarations with the .pl helper > - No functional changes > > drivers/video/fbdev/core/bitblit.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/drivers/video/fbdev/core/bitblit.c b/drivers/video/fbdev/core/bitblit.c > index 9d2e59796c3e..085ffb44c51a 100644 > --- a/drivers/video/fbdev/core/bitblit.c > +++ b/drivers/video/fbdev/core/bitblit.c > @@ -79,12 +79,16 @@ static inline void bit_putcs_aligned(struct vc_data *vc, struct fb_info *info, > struct fb_image *image, u8 *buf, u8 *dst) > { > u16 charmask = vc->vc_hi_font_mask ? 0x1ff : 0xff; > + unsigned int charcnt = vc->vc_font.charcount; > u32 idx = vc->vc_font.width >> 3; > u8 *src; > > while (cnt--) { > - src = vc->vc_font.data + (scr_readw(s++)& > - charmask)*cellsize; > + u16 ch = scr_readw(s++) & charmask; > + > + if (ch >= charcnt) > + ch = 0; > + src = vc->vc_font.data + (unsigned int)ch * cellsize; > > if (attr) { > update_attr(buf, src, attr, vc); > @@ -112,14 +116,18 @@ static inline void bit_putcs_unaligned(struct vc_data *vc, > u8 *dst) > { > u16 charmask = vc->vc_hi_font_mask ? 0x1ff : 0xff; > + unsigned int charcnt = vc->vc_font.charcount; > u32 shift_low = 0, mod = vc->vc_font.width % 8; > u32 shift_high = 8; > u32 idx = vc->vc_font.width >> 3; > u8 *src; > > while (cnt--) { > - src = vc->vc_font.data + (scr_readw(s++)& > - charmask)*cellsize; > + u16 ch = scr_readw(s++) & charmask; > + > + if (ch >= charcnt) > + ch = 0; > + src = vc->vc_font.data + (unsigned int)ch * cellsize; > > if (attr) { > update_attr(buf, src, attr, vc); > -- > 2.48.1 >

2 days, 21 hours

4
5
0 0

+ migrate-correct-lock-ordering-for-hugetlb-file-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: migrate: correct lock ordering for hugetlb file folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is migrate-correct-lock-ordering-for-hugetlb-file-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: migrate: correct lock ordering for hugetlb file folios Date: Fri, 9 Jan 2026 04:13:42 +0000 Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds i_mmap_rwsem(write lock), then tries to acquire folio_lock. migrate_pages() -> migrate_hugetlbs() -> unmap_and_move_huge_page() <- Takes folio_lock! -> remove_migration_ptes() -> __rmap_walk_file() -> i_mmap_lock_read() <- Waits for i_mmap_rwsem(read lock)! hugetlbfs_fallocate() -> hugetlbfs_punch_hole() <- Takes i_mmap_rwsem(write lock)! -> hugetlbfs_zero_partial_page() -> filemap_lock_hugetlb_folio() -> filemap_lock_folio() -> __filemap_get_folio <- Waits for folio_lock! The migration path is the one taking locks in the wrong order according to the documentation at the top of mm/rmap.c. So expand the scope of the existing i_mmap_lock to cover the calls to remove_migration_ptes() too. This is (mostly) how it used to be after commit c0d0381ade79. That was removed by 336bf30eb765 for both file & anon hugetlb pages when it should only have been removed for anon hugetlb pages. Link: https://lkml.kernel.org/r/20260109041345.3863089-2-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 336bf30eb765 ("hugetlbfs: fix anon huge page migration race") Reported-by: syzbot+2d9c96466c978346b55f(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/all/68e9715a.050a0220.1186a4.000d.GAE@google.com Debugged-by: Lance Yang <lance.yang(a)linux.dev> Acked-by: David Hildenbrand (Red Hat) <david(a)kernel.org> Acked-by: Zi Yan <ziy(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Gregory Price <gourry(a)gourry.net> Cc: Jann Horn <jannh(a)google.com> Cc: Joshua Hahn <joshua.hahnjy(a)gmail.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Rakie Kim <rakie.kim(a)sk.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Ying Huang <ying.huang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/mm/migrate.c~migrate-correct-lock-ordering-for-hugetlb-file-folios +++ a/mm/migrate.c @@ -1458,6 +1458,7 @@ static int unmap_and_move_huge_page(new_ int page_was_mapped = 0; struct anon_vma *anon_vma = NULL; struct address_space *mapping = NULL; + enum ttu_flags ttu = 0; if (folio_ref_count(src) == 1) { /* page was freed from under us. So we are done. */ @@ -1498,8 +1499,6 @@ static int unmap_and_move_huge_page(new_ goto put_anon; if (folio_mapped(src)) { - enum ttu_flags ttu = 0; - if (!folio_test_anon(src)) { /* * In shared mappings, try_to_unmap could potentially @@ -1516,16 +1515,17 @@ static int unmap_and_move_huge_page(new_ try_to_migrate(src, ttu); page_was_mapped = 1; - - if (ttu & TTU_RMAP_LOCKED) - i_mmap_unlock_write(mapping); } if (!folio_mapped(src)) rc = move_to_new_folio(dst, src, mode); if (page_was_mapped) - remove_migration_ptes(src, !rc ? dst : src, 0); + remove_migration_ptes(src, !rc ? dst : src, + ttu ? RMP_LOCKED : 0); + + if (ttu & TTU_RMAP_LOCKED) + i_mmap_unlock_write(mapping); unlock_put_anon: folio_unlock(dst); _ Patches currently in -mm which might be from willy(a)infradead.org are migrate-correct-lock-ordering-for-hugetlb-file-folios.patch migrate-replace-rmp_-flags-with-ttu_-flags.patch

3 days

1
0
0 0

[PATCH] USB: OHCI/UHCI: Add soft dependencies on ehci_hcd

by Huacai Chen

Commit 9beeee6584b9aa4f ("USB: EHCI: log a warning if ehci-hcd is not loaded first") said that ehci-hcd should be loaded before ohci-hcd and uhci-hcd. However, commit 05c92da0c52494ca ("usb: ohci/uhci - add soft dependencies on ehci_pci") only makes ohci-pci/uhci-pci depend on ehci- pci, which is not enough and we may still see the warnings in boot log. So fix it by also making ohci-hcd/uhci-hcd depend on ehci-hcd. Cc: stable(a)vger.kernel.org Reported-by: Shengwen Xiao <atzlinux(a)sina.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/usb/host/ohci-hcd.c | 1 + drivers/usb/host/uhci-hcd.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/usb/host/ohci-hcd.c b/drivers/usb/host/ohci-hcd.c index 9c7f3008646e..549c965b7fbe 100644 --- a/drivers/usb/host/ohci-hcd.c +++ b/drivers/usb/host/ohci-hcd.c @@ -1355,4 +1355,5 @@ static void __exit ohci_hcd_mod_exit(void) clear_bit(USB_OHCI_LOADED, &usb_hcds_loaded); } module_exit(ohci_hcd_mod_exit); +MODULE_SOFTDEP("pre: ehci_hcd"); diff --git a/drivers/usb/host/uhci-hcd.c b/drivers/usb/host/uhci-hcd.c index 14e6dfef16c6..e1a27d01bdbc 100644 --- a/drivers/usb/host/uhci-hcd.c +++ b/drivers/usb/host/uhci-hcd.c @@ -939,3 +939,4 @@ module_exit(uhci_hcd_cleanup); MODULE_AUTHOR(DRIVER_AUTHOR); MODULE_DESCRIPTION(DRIVER_DESC); MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: ehci_hcd"); -- 2.47.3

3 days

6
19
0 0

[PATCH net 2/3] can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

by Marc Kleine-Budde

In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in gs_can_close(). Fix the memory leak by anchoring the URB in the gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor. Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20260105-gs_usb-fix-memory-leak-v2-1-cc6ed6438034@… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/usb/gs_usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index a0233e550a5a..d093babbc320 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -751,6 +751,8 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) hf, parent->hf_size_rx, gs_usb_receive_bulk_callback, parent); + usb_anchor_urb(urb, &parent->rx_submitted); + rc = usb_submit_urb(urb, GFP_ATOMIC); /* USB failure take down all interfaces */ -- 2.51.0

3 days, 4 hours

2
1
0 0

[PATCH net v3 1/3] virtio-net: don't schedule delayed refill worker

by Bui Quang Minh

When we fail to refill the receive buffers, we schedule a delayed worker to retry later. However, this worker creates some concurrency issues. For example, when the worker runs concurrently with virtnet_xdp_set, both need to temporarily disable queue's NAPI before enabling again. Without proper synchronization, a deadlock can happen when napi_disable() is called on an already disabled NAPI. That napi_disable() call will be stuck and so will the subsequent napi_enable() call. To simplify the logic and avoid further problems, we will instead retry refilling in the next NAPI poll. Fixes: 4bc12818b363 ("virtio-net: disable delayed refill when pausing rx") Reported-by: Paolo Abeni <pabeni(a)redhat.com> Closes: https://netdev-ctrl.bots.linux.dev/logs/vmksft/drv-hw-dbg/results/400961/3-… Cc: stable(a)vger.kernel.org Suggested-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- drivers/net/virtio_net.c | 48 +++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 1bb3aeca66c6..f986abf0c236 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3046,16 +3046,16 @@ static int virtnet_receive(struct receive_queue *rq, int budget, else packets = virtnet_receive_packets(vi, rq, budget, xdp_xmit, &stats); + u64_stats_set(&stats.packets, packets); if (rq->vq->num_free > min((unsigned int)budget, virtqueue_get_vring_size(rq->vq)) / 2) { - if (!try_fill_recv(vi, rq, GFP_ATOMIC)) { - spin_lock(&vi->refill_lock); - if (vi->refill_enabled) - schedule_delayed_work(&vi->refill, 0); - spin_unlock(&vi->refill_lock); - } + if (!try_fill_recv(vi, rq, GFP_ATOMIC)) + /* We need to retry refilling in the next NAPI poll so + * we must return budget to make sure the NAPI is + * repolled. + */ + packets = budget; } - u64_stats_set(&stats.packets, packets); u64_stats_update_begin(&rq->stats.syncp); for (i = 0; i < ARRAY_SIZE(virtnet_rq_stats_desc); i++) { size_t offset = virtnet_rq_stats_desc[i].offset; @@ -3230,9 +3230,10 @@ static int virtnet_open(struct net_device *dev) for (i = 0; i < vi->max_queue_pairs; i++) { if (i < vi->curr_queue_pairs) - /* Make sure we have some buffers: if oom use wq. */ - if (!try_fill_recv(vi, &vi->rq[i], GFP_KERNEL)) - schedule_delayed_work(&vi->refill, 0); + /* Pre-fill rq agressively, to make sure we are ready to + * get packets immediately. + */ + try_fill_recv(vi, &vi->rq[i], GFP_KERNEL); err = virtnet_enable_queue_pair(vi, i); if (err < 0) @@ -3472,16 +3473,15 @@ static void __virtnet_rx_resume(struct virtnet_info *vi, struct receive_queue *rq, bool refill) { - bool running = netif_running(vi->dev); - bool schedule_refill = false; + if (netif_running(vi->dev)) { + /* Pre-fill rq agressively, to make sure we are ready to get + * packets immediately. + */ + if (refill) + try_fill_recv(vi, rq, GFP_KERNEL); - if (refill && !try_fill_recv(vi, rq, GFP_KERNEL)) - schedule_refill = true; - if (running) virtnet_napi_enable(rq); - - if (schedule_refill) - schedule_delayed_work(&vi->refill, 0); + } } static void virtnet_rx_resume_all(struct virtnet_info *vi) @@ -3829,11 +3829,13 @@ static int virtnet_set_queues(struct virtnet_info *vi, u16 queue_pairs) } succ: vi->curr_queue_pairs = queue_pairs; - /* virtnet_open() will refill when device is going to up. */ - spin_lock_bh(&vi->refill_lock); - if (dev->flags & IFF_UP && vi->refill_enabled) - schedule_delayed_work(&vi->refill, 0); - spin_unlock_bh(&vi->refill_lock); + if (dev->flags & IFF_UP) { + local_bh_disable(); + for (int i = 0; i < vi->curr_queue_pairs; ++i) + virtqueue_napi_schedule(&vi->rq[i].napi, vi->rq[i].vq); + + local_bh_enable(); + } return 0; } -- 2.43.0

3 days, 7 hours

3
6
0 0

[PATCH can 0/5] can: usb: fix URB memory leaks

by Marc Kleine-Budde

An URB memory leak [1] was recently fixed in the gs_usb driver. The driver did not take into account that completed URBs are no longer anchored, causing them to be lost during ifdown. The memory leak was fixed by re-anchoring the URBs in the URB completion callback. Several USB CAN drivers are affected by the same error. Fix them accordingly. [1] https://lore.kernel.org/all/20260109135311.576033-3-mkl@pengutronix.de/ Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- Marc Kleine-Budde (5): can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak drivers/net/can/usb/ems_usb.c | 2 ++ drivers/net/can/usb/esd_usb.c | 2 ++ drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 ++ drivers/net/can/usb/mcba_usb.c | 2 ++ drivers/net/can/usb/usb_8dev.c | 2 ++ 5 files changed, 10 insertions(+) --- base-commit: 7470a7a63dc162f07c26dbf960e41ee1e248d80e change-id: 20260109-can_usb-fix-memory-leak-0d769e002393 Best regards, -- Marc Kleine-Budde <mkl(a)pengutronix.de>

3 days, 9 hours

1
5
0 0

[PATCH 0/2] accel/rocket: fix unwinding in error paths of two functions

by Quentin Schulz

As reported[1], in the current state of master (that is, *without* that[2] patch, yet unmerged), it is possible to trigger Oops/out-of-bounds errors/unbalanced runtime PM by simply compiling DRM_ACCEL_ROCKET built-in (=y) instead of as a module (=m). This fixes points 1 and 2 reported here[1] by fixing the unwinding in two functions to properly undo everything done in the same function prior to the error. Note that this doesn't mean the Rocket device is usable if one core is missing. In fact, it seems it doesn't as I'm hit with many rocket fdac0000.npu: NPU job timed out followed by one rocket fdad0000.npu: NPU job timed out (and that, five times) whenever core0 (fdab0000.npu) fails to probe and I'm running the example from https://docs.mesa3d.org/teflon.html#do-some-inference-with-mobilenetv1 so something else probably needs some additional love. [1] https://lore.kernel.org/linux-rockchip/0b20d760-ad4f-41c0-b733-39db10d6cc41… [2] https://lore.kernel.org/linux-rockchip/20251205064739.20270-1-rmxpzlb@gmail… Signed-off-by: Quentin Schulz <quentin.schulz(a)cherry.de> --- Quentin Schulz (2): accel/rocket: fix unwinding in error path in rocket_core_init accel/rocket: fix unwinding in error path in rocket_probe drivers/accel/rocket/rocket_core.c | 7 +++++-- drivers/accel/rocket/rocket_drv.c | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) --- base-commit: a619746d25c8adafe294777cc98c47a09759b3ed change-id: 20251212-rocket-error-path-f9784c46a503 Best regards, -- Quentin Schulz <quentin.schulz(a)cherry.de>

3 days, 9 hours

2
3
0 0

[PATCH] drm/amd/ras: use proper error checking for kthread_run return

by Miaoqian Lin

kthread_run() returns an error pointer on failure, not NULL. Replace NULL check with IS_ERR and use PTR_ERR to propagate the real error from kthread_run. Fixes: ea61341b9014 ("drm/amd/ras: Add thread to handle ras events") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/amd/ras/rascore/ras_process.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/ras/rascore/ras_process.c b/drivers/gpu/drm/amd/ras/rascore/ras_process.c index 3267dcdb169c..c001074c8c56 100644 --- a/drivers/gpu/drm/amd/ras/rascore/ras_process.c +++ b/drivers/gpu/drm/amd/ras/rascore/ras_process.c @@ -248,9 +248,10 @@ int ras_process_init(struct ras_core_context *ras_core) ras_proc->ras_process_thread = kthread_run(ras_process_thread, (void *)ras_core, "ras_process_thread"); - if (!ras_proc->ras_process_thread) { + if (IS_ERR(ras_proc->ras_process_thread)) { RAS_DEV_ERR(ras_core->dev, "Failed to create ras_process_thread.\n"); - ret = -ENOMEM; + ret = PTR_ERR(ras_proc->ras_process_thread); + ras_proc->ras_process_thread = NULL; goto err; } -- 2.39.5 (Apple Git-154)

3 days, 9 hours

1
0
0 0

[PATCH v3] media: as102: fix to not free memory after the device is registered in as102_usb_probe()

by Jeongjun Park

In as102_usb driver, the following race condition occurs: ``` CPU0 CPU1 as102_usb_probe() kzalloc(); // alloc as102_dev_t .... usb_register_dev(); fd = sys_open("/path/to/dev"); // open as102 fd .... usb_deregister_dev(); .... kfree(); // free as102_dev_t .... sys_close(fd); as102_release() // UAF!! as102_usb_release() kfree(); // DFB!! ``` When a USB character device registered with usb_register_dev() is later unregistered (via usb_deregister_dev() or disconnect), the device node is removed so new open() calls fail. However, file descriptors that are already open do not go away immediately: they remain valid until the last reference is dropped and the driver's .release() is invoked. In as102, as102_usb_probe() calls usb_register_dev() and then, on an error path, does usb_deregister_dev() and frees as102_dev_t right away. If userspace raced a successful open() before the deregistration, that open FD will later hit as102_release() --> as102_usb_release() and access or free as102_dev_t again, occur a race to use-after-free and double-free vuln. The fix is to never kfree(as102_dev_t) directly once usb_register_dev() has succeeded. After deregistration, defer freeing memory to .release(). In other words, let release() perform the last kfree when the final open FD is closed. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+47321e8fd5a4c84088db(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=47321e8fd5a4c84088db Fixes: cd19f7d3e39b ("[media] as102: fix leaks at failure paths in as102_usb_probe()") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v3: Add missing initialize intf pointer - Link to v2: https://lore.kernel.org/all/20250904054629.3849431-1-aha310510@gmail.com/ v2: Fix incorrect patch description style and CC stable mailing list - Link to v1: https://lore.kernel.org/all/20250822143539.1157329-1-aha310510@gmail.com/ --- drivers/media/usb/as102/as102_usb_drv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/usb/as102/as102_usb_drv.c b/drivers/media/usb/as102/as102_usb_drv.c index e0ef66a522e2..44565f0297cd 100644 --- a/drivers/media/usb/as102/as102_usb_drv.c +++ b/drivers/media/usb/as102/as102_usb_drv.c @@ -403,7 +403,9 @@ static int as102_usb_probe(struct usb_interface *intf, failed_dvb: as102_free_usb_stream_buffer(as102_dev); failed_stream: + usb_set_intfdata(intf, NULL); usb_deregister_dev(intf, &as102_usb_class_driver); + return ret; failed: usb_put_dev(as102_dev->bus_adap.usb_dev); usb_set_intfdata(intf, NULL); --

3 days, 11 hours

1
0
0 0

[PATCH v3] media: hackrf: fix to not free memory after the device is registered in hackrf_probe()

by Jeongjun Park

In hackrf driver, the following race condition occurs: ``` CPU0 CPU1 hackrf_probe() kzalloc(); // alloc hackrf_dev .... v4l2_device_register(); .... fd = sys_open("/path/to/dev"); // open hackrf fd .... v4l2_device_unregister(); .... kfree(); // free hackrf_dev .... sys_ioctl(fd, ...); v4l2_ioctl(); video_is_registered() // UAF!! .... sys_close(fd); v4l2_release() // UAF!! hackrf_video_release() kfree(); // DFB!! ``` When a V4L2 or video device is unregistered, the device node is removed so new open() calls are blocked. However, file descriptors that are already open-and any in-flight I/O-do not terminate immediately; they remain valid until the last reference is dropped and the driver's release() is invoked. Therefore, freeing device memory on the error path after hackrf_probe() has registered dev it will lead to a race to use-after-free vuln, since those already-open handles haven't been released yet. And since release() free memory too, race to use-after-free and double-free vuln occur. To prevent this, if device is registered from probe(), it should be modified to free memory only through release() rather than calling kfree() directly. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+6ffd76b5405c006a46b7(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=6ffd76b5405c006a46b7 Reported-by: syzbot+f1b20958f93d2d250727(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=f1b20958f93d2d250727 Fixes: 8bc4a9ed8504 ("[media] hackrf: add support for transmitter") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v3: Fix potential memory leak bug - Link to v2: https://lore.kernel.org/all/20250904054232.3848637-1-aha310510@gmail.com/ v2: Fix incorrect patch description style and CC stable mailing list - Link to v1: https://lore.kernel.org/all/20250822142729.1156816-1-aha310510@gmail.com/ --- drivers/media/usb/hackrf/hackrf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/media/usb/hackrf/hackrf.c b/drivers/media/usb/hackrf/hackrf.c index 0b50de8775a3..c3c4247194d1 100644 --- a/drivers/media/usb/hackrf/hackrf.c +++ b/drivers/media/usb/hackrf/hackrf.c @@ -1485,7 +1485,7 @@ static int hackrf_probe(struct usb_interface *intf, if (ret) { dev_err(dev->dev, "Failed to register as video device (%d)\n", ret); - goto err_v4l2_device_unregister; + goto err_v4l2_device_put; } dev_info(dev->dev, "Registered as %s\n", video_device_node_name(&dev->rx_vdev)); @@ -1513,8 +1513,9 @@ static int hackrf_probe(struct usb_interface *intf, return 0; err_video_unregister_device_rx: video_unregister_device(&dev->rx_vdev); -err_v4l2_device_unregister: - v4l2_device_unregister(&dev->v4l2_dev); +err_v4l2_device_put: + v4l2_device_put(&dev->v4l2_dev); + return ret; err_v4l2_ctrl_handler_free_tx: v4l2_ctrl_handler_free(&dev->tx_ctrl_handler); err_v4l2_ctrl_handler_free_rx: --

3 days, 11 hours

1
1
0 0

[PATCH 0/3] arm64: dts: apple: Small pmgr fixes

by Janne Grunau

This series contains 3 small pmgr related fixes for Apple silicon devices with M1 and M2. 1. Prevent the display controller and DPTX phy from powered down after initial boot on the M2 Mac mini. This is the only fix worthwhile for stable kernels. Given how long it has been broken and that it's not a regression I think it can wait to the next merge window and get backported from there into stable kernels. 2. Mark ps_atc?_usb_aon as always-on. This is required to keep the soon to be suported USB type-c working across suspend an resume. The later submitted devicetrees for M1 Pro/Max/Ultra, M2 and M2 Pro/Max/Ultra already have this property since the initial change. Only the separate for M1 was forgotten. 3. Model the hidden dependency between GPU and pmp as power-domain dependency. This is required to avoid crashing the GPU firmware immediately after booting. Signed-off-by: Janne Grunau <j(a)jannau.net> --- Hector Martin (1): arm64: dts: apple: t8103: Mark ATC USB AON domains as always-on Janne Grunau (2): arm64: dts: apple: t8112-j473: Keep the HDMI port powered on arm64: dts: apple: t8103: Add ps_pmp dependency to ps_gfx arch/arm64/boot/dts/apple/t8103-pmgr.dtsi | 3 +++ arch/arm64/boot/dts/apple/t8112-j473.dts | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20260108-apple-dt-pmgr-fixes-dc66a8658aed Best regards, -- Janne Grunau <j(a)jannau.net>

3 days, 16 hours

2
2
0 0

[PATCH v2] HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

by Günther Noack

Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB. Cc: stable(a)vger.kernel.org Signed-off-by: Günther Noack <gnoack(a)google.com> --- drivers/hid/hid-logitech-hidpp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c index 9ced0e4d46ae..c5e132a6c085 100644 --- a/drivers/hid/hid-logitech-hidpp.c +++ b/drivers/hid/hid-logitech-hidpp.c @@ -4313,7 +4313,7 @@ static int hidpp_get_report_length(struct hid_device *hdev, int id) re = &(hdev->report_enum[HID_OUTPUT_REPORT]); report = re->report_id_hash[id]; - if (!report) + if (!report || !report->maxfield) return 0; return report->field[0]->report_count + 1; -- 2.52.0.457.g6b5491de43-goog

3 days, 17 hours

3
2
0 0

[PATCH] HID: prodikeys: Check presence of pm->input_ep82

by Günther Noack

Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, pm->input_ep82 stays NULL, which leads to a crash later. This does not happen with the real device, but can be provoked by imposing as one. Cc: stable(a)vger.kernel.org Signed-off-by: Günther Noack <gnoack(a)google.com> --- drivers/hid/hid-prodikeys.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/hid/hid-prodikeys.c b/drivers/hid/hid-prodikeys.c index 74bddb2c3e82..6e413df38358 100644 --- a/drivers/hid/hid-prodikeys.c +++ b/drivers/hid/hid-prodikeys.c @@ -378,6 +378,10 @@ static int pcmidi_handle_report4(struct pcmidi_snd *pm, u8 *data) bit_mask = (bit_mask << 8) | data[2]; bit_mask = (bit_mask << 8) | data[3]; + /* robustness in case input_mapping hook does not get called */ + if (!pm->input_ep82) + return 0; + /* break keys */ for (bit_index = 0; bit_index < 24; bit_index++) { if (!((0x01 << bit_index) & bit_mask)) { -- 2.52.0.457.g6b5491de43-goog

3 days, 17 hours

2
1
0 0

[PATCH] HID: magicmouse: Do not crash on missing msc->input

by Günther Noack

Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a later time. Detect this condition in the input_configured() hook and reject the device. This is not supposed to happen with actual magic mouse devices, but can be provoked by imposing as a magic mouse USB device. Cc: stable(a)vger.kernel.org Signed-off-by: Günther Noack <gnoack(a)google.com> --- drivers/hid/hid-magicmouse.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c index 6e7c189f4d1d..b8932f02b6ee 100644 --- a/drivers/hid/hid-magicmouse.c +++ b/drivers/hid/hid-magicmouse.c @@ -726,6 +726,11 @@ static int magicmouse_input_configured(struct hid_device *hdev, struct magicmouse_sc *msc = hid_get_drvdata(hdev); int ret; + if (!msc->input) { + hid_err(hdev, "magicmouse setup input failed (no input)"); + return -EINVAL; + } + ret = magicmouse_setup_input(msc->input, hdev); if (ret) { hid_err(hdev, "magicmouse setup input failed (%d)\n", ret); -- 2.52.0.457.g6b5491de43-goog

3 days, 17 hours

2
1
0 0

[PATCH v2] drm/amdkfd: fix a memory leak in device_queue_manager_init()

by Haoxiang Li

If dqm->ops.initialize() fails, add deallocate_hiq_sdma_mqd() to release the memory allocated by allocate_hiq_sdma_mqd(). Move deallocate_hiq_sdma_mqd() up to ensure proper function visibility at the point of use. Fixes: 11614c36bc8f ("drm/amdkfd: Allocate MQD trunk for HIQ and SDMA") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- Changes in v2: - Move deallocate_hiq_sdma_mqd() up. Thanks, Felix! - Add a Fixes tag. --- .../drm/amd/amdkfd/kfd_device_queue_manager.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c index d7a2e7178ea9..8af0929ca40a 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c @@ -2919,6 +2919,14 @@ static int allocate_hiq_sdma_mqd(struct device_queue_manager *dqm) return retval; } +static void deallocate_hiq_sdma_mqd(struct kfd_node *dev, + struct kfd_mem_obj *mqd) +{ + WARN(!mqd, "No hiq sdma mqd trunk to free"); + + amdgpu_amdkfd_free_gtt_mem(dev->adev, &mqd->gtt_mem); +} + struct device_queue_manager *device_queue_manager_init(struct kfd_node *dev) { struct device_queue_manager *dqm; @@ -3042,19 +3050,14 @@ struct device_queue_manager *device_queue_manager_init(struct kfd_node *dev) return dqm; } + if (!dev->kfd->shared_resources.enable_mes) + deallocate_hiq_sdma_mqd(dev, &dqm->hiq_sdma_mqd); + out_free: kfree(dqm); return NULL; } -static void deallocate_hiq_sdma_mqd(struct kfd_node *dev, - struct kfd_mem_obj *mqd) -{ - WARN(!mqd, "No hiq sdma mqd trunk to free"); - - amdgpu_amdkfd_free_gtt_mem(dev->adev, &mqd->gtt_mem); -} - void device_queue_manager_uninit(struct device_queue_manager *dqm) { dqm->ops.stop(dqm); -- 2.25.1

3 days, 19 hours

5
7
0 0

[PATCH v2] hpsa: fix a memory leak in hpsa_find_cfgtables()

by Haoxiang Li

If write_driver_ver_to_cfgtable() fails, add iounmap() to release the memory allocated by remap_pci_mem(). Found by manual static code review. Fixes: 580ada3c1e2f ("[SCSI] hpsa: do a better job of detecting controller reset failure") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- Changes in v2: - replace iounmap with unified release method. Thanks, Greg! --- drivers/scsi/hpsa.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 3654b12c5d5a..e38d4a7488f8 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -7646,8 +7646,10 @@ static int hpsa_find_cfgtables(struct ctlr_info *h) return -ENOMEM; } rc = write_driver_ver_to_cfgtable(h->cfgtable); - if (rc) + if (rc) { + hpsa_free_cfgtables(h); return rc; + } /* Find performant mode table. */ trans_offset = readl(&h->cfgtable->TransMethodOffset); h->transtable = remap_pci_mem(pci_resource_start(h->pdev, -- 2.25.1

3 days, 19 hours

2
1
0 0

[PATCH v2 RESEND] media: hackrf: fix to not free memory after the device is registered in hackrf_probe()

by Jeongjun Park

In hackrf driver, the following race condition occurs: ``` CPU0 CPU1 hackrf_probe() kzalloc(); // alloc hackrf_dev .... v4l2_device_register(); .... open("/path/to/dev"); // open hackrf dev .... v4l2_device_unregister(); .... kfree(); // free hackrf_dev .... ioctl(fd, ...); v4l2_ioctl(); video_is_registered() // UAF!! .... close(fd); v4l2_release() // UAF!! hackrf_video_release() kfree(); // DFB!! ``` When a V4L2 or video device is unregistered, the device node is removed so new open() calls are blocked. However, file descriptors that are already open-and any in-flight I/O-do not terminate immediately; they remain valid until the last reference is dropped and the driver's release() is invoked. Therefore, freeing device memory on the error path after hackrf_probe() has registered dev it will lead to a race to use-after-free vuln, since those already-open handles haven't been released yet. And since release() free memory too, race to use-after-free and double-free vuln occur. To prevent this, if device is registered from probe(), it should be modified to free memory only through release() rather than calling kfree() directly. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+6ffd76b5405c006a46b7(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=6ffd76b5405c006a46b7 Reported-by: syzbot+f1b20958f93d2d250727(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=f1b20958f93d2d250727 Fixes: 8bc4a9ed8504 ("[media] hackrf: add support for transmitter") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v2: Fix incorrect patch description style and CC stable mailing list - Link to v1: https://lore.kernel.org/all/20250822142729.1156816-1-aha310510@gmail.com/ --- drivers/media/usb/hackrf/hackrf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/usb/hackrf/hackrf.c b/drivers/media/usb/hackrf/hackrf.c index 0b50de8775a3..d7a84422193d 100644 --- a/drivers/media/usb/hackrf/hackrf.c +++ b/drivers/media/usb/hackrf/hackrf.c @@ -1515,6 +1515,8 @@ static int hackrf_probe(struct usb_interface *intf, video_unregister_device(&dev->rx_vdev); err_v4l2_device_unregister: v4l2_device_unregister(&dev->v4l2_dev); + dev_dbg(&intf->dev, "failed=%d\n", ret); + return ret; err_v4l2_ctrl_handler_free_tx: v4l2_ctrl_handler_free(&dev->tx_ctrl_handler); err_v4l2_ctrl_handler_free_rx: --

3 days, 23 hours

2
2
0 0

[PATCH 6.12 1/2] drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally

by Xin Wang

[ Upstream commit 1313351e71181a4818afeb8dfe202e4162091ef6 ] Move forcewake_get() into xe_gt_idle_enable_c6() to streamline the code and make it easier to use. Suggested-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Signed-off-by: Xin Wang <x.wang(a)intel.com> Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://lore.kernel.org/r/20250827000633.1369890-2-x.wang@intel.com Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> --- drivers/gpu/drm/xe/xe_gt_idle.c | 20 +++++++++++++------- drivers/gpu/drm/xe/xe_gt_idle.h | 2 +- drivers/gpu/drm/xe/xe_guc_pc.c | 10 +--------- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_gt_idle.c b/drivers/gpu/drm/xe/xe_gt_idle.c index 67aba4140510..0ab9667c223f 100644 --- a/drivers/gpu/drm/xe/xe_gt_idle.c +++ b/drivers/gpu/drm/xe/xe_gt_idle.c @@ -204,11 +204,8 @@ static void gt_idle_fini(void *arg) xe_gt_idle_disable_pg(gt); - if (gt_to_xe(gt)->info.skip_guc_pc) { - XE_WARN_ON(xe_force_wake_get(gt_to_fw(gt), XE_FW_GT)); + if (gt_to_xe(gt)->info.skip_guc_pc) xe_gt_idle_disable_c6(gt); - xe_force_wake_put(gt_to_fw(gt), XE_FW_GT); - } sysfs_remove_files(kobj, gt_idle_attrs); kobject_put(kobj); @@ -266,14 +263,23 @@ void xe_gt_idle_enable_c6(struct xe_gt *gt) RC_CTL_HW_ENABLE | RC_CTL_TO_MODE | RC_CTL_RC6_ENABLE); } -void xe_gt_idle_disable_c6(struct xe_gt *gt) +int xe_gt_idle_disable_c6(struct xe_gt *gt) { + unsigned int fw_ref; + xe_device_assert_mem_access(gt_to_xe(gt)); - xe_force_wake_assert_held(gt_to_fw(gt), XE_FW_GT); if (IS_SRIOV_VF(gt_to_xe(gt))) - return; + return 0; + + fw_ref = xe_force_wake_get(gt_to_fw(gt), XE_FW_GT); + if (!fw_ref) + return -ETIMEDOUT; xe_mmio_write32(gt, RC_CONTROL, 0); xe_mmio_write32(gt, RC_STATE, 0); + + xe_force_wake_put(gt_to_fw(gt), fw_ref); + + return 0; } diff --git a/drivers/gpu/drm/xe/xe_gt_idle.h b/drivers/gpu/drm/xe/xe_gt_idle.h index 554447b5d46d..cdd02aa5c150 100644 --- a/drivers/gpu/drm/xe/xe_gt_idle.h +++ b/drivers/gpu/drm/xe/xe_gt_idle.h @@ -12,7 +12,7 @@ struct xe_gt; int xe_gt_idle_init(struct xe_gt_idle *gtidle); void xe_gt_idle_enable_c6(struct xe_gt *gt); -void xe_gt_idle_disable_c6(struct xe_gt *gt); +int xe_gt_idle_disable_c6(struct xe_gt *gt); void xe_gt_idle_enable_pg(struct xe_gt *gt); void xe_gt_idle_disable_pg(struct xe_gt *gt); diff --git a/drivers/gpu/drm/xe/xe_guc_pc.c b/drivers/gpu/drm/xe/xe_guc_pc.c index af02803c145b..209bb7c0f9ac 100644 --- a/drivers/gpu/drm/xe/xe_guc_pc.c +++ b/drivers/gpu/drm/xe/xe_guc_pc.c @@ -1008,15 +1008,7 @@ int xe_guc_pc_gucrc_disable(struct xe_guc_pc *pc) if (ret) return ret; - ret = xe_force_wake_get(gt_to_fw(gt), XE_FORCEWAKE_ALL); - if (ret) - return ret; - - xe_gt_idle_disable_c6(gt); - - XE_WARN_ON(xe_force_wake_put(gt_to_fw(gt), XE_FORCEWAKE_ALL)); - - return 0; + return xe_gt_idle_disable_c6(gt); } /** -- 2.43.0

4 days, 1 hour

1
1
0 0

[PATCH 1/4] KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation

by Yosry Ahmed

Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state") made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed updating the VMLOAD/VMSAVE emulation code to always use vmcb01. As a result, if VMSAVE/VMLOAD is executed by an L2 guest and is not intercepted by L1, KVM will mistakenly use vmcb02. Always use vmcb01 instead of the current VMCB. Fixes: cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state") Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> --- arch/x86/kvm/svm/svm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7041498a8091..4e4439a01828 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2165,12 +2165,13 @@ static int vmload_vmsave_interception(struct kvm_vcpu *vcpu, bool vmload) ret = kvm_skip_emulated_instruction(vcpu); + /* KVM always performs VMLOAD/VMSAVE on VMCB01 (see __svm_vcpu_run()) */ if (vmload) { - svm_copy_vmloadsave_state(svm->vmcb, vmcb12); + svm_copy_vmloadsave_state(svm->vmcb01.ptr, vmcb12); svm->sysenter_eip_hi = 0; svm->sysenter_esp_hi = 0; } else { - svm_copy_vmloadsave_state(vmcb12, svm->vmcb); + svm_copy_vmloadsave_state(vmcb12, svm->vmcb01.ptr); } kvm_vcpu_unmap(vcpu, &map); -- 2.52.0.457.g6b5491de43-goog

4 days, 1 hour

1
0
0 0

[PATCH] wifi: rsi: Fix memory corruption due to not set vif driver data size

by Marek Vasut

The struct ieee80211_vif contains trailing space for vif driver data, when struct ieee80211_vif is allocated, the total memory size that is allocated is sizeof(struct ieee80211_vif) + size of vif driver data. The size of vif driver data is set by each WiFi driver as needed. The RSI911x driver does not set vif driver data size, no trailing space for vif driver data is therefore allocated past struct ieee80211_vif . The RSI911x driver does however use the vif driver data to store its vif driver data structure "struct vif_priv". An access to vif->drv_priv leads to access out of struct ieee80211_vif bounds and corruption of some memory. In case of the failure observed locally, rsi_mac80211_add_interface() would write struct vif_priv *vif_info = (struct vif_priv *)vif->drv_priv; vif_info->vap_id = vap_idx. This write corrupts struct fq_tin member struct list_head new_flows . The flow = list_first_entry(head, struct fq_flow, flowchain); in fq_tin_reset() then reports non-NULL bogus address, which when accessed causes a crash. The trigger is very simple, boot the machine with init=/bin/sh , mount devtmpfs, sysfs, procfs, and then do "ip link set wlan0 up", "sleep 1", "ip link set wlan0 down" and the crash occurs. Fix this by setting the correct size of vif driver data, which is the size of "struct vif_priv", so that memory is allocated and the driver can store its driver data in it, instead of corrupting memory around it. Cc: stable(a)vger.kernel.org Fixes: dad0d04fa7ba ("rsi: Add RS9113 wireless driver") Signed-off-by: Marek Vasut <marex(a)nabladev.com> --- Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Johannes Berg <johannes.berg(a)intel.com> Cc: Marek Vasut <marex(a)nabladev.com> Cc: Radenovic Goran <gradenovic(a)ultratronik.de> Cc: Roopni Devanathan <quic_rdevanat(a)quicinc.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: kernel(a)dh-electronics.com Cc: linux-kernel(a)vger.kernel.org Cc: linux-wireless(a)vger.kernel.org --- Splat reported by UT https://lkml.org/lkml/2025/10/22/1167 Splat as seen on DH STM32MP15xx DHCOR DRC Compact with current 6.18.y LTS: 8<--- cut here --- Unable to handle kernel paging request at virtual address fffffffc when read [fffffffc] *pgd=dbfde861, *pte=00000000, *ppte=00000000 Internal error: Oops: 37 [#1] SMP ARM Modules linked in: CPU: 0 UID: 0 PID: 106 Comm: ifconfig Tainted: G W 6.18.4-00006-gbeb1780fe470-dirty #67 PREEMPT Tainted: [W]=WARN Hardware name: Generic DT based system PC is at fq_flow_reset.constprop.0+0x84/0x22c LR is at fq_flow_reset.constprop.0+0x84/0x22c pc : [<c0110934>] lr : [<c0110934>] psr: 600a0013 sp : e0c45ca0 ip : 00000000 fp : c2c11600 r10: 00000624 r9 : 00000000 r8 : e0c45cf4 r7 : 00000000 r6 : c197e668 r5 : c197e5c0 r4 : fffffffc r3 : c4281b00 r2 : 00000000 r1 : 00000000 r0 : 00000012 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: c429c06a DAC: 00000051 Register r0 information: non-paged memory Register r1 information: NULL pointer Register r2 information: NULL pointer Register r3 information: slab task_struct start c4281b00 pointer offset 0 size 2304 Register r4 information: non-paged memory Register r5 information: slab kmalloc-8k start c197e000 pointer offset 1472 size 8192 Register r6 information: slab kmalloc-8k start c197e000 pointer offset 1640 size 8192 Register r7 information: NULL pointer Register r8 information: 2-page vmalloc region starting at 0xe0c44000 allocated at kernel_clone+0xb4/0x288 Register r9 information: NULL pointer Register r10 information: non-paged memory Register r11 information: slab kmalloc-8k start c2c10000 pointer offset 5632 size 8192 Register r12 information: NULL pointer Process ifconfig (pid: 106, stack limit = 0x3fd08b1b) Stack: (0xe0c45ca0 to 0xe0c46000) 5ca0: c197e668 fffffffc 00000000 c2c11890 c197e5c0 00000000 00000000 c0110d18 5cc0: c2c10600 c197e5c0 e0c45cf4 00000000 e0c45cf4 c0b65f68 00008914 c0183e44 5ce0: 00000001 00000000 600a0013 c0187684 00000010 e0c45cf4 e0c45cf4 00000000 5d00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5d20: 00000000 115bbe91 c4281b00 c2c10600 c197e240 c0db94cc 00001003 00000001 5d40: c2d68a0c e0c45e50 00008914 c0b66338 c197e240 115bbe91 00000000 c2c10000 5d60: e0c45d94 c0db94cc 00001003 c0953c00 e0c45d94 e0c45d94 c2c10000 00001002 5d80: e0c45d94 c095830c ffffffff c2d03ed8 c2205660 c2c10104 c2c10104 115bbe91 5da0: c2c10000 c2c10000 00000000 00001003 c2c10130 c0958404 c2c10000 00001002 5dc0: c2c10000 00001002 00000000 c2d68a00 00000000 c095b72c 00000000 e0c45e40 5de0: c2c10000 c0a07254 c3212a48 00000000 00000020 00000014 e0c45e60 c4281b00 5e00: e0c45e40 00001002 0044032c 0043fe6c 0042a1f0 115bbe91 00000000 00008914 5e20: beb49abc c13f6e40 c42ac000 e0c45e60 c4281b00 c29e1e40 00000004 c0a09b94 5e40: 6e616c77 00000030 00000000 00000000 00001002 0044032c 0043fe6c 0042a1f0 5e60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5e80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5ea0: 00000000 00000000 00000000 00000000 00000000 115bbe91 00000000 c2511200 5ec0: 00008914 beb49abc c13f6e40 c0da8868 c4281b00 c092f358 e0c45ee7 c2b9d490 5ee0: c2204f68 00339798 00000000 00000000 00000000 00000000 00000000 00000000 5f00: 00000000 00000000 00000000 115bbe91 beb49b44 c29e1e40 beb49abc 00008914 5f20: c2511280 c02de8b4 fffffffe ffffff9c e0c45f74 c01002c4 0042bb7c 00000000 5f40: 00000000 c02da9e8 00000000 0042bb7c 00000001 004406c8 00000001 c4281b00 5f60: 00000004 c02c6f84 00000000 ffffff9c c29e1e40 00000000 00000000 115bbe91 5f80: 00000004 beb49b44 beb49abc 00000004 00000036 c01002c4 c4281b00 00000036 5fa0: beb49f86 c0100060 beb49b44 beb49abc 00000004 00008914 beb49abc beb49aa8 5fc0: beb49b44 beb49abc 00000004 00000036 00440000 0042a350 00000000 beb49f86 5fe0: 00000036 beb49a90 b6ea1891 b6e0f736 800a0030 00000004 00000000 00000000 Call trace: fq_flow_reset.constprop.0 from ieee80211_txq_purge+0xd8/0x1fc ieee80211_txq_purge from ieee80211_do_stop+0x52c/0x848 ieee80211_do_stop from ieee80211_stop+0xb4/0x138 ieee80211_stop from __dev_close_many+0xc8/0xe8 __dev_close_many from __dev_change_flags+0xe0/0x1b8 __dev_change_flags from netif_change_flags+0x20/0x5c netif_change_flags from dev_change_flags+0x2c/0x40 dev_change_flags from devinet_ioctl+0x304/0x59c devinet_ioctl from inet_ioctl+0x204/0x228 inet_ioctl from sock_ioctl+0x160/0x410 sock_ioctl from sys_ioctl+0x65c/0x8b8 sys_ioctl from ret_fast_syscall+0x0/0x54 Exception stack(0xe0c45fa8 to 0xe0c45ff0) 5fa0: beb49b44 beb49abc 00000004 00008914 beb49abc beb49aa8 5fc0: beb49b44 beb49abc 00000004 00000036 00440000 0042a350 00000000 beb49f86 5fe0: 00000036 beb49a90 b6ea1891 b6e0f736 Code: e59f1194 e59f018c e300213d ebffc819 (e5943000) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- --- drivers/net/wireless/rsi/rsi_91x_mac80211.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/rsi/rsi_91x_mac80211.c b/drivers/net/wireless/rsi/rsi_91x_mac80211.c index f3a853edfc11d..8c8e074a3a705 100644 --- a/drivers/net/wireless/rsi/rsi_91x_mac80211.c +++ b/drivers/net/wireless/rsi/rsi_91x_mac80211.c @@ -2035,6 +2035,7 @@ int rsi_mac80211_attach(struct rsi_common *common) hw->queues = MAX_HW_QUEUES; hw->extra_tx_headroom = RSI_NEEDED_HEADROOM; + hw->vif_data_size = sizeof(struct vif_priv); hw->max_rates = 1; hw->max_rate_tries = MAX_RETRIES; -- 2.51.0

4 days, 2 hours

1
0
0 0

[PATCH 1/3] media: rzg2l-cru: Skip ICnMC configuration when ICnSVC is used

by Tommaso Merciai

When the CRU is configured to use ICnSVC for virtual channel mapping, as on the RZ/{G3E, V2H/P} SoC, the ICnMC register must not be programmed. Return early after setting up ICnSVC to avoid overriding the ICnMC register, which is not applicable in this mode. This prevents unintended register programming when ICnSVC is enabled. Fixes: 3c5ca0a48bb0 ("media: rzg2l-cru: Drop function pointer to configure CSI") Cc: stable(a)vger.kernel.org Signed-off-by: Tommaso Merciai <tommaso.merciai.xr(a)bp.renesas.com> --- drivers/media/platform/renesas/rzg2l-cru/rzg2l-video.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/platform/renesas/rzg2l-cru/rzg2l-video.c b/drivers/media/platform/renesas/rzg2l-cru/rzg2l-video.c index 162e2ace6931..480e9b5dbcfe 100644 --- a/drivers/media/platform/renesas/rzg2l-cru/rzg2l-video.c +++ b/drivers/media/platform/renesas/rzg2l-cru/rzg2l-video.c @@ -268,6 +268,8 @@ static void rzg2l_cru_csi2_setup(struct rzg2l_cru_dev *cru, rzg2l_cru_write(cru, ICnSVCNUM, csi_vc); rzg2l_cru_write(cru, ICnSVC, ICnSVC_SVC0(0) | ICnSVC_SVC1(1) | ICnSVC_SVC2(2) | ICnSVC_SVC3(3)); + + return; } icnmc |= rzg2l_cru_read(cru, info->image_conv) & ~ICnMC_INF_MASK; -- 2.43.0

4 days, 4 hours

2
1
0 0

[PATCH v2] soc: ti: pruss: fix double free in pruss_clk_mux_setup()

by Wentao Liang

In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly calls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np) on the error path. However, after the devm_add_action_or_reset() returns, the of_node_put(clk_mux_np) is called again, causing a double free. Fix by returning directly, to avoid the duplicate of_node_put(). Fixes: ba59c9b43c86 ("soc: ti: pruss: support CORECLK_MUX and IEPCLK_MUX") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- Changes in v2: - Drop error jumping lable. --- drivers/soc/ti/pruss.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/soc/ti/pruss.c b/drivers/soc/ti/pruss.c index d7634bf5413a..07d5134b503b 100644 --- a/drivers/soc/ti/pruss.c +++ b/drivers/soc/ti/pruss.c @@ -368,10 +368,9 @@ static int pruss_clk_mux_setup(struct pruss *pruss, struct clk *clk_mux, clk_mux_np); if (ret) { dev_err(dev, "failed to add clkmux free action %d", ret); - goto put_clk_mux_np; } - return 0; + return ret; put_clk_mux_np: of_node_put(clk_mux_np); -- 2.34.1

4 days, 6 hours

3
2
0 0

[PATCH 0/7] clk: qcom: gcc: Do not turn off PCIe GDSCs during gdsc_disable()

by Krishna Chaitanya Chundru

With PWRSTS_OFF_ON, PCIe GDSCs are turned off during gdsc_disable(). This can happen during scenarios such as system suspend and breaks the resume of PCIe controllers from suspend. So use PWRSTS_RET_ON to indicate the GDSC driver to not turn off the GDSCs during gdsc_disable() and allow the hardware to transition the GDSCs to retention when the parent domain enters low power state during system suspend. Signed-off-by: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> --- Krishna Chaitanya Chundru (7): clk: qcom: gcc-sc7280: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sa8775p: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sm8750: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-glymur: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-qcs8300: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-x1e80100: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-kaanapali: Do not turn off PCIe GDSCs during gdsc_disable() drivers/clk/qcom/gcc-glymur.c | 16 ++++++++-------- drivers/clk/qcom/gcc-kaanapali.c | 2 +- drivers/clk/qcom/gcc-qcs8300.c | 4 ++-- drivers/clk/qcom/gcc-sa8775p.c | 4 ++-- drivers/clk/qcom/gcc-sc7280.c | 2 +- drivers/clk/qcom/gcc-sm8750.c | 2 +- drivers/clk/qcom/gcc-x1e80100.c | 16 ++++++++-------- 7 files changed, 23 insertions(+), 23 deletions(-) --- base-commit: 98e506ee7d10390b527aeddee7bbeaf667129646 change-id: 20260102-pci_gdsc_fix-1dcf08223922 Best regards, -- Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com>

4 days, 7 hours

6
22
0 0

FAILED: patch "[PATCH] ksm: use range-walk function to jump over holes in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f5548c318d6520d4fa3c5ed6003eeb710763cbc5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112000-stage-compare-58a2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5548c318d6520d4fa3c5ed6003eeb710763cbc5 Mon Sep 17 00:00:00 2001 From: Pedro Demarchi Gomes <pedrodemargomes(a)gmail.com> Date: Wed, 22 Oct 2025 12:30:59 -0300 Subject: [PATCH] ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Currently, scan_get_next_rmap_item() walks every page address in a VMA to locate mergeable pages. This becomes highly inefficient when scanning large virtual memory areas that contain mostly unmapped regions, causing ksmd to use large amount of cpu without deduplicating much pages. This patch replaces the per-address lookup with a range walk using walk_page_range(). The range walker allows KSM to skip over entire unmapped holes in a VMA, avoiding unnecessary lookups. This problem was previously discussed in [1]. Consider the following test program which creates a 32 TiB mapping in the virtual address space but only populates a single page: #include <unistd.h> #include <stdio.h> #include <sys/mman.h> /* 32 TiB */ const size_t size = 32ul * 1024 * 1024 * 1024 * 1024; int main() { char *area = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1, 0); if (area == MAP_FAILED) { perror("mmap() failed\n"); return -1; } /* Populate a single page such that we get an anon_vma. */ *area = 0; /* Enable KSM. */ madvise(area, size, MADV_MERGEABLE); pause(); return 0; } $ ./ksm-sparse & $ echo 1 > /sys/kernel/mm/ksm/run Without this patch ksmd uses 100% of the cpu for a long time (more then 1 hour in my test machine) scanning all the 32 TiB virtual address space that contain only one mapped page. This makes ksmd essentially deadlocked not able to deduplicate anything of value. With this patch ksmd walks only the one mapped page and skips the rest of the 32 TiB virtual address space, making the scan fast using little cpu. Link: https://lkml.kernel.org/r/20251023035841.41406-1-pedrodemargomes@gmail.com Link: https://lkml.kernel.org/r/20251022153059.22763-1-pedrodemargomes@gmail.com Link: https://lore.kernel.org/linux-mm/423de7a3-1c62-4e72-8e79-19a6413e420c@redha… [1] Fixes: 31dbd01f3143 ("ksm: Kernel SamePage Merging") Signed-off-by: Pedro Demarchi Gomes <pedrodemargomes(a)gmail.com> Co-developed-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: craftfever <craftfever(a)airmail.cc> Closes: https://lkml.kernel.org/r/020cf8de6e773bb78ba7614ef250129f11a63781@murena.io Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: xu xin <xu.xin16(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/ksm.c b/mm/ksm.c index 7bc726b50b2f..c4e730409949 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -2455,6 +2455,95 @@ static bool should_skip_rmap_item(struct folio *folio, return true; } +struct ksm_next_page_arg { + struct folio *folio; + struct page *page; + unsigned long addr; +}; + +static int ksm_next_page_pmd_entry(pmd_t *pmdp, unsigned long addr, unsigned long end, + struct mm_walk *walk) +{ + struct ksm_next_page_arg *private = walk->private; + struct vm_area_struct *vma = walk->vma; + pte_t *start_ptep = NULL, *ptep, pte; + struct mm_struct *mm = walk->mm; + struct folio *folio; + struct page *page; + spinlock_t *ptl; + pmd_t pmd; + + if (ksm_test_exit(mm)) + return 0; + + cond_resched(); + + pmd = pmdp_get_lockless(pmdp); + if (!pmd_present(pmd)) + return 0; + + if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) && pmd_leaf(pmd)) { + ptl = pmd_lock(mm, pmdp); + pmd = pmdp_get(pmdp); + + if (!pmd_present(pmd)) { + goto not_found_unlock; + } else if (pmd_leaf(pmd)) { + page = vm_normal_page_pmd(vma, addr, pmd); + if (!page) + goto not_found_unlock; + folio = page_folio(page); + + if (folio_is_zone_device(folio) || !folio_test_anon(folio)) + goto not_found_unlock; + + page += ((addr & (PMD_SIZE - 1)) >> PAGE_SHIFT); + goto found_unlock; + } + spin_unlock(ptl); + } + + start_ptep = pte_offset_map_lock(mm, pmdp, addr, &ptl); + if (!start_ptep) + return 0; + + for (ptep = start_ptep; addr < end; ptep++, addr += PAGE_SIZE) { + pte = ptep_get(ptep); + + if (!pte_present(pte)) + continue; + + page = vm_normal_page(vma, addr, pte); + if (!page) + continue; + folio = page_folio(page); + + if (folio_is_zone_device(folio) || !folio_test_anon(folio)) + continue; + goto found_unlock; + } + +not_found_unlock: + spin_unlock(ptl); + if (start_ptep) + pte_unmap(start_ptep); + return 0; +found_unlock: + folio_get(folio); + spin_unlock(ptl); + if (start_ptep) + pte_unmap(start_ptep); + private->page = page; + private->folio = folio; + private->addr = addr; + return 1; +} + +static struct mm_walk_ops ksm_next_page_ops = { + .pmd_entry = ksm_next_page_pmd_entry, + .walk_lock = PGWALK_RDLOCK, +}; + static struct ksm_rmap_item *scan_get_next_rmap_item(struct page **page) { struct mm_struct *mm; @@ -2542,21 +2631,27 @@ static struct ksm_rmap_item *scan_get_next_rmap_item(struct page **page) ksm_scan.address = vma->vm_end; while (ksm_scan.address < vma->vm_end) { + struct ksm_next_page_arg ksm_next_page_arg; struct page *tmp_page = NULL; - struct folio_walk fw; struct folio *folio; if (ksm_test_exit(mm)) break; - folio = folio_walk_start(&fw, vma, ksm_scan.address, 0); - if (folio) { - if (!folio_is_zone_device(folio) && - folio_test_anon(folio)) { - folio_get(folio); - tmp_page = fw.page; - } - folio_walk_end(&fw, vma); + int found; + + found = walk_page_range_vma(vma, ksm_scan.address, + vma->vm_end, + &ksm_next_page_ops, + &ksm_next_page_arg); + + if (found > 0) { + folio = ksm_next_page_arg.folio; + tmp_page = ksm_next_page_arg.page; + ksm_scan.address = ksm_next_page_arg.addr; + } else { + VM_WARN_ON_ONCE(found < 0); + ksm_scan.address = vma->vm_end - PAGE_SIZE; } if (tmp_page) {

4 days, 8 hours

2
1
0 0

[PATCH v2] mfd: macsmc: Initialize mutex

by Janne Grunau

Initialize struct apple_smc's mutex in apple_smc_probe(). Using the mutex uninitialized surprisingly resulted only in occasional NULL pointer dereferences in apple_smc_read() calls from the probe() functions of sub devices. Fixes: e038d985c9823 ("mfd: Add Apple Silicon System Management Controller") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> --- Changes in v2: - rewritten commit message - added missing Cc: stable - rebased onto v6.19-rc1 - Link to v1: https://lore.kernel.org/r/20250925-macsmc-mutex_init-v1-1-416e9e644735@jann… --- drivers/mfd/macsmc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mfd/macsmc.c b/drivers/mfd/macsmc.c index e3893e255ce5e4bb4832d80ad1fc002d413a291a..3015e8d36d6e5bfdcea342c7d05a7b34788d7845 100644 --- a/drivers/mfd/macsmc.c +++ b/drivers/mfd/macsmc.c @@ -413,6 +413,7 @@ static int apple_smc_probe(struct platform_device *pdev) if (!smc) return -ENOMEM; + mutex_init(&smc->mutex); smc->dev = &pdev->dev; smc->sram_base = devm_platform_get_and_ioremap_resource(pdev, 1, &smc->sram); if (IS_ERR(smc->sram_base)) --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20250925-macsmc-mutex_init-80d7cb2aacfa Best regards, -- Janne Grunau <j(a)jannau.net>

4 days, 9 hours

3
2
0 0

[PATCH RESEND] block/blk-mq: fix RT kernel regression with dedicated quiesce_sync_lock

by Nechita, Ionut

From ade501a5ea27db18e827054d812ea6cc4679b65e Mon Sep 17 00:00:00 2001 From: Ionut Nechita <ionut.nechita(a)windriver.com> Date: Tue, 23 Dec 2025 12:29:14 +0200 Subject: [PATCH] block/blk-mq: fix RT kernel regression with dedicated quiesce_sync_lock In RT kernel (PREEMPT_RT), commit 679b1874eba7 ("block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding") causes severe performance regression on systems with multiple MSI-X interrupt vectors. The commit added spinlock_t queue_lock to blk_mq_run_hw_queue() to synchronize QUEUE_FLAG_QUIESCED checks with blk_mq_unquiesce_queue(). While this works correctly in standard kernel, it causes catastrophic serialization in RT kernel where spinlock_t converts to sleeping rt_mutex. Problem in RT kernel: - blk_mq_run_hw_queue() is called from IRQ thread context (I/O completion) - With 8 MSI-X vectors, all 8 IRQ threads contend on the same queue_lock - queue_lock becomes rt_mutex (sleeping) in RT kernel - IRQ threads serialize and enter D-state waiting for lock - Throughput drops from 640 MB/s to 153 MB/s The original commit message noted that memory barriers were considered but rejected because "memory barrier is not easy to be maintained" - barriers would need to be added at multiple call sites throughout the block layer where work is added before calling blk_mq_run_hw_queue(). Solution: Instead of using the general-purpose queue_lock or attempting complex memory barrier pairing across many call sites, introduce a dedicated raw_spinlock_t quiesce_sync_lock specifically for synchronizing the quiesce state between: - blk_mq_quiesce_queue_nowait() - blk_mq_unquiesce_queue() - blk_mq_run_hw_queue() Why raw_spinlock is safe: - Critical section is provably short (only flag and counter checks) - No sleeping operations under lock - raw_spinlock does not convert to rt_mutex in RT kernel - Provides same ordering guarantees as original queue_lock approach This approach: - Maintains correctness of original synchronization - Avoids sleeping in RT kernel's IRQ thread context - Limits scope to only quiesce-related synchronization - Simpler than auditing all call sites for memory barrier pairing Additionally, change blk_freeze_queue_start to use async=true for better performance in RT kernel by avoiding synchronous queue runs during freeze. Test results on RT kernel (megaraid_sas with 8 MSI-X vectors): - Before: 153 MB/s, 6-8 IRQ threads in D-state - After: 640 MB/s, 0 IRQ threads blocked Fixes: 679b1874eba7 ("block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding") Cc: stable(a)vger.kernel.org Signed-off-by: Ionut Nechita <ionut.nechita(a)windriver.com> --- block/blk-core.c | 1 + block/blk-mq.c | 30 +++++++++++++++++++----------- include/linux/blkdev.h | 6 ++++++ 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index c7b6c1f76359..33a954422415 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -434,6 +434,7 @@ struct request_queue *blk_alloc_queue(struct queue_limits *lim, int node_id) mutex_init(&q->limits_lock); mutex_init(&q->rq_qos_mutex); spin_lock_init(&q->queue_lock); + raw_spin_lock_init(&q->quiesce_sync_lock); init_waitqueue_head(&q->mq_freeze_wq); mutex_init(&q->mq_freeze_lock); diff --git a/block/blk-mq.c b/block/blk-mq.c index e1bca29dc358..c7ca2f485e8e 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -178,7 +178,7 @@ bool __blk_freeze_queue_start(struct request_queue *q, percpu_ref_kill(&q->q_usage_counter); mutex_unlock(&q->mq_freeze_lock); if (queue_is_mq(q)) - blk_mq_run_hw_queues(q, false); + blk_mq_run_hw_queues(q, true); } else { mutex_unlock(&q->mq_freeze_lock); } @@ -289,10 +289,10 @@ void blk_mq_quiesce_queue_nowait(struct request_queue *q) { unsigned long flags; - spin_lock_irqsave(&q->queue_lock, flags); + raw_spin_lock_irqsave(&q->quiesce_sync_lock, flags); if (!q->quiesce_depth++) blk_queue_flag_set(QUEUE_FLAG_QUIESCED, q); - spin_unlock_irqrestore(&q->queue_lock, flags); + raw_spin_unlock_irqrestore(&q->quiesce_sync_lock, flags); } EXPORT_SYMBOL_GPL(blk_mq_quiesce_queue_nowait); @@ -344,14 +344,14 @@ void blk_mq_unquiesce_queue(struct request_queue *q) unsigned long flags; bool run_queue = false; - spin_lock_irqsave(&q->queue_lock, flags); + raw_spin_lock_irqsave(&q->quiesce_sync_lock, flags); if (WARN_ON_ONCE(q->quiesce_depth <= 0)) { ; } else if (!--q->quiesce_depth) { blk_queue_flag_clear(QUEUE_FLAG_QUIESCED, q); run_queue = true; } - spin_unlock_irqrestore(&q->queue_lock, flags); + raw_spin_unlock_irqrestore(&q->quiesce_sync_lock, flags); /* dispatch requests which are inserted during quiescing */ if (run_queue) @@ -2323,19 +2323,27 @@ void blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) might_sleep_if(!async && hctx->flags & BLK_MQ_F_BLOCKING); + /* + * First lockless check to avoid unnecessary overhead. + */ need_run = blk_mq_hw_queue_need_run(hctx); if (!need_run) { unsigned long flags; /* - * Synchronize with blk_mq_unquiesce_queue(), because we check - * if hw queue is quiesced locklessly above, we need the use - * ->queue_lock to make sure we see the up-to-date status to - * not miss rerunning the hw queue. + * Synchronize with blk_mq_unquiesce_queue(). We check if hw + * queue is quiesced locklessly above, so we need to use + * quiesce_sync_lock to ensure we see the up-to-date status + * and don't miss rerunning the hw queue. + * + * Uses raw_spinlock to avoid sleeping in RT kernel's IRQ + * thread context during I/O completion. Critical section is + * short (only flag and counter checks), making raw_spinlock + * safe. */ - spin_lock_irqsave(&hctx->queue->queue_lock, flags); + raw_spin_lock_irqsave(&hctx->queue->quiesce_sync_lock, flags); need_run = blk_mq_hw_queue_need_run(hctx); - spin_unlock_irqrestore(&hctx->queue->queue_lock, flags); + raw_spin_unlock_irqrestore(&hctx->queue->quiesce_sync_lock, flags); if (!need_run) return; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index cd9c97f6f948..0f651a4fae8d 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -480,6 +480,12 @@ struct request_queue { struct request *last_merge; spinlock_t queue_lock; + /* + * Synchronizes quiesce state checks between blk_mq_run_hw_queue() + * and blk_mq_unquiesce_queue(). Uses raw_spinlock to avoid sleeping + * in RT kernel's IRQ thread context during I/O completion. + */ + raw_spinlock_t quiesce_sync_lock; int quiesce_depth; -- 2.43.0

4 days, 9 hours

1
0
0 0

[PATCH v2] usb: dwc3: apple: Set USB2 PHY mode before dwc3 init

by Sven Peter

Now that the upstream code has been getting broader test coverage by our users we occasionally see issues with USB2 devices plugged in during boot. Before Linux is running, the USB2 PHY has usually been running in device mode and it turns out that sometimes host->device or device->host transitions don't work. The root cause: If the role inside the USB2 PHY is re-configured when it has already been powered on or when dwc3 has already enabled the ULPI interface the new configuration sometimes doesn't take affect until dwc3 is reset again. Fix this rare issue by configuring the role much earlier. Note that the USB3 PHY does not suffer from this issue and actually requires dwc3 to be up before the correct role can be configured there. Reported-by: James Calligeros <jcalligeros99(a)gmail.com> Reported-by: Janne Grunau <j(a)jannau.net> Fixes: 0ec946d32ef7 ("usb: dwc3: Add Apple Silicon DWC3 glue layer driver") Cc: stable(a)vger.kernel.org Tested-by: Janne Grunau <j(a)jannau.net> Reviewed-by: Janne Grunau <j(a)jannau.net> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Sven Peter <sven(a)kernel.org> --- Changes in v2: - Picked up tags, thanks! - Fixed a typo in the commit messages (dwc2 -> dwc3) - Link to v1: https://patch.msgid.link/20260108-dwc3-apple-usb2phy-fix-v1-1-5dd7bc642040@… --- drivers/usb/dwc3/dwc3-apple.c | 48 +++++++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/drivers/usb/dwc3/dwc3-apple.c b/drivers/usb/dwc3/dwc3-apple.c index cc47cad232e397ac4498b09165dfdb5bd215ded7..c2ae8eb21d514e5e493d2927bc12908c308dfe19 100644 --- a/drivers/usb/dwc3/dwc3-apple.c +++ b/drivers/usb/dwc3/dwc3-apple.c @@ -218,25 +218,31 @@ static int dwc3_apple_core_init(struct dwc3_apple *appledwc) return ret; } -static void dwc3_apple_phy_set_mode(struct dwc3_apple *appledwc, enum phy_mode mode) -{ - lockdep_assert_held(&appledwc->lock); - - /* - * This platform requires SUSPHY to be enabled here already in order to properly configure - * the PHY and switch dwc3's PIPE interface to USB3 PHY. - */ - dwc3_enable_susphy(&appledwc->dwc, true); - phy_set_mode(appledwc->dwc.usb2_generic_phy[0], mode); - phy_set_mode(appledwc->dwc.usb3_generic_phy[0], mode); -} - static int dwc3_apple_init(struct dwc3_apple *appledwc, enum dwc3_apple_state state) { int ret, ret_reset; lockdep_assert_held(&appledwc->lock); + /* + * The USB2 PHY on this platform must be configured for host or device mode while it is + * still powered off and before dwc3 tries to access it. Otherwise, the new configuration + * will sometimes only take affect after the *next* time dwc3 is brought up which causes + * the connected device to just not work. + * The USB3 PHY must be configured later after dwc3 has already been initialized. + */ + switch (state) { + case DWC3_APPLE_HOST: + phy_set_mode(appledwc->dwc.usb2_generic_phy[0], PHY_MODE_USB_HOST); + break; + case DWC3_APPLE_DEVICE: + phy_set_mode(appledwc->dwc.usb2_generic_phy[0], PHY_MODE_USB_DEVICE); + break; + default: + /* Unreachable unless there's a bug in this driver */ + return -EINVAL; + } + ret = reset_control_deassert(appledwc->reset); if (ret) { dev_err(appledwc->dev, "Failed to deassert reset, err=%d\n", ret); @@ -257,7 +263,13 @@ static int dwc3_apple_init(struct dwc3_apple *appledwc, enum dwc3_apple_state st case DWC3_APPLE_HOST: appledwc->dwc.dr_mode = USB_DR_MODE_HOST; dwc3_apple_set_ptrcap(appledwc, DWC3_GCTL_PRTCAP_HOST); - dwc3_apple_phy_set_mode(appledwc, PHY_MODE_USB_HOST); + /* + * This platform requires SUSPHY to be enabled here already in order to properly + * configure the PHY and switch dwc3's PIPE interface to USB3 PHY. The USB2 PHY + * has already been configured to the correct mode earlier. + */ + dwc3_enable_susphy(&appledwc->dwc, true); + phy_set_mode(appledwc->dwc.usb3_generic_phy[0], PHY_MODE_USB_HOST); ret = dwc3_host_init(&appledwc->dwc); if (ret) { dev_err(appledwc->dev, "Failed to initialize host, ret=%d\n", ret); @@ -268,7 +280,13 @@ static int dwc3_apple_init(struct dwc3_apple *appledwc, enum dwc3_apple_state st case DWC3_APPLE_DEVICE: appledwc->dwc.dr_mode = USB_DR_MODE_PERIPHERAL; dwc3_apple_set_ptrcap(appledwc, DWC3_GCTL_PRTCAP_DEVICE); - dwc3_apple_phy_set_mode(appledwc, PHY_MODE_USB_DEVICE); + /* + * This platform requires SUSPHY to be enabled here already in order to properly + * configure the PHY and switch dwc3's PIPE interface to USB3 PHY. The USB2 PHY + * has already been configured to the correct mode earlier. + */ + dwc3_enable_susphy(&appledwc->dwc, true); + phy_set_mode(appledwc->dwc.usb3_generic_phy[0], PHY_MODE_USB_DEVICE); ret = dwc3_gadget_init(&appledwc->dwc); if (ret) { dev_err(appledwc->dev, "Failed to initialize gadget, ret=%d\n", ret); --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20260108-dwc3-apple-usb2phy-fix-cf1d26018dd0 Best regards, -- Sven Peter <sven(a)kernel.org>

4 days, 10 hours

1
0
0 0

[PATCH v3] drm/amdkfd: fix a memory leak in device_queue_manager_init()

by Haoxiang Li

If dqm->ops.initialize() fails, add deallocate_hiq_sdma_mqd() to release the memory allocated by allocate_hiq_sdma_mqd(). Move deallocate_hiq_sdma_mqd() up to ensure proper function visibility at the point of use. Fixes: 11614c36bc8f ("drm/amdkfd: Allocate MQD trunk for HIQ and SDMA") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- Chnages in v3: - recheck the patch format. Changes in v2: - Move deallocate_hiq_sdma_mqd() up. Thanks, Felix! - Add a Fixes tag. --- .../drm/amd/amdkfd/kfd_device_queue_manager.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c index d7a2e7178ea9..8af0929ca40a 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c @@ -2919,6 +2919,14 @@ static int allocate_hiq_sdma_mqd(struct device_queue_manager *dqm) return retval; } +static void deallocate_hiq_sdma_mqd(struct kfd_node *dev, + struct kfd_mem_obj *mqd) +{ + WARN(!mqd, "No hiq sdma mqd trunk to free"); + + amdgpu_amdkfd_free_gtt_mem(dev->adev, &mqd->gtt_mem); +} + struct device_queue_manager *device_queue_manager_init(struct kfd_node *dev) { struct device_queue_manager *dqm; @@ -3042,19 +3050,14 @@ struct device_queue_manager *device_queue_manager_init(struct kfd_node *dev) return dqm; } + if (!dev->kfd->shared_resources.enable_mes) + deallocate_hiq_sdma_mqd(dev, &dqm->hiq_sdma_mqd); + out_free: kfree(dqm); return NULL; } -static void deallocate_hiq_sdma_mqd(struct kfd_node *dev, - struct kfd_mem_obj *mqd) -{ - WARN(!mqd, "No hiq sdma mqd trunk to free"); - - amdgpu_amdkfd_free_gtt_mem(dev->adev, &mqd->gtt_mem); -} - void device_queue_manager_uninit(struct device_queue_manager *dqm) { dqm->ops.stop(dqm); -- 2.25.1

4 days, 10 hours

2
1
0 0

[PATCH] xfs: fix NULL ptr in xfs_attr_leaf_get

by Mark Tinguely

The error path of xfs_attr_leaf_hasname() can leave a NULL xfs_buf pointer. xfs_has_attr() checks for the NULL pointer but the other callers do not. We tripped over the NULL pointer in xfs_attr_leaf_get() but fix the other callers too. Fixes v5.8-rc4-95-g07120f1abdff ("xfs: Add xfs_has_attr and subroutines") No reproducer. Cc: stable(a)vger.kernel.org # v5.19+ with another port for v5.9 - v5.18 Signed-off-by: Mark Tinguely <mark.tinguely(a)oracle.com> --- fs/xfs/libxfs/xfs_attr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 8c04acd30d48..25e2ecf20d14 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -1266,7 +1266,8 @@ xfs_attr_leaf_removename( error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { - xfs_trans_brelse(args->trans, bp); + if (bp) + xfs_trans_brelse(args->trans, bp); if (args->op_flags & XFS_DA_OP_RECOVERY) return 0; return error; @@ -1305,7 +1306,8 @@ xfs_attr_leaf_get(xfs_da_args_t *args) error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { - xfs_trans_brelse(args->trans, bp); + if (bp) + xfs_trans_brelse(args->trans, bp); return error; } else if (error != -EEXIST) return error; -- 2.50.1 (Apple Git-155)

4 days, 10 hours

3
4
0 0

[PATCH net] wifi: ath12k: fix dma_free_coherent() pointer

by Thomas Fourier

dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- drivers/net/wireless/ath/ath12k/ce.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/ce.c b/drivers/net/wireless/ath/ath12k/ce.c index 9a63608838ac..4aea58446838 100644 --- a/drivers/net/wireless/ath/ath12k/ce.c +++ b/drivers/net/wireless/ath/ath12k/ce.c @@ -984,8 +984,8 @@ void ath12k_ce_free_pipes(struct ath12k_base *ab) dma_free_coherent(ab->dev, pipe->src_ring->nentries * desc_sz + CE_DESC_RING_ALIGN, - pipe->src_ring->base_addr_owner_space, - pipe->src_ring->base_addr_ce_space); + pipe->src_ring->base_addr_owner_space_unaligned, + pipe->src_ring->base_addr_ce_space_unaligned); kfree(pipe->src_ring); pipe->src_ring = NULL; } @@ -995,8 +995,8 @@ void ath12k_ce_free_pipes(struct ath12k_base *ab) dma_free_coherent(ab->dev, pipe->dest_ring->nentries * desc_sz + CE_DESC_RING_ALIGN, - pipe->dest_ring->base_addr_owner_space, - pipe->dest_ring->base_addr_ce_space); + pipe->dest_ring->base_addr_owner_space_unaligned, + pipe->dest_ring->base_addr_ce_space_unaligned); kfree(pipe->dest_ring); pipe->dest_ring = NULL; } @@ -1007,8 +1007,8 @@ void ath12k_ce_free_pipes(struct ath12k_base *ab) dma_free_coherent(ab->dev, pipe->status_ring->nentries * desc_sz + CE_DESC_RING_ALIGN, - pipe->status_ring->base_addr_owner_space, - pipe->status_ring->base_addr_ce_space); + pipe->status_ring->base_addr_owner_space_unaligned, + pipe->status_ring->base_addr_ce_space_unaligned); kfree(pipe->status_ring); pipe->status_ring = NULL; } -- 2.43.0

4 days, 11 hours

3
2
0 0

[PATCH net] wifi: ath10k: fix dma_free_coherent() pointer

by Thomas Fourier

dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. Fixes: 2a1e1ad3fd37 ("ath10k: Add support for 64 bit ce descriptor") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- drivers/net/wireless/ath/ath10k/ce.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c index 7bbda46cfd93..82f120ee1c66 100644 --- a/drivers/net/wireless/ath/ath10k/ce.c +++ b/drivers/net/wireless/ath/ath10k/ce.c @@ -1727,8 +1727,8 @@ static void _ath10k_ce_free_pipe(struct ath10k *ar, int ce_id) (ce_state->src_ring->nentries * sizeof(struct ce_desc) + CE_DESC_RING_ALIGN), - ce_state->src_ring->base_addr_owner_space, - ce_state->src_ring->base_addr_ce_space); + ce_state->src_ring->base_addr_owner_space_unaligned, + ce_state->src_ring->base_addr_ce_space_unaligned); kfree(ce_state->src_ring); } @@ -1737,8 +1737,8 @@ static void _ath10k_ce_free_pipe(struct ath10k *ar, int ce_id) (ce_state->dest_ring->nentries * sizeof(struct ce_desc) + CE_DESC_RING_ALIGN), - ce_state->dest_ring->base_addr_owner_space, - ce_state->dest_ring->base_addr_ce_space); + ce_state->dest_ring->base_addr_owner_space_unaligned, + ce_state->dest_ring->base_addr_ce_space_unaligned); kfree(ce_state->dest_ring); } @@ -1758,8 +1758,8 @@ static void _ath10k_ce_free_pipe_64(struct ath10k *ar, int ce_id) (ce_state->src_ring->nentries * sizeof(struct ce_desc_64) + CE_DESC_RING_ALIGN), - ce_state->src_ring->base_addr_owner_space, - ce_state->src_ring->base_addr_ce_space); + ce_state->src_ring->base_addr_owner_space_unaligned, + ce_state->src_ring->base_addr_ce_space_unaligned); kfree(ce_state->src_ring); } @@ -1768,8 +1768,8 @@ static void _ath10k_ce_free_pipe_64(struct ath10k *ar, int ce_id) (ce_state->dest_ring->nentries * sizeof(struct ce_desc_64) + CE_DESC_RING_ALIGN), - ce_state->dest_ring->base_addr_owner_space, - ce_state->dest_ring->base_addr_ce_space); + ce_state->dest_ring->base_addr_owner_space_unaligned, + ce_state->dest_ring->base_addr_ce_space_unaligned); kfree(ce_state->dest_ring); } -- 2.43.0

4 days, 11 hours

3
2
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror