- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] usb: dwc3: Fix timeout issue during controller enter/exit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d3a8c28426fc1fb3252753a9f1db0d691ffc21b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021803-frugally-entity-330b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3a8c28426fc1fb3252753a9f1db0d691ffc21b0 Mon Sep 17 00:00:00 2001 From: Selvarasu Ganesan <selvarasu.g(a)samsung.com> Date: Sat, 1 Feb 2025 22:09:02 +0530 Subject: [PATCH] usb: dwc3: Fix timeout issue during controller enter/exit from halt state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is a frequent timeout during controller enter/exit from halt state after toggling the run_stop bit by SW. This timeout occurs when performing frequent role switches between host and device, causing device enumeration issues due to the timeout. This issue was not present when USB2 suspend PHY was disabled by passing the SNPS quirks (snps,dis_u2_susphy_quirk and snps,dis_enblslpm_quirk) from the DTS. However, there is a requirement to enable USB2 suspend PHY by setting of GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY bits when controller starts in gadget or host mode results in the timeout issue. This commit addresses this timeout issue by ensuring that the bits GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY are cleared before starting the dwc3_gadget_run_stop sequence and restoring them after the dwc3_gadget_run_stop sequence is completed. Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20250201163903.459-1-selvarasu.g@samsung.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index d27af65eb08a..ddd6b2ce5710 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2629,10 +2629,38 @@ static int dwc3_gadget_run_stop(struct dwc3 *dwc, int is_on) { u32 reg; u32 timeout = 2000; + u32 saved_config = 0; if (pm_runtime_suspended(dwc->dev)) return 0; + /* + * When operating in USB 2.0 speeds (HS/FS), ensure that + * GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY are cleared before starting + * or stopping the controller. This resolves timeout issues that occur + * during frequent role switches between host and device modes. + * + * Save and clear these settings, then restore them after completing the + * controller start or stop sequence. + * + * This solution was discovered through experimentation as it is not + * mentioned in the dwc3 programming guide. It has been tested on an + * Exynos platforms. + */ + reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)); + if (reg & DWC3_GUSB2PHYCFG_SUSPHY) { + saved_config |= DWC3_GUSB2PHYCFG_SUSPHY; + reg &= ~DWC3_GUSB2PHYCFG_SUSPHY; + } + + if (reg & DWC3_GUSB2PHYCFG_ENBLSLPM) { + saved_config |= DWC3_GUSB2PHYCFG_ENBLSLPM; + reg &= ~DWC3_GUSB2PHYCFG_ENBLSLPM; + } + + if (saved_config) + dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg); + reg = dwc3_readl(dwc->regs, DWC3_DCTL); if (is_on) { if (DWC3_VER_IS_WITHIN(DWC3, ANY, 187A)) { @@ -2660,6 +2688,12 @@ static int dwc3_gadget_run_stop(struct dwc3 *dwc, int is_on) reg &= DWC3_DSTS_DEVCTRLHLT; } while (--timeout && !(!is_on ^ !reg)); + if (saved_config) { + reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)); + reg |= saved_config; + dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg); + } + if (!timeout) return -ETIMEDOUT;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Fix timeout issue during controller enter/exit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d3a8c28426fc1fb3252753a9f1db0d691ffc21b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021802-sharply-case-0286@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3a8c28426fc1fb3252753a9f1db0d691ffc21b0 Mon Sep 17 00:00:00 2001 From: Selvarasu Ganesan <selvarasu.g(a)samsung.com> Date: Sat, 1 Feb 2025 22:09:02 +0530 Subject: [PATCH] usb: dwc3: Fix timeout issue during controller enter/exit from halt state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is a frequent timeout during controller enter/exit from halt state after toggling the run_stop bit by SW. This timeout occurs when performing frequent role switches between host and device, causing device enumeration issues due to the timeout. This issue was not present when USB2 suspend PHY was disabled by passing the SNPS quirks (snps,dis_u2_susphy_quirk and snps,dis_enblslpm_quirk) from the DTS. However, there is a requirement to enable USB2 suspend PHY by setting of GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY bits when controller starts in gadget or host mode results in the timeout issue. This commit addresses this timeout issue by ensuring that the bits GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY are cleared before starting the dwc3_gadget_run_stop sequence and restoring them after the dwc3_gadget_run_stop sequence is completed. Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20250201163903.459-1-selvarasu.g@samsung.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index d27af65eb08a..ddd6b2ce5710 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2629,10 +2629,38 @@ static int dwc3_gadget_run_stop(struct dwc3 *dwc, int is_on) { u32 reg; u32 timeout = 2000; + u32 saved_config = 0; if (pm_runtime_suspended(dwc->dev)) return 0; + /* + * When operating in USB 2.0 speeds (HS/FS), ensure that + * GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY are cleared before starting + * or stopping the controller. This resolves timeout issues that occur + * during frequent role switches between host and device modes. + * + * Save and clear these settings, then restore them after completing the + * controller start or stop sequence. + * + * This solution was discovered through experimentation as it is not + * mentioned in the dwc3 programming guide. It has been tested on an + * Exynos platforms. + */ + reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)); + if (reg & DWC3_GUSB2PHYCFG_SUSPHY) { + saved_config |= DWC3_GUSB2PHYCFG_SUSPHY; + reg &= ~DWC3_GUSB2PHYCFG_SUSPHY; + } + + if (reg & DWC3_GUSB2PHYCFG_ENBLSLPM) { + saved_config |= DWC3_GUSB2PHYCFG_ENBLSLPM; + reg &= ~DWC3_GUSB2PHYCFG_ENBLSLPM; + } + + if (saved_config) + dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg); + reg = dwc3_readl(dwc->regs, DWC3_DCTL); if (is_on) { if (DWC3_VER_IS_WITHIN(DWC3, ANY, 187A)) { @@ -2660,6 +2688,12 @@ static int dwc3_gadget_run_stop(struct dwc3 *dwc, int is_on) reg &= DWC3_DSTS_DEVCTRLHLT; } while (--timeout && !(!is_on ^ !reg)); + if (saved_config) { + reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)); + reg |= saved_config; + dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg); + } + if (!timeout) return -ETIMEDOUT;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tracing: Have the error of __tracing_resize_ring_buffer()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 60b8f711143de7cd9c0f55be0fe7eb94b19eb5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021821-bullseye-travel-f568@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 60b8f711143de7cd9c0f55be0fe7eb94b19eb5c7 Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Thu, 13 Feb 2025 13:41:32 -0500 Subject: [PATCH] tracing: Have the error of __tracing_resize_ring_buffer() passed to user Currently if __tracing_resize_ring_buffer() returns an error, the tracing_resize_ringbuffer() returns -ENOMEM. But it may not be a memory issue that caused the function to fail. If the ring buffer is memory mapped, then the resizing of the ring buffer will be disabled. But if the user tries to resize the buffer, it will get an -ENOMEM returned, which is confusing because there is plenty of memory. The actual error returned was -EBUSY, which would make much more sense to the user. Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Link: https://lore.kernel.org/20250213134132.7e4505d7@gandalf.local.home Fixes: 117c39200d9d7 ("ring-buffer: Introducing ring-buffer mapping functions") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 1496a5ac33ae..25ff37aab00f 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -5977,8 +5977,6 @@ static int __tracing_resize_ring_buffer(struct trace_array *tr, ssize_t tracing_resize_ring_buffer(struct trace_array *tr, unsigned long size, int cpu_id) { - int ret; - guard(mutex)(&trace_types_lock); if (cpu_id != RING_BUFFER_ALL_CPUS) { @@ -5987,11 +5985,7 @@ ssize_t tracing_resize_ring_buffer(struct trace_array *tr, return -EINVAL; } - ret = __tracing_resize_ring_buffer(tr, size, cpu_id); - if (ret < 0) - ret = -ENOMEM; - - return ret; + return __tracing_resize_ring_buffer(tr, size, cpu_id); } static void update_last_data(struct trace_array *tr)

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tracing: Have the error of __tracing_resize_ring_buffer()" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 60b8f711143de7cd9c0f55be0fe7eb94b19eb5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021820-swinger-shopping-6edb@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 60b8f711143de7cd9c0f55be0fe7eb94b19eb5c7 Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Thu, 13 Feb 2025 13:41:32 -0500 Subject: [PATCH] tracing: Have the error of __tracing_resize_ring_buffer() passed to user Currently if __tracing_resize_ring_buffer() returns an error, the tracing_resize_ringbuffer() returns -ENOMEM. But it may not be a memory issue that caused the function to fail. If the ring buffer is memory mapped, then the resizing of the ring buffer will be disabled. But if the user tries to resize the buffer, it will get an -ENOMEM returned, which is confusing because there is plenty of memory. The actual error returned was -EBUSY, which would make much more sense to the user. Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Link: https://lore.kernel.org/20250213134132.7e4505d7@gandalf.local.home Fixes: 117c39200d9d7 ("ring-buffer: Introducing ring-buffer mapping functions") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 1496a5ac33ae..25ff37aab00f 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -5977,8 +5977,6 @@ static int __tracing_resize_ring_buffer(struct trace_array *tr, ssize_t tracing_resize_ring_buffer(struct trace_array *tr, unsigned long size, int cpu_id) { - int ret; - guard(mutex)(&trace_types_lock); if (cpu_id != RING_BUFFER_ALL_CPUS) { @@ -5987,11 +5985,7 @@ ssize_t tracing_resize_ring_buffer(struct trace_array *tr, return -EINVAL; } - ret = __tracing_resize_ring_buffer(tr, size, cpu_id); - if (ret < 0) - ret = -ENOMEM; - - return ret; + return __tracing_resize_ring_buffer(tr, size, cpu_id); } static void update_last_data(struct trace_array *tr)

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] io_uring/kbuf: reallocate buf lists on upgrade" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8802766324e1f5d414a81ac43365c20142e85603 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021856-apostle-aggregate-3dc4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8802766324e1f5d414a81ac43365c20142e85603 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 12 Feb 2025 13:46:46 +0000 Subject: [PATCH] io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. Cc: stable(a)vger.kernel.org Reported-by: Pumpkin Chang <pumpkin(a)devco.re> Fixes: 2fcabce2d7d34 ("io_uring: disallow mixed provided buffer group registrations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 04bf493eecae..8e72de7712ac 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -415,6 +415,13 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) } } +static void io_destroy_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + scoped_guard(mutex, &ctx->mmap_lock) + WARN_ON_ONCE(xa_erase(&ctx->io_bl_xa, bl->bgid) != bl); + io_put_bl(ctx, bl); +} + int io_remove_buffers_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { struct io_provide_buf *p = io_kiocb_to_cmd(req, struct io_provide_buf); @@ -636,12 +643,13 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) /* if mapped buffer ring OR classic exists, don't allow */ if (bl->flags & IOBL_BUF_RING || !list_empty(&bl->buf_list)) return -EEXIST; - } else { - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); - if (!bl) - return -ENOMEM; + io_destroy_bl(ctx, bl); } + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + if (!bl) + return -ENOMEM; + mmap_offset = (unsigned long)reg.bgid << IORING_OFF_PBUF_SHIFT; ring_size = flex_array_size(br, bufs, reg.ring_entries);

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/sev: Fix broken SNP support with KVM module built-in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 409f45387c937145adeeeebc6d6032c2ec232b35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021858-default-pledge-8039@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 409f45387c937145adeeeebc6d6032c2ec232b35 Mon Sep 17 00:00:00 2001 From: Ashish Kalra <ashish.kalra(a)amd.com> Date: Mon, 10 Feb 2025 22:54:18 +0000 Subject: [PATCH] x86/sev: Fix broken SNP support with KVM module built-in Fix issues with enabling SNP host support and effectively SNP support which is broken with respect to the KVM module being built-in. SNP host support is enabled in snp_rmptable_init() which is invoked as device_initcall(). SNP check on IOMMU is done during IOMMU PCI init (IOMMU_PCI_INIT stage). And for that reason snp_rmptable_init() is currently invoked via device_initcall() and cannot be invoked via subsys_initcall() as core IOMMU subsystem gets initialized via subsys_initcall(). Now, if kvm_amd module is built-in, it gets initialized before SNP host support is enabled in snp_rmptable_init() : [ 10.131811] kvm_amd: TSC scaling supported [ 10.136384] kvm_amd: Nested Virtualization enabled [ 10.141734] kvm_amd: Nested Paging enabled [ 10.146304] kvm_amd: LBR virtualization supported [ 10.151557] kvm_amd: SEV enabled (ASIDs 100 - 509) [ 10.156905] kvm_amd: SEV-ES enabled (ASIDs 1 - 99) [ 10.162256] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99) [ 10.171508] kvm_amd: Virtual VMLOAD VMSAVE supported [ 10.177052] kvm_amd: Virtual GIF supported ... ... [ 10.201648] kvm_amd: in svm_enable_virtualization_cpu And then svm_x86_ops->enable_virtualization_cpu() (svm_enable_virtualization_cpu) programs MSR_VM_HSAVE_PA as following: wrmsrl(MSR_VM_HSAVE_PA, sd->save_area_pa); So VM_HSAVE_PA is non-zero before SNP support is enabled on all CPUs. snp_rmptable_init() gets invoked after svm_enable_virtualization_cpu() as following : ... [ 11.256138] kvm_amd: in svm_enable_virtualization_cpu ... [ 11.264918] SEV-SNP: in snp_rmptable_init This triggers a #GP exception in snp_rmptable_init() when snp_enable() is invoked to set SNP_EN in SYSCFG MSR: [ 11.294289] unchecked MSR access error: WRMSR to 0xc0010010 (tried to write 0x0000000003fc0000) at rIP: 0xffffffffaf5d5c28 (native_write_msr+0x8/0x30) ... [ 11.294404] Call Trace: [ 11.294482] <IRQ> [ 11.294513] ? show_stack_regs+0x26/0x30 [ 11.294522] ? ex_handler_msr+0x10f/0x180 [ 11.294529] ? search_extable+0x2b/0x40 [ 11.294538] ? fixup_exception+0x2dd/0x340 [ 11.294542] ? exc_general_protection+0x14f/0x440 [ 11.294550] ? asm_exc_general_protection+0x2b/0x30 [ 11.294557] ? __pfx_snp_enable+0x10/0x10 [ 11.294567] ? native_write_msr+0x8/0x30 [ 11.294570] ? __snp_enable+0x5d/0x70 [ 11.294575] snp_enable+0x19/0x20 [ 11.294578] __flush_smp_call_function_queue+0x9c/0x3a0 [ 11.294586] generic_smp_call_function_single_interrupt+0x17/0x20 [ 11.294589] __sysvec_call_function+0x20/0x90 [ 11.294596] sysvec_call_function+0x80/0xb0 [ 11.294601] </IRQ> [ 11.294603] <TASK> [ 11.294605] asm_sysvec_call_function+0x1f/0x30 ... [ 11.294631] arch_cpu_idle+0xd/0x20 [ 11.294633] default_idle_call+0x34/0xd0 [ 11.294636] do_idle+0x1f1/0x230 [ 11.294643] ? complete+0x71/0x80 [ 11.294649] cpu_startup_entry+0x30/0x40 [ 11.294652] start_secondary+0x12d/0x160 [ 11.294655] common_startup_64+0x13e/0x141 [ 11.294662] </TASK> This #GP exception is getting triggered due to the following errata for AMD family 19h Models 10h-1Fh Processors: Processor may generate spurious #GP(0) Exception on WRMSR instruction: Description: The Processor will generate a spurious #GP(0) Exception on a WRMSR instruction if the following conditions are all met: - the target of the WRMSR is a SYSCFG register. - the write changes the value of SYSCFG.SNPEn from 0 to 1. - One of the threads that share the physical core has a non-zero value in the VM_HSAVE_PA MSR. The document being referred to above: https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revisi… To summarize, with kvm_amd module being built-in, KVM/SVM initialization happens before host SNP is enabled and this SVM initialization sets VM_HSAVE_PA to non-zero, which then triggers a #GP when SYSCFG.SNPEn is being set and this will subsequently cause SNP_INIT(_EX) to fail with INVALID_CONFIG error as SYSCFG[SnpEn] is not set on all CPUs. Essentially SNP host enabling code should be invoked before KVM initialization, which is currently not the case when KVM is built-in. Add fix to call snp_rmptable_init() early from iommu_snp_enable() directly and not invoked via device_initcall() which enables SNP host support before KVM initialization with kvm_amd module built-in. Add additional handling for `iommu=off` or `amd_iommu=off` options. Note that IOMMUs need to be enabled for SNP initialization, therefore, if host SNP support is enabled but late IOMMU initialization fails then that will cause PSP driver's SNP_INIT to fail as IOMMU SNP sanity checks in SNP firmware will fail with invalid configuration error as below: [ 9.723114] ccp 0000:23:00.1: sev enabled [ 9.727602] ccp 0000:23:00.1: psp enabled [ 9.732527] ccp 0000:a2:00.1: enabling device (0000 -> 0002) [ 9.739098] ccp 0000:a2:00.1: no command queues available [ 9.745167] ccp 0000:a2:00.1: psp enabled [ 9.805337] ccp 0000:23:00.1: SEV-SNP: failed to INIT rc -5, error 0x3 [ 9.866426] ccp 0000:23:00.1: SEV API:1.53 build:5 Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature") Co-developed-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Co-developed-by: Vasant Hegde <vasant.hegde(a)amd.com> Signed-off-by: Vasant Hegde <vasant.hegde(a)amd.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> Acked-by: Joerg Roedel <jroedel(a)suse.de> Message-ID: <138b520fb83964782303b43ade4369cd181fdd9c.1739226950.git.ashish.kalra(a)amd.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 5d9685f92e5c..1581246491b5 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -531,6 +531,7 @@ static inline void __init snp_secure_tsc_init(void) { } #ifdef CONFIG_KVM_AMD_SEV bool snp_probe_rmptable_info(void); +int snp_rmptable_init(void); int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level); void snp_dump_hva_rmpentry(unsigned long address); int psmash(u64 pfn); @@ -541,6 +542,7 @@ void kdump_sev_callback(void); void snp_fixup_e820_tables(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } +static inline int snp_rmptable_init(void) { return -ENOSYS; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } static inline void snp_dump_hva_rmpentry(unsigned long address) {} static inline int psmash(u64 pfn) { return -ENODEV; } diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 1dcc027ec77e..42e74a5a7d78 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -505,19 +505,19 @@ static bool __init setup_rmptable(void) * described in the SNP_INIT_EX firmware command description in the SNP * firmware ABI spec. */ -static int __init snp_rmptable_init(void) +int __init snp_rmptable_init(void) { unsigned int i; u64 val; - if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) - return 0; + if (WARN_ON_ONCE(!cc_platform_has(CC_ATTR_HOST_SEV_SNP))) + return -ENOSYS; - if (!amd_iommu_snp_en) - goto nosnp; + if (WARN_ON_ONCE(!amd_iommu_snp_en)) + return -ENOSYS; if (!setup_rmptable()) - goto nosnp; + return -ENOSYS; /* * Check if SEV-SNP is already enabled, this can happen in case of @@ -530,7 +530,7 @@ static int __init snp_rmptable_init(void) /* Zero out the RMP bookkeeping area */ if (!clear_rmptable_bookkeeping()) { free_rmp_segment_table(); - goto nosnp; + return -ENOSYS; } /* Zero out the RMP entries */ @@ -562,17 +562,8 @@ static int __init snp_rmptable_init(void) crash_kexec_post_notifiers = true; return 0; - -nosnp: - cc_platform_clear(CC_ATTR_HOST_SEV_SNP); - return -ENOSYS; } -/* - * This must be called after the IOMMU has been initialized. - */ -device_initcall(snp_rmptable_init); - static void set_rmp_segment_info(unsigned int segment_shift) { rmp_segment_shift = segment_shift; diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index c5cd92edada0..2fecfed75e54 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3194,7 +3194,7 @@ static bool __init detect_ivrs(void) return true; } -static void iommu_snp_enable(void) +static __init void iommu_snp_enable(void) { #ifdef CONFIG_KVM_AMD_SEV if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) @@ -3219,6 +3219,14 @@ static void iommu_snp_enable(void) goto disable_snp; } + /* + * Enable host SNP support once SNP support is checked on IOMMU. + */ + if (snp_rmptable_init()) { + pr_warn("SNP: RMP initialization failed, SNP cannot be supported.\n"); + goto disable_snp; + } + pr_info("IOMMU SNP support enabled.\n"); return; @@ -3318,6 +3326,19 @@ static int __init iommu_go_to_state(enum iommu_init_state state) ret = state_next(); } + /* + * SNP platform initilazation requires IOMMUs to be fully configured. + * If the SNP support on IOMMUs has NOT been checked, simply mark SNP + * as unsupported. If the SNP support on IOMMUs has been checked and + * host SNP support enabled but RMP enforcement has not been enabled + * in IOMMUs, then the system is in a half-baked state, but can limp + * along as all memory should be Hypervisor-Owned in the RMP. WARN, + * but leave SNP as "supported" to avoid confusing the kernel. + */ + if (ret && cc_platform_has(CC_ATTR_HOST_SEV_SNP) && + !WARN_ON_ONCE(amd_iommu_snp_en)) + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); + return ret; } @@ -3426,18 +3447,23 @@ void __init amd_iommu_detect(void) int ret; if (no_iommu || (iommu_detected && !gart_iommu_aperture)) - return; + goto disable_snp; if (!amd_iommu_sme_check()) - return; + goto disable_snp; ret = iommu_go_to_state(IOMMU_IVRS_DETECTED); if (ret) - return; + goto disable_snp; amd_iommu_detected = true; iommu_detected = 1; x86_init.iommu.iommu_init = amd_iommu_init; + return; + +disable_snp: + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP)) + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); } /****************************************************************************

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/sev: Fix broken SNP support with KVM module built-in" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 409f45387c937145adeeeebc6d6032c2ec232b35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021856-heave-blade-985e@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 409f45387c937145adeeeebc6d6032c2ec232b35 Mon Sep 17 00:00:00 2001 From: Ashish Kalra <ashish.kalra(a)amd.com> Date: Mon, 10 Feb 2025 22:54:18 +0000 Subject: [PATCH] x86/sev: Fix broken SNP support with KVM module built-in Fix issues with enabling SNP host support and effectively SNP support which is broken with respect to the KVM module being built-in. SNP host support is enabled in snp_rmptable_init() which is invoked as device_initcall(). SNP check on IOMMU is done during IOMMU PCI init (IOMMU_PCI_INIT stage). And for that reason snp_rmptable_init() is currently invoked via device_initcall() and cannot be invoked via subsys_initcall() as core IOMMU subsystem gets initialized via subsys_initcall(). Now, if kvm_amd module is built-in, it gets initialized before SNP host support is enabled in snp_rmptable_init() : [ 10.131811] kvm_amd: TSC scaling supported [ 10.136384] kvm_amd: Nested Virtualization enabled [ 10.141734] kvm_amd: Nested Paging enabled [ 10.146304] kvm_amd: LBR virtualization supported [ 10.151557] kvm_amd: SEV enabled (ASIDs 100 - 509) [ 10.156905] kvm_amd: SEV-ES enabled (ASIDs 1 - 99) [ 10.162256] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99) [ 10.171508] kvm_amd: Virtual VMLOAD VMSAVE supported [ 10.177052] kvm_amd: Virtual GIF supported ... ... [ 10.201648] kvm_amd: in svm_enable_virtualization_cpu And then svm_x86_ops->enable_virtualization_cpu() (svm_enable_virtualization_cpu) programs MSR_VM_HSAVE_PA as following: wrmsrl(MSR_VM_HSAVE_PA, sd->save_area_pa); So VM_HSAVE_PA is non-zero before SNP support is enabled on all CPUs. snp_rmptable_init() gets invoked after svm_enable_virtualization_cpu() as following : ... [ 11.256138] kvm_amd: in svm_enable_virtualization_cpu ... [ 11.264918] SEV-SNP: in snp_rmptable_init This triggers a #GP exception in snp_rmptable_init() when snp_enable() is invoked to set SNP_EN in SYSCFG MSR: [ 11.294289] unchecked MSR access error: WRMSR to 0xc0010010 (tried to write 0x0000000003fc0000) at rIP: 0xffffffffaf5d5c28 (native_write_msr+0x8/0x30) ... [ 11.294404] Call Trace: [ 11.294482] <IRQ> [ 11.294513] ? show_stack_regs+0x26/0x30 [ 11.294522] ? ex_handler_msr+0x10f/0x180 [ 11.294529] ? search_extable+0x2b/0x40 [ 11.294538] ? fixup_exception+0x2dd/0x340 [ 11.294542] ? exc_general_protection+0x14f/0x440 [ 11.294550] ? asm_exc_general_protection+0x2b/0x30 [ 11.294557] ? __pfx_snp_enable+0x10/0x10 [ 11.294567] ? native_write_msr+0x8/0x30 [ 11.294570] ? __snp_enable+0x5d/0x70 [ 11.294575] snp_enable+0x19/0x20 [ 11.294578] __flush_smp_call_function_queue+0x9c/0x3a0 [ 11.294586] generic_smp_call_function_single_interrupt+0x17/0x20 [ 11.294589] __sysvec_call_function+0x20/0x90 [ 11.294596] sysvec_call_function+0x80/0xb0 [ 11.294601] </IRQ> [ 11.294603] <TASK> [ 11.294605] asm_sysvec_call_function+0x1f/0x30 ... [ 11.294631] arch_cpu_idle+0xd/0x20 [ 11.294633] default_idle_call+0x34/0xd0 [ 11.294636] do_idle+0x1f1/0x230 [ 11.294643] ? complete+0x71/0x80 [ 11.294649] cpu_startup_entry+0x30/0x40 [ 11.294652] start_secondary+0x12d/0x160 [ 11.294655] common_startup_64+0x13e/0x141 [ 11.294662] </TASK> This #GP exception is getting triggered due to the following errata for AMD family 19h Models 10h-1Fh Processors: Processor may generate spurious #GP(0) Exception on WRMSR instruction: Description: The Processor will generate a spurious #GP(0) Exception on a WRMSR instruction if the following conditions are all met: - the target of the WRMSR is a SYSCFG register. - the write changes the value of SYSCFG.SNPEn from 0 to 1. - One of the threads that share the physical core has a non-zero value in the VM_HSAVE_PA MSR. The document being referred to above: https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revisi… To summarize, with kvm_amd module being built-in, KVM/SVM initialization happens before host SNP is enabled and this SVM initialization sets VM_HSAVE_PA to non-zero, which then triggers a #GP when SYSCFG.SNPEn is being set and this will subsequently cause SNP_INIT(_EX) to fail with INVALID_CONFIG error as SYSCFG[SnpEn] is not set on all CPUs. Essentially SNP host enabling code should be invoked before KVM initialization, which is currently not the case when KVM is built-in. Add fix to call snp_rmptable_init() early from iommu_snp_enable() directly and not invoked via device_initcall() which enables SNP host support before KVM initialization with kvm_amd module built-in. Add additional handling for `iommu=off` or `amd_iommu=off` options. Note that IOMMUs need to be enabled for SNP initialization, therefore, if host SNP support is enabled but late IOMMU initialization fails then that will cause PSP driver's SNP_INIT to fail as IOMMU SNP sanity checks in SNP firmware will fail with invalid configuration error as below: [ 9.723114] ccp 0000:23:00.1: sev enabled [ 9.727602] ccp 0000:23:00.1: psp enabled [ 9.732527] ccp 0000:a2:00.1: enabling device (0000 -> 0002) [ 9.739098] ccp 0000:a2:00.1: no command queues available [ 9.745167] ccp 0000:a2:00.1: psp enabled [ 9.805337] ccp 0000:23:00.1: SEV-SNP: failed to INIT rc -5, error 0x3 [ 9.866426] ccp 0000:23:00.1: SEV API:1.53 build:5 Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature") Co-developed-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Co-developed-by: Vasant Hegde <vasant.hegde(a)amd.com> Signed-off-by: Vasant Hegde <vasant.hegde(a)amd.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> Acked-by: Joerg Roedel <jroedel(a)suse.de> Message-ID: <138b520fb83964782303b43ade4369cd181fdd9c.1739226950.git.ashish.kalra(a)amd.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 5d9685f92e5c..1581246491b5 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -531,6 +531,7 @@ static inline void __init snp_secure_tsc_init(void) { } #ifdef CONFIG_KVM_AMD_SEV bool snp_probe_rmptable_info(void); +int snp_rmptable_init(void); int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level); void snp_dump_hva_rmpentry(unsigned long address); int psmash(u64 pfn); @@ -541,6 +542,7 @@ void kdump_sev_callback(void); void snp_fixup_e820_tables(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } +static inline int snp_rmptable_init(void) { return -ENOSYS; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } static inline void snp_dump_hva_rmpentry(unsigned long address) {} static inline int psmash(u64 pfn) { return -ENODEV; } diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 1dcc027ec77e..42e74a5a7d78 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -505,19 +505,19 @@ static bool __init setup_rmptable(void) * described in the SNP_INIT_EX firmware command description in the SNP * firmware ABI spec. */ -static int __init snp_rmptable_init(void) +int __init snp_rmptable_init(void) { unsigned int i; u64 val; - if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) - return 0; + if (WARN_ON_ONCE(!cc_platform_has(CC_ATTR_HOST_SEV_SNP))) + return -ENOSYS; - if (!amd_iommu_snp_en) - goto nosnp; + if (WARN_ON_ONCE(!amd_iommu_snp_en)) + return -ENOSYS; if (!setup_rmptable()) - goto nosnp; + return -ENOSYS; /* * Check if SEV-SNP is already enabled, this can happen in case of @@ -530,7 +530,7 @@ static int __init snp_rmptable_init(void) /* Zero out the RMP bookkeeping area */ if (!clear_rmptable_bookkeeping()) { free_rmp_segment_table(); - goto nosnp; + return -ENOSYS; } /* Zero out the RMP entries */ @@ -562,17 +562,8 @@ static int __init snp_rmptable_init(void) crash_kexec_post_notifiers = true; return 0; - -nosnp: - cc_platform_clear(CC_ATTR_HOST_SEV_SNP); - return -ENOSYS; } -/* - * This must be called after the IOMMU has been initialized. - */ -device_initcall(snp_rmptable_init); - static void set_rmp_segment_info(unsigned int segment_shift) { rmp_segment_shift = segment_shift; diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index c5cd92edada0..2fecfed75e54 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3194,7 +3194,7 @@ static bool __init detect_ivrs(void) return true; } -static void iommu_snp_enable(void) +static __init void iommu_snp_enable(void) { #ifdef CONFIG_KVM_AMD_SEV if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) @@ -3219,6 +3219,14 @@ static void iommu_snp_enable(void) goto disable_snp; } + /* + * Enable host SNP support once SNP support is checked on IOMMU. + */ + if (snp_rmptable_init()) { + pr_warn("SNP: RMP initialization failed, SNP cannot be supported.\n"); + goto disable_snp; + } + pr_info("IOMMU SNP support enabled.\n"); return; @@ -3318,6 +3326,19 @@ static int __init iommu_go_to_state(enum iommu_init_state state) ret = state_next(); } + /* + * SNP platform initilazation requires IOMMUs to be fully configured. + * If the SNP support on IOMMUs has NOT been checked, simply mark SNP + * as unsupported. If the SNP support on IOMMUs has been checked and + * host SNP support enabled but RMP enforcement has not been enabled + * in IOMMUs, then the system is in a half-baked state, but can limp + * along as all memory should be Hypervisor-Owned in the RMP. WARN, + * but leave SNP as "supported" to avoid confusing the kernel. + */ + if (ret && cc_platform_has(CC_ATTR_HOST_SEV_SNP) && + !WARN_ON_ONCE(amd_iommu_snp_en)) + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); + return ret; } @@ -3426,18 +3447,23 @@ void __init amd_iommu_detect(void) int ret; if (no_iommu || (iommu_detected && !gart_iommu_aperture)) - return; + goto disable_snp; if (!amd_iommu_sme_check()) - return; + goto disable_snp; ret = iommu_go_to_state(IOMMU_IVRS_DETECTED); if (ret) - return; + goto disable_snp; amd_iommu_detected = true; iommu_detected = 1; x86_init.iommu.iommu_init = amd_iommu_init; + return; + +disable_snp: + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP)) + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); } /****************************************************************************

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nSVM: Enter guest mode before initializing nested NPT" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 46d6c6f3ef0eaff71c2db6d77d4e2ebb7adac34f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021837-volumes-twig-2514@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46d6c6f3ef0eaff71c2db6d77d4e2ebb7adac34f Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Wed, 29 Jan 2025 17:08:25 -0800 Subject: [PATCH] KVM: nSVM: Enter guest mode before initializing nested NPT MMU When preparing vmcb02 for nested VMRUN (or state restore), "enter" guest mode prior to initializing the MMU for nested NPT so that guest_mode is set in the MMU's role. KVM's model is that all L2 MMUs are tagged with guest_mode, as the behavior of hypervisor MMUs tends to be significantly different than kernel MMUs. Practically speaking, the bug is relatively benign, as KVM only directly queries role.guest_mode in kvm_mmu_free_guest_mode_roots() and kvm_mmu_page_ad_need_write_protect(), which SVM doesn't use, and in paths that are optimizations (mmu_page_zap_pte() and shadow_mmu_try_split_huge_pages()). And while the role is incorprated into shadow page usage, because nested NPT requires KVM to be using NPT for L1, reusing shadow pages across L1 and L2 is impossible as L1 MMUs will always have direct=1, while L2 MMUs will have direct=0. Hoist the TLB processing and setting of HF_GUEST_MASK to the beginning of the flow instead of forcing guest_mode in the MMU, as nothing in nested_vmcb02_prepare_control() between the old and new locations touches TLB flush requests or HF_GUEST_MASK, i.e. there's no reason to present inconsistent vCPU state to the MMU. Fixes: 69cb877487de ("KVM: nSVM: move MMU setup to nested_prepare_vmcb_control") Cc: stable(a)vger.kernel.org Reported-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> Reviewed-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> Link: https://lore.kernel.org/r/20250130010825.220346-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 74c20dbb92da..d4ac4a1f8b81 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5540,7 +5540,7 @@ void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr0, union kvm_mmu_page_role root_role; /* NPT requires CR0.PG=1. */ - WARN_ON_ONCE(cpu_role.base.direct); + WARN_ON_ONCE(cpu_role.base.direct || !cpu_role.base.guest_mode); root_role = cpu_role.base; root_role.level = kvm_mmu_get_tdp_level(vcpu); diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index d77b094d9a4d..04c375bf1ac2 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -646,6 +646,11 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, u32 pause_count12; u32 pause_thresh12; + nested_svm_transition_tlb_flush(vcpu); + + /* Enter Guest-Mode */ + enter_guest_mode(vcpu); + /* * Filled at exit: exit_code, exit_code_hi, exit_info_1, exit_info_2, * exit_int_info, exit_int_info_err, next_rip, insn_len, insn_bytes. @@ -762,11 +767,6 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, } } - nested_svm_transition_tlb_flush(vcpu); - - /* Enter Guest-Mode */ - enter_guest_mode(vcpu); - /* * Merge guest and host intercepts - must be called with vcpu in * guest-mode to take effect.

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nSVM: Enter guest mode before initializing nested NPT" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 46d6c6f3ef0eaff71c2db6d77d4e2ebb7adac34f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021824-strict-motivator-41ae@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46d6c6f3ef0eaff71c2db6d77d4e2ebb7adac34f Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Wed, 29 Jan 2025 17:08:25 -0800 Subject: [PATCH] KVM: nSVM: Enter guest mode before initializing nested NPT MMU When preparing vmcb02 for nested VMRUN (or state restore), "enter" guest mode prior to initializing the MMU for nested NPT so that guest_mode is set in the MMU's role. KVM's model is that all L2 MMUs are tagged with guest_mode, as the behavior of hypervisor MMUs tends to be significantly different than kernel MMUs. Practically speaking, the bug is relatively benign, as KVM only directly queries role.guest_mode in kvm_mmu_free_guest_mode_roots() and kvm_mmu_page_ad_need_write_protect(), which SVM doesn't use, and in paths that are optimizations (mmu_page_zap_pte() and shadow_mmu_try_split_huge_pages()). And while the role is incorprated into shadow page usage, because nested NPT requires KVM to be using NPT for L1, reusing shadow pages across L1 and L2 is impossible as L1 MMUs will always have direct=1, while L2 MMUs will have direct=0. Hoist the TLB processing and setting of HF_GUEST_MASK to the beginning of the flow instead of forcing guest_mode in the MMU, as nothing in nested_vmcb02_prepare_control() between the old and new locations touches TLB flush requests or HF_GUEST_MASK, i.e. there's no reason to present inconsistent vCPU state to the MMU. Fixes: 69cb877487de ("KVM: nSVM: move MMU setup to nested_prepare_vmcb_control") Cc: stable(a)vger.kernel.org Reported-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> Reviewed-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> Link: https://lore.kernel.org/r/20250130010825.220346-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 74c20dbb92da..d4ac4a1f8b81 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5540,7 +5540,7 @@ void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr0, union kvm_mmu_page_role root_role; /* NPT requires CR0.PG=1. */ - WARN_ON_ONCE(cpu_role.base.direct); + WARN_ON_ONCE(cpu_role.base.direct || !cpu_role.base.guest_mode); root_role = cpu_role.base; root_role.level = kvm_mmu_get_tdp_level(vcpu); diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index d77b094d9a4d..04c375bf1ac2 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -646,6 +646,11 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, u32 pause_count12; u32 pause_thresh12; + nested_svm_transition_tlb_flush(vcpu); + + /* Enter Guest-Mode */ + enter_guest_mode(vcpu); + /* * Filled at exit: exit_code, exit_code_hi, exit_info_1, exit_info_2, * exit_int_info, exit_int_info_err, next_rip, insn_len, insn_bytes. @@ -762,11 +767,6 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, } } - nested_svm_transition_tlb_flush(vcpu); - - /* Enter Guest-Mode */ - enter_guest_mode(vcpu); - /* * Merge guest and host intercepts - must be called with vcpu in * guest-mode to take effect.

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Load DR6 with guest value only before entering" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c2fee09fc167c74a64adb08656cb993ea475197e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021815-protract-greasily-cdea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2fee09fc167c74a64adb08656cb993ea475197e Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 24 Jan 2025 17:18:33 -0800 Subject: [PATCH] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allows the guest to access DRs at will, e.g. so that a sequence of DR accesses to configure a breakpoint only generates one VM-Exit. For DR0-DR3, the logic/behavior is identical between VMX and SVM, and also identical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest) and KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading DR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop. But for DR6, the guest's value doesn't need to be loaded into hardware for KVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas VMX requires software to manually load the guest value, and so loading the guest's value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done _inside_ the core run loop. Unfortunately, saving the guest values on VM-Exit is initiated by common x86, again outside of the core run loop. If the guest modifies DR6 (in hardware, when DR interception is disabled), and then the next VM-Exit is a fastpath VM-Exit, KVM will reload hardware DR6 with vcpu->arch.dr6 and clobber the guest's actual value. The bug shows up primarily with nested VMX because KVM handles the VMX preemption timer in the fastpath, and the window between hardware DR6 being modified (in guest context) and DR6 being read by guest software is orders of magnitude larger in a nested setup. E.g. in non-nested, the VMX preemption timer would need to fire precisely between #DB injection and the #DB handler's read of DR6, whereas with a KVM-on-KVM setup, the window where hardware DR6 is "dirty" extends all the way from L1 writing DR6 to VMRESUME (in L1). L1's view: ========== <L1 disables DR interception> CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0 A: L1 Writes DR6 CPU 0/KVM-7289 [023] d.... 2925.640963: <hack>: Set DRs, DR6 = 0xffff0ff1 B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec D: L1 reads DR6, arch.dr6 = 0 CPU 0/KVM-7289 [023] d.... 2925.640969: <hack>: Sync DRs, DR6 = 0xffff0ff0 CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0 L2 reads DR6, L1 disables DR interception CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216 CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0 CPU 0/KVM-7289 [023] d.... 2925.640983: <hack>: Set DRs, DR6 = 0xffff0ff0 L2 detects failure CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT L1 reads DR6 (confirms failure) CPU 0/KVM-7289 [023] d.... 2925.640990: <hack>: Sync DRs, DR6 = 0xffff0ff0 L0's view: ========== L2 reads DR6, arch.dr6 = 0 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 L2 => L1 nested VM-Exit CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_entry: vcpu 23 L1 writes DR7, L0 disables DR interception CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000007 CPU 23/KVM-5046 [001] d.... 3410.005613: kvm_entry: vcpu 23 L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005613: <hack>: Set DRs, DR6 = 0xffff0ff0 A: <L1 writes DR6 = 1, no interception, arch.dr6 is still '0'> B: CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_exit: vcpu 23 reason PREEMPTION_TIMER CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_entry: vcpu 23 C: L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005614: <hack>: Set DRs, DR6 = 0xffff0ff0 L1 => L2 nested VM-Enter CPU 23/KVM-5046 [001] d.... 3410.005616: kvm_exit: vcpu 23 reason VMRESUME L0 reads DR6, arch.dr6 = 0 Reported-by: John Stultz <jstultz(a)google.com> Closes: https://lkml.kernel.org/r/CANDhNCq5_F3HfFYABqFGCA1bPd_%2BxgNj-iDQhH4tDk%2Bw… Fixes: 375e28ffc0cf ("KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT") Fixes: d67668e9dd76 ("KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Tested-by: John Stultz <jstultz(a)google.com> Link: https://lore.kernel.org/r/20250125011833.3644371-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c35550581da0..823c0434bbad 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -48,6 +48,7 @@ KVM_X86_OP(set_idt) KVM_X86_OP(get_gdt) KVM_X86_OP(set_gdt) KVM_X86_OP(sync_dirty_debug_regs) +KVM_X86_OP(set_dr6) KVM_X86_OP(set_dr7) KVM_X86_OP(cache_reg) KVM_X86_OP(get_rflags) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b15cde0a9b5c..0b7af5902ff7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1696,6 +1696,7 @@ struct kvm_x86_ops { void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu); + void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value); void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value); void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7640a84e554a..a713c803a3a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1991,11 +1991,11 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd) svm->asid = sd->next_asid++; } -static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) +static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value) { - struct vmcb *vmcb = svm->vmcb; + struct vmcb *vmcb = to_svm(vcpu)->vmcb; - if (svm->vcpu.arch.guest_state_protected) + if (vcpu->arch.guest_state_protected) return; if (unlikely(value != vmcb->save.dr6)) { @@ -4247,10 +4247,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, * Run with all-zero DR6 unless needed, so that we can get the exact cause * of a #DB. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - svm_set_dr6(svm, vcpu->arch.dr6); - else - svm_set_dr6(svm, DR6_ACTIVE_LOW); + if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) + svm_set_dr6(vcpu, DR6_ACTIVE_LOW); clgi(); kvm_load_guest_xsave_state(vcpu); @@ -5043,6 +5041,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .set_idt = svm_set_idt, .get_gdt = svm_get_gdt, .set_gdt = svm_set_gdt, + .set_dr6 = svm_set_dr6, .set_dr7 = svm_set_dr7, .sync_dirty_debug_regs = svm_sync_dirty_debug_regs, .cache_reg = svm_cache_reg, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 2427f918e763..43ee9ed11291 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -61,6 +61,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .set_idt = vmx_set_idt, .get_gdt = vmx_get_gdt, .set_gdt = vmx_set_gdt, + .set_dr6 = vmx_set_dr6, .set_dr7 = vmx_set_dr7, .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, .cache_reg = vmx_cache_reg, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f72835e85b6d..6c56d5235f0f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5648,6 +5648,12 @@ void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) set_debugreg(DR6_RESERVED, 6); } +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) +{ + lockdep_assert_irqs_disabled(); + set_debugreg(vcpu->arch.dr6, 6); +} + void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { vmcs_writel(GUEST_DR7, val); @@ -7417,10 +7423,6 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) vmx->loaded_vmcs->host_state.cr4 = cr4; } - /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - set_debugreg(vcpu->arch.dr6, 6); - /* When single-stepping over STI and MOV SS, we must clear the * corresponding interruptibility bits in the guest state. Otherwise * vmentry fails as it then expects bit 14 (BS) in pending debug diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index ce3295a67c04..430773a5ef8e 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -73,6 +73,7 @@ void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val); void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val); void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu); void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8e77e61d4fbd..02159c967d29 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10961,6 +10961,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); set_debugreg(vcpu->arch.eff_db[3], 3); + /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ + if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) + kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { set_debugreg(0, 7); }

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Load DR6 with guest value only before entering" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c2fee09fc167c74a64adb08656cb993ea475197e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021812-candied-hamper-7f08@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2fee09fc167c74a64adb08656cb993ea475197e Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 24 Jan 2025 17:18:33 -0800 Subject: [PATCH] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allows the guest to access DRs at will, e.g. so that a sequence of DR accesses to configure a breakpoint only generates one VM-Exit. For DR0-DR3, the logic/behavior is identical between VMX and SVM, and also identical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest) and KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading DR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop. But for DR6, the guest's value doesn't need to be loaded into hardware for KVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas VMX requires software to manually load the guest value, and so loading the guest's value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done _inside_ the core run loop. Unfortunately, saving the guest values on VM-Exit is initiated by common x86, again outside of the core run loop. If the guest modifies DR6 (in hardware, when DR interception is disabled), and then the next VM-Exit is a fastpath VM-Exit, KVM will reload hardware DR6 with vcpu->arch.dr6 and clobber the guest's actual value. The bug shows up primarily with nested VMX because KVM handles the VMX preemption timer in the fastpath, and the window between hardware DR6 being modified (in guest context) and DR6 being read by guest software is orders of magnitude larger in a nested setup. E.g. in non-nested, the VMX preemption timer would need to fire precisely between #DB injection and the #DB handler's read of DR6, whereas with a KVM-on-KVM setup, the window where hardware DR6 is "dirty" extends all the way from L1 writing DR6 to VMRESUME (in L1). L1's view: ========== <L1 disables DR interception> CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0 A: L1 Writes DR6 CPU 0/KVM-7289 [023] d.... 2925.640963: <hack>: Set DRs, DR6 = 0xffff0ff1 B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec D: L1 reads DR6, arch.dr6 = 0 CPU 0/KVM-7289 [023] d.... 2925.640969: <hack>: Sync DRs, DR6 = 0xffff0ff0 CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0 L2 reads DR6, L1 disables DR interception CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216 CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0 CPU 0/KVM-7289 [023] d.... 2925.640983: <hack>: Set DRs, DR6 = 0xffff0ff0 L2 detects failure CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT L1 reads DR6 (confirms failure) CPU 0/KVM-7289 [023] d.... 2925.640990: <hack>: Sync DRs, DR6 = 0xffff0ff0 L0's view: ========== L2 reads DR6, arch.dr6 = 0 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 L2 => L1 nested VM-Exit CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_entry: vcpu 23 L1 writes DR7, L0 disables DR interception CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000007 CPU 23/KVM-5046 [001] d.... 3410.005613: kvm_entry: vcpu 23 L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005613: <hack>: Set DRs, DR6 = 0xffff0ff0 A: <L1 writes DR6 = 1, no interception, arch.dr6 is still '0'> B: CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_exit: vcpu 23 reason PREEMPTION_TIMER CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_entry: vcpu 23 C: L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005614: <hack>: Set DRs, DR6 = 0xffff0ff0 L1 => L2 nested VM-Enter CPU 23/KVM-5046 [001] d.... 3410.005616: kvm_exit: vcpu 23 reason VMRESUME L0 reads DR6, arch.dr6 = 0 Reported-by: John Stultz <jstultz(a)google.com> Closes: https://lkml.kernel.org/r/CANDhNCq5_F3HfFYABqFGCA1bPd_%2BxgNj-iDQhH4tDk%2Bw… Fixes: 375e28ffc0cf ("KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT") Fixes: d67668e9dd76 ("KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Tested-by: John Stultz <jstultz(a)google.com> Link: https://lore.kernel.org/r/20250125011833.3644371-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c35550581da0..823c0434bbad 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -48,6 +48,7 @@ KVM_X86_OP(set_idt) KVM_X86_OP(get_gdt) KVM_X86_OP(set_gdt) KVM_X86_OP(sync_dirty_debug_regs) +KVM_X86_OP(set_dr6) KVM_X86_OP(set_dr7) KVM_X86_OP(cache_reg) KVM_X86_OP(get_rflags) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b15cde0a9b5c..0b7af5902ff7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1696,6 +1696,7 @@ struct kvm_x86_ops { void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu); + void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value); void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value); void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7640a84e554a..a713c803a3a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1991,11 +1991,11 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd) svm->asid = sd->next_asid++; } -static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) +static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value) { - struct vmcb *vmcb = svm->vmcb; + struct vmcb *vmcb = to_svm(vcpu)->vmcb; - if (svm->vcpu.arch.guest_state_protected) + if (vcpu->arch.guest_state_protected) return; if (unlikely(value != vmcb->save.dr6)) { @@ -4247,10 +4247,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, * Run with all-zero DR6 unless needed, so that we can get the exact cause * of a #DB. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - svm_set_dr6(svm, vcpu->arch.dr6); - else - svm_set_dr6(svm, DR6_ACTIVE_LOW); + if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) + svm_set_dr6(vcpu, DR6_ACTIVE_LOW); clgi(); kvm_load_guest_xsave_state(vcpu); @@ -5043,6 +5041,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .set_idt = svm_set_idt, .get_gdt = svm_get_gdt, .set_gdt = svm_set_gdt, + .set_dr6 = svm_set_dr6, .set_dr7 = svm_set_dr7, .sync_dirty_debug_regs = svm_sync_dirty_debug_regs, .cache_reg = svm_cache_reg, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 2427f918e763..43ee9ed11291 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -61,6 +61,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .set_idt = vmx_set_idt, .get_gdt = vmx_get_gdt, .set_gdt = vmx_set_gdt, + .set_dr6 = vmx_set_dr6, .set_dr7 = vmx_set_dr7, .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, .cache_reg = vmx_cache_reg, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f72835e85b6d..6c56d5235f0f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5648,6 +5648,12 @@ void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) set_debugreg(DR6_RESERVED, 6); } +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) +{ + lockdep_assert_irqs_disabled(); + set_debugreg(vcpu->arch.dr6, 6); +} + void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { vmcs_writel(GUEST_DR7, val); @@ -7417,10 +7423,6 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) vmx->loaded_vmcs->host_state.cr4 = cr4; } - /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - set_debugreg(vcpu->arch.dr6, 6); - /* When single-stepping over STI and MOV SS, we must clear the * corresponding interruptibility bits in the guest state. Otherwise * vmentry fails as it then expects bit 14 (BS) in pending debug diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index ce3295a67c04..430773a5ef8e 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -73,6 +73,7 @@ void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val); void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val); void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu); void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8e77e61d4fbd..02159c967d29 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10961,6 +10961,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); set_debugreg(vcpu->arch.eff_db[3], 3); + /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ + if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) + kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { set_debugreg(0, 7); }

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Load DR6 with guest value only before entering" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c2fee09fc167c74a64adb08656cb993ea475197e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021809-census-mammal-224b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2fee09fc167c74a64adb08656cb993ea475197e Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 24 Jan 2025 17:18:33 -0800 Subject: [PATCH] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allows the guest to access DRs at will, e.g. so that a sequence of DR accesses to configure a breakpoint only generates one VM-Exit. For DR0-DR3, the logic/behavior is identical between VMX and SVM, and also identical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest) and KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading DR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop. But for DR6, the guest's value doesn't need to be loaded into hardware for KVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas VMX requires software to manually load the guest value, and so loading the guest's value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done _inside_ the core run loop. Unfortunately, saving the guest values on VM-Exit is initiated by common x86, again outside of the core run loop. If the guest modifies DR6 (in hardware, when DR interception is disabled), and then the next VM-Exit is a fastpath VM-Exit, KVM will reload hardware DR6 with vcpu->arch.dr6 and clobber the guest's actual value. The bug shows up primarily with nested VMX because KVM handles the VMX preemption timer in the fastpath, and the window between hardware DR6 being modified (in guest context) and DR6 being read by guest software is orders of magnitude larger in a nested setup. E.g. in non-nested, the VMX preemption timer would need to fire precisely between #DB injection and the #DB handler's read of DR6, whereas with a KVM-on-KVM setup, the window where hardware DR6 is "dirty" extends all the way from L1 writing DR6 to VMRESUME (in L1). L1's view: ========== <L1 disables DR interception> CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0 A: L1 Writes DR6 CPU 0/KVM-7289 [023] d.... 2925.640963: <hack>: Set DRs, DR6 = 0xffff0ff1 B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec D: L1 reads DR6, arch.dr6 = 0 CPU 0/KVM-7289 [023] d.... 2925.640969: <hack>: Sync DRs, DR6 = 0xffff0ff0 CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0 L2 reads DR6, L1 disables DR interception CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216 CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0 CPU 0/KVM-7289 [023] d.... 2925.640983: <hack>: Set DRs, DR6 = 0xffff0ff0 L2 detects failure CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT L1 reads DR6 (confirms failure) CPU 0/KVM-7289 [023] d.... 2925.640990: <hack>: Sync DRs, DR6 = 0xffff0ff0 L0's view: ========== L2 reads DR6, arch.dr6 = 0 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 L2 => L1 nested VM-Exit CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_entry: vcpu 23 L1 writes DR7, L0 disables DR interception CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000007 CPU 23/KVM-5046 [001] d.... 3410.005613: kvm_entry: vcpu 23 L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005613: <hack>: Set DRs, DR6 = 0xffff0ff0 A: <L1 writes DR6 = 1, no interception, arch.dr6 is still '0'> B: CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_exit: vcpu 23 reason PREEMPTION_TIMER CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_entry: vcpu 23 C: L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005614: <hack>: Set DRs, DR6 = 0xffff0ff0 L1 => L2 nested VM-Enter CPU 23/KVM-5046 [001] d.... 3410.005616: kvm_exit: vcpu 23 reason VMRESUME L0 reads DR6, arch.dr6 = 0 Reported-by: John Stultz <jstultz(a)google.com> Closes: https://lkml.kernel.org/r/CANDhNCq5_F3HfFYABqFGCA1bPd_%2BxgNj-iDQhH4tDk%2Bw… Fixes: 375e28ffc0cf ("KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT") Fixes: d67668e9dd76 ("KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Tested-by: John Stultz <jstultz(a)google.com> Link: https://lore.kernel.org/r/20250125011833.3644371-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c35550581da0..823c0434bbad 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -48,6 +48,7 @@ KVM_X86_OP(set_idt) KVM_X86_OP(get_gdt) KVM_X86_OP(set_gdt) KVM_X86_OP(sync_dirty_debug_regs) +KVM_X86_OP(set_dr6) KVM_X86_OP(set_dr7) KVM_X86_OP(cache_reg) KVM_X86_OP(get_rflags) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b15cde0a9b5c..0b7af5902ff7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1696,6 +1696,7 @@ struct kvm_x86_ops { void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu); + void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value); void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value); void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7640a84e554a..a713c803a3a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1991,11 +1991,11 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd) svm->asid = sd->next_asid++; } -static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) +static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value) { - struct vmcb *vmcb = svm->vmcb; + struct vmcb *vmcb = to_svm(vcpu)->vmcb; - if (svm->vcpu.arch.guest_state_protected) + if (vcpu->arch.guest_state_protected) return; if (unlikely(value != vmcb->save.dr6)) { @@ -4247,10 +4247,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, * Run with all-zero DR6 unless needed, so that we can get the exact cause * of a #DB. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - svm_set_dr6(svm, vcpu->arch.dr6); - else - svm_set_dr6(svm, DR6_ACTIVE_LOW); + if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) + svm_set_dr6(vcpu, DR6_ACTIVE_LOW); clgi(); kvm_load_guest_xsave_state(vcpu); @@ -5043,6 +5041,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .set_idt = svm_set_idt, .get_gdt = svm_get_gdt, .set_gdt = svm_set_gdt, + .set_dr6 = svm_set_dr6, .set_dr7 = svm_set_dr7, .sync_dirty_debug_regs = svm_sync_dirty_debug_regs, .cache_reg = svm_cache_reg, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 2427f918e763..43ee9ed11291 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -61,6 +61,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .set_idt = vmx_set_idt, .get_gdt = vmx_get_gdt, .set_gdt = vmx_set_gdt, + .set_dr6 = vmx_set_dr6, .set_dr7 = vmx_set_dr7, .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, .cache_reg = vmx_cache_reg, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f72835e85b6d..6c56d5235f0f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5648,6 +5648,12 @@ void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) set_debugreg(DR6_RESERVED, 6); } +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) +{ + lockdep_assert_irqs_disabled(); + set_debugreg(vcpu->arch.dr6, 6); +} + void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { vmcs_writel(GUEST_DR7, val); @@ -7417,10 +7423,6 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) vmx->loaded_vmcs->host_state.cr4 = cr4; } - /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - set_debugreg(vcpu->arch.dr6, 6); - /* When single-stepping over STI and MOV SS, we must clear the * corresponding interruptibility bits in the guest state. Otherwise * vmentry fails as it then expects bit 14 (BS) in pending debug diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index ce3295a67c04..430773a5ef8e 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -73,6 +73,7 @@ void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val); void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val); void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu); void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8e77e61d4fbd..02159c967d29 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10961,6 +10961,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); set_debugreg(vcpu->arch.eff_db[3], 3); + /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ + if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) + kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { set_debugreg(0, 7); }

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a8de7f100bb5989d9c3627d3a223ee1c863f3b69 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021851-nautical-buffoon-d8b1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a8de7f100bb5989d9c3627d3a223ee1c863f3b69 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 17 Jan 2025 16:34:51 -0800 Subject: [PATCH] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID. Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if Hyper-V enlightenments are exposed to the guest without an in-kernel local APIC: dump_stack+0xbe/0xfd __kasan_report.cold+0x34/0x84 kasan_report+0x3a/0x50 __apic_accept_irq+0x3a/0x5c0 kvm_hv_send_ipi.isra.0+0x34e/0x820 kvm_hv_hypercall+0x8d9/0x9d0 kvm_emulate_hypercall+0x506/0x7e0 __vmx_handle_exit+0x283/0xb60 vmx_handle_exit+0x1d/0xd0 vcpu_enter_guest+0x16b0/0x24c0 vcpu_run+0xc0/0x550 kvm_arch_vcpu_ioctl_run+0x170/0x6d0 kvm_vcpu_ioctl+0x413/0xb20 __se_sys_ioctl+0x111/0x160 do_syscal1_64+0x30/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Note, checking the sending vCPU is sufficient, as the per-VM irqchip_mode can't be modified after vCPUs are created, i.e. if one vCPU has an in-kernel local APIC, then all vCPUs have an in-kernel local APIC. Reported-by: Dongjie Zou <zoudongjie(a)huawei.com> Fixes: 214ff83d4473 ("KVM: x86: hyperv: implement PV IPI send hypercalls") Fixes: 2bc39970e932 ("x86/kvm/hyper-v: Introduce KVM_GET_SUPPORTED_HV_CPUID") Cc: stable(a)vger.kernel.org Reviewed-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Link: https://lore.kernel.org/r/20250118003454.2619573-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 6a6dd5a84f22..6ebeb6cea6c0 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2226,6 +2226,9 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) u32 vector; bool all_cpus; + if (!lapic_in_kernel(vcpu)) + return HV_STATUS_INVALID_HYPERCALL_INPUT; + if (hc->code == HVCALL_SEND_IPI) { if (!hc->fast) { if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi, @@ -2852,7 +2855,8 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->eax |= HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED; ent->eax |= HV_X64_APIC_ACCESS_RECOMMENDED; ent->eax |= HV_X64_RELAXED_TIMING_RECOMMENDED; - ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; + if (!vcpu || lapic_in_kernel(vcpu)) + ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; ent->eax |= HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED; if (evmcs_ver) ent->eax |= HV_X64_ENLIGHTENED_VMCS_RECOMMENDED;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a8de7f100bb5989d9c3627d3a223ee1c863f3b69 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021850-exes-cabana-e868@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a8de7f100bb5989d9c3627d3a223ee1c863f3b69 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 17 Jan 2025 16:34:51 -0800 Subject: [PATCH] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID. Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if Hyper-V enlightenments are exposed to the guest without an in-kernel local APIC: dump_stack+0xbe/0xfd __kasan_report.cold+0x34/0x84 kasan_report+0x3a/0x50 __apic_accept_irq+0x3a/0x5c0 kvm_hv_send_ipi.isra.0+0x34e/0x820 kvm_hv_hypercall+0x8d9/0x9d0 kvm_emulate_hypercall+0x506/0x7e0 __vmx_handle_exit+0x283/0xb60 vmx_handle_exit+0x1d/0xd0 vcpu_enter_guest+0x16b0/0x24c0 vcpu_run+0xc0/0x550 kvm_arch_vcpu_ioctl_run+0x170/0x6d0 kvm_vcpu_ioctl+0x413/0xb20 __se_sys_ioctl+0x111/0x160 do_syscal1_64+0x30/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Note, checking the sending vCPU is sufficient, as the per-VM irqchip_mode can't be modified after vCPUs are created, i.e. if one vCPU has an in-kernel local APIC, then all vCPUs have an in-kernel local APIC. Reported-by: Dongjie Zou <zoudongjie(a)huawei.com> Fixes: 214ff83d4473 ("KVM: x86: hyperv: implement PV IPI send hypercalls") Fixes: 2bc39970e932 ("x86/kvm/hyper-v: Introduce KVM_GET_SUPPORTED_HV_CPUID") Cc: stable(a)vger.kernel.org Reviewed-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Link: https://lore.kernel.org/r/20250118003454.2619573-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 6a6dd5a84f22..6ebeb6cea6c0 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2226,6 +2226,9 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) u32 vector; bool all_cpus; + if (!lapic_in_kernel(vcpu)) + return HV_STATUS_INVALID_HYPERCALL_INPUT; + if (hc->code == HVCALL_SEND_IPI) { if (!hc->fast) { if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi, @@ -2852,7 +2855,8 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->eax |= HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED; ent->eax |= HV_X64_APIC_ACCESS_RECOMMENDED; ent->eax |= HV_X64_RELAXED_TIMING_RECOMMENDED; - ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; + if (!vcpu || lapic_in_kernel(vcpu)) + ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; ent->eax |= HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED; if (evmcs_ver) ent->eax |= HV_X64_ENLIGHTENED_VMCS_RECOMMENDED;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Carve out wopcm portion from the stolen memory" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e977499820782ab1c69f354d9f41b6d9ad1f43d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021815-sublease-unneeded-0077@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e977499820782ab1c69f354d9f41b6d9ad1f43d9 Mon Sep 17 00:00:00 2001 From: Nirmoy Das <nirmoy.das(a)intel.com> Date: Mon, 10 Feb 2025 15:36:54 +0100 Subject: [PATCH] drm/xe: Carve out wopcm portion from the stolen memory The top of stolen memory is WOPCM, which shouldn't be accessed. Remove this portion from the stolen memory region for discrete platforms. This was already done for integrated, but was missing for discrete platforms. This also moves get_wopcm_size() so detect_bar2_dgfx() and detect_bar2_integrated can use the same function. v2: Improve commit message and suitable stable version tag(Lucas) Fixes: d8b52a02cb40 ("drm/xe: Implement stolen memory.") Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: stable(a)vger.kernel.org # v6.11+ Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250210143654.2076747-1-nirm… Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> (cherry picked from commit 2c7f45cc7e197a792ce5c693e56ea48f60b312da) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c b/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c index 423856cc18d4..d414421f8c13 100644 --- a/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c +++ b/drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c @@ -57,38 +57,6 @@ bool xe_ttm_stolen_cpu_access_needs_ggtt(struct xe_device *xe) return GRAPHICS_VERx100(xe) < 1270 && !IS_DGFX(xe); } -static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) -{ - struct xe_tile *tile = xe_device_get_root_tile(xe); - struct xe_mmio *mmio = xe_root_tile_mmio(xe); - struct pci_dev *pdev = to_pci_dev(xe->drm.dev); - u64 stolen_size; - u64 tile_offset; - u64 tile_size; - - tile_offset = tile->mem.vram.io_start - xe->mem.vram.io_start; - tile_size = tile->mem.vram.actual_physical_size; - - /* Use DSM base address instead for stolen memory */ - mgr->stolen_base = (xe_mmio_read64_2x32(mmio, DSMBASE) & BDSM_MASK) - tile_offset; - if (drm_WARN_ON(&xe->drm, tile_size < mgr->stolen_base)) - return 0; - - stolen_size = tile_size - mgr->stolen_base; - - /* Verify usage fits in the actual resource available */ - if (mgr->stolen_base + stolen_size <= pci_resource_len(pdev, LMEM_BAR)) - mgr->io_base = tile->mem.vram.io_start + mgr->stolen_base; - - /* - * There may be few KB of platform dependent reserved memory at the end - * of vram which is not part of the DSM. Such reserved memory portion is - * always less then DSM granularity so align down the stolen_size to DSM - * granularity to accommodate such reserve vram portion. - */ - return ALIGN_DOWN(stolen_size, SZ_1M); -} - static u32 get_wopcm_size(struct xe_device *xe) { u32 wopcm_size; @@ -112,6 +80,44 @@ static u32 get_wopcm_size(struct xe_device *xe) return wopcm_size; } +static s64 detect_bar2_dgfx(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) +{ + struct xe_tile *tile = xe_device_get_root_tile(xe); + struct xe_mmio *mmio = xe_root_tile_mmio(xe); + struct pci_dev *pdev = to_pci_dev(xe->drm.dev); + u64 stolen_size, wopcm_size; + u64 tile_offset; + u64 tile_size; + + tile_offset = tile->mem.vram.io_start - xe->mem.vram.io_start; + tile_size = tile->mem.vram.actual_physical_size; + + /* Use DSM base address instead for stolen memory */ + mgr->stolen_base = (xe_mmio_read64_2x32(mmio, DSMBASE) & BDSM_MASK) - tile_offset; + if (drm_WARN_ON(&xe->drm, tile_size < mgr->stolen_base)) + return 0; + + /* Carve out the top of DSM as it contains the reserved WOPCM region */ + wopcm_size = get_wopcm_size(xe); + if (drm_WARN_ON(&xe->drm, !wopcm_size)) + return 0; + + stolen_size = tile_size - mgr->stolen_base; + stolen_size -= wopcm_size; + + /* Verify usage fits in the actual resource available */ + if (mgr->stolen_base + stolen_size <= pci_resource_len(pdev, LMEM_BAR)) + mgr->io_base = tile->mem.vram.io_start + mgr->stolen_base; + + /* + * There may be few KB of platform dependent reserved memory at the end + * of vram which is not part of the DSM. Such reserved memory portion is + * always less then DSM granularity so align down the stolen_size to DSM + * granularity to accommodate such reserve vram portion. + */ + return ALIGN_DOWN(stolen_size, SZ_1M); +} + static u32 detect_bar2_integrated(struct xe_device *xe, struct xe_ttm_stolen_mgr *mgr) { struct pci_dev *pdev = to_pci_dev(xe->drm.dev);

2 months, 1 week

1
0
0 0

[PATCH v2] ufs: core: bsg: Fix memory crash in case arpmb command failed

by Arthur Simchaev

In case the device doesn't support arpmb, the kernel get memory crash due to copy user data in bsg_transport_sg_io_fn level. So in case ufs_bsg_exec_advanced_rpmb_req returned error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0 Fixes: 6ff265fc5ef6 ("scsi: ufs: core: bsg: Add advanced RPMB support in ufs_bsg") Cc: stable(a)vger.kernel.org Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- Changes in v2: - Add Fixes tag - Elaborate commit log Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- drivers/ufs/core/ufs_bsg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index 8d4ad0a3f2cf..a8ed9bc6e4f1 100644 --- a/drivers/ufs/core/ufs_bsg.c +++ b/drivers/ufs/core/ufs_bsg.c @@ -194,10 +194,12 @@ static int ufs_bsg_request(struct bsg_job *job) ufshcd_rpm_put_sync(hba); kfree(buff); bsg_reply->result = ret; - job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : sizeof(struct ufs_rpmb_reply); /* complete the job here only if no error */ - if (ret == 0) + if (ret == 0) { + job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : + sizeof(struct ufs_rpmb_reply); bsg_job_done(job, ret, bsg_reply->reply_payload_rcv_len); + } return ret; } -- 2.34.1

2 months, 1 week

1
0
0 0

[PATCH v2] gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> During the locking rework in GPIOLIB, we omitted one important use-case, namely: setting and getting values for GPIO descriptor arrays with array_info present. This patch does two things: first it makes struct gpio_array store the address of the underlying GPIO device and not chip. Next: it protects the chip with SRCU from removal in gpiod_get_array_value_complex() and gpiod_set_array_value_complex(). Cc: stable(a)vger.kernel.org Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- Changes in v2: - fix sparse warning about differing address spaces by checking for open-drain/source flags directly in the descriptor drivers/gpio/gpiolib.c | 48 +++++++++++++++++++++++++++++------------- drivers/gpio/gpiolib.h | 4 ++-- 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index f261f7893f85..fddbcf8a360e 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -3128,6 +3128,8 @@ static int gpiod_get_raw_value_commit(const struct gpio_desc *desc) static int gpio_chip_get_multiple(struct gpio_chip *gc, unsigned long *mask, unsigned long *bits) { + lockdep_assert_held(&gc->gpiodev->srcu); + if (gc->get_multiple) return gc->get_multiple(gc, mask, bits); if (gc->get) { @@ -3158,6 +3160,7 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, struct gpio_array *array_info, unsigned long *value_bitmap) { + struct gpio_chip *gc; int ret, i = 0; /* @@ -3169,10 +3172,15 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, array_size <= array_info->size && (void *)array_info == desc_array + array_info->size) { if (!can_sleep) - WARN_ON(array_info->chip->can_sleep); + WARN_ON(array_info->gdev->can_sleep); - ret = gpio_chip_get_multiple(array_info->chip, - array_info->get_mask, + guard(srcu)(&array_info->gdev->srcu); + gc = srcu_dereference(array_info->gdev->chip, + &array_info->gdev->srcu); + if (!gc) + return -ENODEV; + + ret = gpio_chip_get_multiple(gc, array_info->get_mask, value_bitmap); if (ret) return ret; @@ -3453,6 +3461,8 @@ static void gpiod_set_raw_value_commit(struct gpio_desc *desc, bool value) static void gpio_chip_set_multiple(struct gpio_chip *gc, unsigned long *mask, unsigned long *bits) { + lockdep_assert_held(&gc->gpiodev->srcu); + if (gc->set_multiple) { gc->set_multiple(gc, mask, bits); } else { @@ -3470,6 +3480,7 @@ int gpiod_set_array_value_complex(bool raw, bool can_sleep, struct gpio_array *array_info, unsigned long *value_bitmap) { + struct gpio_chip *gc; int i = 0; /* @@ -3481,14 +3492,19 @@ int gpiod_set_array_value_complex(bool raw, bool can_sleep, array_size <= array_info->size && (void *)array_info == desc_array + array_info->size) { if (!can_sleep) - WARN_ON(array_info->chip->can_sleep); + WARN_ON(array_info->gdev->can_sleep); + + guard(srcu)(&array_info->gdev->srcu); + gc = srcu_dereference(array_info->gdev->chip, + &array_info->gdev->srcu); + if (!gc) + return -ENODEV; if (!raw && !bitmap_empty(array_info->invert_mask, array_size)) bitmap_xor(value_bitmap, value_bitmap, array_info->invert_mask, array_size); - gpio_chip_set_multiple(array_info->chip, array_info->set_mask, - value_bitmap); + gpio_chip_set_multiple(gc, array_info->set_mask, value_bitmap); i = find_first_zero_bit(array_info->set_mask, array_size); if (i == array_size) @@ -4750,9 +4766,10 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, { struct gpio_desc *desc; struct gpio_descs *descs; + struct gpio_device *gdev; struct gpio_array *array_info = NULL; - struct gpio_chip *gc; int count, bitmap_size; + unsigned long dflags; size_t descs_size; count = gpiod_count(dev, con_id); @@ -4773,7 +4790,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, descs->desc[descs->ndescs] = desc; - gc = gpiod_to_chip(desc); + gdev = gpiod_to_gpio_device(desc); /* * If pin hardware number of array member 0 is also 0, select * its chip as a candidate for fast bitmap processing path. @@ -4781,8 +4798,8 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, if (descs->ndescs == 0 && gpio_chip_hwgpio(desc) == 0) { struct gpio_descs *array; - bitmap_size = BITS_TO_LONGS(gc->ngpio > count ? - gc->ngpio : count); + bitmap_size = BITS_TO_LONGS(gdev->ngpio > count ? + gdev->ngpio : count); array = krealloc(descs, descs_size + struct_size(array_info, invert_mask, 3 * bitmap_size), @@ -4802,7 +4819,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, array_info->desc = descs->desc; array_info->size = count; - array_info->chip = gc; + array_info->gdev = gdev; bitmap_set(array_info->get_mask, descs->ndescs, count - descs->ndescs); bitmap_set(array_info->set_mask, descs->ndescs, @@ -4815,7 +4832,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, continue; /* Unmark array members which don't belong to the 'fast' chip */ - if (array_info->chip != gc) { + if (array_info->gdev != gdev) { __clear_bit(descs->ndescs, array_info->get_mask); __clear_bit(descs->ndescs, array_info->set_mask); } @@ -4838,9 +4855,10 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, array_info->set_mask); } } else { + dflags = READ_ONCE(desc->flags); /* Exclude open drain or open source from fast output */ - if (gpiochip_line_is_open_drain(gc, descs->ndescs) || - gpiochip_line_is_open_source(gc, descs->ndescs)) + if (test_bit(FLAG_OPEN_DRAIN, &dflags) || + test_bit(FLAG_OPEN_SOURCE, &dflags)) __clear_bit(descs->ndescs, array_info->set_mask); /* Identify 'fast' pins which require invertion */ @@ -4852,7 +4870,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, if (array_info) dev_dbg(dev, "GPIO array info: chip=%s, size=%d, get_mask=%lx, set_mask=%lx, invert_mask=%lx\n", - array_info->chip->label, array_info->size, + array_info->gdev->label, array_info->size, *array_info->get_mask, *array_info->set_mask, *array_info->invert_mask); return descs; diff --git a/drivers/gpio/gpiolib.h b/drivers/gpio/gpiolib.h index 83690f72f7e5..147156ec502b 100644 --- a/drivers/gpio/gpiolib.h +++ b/drivers/gpio/gpiolib.h @@ -114,7 +114,7 @@ extern const char *const gpio_suffixes[]; * * @desc: Array of pointers to the GPIO descriptors * @size: Number of elements in desc - * @chip: Parent GPIO chip + * @gdev: Parent GPIO device * @get_mask: Get mask used in fastpath * @set_mask: Set mask used in fastpath * @invert_mask: Invert mask used in fastpath @@ -126,7 +126,7 @@ extern const char *const gpio_suffixes[]; struct gpio_array { struct gpio_desc **desc; unsigned int size; - struct gpio_chip *chip; + struct gpio_device *gdev; unsigned long *get_mask; unsigned long *set_mask; unsigned long invert_mask[]; -- 2.45.2

2 months, 1 week

1
1
0 0

[PATCH net 0/8] net: enetc: fix some known issues

by Wei Fang

There are some issues with the enetc driver, some of which are specific to the LS1028A platform, and some of which were introduced recently when i.MX95 ENETC support was added, so this patch set aims to clean up those issues. Wei Fang (8): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: correct the tx_swbd statistics net: enetc: correct the xdp_tx statistics net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC net: enetc: update UDP checksum when updating originTimestamp field net: enetc: add missing enetc4_link_deinit() net: enetc: remove the mm_lock from the ENETC v4 driver net: enetc: correct the EMDIO base offset for ENETC v4 drivers/net/ethernet/freescale/enetc/enetc.c | 53 +++++++++++++++---- .../net/ethernet/freescale/enetc/enetc4_hw.h | 3 ++ .../net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- .../ethernet/freescale/enetc/enetc_ethtool.c | 7 ++- .../freescale/enetc/enetc_pf_common.c | 10 +++- 5 files changed, 60 insertions(+), 15 deletions(-) -- 2.34.1

2 months, 1 week

4
20
0 0

[PATCH] mm/hugetlb: wait for hugepage folios to be freed

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since the introduction of commit b65d4adbc0f0 ("mm: hugetlb: defer freeing of HugeTLB pages"), which supports deferring the freeing of HugeTLB pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugepage folios, these in-use hugepage folios need to be migrated to another location. When there are no available hugepage folios in the free HugeTLB pool during the migration of in-use HugeTLB pages, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugepage folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of HugeTLB pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugepage ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_hugepage_folios_freed(). This function ensures that the hugepage folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_hugepage_folios_freed() following the migration process, we guarantee that when test_pages_isolated() is executed, it will successfully pass. Fixes: b65d4adbc0f0 ("mm: hugetlb: defer freeing of HugeTLB pages") Signed-off-by: Ge Yang <yangge1116(a)126.com> --- include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 7 +++++++ mm/migrate.c | 16 ++++++++++++++-- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 6c6546b..c39e0d5 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -697,6 +697,7 @@ bool hugetlb_bootmem_page_zones_valid(int nid, struct huge_bootmem_page *m); int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_hugepage_folios_freed(struct hstate *h); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1092,6 +1093,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_hugepage_folios_freed(struct hstate *h) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 30bc34d..64cae39 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2955,6 +2955,13 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_hugepage_folios_freed(struct hstate *h) +{ + WARN_ON(!h); + + flush_free_hpage_work(h); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/migrate.c b/mm/migrate.c index fb19a18..5dd1851 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -1448,6 +1448,7 @@ static int unmap_and_move_huge_page(new_folio_t get_new_folio, int page_was_mapped = 0; struct anon_vma *anon_vma = NULL; struct address_space *mapping = NULL; + unsigned long size; if (folio_ref_count(src) == 1) { /* page was freed from under us. So we are done. */ @@ -1533,9 +1534,20 @@ static int unmap_and_move_huge_page(new_folio_t get_new_folio, out_unlock: folio_unlock(src); out: - if (rc == MIGRATEPAGE_SUCCESS) + if (rc == MIGRATEPAGE_SUCCESS) { + size = folio_size(src); folio_putback_hugetlb(src); - else if (rc != -EAGAIN) + + /* + * Due to the deferred freeing of HugeTLB folios, the hugepage 'src' may + * not immediately release to the buddy system. This can lead to failure + * in allocating memory through the cma_alloc() function. To ensure that + * the hugepage folios are properly released back to the buddy system, + * we invoke the wait_for_hugepage_folios_freed() function to wait for + * the release to complete. + */ + wait_for_hugepage_folios_freed(size_to_hstate(size)); + } else if (rc != -EAGAIN) list_move_tail(&src->lru, ret); /* -- 2.7.4

2 months, 1 week

4
7
0 0

[PATCH v1] ARM: dts: imx6qdl-apalis: Fix poweroff on Apalis iMX6

by Stefan Eichenberger

From: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> The current solution for powering off the Apalis iMX6 is not functioning as intended. To resolve this, it is necessary to power off the vgen2_reg, which will also set the POWER_ENABLE_MOCI signal to a low state. This ensures the carrier board is properly informed to initiate its power-off sequence. The new solution uses the regulator-poweroff driver, which will power off the regulator during a system shutdown. CC: stable(a)vger.kernel.org Fixes: 4eb56e26f92e ("ARM: dts: imx6q-apalis: Command pmic to standby for poweroff") Signed-off-by: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> --- arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi b/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi index 1c72da417011..614b65821995 100644 --- a/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi +++ b/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi @@ -108,6 +108,11 @@ lvds_panel_in: endpoint { }; }; + poweroff { + compatible = "regulator-poweroff"; + cpu-supply = <&vgen2_reg>; + }; + reg_module_3v3: regulator-module-3v3 { compatible = "regulator-fixed"; regulator-always-on; @@ -236,10 +241,6 @@ &can2 { status = "disabled"; }; -&clks { - fsl,pmic-stby-poweroff; -}; - /* Apalis SPI1 */ &ecspi1 { cs-gpios = <&gpio5 25 GPIO_ACTIVE_LOW>; @@ -527,7 +528,6 @@ &i2c2 { pmic: pmic@8 { compatible = "fsl,pfuze100"; - fsl,pmic-stby-poweroff; reg = <0x08>; regulators { -- 2.45.2

2 months, 1 week

2
1
0 0

[PATCH v2] media: verisilicon: Fix AV1 decoder clock frequency

by Nicolas Dufresne

The desired clock frequency was correctly set to 400MHz in the device tree but was lowered by the driver to 300MHz breaking 4K 60Hz content playback. Fix the issue by removing the driver call to clk_set_rate(), which reduce the amount of board specific code. Fixes: 003afda97c65 ("media: verisilicon: Enable AV1 decoder on rk3588") Cc: stable(a)vger.kernel.org Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> --- This patch fixes user report of AV1 4K60 decoder not being fast enough on RK3588 based SoC. This is a break from Hantro original authors habbit of coding the frequencies in the driver instead of specifying this frequency in the device tree. The other calls to clk_set_rate() are left since this would require modifying many dtsi files, which would then be unsuitable for backport. --- Changes in v2: - Completely remove the unused init function, the driver is null-safe - Link to v1: https://lore.kernel.org/r/20250217-b4-hantro-av1-clock-rate-v1-1-65b91132c5… --- drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/drivers/media/platform/verisilicon/rockchip_vpu_hw.c b/drivers/media/platform/verisilicon/rockchip_vpu_hw.c index 964122e7c355934cd80eb442219f6ba51bba8b71..842040f713c15e6ff295771bc9fa5a7b66e584b2 100644 --- a/drivers/media/platform/verisilicon/rockchip_vpu_hw.c +++ b/drivers/media/platform/verisilicon/rockchip_vpu_hw.c @@ -17,7 +17,6 @@ #define RK3066_ACLK_MAX_FREQ (300 * 1000 * 1000) #define RK3288_ACLK_MAX_FREQ (400 * 1000 * 1000) -#define RK3588_ACLK_MAX_FREQ (300 * 1000 * 1000) #define ROCKCHIP_VPU981_MIN_SIZE 64 @@ -440,13 +439,6 @@ static int rk3066_vpu_hw_init(struct hantro_dev *vpu) return 0; } -static int rk3588_vpu981_hw_init(struct hantro_dev *vpu) -{ - /* Bump ACLKs to max. possible freq. to improve performance. */ - clk_set_rate(vpu->clocks[0].clk, RK3588_ACLK_MAX_FREQ); - return 0; -} - static int rockchip_vpu_hw_init(struct hantro_dev *vpu) { /* Bump ACLK to max. possible freq. to improve performance. */ @@ -807,7 +799,6 @@ const struct hantro_variant rk3588_vpu981_variant = { .codec_ops = rk3588_vpu981_codec_ops, .irqs = rk3588_vpu981_irqs, .num_irqs = ARRAY_SIZE(rk3588_vpu981_irqs), - .init = rk3588_vpu981_hw_init, .clk_names = rk3588_vpu981_vpu_clk_names, .num_clocks = ARRAY_SIZE(rk3588_vpu981_vpu_clk_names) }; --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250217-b4-hantro-av1-clock-rate-e5497f1499df Best regards, -- Nicolas Dufresne <nicolas.dufresne(a)collabora.com>

2 months, 1 week

3
2
0 0

regression on 6.1.129-rc with perf

by Max Krummenacher

Our CI built linux-stable-rc.git queue/6.1 at commit eef4a8a45ba1 ("btrfs: output the reason for open_ctree() failure"). (built for arm and arm64, albeit I don't think it matters.) Building perf produced 2 build errors which I wanted to report even before the RC1 is out. | ...tools/perf/util/namespaces.c:247:27: error: invalid type argument of '->' (have 'int') | 247 | RC_CHK_ACCESS(nsi)->in_pidns = true; | | ^~ introduced by commit 93520bacf784 ("perf namespaces: Introduce nsinfo__set_in_pidns()"). The RC_CK_ACCSS macro was introduced in 6.4. Removing the macro made this go away ( nsi->in_pidns = true; ). Second perf build error: | ld: ...tools/perf/util/machine.c:1176: undefined reference to `kallsyms__get_symbol_start' Introduced by commits: 710c2e913aa9 perf machine: Don't ignore _etext when not a text symbol 69a87a32f5cd perf machine: Include data symbols in the kernel map These two use the function kallsyms__get_symbol_start added with: f9dd531c5b82 perf symbols: Add kallsyms__get_symbol_start() So f9dd531c5b82 would additionally be needed. The kernel itself built fine, due to the perf error we don't have runtime testresults. Best regards Max

2 months, 1 week

2
1
0 0

Linux 6.12.15

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.15 kernel. This is ONLY needed for users of the XFS filesystem. If you do not use XFS, no need to upgrade. If you do use XFS, please upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- fs/xfs/xfs_quota.h | 5 +++-- fs/xfs/xfs_trans.c | 10 +++------- fs/xfs/xfs_trans_dquot.c | 31 ++++++++++++++++++++++++++----- 4 files changed, 33 insertions(+), 15 deletions(-) Darrick J. Wong (1): xfs: don't lose solo dquot update transactions Greg Kroah-Hartman (1): Linux 6.12.15

2 months, 1 week

1
1
0 0

[PATCH] m68k: sun3: Add check for __pgd_alloc()

by Haoxiang Li

Add check for the return value of __pgd_alloc() in pgd_alloc() to prevent null pointer dereference. Fixes: a9b3c355c2e6 ("asm-generic: pgalloc: provide generic __pgd_{alloc,free}") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- arch/m68k/include/asm/sun3_pgalloc.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/m68k/include/asm/sun3_pgalloc.h b/arch/m68k/include/asm/sun3_pgalloc.h index f1ae4ed890db..80afc3a18724 100644 --- a/arch/m68k/include/asm/sun3_pgalloc.h +++ b/arch/m68k/include/asm/sun3_pgalloc.h @@ -44,8 +44,10 @@ static inline pgd_t * pgd_alloc(struct mm_struct *mm) pgd_t *new_pgd; new_pgd = __pgd_alloc(mm, 0); - memcpy(new_pgd, swapper_pg_dir, PAGE_SIZE); - memset(new_pgd, 0, (PAGE_OFFSET >> PGDIR_SHIFT)); + if (likely(new_pgd != NULL)) { + memcpy(new_pgd, swapper_pg_dir, PAGE_SIZE); + memset(new_pgd, 0, (PAGE_OFFSET >> PGDIR_SHIFT)); + } return new_pgd; } -- 2.25.1

2 months, 1 week

2
1
0 0

[PATCH v2] nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

by Haoxiang Li

Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - remove the bracket for one single-statement. Thanks, Guru! --- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c index 2ec62c8d86e1..b02d5fbb8c8c 100644 --- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c +++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c @@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size) struct sk_buff *skb; skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL); + if (!skp) + return NULL; skb_put(skb, size); return skb; -- 2.25.1

2 months, 1 week

3
2
0 0

[PATCH] x86/i8253: Disable PIT timer 0 when not in use

by jaywang-amazon

From: David Woodhouse <dwmw(a)amazon.co.uk> [upstream commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c360] Leaving the PIT interrupt running can cause noticeable steal time for virtual guests. The VMM generally has a timer which toggles the IRQ input to the PIC and I/O APIC, which takes CPU time away from the guest. Even on real hardware, running the counter may use power needlessly (albeit not much). Make sure it's turned off if it isn't going to be used. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Michael Kelley <mhkelley(a)outlook.com> Link: https://lore.kernel.org/all/20240802135555.564941-1-dwmw2@infradead.org (cherry picked from commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60) Cc: stable(a)vger.kernel.org # v5.15 Signed-off-by: jaywang-amazon <wanjay(a)amazon.com> --- arch/x86/kernel/i8253.c | 11 +++++++++-- drivers/clocksource/i8253.c | 13 +++++++++---- include/linux/i8253.h | 1 + 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/i8253.c b/arch/x86/kernel/i8253.c index 2b7999a1a50a..80e262bb627f 100644 --- a/arch/x86/kernel/i8253.c +++ b/arch/x86/kernel/i8253.c @@ -8,6 +8,7 @@ #include <linux/timex.h> #include <linux/i8253.h> +#include <asm/hypervisor.h> #include <asm/apic.h> #include <asm/hpet.h> #include <asm/time.h> @@ -39,9 +40,15 @@ static bool __init use_pit(void) bool __init pit_timer_init(void) { - if (!use_pit()) + if (!use_pit()) { + /* + * Don't just ignore the PIT. Ensure it's stopped, because + * VMMs otherwise steal CPU time just to pointlessly waggle + * the (masked) IRQ. + */ + clockevent_i8253_disable(); return false; - + } clockevent_i8253_init(true); global_clock_event = &i8253_clockevent; return true; diff --git a/drivers/clocksource/i8253.c b/drivers/clocksource/i8253.c index d4350bb10b83..cb215e6f2e83 100644 --- a/drivers/clocksource/i8253.c +++ b/drivers/clocksource/i8253.c @@ -108,11 +108,8 @@ int __init clocksource_i8253_init(void) #endif #ifdef CONFIG_CLKEVT_I8253 -static int pit_shutdown(struct clock_event_device *evt) +void clockevent_i8253_disable(void) { - if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) - return 0; - raw_spin_lock(&i8253_lock); outb_p(0x30, PIT_MODE); @@ -123,6 +120,14 @@ static int pit_shutdown(struct clock_event_device *evt) } raw_spin_unlock(&i8253_lock); +} + +static int pit_shutdown(struct clock_event_device *evt) +{ + if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) + return 0; + + clockevent_i8253_disable(); return 0; } diff --git a/include/linux/i8253.h b/include/linux/i8253.h index 8336b2f6f834..bf169cfef7f1 100644 --- a/include/linux/i8253.h +++ b/include/linux/i8253.h @@ -24,6 +24,7 @@ extern raw_spinlock_t i8253_lock; extern bool i8253_clear_counter_on_shutdown; extern struct clock_event_device i8253_clockevent; extern void clockevent_i8253_init(bool oneshot); +extern void clockevent_i8253_disable(void); extern void setup_pit_timer(void); -- 2.47.1

2 months, 1 week

2
1
0 0

[PATCH 6.1 0/1] Backport upstream commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60 to stable 6.1

by jaywang-amazon

Backport upstream commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60 to stable 6.1 David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use arch/x86/kernel/i8253.c | 11 +++++++++-- drivers/clocksource/i8253.c | 13 +++++++++---- include/linux/i8253.h | 1 + 3 files changed, 19 insertions(+), 6 deletions(-) -- 2.47.1

2 months, 1 week

2
2
0 0

[merged mm-hotfixes-stable] mm-pgtable-fix-incorrect-reclaim-of-non-empty-pte-pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: pgtable: fix incorrect reclaim of non-empty PTE pages has been removed from the -mm tree. Its filename was mm-pgtable-fix-incorrect-reclaim-of-non-empty-pte-pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Qi Zheng <zhengqi.arch(a)bytedance.com> Subject: mm: pgtable: fix incorrect reclaim of non-empty PTE pages Date: Tue, 11 Feb 2025 15:26:25 +0800 In zap_pte_range(), if the pte lock was released midway, the pte entries may be refilled with physical pages by another thread, which may cause a non-empty PTE page to be reclaimed and eventually cause the system to crash. To fix it, fall back to the slow path in this case to recheck if all pte entries are still none. Link: https://lkml.kernel.org/r/20250211072625.89188-1-zhengqi.arch@bytedance.com Fixes: 6375e95f381e ("mm: pgtable: reclaim empty PTE page in madvise(MADV_DONTNEED)") Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Reported-by: Christian Brauner <brauner(a)kernel.org> Closes: https://lore.kernel.org/all/20250207-anbot-bankfilialen-acce9d79a2c7@braune… Reported-by: Qu Wenruo <quwenruo.btrfs(a)gmx.com> Closes: https://lore.kernel.org/all/152296f3-5c81-4a94-97f3-004108fba7be@gmx.com/ Tested-by: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Dave Chinner <david(a)fromorbit.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jann Horn <jannh(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Zi Yan <ziy(a)nvidia.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/mm/memory.c~mm-pgtable-fix-incorrect-reclaim-of-non-empty-pte-pages +++ a/mm/memory.c @@ -1719,7 +1719,7 @@ static unsigned long zap_pte_range(struc pmd_t pmdval; unsigned long start = addr; bool can_reclaim_pt = reclaim_pt_is_enabled(start, end, details); - bool direct_reclaim = false; + bool direct_reclaim = true; int nr; retry: @@ -1734,8 +1734,10 @@ retry: do { bool any_skipped = false; - if (need_resched()) + if (need_resched()) { + direct_reclaim = false; break; + } nr = do_zap_pte_range(tlb, vma, pte, addr, end, details, rss, &force_flush, &force_break, &any_skipped); @@ -1743,11 +1745,20 @@ retry: can_reclaim_pt = false; if (unlikely(force_break)) { addr += nr * PAGE_SIZE; + direct_reclaim = false; break; } } while (pte += nr, addr += PAGE_SIZE * nr, addr != end); - if (can_reclaim_pt && addr == end) + /* + * Fast path: try to hold the pmd lock and unmap the PTE page. + * + * If the pte lock was released midway (retry case), or if the attempt + * to hold the pmd lock failed, then we need to recheck all pte entries + * to ensure they are still none, thereby preventing the pte entries + * from being repopulated by another thread. + */ + if (can_reclaim_pt && direct_reclaim && addr == end) direct_reclaim = try_get_and_clear_pmd(mm, pmd, &pmdval); add_mm_rss_vec(mm, rss); _ Patches currently in -mm which might be from zhengqi.arch(a)bytedance.com are arm-pgtable-fix-null-pointer-dereference-issue.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-migrate_device-dont-add-folio-to-be-freed-to-lru-in-migrate_device_finalize.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() has been removed from the -mm tree. Its filename was mm-migrate_device-dont-add-folio-to-be-freed-to-lru-in-migrate_device_finalize.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Date: Mon, 10 Feb 2025 17:13:17 +0100 If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migrate the memcg from the old to the new folio. This will set memcg_data of the old folio to 0. Similarly, if migration failed, memcg_data of the dst folio is left unset. If we call folio_putback_lru() on such folios (memcg_data == 0), we will add the folio to be freed to the LRU, making memcg code unhappy. Running the hmm selftests: # ./hmm-tests ... # RUN hmm.hmm_device_private.migrate ... [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00 [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9 [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000 [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 102.087230][T14893] ------------[ cut here ]------------ [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.090478][T14893] Modules linked in: [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151 [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.096104][T14893] Code: ... [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293 [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426 [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880 [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8 [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000 [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000 [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0 [ 102.113478][T14893] PKRU: 55555554 [ 102.114172][T14893] Call Trace: [ 102.114805][T14893] <TASK> [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.116547][T14893] ? __warn.cold+0x110/0x210 [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.118667][T14893] ? report_bug+0x1b9/0x320 [ 102.119571][T14893] ? handle_bug+0x54/0x90 [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50 [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20 [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0 [ 102.123506][T14893] ? dump_page+0x4f/0x60 [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170 [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200 [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720 [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10 [ 102.129550][T14893] folio_putback_lru+0x16/0x80 [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530 [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0 [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80 Likely, nothing else goes wrong: putting the last folio reference will remove the folio from the LRU again. So besides memcg complaining, adding the folio to be freed to the LRU is just an unnecessary step. The new flow resembles what we have in migrate_folio_move(): add the dst to the lru, remove migration ptes, unlock and unref dst. Link: https://lkml.kernel.org/r/20250210161317.717936-1-david@redhat.com Fixes: 8763cb45ab96 ("mm/migrate: new memory migration helper for use with device memory") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: J��r��me Glisse <jglisse(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate_device.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) --- a/mm/migrate_device.c~mm-migrate_device-dont-add-folio-to-be-freed-to-lru-in-migrate_device_finalize +++ a/mm/migrate_device.c @@ -840,20 +840,15 @@ void migrate_device_finalize(unsigned lo dst = src; } + if (!folio_is_zone_device(dst)) + folio_add_lru(dst); remove_migration_ptes(src, dst, 0); folio_unlock(src); - - if (folio_is_zone_device(src)) - folio_put(src); - else - folio_putback_lru(src); + folio_put(src); if (dst != src) { folio_unlock(dst); - if (folio_is_zone_device(dst)) - folio_put(dst); - else - folio_putback_lru(dst); + folio_put(dst); } } } _ Patches currently in -mm which might be from david(a)redhat.com are mm-gup-reject-foll_split_pmd-with-hugetlb-vmas.patch mm-rmap-reject-hugetlb-folios-in-folio_make_device_exclusive.patch mm-rmap-convert-make_device_exclusive_range-to-make_device_exclusive.patch mm-rmap-convert-make_device_exclusive_range-to-make_device_exclusive-fix.patch mm-rmap-implement-make_device_exclusive-using-folio_walk-instead-of-rmap-walk.patch mm-memory-detect-writability-in-restore_exclusive_pte-through-can_change_pte_writable.patch mm-use-single-swp_device_exclusive-entry-type.patch mm-page_vma_mapped-device-exclusive-entries-are-not-migration-entries.patch kernel-events-uprobes-handle-device-exclusive-entries-correctly-in-__replace_page.patch mm-ksm-handle-device-exclusive-entries-correctly-in-write_protect_page.patch mm-rmap-handle-device-exclusive-entries-correctly-in-try_to_unmap_one.patch mm-rmap-handle-device-exclusive-entries-correctly-in-try_to_migrate_one.patch mm-rmap-handle-device-exclusive-entries-correctly-in-page_vma_mkclean_one.patch mm-page_idle-handle-device-exclusive-entries-correctly-in-page_idle_clear_pte_refs_one.patch mm-damon-handle-device-exclusive-entries-correctly-in-damon_folio_young_one.patch mm-damon-handle-device-exclusive-entries-correctly-in-damon_folio_mkold_one.patch mm-rmap-keep-mapcount-untouched-for-device-exclusive-entries.patch mm-rmap-avoid-ebusy-from-make_device_exclusive.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mmmadvisehugetlb-check-for-0-length-range-after-end-address-adjustment.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm,madvise,hugetlb: check for 0-length range after end address adjustment has been removed from the -mm tree. Its filename was mmmadvisehugetlb-check-for-0-length-range-after-end-address-adjustment.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ricardo Ca��uelo Navarro <rcn(a)igalia.com> Subject: mm,madvise,hugetlb: check for 0-length range after end address adjustment Date: Mon, 3 Feb 2025 08:52:06 +0100 Add a sanity check to madvise_dontneed_free() to address a corner case in madvise where a race condition causes the current vma being processed to be backed by a different page size. During a madvise(MADV_DONTNEED) call on a memory region registered with a userfaultfd, there's a period of time where the process mm lock is temporarily released in order to send a UFFD_EVENT_REMOVE and let userspace handle the event. During this time, the vma covering the current address range may change due to an explicit mmap done concurrently by another thread. If, after that change, the memory region, which was originally backed by 4KB pages, is now backed by hugepages, the end address is rounded down to a hugepage boundary to avoid data loss (see "Fixes" below). This rounding may cause the end address to be truncated to the same address as the start. Make this corner case follow the same semantics as in other similar cases where the requested region has zero length (ie. return 0). This will make madvise_walk_vmas() continue to the next vma in the range (this time holding the process mm lock) which, due to the prev pointer becoming stale because of the vma change, will be the same hugepage-backed vma that was just checked before. The next time madvise_dontneed_free() runs for this vma, if the start address isn't aligned to a hugepage boundary, it'll return -EINVAL, which is also in line with the madvise api. From userspace perspective, madvise() will return EINVAL because the start address isn't aligned according to the new vma alignment requirements (hugepage), even though it was correctly page-aligned when the call was issued. Link: https://lkml.kernel.org/r/20250203075206.1452208-1-rcn@igalia.com Fixes: 8ebe0a5eaaeb ("mm,madvise,hugetlb: fix unexpected data loss with MADV_DONTNEED on hugetlbfs") Signed-off-by: Ricardo Ca��uelo Navarro <rcn(a)igalia.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Florent Revest <revest(a)google.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/madvise.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/mm/madvise.c~mmmadvisehugetlb-check-for-0-length-range-after-end-address-adjustment +++ a/mm/madvise.c @@ -933,7 +933,16 @@ static long madvise_dontneed_free(struct */ end = vma->vm_end; } - VM_WARN_ON(start >= end); + /* + * If the memory region between start and end was + * originally backed by 4kB pages and then remapped to + * be backed by hugepages while mmap_lock was dropped, + * the adjustment for hugetlb vma above may have rounded + * end down to the start address. + */ + if (start == end) + return 0; + VM_WARN_ON(start > end); } if (behavior == MADV_DONTNEED || behavior == MADV_DONTNEED_LOCKED) _ Patches currently in -mm which might be from rcn(a)igalia.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-zswap-fix-inconsistency-when-zswap_store_page-fails.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/zswap: fix inconsistency when zswap_store_page() fails has been removed from the -mm tree. Its filename was mm-zswap-fix-inconsistency-when-zswap_store_page-fails.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Subject: mm/zswap: fix inconsistency when zswap_store_page() fails Date: Wed, 29 Jan 2025 19:08:44 +0900 Commit b7c0ccdfbafd ("mm: zswap: support large folios in zswap_store()") skips charging any zswap entries when it failed to zswap the entire folio. However, when some base pages are zswapped but it failed to zswap the entire folio, the zswap operation is rolled back. When freeing zswap entries for those pages, zswap_entry_free() uncharges the zswap entries that were not previously charged, causing zswap charging to become inconsistent. This inconsistency triggers two warnings with following steps: # On a machine with 64GiB of RAM and 36GiB of zswap $ stress-ng --bigheap 2 # wait until the OOM-killer kills stress-ng $ sudo reboot The two warnings are: in mm/memcontrol.c:163, function obj_cgroup_release(): WARN_ON_ONCE(nr_bytes & (PAGE_SIZE - 1)); in mm/page_counter.c:60, function page_counter_cancel(): if (WARN_ONCE(new < 0, "page_counter underflow: %ld nr_pages=%lu\n", new, nr_pages)) zswap_stored_pages also becomes inconsistent in the same way. As suggested by Kanchana, increment zswap_stored_pages and charge zswap entries within zswap_store_page() when it succeeds. This way, zswap_entry_free() will decrement the counter and uncharge the entries when it failed to zswap the entire folio. While this could potentially be optimized by batching objcg charging and incrementing the counter, let's focus on fixing the bug this time and leave the optimization for later after some evaluation. After resolving the inconsistency, the warnings disappear. [42.hyeyoo(a)gmail.com: refactor zswap_store_page()] Link: https://lkml.kernel.org/r/20250131082037.2426-1-42.hyeyoo@gmail.com Link: https://lkml.kernel.org/r/20250129100844.2935-1-42.hyeyoo@gmail.com Fixes: b7c0ccdfbafd ("mm: zswap: support large folios in zswap_store()") Co-developed-by: Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com> Signed-off-by: Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com> Signed-off-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-inconsistency-when-zswap_store_page-fails +++ a/mm/zswap.c @@ -1445,9 +1445,9 @@ resched: * main API **********************************/ -static ssize_t zswap_store_page(struct page *page, - struct obj_cgroup *objcg, - struct zswap_pool *pool) +static bool zswap_store_page(struct page *page, + struct obj_cgroup *objcg, + struct zswap_pool *pool) { swp_entry_t page_swpentry = page_swap_entry(page); struct zswap_entry *entry, *old; @@ -1456,7 +1456,7 @@ static ssize_t zswap_store_page(struct p entry = zswap_entry_cache_alloc(GFP_KERNEL, page_to_nid(page)); if (!entry) { zswap_reject_kmemcache_fail++; - return -EINVAL; + return false; } if (!zswap_compress(page, entry, pool)) @@ -1483,13 +1483,17 @@ static ssize_t zswap_store_page(struct p /* * The entry is successfully compressed and stored in the tree, there is - * no further possibility of failure. Grab refs to the pool and objcg. - * These refs will be dropped by zswap_entry_free() when the entry is - * removed from the tree. + * no further possibility of failure. Grab refs to the pool and objcg, + * charge zswap memory, and increment zswap_stored_pages. + * The opposite actions will be performed by zswap_entry_free() + * when the entry is removed from the tree. */ zswap_pool_get(pool); - if (objcg) + if (objcg) { obj_cgroup_get(objcg); + obj_cgroup_charge_zswap(objcg, entry->length); + } + atomic_long_inc(&zswap_stored_pages); /* * We finish initializing the entry while it's already in xarray. @@ -1510,13 +1514,13 @@ static ssize_t zswap_store_page(struct p zswap_lru_add(&zswap_list_lru, entry); } - return entry->length; + return true; store_failed: zpool_free(pool->zpool, entry->handle); compress_failed: zswap_entry_cache_free(entry); - return -EINVAL; + return false; } bool zswap_store(struct folio *folio) @@ -1526,7 +1530,6 @@ bool zswap_store(struct folio *folio) struct obj_cgroup *objcg = NULL; struct mem_cgroup *memcg = NULL; struct zswap_pool *pool; - size_t compressed_bytes = 0; bool ret = false; long index; @@ -1564,20 +1567,14 @@ bool zswap_store(struct folio *folio) for (index = 0; index < nr_pages; ++index) { struct page *page = folio_page(folio, index); - ssize_t bytes; - bytes = zswap_store_page(page, objcg, pool); - if (bytes < 0) + if (!zswap_store_page(page, objcg, pool)) goto put_pool; - compressed_bytes += bytes; } - if (objcg) { - obj_cgroup_charge_zswap(objcg, compressed_bytes); + if (objcg) count_objcg_events(objcg, ZSWPOUT, nr_pages); - } - atomic_long_add(nr_pages, &zswap_stored_pages); count_vm_events(ZSWPOUT, nr_pages); ret = true; _ Patches currently in -mm which might be from 42.hyeyoo(a)gmail.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] lib-iov_iter-fix-import_iovec_ubuf-iovec-management.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/iov_iter: fix import_iovec_ubuf iovec management has been removed from the -mm tree. Its filename was lib-iov_iter-fix-import_iovec_ubuf-iovec-management.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Pavel Begunkov <asml.silence(a)gmail.com> Subject: lib/iov_iter: fix import_iovec_ubuf iovec management Date: Fri, 31 Jan 2025 14:13:15 +0000 import_iovec() says that it should always be fine to kfree the iovec returned in @iovp regardless of the error code. __import_iovec_ubuf() never reallocates it and thus should clear the pointer even in cases when copy_iovec_*() fail. Link: https://lkml.kernel.org/r/378ae26923ffc20fd5e41b4360d673bf47b1775b.17383324… Fixes: 3b2deb0e46da ("iov_iter: import single vector iovecs as ITER_UBUF") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Reviewed-by: Jens Axboe <axboe(a)kernel.dk> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/iov_iter.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/lib/iov_iter.c~lib-iov_iter-fix-import_iovec_ubuf-iovec-management +++ a/lib/iov_iter.c @@ -1428,6 +1428,8 @@ static ssize_t __import_iovec_ubuf(int t struct iovec *iov = *iovp; ssize_t ret; + *iovp = NULL; + if (compat) ret = copy_compat_iovec_from_user(iov, uvec, 1); else @@ -1438,7 +1440,6 @@ static ssize_t __import_iovec_ubuf(int t ret = import_ubuf(type, iov->iov_base, iov->iov_len, i); if (unlikely(ret)) return ret; - *iovp = NULL; return i->count; } _ Patches currently in -mm which might be from asml.silence(a)gmail.com are

2 months, 1 week

1
0
0 0

+ hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Date: Mon, 17 Feb 2025 09:43:29 +0800 Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/memory_hotplug.c~hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio +++ a/mm/memory_hotplug.c @@ -1832,8 +1832,11 @@ static void do_migrate_range(unsigned lo (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); unmap_poisoned_folio(folio, pfn, false); + folio_unlock(folio); + } goto put_folio; } _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio.patch mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range.patch hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio.patch

2 months, 1 week

1
0
0 0

+ mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: memory-hotplug: check folio ref count first in do_migrate_range has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: mm: memory-hotplug: check folio ref count first in do_migrate_range Date: Mon, 17 Feb 2025 09:43:28 +0800 If a folio has an increased reference count, folio_try_get() will acquire it, perform necessary operations, and then release it. In the case of a poisoned folio without an elevated reference count (which is unlikely for memory-failure), folio_try_get() will simply bypass it. Therefore, relocate the folio_try_get() function, responsible for checking and acquiring this reference count at first. Link: https://lkml.kernel.org/r/20250217014329.3610326-3-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) --- a/mm/memory_hotplug.c~mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range +++ a/mm/memory_hotplug.c @@ -1822,12 +1822,12 @@ static void do_migrate_range(unsigned lo if (folio_test_large(folio)) pfn = folio_pfn(folio) + folio_nr_pages(folio) - 1; - /* - * HWPoison pages have elevated reference counts so the migration would - * fail on them. It also doesn't make any sense to migrate them in the - * first place. Still try to unmap such a page in case it is still mapped - * (keep the unmap as the catch all safety net). - */ + if (!folio_try_get(folio)) + continue; + + if (unlikely(page_folio(page) != folio)) + goto put_folio; + if (folio_test_hwpoison(folio) || (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) @@ -1835,14 +1835,8 @@ static void do_migrate_range(unsigned lo if (folio_mapped(folio)) unmap_poisoned_folio(folio, pfn, false); - continue; - } - - if (!folio_try_get(folio)) - continue; - - if (unlikely(page_folio(page) != folio)) goto put_folio; + } if (!isolate_folio_to_list(folio, &source)) { if (__ratelimit(&migrate_rs)) { _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio.patch mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range.patch hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio.patch

2 months, 1 week

1
0
0 0

+ mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: memory-failure: update ttu flag inside unmap_poisoned_folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: mm: memory-failure: update ttu flag inside unmap_poisoned_folio Date: Mon, 17 Feb 2025 09:43:27 +0800 Patch series "mm: memory_failure: unmap poisoned folio during migrate properly", v3. Fix two bugs during folio migration if the folio is poisoned. This patch (of 3): Commit 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in order to stop send SIGBUS signal when accessing an error page after a memory error on a clean folio. However during page migration, anon folio must be set with TTU_HWPOISON during unmap_*(). For pagecache we need some policy just like the one in hwpoison_user_mappings to set this flag. So move this policy from hwpoison_user_mappings to unmap_poisoned_folio to handle this warning properly. Warning will be produced during unamp poison folio with the following log: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 365 at mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c Modules linked in: CPU: 1 UID: 0 PID: 365 Comm: bash Tainted: G W 6.13.0-rc1-00018-gacdb4bbda7ab #42 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0x8fc/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0x8fc/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-1-mawupeng1@huawei.com Link: https://lkml.kernel.org/r/20250217014329.3610326-2-mawupeng1@huawei.com Fixes: 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Ma Wupeng <mawupeng1(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 5 ++- mm/memory-failure.c | 61 +++++++++++++++++++++--------------------- mm/memory_hotplug.c | 3 +- 3 files changed, 36 insertions(+), 33 deletions(-) --- a/mm/internal.h~mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio +++ a/mm/internal.h @@ -1115,7 +1115,7 @@ static inline int find_next_best_node(in * mm/memory-failure.c */ #ifdef CONFIG_MEMORY_FAILURE -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu); +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill); void shake_folio(struct folio *folio); extern int hwpoison_filter(struct page *p); @@ -1138,8 +1138,9 @@ unsigned long page_mapped_in_vma(const s struct vm_area_struct *vma); #else -static inline void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +static inline int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { + return -EBUSY; } #endif --- a/mm/memory-failure.c~mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio +++ a/mm/memory-failure.c @@ -1556,8 +1556,34 @@ static int get_hwpoison_page(struct page return ret; } -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { + enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; + struct address_space *mapping; + + if (folio_test_swapcache(folio)) { + pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); + ttu &= ~TTU_HWPOISON; + } + + /* + * Propagate the dirty bit from PTEs to struct page first, because we + * need this to decide if we should kill or just drop the page. + * XXX: the dirty test could be racy: set_page_dirty() may not always + * be called inside page lock (it's recommended but not enforced). + */ + mapping = folio_mapping(folio); + if (!must_kill && !folio_test_dirty(folio) && mapping && + mapping_can_writeback(mapping)) { + if (folio_mkclean(folio)) { + folio_set_dirty(folio); + } else { + ttu &= ~TTU_HWPOISON; + pr_info("%#lx: corrupted page was clean: dropped without side effects\n", + pfn); + } + } + if (folio_test_hugetlb(folio) && !folio_test_anon(folio)) { struct address_space *mapping; @@ -1572,7 +1598,7 @@ void unmap_poisoned_folio(struct folio * if (!mapping) { pr_info("%#lx: could not lock mapping for mapped hugetlb folio\n", folio_pfn(folio)); - return; + return -EBUSY; } try_to_unmap(folio, ttu|TTU_RMAP_LOCKED); @@ -1580,6 +1606,8 @@ void unmap_poisoned_folio(struct folio * } else { try_to_unmap(folio, ttu); } + + return folio_mapped(folio) ? -EBUSY : 0; } /* @@ -1589,8 +1617,6 @@ void unmap_poisoned_folio(struct folio * static bool hwpoison_user_mappings(struct folio *folio, struct page *p, unsigned long pfn, int flags) { - enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; - struct address_space *mapping; LIST_HEAD(tokill); bool unmap_success; int forcekill; @@ -1613,29 +1639,6 @@ static bool hwpoison_user_mappings(struc if (!folio_mapped(folio)) return true; - if (folio_test_swapcache(folio)) { - pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); - ttu &= ~TTU_HWPOISON; - } - - /* - * Propagate the dirty bit from PTEs to struct page first, because we - * need this to decide if we should kill or just drop the page. - * XXX: the dirty test could be racy: set_page_dirty() may not always - * be called inside page lock (it's recommended but not enforced). - */ - mapping = folio_mapping(folio); - if (!(flags & MF_MUST_KILL) && !folio_test_dirty(folio) && mapping && - mapping_can_writeback(mapping)) { - if (folio_mkclean(folio)) { - folio_set_dirty(folio); - } else { - ttu &= ~TTU_HWPOISON; - pr_info("%#lx: corrupted page was clean: dropped without side effects\n", - pfn); - } - } - /* * First collect all the processes that have the page * mapped in dirty form. This has to be done before try_to_unmap, @@ -1643,9 +1646,7 @@ static bool hwpoison_user_mappings(struc */ collect_procs(folio, p, &tokill, flags & MF_ACTION_REQUIRED); - unmap_poisoned_folio(folio, ttu); - - unmap_success = !folio_mapped(folio); + unmap_success = !unmap_poisoned_folio(folio, pfn, flags & MF_MUST_KILL); if (!unmap_success) pr_err("%#lx: failed to unmap page (folio mapcount=%d)\n", pfn, folio_mapcount(folio)); --- a/mm/memory_hotplug.c~mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio +++ a/mm/memory_hotplug.c @@ -1833,7 +1833,8 @@ static void do_migrate_range(unsigned lo if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); if (folio_mapped(folio)) - unmap_poisoned_folio(folio, TTU_IGNORE_MLOCK); + unmap_poisoned_folio(folio, pfn, false); + continue; } _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio.patch mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range.patch hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio.patch

2 months, 1 week

1
0
0 0

+ arm-pgtable-fix-null-pointer-dereference-issue.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: arm: pgtable: fix NULL pointer dereference issue has been added to the -mm mm-hotfixes-unstable branch. Its filename is arm-pgtable-fix-null-pointer-dereference-issue.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qi Zheng <zhengqi.arch(a)bytedance.com> Subject: arm: pgtable: fix NULL pointer dereference issue Date: Mon, 17 Feb 2025 10:49:24 +0800 When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. Link: https://lkml.kernel.org/r/20250217024924.57996-1-zhengqi.arch@bytedance.com Fixes: fc9c45b71f43 ("arm: adjust_pte() use pte_offset_map_rw_nolock()") Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Reported-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0c… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickens <hughd(a)google.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Russel King <linux(a)armlinux.org.uk> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm/mm/fault-armv.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) --- a/arch/arm/mm/fault-armv.c~arm-pgtable-fix-null-pointer-dereference-issue +++ a/arch/arm/mm/fault-armv.c @@ -62,7 +62,7 @@ static int do_adjust_pte(struct vm_area_ } static int adjust_pte(struct vm_area_struct *vma, unsigned long address, - unsigned long pfn, struct vm_fault *vmf) + unsigned long pfn, bool need_lock) { spinlock_t *ptl; pgd_t *pgd; @@ -99,12 +99,11 @@ again: if (!pte) return 0; - /* - * If we are using split PTE locks, then we need to take the page - * lock here. Otherwise we are using shared mm->page_table_lock - * which is already locked, thus cannot take it. - */ - if (ptl != vmf->ptl) { + if (need_lock) { + /* + * Use nested version here to indicate that we are already + * holding one similar spinlock. + */ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) { pte_unmap_unlock(pte, ptl); @@ -114,7 +113,7 @@ again: ret = do_adjust_pte(vma, address, pfn, pte); - if (ptl != vmf->ptl) + if (need_lock) spin_unlock(ptl); pte_unmap(pte); @@ -123,9 +122,10 @@ again: static void make_coherent(struct address_space *mapping, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, unsigned long pfn, - struct vm_fault *vmf) + unsigned long addr, pte_t *ptep, unsigned long pfn) { + const unsigned long pmd_start_addr = ALIGN_DOWN(addr, PMD_SIZE); + const unsigned long pmd_end_addr = pmd_start_addr + PMD_SIZE; struct mm_struct *mm = vma->vm_mm; struct vm_area_struct *mpnt; unsigned long offset; @@ -142,6 +142,14 @@ make_coherent(struct address_space *mapp flush_dcache_mmap_lock(mapping); vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) { /* + * If we are using split PTE locks, then we need to take the pte + * lock. Otherwise we are using shared mm->page_table_lock which + * is already locked, thus cannot take it. + */ + bool need_lock = IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS); + unsigned long mpnt_addr; + + /* * If this VMA is not in our MM, we can ignore it. * Note that we intentionally mask out the VMA * that we are fixing up. @@ -151,7 +159,12 @@ make_coherent(struct address_space *mapp if (!(mpnt->vm_flags & VM_MAYSHARE)) continue; offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT; - aliases += adjust_pte(mpnt, mpnt->vm_start + offset, pfn, vmf); + mpnt_addr = mpnt->vm_start + offset; + + /* Avoid deadlocks by not grabbing the same PTE lock again. */ + if (mpnt_addr >= pmd_start_addr && mpnt_addr < pmd_end_addr) + need_lock = false; + aliases += adjust_pte(mpnt, mpnt_addr, pfn, need_lock); } flush_dcache_mmap_unlock(mapping); if (aliases) @@ -194,7 +207,7 @@ void update_mmu_cache_range(struct vm_fa __flush_dcache_folio(mapping, folio); if (mapping) { if (cache_is_vivt()) - make_coherent(mapping, vma, addr, ptep, pfn, vmf); + make_coherent(mapping, vma, addr, ptep, pfn); else if (vma->vm_flags & VM_EXEC) __flush_icache_all(); } _ Patches currently in -mm which might be from zhengqi.arch(a)bytedance.com are mm-pgtable-fix-incorrect-reclaim-of-non-empty-pte-pages.patch arm-pgtable-fix-null-pointer-dereference-issue.patch

2 months, 1 week

1
0
0 0

[net-next, v3] wifi: mt76: mt7921: fix kernel panic due to null pointer dereference

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Address a kernel panic caused by a null pointer dereference in the `mt792x_rx_get_wcid` function. The issue arises because the `deflink` structure is not properly initialized with the `sta` context. This patch ensures that the `deflink` structure is correctly linked to the `sta` context, preventing the null pointer dereference. BUG: kernel NULL pointer dereference, address: 0000000000000400 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy Not tainted 6.12.13-gentoo-dist #1 Hardware name: /AMD HUDSON-M1, BIOS 4.6.4 11/15/2011 RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000 RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 0000000000000000 R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119 R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000 FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common] mt76u_alloc_queues+0x784/0x810 [mt76_usb] ? __pfx___mt76_worker_fn+0x10/0x10 [mt76] __mt76_worker_fn+0x4f/0x80 [mt76] kthread+0xd2/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- Reported-by: Nick Morrow <usbwifi2024(a)gmail.com> Closes: https://github.com/morrownr/USB-WiFi/issues/577 Cc: stable(a)vger.kernel.org Fixes: 90c10286b176 ("wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Tested-by: Salah Coronya <salah.coronya(a)gmail.com> --- v2: - Change Nick from "Tested-by" to "Reported-by". v3: - Rewrite the commit msg in the imperative mood. - Remove the boot time for code trace. --- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c index 13e58c328aff..78b77a54d195 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c @@ -811,6 +811,7 @@ int mt7921_mac_sta_add(struct mt76_dev *mdev, struct ieee80211_vif *vif, msta->deflink.wcid.phy_idx = mvif->bss_conf.mt76.band_idx; msta->deflink.wcid.tx_info |= MT_WCID_TX_INFO_SET; msta->deflink.last_txs = jiffies; + msta->deflink.sta = msta; ret = mt76_connac_pm_wake(&dev->mphy, &dev->pm); if (ret) -- 2.45.2

2 months, 1 week

1
0
0 0

+ mm-hwpoison-fix-incorrect-not-recovered-report-for-recovered-clean-pages.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hwpoison: fix incorrect "not recovered" report for recovered clean pages has been added to the -mm mm-unstable branch. Its filename is mm-hwpoison-fix-incorrect-not-recovered-report-for-recovered-clean-pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Shuai Xue <xueshuai(a)linux.alibaba.com> Subject: mm/hwpoison: fix incorrect "not recovered" report for recovered clean pages Date: Mon, 17 Feb 2025 14:33:34 +0800 When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. If the CMCI wins that race, the page is marked poisoned when uc_decode_notifier() calls memory_failure(). For dirty pages, memory_failure() invokes try_to_unmap() with the TTU_HWPOISON flag, converting the PTE to a hwpoison entry. As a result, kill_accessing_process(): - call walk_page_range() and return 1 regardless of whether try_to_unmap() succeeds or fails, - call kill_proc() to make sure a SIGBUS is sent - return -EHWPOISON to indicate that SIGBUS is already sent to the process and kill_me_maybe() doesn't have to send it again. However, for clean pages, the TTU_HWPOISON flag is cleared, leaving the PTE unchanged and not converted to a hwpoison entry. Conversely, for clean pages where PTE entries are not marked as hwpoison, kill_accessing_process() returns -EFAULT, causing kill_me_maybe() to send a SIGBUS. Console log looks like this: Memory failure: 0x827ca68: corrupted page was clean: dropped without side effects Memory failure: 0x827ca68: recovery action for clean LRU page: Recovered Memory failure: 0x827ca68: already hardware poisoned mce: Memory error not recovered To fix it, return 0 for "corrupted page was clean", preventing an unnecessary SIGBUS. Link: https://lkml.kernel.org/r/20250217063335.22257-5-xueshuai@linux.alibaba.com Fixes: 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Cc: Acked-by:Thomas Gleixner <tglx(a)linutronix.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: linmiaohe <linmiaohe(a)huawei.com> Cc: "Luck, Tony" <tony.luck(a)intel.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-hwpoison-fix-incorrect-not-recovered-report-for-recovered-clean-pages +++ a/mm/memory-failure.c @@ -881,12 +881,17 @@ static int kill_accessing_process(struct mmap_read_lock(p->mm); ret = walk_page_range(p->mm, 0, TASK_SIZE, &hwpoison_walk_ops, (void *)&priv); + /* + * ret = 1 when CMCI wins, regardless of whether try_to_unmap() + * succeeds or fails, then kill the process with SIGBUS. + * ret = 0 when poison page is a clean page and it's dropped, no + * SIGBUS is needed. + */ if (ret == 1 && priv.tk.addr) kill_proc(&priv.tk, pfn, flags); - else - ret = 0; mmap_read_unlock(p->mm); - return ret > 0 ? -EHWPOISON : -EFAULT; + + return ret > 0 ? -EHWPOISON : 0; } /* _ Patches currently in -mm which might be from xueshuai(a)linux.alibaba.com are x86-mce-collect-error-message-for-severities-below-mce_panic_severity.patch x86-mce-dump-error-msg-from-severities.patch x86-mce-add-ex_type_efault_reg-as-in-kernel-recovery-context-to-fix-copy-from-user-operations-regression.patch mm-hwpoison-fix-incorrect-not-recovered-report-for-recovered-clean-pages.patch mm-memory-failure-move-return-value-documentation-to-function-declaration.patch

2 months, 1 week

1
0
0 0

+ x86-mce-add-ex_type_efault_reg-as-in-kernel-recovery-context-to-fix-copy-from-user-operations-regression.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: x86/mce: add EX_TYPE_EFAULT_REG as in-kernel recovery context to fix copy-from-user operations regression has been added to the -mm mm-unstable branch. Its filename is x86-mce-add-ex_type_efault_reg-as-in-kernel-recovery-context-to-fix-copy-from-user-operations-regression.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Shuai Xue <xueshuai(a)linux.alibaba.com> Subject: x86/mce: add EX_TYPE_EFAULT_REG as in-kernel recovery context to fix copy-from-user operations regression Date: Mon, 17 Feb 2025 14:33:33 +0800 Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. Specifically, commit 99641e094d6c ("x86/uaccess: Remove .fixup usage") altered the extable fixup type for the get_user family, while commit 4c132d1d844a ("x86/futex: Remove .fixup usage") addressed the futex operations. This change inadvertently caused a regression where the error context for some copy-from-user operations no longer functions as an in-kernel recovery context, leading to kernel panics with the message: "Machine check: Data load in unrecoverable area of kernel." To fix the regression, add EX_TYPE_EFAULT_REG as a in-kernel recovery context for copy-from-user operations. Link: https://lkml.kernel.org/r/20250217063335.22257-4-xueshuai@linux.alibaba.com Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Fixes: 4c132d1d844a ("x86/futex: Remove .fixup usage") Cc: <stable(a)vger.kernel.org> Cc: Acked-by:Thomas Gleixner <tglx(a)linutronix.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: linmiaohe <linmiaohe(a)huawei.com> Cc: "Luck, Tony" <tony.luck(a)intel.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/kernel/cpu/mce/severity.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) --- a/arch/x86/kernel/cpu/mce/severity.c~x86-mce-add-ex_type_efault_reg-as-in-kernel-recovery-context-to-fix-copy-from-user-operations-regression +++ a/arch/x86/kernel/cpu/mce/severity.c @@ -16,6 +16,7 @@ #include <asm/traps.h> #include <asm/insn.h> #include <asm/insn-eval.h> +#include <linux/extable.h> #include "internal.h" @@ -285,7 +286,8 @@ static bool is_copy_from_user(struct pt_ */ static noinstr int error_context(struct mce *m, struct pt_regs *regs) { - int fixup_type; + const struct exception_table_entry *e; + int fixup_type, imm; bool copy_user; if ((m->cs & 3) == 3) @@ -294,9 +296,14 @@ static noinstr int error_context(struct if (!mc_recoverable(m->mcgstatus)) return IN_KERNEL; + e = search_exception_tables(m->ip); + if (!e) + return IN_KERNEL; + /* Allow instrumentation around external facilities usage. */ instrumentation_begin(); - fixup_type = ex_get_fixup_type(m->ip); + fixup_type = FIELD_GET(EX_DATA_TYPE_MASK, e->data); + imm = FIELD_GET(EX_DATA_IMM_MASK, e->data); copy_user = is_copy_from_user(regs); instrumentation_end(); @@ -304,9 +311,13 @@ static noinstr int error_context(struct case EX_TYPE_UACCESS: if (!copy_user) return IN_KERNEL; - m->kflags |= MCE_IN_KERNEL_COPYIN; - fallthrough; - + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; + return IN_KERNEL_RECOV; + case EX_TYPE_IMM_REG: + if (!copy_user || imm != -EFAULT) + return IN_KERNEL; + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; + return IN_KERNEL_RECOV; case EX_TYPE_FAULT_MCE_SAFE: case EX_TYPE_DEFAULT_MCE_SAFE: m->kflags |= MCE_IN_KERNEL_RECOV; _ Patches currently in -mm which might be from xueshuai(a)linux.alibaba.com are x86-mce-collect-error-message-for-severities-below-mce_panic_severity.patch x86-mce-dump-error-msg-from-severities.patch x86-mce-add-ex_type_efault_reg-as-in-kernel-recovery-context-to-fix-copy-from-user-operations-regression.patch mm-hwpoison-fix-incorrect-not-recovered-report-for-recovered-clean-pages.patch mm-memory-failure-move-return-value-documentation-to-function-declaration.patch

2 months, 1 week

1
0
0 0

+ m68k-sun3-add-check-for-__pgd_alloc.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: m68k: sun3: add check for __pgd_alloc() has been added to the -mm mm-hotfixes-unstable branch. Its filename is m68k-sun3-add-check-for-__pgd_alloc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Haoxiang Li <haoxiang_li2024(a)163.com> Subject: m68k: sun3: add check for __pgd_alloc() Date: Tue, 18 Feb 2025 00:00:17 +0800 Add check for the return value of __pgd_alloc() in pgd_alloc() to prevent null pointer dereference. Link: https://lkml.kernel.org/r/20250217160017.2375536-1-haoxiang_li2024@163.com Fixes: a9b3c355c2e6 ("asm-generic: pgalloc: provide generic __pgd_{alloc,free}") Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Sam Creasey <sammy(a)sammy.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/m68k/include/asm/sun3_pgalloc.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/arch/m68k/include/asm/sun3_pgalloc.h~m68k-sun3-add-check-for-__pgd_alloc +++ a/arch/m68k/include/asm/sun3_pgalloc.h @@ -44,8 +44,10 @@ static inline pgd_t * pgd_alloc(struct m pgd_t *new_pgd; new_pgd = __pgd_alloc(mm, 0); - memcpy(new_pgd, swapper_pg_dir, PAGE_SIZE); - memset(new_pgd, 0, (PAGE_OFFSET >> PGDIR_SHIFT)); + if (likely(new_pgd != NULL)) { + memcpy(new_pgd, swapper_pg_dir, PAGE_SIZE); + memset(new_pgd, 0, (PAGE_OFFSET >> PGDIR_SHIFT)); + } return new_pgd; } _ Patches currently in -mm which might be from haoxiang_li2024(a)163.com are m68k-sun3-add-check-for-__pgd_alloc.patch

2 months, 1 week

1
0
0 0

[net-next] wifi: mt76: mt7921: fix kernel panic due to null pointer dereference

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> This patch addresses a kernel panic caused by a null pointer dereference in the `mt792x_rx_get_wcid` function. The issue arises because the `deflink` structure is not properly initialized with the `sta` context. This patch ensures that the `deflink` structure is correctly linked to the `sta` context, preventing the null pointer dereference. [ 32.098574] BUG: kernel NULL pointer dereference, address: 0000000000000400 [ 32.098620] #PF: supervisor read access in kernel mode [ 32.098634] #PF: error_code(0x0000) - not-present page [ 32.098647] PGD 0 P4D 0 [ 32.098665] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 32.098683] CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy Not tainted 6.12.13-gentoo-dist #1 [ 32.098703] Hardware name: /AMD HUDSON-M1, BIOS 4.6.4 11/15/2011 [ 32.098717] RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] [ 32.098776] RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202 [ 32.098792] RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000 [ 32.098806] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000 [ 32.098819] RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 0000000000000000 [ 32.098832] R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119 [ 32.098845] R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000 [ 32.098860] FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000 [ 32.098876] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.098889] CR2: 0000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0 [ 32.098903] Call Trace: [ 32.098918] <TASK> [ 32.098932] ? __die_body.cold+0x19/0x27 [ 32.098955] ? page_fault_oops+0x15a/0x2f0 [ 32.098975] ? search_module_extables+0x19/0x60 [ 32.098995] ? search_bpf_extables+0x5f/0x80 [ 32.099012] ? exc_page_fault+0x7e/0x180 [ 32.099030] ? asm_exc_page_fault+0x26/0x30 [ 32.099054] ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] [ 32.099084] mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common] [ 32.099114] mt76u_alloc_queues+0x784/0x810 [mt76_usb] [ 32.099140] ? __pfx___mt76_worker_fn+0x10/0x10 [mt76] [ 32.099172] __mt76_worker_fn+0x4f/0x80 [mt76] [ 32.099203] kthread+0xd2/0x100 [ 32.099221] ? __pfx_kthread+0x10/0x10 [ 32.099237] ret_from_fork+0x34/0x50 [ 32.099254] ? __pfx_kthread+0x10/0x10 [ 32.099269] ret_from_fork_asm+0x1a/0x30 [ 32.099290] </TASK> [ 32.099719] ---[ end trace 0000000000000000 ]--- Reported-by: Salah Coronya <salah.coronya(a)gmail.com> Closes: https://github.com/morrownr/USB-WiFi/issues/577 Cc: stable(a)vger.kernel.org Fixes: 90c10286b176 ("wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Tested-by: Nick Morrow <usbwifi2024(a)gmail.com> Tested-by: Salah Coronya <salah.coronya(a)gmail.com> --- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c index 13e58c328aff..78b77a54d195 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c @@ -811,6 +811,7 @@ int mt7921_mac_sta_add(struct mt76_dev *mdev, struct ieee80211_vif *vif, msta->deflink.wcid.phy_idx = mvif->bss_conf.mt76.band_idx; msta->deflink.wcid.tx_info |= MT_WCID_TX_INFO_SET; msta->deflink.last_txs = jiffies; + msta->deflink.sta = msta; ret = mt76_connac_pm_wake(&dev->mphy, &dev->pm); if (ret) -- 2.45.2

2 months, 1 week

2
1
0 0

+ selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced Date: Mon, 17 Feb 2025 10:23:04 -0800 damos_quota_goal.py selftest see if DAMOS quota goals tuning feature increases or reduces the effective size quota for given score as expected. The tuning feature sets the minimum quota size as one byte, so if the effective size quota is already one, we cannot expect it further be reduced. However the test is not aware of the edge case, and fails since it shown no expected change of the effective quota. Handle the case by updating the failure logic for no change to see if it was the case, and simply skips to next test input. Link: https://lkml.kernel.org/r/20250217182304.45215-1-sj@kernel.org Fixes: f1c07c0a1662b ("selftests/damon: add a test for DAMOS quota goal") Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202502171423.b28a918d-lkp@intel.com Cc: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.10.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damos_quota_goal.py | 3 +++ 1 file changed, 3 insertions(+) --- a/tools/testing/selftests/damon/damos_quota_goal.py~selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced +++ a/tools/testing/selftests/damon/damos_quota_goal.py @@ -63,6 +63,9 @@ def main(): if last_effective_bytes != 0 else -1.0)) if last_effective_bytes == goal.effective_bytes: + # effective quota was already minimum that cannot be more reduced + if expect_increase is False and last_effective_bytes == 1: + continue print('efective bytes not changed: %d' % goal.effective_bytes) exit(1) _ Patches currently in -mm which might be from sj(a)kernel.org are selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch

2 months, 1 week

1
0
0 0

[PATCH 6.1.y] drm/amd/display: Add NULL pointer check for kzalloc

by jetlan9＠163.com

From: Hersen Wu <hersenxs.wu(a)amd.com> commit 8e65a1b7118acf6af96449e1e66b7adbc9396912 upstream. [Why & How] Check return pointer of kzalloc before using it. Reviewed-by: Alex Hung <alex.hung(a)amd.com> Acked-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- .../gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 ++++++++ .../gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 ++++++++ drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 +++ drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 +++++ drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c | 5 +++++ drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c | 2 ++ drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c | 2 ++ drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 5 +++++ drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c | 2 ++ 9 files changed, 40 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c index 3ce0ee0d012f..367b163537c4 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c @@ -568,11 +568,19 @@ void dcn3_clk_mgr_construct( dce_clock_read_ss_info(clk_mgr); clk_mgr->base.bw_params = kzalloc(sizeof(*clk_mgr->base.bw_params), GFP_KERNEL); + if (!clk_mgr->base.bw_params) { + BREAK_TO_DEBUGGER(); + return; + } /* need physical address of table to give to PMFW */ clk_mgr->wm_range_table = dm_helpers_allocate_gpu_mem(clk_mgr->base.ctx, DC_MEM_ALLOC_TYPE_GART, sizeof(WatermarksExternal_t), &clk_mgr->wm_range_table_addr); + if (!clk_mgr->wm_range_table) { + BREAK_TO_DEBUGGER(); + return; + } } void dcn3_clk_mgr_destroy(struct clk_mgr_internal *clk_mgr) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c index 1d84a04acb3f..3ade764d3323 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c @@ -816,11 +816,19 @@ void dcn32_clk_mgr_construct( clk_mgr->smu_present = false; clk_mgr->base.bw_params = kzalloc(sizeof(*clk_mgr->base.bw_params), GFP_KERNEL); + if (!clk_mgr->base.bw_params) { + BREAK_TO_DEBUGGER(); + return; + } /* need physical address of table to give to PMFW */ clk_mgr->wm_range_table = dm_helpers_allocate_gpu_mem(clk_mgr->base.ctx, DC_MEM_ALLOC_TYPE_GART, sizeof(WatermarksExternal_t), &clk_mgr->wm_range_table_addr); + if (!clk_mgr->wm_range_table) { + BREAK_TO_DEBUGGER(); + return; + } } void dcn32_clk_mgr_destroy(struct clk_mgr_internal *clk_mgr) diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c index 5a8d1a051314..6c58618f1b9c 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c @@ -2062,6 +2062,9 @@ bool dcn30_validate_bandwidth(struct dc *dc, BW_VAL_TRACE_COUNT(); + if (!pipes) + goto validate_fail; + DC_FP_START(); out = dcn30_internal_validate_bw(dc, context, pipes, &pipe_cnt, &vlevel, fast_validate, true); DC_FP_END(); diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c index d3f76512841b..73a7b1ec353e 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c @@ -1324,6 +1324,8 @@ static struct hpo_dp_link_encoder *dcn31_hpo_dp_link_encoder_create( /* allocate HPO link encoder */ hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL); + if (!hpo_dp_enc31) + return NULL; /* out of memory */ hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst, &hpo_dp_link_enc_regs[inst], @@ -1773,6 +1775,9 @@ bool dcn31_validate_bandwidth(struct dc *dc, BW_VAL_TRACE_COUNT(); + if (!pipes) + goto validate_fail; + DC_FP_START(); out = dcn30_internal_validate_bw(dc, context, pipes, &pipe_cnt, &vlevel, fast_validate, true); DC_FP_END(); diff --git a/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c b/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c index 6b8abdb5c7f8..1a4280b89a1f 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c @@ -1372,6 +1372,8 @@ static struct hpo_dp_link_encoder *dcn31_hpo_dp_link_encoder_create( /* allocate HPO link encoder */ hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL); + if (!hpo_dp_enc31) + return NULL; /* out of memory */ hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst, &hpo_dp_link_enc_regs[inst], @@ -1743,6 +1745,9 @@ bool dcn314_validate_bandwidth(struct dc *dc, BW_VAL_TRACE_COUNT(); + if (!pipes) + goto validate_fail; + if (filter_modes_for_single_channel_workaround(dc, context)) goto validate_fail; diff --git a/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c b/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c index b9b1e5ac4f53..e78954514e3e 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c @@ -1325,6 +1325,8 @@ static struct hpo_dp_link_encoder *dcn31_hpo_dp_link_encoder_create( /* allocate HPO link encoder */ hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL); + if (!hpo_dp_enc31) + return NULL; /* out of memory */ hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst, &hpo_dp_link_enc_regs[inst], diff --git a/drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c b/drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c index af3eddc0cf32..932fe9b5c08c 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn316/dcn316_resource.c @@ -1322,6 +1322,8 @@ static struct hpo_dp_link_encoder *dcn31_hpo_dp_link_encoder_create( /* allocate HPO link encoder */ hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL); + if (!hpo_dp_enc31) + return NULL; /* out of memory */ hpo_dp_link_encoder31_construct(hpo_dp_enc31, ctx, inst, &hpo_dp_link_enc_regs[inst], diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c index ef47fb2f6905..1b1534ffee9f 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c @@ -1310,6 +1310,8 @@ static struct hpo_dp_link_encoder *dcn32_hpo_dp_link_encoder_create( /* allocate HPO link encoder */ hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL); + if (!hpo_dp_enc31) + return NULL; /* out of memory */ #undef REG_STRUCT #define REG_STRUCT hpo_dp_link_enc_regs @@ -1855,6 +1857,9 @@ bool dcn32_validate_bandwidth(struct dc *dc, BW_VAL_TRACE_COUNT(); + if (!pipes) + goto validate_fail; + DC_FP_START(); out = dcn32_internal_validate_bw(dc, context, pipes, &pipe_cnt, &vlevel, fast_validate); DC_FP_END(); diff --git a/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c index aed92ced7b76..85430e5baa45 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c @@ -1296,6 +1296,8 @@ static struct hpo_dp_link_encoder *dcn321_hpo_dp_link_encoder_create( /* allocate HPO link encoder */ hpo_dp_enc31 = kzalloc(sizeof(struct dcn31_hpo_dp_link_encoder), GFP_KERNEL); + if (!hpo_dp_enc31) + return NULL; /* out of memory */ #undef REG_STRUCT #define REG_STRUCT hpo_dp_link_enc_regs -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH] net: fix uninitialised access in mii_nway_restart()

by Qasim Ijaz

In mii_nway_restart() during the line: bmcr = mii->mdio_read(mii->dev, mii->phy_id, MII_BMCR); The code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer, which is initialised with control_read(): unsigned char buff[2]; However buff is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then buff remains uninitialised. Once this happens the uninitialised buff is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of buff. To fix this we should check the return value of control_read() and return early on error. Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> Reported-by: syzbot <syzbot+3361c2d6f78a3e0892f9(a)syzkaller.appspotmail.com> Tested-by: syzbot <syzbot+3361c2d6f78a3e0892f9(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=3361c2d6f78a3e0892f9 Fixes: 4a476bd6d1d9 ("usbnet: New driver for QinHeng CH9200 devices") Cc: stable(a)vger.kernel.org --- drivers/net/mii.c | 2 ++ drivers/net/usb/ch9200.c | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/net/mii.c b/drivers/net/mii.c index 37bc3131d31a..e305bf0f1d04 100644 --- a/drivers/net/mii.c +++ b/drivers/net/mii.c @@ -464,6 +464,8 @@ int mii_nway_restart (struct mii_if_info *mii) /* if autoneg is off, it's an error */ bmcr = mii->mdio_read(mii->dev, mii->phy_id, MII_BMCR); + if (bmcr < 0) + return bmcr; if (bmcr & BMCR_ANENABLE) { bmcr |= BMCR_ANRESTART; diff --git a/drivers/net/usb/ch9200.c b/drivers/net/usb/ch9200.c index f69d9b902da0..e32d3c282dc1 100644 --- a/drivers/net/usb/ch9200.c +++ b/drivers/net/usb/ch9200.c @@ -178,6 +178,7 @@ static int ch9200_mdio_read(struct net_device *netdev, int phy_id, int loc) { struct usbnet *dev = netdev_priv(netdev); unsigned char buff[2]; + int ret; netdev_dbg(netdev, "%s phy_id:%02x loc:%02x\n", __func__, phy_id, loc); @@ -185,8 +186,10 @@ static int ch9200_mdio_read(struct net_device *netdev, int phy_id, int loc) if (phy_id != 0) return -ENODEV; - control_read(dev, REQUEST_READ, 0, loc * 2, buff, 0x02, - CONTROL_TIMEOUT_MS); + ret = control_read(dev, REQUEST_READ, 0, loc * 2, buff, 0x02, + CONTROL_TIMEOUT_MS); + if (ret != 2) + return ret < 0 ? ret : -EINVAL; return (buff[0] | buff[1] << 8); } -- 2.39.5

2 months, 1 week

2
1
0 0

[PATCH net v2] drop_monitor: fix incorrect initialization order

by Gavrilov Ilia

Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x119/0x179 lib/dump_stack.c:118 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159 reset_per_cpu_data+0xe6/0x240 [drop_monitor] net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497 genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:651 [inline] __sock_sendmsg+0x157/0x190 net/socket.c:663 ____sys_sendmsg+0x712/0x870 net/socket.c:2378 ___sys_sendmsg+0xf8/0x170 net/socket.c:2432 __sys_sendmsg+0xea/0x1b0 net/socket.c:2461 do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x62/0xc7 RIP: 0033:0x7f3f9815aee9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9 RDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007 RBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768 If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized. To fix this, let's place resource initialization above the registration of a generic netlink family. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 9a8afc8d3962 ("Network Drop Monitor: Adding drop monitor implementation & Netlink protocol") Cc: stable(a)vger.kernel.org Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> --- V2: - Move the registration of the netlink family to the end of the module initialization function net/core/drop_monitor.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c index 6efd4cccc9dd..212f0a048cab 100644 --- a/net/core/drop_monitor.c +++ b/net/core/drop_monitor.c @@ -1734,30 +1734,30 @@ static int __init init_net_drop_monitor(void) return -ENOSPC; } - rc = genl_register_family(&net_drop_monitor_family); - if (rc) { - pr_err("Could not create drop monitor netlink family\n"); - return rc; + for_each_possible_cpu(cpu) { + net_dm_cpu_data_init(cpu); + net_dm_hw_cpu_data_init(cpu); } - WARN_ON(net_drop_monitor_family.mcgrp_offset != NET_DM_GRP_ALERT); rc = register_netdevice_notifier(&dropmon_net_notifier); if (rc < 0) { pr_crit("Failed to register netdevice notifier\n"); + return rc; + } + + rc = genl_register_family(&net_drop_monitor_family); + if (rc) { + pr_err("Could not create drop monitor netlink family\n"); goto out_unreg; } + WARN_ON(net_drop_monitor_family.mcgrp_offset != NET_DM_GRP_ALERT); rc = 0; - for_each_possible_cpu(cpu) { - net_dm_cpu_data_init(cpu); - net_dm_hw_cpu_data_init(cpu); - } - goto out; out_unreg: - genl_unregister_family(&net_drop_monitor_family); + WARN_ON(unregister_netdevice_notifier(&dropmon_net_notifier)); out: return rc; } @@ -1766,19 +1766,18 @@ static void exit_net_drop_monitor(void) { int cpu; - BUG_ON(unregister_netdevice_notifier(&dropmon_net_notifier)); - /* * Because of the module_get/put we do in the trace state change path * we are guaranteed not to have any current users when we get here */ + BUG_ON(genl_unregister_family(&net_drop_monitor_family)); + + BUG_ON(unregister_netdevice_notifier(&dropmon_net_notifier)); for_each_possible_cpu(cpu) { net_dm_hw_cpu_data_fini(cpu); net_dm_cpu_data_fini(cpu); } - - BUG_ON(genl_unregister_family(&net_drop_monitor_family)); } module_init(init_net_drop_monitor); -- 2.39.5

2 months, 1 week

3
2
0 0

[PATCH] irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled

by Marc Zyngier

Christoph reports that their rk3399 system dies since we merged 773c05f417fa1 ("irqchip/gic-v3: Work around insecure GIC integrations"). It appears that some rk3399 have some secure payloads, and that the firmware sets SCR_EL3.FIQ==1. Obivously, disabling security in that configuration leads to even more problems. Let's revisit the workaround by: - making it rk3399 specific - checking whether Group-0 is available, which is a good proxy for SCR_EL3.FIQ being 0 - either apply the workaround if Group-0 is available, or disable pseudo-NMIs if not Note that this doesn't mean that the secure side is able to receive interrupts anyway, as we make all interrupts non-secure anyway. Clearly, nobody ever tested secure interrupts on this platform. With that, Christoph is able to use their rk3399. Reported-by: Christoph Fritz <chf.fritz(a)googlemail.com> Tested-by: Christoph Fritz <chf.fritz(a)googlemail.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org Fixes: 773c05f417fa1 ("irqchip/gic-v3: Work around insecure GIC integrations") Link: https://lore.kernel.org/r/b1266652fb64857246e8babdf268d0df8f0c36d9.camel@go… --- drivers/irqchip/irq-gic-v3.c | 53 +++++++++++++++++++++++++++--------- 1 file changed, 40 insertions(+), 13 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c index 76dce0aac2465..270d7a4d85a6d 100644 --- a/drivers/irqchip/irq-gic-v3.c +++ b/drivers/irqchip/irq-gic-v3.c @@ -44,6 +44,7 @@ static u8 dist_prio_nmi __ro_after_init = GICV3_PRIO_NMI; #define FLAGS_WORKAROUND_GICR_WAKER_MSM8996 (1ULL << 0) #define FLAGS_WORKAROUND_CAVIUM_ERRATUM_38539 (1ULL << 1) #define FLAGS_WORKAROUND_ASR_ERRATUM_8601001 (1ULL << 2) +#define FLAGS_WORKAROUND_INSECURE (1ULL << 3) #define GIC_IRQ_TYPE_PARTITION (GIC_IRQ_TYPE_LPI + 1) @@ -83,6 +84,8 @@ static DEFINE_STATIC_KEY_TRUE(supports_deactivate_key); #define GIC_LINE_NR min(GICD_TYPER_SPIS(gic_data.rdists.gicd_typer), 1020U) #define GIC_ESPI_NR GICD_TYPER_ESPIS(gic_data.rdists.gicd_typer) +static bool nmi_support_forbidden; + /* * There are 16 SGIs, though we only actually use 8 in Linux. The other 8 SGIs * are potentially stolen by the secure side. Some code, especially code dealing @@ -163,21 +166,27 @@ static void __init gic_prio_init(void) { bool ds; - ds = gic_dist_security_disabled(); - if (!ds) { - u32 val; - - val = readl_relaxed(gic_data.dist_base + GICD_CTLR); - val |= GICD_CTLR_DS; - writel_relaxed(val, gic_data.dist_base + GICD_CTLR); + cpus_have_group0 = gic_has_group0(); - ds = gic_dist_security_disabled(); - if (ds) - pr_warn("Broken GIC integration, security disabled"); + ds = gic_dist_security_disabled(); + if ((gic_data.flags & FLAGS_WORKAROUND_INSECURE) && !ds) { + if (cpus_have_group0) { + u32 val; + + val = readl_relaxed(gic_data.dist_base + GICD_CTLR); + val |= GICD_CTLR_DS; + writel_relaxed(val, gic_data.dist_base + GICD_CTLR); + + ds = gic_dist_security_disabled(); + if (ds) + pr_warn("Broken GIC integration, security disabled\n"); + } else { + pr_warn("Broken GIC integration, pNMI forbidden\n"); + nmi_support_forbidden = true; + } } cpus_have_security_disabled = ds; - cpus_have_group0 = gic_has_group0(); /* * How priority values are used by the GIC depends on two things: @@ -209,7 +218,7 @@ static void __init gic_prio_init(void) * be in the non-secure range, we program the non-secure values into * the distributor to match the PMR values we want. */ - if (cpus_have_group0 & !cpus_have_security_disabled) { + if (cpus_have_group0 && !cpus_have_security_disabled) { dist_prio_irq = __gicv3_prio_to_ns(dist_prio_irq); dist_prio_nmi = __gicv3_prio_to_ns(dist_prio_nmi); } @@ -1922,6 +1931,18 @@ static bool gic_enable_quirk_arm64_2941627(void *data) return true; } +static bool gic_enable_quirk_rk3399(void *data) +{ + struct gic_chip_data *d = data; + + if (of_machine_is_compatible("rockchip,rk3399")) { + d->flags |= FLAGS_WORKAROUND_INSECURE; + return true; + } + + return false; +} + static bool rd_set_non_coherent(void *data) { struct gic_chip_data *d = data; @@ -1996,6 +2017,12 @@ static const struct gic_quirk gic_quirks[] = { .property = "dma-noncoherent", .init = rd_set_non_coherent, }, + { + .desc = "GICv3: Insecure RK3399 integration", + .iidr = 0x0000043b, + .mask = 0xff000fff, + .init = gic_enable_quirk_rk3399, + }, { } }; @@ -2004,7 +2031,7 @@ static void gic_enable_nmi_support(void) { int i; - if (!gic_prio_masking_enabled()) + if (!gic_prio_masking_enabled() || nmi_support_forbidden) return; rdist_nmi_refs = kcalloc(gic_data.ppi_nr + SGI_NR, -- 2.39.2

2 months, 1 week

2
1
0 0

[PATCH 5.10 0/1] Backport upsteam fix 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60

by jaywang-amazon

Backport upstream commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60 to stable 5.10. David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use arch/x86/kernel/i8253.c | 11 +++++++++-- drivers/clocksource/i8253.c | 13 +++++++++---- include/linux/i8253.h | 1 + 3 files changed, 19 insertions(+), 6 deletions(-) -- 2.47.1

2 months, 1 week

1
1
0 0

[PATCH] nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

by Haoxiang Li

Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c index 2ec62c8d86e1..09ea1bc72097 100644 --- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c +++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c @@ -20,6 +20,9 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size) struct sk_buff *skb; skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL); + if (!skb) { + return NULL; + } skb_put(skb, size); return skb; -- 2.25.1

2 months, 1 week

2
1
0 0

[PATCH] media: verisilicon: Fix AV1 decoder clock frequency

by Nicolas Dufresne

The desired clock frequency was correctly set to 400MHz in the device tree but was lowered by the driver to 300MHz breaking 4K 60Hz content playback. Fix the issue by removing the driver call to clk_set_rate(), which reduce the amount of board specific code. Fixes: 003afda97c65 ("media: verisilicon: Enable AV1 decoder on rk3588") Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> --- This patch fixes user report of AV1 4K60 decoder not being fast enough on RK3588 based SoC. This is a break from Hantro original authors habbit of coding the frequencies in the driver instead of specifying this frequency in the device tree. The other calls to clk_set_rate() are left since this would require modifying many dtsi files, which would then be unsuitable for backport. --- drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/media/platform/verisilicon/rockchip_vpu_hw.c b/drivers/media/platform/verisilicon/rockchip_vpu_hw.c index 964122e7c355934cd80eb442219f6ba51bba8b71..9d8eab33556d62733ec7ec6b5e685c86ba7086e4 100644 --- a/drivers/media/platform/verisilicon/rockchip_vpu_hw.c +++ b/drivers/media/platform/verisilicon/rockchip_vpu_hw.c @@ -17,7 +17,6 @@ #define RK3066_ACLK_MAX_FREQ (300 * 1000 * 1000) #define RK3288_ACLK_MAX_FREQ (400 * 1000 * 1000) -#define RK3588_ACLK_MAX_FREQ (300 * 1000 * 1000) #define ROCKCHIP_VPU981_MIN_SIZE 64 @@ -440,10 +439,9 @@ static int rk3066_vpu_hw_init(struct hantro_dev *vpu) return 0; } +/* TODO just remove, the CLK are defined correctly in the DTS */ static int rk3588_vpu981_hw_init(struct hantro_dev *vpu) { - /* Bump ACLKs to max. possible freq. to improve performance. */ - clk_set_rate(vpu->clocks[0].clk, RK3588_ACLK_MAX_FREQ); return 0; } @@ -807,7 +805,6 @@ const struct hantro_variant rk3588_vpu981_variant = { .codec_ops = rk3588_vpu981_codec_ops, .irqs = rk3588_vpu981_irqs, .num_irqs = ARRAY_SIZE(rk3588_vpu981_irqs), - .init = rk3588_vpu981_hw_init, .clk_names = rk3588_vpu981_vpu_clk_names, .num_clocks = ARRAY_SIZE(rk3588_vpu981_vpu_clk_names) }; --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250217-b4-hantro-av1-clock-rate-e5497f1499df Best regards, -- Nicolas Dufresne <nicolas.dufresne(a)collabora.com>

2 months, 1 week

2
2
0 0

[PATCH] selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced

by SeongJae Park

damos_quota_goal.py selftest see if DAMOS quota goals tuning feature increases or reduces the effective size quota for given score as expected. The tuning feature sets the minimum quota size as one byte, so if the effective size quota is already one, we cannot expect it further be reduced. However the test is not aware of the edge case, and fails since it shown no expected change of the effective quota. Handle the case by updating the failure logic for no change to see if it was the case, and simply skips to next test input. Fixes: f1c07c0a1662b ("selftests/damon: add a test for DAMOS quota goal") Cc: <stable(a)vger.kernel.org> # 6.10.x Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202502171423.b28a918d-lkp@intel.com Signed-off-by: SeongJae Park <sj(a)kernel.org> --- tools/testing/selftests/damon/damos_quota_goal.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/damon/damos_quota_goal.py b/tools/testing/selftests/damon/damos_quota_goal.py index 18246f3b62f7..f76e0412b564 100755 --- a/tools/testing/selftests/damon/damos_quota_goal.py +++ b/tools/testing/selftests/damon/damos_quota_goal.py @@ -63,6 +63,9 @@ def main(): if last_effective_bytes != 0 else -1.0)) if last_effective_bytes == goal.effective_bytes: + # effective quota was already minimum that cannot be more reduced + if expect_increase is False and last_effective_bytes == 1: + continue print('efective bytes not changed: %d' % goal.effective_bytes) exit(1) base-commit: 20017459916819f8ae15ca3840e71fbf0ea8354e -- 2.39.5

2 months, 1 week

1
0
0 0

[PATCH 6.12] xfs: don't lose solo dquot update transactions

by Darrick J. Wong

From: Darrick J. Wong <djwong(a)kernel.org> commit 07137e925fa951646325762bda6bd2503dfe64c6 upstream Quota counter updates are tracked via incore objects which hang off the xfs_trans object. These changes are then turned into dirty log items in xfs_trans_apply_dquot_deltas just prior to commiting the log items to the CIL. However, updating the incore deltas do not cause XFS_TRANS_DIRTY to be set on the transaction. In other words, a pure quota counter update will be silently discarded if there are no other dirty log items attached to the transaction. This is currently not the case anywhere in the filesystem because quota updates always dirty at least one other metadata item, but a subsequent bug fix will add dquot log item precommits, so we actually need a dirty dquot log item prior to xfs_trans_run_precommits. Also let's not leave a logic bomb. Cc: <stable(a)vger.kernel.org> # v2.6.35 Fixes: 0924378a689ccb ("xfs: split out iclog writing from xfs_trans_commit()") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> --- fs/xfs/xfs_quota.h | 5 +++-- fs/xfs/xfs_trans.c | 10 +++------- fs/xfs/xfs_trans_dquot.c | 31 ++++++++++++++++++++++++++----- 3 files changed, 32 insertions(+), 14 deletions(-) diff --git a/fs/xfs/xfs_quota.h b/fs/xfs/xfs_quota.h index 23d71a55bbc006..032f3a70f21ddd 100644 --- a/fs/xfs/xfs_quota.h +++ b/fs/xfs/xfs_quota.h @@ -96,7 +96,8 @@ extern void xfs_trans_free_dqinfo(struct xfs_trans *); extern void xfs_trans_mod_dquot_byino(struct xfs_trans *, struct xfs_inode *, uint, int64_t); extern void xfs_trans_apply_dquot_deltas(struct xfs_trans *); -extern void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *); +void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *tp, + bool already_locked); int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force); extern int xfs_trans_reserve_quota_bydquots(struct xfs_trans *, @@ -166,7 +167,7 @@ static inline void xfs_trans_mod_dquot_byino(struct xfs_trans *tp, { } #define xfs_trans_apply_dquot_deltas(tp) -#define xfs_trans_unreserve_and_mod_dquots(tp) +#define xfs_trans_unreserve_and_mod_dquots(tp, a) static inline int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force) diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index ee46051db12dde..39cd11cbe21fcb 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -840,6 +840,7 @@ __xfs_trans_commit( */ if (tp->t_flags & XFS_TRANS_SB_DIRTY) xfs_trans_apply_sb_deltas(tp); + xfs_trans_apply_dquot_deltas(tp); error = xfs_trans_run_precommits(tp); if (error) @@ -868,11 +869,6 @@ __xfs_trans_commit( ASSERT(tp->t_ticket != NULL); - /* - * If we need to update the superblock, then do it now. - */ - xfs_trans_apply_dquot_deltas(tp); - xlog_cil_commit(log, tp, &commit_seq, regrant); xfs_trans_free(tp); @@ -898,7 +894,7 @@ __xfs_trans_commit( * the dqinfo portion to be. All that means is that we have some * (non-persistent) quota reservations that need to be unreserved. */ - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, true); if (tp->t_ticket) { if (regrant && !xlog_is_shutdown(log)) xfs_log_ticket_regrant(log, tp->t_ticket); @@ -992,7 +988,7 @@ xfs_trans_cancel( } #endif xfs_trans_unreserve_and_mod_sb(tp); - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, false); if (tp->t_ticket) { xfs_log_ticket_ungrant(log, tp->t_ticket); diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index b368e13424c4f4..b92eeaa1a2a9e7 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -602,6 +602,24 @@ xfs_trans_apply_dquot_deltas( ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count); ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count); ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count); + + /* + * We've applied the count changes and given back + * whatever reservation we didn't use. Zero out the + * dqtrx fields. + */ + qtrx->qt_blk_res = 0; + qtrx->qt_bcount_delta = 0; + qtrx->qt_delbcnt_delta = 0; + + qtrx->qt_rtblk_res = 0; + qtrx->qt_rtblk_res_used = 0; + qtrx->qt_rtbcount_delta = 0; + qtrx->qt_delrtb_delta = 0; + + qtrx->qt_ino_res = 0; + qtrx->qt_ino_res_used = 0; + qtrx->qt_icount_delta = 0; } } } @@ -638,7 +656,8 @@ xfs_trans_unreserve_and_mod_dquots_hook( */ void xfs_trans_unreserve_and_mod_dquots( - struct xfs_trans *tp) + struct xfs_trans *tp, + bool already_locked) { int i, j; struct xfs_dquot *dqp; @@ -667,10 +686,12 @@ xfs_trans_unreserve_and_mod_dquots( * about the number of blocks used field, or deltas. * Also we don't bother to zero the fields. */ - locked = false; + locked = already_locked; if (qtrx->qt_blk_res) { - xfs_dqlock(dqp); - locked = true; + if (!locked) { + xfs_dqlock(dqp); + locked = true; + } dqp->q_blk.reserved -= (xfs_qcnt_t)qtrx->qt_blk_res; } @@ -691,7 +712,7 @@ xfs_trans_unreserve_and_mod_dquots( dqp->q_rtb.reserved -= (xfs_qcnt_t)qtrx->qt_rtblk_res; } - if (locked) + if (locked && !already_locked) xfs_dqunlock(dqp); }

2 months, 1 week

1
0
0 0

Backport fix from IOMMU regression introduced in 6.10

by Mario Limonciello

Hello, This bug report was raised on an IOMMU regression found recently: https://bugzilla.kernel.org/show_bug.cgi?id=219499 This has been fixed by the following commit in v6.14-rc3: commit ef75966abf95 ("iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path") I confirmed it backports cleanly to the LTS 6.12.y kernel. Can we please have it backported there and to 6.13.y? Thanks!

2 months, 1 week

1
0
0 0

[RESEND]tc-flower not worked when configured dst_port and src_port range in one rule.

by Qiang Zhang

Hi, all. recently met an issue: tc-flower not worked when configured dst_port and src_port range in one rule. detailed like this: $ tc qdisc add dev ens38 ingress $ tc filter add dev ens38 ingress protocol ip flower ip_proto udp \ dst_port 5000 src_port 2000-3000 action drop I try to find the root cause in kernel source code: 1. FLOW_DISSECTOR_KEY_PORTS and FLOW_DISSECTOR_KEY_PORTS_RANGE flag of mask->dissector were set in fl_classify from flow_dissector.c. 2. then skb_flow_dissect -> __skb_flow_dissect -> __skb_flow_dissect_ports. 3. FLOW_DISSECTOR_KEY_PORTS handled and FLOW_DISSECTOR_KEY_PORTS_RANGE not handled in __skb_flow_dissect_ports, so tp_range.tp.src was 0 here expected the actual skb source port. By the way, __skb_flow_bpf_to_target function may has the same issue. Please help confirm and fix it, thank you. source code of __skb_flow_dissect_ports in flow_dissector.c as below: static void __skb_flow_dissect_ports(const struct sk_buff *skb, struct flow_dissector *flow_dissector, void *target_container, const void *data, int nhoff, u8 ip_proto, int hlen) { enum flow_dissector_key_id dissector_ports = FLOW_DISSECTOR_KEY_MAX; struct flow_dissector_key_ports *key_ports; if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) dissector_ports = FLOW_DISSECTOR_KEY_PORTS; else if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS_RANGE)) dissector_ports = FLOW_DISSECTOR_KEY_PORTS_RANGE; if (dissector_ports == FLOW_DISSECTOR_KEY_MAX) return; key_ports = skb_flow_dissector_target(flow_dissector, dissector_ports, target_container); key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto, data, hlen); } Best regards.

2 months, 1 week

2
1
0 0

[PATCHv4 2/2] x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default

by Kirill A. Shutemov

Currently memremap(MEMREMAP_WB) can produce decrypted/shared mapping: memremap(MEMREMAP_WB) arch_memremap_wb() ioremap_cache() __ioremap_caller(.encrytped = false) In such cases, the IORES_MAP_ENCRYPTED flag on the memory will determine if the resulting mapping is encrypted or decrypted. Creating a decrypted mapping without explicit request from the caller is risky: - It can inadvertently expose the guest's data and compromise the guest. - Accessing private memory via shared/decrypted mapping on TDX will either trigger implicit conversion to shared or #VE (depending on VMM implementation). Implicit conversion is destructive: subsequent access to the same memory via private mapping will trigger a hard-to-debug #VE crash. The kernel already provides a way to request decrypted mapping explicitly via the MEMREMAP_DEC flag. Modify memremap(MEMREMAP_WB) to produce encrypted/private mapping by default unless MEMREMAP_DEC is specified or if the kernel runs on a machine with SME enabled. It fixes the crash due to #VE on kexec in TDX guests if CONFIG_EISA is enabled. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: stable(a)vger.kernel.org # 6.11+ Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Ashish Kalra <ashish.kalra(a)amd.com> Cc: "Maciej W. Rozycki" <macro(a)orcam.me.uk> --- arch/x86/include/asm/io.h | 3 +++ arch/x86/mm/ioremap.c | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h index ed580c7f9d0a..1a0dc2b2bf5b 100644 --- a/arch/x86/include/asm/io.h +++ b/arch/x86/include/asm/io.h @@ -175,6 +175,9 @@ extern void __iomem *ioremap_prot(resource_size_t offset, unsigned long size, un extern void __iomem *ioremap_encrypted(resource_size_t phys_addr, unsigned long size); #define ioremap_encrypted ioremap_encrypted +void *arch_memremap_wb(phys_addr_t phys_addr, size_t size, unsigned long flags); +#define arch_memremap_wb arch_memremap_wb + /** * ioremap - map bus memory into CPU space * @offset: bus address of the memory diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index 8d29163568a7..a4b23d2e92d2 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -503,6 +503,14 @@ void iounmap(volatile void __iomem *addr) } EXPORT_SYMBOL(iounmap); +void *arch_memremap_wb(phys_addr_t phys_addr, size_t size, unsigned long flags) +{ + if ((flags & MEMREMAP_DEC) || cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) + return (void __force *)ioremap_cache(phys_addr, size); + + return (void __force *)ioremap_encrypted(phys_addr, size); +} + /* * Convert a physical pointer to a virtual kernel pointer for /dev/mem * access -- 2.47.2

2 months, 1 week

1
0
0 0

[PATCHv4 1/2] memremap: Pass down MEMREMAP_* flags to arch_memremap_wb()

by Kirill A. Shutemov

x86 version of arch_memremap_wb() needs the flags to decide if the mapping has be encrypted or decrypted. Pass down the flag to arch_memremap_wb(). All current implementations ignore the argument. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: stable(a)vger.kernel.org # 6.11+ --- arch/arm/include/asm/io.h | 2 +- arch/arm/mm/ioremap.c | 2 +- arch/arm/mm/nommu.c | 2 +- arch/riscv/include/asm/io.h | 2 +- kernel/iomem.c | 5 +++-- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/arch/arm/include/asm/io.h b/arch/arm/include/asm/io.h index 1815748f5d2a..bae5edf348ef 100644 --- a/arch/arm/include/asm/io.h +++ b/arch/arm/include/asm/io.h @@ -381,7 +381,7 @@ void __iomem *ioremap_wc(resource_size_t res_cookie, size_t size); void iounmap(volatile void __iomem *io_addr); #define iounmap iounmap -void *arch_memremap_wb(phys_addr_t phys_addr, size_t size); +void *arch_memremap_wb(phys_addr_t phys_addr, size_t size, unsigned long flags); #define arch_memremap_wb arch_memremap_wb /* diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c index 794cfea9f9d4..9f7883e6db46 100644 --- a/arch/arm/mm/ioremap.c +++ b/arch/arm/mm/ioremap.c @@ -411,7 +411,7 @@ void __arm_iomem_set_ro(void __iomem *ptr, size_t size) set_memory_ro((unsigned long)ptr, PAGE_ALIGN(size) / PAGE_SIZE); } -void *arch_memremap_wb(phys_addr_t phys_addr, size_t size) +void *arch_memremap_wb(phys_addr_t phys_addr, size_t size, unsigned long flags) { return (__force void *)arch_ioremap_caller(phys_addr, size, MT_MEMORY_RW, diff --git a/arch/arm/mm/nommu.c b/arch/arm/mm/nommu.c index c415f3859b20..279641f0780e 100644 --- a/arch/arm/mm/nommu.c +++ b/arch/arm/mm/nommu.c @@ -251,7 +251,7 @@ void __iomem *pci_remap_cfgspace(resource_size_t res_cookie, size_t size) EXPORT_SYMBOL_GPL(pci_remap_cfgspace); #endif -void *arch_memremap_wb(phys_addr_t phys_addr, size_t size) +void *arch_memremap_wb(phys_addr_t phys_addr, size_t size, unsigned long flags) { return (void *)phys_addr; } diff --git a/arch/riscv/include/asm/io.h b/arch/riscv/include/asm/io.h index 1c5c641075d2..0257f4aa7ff4 100644 --- a/arch/riscv/include/asm/io.h +++ b/arch/riscv/include/asm/io.h @@ -136,7 +136,7 @@ __io_writes_outs(outs, u64, q, __io_pbr(), __io_paw()) #include <asm-generic/io.h> #ifdef CONFIG_MMU -#define arch_memremap_wb(addr, size) \ +#define arch_memremap_wb(addr, size, flags) \ ((__force void *)ioremap_prot((addr), (size), _PAGE_KERNEL)) #endif diff --git a/kernel/iomem.c b/kernel/iomem.c index dc2120776e1c..75e61c1c6bc0 100644 --- a/kernel/iomem.c +++ b/kernel/iomem.c @@ -6,7 +6,8 @@ #include <linux/ioremap.h> #ifndef arch_memremap_wb -static void *arch_memremap_wb(resource_size_t offset, unsigned long size) +static void *arch_memremap_wb(resource_size_t offset, unsigned long size, + unsigned long flags) { #ifdef ioremap_cache return (__force void *)ioremap_cache(offset, size); @@ -91,7 +92,7 @@ void *memremap(resource_size_t offset, size_t size, unsigned long flags) if (is_ram == REGION_INTERSECTS) addr = try_ram_remap(offset, size, flags); if (!addr) - addr = arch_memremap_wb(offset, size); + addr = arch_memremap_wb(offset, size, flags); } /* -- 2.47.2

2 months, 1 week

1
0
0 0

[PATCH] s390/sclp: Add check for get_zeroed_page()

by Haoxiang Li

Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Fixes: 4c8f4794b61e ("[S390] sclp console: convert from bootmem to slab") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/s390/char/sclp_con.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c index e5d947c763ea..7447076b1ec1 100644 --- a/drivers/s390/char/sclp_con.c +++ b/drivers/s390/char/sclp_con.c @@ -282,6 +282,8 @@ sclp_console_init(void) /* Allocate pages for output buffering */ for (i = 0; i < sclp_console_pages; i++) { page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA); + if (!page) + return -ENOMEM; list_add_tail(page, &sclp_con_pages); } sclp_conbuf = NULL; -- 2.25.1

2 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] mm: gup: fix infinite loop within __get_longterm_locked" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1aaf8c122918aa8897605a9aa1e8ed6600d6f930 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021008-recharger-fastball-ffab@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1aaf8c122918aa8897605a9aa1e8ed6600d6f930 Mon Sep 17 00:00:00 2001 From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Date: Tue, 21 Jan 2025 10:01:59 +0800 Subject: [PATCH] mm: gup: fix infinite loop within __get_longterm_locked We can run into an infinite loop in __get_longterm_locked() when collect_longterm_unpinnable_folios() finds only folios that are isolated from the LRU or were never added to the LRU. This can happen when all folios to be pinned are never added to the LRU, for example when vm_ops->fault allocated pages using cma_alloc() and never added them to the LRU. Fix it by simply taking a look at the list in the single caller, to see if anything was added. [zhaoyang.huang(a)unisoc.com: move definition of local] Link: https://lkml.kernel.org/r/20250122012604.3654667-1-zhaoyang.huang@unisoc.com Link: https://lkml.kernel.org/r/20250121020159.3636477-1-zhaoyang.huang@unisoc.com Fixes: 67e139b02d99 ("mm/gup.c: refactor check_and_migrate_movable_pages()") Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/gup.c b/mm/gup.c index 9aaf338cc1f4..3883b307780e 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2320,13 +2320,13 @@ static void pofs_unpin(struct pages_or_folios *pofs) /* * Returns the number of collected folios. Return value is always >= 0. */ -static unsigned long collect_longterm_unpinnable_folios( +static void collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { - unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; + unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2338,8 +2338,6 @@ static unsigned long collect_longterm_unpinnable_folios( if (folio_is_longterm_pinnable(folio)) continue; - collected++; - if (folio_is_device_coherent(folio)) continue; @@ -2361,8 +2359,6 @@ static unsigned long collect_longterm_unpinnable_folios( NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } - - return collected; } /* @@ -2439,11 +2435,9 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); - unsigned long collected; - collected = collect_longterm_unpinnable_folios(&movable_folio_list, - pofs); - if (!collected) + collect_longterm_unpinnable_folios(&movable_folio_list, pofs); + if (list_empty(&movable_folio_list)) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs);

2 months, 1 week

2
1
0 0

[PATCH] usb: xhci: lack of clearing xHC resources

by Pawel Laszczak

The xHC resources allocated for USB devices are not released in correct order after resuming in case when while suspend device was reconnected. This issue has been detected during the fallowing scenario: - connect hub HS to root port - connect LS/FS device to hub port - wait for enumeration to finish - force DUT to suspend - reconnect hub attached to root port - wake DUT For this scenario during enumeration of USB LS/FS device the Cadence xHC reports completion error code for xHCi commands because the devices was not property disconnected and in result the xHC resources has not been correct freed. XHCI specification doesn't mention that device can be reset in any order so, we should not treat this issue as Cadence xHC controller bug. Similar as during disconnecting in this case the device should be cleared starting form the last usb device in tree toward the root hub. To fix this issue usbcore driver should disconnect all USB devices connected to hub which was reconnected while suspending. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/core/hub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 0cd44f1fd56d..2473cbf317a8 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -3627,10 +3627,12 @@ static int finish_port_resume(struct usb_device *udev) * the device will be rediscovered. */ retry_reset_resume: - if (udev->quirks & USB_QUIRK_RESET) + if (udev->quirks & USB_QUIRK_RESET) { status = -ENODEV; - else + } else { + hub_disconnect_children(udev); status = usb_reset_and_verify_device(udev); + } } /* 10.5.4.5 says be sure devices in the tree are still there. -- 2.43.0

2 months, 1 week

3
5
0 0

FAILED: patch "[PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 318e8c339c9a0891c389298bb328ed0762a9935e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021722-poplar-spoilage-a69f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 318e8c339c9a0891c389298bb328ed0762a9935e Mon Sep 17 00:00:00 2001 From: Patrick Bellasi <derkling(a)google.com> Date: Wed, 5 Feb 2025 14:04:41 +0000 Subject: [PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..be2c311f5118 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2599,7 +2599,8 @@ config MITIGATION_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config MITIGATION_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5a505aa65489..a5d0998d7604 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1115,6 +1115,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1124,9 +1126,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2646,6 +2645,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2655,6 +2655,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); @@ -2663,8 +2670,8 @@ static void __init srso_select_mitigation(void) ibpb_on_vmexit: case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2676,8 +2683,8 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); + } break; default: break;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 318e8c339c9a0891c389298bb328ed0762a9935e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021721-brunch-mankind-56c2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 318e8c339c9a0891c389298bb328ed0762a9935e Mon Sep 17 00:00:00 2001 From: Patrick Bellasi <derkling(a)google.com> Date: Wed, 5 Feb 2025 14:04:41 +0000 Subject: [PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..be2c311f5118 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2599,7 +2599,8 @@ config MITIGATION_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config MITIGATION_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5a505aa65489..a5d0998d7604 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1115,6 +1115,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1124,9 +1126,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2646,6 +2645,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2655,6 +2655,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); @@ -2663,8 +2670,8 @@ static void __init srso_select_mitigation(void) ibpb_on_vmexit: case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2676,8 +2683,8 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); + } break; default: break;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 318e8c339c9a0891c389298bb328ed0762a9935e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021719-composure-nimble-a2a1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 318e8c339c9a0891c389298bb328ed0762a9935e Mon Sep 17 00:00:00 2001 From: Patrick Bellasi <derkling(a)google.com> Date: Wed, 5 Feb 2025 14:04:41 +0000 Subject: [PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..be2c311f5118 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2599,7 +2599,8 @@ config MITIGATION_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config MITIGATION_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5a505aa65489..a5d0998d7604 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1115,6 +1115,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1124,9 +1126,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2646,6 +2645,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2655,6 +2655,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); @@ -2663,8 +2670,8 @@ static void __init srso_select_mitigation(void) ibpb_on_vmexit: case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2676,8 +2683,8 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); + } break; default: break;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 318e8c339c9a0891c389298bb328ed0762a9935e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021718-puzzle-prenatal-af0e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 318e8c339c9a0891c389298bb328ed0762a9935e Mon Sep 17 00:00:00 2001 From: Patrick Bellasi <derkling(a)google.com> Date: Wed, 5 Feb 2025 14:04:41 +0000 Subject: [PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..be2c311f5118 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2599,7 +2599,8 @@ config MITIGATION_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config MITIGATION_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5a505aa65489..a5d0998d7604 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1115,6 +1115,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1124,9 +1126,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2646,6 +2645,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2655,6 +2655,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); @@ -2663,8 +2670,8 @@ static void __init srso_select_mitigation(void) ibpb_on_vmexit: case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2676,8 +2683,8 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); + } break; default: break;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 318e8c339c9a0891c389298bb328ed0762a9935e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021717-pelt-wick-0392@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 318e8c339c9a0891c389298bb328ed0762a9935e Mon Sep 17 00:00:00 2001 From: Patrick Bellasi <derkling(a)google.com> Date: Wed, 5 Feb 2025 14:04:41 +0000 Subject: [PATCH] x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit In [1] the meaning of the synthetic IBPB flags has been redefined for a better separation of concerns: - ENTRY_IBPB -- issue IBPB on entry only - IBPB_ON_VMEXIT -- issue IBPB on VM-Exit only and the Retbleed mitigations have been updated to match this new semantics. Commit [2] was merged shortly before [1], and their interaction was not handled properly. This resulted in IBPB not being triggered on VM-Exit in all SRSO mitigation configs requesting an IBPB there. Specifically, an IBPB on VM-Exit is triggered only when X86_FEATURE_IBPB_ON_VMEXIT is set. However: - X86_FEATURE_IBPB_ON_VMEXIT is not set for "spec_rstack_overflow=ibpb", because before [1] having X86_FEATURE_ENTRY_IBPB was enough. Hence, an IBPB is triggered on entry but the expected IBPB on VM-exit is not. - X86_FEATURE_IBPB_ON_VMEXIT is not set also when "spec_rstack_overflow=ibpb-vmexit" if X86_FEATURE_ENTRY_IBPB is already set. That's because before [1] this was effectively redundant. Hence, e.g. a "retbleed=ibpb spec_rstack_overflow=bpb-vmexit" config mistakenly reports the machine still vulnerable to SRSO, despite an IBPB being triggered both on entry and VM-Exit, because of the Retbleed selected mitigation config. - UNTRAIN_RET_VM won't still actually do anything unless CONFIG_MITIGATION_IBPB_ENTRY is set. For "spec_rstack_overflow=ibpb", enable IBPB on both entry and VM-Exit and clear X86_FEATURE_RSB_VMEXIT which is made superfluous by X86_FEATURE_IBPB_ON_VMEXIT. This effectively makes this mitigation option similar to the one for 'retbleed=ibpb', thus re-order the code for the RETBLEED_MITIGATION_IBPB option to be less confusing by having all features enabling before the disabling of the not needed ones. For "spec_rstack_overflow=ibpb-vmexit", guard this mitigation setting with CONFIG_MITIGATION_IBPB_ENTRY to ensure UNTRAIN_RET_VM sequence is effectively compiled in. Drop instead the CONFIG_MITIGATION_SRSO guard, since none of the SRSO compile cruft is required in this configuration. Also, check only that the required microcode is present to effectively enabled the IBPB on VM-Exit. Finally, update the KConfig description for CONFIG_MITIGATION_IBPB_ENTRY to list also all SRSO config settings enabled by this guard. Fixes: 864bcaa38ee4 ("x86/cpu/kvm: Provide UNTRAIN_RET_VM") [1] Fixes: d893832d0e1e ("x86/srso: Add IBPB on VMEXIT") [2] Reported-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Patrick Bellasi <derkling(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..be2c311f5118 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2599,7 +2599,8 @@ config MITIGATION_IBPB_ENTRY depends on CPU_SUP_AMD && X86_64 default y help - Compile the kernel with support for the retbleed=ibpb mitigation. + Compile the kernel with support for the retbleed=ibpb and + spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. config MITIGATION_IBRS_ENTRY bool "Enable IBRS on kernel entry" diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5a505aa65489..a5d0998d7604 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1115,6 +1115,8 @@ static void __init retbleed_select_mitigation(void) case RETBLEED_MITIGATION_IBPB: setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + mitigate_smt = true; /* * IBPB on entry already obviates the need for @@ -1124,9 +1126,6 @@ static void __init retbleed_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - mitigate_smt = true; - /* * There is no need for RSB filling: entry_ibpb() ensures * all predictions, including the RSB, are invalidated, @@ -2646,6 +2645,7 @@ static void __init srso_select_mitigation(void) if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB; /* @@ -2655,6 +2655,13 @@ static void __init srso_select_mitigation(void) */ setup_clear_cpu_cap(X86_FEATURE_UNRET); setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); @@ -2663,8 +2670,8 @@ static void __init srso_select_mitigation(void) ibpb_on_vmexit: case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { + if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { + if (has_microcode) { setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT; @@ -2676,8 +2683,8 @@ static void __init srso_select_mitigation(void) setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); } } else { - pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); + } break; default: break;

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] nfsd: clear acl_access/acl_default after releasing them" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7faf14a7b0366f153284db0ad3347c457ea70136 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021739-feel-carrot-068f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7faf14a7b0366f153284db0ad3347c457ea70136 Mon Sep 17 00:00:00 2001 From: Li Lingfeng <lilingfeng3(a)huawei.com> Date: Sun, 26 Jan 2025 17:47:22 +0800 Subject: [PATCH] nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously. However, acl_access will still retain a pointer pointing to the released posix_acl, which will trigger a WARNING in nfs3svc_release_getacl like this: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 26 PID: 3199 at lib/refcount.c:28 refcount_warn_saturate+0xb5/0x170 Modules linked in: CPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted 6.12.0-rc6-00079-g04ae226af01f-dirty #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb5/0x170 Code: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75 e4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff <0f> 0b eb cd 0f b6 1d 8a3 RSP: 0018:ffffc90008637cd8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380 RBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56 R10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001 R13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0 FS: 0000000000000000(0000) GS:ffff88871ed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? refcount_warn_saturate+0xb5/0x170 ? __warn+0xa5/0x140 ? refcount_warn_saturate+0xb5/0x170 ? report_bug+0x1b1/0x1e0 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x17/0x40 ? asm_exc_invalid_op+0x1a/0x20 ? tick_nohz_tick_stopped+0x1e/0x40 ? refcount_warn_saturate+0xb5/0x170 ? refcount_warn_saturate+0xb5/0x170 nfs3svc_release_getacl+0xc9/0xe0 svc_process_common+0x5db/0xb60 ? __pfx_svc_process_common+0x10/0x10 ? __rcu_read_unlock+0x69/0xa0 ? __pfx_nfsd_dispatch+0x10/0x10 ? svc_xprt_received+0xa1/0x120 ? xdr_init_decode+0x11d/0x190 svc_process+0x2a7/0x330 svc_handle_xprt+0x69d/0x940 svc_recv+0x180/0x2d0 nfsd+0x168/0x200 ? __pfx_nfsd+0x10/0x10 kthread+0x1a2/0x1e0 ? kthread+0xf4/0x1e0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... Clear acl_access/acl_default after posix_acl_release is called to prevent UAF from being triggered. Fixes: a257cdd0e217 ("[PATCH] NFSD: Add server support for NFSv3 ACLs.") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241107014705.2509463-1-lilingfeng@huaweicloud… Signed-off-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Rick Macklem <rmacklem(a)uoguelph.ca> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c index 4e3be7201b1c..5fb202acb0fd 100644 --- a/fs/nfsd/nfs2acl.c +++ b/fs/nfsd/nfs2acl.c @@ -84,6 +84,8 @@ static __be32 nfsacld_proc_getacl(struct svc_rqst *rqstp) fail: posix_acl_release(resp->acl_access); posix_acl_release(resp->acl_default); + resp->acl_access = NULL; + resp->acl_default = NULL; goto out; } diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c index 5e34e98db969..7b5433bd3019 100644 --- a/fs/nfsd/nfs3acl.c +++ b/fs/nfsd/nfs3acl.c @@ -76,6 +76,8 @@ static __be32 nfsd3_proc_getacl(struct svc_rqst *rqstp) fail: posix_acl_release(resp->acl_access); posix_acl_release(resp->acl_default); + resp->acl_access = NULL; + resp->acl_default = NULL; goto out; }

2 months, 1 week

1
0
0 0

Linux 6.13.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.3 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/elf_hwcaps.rst | 39 Documentation/driver-api/media/tx-rx.rst | 2 Documentation/gpu/drm-kms-helpers.rst | 3 Makefile | 2 arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 4 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 +++++----- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++-- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++--- arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++--- arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 arch/arm64/boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 4 arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++--- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/include/asm/assembler.h | 5 arch/arm64/include/asm/pgtable-hwdef.h | 6 arch/arm64/include/asm/pgtable-prot.h | 7 arch/arm64/include/asm/sparsemem.h | 5 arch/arm64/kernel/cpufeature.c | 55 - arch/arm64/kernel/cpuinfo.c | 10 arch/arm64/kernel/pi/idreg-override.c | 9 arch/arm64/kernel/pi/map_kernel.c | 6 arch/arm64/kvm/arch_timer.c | 4 arch/arm64/kvm/arm.c | 8 arch/arm64/mm/hugetlbpage.c | 12 arch/arm64/mm/init.c | 7 arch/loongarch/include/uapi/asm/ptrace.h | 10 arch/loongarch/kernel/ptrace.c | 6 arch/m68k/include/asm/vga.h | 8 arch/mips/Kconfig | 1 arch/mips/kernel/ftrace.c | 2 arch/mips/loongson64/boardinfo.c | 2 arch/mips/math-emu/cp1emu.c | 2 arch/mips/pci/pci-legacy.c | 8 arch/parisc/Kconfig | 4 arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/s390/include/asm/asm-extable.h | 4 arch/s390/include/asm/fpu-insn.h | 17 arch/s390/include/asm/futex.h | 2 arch/s390/include/asm/processor.h | 3 arch/s390/kernel/vmlinux.lds.S | 1 arch/s390/kvm/vsie.c | 25 arch/s390/mm/extable.c | 9 arch/s390/pci/pci_bus.c | 1 arch/x86/boot/compressed/Makefile | 1 arch/x86/include/asm/kexec.h | 18 arch/x86/include/asm/kvm_host.h | 2 arch/x86/kernel/acpi/boot.c | 50 - arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/machine_kexec_64.c | 45 arch/x86/kernel/process.c | 2 arch/x86/kernel/reboot.c | 2 arch/x86/kvm/lapic.c | 11 arch/x86/kvm/lapic.h | 1 arch/x86/kvm/mmu/mmu.c | 45 arch/x86/kvm/svm/sev.c | 2 arch/x86/kvm/vmx/nested.c | 5 arch/x86/kvm/vmx/vmx.c | 21 arch/x86/kvm/vmx/vmx.h | 1 arch/x86/kvm/x86.c | 7 arch/x86/mm/fault.c | 2 arch/x86/pci/fixup.c | 30 arch/x86/platform/efi/quirks.c | 5 arch/x86/xen/xen-head.S | 5 block/blk-cgroup.c | 1 block/blk-sysfs.c | 3 block/fops.c | 5 drivers/accel/ivpu/ivpu_drv.c | 8 drivers/accel/ivpu/ivpu_pm.c | 86 - drivers/acpi/apei/ghes.c | 10 drivers/acpi/prmt.c | 4 drivers/acpi/property.c | 10 drivers/ata/libata-sff.c | 18 drivers/bluetooth/btusb.c | 6 drivers/char/misc.c | 39 drivers/char/tpm/eventlog/acpi.c | 15 drivers/clk/clk-loongson2.c | 5 drivers/clk/mediatek/clk-mt2701-aud.c | 10 drivers/clk/mediatek/clk-mt2701-bdp.c | 1 drivers/clk/mediatek/clk-mt2701-img.c | 1 drivers/clk/mediatek/clk-mt2701-mm.c | 1 drivers/clk/mediatek/clk-mt2701-vdec.c | 1 drivers/clk/mmp/pwr-island.c | 2 drivers/clk/qcom/Kconfig | 1 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/dispcc-sm6350.c | 7 drivers/clk/qcom/gcc-mdm9607.c | 2 drivers/clk/qcom/gcc-sm6350.c | 22 drivers/clk/qcom/gcc-sm8550.c | 8 drivers/clk/qcom/gcc-sm8650.c | 8 drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 drivers/cpufreq/Kconfig | 2 drivers/cpufreq/cpufreq-dt-platdev.c | 2 drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/qce/aead.c | 2 drivers/crypto/qce/core.c | 13 drivers/crypto/qce/sha.c | 2 drivers/crypto/qce/skcipher.c | 2 drivers/firmware/Kconfig | 2 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/qcom/qcom_scm.c | 10 drivers/gpio/Kconfig | 1 drivers/gpio/gpio-pca953x.c | 19 drivers/gpio/gpio-sim.c | 13 drivers/gpu/drm/Kconfig | 4 drivers/gpu/drm/Makefile | 1 drivers/gpu/drm/amd/amdgpu/Kconfig | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 2 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c | 35 drivers/gpu/drm/amd/display/dc/dml2/display_mode_core_structs.h | 6 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 drivers/gpu/drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 drivers/gpu/drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn301/dcn301_resource.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/ast/ast_dp.c | 2 drivers/gpu/drm/bridge/analogix/anx7625.c | 2 drivers/gpu/drm/bridge/ite-it6505.c | 83 - drivers/gpu/drm/bridge/ite-it66121.c | 2 drivers/gpu/drm/display/drm_dp_cec.c | 14 drivers/gpu/drm/drm_client_modeset.c | 9 drivers/gpu/drm/drm_connector.c | 1 drivers/gpu/drm/drm_edid.c | 6 drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 + drivers/gpu/drm/exynos/exynos_hdmi.c | 2 drivers/gpu/drm/i915/display/intel_dp.c | 10 drivers/gpu/drm/i915/display/intel_hdcp.c | 13 drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 13 drivers/gpu/drm/msm/dp/dp_audio.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 drivers/gpu/drm/radeon/radeon_audio.c | 2 drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 drivers/gpu/drm/sti/sti_hdmi.c | 2 drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 drivers/gpu/drm/vc4/vc4_hdmi.c | 4 drivers/gpu/drm/virtio/virtgpu_drv.h | 7 drivers/gpu/drm/virtio/virtgpu_plane.c | 58 - drivers/gpu/drm/xe/regs/xe_oa_regs.h | 6 drivers/gpu/drm/xe/xe_devcoredump.c | 40 drivers/gpu/drm/xe/xe_devcoredump.h | 2 drivers/gpu/drm/xe/xe_gt.c | 4 drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 14 drivers/gpu/drm/xe/xe_gt_sriov_pf.h | 6 drivers/gpu/drm/xe/xe_guc_ct.c | 3 drivers/gpu/drm/xe/xe_guc_log.c | 4 drivers/gpu/drm/xe/xe_oa.c | 12 drivers/hid/hid-asus.c | 26 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-sensor-hub.c | 21 drivers/hid/wacom_wac.c | 5 drivers/i2c/i2c-core-acpi.c | 22 drivers/i3c/master.c | 2 drivers/iio/chemical/bme680_core.c | 4 drivers/iio/dac/ad3552r-common.c | 5 drivers/iio/dac/ad3552r-hs.c | 6 drivers/iio/dac/ad3552r.h | 8 drivers/iio/light/as73211.c | 24 drivers/infiniband/hw/mlx5/mr.c | 17 drivers/infiniband/hw/mlx5/odp.c | 2 drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 drivers/input/mouse/synaptics.c | 56 - drivers/input/mouse/synaptics.h | 1 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 drivers/iommu/intel/iommu.c | 7 drivers/iommu/iommufd/fault.c | 44 drivers/iommu/iommufd/iommufd_private.h | 29 drivers/irqchip/Kconfig | 1 drivers/irqchip/irq-apple-aic.c | 3 drivers/irqchip/irq-mvebu-icu.c | 3 drivers/leds/leds-lp8860.c | 2 drivers/mailbox/tegra-hsp.c | 6 drivers/mailbox/zynqmp-ipi-mailbox.c | 2 drivers/md/Kconfig | 13 drivers/md/Makefile | 2 drivers/md/dm-crypt.c | 27 drivers/md/md-autodetect.c | 8 drivers/md/md-linear.c | 352 +++++++ drivers/md/md.c | 2 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/ccs/ccs-data.c | 14 drivers/media/i2c/ds90ub913.c | 1 drivers/media/i2c/ds90ub953.c | 1 drivers/media/i2c/ds90ub960.c | 123 +- drivers/media/i2c/imx296.c | 2 drivers/media/i2c/ov5640.c | 1 drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 drivers/media/platform/marvell/mmp-driver.c | 21 drivers/media/platform/nuvoton/npcm-video.c | 4 drivers/media/platform/qcom/venus/core.c | 8 drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 drivers/media/usb/uvc/uvc_ctrl.c | 83 + drivers/media/usb/uvc/uvc_driver.c | 98 - drivers/media/usb/uvc/uvc_v4l2.c | 2 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/usb/uvc/uvcvideo.h | 10 drivers/media/v4l2-core/v4l2-mc.c | 2 drivers/mfd/axp20x.c | 2 drivers/mfd/lpc_ich.c | 3 drivers/misc/fastrpc.c | 8 drivers/mmc/core/sdio.c | 2 drivers/mmc/host/sdhci-esdhc-imx.c | 1 drivers/mmc/host/sdhci-msm.c | 53 + drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/mtd/ubi/build.c | 2 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 drivers/net/ethernet/broadcom/tg3.c | 58 + drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 drivers/net/ethernet/intel/ice/ice_txrx.c | 150 ++- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 drivers/net/ethernet/marvell/octeon_ep/octep_ethtool.c | 41 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 19 drivers/net/ethernet/marvell/octeon_ep/octep_main.h | 6 drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 17 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c | 24 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 - drivers/net/phy/nxp-c45-tja11xx.c | 2 drivers/net/tun.c | 2 drivers/net/usb/ipheth.c | 69 - drivers/net/vmxnet3/vmxnet3_xdp.c | 14 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 5 drivers/net/wireless/ath/ath12k/mac.c | 57 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/Makefile | 2 drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 drivers/net/wireless/realtek/rtw88/main.h | 4 drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 drivers/net/wireless/realtek/rtw88/sdio.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 16 drivers/net/wireless/realtek/rtw89/pci.h | 9 drivers/net/wireless/realtek/rtw89/pci_be.c | 1 drivers/net/wireless/realtek/rtw89/phy.c | 11 drivers/net/wireless/realtek/rtw89/phy.h | 2 drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 + drivers/nvme/host/core.c | 8 drivers/nvme/host/fc.c | 9 drivers/nvme/host/pci.c | 4 drivers/nvme/host/sysfs.c | 2 drivers/nvme/target/admin-cmd.c | 1 drivers/nvmem/core.c | 2 drivers/nvmem/imx-ocotp-ele.c | 38 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/of/address.c | 12 drivers/of/base.c | 8 drivers/of/of_reserved_mem.c | 9 drivers/pci/controller/dwc/pcie-designware-ep.c | 46 drivers/pci/endpoint/pci-epf-core.c | 1 drivers/pci/tph.c | 2 drivers/perf/fsl_imx9_ddr_perf.c | 33 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 drivers/pinctrl/samsung/pinctrl-samsung.c | 2 drivers/platform/x86/acer-wmi.c | 45 drivers/platform/x86/intel/int3472/discrete.c | 3 drivers/platform/x86/intel/int3472/tps68470.c | 3 drivers/platform/x86/serdev_helpers.h | 4 drivers/ptp/ptp_clock.c | 8 drivers/pwm/pwm-microchip-core.c | 2 drivers/remoteproc/omap_remoteproc.c | 17 drivers/rtc/rtc-zynqmp.c | 4 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_dfs.c | 124 ++ drivers/scsi/qla2xxx/qla_gbl.h | 3 drivers/scsi/qla2xxx/qla_init.c | 28 drivers/scsi/scsi_lib.c | 9 drivers/scsi/st.c | 6 drivers/scsi/st.h | 1 drivers/scsi/storvsc_drv.c | 1 drivers/soc/mediatek/mtk-devapc.c | 19 drivers/soc/qcom/llcc-qcom.c | 1 drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/soc/samsung/exynos-pmu.c | 2 drivers/spi/atmel-quadspi.c | 118 +- drivers/tty/serial/sh-sci.c | 25 drivers/tty/serial/xilinx_uartps.c | 8 drivers/tty/vt/selection.c | 14 drivers/tty/vt/vt.c | 2 drivers/ufs/core/ufshcd.c | 31 drivers/ufs/host/ufs-qcom.c | 18 drivers/ufs/host/ufshcd-pci.c | 2 drivers/ufs/host/ufshcd-pltfrm.c | 28 drivers/usb/gadget/function/f_tcm.c | 54 - drivers/vfio/platform/vfio_platform_common.c | 10 fs/binfmt_flat.c | 2 fs/btrfs/ctree.c | 2 fs/btrfs/file.c | 2 fs/btrfs/ordered-data.c | 12 fs/btrfs/qgroup.c | 5 fs/btrfs/raid-stripe-tree.c | 26 fs/btrfs/relocation.c | 14 fs/btrfs/transaction.c | 4 fs/ceph/mds_client.c | 16 fs/exec.c | 29 fs/namespace.c | 50 - fs/netfs/read_collect.c | 21 fs/netfs/read_pgpriv2.c | 5 fs/nfs/Kconfig | 3 fs/nfs/flexfilelayout/flexfilelayout.c | 27 fs/nfsd/nfs4xdr.c | 20 fs/nilfs2/inode.c | 6 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/pidfs.c | 34 fs/proc/array.c | 2 fs/smb/client/cifsglob.h | 14 fs/smb/client/dir.c | 6 fs/smb/client/smb1ops.c | 2 fs/smb/client/smb2inode.c | 108 +- fs/smb/client/smb2ops.c | 41 fs/smb/client/smb2pdu.c | 2 fs/smb/client/smb2proto.h | 2 fs/smb/server/transport_ipc.c | 9 fs/xfs/xfs_exchrange.c | 71 - fs/xfs/xfs_inode.c | 7 fs/xfs/xfs_iomap.c | 6 include/drm/drm_connector.h | 5 include/drm/drm_utils.h | 4 include/linux/binfmts.h | 4 include/linux/call_once.h | 45 include/linux/hrtimer_defs.h | 1 include/linux/jiffies.h | 2 include/linux/kvm_host.h | 9 include/linux/mlx5/driver.h | 1 include/linux/platform_data/x86/asus-wmi.h | 5 include/net/sch_generic.h | 2 include/rv/da_monitor.h | 4 include/trace/events/rxrpc.h | 1 include/uapi/drm/amdgpu_drm.h | 9 include/uapi/linux/input-event-codes.h | 1 include/uapi/linux/iommufd.h | 4 include/uapi/linux/raid/md_p.h | 2 include/uapi/linux/raid/md_u.h | 2 include/ufs/ufs.h | 4 include/ufs/ufshcd.h | 1 io_uring/net.c | 5 io_uring/poll.c | 4 kernel/bpf/verifier.c | 2 kernel/locking/test-ww_mutex.c | 9 kernel/printk/printk.c | 2 kernel/sched/core.c | 6 kernel/sched/fair.c | 19 kernel/seccomp.c | 12 kernel/time/hrtimer.c | 103 +- kernel/time/timer_migration.c | 10 kernel/trace/ring_buffer.c | 13 kernel/trace/trace_functions_graph.c | 2 kernel/trace/trace_osnoise.c | 17 lib/Kconfig.debug | 8 lib/atomic64.c | 78 - lib/maple_tree.c | 23 mm/compaction.c | 3 mm/gup.c | 14 mm/hugetlb.c | 24 mm/kfence/core.c | 2 mm/kmemleak.c | 2 mm/vmscan.c | 7 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/mgmt.c | 12 net/ethtool/ioctl.c | 2 net/ethtool/rss.c | 3 net/ipv4/udp.c | 4 net/ipv6/udp.c | 4 net/ncsi/ncsi-manage.c | 13 net/nfc/nci/hci.c | 2 net/rose/af_rose.c | 24 net/rxrpc/ar-internal.h | 2 net/rxrpc/call_object.c | 6 net/rxrpc/conn_event.c | 21 net/rxrpc/conn_object.c | 1 net/rxrpc/input.c | 2 net/rxrpc/sendmsg.c | 2 net/sched/sch_fifo.c | 3 net/sched/sch_netem.c | 2 net/tipc/crypto.c | 4 rust/kernel/init.rs | 2 scripts/Makefile.extrawarn | 5 scripts/gdb/linux/cpus.py | 2 scripts/generate_rust_target.rs | 18 security/keys/trusted-keys/trusted_dcp.c | 22 security/safesetid/securityfs.c | 3 security/tomoyo/common.c | 2 sound/pci/hda/hda_auto_parser.c | 8 sound/pci/hda/hda_auto_parser.h | 1 sound/pci/hda/patch_realtek.c | 20 sound/soc/amd/Kconfig | 2 sound/soc/amd/yc/acp6x-mach.c | 28 sound/soc/intel/boards/sof_sdw.c | 5 sound/soc/renesas/rz-ssi.c | 10 sound/soc/soc-pcm.c | 32 sound/soc/sof/intel/hda-dai.c | 12 sound/soc/sof/intel/hda.c | 5 tools/perf/bench/epoll-wait.c | 7 tools/testing/selftests/bpf/progs/exceptions_fail.c | 4 tools/testing/selftests/bpf/progs/preempt_lock.c | 14 tools/testing/selftests/bpf/progs/verifier_spin_lock.c | 2 tools/testing/selftests/drivers/net/hw/rss_ctx.py | 2 tools/testing/selftests/net/ipsec.c | 3 tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 tools/testing/selftests/net/udpgso.c | 26 tools/tracing/rtla/src/osnoise.c | 2 tools/tracing/rtla/src/timerlat_hist.c | 26 tools/tracing/rtla/src/timerlat_top.c | 27 tools/tracing/rtla/src/trace.c | 8 tools/tracing/rtla/src/trace.h | 1 478 files changed, 5311 insertions(+), 2635 deletions(-) Abel Vesa (1): arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Abhinav Kumar (1): drm/msm/dpu: filter out too wide modes if no 3dmux is present Alain Volmat (1): media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Alice Ryhl (1): x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Anandu Krishnan E (1): misc: fastrpc: Deregister device nodes properly in error scenarios Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andre Przywara (1): Revert "mfd: axp20x: Allow multiple regulators" Andreas Kemnade (2): cpufreq: fix using cpufreq-dt as module ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Andrew Halaney (1): Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 André Draszik (1): scsi: ufs: core: Fix use-after free in init error and remove paths Andy Shevchenko (1): ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Angelo Dureghello (2): iio: dac: ad3552r-common: fix ad3541/2r ranges iio: dac: ad3552r-hs: clear reset status flag Ankit Nautiyal (1): drm/i915/dp: fix the Adaptive sync Operation mode for SDP Anshuman Khandual (1): arm64/mm: Ensure adequate HUGE_MAX_HSTATE Antoine Viallon (1): ceph: fix memory leak in ceph_mds_auth_match() Ard Biesheuvel (3): arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 arm64/mm: Override PARange for !LPA2 and use it consistently arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Aric Cyr (1): drm/amd/display: Optimize cursor position updates Armin Wolf (3): platform/x86: acer-wmi: Add support for Acer PH14-51 platform/x86: acer-wmi: Add support for Acer Predator PH16-72 platform/x86: acer-wmi: Ignore AC events Ashutosh Dixit (1): drm/xe/oa: Preserve oa_ctrl unused bits Aubrey Li (1): ACPI: PRM: Remove unnecessary strict handler address checks Ausef Yousof (2): drm/amd/display: Populate chroma prefetch parameters, DET buffer fix drm/amd/display: Overwriting dualDPP UBF values before usage Bao D. Nguyen (1): scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Bard Liao (1): ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Bart Van Assche (1): md: Fix linear_set_limits() Bartosz Golaszewski (3): gpio: sim: lock hog configfs items if present crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path Bence Csókás (1): spi: atmel-qspi: Memory barriers after memory-mapped I/O Binbin Zhou (1): clk: clk-loongson2: Fix the number count of clk provider Bitterblue Smith (1): wifi: rtlwifi: rtl8821ae: Fix media status report Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Brad Griffis (1): arm64: tegra: Fix Tegra234 PCIe interrupt-map Brian Geffon (1): drm/i915: Fix page cleanup on DMA remap failure Carlos Llamas (1): lockdep: Fix upper limit for LOCKDEP_*_BITS configs Catalin Marinas (1): mm: kmemleak: fix upper boundary check for physical address objects Chao Gao (1): KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Chen-Yu Tsai (2): arm64: dts: mediatek: mt8183: Disable DPI display output by default arm64: dts: mediatek: mt8183: Disable DSI display output by default Chih-Kang Chang (1): wifi: rtw89: add crystal_cap check to avoid setting as overflow value Christian Brauner (2): pidfs: check for valid ioctl commands pidfs: improve ioctl handling Christoph Hellwig (1): xfs: don't call remap_verify_area with sb write protection held Chuck Lever (1): NFSD: Encode COMPOUND operation status on page boundaries Ciprian Marian Costea (1): mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Claudiu Beznea (3): ASoC: renesas: rz-ssi: Terminate all the DMA transactions serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Cody Eksal (1): clk: sunxi-ng: a100: enable MMC clock reparenting Cong Wang (1): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Conor Dooley (1): pwm: microchip-core: fix incorrect comparison with max period Cosmin Tanislav (1): media: mc: fix endpoint iteration Csókás, Bence (1): spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Dan Carpenter (7): tipc: re-order conditions in tipc_crypto_key_rcv() binfmt_flat: Fix integer overflow bug on 32 bit systems ksmbd: fix integer overflows on 32 bit systems ASoC: renesas: rz-ssi: Add a check for negative sample_space iio: chemical: bme680: Fix uninitialized variable in __bme680_read_raw() NFC: nci: Add bounds checking in nci_hci_create_pipe() md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Daniel Golle (5): clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe clk: mediatek: mt2701-bdp: add missing dummy clk clk: mediatek: mt2701-img: add missing dummy clk clk: mediatek: mt2701-mm: add missing dummy clk Daniel Wagner (2): nvme: handle connectivity loss in nvme_set_queue_count nvme-fc: use ctrl state getter Daniele Ceraolo Spurio (1): drm/i915/guc: Debug print LRC state entries only if the context is pinned Dave Young (1): x86/efi: skip memattr table on kexec boot David Gstir (1): KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (2): rxrpc: Fix the rxrpc_connection attend queue handling rxrpc: Fix call state set to not include the SERVER_SECURING state David Woodhouse (1): x86/kexec: Allocate PGD for x86_64 transition page tables separately Denis Arefev (1): ubi: Add a check for ubi_num Dmitry Antipov (1): wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry Baryshkov (13): drm/tests: hdmi: handle empty modes in find_preferred_mode() drm/tests: hdmi: return meaningful value from set_connector_edid() drm/connector: add mutex to protect ELD from concurrent access drm/bridge: anx7625: use eld_mutex to protect access to connector->eld drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld drm/amd/display: use eld_mutex to protect access to connector->eld drm/exynos: hdmi: use eld_mutex to protect access to connector->eld drm/msm/dp: use eld_mutex to protect access to connector->eld drm/radeon: use eld_mutex to protect access to connector->eld drm/sti: hdmi: use eld_mutex to protect access to connector->eld drm/vc4: hdmi: use eld_mutex to protect access to connector->eld arm64: dts: qcom: sm8550: correct MDSS interconnects arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Torokhov (1): Input: synaptics - fix crash when enabling pass-through port Dongwon Kim (1): drm/virtio: New fence for every plane update Dragan Simic (1): nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Dustin L. Howett (1): drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Easwar Hariharan (1): jiffies: Cast to unsigned long in secs_to_jiffies() conversion Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo C6400 Ekansh Gupta (2): misc: fastrpc: Fix registered buffer page address misc: fastrpc: Fix copy buffer page size En-Wei Wu (1): Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Eric Biggers (2): scsi: ufs: qcom: Fix crypto key eviction crypto: qce - fix priority to be less than ARMv8 CE Eric Dumazet (1): net: rose: lock the socket in rose_bind() Even Xu (1): HID: Wacom: Add PCI Wacom device support Eyal Birger (1): seccomp: passthrough uretprobe systemcall without filtering Fangzhi Zuo (1): drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Fedor Pchelkin (2): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Filipe Manana (3): btrfs: fix lockdep splat while merging a relocation root btrfs: fix assertion failure when splitting ordered extent after transaction abort btrfs: fix use-after-free when attempting to join an aborted transaction Fiona Klute (1): wifi: rtw88: sdio: Fix disconnection after beacon loss Florian Fainelli (1): net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Foster Snowhill (7): usbnet: ipheth: fix possible overflow in DPE length check usbnet: ipheth: use static NDP16 location in URB usbnet: ipheth: check that DPE points past NCM header usbnet: ipheth: refactor NCM datagram loop usbnet: ipheth: break up NCM header size computation usbnet: ipheth: fix DPE OoB read usbnet: ipheth: document scope of NCM implementation Frank Li (1): i3c: master: Fix missing 'ret' assignment in set_speed() Frederic Weisbecker (2): hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING timers/migration: Fix off-by-one root mis-connection Gabe Teeger (1): drm/amd/display: Limit Scaling Ratio on DCN3.01 Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gabriele Monaco (1): rv: Reset per-task monitors also for idle tasks Geert Uytterhoeven (2): irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI gpio: GPIO_GRGPIO should depend on OF Georg Gottleuber (2): nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Greg Kroah-Hartman (1): Linux 6.13.3 Günther Noack (1): tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (3): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id platform/x86: int3472: Check for adev == NULL platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Hao-ran Zheng (1): btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Haoxiang Li (1): drm/komeda: Add check for komeda_get_layer_fourcc_list() Heiko Carstens (2): s390/futex: Fix FUTEX_OP_ANDN implementation s390/fpu: Add fpc exception handler / remove fixup section again Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Helge Deller (1): parisc: Temporarily disable jump label support Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hermes Wu (5): drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT drm/bridge: it6505: fix HDCP Bstatus check drm/bridge: it6505: fix HDCP encryption when R0 ready drm/bridge: it6505: fix HDCP CTS compare V matching drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hou Tao (2): dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() dm-crypt: track tag_offset in convert_context Hridesh MG (1): platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Ido Schimmel (1): net: sched: Fix truncation of offloaded action statistics Igor Pylypiv (1): scsi: core: Do not retry I/Os during depopulation Illia Ostapyshyn (1): Input: allocate keycode for phone linking Ivan Stepchenko (1): mtd: onenand: Fix uninitialized retlen in do_otp_read() Jacek Lawrynowicz (4): accel/ivpu: Fix Qemu crash when running in passthrough accel/ivpu: Fix error handling in ivpu_boot() accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails accel/ivpu: Fix error handling in recovery/reset Jacob Moroni (1): net: atlantic: fix warning during hot unplug Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jakub Kicinski (3): ethtool: rss: fix hiding unsupported fields in dumps ethtool: ntuple: fix rss + ring_cookie check selftests: drv-net: rss_ctx: add missing cleanup in queue reconfigure Jan Kiszka (1): scripts/gdb: fix aarch64 userspace detection in get_current_task Jani Nikula (1): drm/i915/dp: Iterate DSC BPP from high to low on all platforms Jarkko Sakkinen (1): tpm: Change to kvalloc() in eventlog/acpi.c Javier Carrasco (2): iio: light: as73211: fix channel handling in only-color triggered buffer pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Jay Cornwall (1): drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Jeff Layton (1): fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jens Axboe (2): block: don't revert iter for -EIOCBQUEUED io_uring/net: don't retry connect operation on EPOLLERR Jeongjun Park (1): ring-buffer: Make reading page consistent with the code logic Jiasheng Jiang (1): ice: Add check for devm_kzalloc() Jiaxun Yang (1): MIPS: pci-legacy: Override pci_address_to_pio Johannes Thumshirn (1): btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (2): x86/xen: fix xen_hypercall_hvm() to not clobber %rbx x86/xen: add FRAME_END to xen_hypercall_hvm() K Prateek Nayak (1): sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Kai Mäkisara (1): scsi: st: Don't set pos_unknown just after device recognition Kalle Valo (1): wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' Karol Przybylski (1): wifi: ath12k: Fix for out-of bound access error Kees Bakker (1): iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE Kees Cook (1): exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Keith Busch (2): nvme: make nvme_tls_attrs_group static kvm: defer huge page recovery vhost task to later Kenneth Feng (1): drm/amd/amdgpu: change the config of cgcg on gfx12 Kexy Biscuit (1): MIPS: Loongson64: remove ROM Size unit in boardinfo Konrad Dybcio (2): clk: qcom: Make GCC_8150 depend on QCOM_GDSC soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski (29): firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() arm64: dts: qcom: sdx75: Fix MPSS memory length arm64: dts: qcom: x1e80100: Fix ADSP memory base and length arm64: dts: qcom: x1e80100: Fix CDSP memory length arm64: dts: qcom: sm6115: Fix MPSS memory length arm64: dts: qcom: sm6115: Fix CDSP memory length arm64: dts: qcom: sm6115: Fix ADSP memory base and length arm64: dts: qcom: sm6350: Fix ADSP memory length arm64: dts: qcom: sm6350: Fix MPSS memory length arm64: dts: qcom: sm6375: Fix ADSP memory length arm64: dts: qcom: sm6375: Fix CDSP memory base and length arm64: dts: qcom: sm6375: Fix MPSS memory base and length arm64: dts: qcom: sm8350: Fix ADSP memory base and length arm64: dts: qcom: sm8350: Fix CDSP memory base and length arm64: dts: qcom: sm8350: Fix MPSS memory length arm64: dts: qcom: sm8450: Fix ADSP memory base and length arm64: dts: qcom: sm8450: Fix CDSP memory length arm64: dts: qcom: sm8450: Fix MPSS memory length arm64: dts: qcom: sm8550: Fix ADSP memory base and length arm64: dts: qcom: sm8550: Fix CDSP memory length arm64: dts: qcom: sm8550: Fix MPSS memory length arm64: dts: qcom: sm8650: Fix ADSP memory base and length arm64: dts: qcom: sm8650: Fix CDSP memory length arm64: dts: qcom: sm8650: Fix MPSS memory length soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() soc: mediatek: mtk-devapc: Fix leaking IO map on error paths soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove soc: qcom: smem_state: fix missing of_node_put in error path Kuan-Wei Chiu (3): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX perf bench: Fix undefined behavior in cmpworker() ALSA: hda: Fix headset detection failure due to unstable sort Kumar Kartikeya Dwivedi (1): bpf: Improve verifier log for resource leak on exit Kuninori Morimoto (1): ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Lad Prabhakar (1): pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leo Stone (1): safesetid: check size of policy writes Li Zhijian (1): mm/vmscan: accumulate nr_demoted for accurate demotion statistics Lijo Lazar (1): drm/amd/pm: Mark MM activity as unsupported Liu Shixin (1): mm/compaction: fix UBSAN shift-out-of-bounds warning Liu Ye (1): selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Lo-an Chen (1): drm/amd/display: Fix seamless boot sequence Long Li (1): scsi: storvsc: Set correct data length for sending SCSI command without payload Lubomir Rintel (2): clk: mmp2: call pm_genpd_init() only after genpd.name is set media: mmp: Bring back registration of the device Luca Weiss (4): clk: qcom: gcc-sm6350: Add missing parent_map for two clocks clk: qcom: dispcc-sm6350: Add missing parent_map for a clock arm64: dts: qcom: sm6350: Fix uart1 interconnect path nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Lucas De Marchi (2): drm/xe/devcoredump: Move exec queue snapshot to Contexts section drm/xe: Fix and re-enable xe_print_blob_ascii85() Luke D. Jones (1): HID: hid-asus: Disable OOBE mode on the ProArt P16 Maarten Lankhorst (2): drm/modeset: Handle tiled displays in pan_display_atomic. drm/client: Handle tiled displays better Maciej Fijalkowski (3): ice: put Rx buffers after being done with current frame ice: gather page_count()'s of each frag right before XDP prog call ice: stop storing XDP verdict within ice_rx_buf Maciej S. Szmigiero (1): net: wwan: iosm: Fix hibernation by re-binding the driver around it Manivannan Sadhasivam (2): clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Marc Zyngier (2): arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented KVM: arm64: timer: Always evaluate the need for a soft timer Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Elver (1): kfence: skip __GFP_THISNODE allocations on NUMA systems Marek Olšák (1): drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Mario Limonciello (1): ASoC: acp: Support microphone from Lenovo Go S Mark Brown (1): arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Mark Dietzer (1): Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x Mark Tomlinson (1): gpio: pca953x: Improve interrupt support Mateusz Jończyk (1): mips/math-emu: fix emulation of the prefx instruction Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Matthieu Baerts (NGI0) (1): selftests: mptcp: connect: -f: no reconnect Max Kellermann (2): fs/netfs/read_pgpriv2: skip folio queues without `marks3` fs/netfs/read_collect: fix crash due to uninitialized `prev` variable Mazin Al Haddad (1): Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Meetakshi Setiya (1): smb: client: change lease epoch type from unsigned int to __u16 Mehdi Djait (1): media: ccs: Fix cleanup order in ccs_probe() Michal Simek (1): rtc: zynqmp: Fix optional clock name property Michal Wajdeczko (1): drm/xe/pf: Fix migration initialization Miguel Ojeda (1): rust: init: use explicit ABI to clean warning in future compilers Mike Snitzer (1): pnfs/flexfiles: retry getting layout segment for reads Miklos Szeredi (2): statmount: let unset strings be empty fs: fix adding security options to statmount.mnt_opt Milos Reljin (1): net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Ming Lei (1): block: mark GFP_NOIO around sysfs ->store() Miri Korenblit (1): wifi: iwlwifi: avoid memory leak Nam Cao (1): fs/proc: do_task_stat: Fix ESP not readable during coredump Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (4): drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kbuild: Move -Wenum-enum-conversion to W=2 x86/boot: Use '-std=gnu11' to fix build with GCC 15 Naushir Patuck (1): media: imx296: Add standby delay during probe Nick Chan (1): irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Nick Morrow (1): wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Nicolin Chen (4): iommufd: Fix struct iommu_hwpt_pgfault init and padding iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() iommufd/fault: Use a separate spinlock to protect fault->deliver list Nikita Zhandarovich (1): nilfs2: fix possible int overflows in nilfs_fiemap() Niklas Cassel (3): PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() ata: libata-sff: Ensure that we cannot write outside the allocated buffer Niklas Schnelle (1): s390/pci: Fix SR-IOV for PFs initially in standby Pali Rohár (1): cifs: Remove intermediate object of failed create SFU call Paul Fertser (1): net/ncsi: wait for the last response to Deselect Package before configuring channel Pavel Begunkov (1): io_uring: fix multishots with selected buffers Pekka Pessi (1): mailbox: tegra-hsp: Clear mailbox before using message Peng Fan (1): Input: bbnsm_pwrkey - add remove hook Peter Xu (1): mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Peter Zijlstra (2): x86: Convert unreachable() to BUG() x86/mm: Convert unreachable() to BUG() Philip Yang (2): drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt drm/amdkfd: Queue interrupt work to different CPU Ping-Ke Shih (2): wifi: rtw88: add __packed attribute to efuse layout struct wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Prike Liang (1): drm/amdkfd: only flush the validate MES contex Qu Wenruo (1): btrfs: do not output error message if a qgroup has been already cleaned up Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Quinn Tran (1): scsi: qla2xxx: Move FCE Trace buffer allocation to user control Randolph Ha (1): i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Ricardo Ribalda (6): media: uvcvideo: Fix crash during unbind if gpio unit is in use media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Support partial control reads media: uvcvideo: Only save async fh if success media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Remove dangling pointers Richard Acayan (1): iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Ritesh Harjani (IBM) (1): mm/hugetlb: fix hugepage allocation for interleaved memory nodes Robin Murphy (3): iommu/arm-smmu-v3: Clean up more on probe failure PCI/TPH: Restore TPH Requester Enable correctly remoteproc: omap: Handle ARM dma_iommu_mapping Rodrigo Siqueira (1): Revert "drm/amd/display: Fix green screen issue after suspend" Roger Quadros (1): net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Romain Naour (1): ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Ruben Devos (1): smb: client: fix order of arguments of tracepoints Sagi Grimberg (1): nvmet: fix a memory leak in controller identify Sakari Ailus (3): media: ccs: Clean up parsed CCS static data on parse failure media: Documentation: tx-rx: Fix formatting media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Sankararaman Jayaraman (1): vmxnet3: Fix tx queue race condition with XDP Sascha Hauer (4): nvmem: imx-ocotp-ele: simplify read beyond device check nvmem: imx-ocotp-ele: fix MAC address byte order nvmem: imx-ocotp-ele: fix reading from non zero offset nvmem: imx-ocotp-ele: set word length to 1 Satya Priya Kakitapalli (1): clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Sean Anderson (1): tty: xilinx_uartps: split sysrq handling Sean Christopherson (2): KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Sebastian Wiese-Wagner (1): ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Sergey Senozhatsky (1): media: venus: destroy hfi session after m2m_ctx release Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Shayne Chen (1): wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Shinas Rasheed (2): octeon_ep: update tx/rx stats locally for persistence octeon_ep_vf: update tx/rx stats locally for persistence Simon Trimmer (1): ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 Somashekhar(Som) (1): wifi: iwlwifi: pcie: Add support for new device ids Stanislaw Gruszka (1): media: intel/ipu6: remove cpu latency qos request on error Stas Sergeev (1): tun: fix group permission check Stefan Dösinger (1): wifi: brcmfmac: Check the return value of of_property_read_string_index() Stefan Eichenberger (1): irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Stephan Gerhold (8): arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-dell-xps13-9345: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies soc: qcom: socinfo: Avoid out of bounds read of serial number Steven Rostedt (4): ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() atomic64: Use arch_spin_locks instead of raw_spin_locks fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT tracing/osnoise: Fix resetting of tracepoints Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sumit Gupta (2): arm64: tegra: Fix typo in Tegra234 dce-fabric compatible arm64: tegra: Disable Tegra234 sce-fabric node Suraj Kandpal (1): drm/i915/hdcp: Fix Repeater authentication during topology change Sven Schnelle (1): s390/stackleak: Use exrl instead of ex in __stackleak_poison() Takashi Iwai (2): ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (1): Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Thinh Nguyen (4): usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice Thomas Weißschuh (5): drm: Add panel backlight quirks drm/amd/display: Add support for minimum backlight quirk drm: panel-backlight-quirks: Add Framework 13 matte panel of: address: Fix empty resource handling in __of_address_resource_bounds() ptp: Ensure info->enable callback is always set Thomas Zimmermann (3): m68k: vga: Fix I/O defines drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() drm/ast: astdp: Fix timeout for enabling video signal Thorsten Blum (1): locking/ww_mutex/test: Use swap() macro Tiezhu Yang (1): LoongArch: Extend the maximum number of watchpoints Tom Chung (1): Revert "drm/amd/display: Use HW lock mgr for PSR1" Tomas Glozar (6): rtla/osnoise: Distinguish missing workload option rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads rtla: Add trace_instance_stop rtla/timerlat_hist: Stop timerlat tracer on signal rtla/timerlat_top: Stop timerlat tracer on signal Tomi Valkeinen (5): media: i2c: ds90ub960: Fix UB9702 refclk register access media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 media: i2c: ds90ub960: Fix UB9702 VC map media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Uros Bizjak (1): mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Vadim Fedorenko (1): net/mlx5: use do_aux_work for PHC overflow checks Vasily Khoruzhick (1): wifi: rtw88: 8703b: Fix RX/TX issues Ville Syrjälä (1): drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Vimal Agrawal (1): misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Viresh Kumar (1): cpufreq: s3c64xx: Fix compilation warning WangYuli (1): MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Wei Yang (1): maple_tree: simplify split calculation Wentao Liang (2): xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end xfs: Add error handling for xfs_reflink_cancel_cow_range Werner Sembach (1): PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Willem de Bruijn (1): tun: revert fix group permission check Xi Ruoyao (1): Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Xu Yang (1): perf: imx9_perf: Introduce AXI filter version to refactor the driver and better extension Yan Zhai (1): udp: gso: do not drop small packets when PMTU reduces Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Yevgeny Kliteynik (2): net/mlx5: HWS, change error flow on matcher disconnect net/mlx5: HWS, num_of_rules counter on matcher should be atomic Yishai Hadas (1): RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Youwan Wang (1): HID: multitouch: Add quirk for Hantick 5288 touchpad Yu Kuai (1): md: reintroduce md-linear Yu-Chun Lin (1): ASoC: amd: Add ACPI dependency to fix build error Yuanjie Yang (1): mmc: sdhci-msm: Correctly set the load for the regulator Zhang Rui (1): x86/acpi: Fix LAPIC/x2APIC parsing order Zhaoyang Huang (1): mm: gup: fix infinite loop within __get_longterm_locked Zhen Lei (1): media: nuvoton: Fix an error check in npcm_video_ece_init() Zhi Wang (2): nvkm/gsp: correctly advance the read pointer of GSP message queue nvkm: correctly calculate the available space of the GSP cmdq buffer Zijun Hu (6): blk-cgroup: Fix class @block_class's subsystem refcount leakage of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' of: reserved-memory: Warn for missing static reserved memory regions PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()

2 months, 1 week

3
3
0 0

[PATCH v2] ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED

by John Veness

Allows the LED on the dedicated mute button on the HP ProBook 450 G4 laptop to change colour correctly. Signed-off-by: John Veness <john-linux(a)pelago.org.uk> --- Re-submitted with correct tabs (I hope!) sound/pci/hda/patch_conexant.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c index 4985e72b9..34874039a 100644 --- a/sound/pci/hda/patch_conexant.c +++ b/sound/pci/hda/patch_conexant.c @@ -1090,6 +1090,7 @@ static const struct hda_quirk cxt5066_fixups[] = { SND_PCI_QUIRK(0x103c, 0x814f, "HP ZBook 15u G3", CXT_FIXUP_MUTE_LED_GPIO), SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE), SND_PCI_QUIRK(0x103c, 0x822e, "HP ProBook 440 G4", CXT_FIXUP_MUTE_LED_GPIO), + SND_PCI_QUIRK(0x103c, 0x8231, "HP ProBook 450 G4", CXT_FIXUP_MUTE_LED_GPIO), SND_PCI_QUIRK(0x103c, 0x828c, "HP EliteBook 840 G4", CXT_FIXUP_HP_DOCK), SND_PCI_QUIRK(0x103c, 0x8299, "HP 800 G3 SFF", CXT_FIXUP_HP_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x103c, 0x829a, "HP 800 G3 DM", CXT_FIXUP_HP_MIC_NO_PRESENCE), -- 2.48.1

2 months, 1 week

3
3
0 0

[PATCH 5.10.y] f2fs: fix to wait dio completion

by alvalan9＠foxmail.com

From: Chao Yu <chao(a)kernel.org> commit 96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d upstream. It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. Cc: stable(a)vger.kernel.org Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Alva Lan <alvalan9(a)foxmail.com> --- fs/f2fs/file.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 9ecf39c2b47d..81ebbc1d37a6 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -957,6 +957,13 @@ int f2fs_setattr(struct dentry *dentry, struct iattr *attr) return err; } + /* + * wait for inflight dio, blocks should be removed after + * IO completion. + */ + if (attr->ia_size < old_size) + inode_dio_wait(inode); + down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); down_write(&F2FS_I(inode)->i_mmap_sem); @@ -1777,6 +1784,12 @@ static long f2fs_fallocate(struct file *file, int mode, if (ret) goto out; + /* + * wait for inflight dio, blocks should be removed after IO + * completion. + */ + inode_dio_wait(inode); + if (mode & FALLOC_FL_PUNCH_HOLE) { if (offset >= inode->i_size) goto out; -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH 5.15.y] f2fs: fix to wait dio completion

by alvalan9＠foxmail.com

From: Chao Yu <chao(a)kernel.org> commit 96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d upstream. It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. Cc: stable(a)vger.kernel.org Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Alva Lan <alvalan9(a)foxmail.com> --- fs/f2fs/file.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index b38ce5a7a2ef..685a14309406 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -965,6 +965,13 @@ int f2fs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry, return err; } + /* + * wait for inflight dio, blocks should be removed after + * IO completion. + */ + if (attr->ia_size < old_size) + inode_dio_wait(inode); + down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); filemap_invalidate_lock(inode->i_mapping); @@ -1790,6 +1797,12 @@ static long f2fs_fallocate(struct file *file, int mode, if (ret) goto out; + /* + * wait for inflight dio, blocks should be removed after IO + * completion. + */ + inode_dio_wait(inode); + if (mode & FALLOC_FL_PUNCH_HOLE) { if (offset >= inode->i_size) goto out; -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH 6.1.y] f2fs: fix to wait dio completion

by alvalan9＠foxmail.com

From: Chao Yu <chao(a)kernel.org> commit 96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d upstream. It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. Cc: stable(a)vger.kernel.org Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Alva Lan <alvalan9(a)foxmail.com> --- fs/f2fs/file.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 3bab52d33e80..5e2a0cb8d24d 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1048,6 +1048,13 @@ int f2fs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry, return err; } + /* + * wait for inflight dio, blocks should be removed after + * IO completion. + */ + if (attr->ia_size < old_size) + inode_dio_wait(inode); + f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); filemap_invalidate_lock(inode->i_mapping); @@ -1880,6 +1887,12 @@ static long f2fs_fallocate(struct file *file, int mode, if (ret) goto out; + /* + * wait for inflight dio, blocks should be removed after IO + * completion. + */ + inode_dio_wait(inode); + if (mode & FALLOC_FL_PUNCH_HOLE) { if (offset >= inode->i_size) goto out; -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH v3 1/5] misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error

by Kunihiko Hayashi

After devm_request_irq() fails with error in pci_endpoint_test_request_irq(), pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs have been released. However some requested IRQs remain unreleased, so there are still /proc/irq/* entries remaining and we encounters WARN() with the following message: remove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0' WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c And show the call trace that led to this issue: [ 12.050005] Call trace: [ 12.051226] remove_proc_entry+0x190/0x19c (P) [ 12.053448] unregister_irq_proc+0xd0/0x104 [ 12.055541] free_desc+0x4c/0xd0 [ 12.057155] irq_free_descs+0x68/0x90 [ 12.058984] irq_domain_free_irqs+0x15c/0x1bc [ 12.061161] msi_domain_free_locked.part.0+0x184/0x1d4 [ 12.063728] msi_domain_free_irqs_all_locked+0x64/0x8c [ 12.066296] pci_msi_teardown_msi_irqs+0x48/0x54 [ 12.068604] pci_free_msi_irqs+0x18/0x38 [ 12.070564] pci_free_irq_vectors+0x64/0x8c [ 12.072654] pci_endpoint_test_ioctl+0x870/0x1068 [ 12.075006] __arm64_sys_ioctl+0xb0/0xe8 [ 12.076967] invoke_syscall+0x48/0x110 [ 12.078841] el0_svc_common.constprop.0+0x40/0xe8 [ 12.081192] do_el0_svc+0x20/0x2c [ 12.082848] el0_svc+0x30/0xd0 [ 12.084376] el0t_64_sync_handler+0x144/0x168 [ 12.086553] el0t_64_sync+0x198/0x19c [ 12.088383] ---[ end trace 0000000000000000 ]--- To solve this issue, set the number of remaining IRQs to test->num_irqs and release IRQs in advance by calling pci_endpoint_test_release_irq(). Cc: stable(a)vger.kernel.org Fixes: e03327122e2c ("pci_endpoint_test: Add 2 ioctl commands") Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index d5ac71a49386..bbcccd425700 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -259,6 +259,9 @@ static int pci_endpoint_test_request_irq(struct pci_endpoint_test *test) break; } + test->num_irqs = i; + pci_endpoint_test_release_irq(test); + return ret; } -- 2.25.1

2 months, 1 week

2
2
0 0

[PATCH v3] gpio: vf610: add locking to gpio direction functions

by Johan Korsnes

Add locking to `vf610_gpio_direction_input|output()` functions. Without this locking, a race condition exists between concurrent calls to these functions, potentially leading to incorrect GPIO direction settings. To verify the correctness of this fix, a `trylock` patch was applied, where after a couple of reboots the race was confirmed. I.e., one user had to wait before acquiring the lock. With this patch the race has not been encountered. It's worth mentioning that any type of debugging (printing, tracing, etc.) would "resolve"/hide the issue. Fixes: 659d8a62311f ("gpio: vf610: add imx7ulp support") Signed-off-by: Johan Korsnes <johan.korsnes(a)remarkable.no> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Reviewed-by: Haibo Chen <haibo.chen(a)nxp.com> Cc: Bartosz Golaszewski <brgl(a)bgdev.pl> Cc: stable(a)vger.kernel.org --- v3 - Use guards from cleanup.h for spinlock - Added linux-stable to cc - Added Fixes: tags v2 - Added description on correcctness to commit text - Added Reviewed-by from Walleij and Haibo --- drivers/gpio/gpio-vf610.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpio/gpio-vf610.c b/drivers/gpio/gpio-vf610.c index c4f34a347cb6..c36a9dbccd4d 100644 --- a/drivers/gpio/gpio-vf610.c +++ b/drivers/gpio/gpio-vf610.c @@ -36,6 +36,7 @@ struct vf610_gpio_port { struct clk *clk_port; struct clk *clk_gpio; int irq; + spinlock_t lock; /* protect gpio direction registers */ }; #define GPIO_PDOR 0x00 @@ -124,6 +125,7 @@ static int vf610_gpio_direction_input(struct gpio_chip *chip, unsigned int gpio) u32 val; if (port->sdata->have_paddr) { + guard(spinlock_irqsave)(&port->lock); val = vf610_gpio_readl(port->gpio_base + GPIO_PDDR); val &= ~mask; vf610_gpio_writel(val, port->gpio_base + GPIO_PDDR); @@ -142,6 +144,7 @@ static int vf610_gpio_direction_output(struct gpio_chip *chip, unsigned int gpio vf610_gpio_set(chip, gpio, value); if (port->sdata->have_paddr) { + guard(spinlock_irqsave)(&port->lock); val = vf610_gpio_readl(port->gpio_base + GPIO_PDDR); val |= mask; vf610_gpio_writel(val, port->gpio_base + GPIO_PDDR); @@ -297,6 +300,7 @@ static int vf610_gpio_probe(struct platform_device *pdev) return -ENOMEM; port->sdata = device_get_match_data(dev); + spin_lock_init(&port->lock); dual_base = port->sdata->have_dual_base; -- 2.43.0

2 months, 1 week

2
1
0 0

[PATCH 2/2] usb: typec: ucsi: increase timeout for PPM reset operations

by Fedor Pchelkin

It is observed that on some systems an initial PPM reset during the boot phase can trigger a timeout: [ 6.482546] ucsi_acpi USBC000:00: failed to reset PPM! [ 6.482551] ucsi_acpi USBC000:00: error -ETIMEDOUT: PPM init failed Still, increasing the timeout value, albeit being the most straightforward solution, eliminates the problem: the initial PPM reset may take up to ~8000-10000ms on some Lenovo laptops. When it is reset after the above period of time (or even if ucsi_reset_ppm() is not called overall), UCSI works as expected. Moreover, if the ucsi_acpi module is loaded/unloaded manually after the system has booted, reading the CCI values and resetting the PPM works perfectly, without any timeout. Thus it's only a boot-time issue. The reason for this behavior is not clear but it may be the consequence of some tricks that the firmware performs or be an actual firmware bug. As a workaround, increase the timeout to avoid failing the UCSI initialization prematurely. Fixes: b1b59e16075f ("usb: typec: ucsi: Increase command completion timeout value") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <boddah8794(a)gmail.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Add Heikki's Reviewed-by tag. drivers/usb/typec/ucsi/ucsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 0fe1476f4c29..7a56d3f840d7 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -25,7 +25,7 @@ * difficult to estimate the time it takes for the system to process the command * before it is actually passed to the PPM. */ -#define UCSI_TIMEOUT_MS 5000 +#define UCSI_TIMEOUT_MS 10000 /* * UCSI_SWAP_TIMEOUT_MS - Timeout for role swap requests -- 2.48.1

2 months, 1 week

1
0
0 0

[PATCH 1/2] acpi: typec: ucsi: Introduce a ->poll_cci method

by Fedor Pchelkin

From: "Christian A. Ehrhardt" <lk(a)c--e.de> For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents are synced to the embedded controller and it ensures that the registers (in particular CCI) are synced back to the opregion on notifications. While there is an ACPI call that syncs the actual registers to the opregion there is rarely a need to do this and on some ACPI implementations it actually breaks in various interesting ways. The only reason to force a sync from the embedded controller is to poll CCI while notifications are disabled. Only the ucsi core knows if this is the case and guessing based on the current command is suboptimal, i.e. leading to the following spurious assertion splat: WARNING: CPU: 3 PID: 76 at drivers/usb/typec/ucsi/ucsi.c:1388 ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] CPU: 3 UID: 0 PID: 76 Comm: kworker/3:0 Not tainted 6.12.11-200.fc41.x86_64 #1 Hardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN45WW 03/17/2023 Workqueue: events_long ucsi_init_work [typec_ucsi] RIP: 0010:ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] Call Trace: <TASK> ucsi_init_work+0x3c/0xac0 [typec_ucsi] process_one_work+0x179/0x330 worker_thread+0x252/0x390 kthread+0xd2/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Thus introduce a ->poll_cci() method that works like ->read_cci() with an additional forced sync and document that this should be used when polling with notifications disabled. For all other backends that presumably don't have this issue use the same implementation for both methods. Fixes: fa48d7e81624 ("usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations") Cc: stable(a)vger.kernel.org Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> Tested-by: Fedor Pchelkin <boddah8794(a)gmail.com> Signed-off-by: Fedor Pchelkin <boddah8794(a)gmail.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Add the explicit WARNING splat and slightly increase the length of text lines in the changelog. Original patch: https://lore.kernel.org/linux-usb/Z2Cf1AI8CXao5ZAn@cae.in-ulm.de/ Add Heikki's Reviewed-by tag. drivers/usb/typec/ucsi/ucsi.c | 10 +++++----- drivers/usb/typec/ucsi/ucsi.h | 2 ++ drivers/usb/typec/ucsi/ucsi_acpi.c | 21 ++++++++++++++------- drivers/usb/typec/ucsi/ucsi_ccg.c | 1 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 + drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 + 7 files changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index fcf499cc9458..0fe1476f4c29 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1346,7 +1346,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) mutex_lock(&ucsi->ppm_lock); - ret = ucsi->ops->read_cci(ucsi, &cci); + ret = ucsi->ops->poll_cci(ucsi, &cci); if (ret < 0) goto out; @@ -1364,7 +1364,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) tmo = jiffies + msecs_to_jiffies(UCSI_TIMEOUT_MS); do { - ret = ucsi->ops->read_cci(ucsi, &cci); + ret = ucsi->ops->poll_cci(ucsi, &cci); if (ret < 0) goto out; if (cci & UCSI_CCI_COMMAND_COMPLETE) @@ -1393,7 +1393,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) /* Give the PPM time to process a reset before reading CCI */ msleep(20); - ret = ucsi->ops->read_cci(ucsi, &cci); + ret = ucsi->ops->poll_cci(ucsi, &cci); if (ret) goto out; @@ -1929,8 +1929,8 @@ struct ucsi *ucsi_create(struct device *dev, const struct ucsi_operations *ops) struct ucsi *ucsi; if (!ops || - !ops->read_version || !ops->read_cci || !ops->read_message_in || - !ops->sync_control || !ops->async_control) + !ops->read_version || !ops->read_cci || !ops->poll_cci || + !ops->read_message_in || !ops->sync_control || !ops->async_control) return ERR_PTR(-EINVAL); ucsi = kzalloc(sizeof(*ucsi), GFP_KERNEL); diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 82735eb34f0e..28780acc4af2 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -62,6 +62,7 @@ struct dentry; * struct ucsi_operations - UCSI I/O operations * @read_version: Read implemented UCSI version * @read_cci: Read CCI register + * @poll_cci: Read CCI register while polling with notifications disabled * @read_message_in: Read message data from UCSI * @sync_control: Blocking control operation * @async_control: Non-blocking control operation @@ -76,6 +77,7 @@ struct dentry; struct ucsi_operations { int (*read_version)(struct ucsi *ucsi, u16 *version); int (*read_cci)(struct ucsi *ucsi, u32 *cci); + int (*poll_cci)(struct ucsi *ucsi, u32 *cci); int (*read_message_in)(struct ucsi *ucsi, void *val, size_t val_len); int (*sync_control)(struct ucsi *ucsi, u64 command); int (*async_control)(struct ucsi *ucsi, u64 command); diff --git a/drivers/usb/typec/ucsi/ucsi_acpi.c b/drivers/usb/typec/ucsi/ucsi_acpi.c index 5c5515551963..ac1ebb5d9527 100644 --- a/drivers/usb/typec/ucsi/ucsi_acpi.c +++ b/drivers/usb/typec/ucsi/ucsi_acpi.c @@ -59,19 +59,24 @@ static int ucsi_acpi_read_version(struct ucsi *ucsi, u16 *version) static int ucsi_acpi_read_cci(struct ucsi *ucsi, u32 *cci) { struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); - int ret; - - if (UCSI_COMMAND(ua->cmd) == UCSI_PPM_RESET) { - ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); - if (ret) - return ret; - } memcpy(cci, ua->base + UCSI_CCI, sizeof(*cci)); return 0; } +static int ucsi_acpi_poll_cci(struct ucsi *ucsi, u32 *cci) +{ + struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); + int ret; + + ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); + if (ret) + return ret; + + return ucsi_acpi_read_cci(ucsi, cci); +} + static int ucsi_acpi_read_message_in(struct ucsi *ucsi, void *val, size_t val_len) { struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); @@ -94,6 +99,7 @@ static int ucsi_acpi_async_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations ucsi_acpi_ops = { .read_version = ucsi_acpi_read_version, .read_cci = ucsi_acpi_read_cci, + .poll_cci = ucsi_acpi_poll_cci, .read_message_in = ucsi_acpi_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = ucsi_acpi_async_control @@ -142,6 +148,7 @@ static int ucsi_gram_sync_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations ucsi_gram_ops = { .read_version = ucsi_acpi_read_version, .read_cci = ucsi_acpi_read_cci, + .poll_cci = ucsi_acpi_poll_cci, .read_message_in = ucsi_gram_read_message_in, .sync_control = ucsi_gram_sync_control, .async_control = ucsi_acpi_async_control diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c index 740171f24ef9..4b1668733a4b 100644 --- a/drivers/usb/typec/ucsi/ucsi_ccg.c +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c @@ -664,6 +664,7 @@ static int ucsi_ccg_sync_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations ucsi_ccg_ops = { .read_version = ucsi_ccg_read_version, .read_cci = ucsi_ccg_read_cci, + .poll_cci = ucsi_ccg_read_cci, .read_message_in = ucsi_ccg_read_message_in, .sync_control = ucsi_ccg_sync_control, .async_control = ucsi_ccg_async_control, diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c index fed39d458090..8af79101a2fc 100644 --- a/drivers/usb/typec/ucsi/ucsi_glink.c +++ b/drivers/usb/typec/ucsi/ucsi_glink.c @@ -206,6 +206,7 @@ static void pmic_glink_ucsi_connector_status(struct ucsi_connector *con) static const struct ucsi_operations pmic_glink_ucsi_ops = { .read_version = pmic_glink_ucsi_read_version, .read_cci = pmic_glink_ucsi_read_cci, + .poll_cci = pmic_glink_ucsi_read_cci, .read_message_in = pmic_glink_ucsi_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = pmic_glink_ucsi_async_control, diff --git a/drivers/usb/typec/ucsi/ucsi_stm32g0.c b/drivers/usb/typec/ucsi/ucsi_stm32g0.c index 6923fad31d79..57ef7d83a412 100644 --- a/drivers/usb/typec/ucsi/ucsi_stm32g0.c +++ b/drivers/usb/typec/ucsi/ucsi_stm32g0.c @@ -424,6 +424,7 @@ static irqreturn_t ucsi_stm32g0_irq_handler(int irq, void *data) static const struct ucsi_operations ucsi_stm32g0_ops = { .read_version = ucsi_stm32g0_read_version, .read_cci = ucsi_stm32g0_read_cci, + .poll_cci = ucsi_stm32g0_read_cci, .read_message_in = ucsi_stm32g0_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = ucsi_stm32g0_async_control, diff --git a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c index 4cae85c0dc12..d33e3f2dd1d8 100644 --- a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c +++ b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c @@ -74,6 +74,7 @@ static int yoga_c630_ucsi_async_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations yoga_c630_ucsi_ops = { .read_version = yoga_c630_ucsi_read_version, .read_cci = yoga_c630_ucsi_read_cci, + .poll_cci = yoga_c630_ucsi_read_cci, .read_message_in = yoga_c630_ucsi_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = yoga_c630_ucsi_async_control, -- 2.48.1

2 months, 1 week

1
0
0 0

[PATCH 1/2] dm-integrity: Avoid divide by zero in table status in Inline mode

by Milan Broz

In Inline mode, the journal is unused, and journal_sectors is zero. Calculating the journal watermark requires dividing by journal_sectors, which should be done only if the journal is configured. Otherwise, a simple table query (dmsetup table) can cause OOPS. This bug did not show on some systems, perhaps only due to compiler optimization. On my 32-bit testing machine, this reliably crashes with the following: : Oops: divide error: 0000 [#1] PREEMPT SMP : CPU: 0 UID: 0 PID: 2450 Comm: dmsetup Not tainted 6.14.0-rc2+ #959 : EIP: dm_integrity_status+0x2f8/0xab0 [dm_integrity] ... Signed-off-by: Milan Broz <gmazyland(a)gmail.com> Fixes: fb0987682c62 ("dm-integrity: introduce the Inline mode") Cc: stable(a)vger.kernel.org # 6.11+ --- drivers/md/dm-integrity.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index ee9f7cecd78e..555dc06b9422 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -3790,10 +3790,6 @@ static void dm_integrity_status(struct dm_target *ti, status_type_t type, break; case STATUSTYPE_TABLE: { - __u64 watermark_percentage = (__u64)(ic->journal_entries - ic->free_sectors_threshold) * 100; - - watermark_percentage += ic->journal_entries / 2; - do_div(watermark_percentage, ic->journal_entries); arg_count = 3; arg_count += !!ic->meta_dev; arg_count += ic->sectors_per_block != 1; @@ -3826,6 +3822,10 @@ static void dm_integrity_status(struct dm_target *ti, status_type_t type, DMEMIT(" interleave_sectors:%u", 1U << ic->sb->log2_interleave_sectors); DMEMIT(" buffer_sectors:%u", 1U << ic->log2_buffer_sectors); if (ic->mode == 'J') { + __u64 watermark_percentage = (__u64)(ic->journal_entries - ic->free_sectors_threshold) * 100; + + watermark_percentage += ic->journal_entries / 2; + do_div(watermark_percentage, ic->journal_entries); DMEMIT(" journal_watermark:%u", (unsigned int)watermark_percentage); DMEMIT(" commit_time:%u", ic->autocommit_msec); } -- 2.47.2

2 months, 1 week

2
1
0 0

Linux 6.12.14

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.14 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/elf_hwcaps.rst | 39 Documentation/gpu/drm-kms-helpers.rst | 3 Makefile | 2 arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 +++++----- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++-- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++--- arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++--- arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++--- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3568.dtsi | 1 arch/arm64/boot/dts/rockchip/rk356x.dtsi | 2 arch/arm64/include/asm/assembler.h | 5 arch/arm64/include/asm/pgtable-hwdef.h | 6 arch/arm64/include/asm/pgtable-prot.h | 7 arch/arm64/include/asm/sparsemem.h | 5 arch/arm64/kernel/cpufeature.c | 55 - arch/arm64/kernel/cpuinfo.c | 10 arch/arm64/kernel/pi/idreg-override.c | 9 arch/arm64/kernel/pi/map_kernel.c | 6 arch/arm64/kvm/arch_timer.c | 4 arch/arm64/kvm/arm.c | 8 arch/arm64/mm/hugetlbpage.c | 12 arch/arm64/mm/init.c | 7 arch/loongarch/include/uapi/asm/ptrace.h | 10 arch/loongarch/kernel/ptrace.c | 6 arch/m68k/include/asm/vga.h | 8 arch/mips/Kconfig | 1 arch/mips/kernel/ftrace.c | 2 arch/mips/loongson64/boardinfo.c | 2 arch/mips/math-emu/cp1emu.c | 2 arch/mips/pci/pci-legacy.c | 8 arch/parisc/Kconfig | 4 arch/powerpc/kvm/e500_mmu_host.c | 21 arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/s390/include/asm/asm-extable.h | 4 arch/s390/include/asm/fpu-insn.h | 17 arch/s390/include/asm/futex.h | 2 arch/s390/include/asm/processor.h | 3 arch/s390/kernel/vmlinux.lds.S | 1 arch/s390/kvm/vsie.c | 25 arch/s390/mm/extable.c | 9 arch/s390/pci/pci_bus.c | 1 arch/x86/boot/compressed/Makefile | 1 arch/x86/include/asm/kexec.h | 18 arch/x86/include/asm/kvm_host.h | 2 arch/x86/kernel/acpi/boot.c | 50 - arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/machine_kexec_64.c | 45 arch/x86/kernel/process.c | 2 arch/x86/kernel/reboot.c | 2 arch/x86/kvm/mmu/mmu.c | 45 arch/x86/kvm/svm/sev.c | 2 arch/x86/kvm/x86.c | 7 arch/x86/mm/fault.c | 2 arch/x86/pci/fixup.c | 30 arch/x86/xen/xen-head.S | 5 block/blk-cgroup.c | 1 block/fops.c | 5 drivers/accel/ivpu/ivpu_pm.c | 7 drivers/acpi/apei/ghes.c | 10 drivers/acpi/prmt.c | 4 drivers/acpi/property.c | 10 drivers/ata/libata-sff.c | 18 drivers/bluetooth/btusb.c | 4 drivers/char/misc.c | 39 drivers/char/tpm/eventlog/acpi.c | 15 drivers/clk/clk-loongson2.c | 5 drivers/clk/mediatek/clk-mt2701-aud.c | 10 drivers/clk/mediatek/clk-mt2701-bdp.c | 1 drivers/clk/mediatek/clk-mt2701-img.c | 1 drivers/clk/mediatek/clk-mt2701-mm.c | 1 drivers/clk/mediatek/clk-mt2701-vdec.c | 1 drivers/clk/mmp/pwr-island.c | 2 drivers/clk/qcom/Kconfig | 1 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/dispcc-sm6350.c | 7 drivers/clk/qcom/gcc-mdm9607.c | 2 drivers/clk/qcom/gcc-sm6350.c | 22 drivers/clk/qcom/gcc-sm8550.c | 8 drivers/clk/qcom/gcc-sm8650.c | 8 drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 drivers/cpufreq/Kconfig | 2 drivers/cpufreq/cpufreq-dt-platdev.c | 2 drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/qce/aead.c | 2 drivers/crypto/qce/core.c | 13 drivers/crypto/qce/sha.c | 2 drivers/crypto/qce/skcipher.c | 2 drivers/firmware/Kconfig | 2 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/qcom/qcom_scm.c | 10 drivers/gpio/gpio-pca953x.c | 19 drivers/gpio/gpio-sim.c | 13 drivers/gpu/drm/Kconfig | 4 drivers/gpu/drm/Makefile | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 2 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c | 35 drivers/gpu/drm/amd/display/dc/dml2/display_mode_core_structs.h | 6 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 drivers/gpu/drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 drivers/gpu/drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 drivers/gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 drivers/gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 drivers/gpu/drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn301/dcn301_resource.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/bridge/analogix/anx7625.c | 2 drivers/gpu/drm/bridge/ite-it6505.c | 83 - drivers/gpu/drm/bridge/ite-it66121.c | 2 drivers/gpu/drm/display/drm_dp_cec.c | 14 drivers/gpu/drm/drm_client_modeset.c | 9 drivers/gpu/drm/drm_connector.c | 1 drivers/gpu/drm/drm_edid.c | 6 drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 + drivers/gpu/drm/exynos/exynos_hdmi.c | 2 drivers/gpu/drm/i915/display/intel_dp.c | 10 drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 drivers/gpu/drm/radeon/radeon_audio.c | 2 drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 drivers/gpu/drm/sti/sti_hdmi.c | 2 drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 drivers/gpu/drm/vc4/vc4_hdmi.c | 4 drivers/gpu/drm/virtio/virtgpu_drv.h | 7 drivers/gpu/drm/virtio/virtgpu_plane.c | 58 - drivers/gpu/drm/xe/xe_devcoredump.c | 40 drivers/gpu/drm/xe/xe_devcoredump.h | 2 drivers/gpu/drm/xe/xe_guc_log.c | 2 drivers/hid/hid-asus.c | 26 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-sensor-hub.c | 21 drivers/hid/wacom_wac.c | 5 drivers/i2c/i2c-core-acpi.c | 22 drivers/i3c/master.c | 2 drivers/iio/light/as73211.c | 24 drivers/infiniband/hw/mlx5/mr.c | 17 drivers/infiniband/hw/mlx5/odp.c | 2 drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 drivers/iommu/iommufd/fault.c | 44 drivers/iommu/iommufd/iommufd_private.h | 29 drivers/irqchip/Kconfig | 1 drivers/irqchip/irq-apple-aic.c | 3 drivers/irqchip/irq-mvebu-icu.c | 3 drivers/leds/leds-lp8860.c | 2 drivers/mailbox/tegra-hsp.c | 6 drivers/mailbox/zynqmp-ipi-mailbox.c | 2 drivers/md/Kconfig | 13 drivers/md/Makefile | 2 drivers/md/dm-crypt.c | 27 drivers/md/md-autodetect.c | 8 drivers/md/md-linear.c | 352 +++++++ drivers/md/md.c | 2 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/ccs/ccs-data.c | 14 drivers/media/i2c/ds90ub913.c | 1 drivers/media/i2c/ds90ub953.c | 1 drivers/media/i2c/ds90ub960.c | 123 +- drivers/media/i2c/imx296.c | 2 drivers/media/i2c/ov5640.c | 1 drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 drivers/media/platform/marvell/mmp-driver.c | 21 drivers/media/platform/nuvoton/npcm-video.c | 4 drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 drivers/media/usb/uvc/uvc_ctrl.c | 83 + drivers/media/usb/uvc/uvc_driver.c | 98 - drivers/media/usb/uvc/uvc_v4l2.c | 2 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/usb/uvc/uvcvideo.h | 10 drivers/media/v4l2-core/v4l2-mc.c | 2 drivers/mfd/lpc_ich.c | 3 drivers/misc/fastrpc.c | 8 drivers/mmc/core/sdio.c | 2 drivers/mmc/host/sdhci-esdhc-imx.c | 1 drivers/mmc/host/sdhci-msm.c | 53 + drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/mtd/ubi/build.c | 2 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 drivers/net/ethernet/broadcom/tg3.c | 58 + drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 drivers/net/ethernet/intel/ice/ice_txrx.c | 150 ++- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 drivers/net/ethernet/marvell/octeon_ep/octep_ethtool.c | 41 drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 19 drivers/net/ethernet/marvell/octeon_ep/octep_main.h | 6 drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 drivers/net/ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 - drivers/net/phy/nxp-c45-tja11xx.c | 2 drivers/net/tun.c | 2 drivers/net/usb/ipheth.c | 69 - drivers/net/vmxnet3/vmxnet3_xdp.c | 14 drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/Makefile | 2 drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 drivers/net/wireless/realtek/rtw88/main.h | 4 drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 drivers/net/wireless/realtek/rtw88/sdio.c | 2 drivers/net/wireless/realtek/rtw89/phy.c | 11 drivers/net/wireless/realtek/rtw89/phy.h | 2 drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 + drivers/nvme/host/core.c | 8 drivers/nvme/host/fc.c | 9 drivers/nvme/host/pci.c | 4 drivers/nvme/host/sysfs.c | 2 drivers/nvmem/core.c | 2 drivers/nvmem/imx-ocotp-ele.c | 38 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/of/address.c | 12 drivers/of/base.c | 8 drivers/of/of_reserved_mem.c | 4 drivers/pci/controller/dwc/pcie-designware-ep.c | 46 drivers/pci/endpoint/pci-epf-core.c | 1 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 drivers/pinctrl/samsung/pinctrl-samsung.c | 2 drivers/platform/x86/acer-wmi.c | 45 drivers/platform/x86/intel/int3472/discrete.c | 3 drivers/platform/x86/intel/int3472/tps68470.c | 3 drivers/platform/x86/serdev_helpers.h | 4 drivers/ptp/ptp_clock.c | 8 drivers/pwm/pwm-microchip-core.c | 2 drivers/remoteproc/omap_remoteproc.c | 17 drivers/rtc/rtc-zynqmp.c | 4 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_dfs.c | 124 ++ drivers/scsi/qla2xxx/qla_gbl.h | 3 drivers/scsi/qla2xxx/qla_init.c | 28 drivers/scsi/scsi_lib.c | 9 drivers/scsi/st.c | 6 drivers/scsi/st.h | 1 drivers/scsi/storvsc_drv.c | 1 drivers/soc/mediatek/mtk-devapc.c | 19 drivers/soc/qcom/llcc-qcom.c | 1 drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/soc/samsung/exynos-pmu.c | 2 drivers/spi/atmel-quadspi.c | 118 +- drivers/tty/serial/sh-sci.c | 25 drivers/tty/serial/xilinx_uartps.c | 8 drivers/tty/vt/selection.c | 14 drivers/tty/vt/vt.c | 2 drivers/ufs/core/ufshcd.c | 31 drivers/ufs/host/ufs-qcom.c | 18 drivers/ufs/host/ufshcd-pci.c | 2 drivers/ufs/host/ufshcd-pltfrm.c | 28 drivers/usb/gadget/function/f_tcm.c | 54 - drivers/vfio/platform/vfio_platform_common.c | 10 fs/binfmt_flat.c | 2 fs/btrfs/file.c | 2 fs/btrfs/inode.c | 4 fs/btrfs/ordered-data.c | 12 fs/btrfs/qgroup.c | 5 fs/btrfs/relocation.c | 14 fs/btrfs/transaction.c | 4 fs/ceph/mds_client.c | 16 fs/exec.c | 29 fs/namespace.c | 41 fs/nfs/Kconfig | 3 fs/nfs/flexfilelayout/flexfilelayout.c | 27 fs/nfsd/nfs4xdr.c | 20 fs/nilfs2/inode.c | 6 fs/ocfs2/dir.c | 25 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/proc/array.c | 2 fs/smb/client/cifsglob.h | 14 fs/smb/client/dir.c | 6 fs/smb/client/smb1ops.c | 2 fs/smb/client/smb2inode.c | 108 +- fs/smb/client/smb2ops.c | 41 fs/smb/client/smb2pdu.c | 2 fs/smb/client/smb2proto.h | 2 fs/smb/server/transport_ipc.c | 9 fs/xfs/xfs_buf_item_recover.c | 11 fs/xfs/xfs_dquot.c | 199 +++- fs/xfs/xfs_dquot.h | 6 fs/xfs/xfs_dquot_item.c | 51 - fs/xfs/xfs_dquot_item.h | 7 fs/xfs/xfs_exchrange.c | 71 - fs/xfs/xfs_inode.c | 7 fs/xfs/xfs_iomap.c | 6 fs/xfs/xfs_qm.c | 48 fs/xfs/xfs_qm_bhv.c | 41 fs/xfs/xfs_super.c | 11 fs/xfs/xfs_trans.c | 29 fs/xfs/xfs_trans_ail.c | 2 include/drm/drm_connector.h | 5 include/drm/drm_utils.h | 4 include/linux/binfmts.h | 4 include/linux/call_once.h | 45 include/linux/hrtimer_defs.h | 1 include/linux/kvm_host.h | 9 include/linux/mlx5/driver.h | 1 include/linux/platform_data/x86/asus-wmi.h | 5 include/net/sch_generic.h | 2 include/rv/da_monitor.h | 4 include/trace/events/rxrpc.h | 1 include/uapi/drm/amdgpu_drm.h | 9 include/uapi/linux/input-event-codes.h | 1 include/uapi/linux/iommufd.h | 4 include/uapi/linux/raid/md_p.h | 2 include/uapi/linux/raid/md_u.h | 2 include/ufs/ufs.h | 4 include/ufs/ufshcd.h | 1 io_uring/net.c | 5 io_uring/poll.c | 4 kernel/locking/test-ww_mutex.c | 9 kernel/printk/printk.c | 2 kernel/sched/core.c | 6 kernel/sched/fair.c | 19 kernel/seccomp.c | 12 kernel/time/hrtimer.c | 103 +- kernel/time/timer_migration.c | 10 kernel/trace/ring_buffer.c | 13 kernel/trace/trace_functions_graph.c | 2 kernel/trace/trace_osnoise.c | 17 lib/Kconfig.debug | 8 lib/atomic64.c | 78 - lib/maple_tree.c | 23 mm/compaction.c | 3 mm/gup.c | 14 mm/hugetlb.c | 24 mm/kfence/core.c | 2 mm/kmemleak.c | 2 mm/vmscan.c | 7 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/mgmt.c | 12 net/ethtool/rss.c | 3 net/ipv4/udp.c | 4 net/ipv6/udp.c | 4 net/mptcp/protocol.c | 1 net/ncsi/ncsi-manage.c | 13 net/nfc/nci/hci.c | 2 net/rose/af_rose.c | 24 net/rxrpc/ar-internal.h | 2 net/rxrpc/call_object.c | 6 net/rxrpc/conn_event.c | 21 net/rxrpc/conn_object.c | 1 net/rxrpc/input.c | 2 net/rxrpc/sendmsg.c | 2 net/sched/sch_fifo.c | 3 net/sched/sch_netem.c | 2 net/tipc/crypto.c | 4 rust/kernel/init.rs | 2 scripts/Makefile.extrawarn | 5 scripts/gdb/linux/cpus.py | 2 scripts/generate_rust_target.rs | 18 security/keys/trusted-keys/trusted_dcp.c | 22 security/safesetid/securityfs.c | 3 security/tomoyo/common.c | 2 sound/pci/hda/hda_auto_parser.c | 8 sound/pci/hda/hda_auto_parser.h | 1 sound/pci/hda/patch_realtek.c | 4 sound/soc/amd/Kconfig | 2 sound/soc/amd/yc/acp6x-mach.c | 28 sound/soc/intel/boards/sof_sdw.c | 5 sound/soc/soc-pcm.c | 32 sound/soc/sof/intel/hda-dai.c | 12 sound/soc/sof/intel/hda.c | 5 tools/perf/bench/epoll-wait.c | 7 tools/testing/selftests/net/ipsec.c | 3 tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 tools/testing/selftests/net/udpgso.c | 26 tools/testing/selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 tools/testing/selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 tools/testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 tools/testing/selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 tools/testing/selftests/sched_ext/exit.bpf.c | 4 tools/testing/selftests/sched_ext/maximal.bpf.c | 4 tools/testing/selftests/sched_ext/select_cpu_dfl.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 tools/testing/selftests/sched_ext/select_cpu_vtime.bpf.c | 8 tools/tracing/rtla/src/osnoise.c | 2 tools/tracing/rtla/src/timerlat_hist.c | 26 tools/tracing/rtla/src/timerlat_top.c | 27 tools/tracing/rtla/src/trace.c | 8 tools/tracing/rtla/src/trace.h | 1 451 files changed, 5227 insertions(+), 2576 deletions(-) Abel Vesa (1): arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Alain Volmat (1): media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Alice Ryhl (1): x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Anandu Krishnan E (1): misc: fastrpc: Deregister device nodes properly in error scenarios Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andreas Kemnade (2): cpufreq: fix using cpufreq-dt as module ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Andrew Halaney (1): Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 André Draszik (1): scsi: ufs: core: Fix use-after free in init error and remove paths Andy Shevchenko (1): ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Ankit Nautiyal (1): drm/i915/dp: fix the Adaptive sync Operation mode for SDP Anshuman Khandual (1): arm64/mm: Ensure adequate HUGE_MAX_HSTATE Antoine Viallon (1): ceph: fix memory leak in ceph_mds_auth_match() Ard Biesheuvel (3): arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 arm64/mm: Override PARange for !LPA2 and use it consistently arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Aric Cyr (1): drm/amd/display: Optimize cursor position updates Armin Wolf (3): platform/x86: acer-wmi: Add support for Acer PH14-51 platform/x86: acer-wmi: Add support for Acer Predator PH16-72 platform/x86: acer-wmi: Ignore AC events Aubrey Li (1): ACPI: PRM: Remove unnecessary strict handler address checks Ausef Yousof (2): drm/amd/display: Populate chroma prefetch parameters, DET buffer fix drm/amd/display: Overwriting dualDPP UBF values before usage Bao D. Nguyen (1): scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Bard Liao (1): ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Bart Van Assche (1): md: Fix linear_set_limits() Bartosz Golaszewski (3): gpio: sim: lock hog configfs items if present crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path Bence Csókás (1): spi: atmel-qspi: Memory barriers after memory-mapped I/O Binbin Zhou (1): clk: clk-loongson2: Fix the number count of clk provider Bitterblue Smith (1): wifi: rtlwifi: rtl8821ae: Fix media status report Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Brad Griffis (1): arm64: tegra: Fix Tegra234 PCIe interrupt-map Brian Geffon (1): drm/i915: Fix page cleanup on DMA remap failure Carlos Llamas (1): lockdep: Fix upper limit for LOCKDEP_*_BITS configs Catalin Marinas (1): mm: kmemleak: fix upper boundary check for physical address objects Chen-Yu Tsai (1): arm64: dts: mediatek: mt8183: Disable DPI display output by default Chih-Kang Chang (1): wifi: rtw89: add crystal_cap check to avoid setting as overflow value Christoph Hellwig (1): xfs: don't call remap_verify_area with sb write protection held Chuck Lever (1): NFSD: Encode COMPOUND operation status on page boundaries Chukun Pan (1): arm64: dts: rockchip: add reset-names for combphy on rk3568 Ciprian Marian Costea (1): mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Claudiu Beznea (2): serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Cody Eksal (1): clk: sunxi-ng: a100: enable MMC clock reparenting Cong Wang (1): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Conor Dooley (1): pwm: microchip-core: fix incorrect comparison with max period Cosmin Tanislav (1): media: mc: fix endpoint iteration Csókás, Bence (1): spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Dan Carpenter (5): tipc: re-order conditions in tipc_crypto_key_rcv() binfmt_flat: Fix integer overflow bug on 32 bit systems ksmbd: fix integer overflows on 32 bit systems NFC: nci: Add bounds checking in nci_hci_create_pipe() md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Daniel Golle (5): clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe clk: mediatek: mt2701-bdp: add missing dummy clk clk: mediatek: mt2701-img: add missing dummy clk clk: mediatek: mt2701-mm: add missing dummy clk Daniel Wagner (2): nvme: handle connectivity loss in nvme_set_queue_count nvme-fc: use ctrl state getter Daniele Ceraolo Spurio (1): drm/i915/guc: Debug print LRC state entries only if the context is pinned Darrick J. Wong (10): xfs: report realtime block quota limits on realtime directories xfs: don't over-report free space or inodes in statvfs xfs: avoid nested calls to __xfs_trans_commit xfs: don't lose solo superblock counter update transactions xfs: separate dquot buffer reads from xfs_dqflush xfs: clean up log item accesses in xfs_qm_dqflush{,_done} xfs: attach dquot buffer to dquot log item buffer xfs: convert quotacheck to attach dquot buffers xfs: release the dquot buf outside of qli_lock xfs: lock dquot buffer before detaching dquot from b_li_list David Gstir (1): KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (2): rxrpc: Fix the rxrpc_connection attend queue handling rxrpc: Fix call state set to not include the SERVER_SECURING state David Woodhouse (1): x86/kexec: Allocate PGD for x86_64 transition page tables separately Denis Arefev (1): ubi: Add a check for ubi_num Dmitry Antipov (1): wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry Baryshkov (12): drm/tests: hdmi: handle empty modes in find_preferred_mode() drm/tests: hdmi: return meaningful value from set_connector_edid() drm/connector: add mutex to protect ELD from concurrent access drm/bridge: anx7625: use eld_mutex to protect access to connector->eld drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld drm/amd/display: use eld_mutex to protect access to connector->eld drm/exynos: hdmi: use eld_mutex to protect access to connector->eld drm/radeon: use eld_mutex to protect access to connector->eld drm/sti: hdmi: use eld_mutex to protect access to connector->eld drm/vc4: hdmi: use eld_mutex to protect access to connector->eld arm64: dts: qcom: sm8550: correct MDSS interconnects arm64: dts: qcom: sm8650: correct MDSS interconnects Dongwon Kim (1): drm/virtio: New fence for every plane update Dragan Simic (1): nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Dustin L. Howett (1): drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo C6400 Ekansh Gupta (2): misc: fastrpc: Fix registered buffer page address misc: fastrpc: Fix copy buffer page size En-Wei Wu (1): Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Eric Biggers (2): scsi: ufs: qcom: Fix crypto key eviction crypto: qce - fix priority to be less than ARMv8 CE Eric Dumazet (1): net: rose: lock the socket in rose_bind() Even Xu (1): HID: Wacom: Add PCI Wacom device support Eyal Birger (1): seccomp: passthrough uretprobe systemcall without filtering Fangzhi Zuo (1): drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Fedor Pchelkin (2): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Filipe Manana (3): btrfs: fix assertion failure when splitting ordered extent after transaction abort btrfs: fix use-after-free when attempting to join an aborted transaction btrfs: avoid monopolizing a core when activating a swap file Fiona Klute (1): wifi: rtw88: sdio: Fix disconnection after beacon loss Florian Fainelli (1): net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Foster Snowhill (7): usbnet: ipheth: fix possible overflow in DPE length check usbnet: ipheth: use static NDP16 location in URB usbnet: ipheth: check that DPE points past NCM header usbnet: ipheth: refactor NCM datagram loop usbnet: ipheth: break up NCM header size computation usbnet: ipheth: fix DPE OoB read usbnet: ipheth: document scope of NCM implementation Frank Li (1): i3c: master: Fix missing 'ret' assignment in set_speed() Frederic Weisbecker (2): hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING timers/migration: Fix off-by-one root mis-connection Gabe Teeger (1): drm/amd/display: Limit Scaling Ratio on DCN3.01 Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gabriele Monaco (1): rv: Reset per-task monitors also for idle tasks Geert Uytterhoeven (1): irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI Georg Gottleuber (2): nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Greg Kroah-Hartman (1): Linux 6.12.14 Günther Noack (1): tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (3): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id platform/x86: int3472: Check for adev == NULL platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Hao-ran Zheng (1): btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Haoxiang Li (1): drm/komeda: Add check for komeda_get_layer_fourcc_list() Heiko Carstens (2): s390/futex: Fix FUTEX_OP_ANDN implementation s390/fpu: Add fpc exception handler / remove fixup section again Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Helge Deller (1): parisc: Temporarily disable jump label support Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hermes Wu (5): drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT drm/bridge: it6505: fix HDCP Bstatus check drm/bridge: it6505: fix HDCP encryption when R0 ready drm/bridge: it6505: fix HDCP CTS compare V matching drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hou Tao (2): dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() dm-crypt: track tag_offset in convert_context Hridesh MG (1): platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Ido Schimmel (1): net: sched: Fix truncation of offloaded action statistics Igor Pylypiv (1): scsi: core: Do not retry I/Os during depopulation Illia Ostapyshyn (1): Input: allocate keycode for phone linking Ivan Stepchenko (1): mtd: onenand: Fix uninitialized retlen in do_otp_read() Jacek Lawrynowicz (2): accel/ivpu: Fix Qemu crash when running in passthrough accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Jacob Moroni (1): net: atlantic: fix warning during hot unplug Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jakub Kicinski (1): ethtool: rss: fix hiding unsupported fields in dumps Jan Kiszka (1): scripts/gdb: fix aarch64 userspace detection in get_current_task Jani Nikula (1): drm/i915/dp: Iterate DSC BPP from high to low on all platforms Jarkko Sakkinen (1): tpm: Change to kvalloc() in eventlog/acpi.c Javier Carrasco (2): iio: light: as73211: fix channel handling in only-color triggered buffer pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Jay Cornwall (1): drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Jeff Layton (1): fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jens Axboe (2): block: don't revert iter for -EIOCBQUEUED io_uring/net: don't retry connect operation on EPOLLERR Jeongjun Park (1): ring-buffer: Make reading page consistent with the code logic Jiasheng Jiang (1): ice: Add check for devm_kzalloc() Jiaxun Yang (1): MIPS: pci-legacy: Override pci_address_to_pio Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (2): x86/xen: fix xen_hypercall_hvm() to not clobber %rbx x86/xen: add FRAME_END to xen_hypercall_hvm() K Prateek Nayak (1): sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Kai Mäkisara (1): scsi: st: Don't set pos_unknown just after device recognition Kees Cook (1): exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Keith Busch (2): nvme: make nvme_tls_attrs_group static kvm: defer huge page recovery vhost task to later Kenneth Feng (1): drm/amd/amdgpu: change the config of cgcg on gfx12 Kexy Biscuit (1): MIPS: Loongson64: remove ROM Size unit in boardinfo Koichiro Den (1): Revert "btrfs: avoid monopolizing a core when activating a swap file" Konrad Dybcio (2): clk: qcom: Make GCC_8150 depend on QCOM_GDSC soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski (29): firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() arm64: dts: qcom: sdx75: Fix MPSS memory length arm64: dts: qcom: x1e80100: Fix ADSP memory base and length arm64: dts: qcom: x1e80100: Fix CDSP memory length arm64: dts: qcom: sm6115: Fix MPSS memory length arm64: dts: qcom: sm6115: Fix CDSP memory length arm64: dts: qcom: sm6115: Fix ADSP memory base and length arm64: dts: qcom: sm6350: Fix ADSP memory length arm64: dts: qcom: sm6350: Fix MPSS memory length arm64: dts: qcom: sm6375: Fix ADSP memory length arm64: dts: qcom: sm6375: Fix CDSP memory base and length arm64: dts: qcom: sm6375: Fix MPSS memory base and length arm64: dts: qcom: sm8350: Fix ADSP memory base and length arm64: dts: qcom: sm8350: Fix CDSP memory base and length arm64: dts: qcom: sm8350: Fix MPSS memory length arm64: dts: qcom: sm8450: Fix ADSP memory base and length arm64: dts: qcom: sm8450: Fix CDSP memory length arm64: dts: qcom: sm8450: Fix MPSS memory length arm64: dts: qcom: sm8550: Fix ADSP memory base and length arm64: dts: qcom: sm8550: Fix CDSP memory length arm64: dts: qcom: sm8550: Fix MPSS memory length arm64: dts: qcom: sm8650: Fix ADSP memory base and length arm64: dts: qcom: sm8650: Fix CDSP memory length arm64: dts: qcom: sm8650: Fix MPSS memory length soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() soc: mediatek: mtk-devapc: Fix leaking IO map on error paths soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove soc: qcom: smem_state: fix missing of_node_put in error path Kuan-Wei Chiu (3): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX perf bench: Fix undefined behavior in cmpworker() ALSA: hda: Fix headset detection failure due to unstable sort Kuninori Morimoto (1): ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Lad Prabhakar (1): pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leo Stone (1): safesetid: check size of policy writes Li Zhijian (1): mm/vmscan: accumulate nr_demoted for accurate demotion statistics Libo Chen (1): Revert "selftests/sched_ext: fix build after renames in sched_ext API" Lijo Lazar (1): drm/amd/pm: Mark MM activity as unsupported Liu Shixin (1): mm/compaction: fix UBSAN shift-out-of-bounds warning Liu Ye (1): selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Lo-an Chen (1): drm/amd/display: Fix seamless boot sequence Long Li (2): scsi: storvsc: Set correct data length for sending SCSI command without payload xfs: fix mount hang during primary superblock recovery failure Lubomir Rintel (2): clk: mmp2: call pm_genpd_init() only after genpd.name is set media: mmp: Bring back registration of the device Luca Weiss (4): clk: qcom: gcc-sm6350: Add missing parent_map for two clocks clk: qcom: dispcc-sm6350: Add missing parent_map for a clock arm64: dts: qcom: sm6350: Fix uart1 interconnect path nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Lucas De Marchi (2): drm/xe/devcoredump: Move exec queue snapshot to Contexts section drm/xe: Fix and re-enable xe_print_blob_ascii85() Luke D. Jones (1): HID: hid-asus: Disable OOBE mode on the ProArt P16 Maarten Lankhorst (2): drm/modeset: Handle tiled displays in pan_display_atomic. drm/client: Handle tiled displays better Maciej Fijalkowski (3): ice: put Rx buffers after being done with current frame ice: gather page_count()'s of each frag right before XDP prog call ice: stop storing XDP verdict within ice_rx_buf Maciej S. Szmigiero (1): net: wwan: iosm: Fix hibernation by re-binding the driver around it Manivannan Sadhasivam (2): clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Marc Zyngier (2): arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented KVM: arm64: timer: Always evaluate the need for a soft timer Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Elver (1): kfence: skip __GFP_THISNODE allocations on NUMA systems Marek Olšák (1): drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Mario Limonciello (1): ASoC: acp: Support microphone from Lenovo Go S Mark Brown (1): arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Mark Tomlinson (1): gpio: pca953x: Improve interrupt support Mateusz Jończyk (1): mips/math-emu: fix emulation of the prefx instruction Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Matthieu Baerts (NGI0) (1): selftests: mptcp: connect: -f: no reconnect Mazin Al Haddad (1): Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Meetakshi Setiya (1): smb: client: change lease epoch type from unsigned int to __u16 Mehdi Djait (1): media: ccs: Fix cleanup order in ccs_probe() Michal Simek (1): rtc: zynqmp: Fix optional clock name property Miguel Ojeda (1): rust: init: use explicit ABI to clean warning in future compilers Mike Snitzer (1): pnfs/flexfiles: retry getting layout segment for reads Miklos Szeredi (2): fs: fix adding security options to statmount.mnt_opt statmount: let unset strings be empty Milos Reljin (1): net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Miri Korenblit (1): wifi: iwlwifi: avoid memory leak Nam Cao (1): fs/proc: do_task_stat: Fix ESP not readable during coredump Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (4): drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kbuild: Move -Wenum-enum-conversion to W=2 x86/boot: Use '-std=gnu11' to fix build with GCC 15 Naushir Patuck (1): media: imx296: Add standby delay during probe Nick Chan (1): irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Nick Morrow (1): wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Nicolin Chen (4): iommufd: Fix struct iommu_hwpt_pgfault init and padding iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() iommufd/fault: Use a separate spinlock to protect fault->deliver list Nikita Zhandarovich (1): nilfs2: fix possible int overflows in nilfs_fiemap() Niklas Cassel (3): PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() ata: libata-sff: Ensure that we cannot write outside the allocated buffer Niklas Schnelle (1): s390/pci: Fix SR-IOV for PFs initially in standby Pali Rohár (1): cifs: Remove intermediate object of failed create SFU call Paolo Abeni (1): mptcp: prevent excessive coalescing on receive Paolo Bonzini (1): KVM: e500: always restore irqs Paul Fertser (1): net/ncsi: wait for the last response to Deselect Package before configuring channel Pavel Begunkov (1): io_uring: fix multishots with selected buffers Pekka Pessi (1): mailbox: tegra-hsp: Clear mailbox before using message Peng Fan (1): Input: bbnsm_pwrkey - add remove hook Peter Xu (1): mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Peter Zijlstra (2): x86: Convert unreachable() to BUG() x86/mm: Convert unreachable() to BUG() Philip Yang (2): drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt drm/amdkfd: Queue interrupt work to different CPU Ping-Ke Shih (1): wifi: rtw88: add __packed attribute to efuse layout struct Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Prike Liang (1): drm/amdkfd: only flush the validate MES contex Qu Wenruo (1): btrfs: do not output error message if a qgroup has been already cleaned up Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Quinn Tran (1): scsi: qla2xxx: Move FCE Trace buffer allocation to user control Randolph Ha (1): i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Ricardo Ribalda (6): media: uvcvideo: Fix crash during unbind if gpio unit is in use media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Support partial control reads media: uvcvideo: Only save async fh if success media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Remove dangling pointers Richard Acayan (1): iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Ritesh Harjani (IBM) (1): mm/hugetlb: fix hugepage allocation for interleaved memory nodes Robin Murphy (2): iommu/arm-smmu-v3: Clean up more on probe failure remoteproc: omap: Handle ARM dma_iommu_mapping Rodrigo Siqueira (1): Revert "drm/amd/display: Fix green screen issue after suspend" Roger Quadros (1): net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Romain Naour (1): ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Ruben Devos (1): smb: client: fix order of arguments of tracepoints Sakari Ailus (2): media: ccs: Clean up parsed CCS static data on parse failure media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Sankararaman Jayaraman (1): vmxnet3: Fix tx queue race condition with XDP Sascha Hauer (4): nvmem: imx-ocotp-ele: simplify read beyond device check nvmem: imx-ocotp-ele: fix MAC address byte order nvmem: imx-ocotp-ele: fix reading from non zero offset nvmem: imx-ocotp-ele: set word length to 1 Satya Priya Kakitapalli (1): clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Sean Anderson (1): tty: xilinx_uartps: split sysrq handling Sean Christopherson (5): KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Sebastian Wiese-Wagner (1): ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Shayne Chen (1): wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Shinas Rasheed (2): octeon_ep: update tx/rx stats locally for persistence octeon_ep_vf: update tx/rx stats locally for persistence Simon Trimmer (1): ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 Somashekhar(Som) (1): wifi: iwlwifi: pcie: Add support for new device ids Srinivasan Shanmugam (1): drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation Stanislaw Gruszka (1): media: intel/ipu6: remove cpu latency qos request on error Stas Sergeev (1): tun: fix group permission check Stefan Dösinger (1): wifi: brcmfmac: Check the return value of of_property_read_string_index() Stefan Eichenberger (1): irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Stephan Gerhold (7): arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies soc: qcom: socinfo: Avoid out of bounds read of serial number Steven Rostedt (4): ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() atomic64: Use arch_spin_locks instead of raw_spin_locks fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT tracing/osnoise: Fix resetting of tracepoints Su Yue (1): ocfs2: check dir i_size in ocfs2_find_entry Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sumit Gupta (2): arm64: tegra: Fix typo in Tegra234 dce-fabric compatible arm64: tegra: Disable Tegra234 sce-fabric node Sven Schnelle (1): s390/stackleak: Use exrl instead of ex in __stackleak_poison() Takashi Iwai (1): ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (1): Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Thinh Nguyen (4): usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice Thomas Weißschuh (4): drm: Add panel backlight quirks drm: panel-backlight-quirks: Add Framework 13 matte panel of: address: Fix empty resource handling in __of_address_resource_bounds() ptp: Ensure info->enable callback is always set Thomas Zimmermann (2): m68k: vga: Fix I/O defines drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Thorsten Blum (1): locking/ww_mutex/test: Use swap() macro Tiezhu Yang (1): LoongArch: Extend the maximum number of watchpoints Tom Chung (1): Revert "drm/amd/display: Use HW lock mgr for PSR1" Tomas Glozar (6): rtla/osnoise: Distinguish missing workload option rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads rtla: Add trace_instance_stop rtla/timerlat_hist: Stop timerlat tracer on signal rtla/timerlat_top: Stop timerlat tracer on signal Tomi Valkeinen (5): media: i2c: ds90ub960: Fix UB9702 refclk register access media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 media: i2c: ds90ub960: Fix UB9702 VC map media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Uros Bizjak (1): mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Vadim Fedorenko (1): net/mlx5: use do_aux_work for PHC overflow checks Vasily Khoruzhick (1): wifi: rtw88: 8703b: Fix RX/TX issues Ville Syrjälä (1): drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Vimal Agrawal (1): misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Viresh Kumar (1): cpufreq: s3c64xx: Fix compilation warning WangYuli (1): MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Wei Yang (1): maple_tree: simplify split calculation Wentao Liang (2): xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end xfs: Add error handling for xfs_reflink_cancel_cow_range Werner Sembach (1): PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Willem de Bruijn (1): tun: revert fix group permission check Xi Ruoyao (1): Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Yan Zhai (1): udp: gso: do not drop small packets when PMTU reduces Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Yishai Hadas (1): RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Youwan Wang (1): HID: multitouch: Add quirk for Hantick 5288 touchpad Yu Kuai (1): md: reintroduce md-linear Yu-Chun Lin (1): ASoC: amd: Add ACPI dependency to fix build error Yuanjie Yang (1): mmc: sdhci-msm: Correctly set the load for the regulator Zhang Rui (1): x86/acpi: Fix LAPIC/x2APIC parsing order Zhaoyang Huang (1): mm: gup: fix infinite loop within __get_longterm_locked Zhen Lei (1): media: nuvoton: Fix an error check in npcm_video_ece_init() Zhi Wang (2): nvkm/gsp: correctly advance the read pointer of GSP message queue nvkm: correctly calculate the available space of the GSP cmdq buffer Zijun Hu (5): blk-cgroup: Fix class @block_class's subsystem refcount leakage of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()

2 months, 1 week

1
1
0 0

[PATCH v6 RESEND] dt-bindings: iommu: mediatek: Fix interrupt count constraint for new SoCs

by Macpaul Lin

The infra-iommu node in mt8195.dtsi was triggering a CHECK_DTBS error due to an excessively long 'interrupts' property. The error message was: infra-iommu@10315000: interrupts: [[0, 795, 4, 0], [0, 796, 4, 0], [0, 797, 4, 0], [0, 798, 4, 0], [0, 799, 4, 0]] is too long To address this issue, update the compatbile matching rule for 'interrupts' property. This change allows flexibility in the number of interrupts for new SoCs like MT8195. The purpose of these 5 interrupts is also added into description. Fixes: bca28426805d ("dt-bindings: iommu: mediatek: Convert IOMMU to DT schema") Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com> Reviewed-by: Rob Herring (Arm) <robh(a)kernel.org> --- .../bindings/iommu/mediatek,iommu.yaml | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) Changes for v2: - commit message: re-formatting and add a description of adding 5 interrupts. - add 'description' and 'maxItems: 5' for 'interrupt' property of 'mt8195-iommu-infra' - others keeps 'maxItems: 1' Changes for v3: - Refine the description for 'interrupts' property and fixes the compatible matching rules. - Refine commit message. Changes for v4: - add missing 'minItems: 5' to 'mediatek,mt8195-iommu-infra'. Thanks the explanation from Conor and Krzysztof. Changes for v5: - Repharse the description for interrupts property of MT8195. Changes for v6: - Remove maxItems for mt8195-iommu-infra. - Add 'Reviewed-by' tag from Rob. Thanks for the review. diff --git a/Documentation/devicetree/bindings/iommu/mediatek,iommu.yaml b/Documentation/devicetree/bindings/iommu/mediatek,iommu.yaml index ea6b0f5f24de..eeb39f5acf7e 100644 --- a/Documentation/devicetree/bindings/iommu/mediatek,iommu.yaml +++ b/Documentation/devicetree/bindings/iommu/mediatek,iommu.yaml @@ -96,7 +96,16 @@ properties: maxItems: 1 interrupts: - maxItems: 1 + description: | + Usually, the IOMMU requires only one interrupt. + + The infra IOMMU in MT8195 has five banks: each features one set + of APB registers. One for the normal world (set 0), three for the + protected world (sets 1-3), and one for the secure world (set 4). + and each set has its own interrupt. Therefore, five interrupts + are needed. + minItems: 1 + maxItems: 5 clocks: items: @@ -210,6 +219,23 @@ allOf: required: - mediatek,larbs + - if: + properties: + compatible: + contains: + enum: + - mediatek,mt8195-iommu-infra + + then: + properties: + interrupts: + minItems: 5 + + else: + properties: + interrupts: + maxItems: 1 + additionalProperties: false examples: -- 2.45.2

2 months, 1 week

2
1
0 0

[PATCH 6.13 000/442] 6.13.3-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.3 release. There are 442 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 17 Feb 2025 07:57:54 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.3-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.3-rc3 Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/read_collect: fix crash due to uninitialized `prev` variable Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/read_pgpriv2: skip folio queues without `marks3` Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: destroy hfi session after m2m_ctx release Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Sakari Ailus <sakari.ailus(a)linux.intel.com> media: Documentation: tx-rx: Fix formatting Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-hs: clear reset status flag Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-common: fix ad3541/2r ranges Dan Carpenter <dan.carpenter(a)linaro.org> iio: chemical: bme680: Fix uninitialized variable in __bme680_read_raw() Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Easwar Hariharan <eahariha(a)linux.microsoft.com> jiffies: Cast to unsigned long in secs_to_jiffies() conversion Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in recovery/reset Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in ivpu_boot() Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Christian Brauner <brauner(a)kernel.org> pidfs: improve ioctl handling Christian Brauner <brauner(a)kernel.org> pidfs: check for valid ioctl commands Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Terminate all the DMA transactions Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-dell-xps13-9345: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Warn for missing static reserved memory regions Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Dave Young <dyoung(a)redhat.com> x86/efi: skip memattr table on kexec boot Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: astdp: Fix timeout for enabling video signal Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Xu Yang <xu.yang_2(a)nxp.com> perf: imx9_perf: Introduce AXI filter version to refactor the driver and better extension Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Ming Lei <tom.leiming(a)gmail.com> block: mark GFP_NOIO around sysfs ->store() Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module Robin Murphy <robin.murphy(a)arm.com> PCI/TPH: Restore TPH Requester Enable correctly David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Geert Uytterhoeven <geert+renesas(a)glider.be> gpio: GPIO_GRGPIO should depend on OF Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> selftests: drv-net: rss_ctx: add missing cleanup in queue reconfigure Jakub Kicinski <kuba(a)kernel.org> ethtool: ntuple: fix rss + ring_cookie check Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Fix migration initialization Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Preserve oa_ctrl unused bits Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Fix Repeater authentication during topology change Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a memory leak in controller identify Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kees Bakker <kees(a)ijzerbout.nl> iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Improve verifier log for resource leak on exit Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Mark Dietzer <git(a)doridian.net> Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Andre Przywara <andre.przywara(a)arm.com> Revert "mfd: axp20x: Allow multiple regulators" Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, num_of_rules counter on matcher should be atomic Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, change error flow on matcher disconnect Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Kalle Valo <quic_kvalo(a)quicinc.com> wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' Karol Przybylski <karprzy7(a)gmail.com> wifi: ath12k: Fix for out-of bound access error Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: filter out too wide modes if no 3dmux is present Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm/amd/display: Add support for minimum backlight quirk Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Filipe Manana <fdmanana(a)suse.com> btrfs: fix lockdep splat while merging a relocation root Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/driver-api/media/tx-rx.rst | 2 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 4 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 2 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 4 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/lapic.c | 11 + arch/x86/kvm/lapic.h | 1 + arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/vmx/nested.c | 5 + arch/x86/kvm/vmx/vmx.c | 21 + arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/platform/efi/quirks.c | 5 + arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/blk-sysfs.c | 3 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 86 ++-- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 6 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/Kconfig | 1 + drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/Kconfig | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/ast/ast_dp.c | 2 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/intel_hdcp.c | 13 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 13 + drivers/gpu/drm/msm/dp/dp_audio.c | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/regs/xe_oa_regs.h | 6 + drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 14 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.h | 6 + drivers/gpu/drm/xe/xe_guc_ct.c | 3 +- drivers/gpu/drm/xe/xe_guc_log.c | 4 +- drivers/gpu/drm/xe/xe_oa.c | 12 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/chemical/bme680_core.c | 4 +- drivers/iio/dac/ad3552r-common.c | 5 +- drivers/iio/dac/ad3552r-hs.c | 6 + drivers/iio/dac/ad3552r.h | 8 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/input/mouse/synaptics.c | 56 ++- drivers/input/mouse/synaptics.h | 1 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 7 +- drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/axp20x.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 17 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 2 +- .../mellanox/mlx5/core/steering/hws/matcher.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../net/wireless/ath/ath12k/debugfs_htt_stats.c | 5 +- drivers/net/wireless/ath/ath12k/mac.c | 59 +-- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/pci.c | 16 +- drivers/net/wireless/realtek/rtw89/pci.h | 9 + drivers/net/wireless/realtek/rtw89/pci_be.c | 1 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvme/target/admin-cmd.c | 1 + drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 9 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pci/tph.c | 2 +- drivers/perf/fsl_imx9_ddr_perf.c | 33 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/ctree.c | 2 + fs/btrfs/file.c | 2 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/raid-stripe-tree.c | 26 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 54 ++- fs/netfs/read_collect.c | 21 +- fs/netfs/read_pgpriv2.c | 5 +- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/pidfs.c | 34 ++ fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/jiffies.h | 2 +- include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/bpf/verifier.c | 2 +- kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 6 +- kernel/sched/fair.c | 19 + kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/ioctl.c | 2 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/renesas/rz-ssi.c | 10 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- .../testing/selftests/bpf/progs/exceptions_fail.c | 4 +- tools/testing/selftests/bpf/progs/preempt_lock.c | 14 +- .../selftests/bpf/progs/verifier_spin_lock.c | 2 +- tools/testing/selftests/drivers/net/hw/rss_ctx.py | 2 + tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 478 files changed, 5314 insertions(+), 2638 deletions(-)

2 months, 1 week

11
11
0 0

[PATCH] pcmcia: Add check for pcmcia_make_resource()

by Haoxiang Li

Add check for the return value of pcmcia_make_resource() to prevent null pointer dereference. Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/pcmcia/rsrc_iodyn.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pcmcia/rsrc_iodyn.c b/drivers/pcmcia/rsrc_iodyn.c index b04b16496b0c..2677b577c1f8 100644 --- a/drivers/pcmcia/rsrc_iodyn.c +++ b/drivers/pcmcia/rsrc_iodyn.c @@ -62,6 +62,9 @@ static struct resource *__iodyn_find_io_region(struct pcmcia_socket *s, unsigned long min = base; int ret; + if (!res) + return NULL; + data.mask = align - 1; data.offset = base & data.mask; -- 2.25.1

2 months, 1 week

1
0
0 0

EuroCIS 2025 Attendee's list

by Jennifer Martin

Hi, I wanted to check if you’d be interested in acquiring the attendees list of EuroCIS 2025. Date: 18-20 February 2025. Location: Düsseldorf, Germany Attendees: 12,489+ Let us help you make the most of your participation at EuroCIS 2025 by ensuring that you are well-connected with the right people. Let me know if you're interested in the attendees list, exhibitors list, or both. I’d be happy to share pricing and additional details. Best regards, Jennifer Martin Sr. Demand Generation If you do not wish to receive this newsletter reply “Not interested”

2 months, 1 week

1
0
0 0

[PATCH v2 2/2] usb: xhci: Fix unassigned variable 'bcdUSB' in xhci_create_usb3x_bos_desc()

by Selvarasu Ganesan

Fix the following smatch error: drivers/usb/host/xhci-hub.c:71 xhci_create_usb3x_bos_desc() error: unassigned variable 'bcdUSB' Fixes: eb02aaf21f29 ("usb: xhci: Rewrite xhci_create_usb3_bos_desc()") Cc: stable(a)vger.kernel.org Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- drivers/usb/host/xhci-hub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 9693464c0520..5715a8bdda7f 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -39,7 +39,7 @@ static int xhci_create_usb3x_bos_desc(struct xhci_hcd *xhci, char *buf, struct usb_ss_cap_descriptor *ss_cap; struct usb_ssp_cap_descriptor *ssp_cap; struct xhci_port_cap *port_cap = NULL; - u16 bcdUSB; + u16 bcdUSB = 0; u32 reg; u32 min_rate = 0; u8 min_ssid; -- 2.17.1

2 months, 1 week

2
3
0 0

[PATCH v2 00/16] AMD MCA interrupts rework

by Yazen Ghannam

Hi all, This set unifies the AMD MCA interrupt handlers with common MCA code. The goal is to avoid duplicating functionality like reading and clearing MCA banks. Based on feedback, this revision also include changes to the MCA init flow. Patches 1-4: General fixes and cleanups. Patches 5-10: Add BSP-only init flow and related changes. Patches 11-15: Updates from v1 set. Patch 16: Interrupt storm handling rebased on current set. Thanks, Yazen --- Changes in v2: - Add general cleanup pre-patches. - Add changes for BSP-only init. - Add interrupt storm handling for AMD. - Link to v1: https://lore.kernel.org/r/20240523155641.2805411-1-yazen.ghannam@amd.com --- Borislav Petkov (1): x86/mce: Cleanup bank processing on init Smita Koralahalli (1): x86/mce: Handle AMD threshold interrupt storms Yazen Ghannam (14): x86/mce: Don't remove sysfs if thresholding sysfs init fails x86/mce/amd: Remove return value for mce_threshold_create_device() x86/mce/amd: Remove smca_banks_map x86/mce/amd: Put list_head in threshold_bank x86/mce: Remove __mcheck_cpu_init_early() x86/mce: Define BSP-only init x86/mce: Define BSP-only SMCA init x86/mce: Do 'UNKNOWN' vendor check early x86/mce: Separate global and per-CPU quirks x86/mce: Move machine_check_poll() status checks to helper functions x86/mce: Unify AMD THR handler with MCA Polling x86/mce: Unify AMD DFR handler with MCA Polling x86/mce/amd: Enable interrupt vectors once per-CPU on SMCA systems x86/mce/amd: Support SMCA Corrected Error Interrupt arch/x86/include/asm/mce.h | 7 +- arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/cpu/mce/amd.c | 391 +++++++++++++----------------------- arch/x86/kernel/cpu/mce/core.c | 322 ++++++++++++++--------------- arch/x86/kernel/cpu/mce/intel.c | 15 ++ arch/x86/kernel/cpu/mce/internal.h | 8 + arch/x86/kernel/cpu/mce/threshold.c | 3 + 7 files changed, 332 insertions(+), 415 deletions(-) --- base-commit: b36de8b904b8ff2095ece7af6b3cfff8c73c2fb1 change-id: 20250210-wip-mca-updates-bed2a67c9c57

2 months, 1 week

3
3
0 0

[PATCH 6.6 000/273] 6.6.78-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.78 release. There are 273 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Feb 2025 14:23:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.78-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.78-rc1 Sean Christopherson <seanjc(a)google.com> KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) Sean Christopherson <seanjc(a)google.com> KVM: x86: Make x2APIC ID 100% readonly Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: fix AF_INET6 variable Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only set fullmesh for subflow endp Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix NULL pointer dereference in object->file Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Paul Fertser <fercerpav(a)gmail.com> net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: commit provided buffer state on async Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_req_prep_async with provided buffers Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <mani(a)kernel.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count Paul Fertser <fercerpav(a)gmail.com> net/ncsi: fix locking in Get MAC Address handling Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Vadim Fedorenko <vadfed(a)meta.com> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 9 +- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/powerpc/kvm/e500_mmu_host.c | 21 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kvm/vsie.c | 25 +- arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kvm/lapic.c | 64 ++- arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/vmx/vmx.c | 2 + arch/x86/mm/ident_map.c | 23 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/fops.c | 5 +- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 +- drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/gpio/gpio-pca953x.c | 19 - .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/light/as73211.c | 24 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/md/dm-crypt.c | 27 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/usb/uvc/uvc_ctrl.c | 8 +- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/ice_devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 79 ++-- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 16 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 4 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 18 +- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 10 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/cachefiles/interface.c | 14 +- fs/cachefiles/ondemand.c | 30 +- fs/exec.c | 29 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/dir.c | 25 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 18 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- include/drm/drm_connector.h | 5 +- include/linux/binfmts.h | 4 +- include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/linux/input-event-codes.h | 1 + include/ufs/ufs.h | 4 +- io_uring/io_uring.c | 5 +- io_uring/net.c | 5 + io_uring/poll.c | 4 + io_uring/rw.c | 10 + kernel/printk/printk.c | 2 +- kernel/sched/core.c | 6 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/maple_tree.c | 23 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 1 + net/ncsi/internal.h | 2 + net/ncsi/ncsi-cmd.c | 3 +- net/ncsi/ncsi-manage.c | 38 +- net/ncsi/ncsi-pkt.h | 10 + net/ncsi/ncsi-rsp.c | 58 ++- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 2 + sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/soc-pcm.c | 32 +- tools/perf/bench/epoll-wait.c | 7 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 258 files changed, 2392 insertions(+), 1203 deletions(-)

2 months, 1 week

12
284
0 0

Alright, Instagram bbe~!💕View My Group💕 - Feb 16, 2025

by Fecied81 Christina (via Looker Studio)

Google Looker Studio View the interactive report: Laporan Tanpa Judul 🎉 Congratulations! You're Invited to Join Our Exclusive Adult Community! 🎉 Your invitation Link >> https://onlyfwbs.us/letsplaynuds We are thrilled to extend a special invitation to you! This is not just any community; it's a place where like-minded individuals come together to share ideas, inspire each other, and build lasting connections. You Can Find Here Local Girls/Women Nearby ,You can Chat nearby Girls $ For Hook-up >>> https://onlyfwbs.us/letsplaynuds Join Cam Show & Many More (Its Totally Free No need to required CC $ personal Information) © 2025 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 You received this email because someone scheduled it to be sent to you regularly. You can unsubscribe from this scheduled email here. This email and its content are subject to the Looker Studio Terms of Service you have agreed to. If you have not agreed to the Looker Studio Terms of Service, the Google Terms of Service shall apply. This email and its content are also subject to the Google Privacy Policy.

2 months, 1 week

1
0
0 0

[PATCH v2] PCI: fix reference leak in pci_register_host_bridge()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. device_register() includes device_add(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 37d6a0a6f470 ("PCI: Add pci_register_host_bridge() interface") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch description. --- drivers/pci/probe.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index b6536ed599c3..03dc65cf48f1 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1017,8 +1017,10 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge) name = dev_name(&bus->dev); err = device_register(&bus->dev); - if (err) + if (err) { + put_device(&bus->dev); goto unregister; + } pcibios_add_bus(bus); -- 2.25.1

2 months, 1 week

1
0
0 0

[PATCH v5 RESEND] [ARM] fix reference leak in locomo_init_one_child()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_register() says, 'NOTE: _Never_ directly free @dev after calling this function, even if it returned an error! Always use put_device() to give up the reference initialized in this function instead.' Found by code review. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v5: - modified the bug description as suggestions; Changes in v4: - deleted the redundant initialization; Changes in v3: - modified the patch as suggestions; Changes in v2: - modified the patch as suggestions. --- arch/arm/common/locomo.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/arm/common/locomo.c b/arch/arm/common/locomo.c index cb6ef449b987..45106066a17f 100644 --- a/arch/arm/common/locomo.c +++ b/arch/arm/common/locomo.c @@ -223,10 +223,8 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) int ret; dev = kzalloc(sizeof(struct locomo_dev), GFP_KERNEL); - if (!dev) { - ret = -ENOMEM; - goto out; - } + if (!dev) + return -ENOMEM; /* * If the parent device has a DMA mask associated with it, @@ -254,10 +252,9 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) NO_IRQ : lchip->irq_base + info->irq[0]; ret = device_register(&dev->dev); - if (ret) { - out: - kfree(dev); - } + if (ret) + put_device(&dev->dev); + return ret; } -- 2.25.1

2 months, 1 week

1
0
0 0

[PATCH v2 RESEND] phy: Fix error handling in tegra_xusb_port_init

by Ma Ke

If device_add() fails, do not use device_unregister() for error handling. device_unregister() consists two functions: device_del() and put_device(). device_unregister() should only be called after device_add() succeeded because device_del() undoes what device_add() does if successful. Change device_unregister() to put_device() call before returning from the function. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 53d2a715c240 ("phy: Add Tegra XUSB pad controller support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the bug description as suggestions. --- drivers/phy/tegra/xusb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c index 79d4814d758d..c89df95aa6ca 100644 --- a/drivers/phy/tegra/xusb.c +++ b/drivers/phy/tegra/xusb.c @@ -548,16 +548,16 @@ static int tegra_xusb_port_init(struct tegra_xusb_port *port, err = dev_set_name(&port->dev, "%s-%u", name, index); if (err < 0) - goto unregister; + goto put_device; err = device_add(&port->dev); if (err < 0) - goto unregister; + goto put_device; return 0; -unregister: - device_unregister(&port->dev); +put_device: + put_device(&port->dev); return err; } -- 2.25.1

2 months, 1 week

1
0
0 0

[PATCH 0/2] kbuild: userprogs: two fixes for LLVM=1

by Thomas Weißschuh

Fix two issues when cross-building userprogs with clang. Reproducer, using nolibc to avoid libc requirements for cross building: $ tail -2 init/Makefile userprogs-always-y += test-llvm test-llvm-userccflags += -nostdlib -nolibc -static -isystem usr/ -include $(srctree)/tools/include/nolibc/nolibc.h $ cat init/test-llvm.c int main(void) { return 0; } $ make ARCH=arm64 LLVM=1 allnoconfig headers_install init/ Validate that init/test-llvm builds and has the correct binary format. Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- Thomas Weißschuh (2): kbuild: userprogs: fix bitsize and target detection on clang kbuild: userprogs: use lld to link through clang Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250213-kbuild-userprog-fixes-4f07b62ae818 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

2 months, 2 weeks

3
7
0 0

Re: [PATCH 6.13 000/442] 6.13.3-rc3 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

2 months, 2 weeks

1
0
0 0

[PATCH 6.12 000/419] 6.12.14-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.14 release. There are 419 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 16 Feb 2025 13:37:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.14-rc2 Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: add reset-names for combphy on rk3568 Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Libo Chen <libo.chen(a)oracle.com> Revert "selftests/sched_ext: fix build after renames in sched_ext API" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Long Li <leo.lilong(a)huawei.com> xfs: fix mount hang during primary superblock recovery failure Darrick J. Wong <djwong(a)kernel.org> xfs: lock dquot buffer before detaching dquot from b_li_list Darrick J. Wong <djwong(a)kernel.org> xfs: release the dquot buf outside of qli_lock Darrick J. Wong <djwong(a)kernel.org> xfs: convert quotacheck to attach dquot buffers Darrick J. Wong <djwong(a)kernel.org> xfs: attach dquot buffer to dquot log item buffer Darrick J. Wong <djwong(a)kernel.org> xfs: clean up log item accesses in xfs_qm_dqflush{,_done} Darrick J. Wong <djwong(a)kernel.org> xfs: separate dquot buffer reads from xfs_dqflush Darrick J. Wong <djwong(a)kernel.org> xfs: don't lose solo superblock counter update transactions Darrick J. Wong <djwong(a)kernel.org> xfs: avoid nested calls to __xfs_trans_commit WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Correctly account for allocated bandwidth during hotplug Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 2 + arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/kvm/e500_mmu_host.c | 21 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_pm.c | 7 +- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 4 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 2 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 4 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 45 +- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/dir.c | 25 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_buf_item_recover.c | 11 +- fs/xfs/xfs_dquot.c | 199 +++++++-- fs/xfs/xfs_dquot.h | 6 +- fs/xfs/xfs_dquot_item.c | 51 ++- fs/xfs/xfs_dquot_item.h | 7 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- fs/xfs/xfs_qm.c | 50 ++- fs/xfs/xfs_qm_bhv.c | 41 +- fs/xfs/xfs_super.c | 11 +- fs/xfs/xfs_trans.c | 29 +- fs/xfs/xfs_trans_ail.c | 2 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 8 +- kernel/sched/deadline.c | 48 +- kernel/sched/fair.c | 19 + kernel/sched/sched.h | 2 +- kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/mptcp/protocol.c | 1 + net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 4 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ .../selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 +- .../selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 +- .../testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- .../selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 +- tools/testing/selftests/sched_ext/exit.bpf.c | 4 +- tools/testing/selftests/sched_ext/maximal.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_dfl.bpf.c | 2 +- .../sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 +- .../selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_vtime.bpf.c | 8 +- tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 453 files changed, 5271 insertions(+), 2590 deletions(-)

2 months, 2 weeks

7
8
0 0

[PATCH] soc: qcom: pd-mapper: defer probing on sdm845

by Frank Oltmanns

On xiaomi-beryllium and oneplus-enchilada audio does not work reliably with the in-kernel pd-mapper. Deferring the probe solves these issues. Specifically, audio only works reliably with the in-kernel pd-mapper, if the probe succeeds when remoteproc3 triggers the first successful probe. I.e., probes from remoteproc0, 1, and 2 need to be deferred until remoteproc3 has been probed. Introduce a device specific quirk that lists the first auxdev for which the probe must be executed. Until then, defer probes from other auxdevs. Fixes: 1ebcde047c54 ("soc: qcom: add pd-mapper implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Frank Oltmanns <frank(a)oltmanns.dev> --- The in-kernel pd-mapper has been causing audio issues on sdm845 devices (specifically, xiaomi-beryllium and oneplus-enchilada). I observed that Stephan’s approach [1] - which defers module probing by blocklisting the module and triggering a later probe - works reliably. Inspired by this, I experimented with delaying the probe within the module itself by returning -EPROBE_DEFER in qcom_pdm_probe() until a certain time (13.9 seconds after boot, based on ktime_get()) had elapsed. This method also restored audio functionality. Further logging of auxdev->id in qcom_pdm_probe() led to an interesting discovery: audio only works reliably with the in-kernel pd-mapper when the first successful probe is triggered by remoteproc3. In other words, probes from remoteproc0, 1, and 2 must be deferred until remoteproc3 has been probed. To address this, I propose introducing a quirk table (which currently only contains sdm845) to defer probing until the correct auxiliary device (remoteproc3) initiates the probe. I look forward to your feedback. Thanks, Frank [1]: https://lore.kernel.org/linux-arm-msm/Zwj3jDhc9fRoCCn6@linaro.org/ --- drivers/soc/qcom/qcom_pd_mapper.c | 43 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/drivers/soc/qcom/qcom_pd_mapper.c b/drivers/soc/qcom/qcom_pd_mapper.c index 154ca5beb47160cc404a46a27840818fe3187420..34b26df665a888ac4872f56e948e73b561ae3b6b 100644 --- a/drivers/soc/qcom/qcom_pd_mapper.c +++ b/drivers/soc/qcom/qcom_pd_mapper.c @@ -46,6 +46,11 @@ struct qcom_pdm_data { struct list_head services; }; +struct qcom_pdm_probe_first_dev_quirk { + const char *name; + u32 id; +}; + static DEFINE_MUTEX(qcom_pdm_mutex); /* protects __qcom_pdm_data */ static struct qcom_pdm_data *__qcom_pdm_data; @@ -526,6 +531,11 @@ static const struct qcom_pdm_domain_data *x1e80100_domains[] = { NULL, }; +static const struct qcom_pdm_probe_first_dev_quirk first_dev_remoteproc3 = { + .id = 3, + .name = "pd-mapper" +}; + static const struct of_device_id qcom_pdm_domains[] __maybe_unused = { { .compatible = "qcom,apq8016", .data = NULL, }, { .compatible = "qcom,apq8064", .data = NULL, }, @@ -566,6 +576,10 @@ static const struct of_device_id qcom_pdm_domains[] __maybe_unused = { {}, }; +static const struct of_device_id qcom_pdm_defer[] __maybe_unused = { + { .compatible = "qcom,sdm845", .data = &first_dev_remoteproc3, }, + {}, +}; static void qcom_pdm_stop(struct qcom_pdm_data *data) { qcom_pdm_free_domains(data); @@ -637,6 +651,25 @@ static struct qcom_pdm_data *qcom_pdm_start(void) return ERR_PTR(ret); } +static bool qcom_pdm_ready(struct auxiliary_device *auxdev) +{ + const struct of_device_id *match; + struct device_node *root; + struct qcom_pdm_probe_first_dev_quirk *first_dev; + + root = of_find_node_by_path("/"); + if (!root) + return true; + + match = of_match_node(qcom_pdm_defer, root); + of_node_put(root); + if (!match) + return true; + + first_dev = (struct qcom_pdm_probe_first_dev_quirk *) match->data; + return (auxdev->id == first_dev->id) && !strcmp(auxdev->name, first_dev->name); +} + static int qcom_pdm_probe(struct auxiliary_device *auxdev, const struct auxiliary_device_id *id) @@ -647,6 +680,15 @@ static int qcom_pdm_probe(struct auxiliary_device *auxdev, mutex_lock(&qcom_pdm_mutex); if (!__qcom_pdm_data) { + if (!qcom_pdm_ready(auxdev)) { + pr_debug("%s: Deferring probe for device %s (id: %u)\n", + __func__, auxdev->name, auxdev->id); + ret = -EPROBE_DEFER; + goto probe_stop; + } + pr_debug("%s: Probing for device %s (id: %u), starting pdm\n", + __func__, auxdev->name, auxdev->id); + data = qcom_pdm_start(); if (IS_ERR(data)) @@ -659,6 +701,7 @@ static int qcom_pdm_probe(struct auxiliary_device *auxdev, auxiliary_set_drvdata(auxdev, __qcom_pdm_data); +probe_stop: mutex_unlock(&qcom_pdm_mutex); return ret; --- base-commit: 7f048b202333b967782a98aa21bb3354dc379bbf change-id: 20250205-qcom_pdm_defer-3dc1271d74d9 Best regards, -- Frank Oltmanns <frank(a)oltmanns.dev>

2 months, 2 weeks

5
12
0 0

[for-linus][PATCH 5/5] ring-buffer: Update pages_touched to reflect persistent buffer content

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The pages_touched field represents the number of subbuffers in the ring buffer that have content that can be read. This is used in accounting of "dirty_pages" and "buffer_percent" to allow the user to wait for the buffer to be filled to a certain amount before it reads the buffer in blocking mode. The persistent buffer never updated this value so it was set to zero, and this accounting would take it as it had no content. This would cause user space to wait for content even though there's enough content in the ring buffer that satisfies the buffer_percent. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Link: https://lore.kernel.org/20250214123512.0631436e@gandalf.local.home Fixes: 5f3b6e839f3ce ("ring-buffer: Validate boot range memory events") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 0419d41a2060..bb6089c2951e 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1850,6 +1850,11 @@ static void rb_meta_validate_events(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->cpu); goto invalid; } + + /* If the buffer has content, update pages_touched */ + if (ret) + local_inc(&cpu_buffer->pages_touched); + entries += ret; entry_bytes += local_read(&head_page->page->commit); local_set(&cpu_buffer->head_page->entries, ret); -- 2.47.2

2 months, 2 weeks

1
0
0 0

[for-linus][PATCH 4/5] tracing: Do not allow mmap() of persistent ring buffer

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When trying to mmap a trace instance buffer that is attached to reserve_mem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 2862f3067 P4D 2862f3067 PUD 0 Oops: Oops: 0000 [#1] PREEMPT_RT SMP PTI CPU: 4 UID: 0 PID: 981 Comm: mmap-rb Not tainted 6.14.0-rc2-test-00003-g7f1a5e3fbf9e-dirty #233 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:validate_page_before_insert+0x5/0xb0 Code: e2 01 89 d0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <48> 8b 46 08 a8 01 75 67 66 90 48 89 f0 8b 50 34 85 d2 74 76 48 89 RSP: 0018:ffffb148c2f3f968 EFLAGS: 00010246 RAX: ffff9fa5d3322000 RBX: ffff9fa5ccff9c08 RCX: 00000000b879ed29 RDX: ffffe97bd00025c0 RSI: ffffe97bd00025c0 RDI: ffff9fa5ccff9c08 RBP: ffffb148c2f3f9f0 R08: 0000000000000004 R09: 0000000000000004 R10: 0000000000000000 R11: 0000000000000200 R12: 0000000000000000 R13: 00007f16a18d5000 R14: ffff9fa5c48db6a8 R15: 0000000000000000 FS: 00007f16a1b54740(0000) GS:ffff9fa73df00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe97bd00025c8 CR3: 00000001048c6006 CR4: 0000000000172ef0 Call Trace: <TASK> ? __die_body.cold+0x19/0x1f ? __die+0x2e/0x40 ? page_fault_oops+0x157/0x2b0 ? search_module_extables+0x53/0x80 ? validate_page_before_insert+0x5/0xb0 ? kernelmode_fixup_or_oops.isra.0+0x5f/0x70 ? __bad_area_nosemaphore+0x16e/0x1b0 ? bad_area_nosemaphore+0x16/0x20 ? do_kern_addr_fault+0x77/0x90 ? exc_page_fault+0x22b/0x230 ? asm_exc_page_fault+0x2b/0x30 ? validate_page_before_insert+0x5/0xb0 ? vm_insert_pages+0x151/0x400 __rb_map_vma+0x21f/0x3f0 ring_buffer_map+0x21b/0x2f0 tracing_buffers_mmap+0x70/0xd0 __mmap_region+0x6f0/0xbd0 mmap_region+0x7f/0x130 do_mmap+0x475/0x610 vm_mmap_pgoff+0xf2/0x1d0 ksys_mmap_pgoff+0x166/0x200 __x64_sys_mmap+0x37/0x50 x64_sys_call+0x1670/0x1d70 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f The reason was that the code that maps the ring buffer pages to user space has: page = virt_to_page((void *)cpu_buffer->subbuf_ids[s]); And uses that in: vm_insert_pages(vma, vma->vm_start, pages, &nr_pages); But virt_to_page() does not work with vmap()'d memory which is what the persistent ring buffer has. It is rather trivial to allow this, but for now just disable mmap() of instances that have their ring buffer from the reserve_mem option. If an mmap() is performed on a persistent buffer it will return -ENODEV just like it would if the .mmap field wasn't defined in the file_operations structure. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Link: https://lore.kernel.org/20250214115547.0d7287d3@gandalf.local.home Fixes: e645535a954ad ("tracing: Add option to use memmapped memory for trace boot instance") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 25ff37aab00f..0e6d517e74e0 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -8279,6 +8279,10 @@ static int tracing_buffers_mmap(struct file *filp, struct vm_area_struct *vma) struct trace_iterator *iter = &info->iter; int ret = 0; + /* Currently the boot mapped buffer is not supported for mmap */ + if (iter->tr->flags & TRACE_ARRAY_FL_BOOT) + return -ENODEV; + ret = get_snapshot_map(iter->tr); if (ret) return ret; -- 2.47.2

2 months, 2 weeks

1
0
0 0

[for-linus][PATCH 3/5] ring-buffer: Validate the persistent meta data subbuf array

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the order of the subbuffers in how the ring buffer link list is to be created. The validator currently makes sure that all the entries are within the range of 0 and nr_subbufs. But it does not check if there are any duplicates. While working on the ring buffer, I corrupted this array, where I added duplicates. The validator did not catch it and created the ring buffer link list on top of it. Luckily, the corruption was only that the reader page was also in the writer path and only presented corrupted data but did not crash the kernel. But if there were duplicates in the writer side, then it could corrupt the ring buffer link list and cause a crash. Create a bitmask array with the size of the number of subbuffers. Then clear it. When walking through the subbuf array checking to see if the entries are within the range, test if its bit is already set in the subbuf_mask. If it is, then there is duplicates and fail the validation. If not, set the corresponding bit and continue. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Link: https://lore.kernel.org/20250214102820.7509ddea@gandalf.local.home Fixes: c76883f18e59b ("ring-buffer: Add test if range of boot buffer is valid") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 07b421115692..0419d41a2060 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1672,7 +1672,8 @@ static void *rb_range_buffer(struct ring_buffer_per_cpu *cpu_buffer, int idx) * must be the same. */ static bool rb_meta_valid(struct ring_buffer_meta *meta, int cpu, - struct trace_buffer *buffer, int nr_pages) + struct trace_buffer *buffer, int nr_pages, + unsigned long *subbuf_mask) { int subbuf_size = PAGE_SIZE; struct buffer_data_page *subbuf; @@ -1680,6 +1681,9 @@ static bool rb_meta_valid(struct ring_buffer_meta *meta, int cpu, unsigned long buffers_end; int i; + if (!subbuf_mask) + return false; + /* Check the meta magic and meta struct size */ if (meta->magic != RING_BUFFER_META_MAGIC || meta->struct_size != sizeof(*meta)) { @@ -1712,6 +1716,8 @@ static bool rb_meta_valid(struct ring_buffer_meta *meta, int cpu, subbuf = rb_subbufs_from_meta(meta); + bitmap_clear(subbuf_mask, 0, meta->nr_subbufs); + /* Is the meta buffers and the subbufs themselves have correct data? */ for (i = 0; i < meta->nr_subbufs; i++) { if (meta->buffers[i] < 0 || @@ -1725,6 +1731,12 @@ static bool rb_meta_valid(struct ring_buffer_meta *meta, int cpu, return false; } + if (test_bit(meta->buffers[i], subbuf_mask)) { + pr_info("Ring buffer boot meta [%d] array has duplicates\n", cpu); + return false; + } + + set_bit(meta->buffers[i], subbuf_mask); subbuf = (void *)subbuf + subbuf_size; } @@ -1889,17 +1901,22 @@ static void rb_meta_init_text_addr(struct ring_buffer_meta *meta) static void rb_range_meta_init(struct trace_buffer *buffer, int nr_pages) { struct ring_buffer_meta *meta; + unsigned long *subbuf_mask; unsigned long delta; void *subbuf; int cpu; int i; + /* Create a mask to test the subbuf array */ + subbuf_mask = bitmap_alloc(nr_pages + 1, GFP_KERNEL); + /* If subbuf_mask fails to allocate, then rb_meta_valid() will return false */ + for (cpu = 0; cpu < nr_cpu_ids; cpu++) { void *next_meta; meta = rb_range_meta(buffer, nr_pages, cpu); - if (rb_meta_valid(meta, cpu, buffer, nr_pages)) { + if (rb_meta_valid(meta, cpu, buffer, nr_pages, subbuf_mask)) { /* Make the mappings match the current address */ subbuf = rb_subbufs_from_meta(meta); delta = (unsigned long)subbuf - meta->first_buffer; @@ -1943,6 +1960,7 @@ static void rb_range_meta_init(struct trace_buffer *buffer, int nr_pages) subbuf += meta->subbuf_size; } } + bitmap_free(subbuf_mask); } static void *rbm_start(struct seq_file *m, loff_t *pos) -- 2.47.2

2 months, 2 weeks

1
0
0 0

[for-linus][PATCH 2/5] tracing: Have the error of __tracing_resize_ring_buffer() passed to user

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Currently if __tracing_resize_ring_buffer() returns an error, the tracing_resize_ringbuffer() returns -ENOMEM. But it may not be a memory issue that caused the function to fail. If the ring buffer is memory mapped, then the resizing of the ring buffer will be disabled. But if the user tries to resize the buffer, it will get an -ENOMEM returned, which is confusing because there is plenty of memory. The actual error returned was -EBUSY, which would make much more sense to the user. Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Link: https://lore.kernel.org/20250213134132.7e4505d7@gandalf.local.home Fixes: 117c39200d9d7 ("ring-buffer: Introducing ring-buffer mapping functions") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> --- kernel/trace/trace.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 1496a5ac33ae..25ff37aab00f 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -5977,8 +5977,6 @@ static int __tracing_resize_ring_buffer(struct trace_array *tr, ssize_t tracing_resize_ring_buffer(struct trace_array *tr, unsigned long size, int cpu_id) { - int ret; - guard(mutex)(&trace_types_lock); if (cpu_id != RING_BUFFER_ALL_CPUS) { @@ -5987,11 +5985,7 @@ ssize_t tracing_resize_ring_buffer(struct trace_array *tr, return -EINVAL; } - ret = __tracing_resize_ring_buffer(tr, size, cpu_id); - if (ret < 0) - ret = -ENOMEM; - - return ret; + return __tracing_resize_ring_buffer(tr, size, cpu_id); } static void update_last_data(struct trace_array *tr) -- 2.47.2

2 months, 2 weeks

1
0
0 0

[for-linus][PATCH 1/5] ring-buffer: Unlock resize on mmap error

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Memory mapping the tracing ring buffer will disable resizing the buffer. But if there's an error in the memory mapping like an invalid parameter, the function exits out without re-enabling the resizing of the ring buffer, preventing the ring buffer from being resized after that. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Link: https://lore.kernel.org/20250213131957.530ec3c5@gandalf.local.home Fixes: 117c39200d9d7 ("ring-buffer: Introducing ring-buffer mapping functions") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index b8e0ae15ca5b..07b421115692 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -7126,6 +7126,7 @@ int ring_buffer_map(struct trace_buffer *buffer, int cpu, kfree(cpu_buffer->subbuf_ids); cpu_buffer->subbuf_ids = NULL; rb_free_meta_page(cpu_buffer); + atomic_dec(&cpu_buffer->resize_disabled); } unlock: -- 2.47.2

2 months, 2 weeks

1
0
0 0

[PATCH 5.10] nvme-pci: fix multiple races in nvme_setup_io_queues

by Casey Chen

commit e4b9852a0f4afe40604afb442e3af4452722050a upstream. Below two paths could overlap each other if we power off a drive quickly after powering it on. There are multiple races in nvme_setup_io_queues() because of shutdown_lock missing and improper use of NVMEQ_ENABLED bit. nvme_reset_work() nvme_remove() nvme_setup_io_queues() nvme_dev_disable() ... ... A1 clear NVMEQ_ENABLED bit for admin queue lock retry: B1 nvme_suspend_io_queues() A2 pci_free_irq() admin queue B2 nvme_suspend_queue() admin queue A3 pci_free_irq_vectors() nvme_pci_disable() A4 nvme_setup_irqs(); B3 pci_free_irq_vectors() ... unlock A5 queue_request_irq() for admin queue set NVMEQ_ENABLED bit ... nvme_create_io_queues() A6 result = queue_request_irq(); set NVMEQ_ENABLED bit ... fail to allocate enough IO queues: A7 nvme_suspend_io_queues() goto retry If B3 runs in between A1 and A2, it will crash if irqaction haven't been freed by A2. B2 is supposed to free admin queue IRQ but it simply can't fulfill the job as A1 has cleared NVMEQ_ENABLED bit. Fix: combine A1 A2 so IRQ get freed as soon as the NVMEQ_ENABLED bit gets cleared. After solved #1, A2 could race with B3 if A2 is freeing IRQ while B3 is checking irqaction. A3 also could race with B2 if B2 is freeing IRQ while A3 is checking irqaction. Fix: A2 and A3 take lock for mutual exclusion. A3 could race with B3 since they could run free_msi_irqs() in parallel. Fix: A3 takes lock for mutual exclusion. A4 could fail to allocate all needed IRQ vectors if A3 and A4 are interrupted by B3. Fix: A4 takes lock for mutual exclusion. If A5/A6 happened after B2/B1, B3 will crash since irqaction is not NULL. They are just allocated by A5/A6. Fix: Lock queue_request_irq() and setting of NVMEQ_ENABLED bit. A7 could get chance to pci_free_irq() for certain IO queue while B3 is checking irqaction. Fix: A7 takes lock. nvme_dev->online_queues need to be protected by shutdown_lock. Since it is not atomic, both paths could modify it using its own copy. Co-developed-by: Yuanyuan Zhong <yzhong(a)purestorage.com> Signed-off-by: Casey Chen <cachen(a)purestorage.com> Reviewed-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Christoph Hellwig <hch(a)lst.de> [noahm(a)debian.org: backported to 5.10] Link: https://lore.kernel.org/linux-nvme/20210707211432.29536-1-cachen@purestorag… Signed-off-by: Noah Meyerhans <noahm(a)debian.org> --- drivers/nvme/host/pci.c | 66 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 58 insertions(+), 8 deletions(-) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 875ebef6adc7..ae04bdce560a 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -1563,6 +1563,28 @@ static void nvme_init_queue(struct nvme_queue *nvmeq, u16 qid) wmb(); /* ensure the first interrupt sees the initialization */ } +/* + * Try getting shutdown_lock while setting up IO queues. + */ +static int nvme_setup_io_queues_trylock(struct nvme_dev *dev) +{ + /* + * Give up if the lock is being held by nvme_dev_disable. + */ + if (!mutex_trylock(&dev->shutdown_lock)) + return -ENODEV; + + /* + * Controller is in wrong state, fail early. + */ + if (dev->ctrl.state != NVME_CTRL_CONNECTING) { + mutex_unlock(&dev->shutdown_lock); + return -ENODEV; + } + + return 0; +} + static int nvme_create_queue(struct nvme_queue *nvmeq, int qid, bool polled) { struct nvme_dev *dev = nvmeq->dev; @@ -1591,8 +1613,11 @@ static int nvme_create_queue(struct nvme_queue *nvmeq, int qid, bool polled) goto release_cq; nvmeq->cq_vector = vector; - nvme_init_queue(nvmeq, qid); + result = nvme_setup_io_queues_trylock(dev); + if (result) + return result; + nvme_init_queue(nvmeq, qid); if (!polled) { result = queue_request_irq(nvmeq); if (result < 0) @@ -1600,10 +1625,12 @@ static int nvme_create_queue(struct nvme_queue *nvmeq, int qid, bool polled) } set_bit(NVMEQ_ENABLED, &nvmeq->flags); + mutex_unlock(&dev->shutdown_lock); return result; release_sq: dev->online_queues--; + mutex_unlock(&dev->shutdown_lock); adapter_delete_sq(dev, qid); release_cq: adapter_delete_cq(dev, qid); @@ -2182,7 +2209,18 @@ static int nvme_setup_io_queues(struct nvme_dev *dev) if (nr_io_queues == 0) return 0; - clear_bit(NVMEQ_ENABLED, &adminq->flags); + /* + * Free IRQ resources as soon as NVMEQ_ENABLED bit transitions + * from set to unset. If there is a window to it is truely freed, + * pci_free_irq_vectors() jumping into this window will crash. + * And take lock to avoid racing with pci_free_irq_vectors() in + * nvme_dev_disable() path. + */ + result = nvme_setup_io_queues_trylock(dev); + if (result) + return result; + if (test_and_clear_bit(NVMEQ_ENABLED, &adminq->flags)) + pci_free_irq(pdev, 0, adminq); if (dev->cmb_use_sqes) { result = nvme_cmb_qdepth(dev, nr_io_queues, @@ -2198,14 +2236,17 @@ static int nvme_setup_io_queues(struct nvme_dev *dev) result = nvme_remap_bar(dev, size); if (!result) break; - if (!--nr_io_queues) - return -ENOMEM; + if (!--nr_io_queues) { + result = -ENOMEM; + goto out_unlock; + } } while (1); adminq->q_db = dev->dbs; retry: /* Deregister the admin queue's interrupt */ - pci_free_irq(pdev, 0, adminq); + if (test_and_clear_bit(NVMEQ_ENABLED, &adminq->flags)) + pci_free_irq(pdev, 0, adminq); /* * If we enable msix early due to not intx, disable it again before @@ -2214,8 +2255,10 @@ static int nvme_setup_io_queues(struct nvme_dev *dev) pci_free_irq_vectors(pdev); result = nvme_setup_irqs(dev, nr_io_queues); - if (result <= 0) - return -EIO; + if (result <= 0) { + result = -EIO; + goto out_unlock; + } dev->num_vecs = result; result = max(result - 1, 1); @@ -2229,8 +2272,9 @@ static int nvme_setup_io_queues(struct nvme_dev *dev) */ result = queue_request_irq(adminq); if (result) - return result; + goto out_unlock; set_bit(NVMEQ_ENABLED, &adminq->flags); + mutex_unlock(&dev->shutdown_lock); result = nvme_create_io_queues(dev); if (result || dev->online_queues < 2) @@ -2239,6 +2283,9 @@ static int nvme_setup_io_queues(struct nvme_dev *dev) if (dev->online_queues - 1 < dev->max_qid) { nr_io_queues = dev->online_queues - 1; nvme_disable_io_queues(dev); + result = nvme_setup_io_queues_trylock(dev); + if (result) + return result; nvme_suspend_io_queues(dev); goto retry; } @@ -2247,6 +2294,9 @@ static int nvme_setup_io_queues(struct nvme_dev *dev) dev->io_queues[HCTX_TYPE_READ], dev->io_queues[HCTX_TYPE_POLL]); return 0; +out_unlock: + mutex_unlock(&dev->shutdown_lock); + return result; } static void nvme_del_queue_end(struct request *req, blk_status_t error) -- 2.39.5

2 months, 2 weeks

1
0
0 0

[PATCH 6.13 000/443] 6.13.3-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.3 release. There are 443 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 16 Feb 2025 13:37:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.3-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.3-rc2 Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/read_collect: fix crash due to uninitialized `prev` variable Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/read_pgpriv2: skip folio queues without `marks3` Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: destroy hfi session after m2m_ctx release Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Sakari Ailus <sakari.ailus(a)linux.intel.com> media: Documentation: tx-rx: Fix formatting Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-hs: clear reset status flag Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-common: fix ad3541/2r ranges Dan Carpenter <dan.carpenter(a)linaro.org> iio: chemical: bme680: Fix uninitialized variable in __bme680_read_raw() Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Easwar Hariharan <eahariha(a)linux.microsoft.com> jiffies: Cast to unsigned long in secs_to_jiffies() conversion Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in recovery/reset Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in ivpu_boot() Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Christian Brauner <brauner(a)kernel.org> pidfs: improve ioctl handling Christian Brauner <brauner(a)kernel.org> pidfs: check for valid ioctl commands Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Terminate all the DMA transactions Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-dell-xps13-9345: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Warn for missing static reserved memory regions Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Dave Young <dyoung(a)redhat.com> x86/efi: skip memattr table on kexec boot Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: astdp: Fix timeout for enabling video signal Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Xu Yang <xu.yang_2(a)nxp.com> perf: imx9_perf: Introduce AXI filter version to refactor the driver and better extension Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Ming Lei <tom.leiming(a)gmail.com> block: mark GFP_NOIO around sysfs ->store() Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module Robin Murphy <robin.murphy(a)arm.com> PCI/TPH: Restore TPH Requester Enable correctly David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Geert Uytterhoeven <geert+renesas(a)glider.be> gpio: GPIO_GRGPIO should depend on OF Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> selftests: drv-net: rss_ctx: add missing cleanup in queue reconfigure Jakub Kicinski <kuba(a)kernel.org> ethtool: ntuple: fix rss + ring_cookie check Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Fix migration initialization Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Preserve oa_ctrl unused bits Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Fix Repeater authentication during topology change Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a memory leak in controller identify Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kees Bakker <kees(a)ijzerbout.nl> iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Improve verifier log for resource leak on exit Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Mark Dietzer <git(a)doridian.net> Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Andre Przywara <andre.przywara(a)arm.com> Revert "mfd: axp20x: Allow multiple regulators" Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, num_of_rules counter on matcher should be atomic Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, change error flow on matcher disconnect Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Kalle Valo <quic_kvalo(a)quicinc.com> wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' Karol Przybylski <karprzy7(a)gmail.com> wifi: ath12k: Fix for out-of bound access error Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: filter out too wide modes if no 3dmux is present Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm/amd/display: Add support for minimum backlight quirk Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Correctly account for allocated bandwidth during hotplug Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Filipe Manana <fdmanana(a)suse.com> btrfs: fix lockdep splat while merging a relocation root Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/driver-api/media/tx-rx.rst | 2 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 4 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 2 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 4 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/lapic.c | 11 + arch/x86/kvm/lapic.h | 1 + arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/vmx/nested.c | 5 + arch/x86/kvm/vmx/vmx.c | 21 + arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/platform/efi/quirks.c | 5 + arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/blk-sysfs.c | 3 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 86 ++-- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 6 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/Kconfig | 1 + drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/Kconfig | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/ast/ast_dp.c | 2 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/intel_hdcp.c | 13 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 13 + drivers/gpu/drm/msm/dp/dp_audio.c | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/regs/xe_oa_regs.h | 6 + drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 14 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.h | 6 + drivers/gpu/drm/xe/xe_guc_ct.c | 3 +- drivers/gpu/drm/xe/xe_guc_log.c | 4 +- drivers/gpu/drm/xe/xe_oa.c | 12 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/chemical/bme680_core.c | 4 +- drivers/iio/dac/ad3552r-common.c | 5 +- drivers/iio/dac/ad3552r-hs.c | 6 + drivers/iio/dac/ad3552r.h | 8 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/input/mouse/synaptics.c | 56 ++- drivers/input/mouse/synaptics.h | 1 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 7 +- drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/axp20x.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 17 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 2 +- .../mellanox/mlx5/core/steering/hws/matcher.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../net/wireless/ath/ath12k/debugfs_htt_stats.c | 5 +- drivers/net/wireless/ath/ath12k/mac.c | 59 +-- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/pci.c | 16 +- drivers/net/wireless/realtek/rtw89/pci.h | 9 + drivers/net/wireless/realtek/rtw89/pci_be.c | 1 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvme/target/admin-cmd.c | 1 + drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 9 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pci/tph.c | 2 +- drivers/perf/fsl_imx9_ddr_perf.c | 33 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/ctree.c | 2 + fs/btrfs/file.c | 2 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/raid-stripe-tree.c | 26 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 54 ++- fs/netfs/read_collect.c | 21 +- fs/netfs/read_pgpriv2.c | 5 +- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/pidfs.c | 34 ++ fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/jiffies.h | 2 +- include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/bpf/verifier.c | 2 +- kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 8 +- kernel/sched/deadline.c | 48 +- kernel/sched/fair.c | 19 + kernel/sched/sched.h | 2 +- kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/ioctl.c | 2 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/renesas/rz-ssi.c | 10 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- .../testing/selftests/bpf/progs/exceptions_fail.c | 4 +- tools/testing/selftests/bpf/progs/preempt_lock.c | 14 +- .../selftests/bpf/progs/verifier_spin_lock.c | 2 +- tools/testing/selftests/drivers/net/hw/rss_ctx.py | 2 + tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 480 files changed, 5355 insertions(+), 2649 deletions(-)

2 months, 2 weeks

6
5
0 0

+ revert-selftests-mm-remove-local-__nr_-definitions.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "selftests/mm: remove local __NR_* definitions" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-selftests-mm-remove-local-__nr_-definitions.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: John Hubbard <jhubbard(a)nvidia.com> Subject: Revert "selftests/mm: remove local __NR_* definitions" Date: Thu, 13 Feb 2025 19:38:50 -0800 This reverts commit a5c6bc590094a1a73cf6fa3f505e1945d2bf2461. The general approach described in commit e076eaca5906 ("selftests: break the dependency upon local header files") was taken one step too far here: it should not have been extended to include the syscall numbers. This is because doing so would require per-arch support in tools/include/uapi, and no such support exists. This revert fixes two separate reports of test failures, from Dave Hansen[1], and Li Wang[2]. An excerpt of Dave's report: Before this commit (a5c6bc590094a1a73cf6fa3f505e1945d2bf2461) things are fine. But after, I get: running PKEY tests for unsupported CPU/OS An excerpt of Li's report: I just found that mlock2_() return a wrong value in mlock2-test [1] https://lore.kernel.org/dc585017-6740-4cab-a536-b12b37a7582d@intel.com [2] https://lore.kernel.org/CAEemH2eW=UMu9+turT2jRie7+6ewUazXmA6kL+VBo3cGDGU6RA… Link: https://lkml.kernel.org/r/20250214033850.235171-1-jhubbard@nvidia.com Fixes: a5c6bc590094 ("selftests/mm: remove local __NR_* definitions") Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Li Wang <liwang(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jeff Xu <jeffxu(a)chromium.org> Cc: Andrei Vagin <avagin(a)google.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Kees Cook <kees(a)kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Rich Felker <dalias(a)libc.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hugepage-mremap.c | 2 - tools/testing/selftests/mm/ksm_functional_tests.c | 8 +++++- tools/testing/selftests/mm/memfd_secret.c | 14 ++++++++++- tools/testing/selftests/mm/mkdirty.c | 8 +++++- tools/testing/selftests/mm/mlock2.h | 1 tools/testing/selftests/mm/protection_keys.c | 2 - tools/testing/selftests/mm/uffd-common.c | 4 +++ tools/testing/selftests/mm/uffd-stress.c | 15 +++++++++++- tools/testing/selftests/mm/uffd-unit-tests.c | 14 ++++++++++- 9 files changed, 60 insertions(+), 8 deletions(-) --- a/tools/testing/selftests/mm/hugepage-mremap.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/hugepage-mremap.c @@ -15,7 +15,7 @@ #define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <sys/mman.h> #include <errno.h> #include <fcntl.h> /* Definition of O_* constants */ --- a/tools/testing/selftests/mm/ksm_functional_tests.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/ksm_functional_tests.c @@ -11,7 +11,7 @@ #include <string.h> #include <stdbool.h> #include <stdint.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <errno.h> #include <fcntl.h> #include <sys/mman.h> @@ -369,6 +369,7 @@ unmap: munmap(map, size); } +#ifdef __NR_userfaultfd static void test_unmerge_uffd_wp(void) { struct uffdio_writeprotect uffd_writeprotect; @@ -429,6 +430,7 @@ close_uffd: unmap: munmap(map, size); } +#endif /* Verify that KSM can be enabled / queried with prctl. */ static void test_prctl(void) @@ -684,7 +686,9 @@ int main(int argc, char **argv) exit(test_child_ksm()); } +#ifdef __NR_userfaultfd tests++; +#endif ksft_print_header(); ksft_set_plan(tests); @@ -696,7 +700,9 @@ int main(int argc, char **argv) test_unmerge(); test_unmerge_zero_pages(); test_unmerge_discarded(); +#ifdef __NR_userfaultfd test_unmerge_uffd_wp(); +#endif test_prot_none(); --- a/tools/testing/selftests/mm/memfd_secret.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/memfd_secret.c @@ -17,7 +17,7 @@ #include <stdlib.h> #include <string.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <errno.h> #include <stdio.h> #include <fcntl.h> @@ -28,6 +28,8 @@ #define pass(fmt, ...) ksft_test_result_pass(fmt, ##__VA_ARGS__) #define skip(fmt, ...) ksft_test_result_skip(fmt, ##__VA_ARGS__) +#ifdef __NR_memfd_secret + #define PATTERN 0x55 static const int prot = PROT_READ | PROT_WRITE; @@ -332,3 +334,13 @@ int main(int argc, char *argv[]) ksft_finished(); } + +#else /* __NR_memfd_secret */ + +int main(int argc, char *argv[]) +{ + printf("skip: skipping memfd_secret test (missing __NR_memfd_secret)\n"); + return KSFT_SKIP; +} + +#endif /* __NR_memfd_secret */ --- a/tools/testing/selftests/mm/mkdirty.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/mkdirty.c @@ -9,7 +9,7 @@ */ #include <fcntl.h> #include <signal.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <string.h> #include <errno.h> #include <stdlib.h> @@ -265,6 +265,7 @@ munmap: munmap(mmap_mem, mmap_size); } +#ifdef __NR_userfaultfd static void test_uffdio_copy(void) { struct uffdio_register uffdio_register; @@ -322,6 +323,7 @@ munmap: munmap(dst, pagesize); free(src); } +#endif /* __NR_userfaultfd */ int main(void) { @@ -334,7 +336,9 @@ int main(void) thpsize / 1024); tests += 3; } +#ifdef __NR_userfaultfd tests += 1; +#endif /* __NR_userfaultfd */ ksft_print_header(); ksft_set_plan(tests); @@ -364,7 +368,9 @@ int main(void) if (thpsize) test_pte_mapped_thp(); /* Placing a fresh page via userfaultfd may set the PTE dirty. */ +#ifdef __NR_userfaultfd test_uffdio_copy(); +#endif /* __NR_userfaultfd */ err = ksft_get_fail_cnt(); if (err) --- a/tools/testing/selftests/mm/mlock2.h~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/mlock2.h @@ -3,7 +3,6 @@ #include <errno.h> #include <stdio.h> #include <stdlib.h> -#include <asm-generic/unistd.h> static int mlock2_(void *start, size_t len, int flags) { --- a/tools/testing/selftests/mm/protection_keys.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/protection_keys.c @@ -42,7 +42,7 @@ #include <sys/wait.h> #include <sys/stat.h> #include <fcntl.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <sys/ptrace.h> #include <setjmp.h> --- a/tools/testing/selftests/mm/uffd-common.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/uffd-common.c @@ -673,7 +673,11 @@ int uffd_open_dev(unsigned int flags) int uffd_open_sys(unsigned int flags) { +#ifdef __NR_userfaultfd return syscall(__NR_userfaultfd, flags); +#else + return -1; +#endif } int uffd_open(unsigned int flags) --- a/tools/testing/selftests/mm/uffd-stress.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/uffd-stress.c @@ -33,10 +33,11 @@ * pthread_mutex_lock will also verify the atomicity of the memory * transfer (UFFDIO_COPY). */ -#include <asm-generic/unistd.h> + #include "uffd-common.h" uint64_t features; +#ifdef __NR_userfaultfd #define BOUNCE_RANDOM (1<<0) #define BOUNCE_RACINGFAULTS (1<<1) @@ -471,3 +472,15 @@ int main(int argc, char **argv) nr_pages, nr_pages_per_cpu); return userfaultfd_stress(); } + +#else /* __NR_userfaultfd */ + +#warning "missing __NR_userfaultfd definition" + +int main(void) +{ + printf("skip: Skipping userfaultfd test (missing __NR_userfaultfd)\n"); + return KSFT_SKIP; +} + +#endif /* __NR_userfaultfd */ --- a/tools/testing/selftests/mm/uffd-unit-tests.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -5,11 +5,12 @@ * Copyright (C) 2015-2023 Red Hat, Inc. */ -#include <asm-generic/unistd.h> #include "uffd-common.h" #include "../../../../mm/gup_test.h" +#ifdef __NR_userfaultfd + /* The unit test doesn't need a large or random size, make it 32MB for now */ #define UFFD_TEST_MEM_SIZE (32UL << 20) @@ -1558,3 +1559,14 @@ int main(int argc, char *argv[]) return ksft_get_fail_cnt() ? KSFT_FAIL : KSFT_PASS; } +#else /* __NR_userfaultfd */ + +#warning "missing __NR_userfaultfd definition" + +int main(void) +{ + printf("Skipping %s (missing __NR_userfaultfd)\n", __file__); + return KSFT_SKIP; +} + +#endif /* __NR_userfaultfd */ _ Patches currently in -mm which might be from jhubbard(a)nvidia.com are revert-selftests-mm-remove-local-__nr_-definitions.patch

2 months, 2 weeks

1
0
0 0

[PATCH v4 0/3] Fix broken SNP support with KVM module built-in

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> This patch-set fixes the current SNP host enabling code and effectively SNP which is broken with respect to the KVM module being built-in. Essentially SNP host enabling code should be invoked before KVM initialization, which is currently not the case when KVM is built-in. SNP host support is currently enabled in snp_rmptable_init() which is invoked as a device_initcall(). Here device_initcall() is used as snp_rmptable_init() expects AMD IOMMU SNP support to be enabled prior to it and the AMD IOMMU driver enables SNP support after PCI bus enumeration. This patch-set adds support to call snp_rmptable_init() early and directly from iommu_snp_enable() (after checking and enabling IOMMU SNP support) which enables SNP host support before KVM initialization with kvm_amd module built-in. Additionally the patch-set adds support to initialize PSP SEV driver during KVM module probe time. This patch-set has been tested with the following cases/scenarios: 1). kvm_amd module and PSP driver built-in. 2). kvm_amd module built-in with intremap=off kernel command line. 3). kvm_amd module built-in with iommu=off kernel command line. 4). kvm_amd and PSP driver built as modules. 5). kvm_amd built as module with iommu=off kernel command line. 6). kvm_amd module as built-in and PSP driver as module. 7). kvm_amd build as a module and PSP driver as built-in. v4: - Add warning if SNP support has been checked on IOMMUs and host SNP support has been enabled but late IOMMU initialization fails subsequently. - Add reviewed-by's. v3: - Ensure that dropping the device_initcall() happens in the same patch that wires up the IOMMU code to invoke snp_rmptable_init() which then makes sure that snp_rmptable_init() is still getting called and also merge patches 3 & 4. - Fix commit logs. v2: - Drop calling iommu_snp_enable() early before enabling IOMMUs as IOMMU subsystem gets initialized via subsys_initcall() and hence snp_rmptable_init() cannot be invoked via subsys_initcall(). - Instead add support to call snp_rmptable_init() early and directly via iommu_snp_enable(). - Fix commit logs. Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature") Ashish Kalra (1): x86/sev: Fix broken SNP support with KVM module built-in Sean Christopherson (2): crypto: ccp: Add external API interface for PSP module initialization KVM: SVM: Ensure PSP module is initialized if KVM module is built-in arch/x86/include/asm/sev.h | 2 ++ arch/x86/kvm/svm/sev.c | 10 ++++++++++ arch/x86/virt/svm/sev.c | 23 +++++++---------------- drivers/crypto/ccp/sp-dev.c | 14 ++++++++++++++ drivers/iommu/amd/init.c | 34 ++++++++++++++++++++++++++++++---- include/linux/psp-sev.h | 9 +++++++++ 6 files changed, 72 insertions(+), 20 deletions(-) -- 2.34.1

2 months, 2 weeks

4
6
0 0

[PATCH] gve: set xdp redirect target only when it is available

by joshwash＠google.com

From: Joshua Washington <joshwash(a)google.com> Before this patch the NETDEV_XDP_ACT_NDO_XMIT XDP feature flag is set by default as part of driver initialization, and is never cleared. However, this flag differs from others in that it is used as an indicator for whether the driver is ready to perform the ndo_xdp_xmit operation as part of an XDP_REDIRECT. Kernel helpers xdp_features_(set|clear)_redirect_target exist to convey this meaning. This patch ensures that the netdev is only reported as a redirect target when XDP queues exist to forward traffic. Fixes: 39a7f4aa3e4a ("gve: Add XDP REDIRECT support for GQI-QPL format") Cc: stable(a)vger.kernel.org Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Jeroen de Borst <jeroendb(a)google.com> Signed-off-by: Joshua Washington <joshwash(a)google.com> --- drivers/net/ethernet/google/gve/gve.h | 10 ++++++++++ drivers/net/ethernet/google/gve/gve_main.c | 6 +++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve.h b/drivers/net/ethernet/google/gve/gve.h index 8167cc5fb0df..78d2a19593d1 100644 --- a/drivers/net/ethernet/google/gve/gve.h +++ b/drivers/net/ethernet/google/gve/gve.h @@ -1116,6 +1116,16 @@ static inline u32 gve_xdp_tx_start_queue_id(struct gve_priv *priv) return gve_xdp_tx_queue_id(priv, 0); } +static inline bool gve_supports_xdp_xmit(struct gve_priv *priv) +{ + switch (priv->queue_format) { + case GVE_GQI_QPL_FORMAT: + return true; + default: + return false; + } +} + /* gqi napi handler defined in gve_main.c */ int gve_napi_poll(struct napi_struct *napi, int budget); diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index 533e659b15b3..92237fb0b60c 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -1903,6 +1903,8 @@ static void gve_turndown(struct gve_priv *priv) /* Stop tx queues */ netif_tx_disable(priv->dev); + xdp_features_clear_redirect_target(priv->dev); + gve_clear_napi_enabled(priv); gve_clear_report_stats(priv); @@ -1972,6 +1974,9 @@ static void gve_turnup(struct gve_priv *priv) napi_schedule(&block->napi); } + if (priv->num_xdp_queues && gve_supports_xdp_xmit(priv)) + xdp_features_set_redirect_target(priv->dev, false); + gve_set_napi_enabled(priv); } @@ -2246,7 +2251,6 @@ static void gve_set_netdev_xdp_features(struct gve_priv *priv) if (priv->queue_format == GVE_GQI_QPL_FORMAT) { xdp_features = NETDEV_XDP_ACT_BASIC; xdp_features |= NETDEV_XDP_ACT_REDIRECT; - xdp_features |= NETDEV_XDP_ACT_NDO_XMIT; xdp_features |= NETDEV_XDP_ACT_XSK_ZEROCOPY; } else { xdp_features = 0; -- 2.48.1.601.g30ceb7b040-goog

2 months, 2 weeks

2
1
0 0

[PATCH] partitions: mac: fix handling of bogus partition table

by Jann Horn

Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeeded. - If the partition table claims a silly sector size like 0xfff bytes (which results in partition table entries straddling sector boundaries), bail out instead of accessing out-of-bounds memory. - We must not assume that the partition table contains proper NUL termination - use strnlen() and strncmp() instead of strlen() and strcmp(). Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- block/partitions/mac.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/block/partitions/mac.c b/block/partitions/mac.c index c80183156d68020e0e14974308ac751b3df84421..b02530d986297058de0db929fbf638a76fc44508 100644 --- a/block/partitions/mac.c +++ b/block/partitions/mac.c @@ -53,13 +53,25 @@ int mac_partition(struct parsed_partitions *state) } secsize = be16_to_cpu(md->block_size); put_dev_sector(sect); + + /* + * If the "block size" is not a power of 2, things get weird - we might + * end up with a partition straddling a sector boundary, so we wouldn't + * be able to read a partition entry with read_part_sector(). + * Real block sizes are probably (?) powers of two, so just require + * that. + */ + if (!is_power_of_2(secsize)) + return -1; datasize = round_down(secsize, 512); data = read_part_sector(state, datasize / 512, &sect); if (!data) return -1; partoffset = secsize % 512; - if (partoffset + sizeof(*part) > datasize) + if (partoffset + sizeof(*part) > datasize) { + put_dev_sector(sect); return -1; + } part = (struct mac_partition *) (data + partoffset); if (be16_to_cpu(part->signature) != MAC_PARTITION_MAGIC) { put_dev_sector(sect); @@ -112,8 +124,8 @@ int mac_partition(struct parsed_partitions *state) int i, l; goodness++; - l = strlen(part->name); - if (strcmp(part->name, "/") == 0) + l = strnlen(part->name, sizeof(part->name)); + if (strncmp(part->name, "/", sizeof(part->name)) == 0) goodness++; for (i = 0; i <= l - 4; ++i) { if (strncasecmp(part->name + i, "root", --- base-commit: ab68d7eb7b1a64f3f4710da46cc5f93c6c154942 change-id: 20250214-partition-mac-2e7114c62223 -- Jann Horn <jannh(a)google.com>

2 months, 2 weeks

2
1
0 0

[PATCH v2 0/4] soc: qcom: ice: fix dev reference leaked through of_qcom_ice_get

by Tudor Ambarus

Hi! Recently I've been pointed to this driver for an example on how consumers can get a pointer to the supplier's driver data and I noticed a leak. Callers of of_qcom_ice_get() leak the device reference taken by of_find_device_by_node(). Introduce devm_of_qcom_ice_get(). Exporting qcom_ice_put() is not done intentionally as the consumers need the ICE intance for the entire life of their device. Update the consumers to use the devm variant and make of_qcom_ice_get() static afterwards. This set touches mmc and scsi subsystems. Since the fix is trivial for them, I'd suggest taking everything through the SoC tree with Acked-by tags if people consider this fine. Note that the mmc and scsi patches depend on the first patch that introduces devm_of_qcom_ice_get(). Thanks! Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> --- Changes in v2: - add kernel doc for newly introduced devm_of_qcom_ice_get(). - update cover letter and commit message of first patch. - collect R-b and A-b tags. - Link to v1: https://lore.kernel.org/r/20250116-qcom-ice-fix-dev-leak-v1-0-84d937683790@… --- Tudor Ambarus (4): soc: qcom: ice: introduce devm_of_qcom_ice_get mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get soc: qcom: ice: make of_qcom_ice_get() static drivers/mmc/host/sdhci-msm.c | 2 +- drivers/soc/qcom/ice.c | 51 ++++++++++++++++++++++++++++++++++++++++++-- drivers/ufs/host/ufs-qcom.c | 2 +- include/soc/qcom/ice.h | 3 ++- 4 files changed, 53 insertions(+), 5 deletions(-) --- base-commit: b323d8e7bc03d27dec646bfdccb7d1a92411f189 change-id: 20250110-qcom-ice-fix-dev-leak-bbff59a964fb Best regards, -- Tudor Ambarus <tudor.ambarus(a)linaro.org>

2 months, 2 weeks

5
7
0 0

[PATCH] clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks

by Ajit Pandey

BRANCH_HALT_ENABLE and BRANCH_HALT_ENABLE_VOTED flags are used to check halt status of branch clocks, which have an inverted logic for the halt bit in CBCR register. However, the current logic in the _check_halt() method only compares the BRANCH_HALT_ENABLE flags, ignoring the votable branch clocks. Update the logic to correctly handle the invert logic for votable clocks using the BRANCH_HALT_ENABLE_VOTED flags. Fixes: 9092d1083a62 ("clk: qcom: branch: Extend the invert logic for branch2 clocks") Cc: stable(a)vger.kernel.org Signed-off-by: Ajit Pandey <quic_ajipan(a)quicinc.com> --- This patch update the logic to correctly handle the invert logic for votable clocks using the BRANCH_HALT_ENABLE_VOTED flags. --- drivers/clk/qcom/clk-branch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/clk/qcom/clk-branch.c b/drivers/clk/qcom/clk-branch.c index 229480c5b075..0f10090d4ae6 100644 --- a/drivers/clk/qcom/clk-branch.c +++ b/drivers/clk/qcom/clk-branch.c @@ -28,7 +28,7 @@ static bool clk_branch_in_hwcg_mode(const struct clk_branch *br) static bool clk_branch_check_halt(const struct clk_branch *br, bool enabling) { - bool invert = (br->halt_check == BRANCH_HALT_ENABLE); + bool invert = (br->halt_check & BRANCH_HALT_ENABLE); u32 val; regmap_read(br->clkr.regmap, br->halt_reg, &val); @@ -44,7 +44,7 @@ static bool clk_branch2_check_halt(const struct clk_branch *br, bool enabling) { u32 val; u32 mask; - bool invert = (br->halt_check == BRANCH_HALT_ENABLE); + bool invert = (br->halt_check & BRANCH_HALT_ENABLE); mask = CBCR_NOC_FSM_STATUS; mask |= CBCR_CLK_OFF; --- base-commit: 9a87ce288fe30f268b3a598422fe76af9bb2c2d2 change-id: 20250128-push_fix-133e5e3c4529 Best regards, -- Ajit Pandey <quic_ajipan(a)quicinc.com>

2 months, 2 weeks

3
2
0 0

[PATCH v3] soc: qcom: pdr: Fix the potential deadlock

by Mukesh Ojha

From: Saranya R <quic_sarar(a)quicinc.com> When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queued to the same qmi->wq and it is ordered workqueue and process B is not able to complete new server request work due to deadlock on list lock. Fix it by removing the unnecessary list iteration as the list iteration is already being done inside locator work, so avoid it here and just call schedule_work() here. Process A Process B process_scheduled_works() pdr_add_lookup() qmi_data_ready_work() process_scheduled_works() pdr_locator_new_server() pdr->locator_init_complete=true; pdr_locator_work() mutex_lock(&pdr->list_lock); pdr_locate_service() mutex_lock(&pdr->list_lock); pdr_get_domain_list() pr_err("PDR: %s get domain list txn wait failed: %d\n", req->service_name, ret); Timeout error log due to deadlock: " PDR: tms/servreg get domain list txn wait failed: -110 PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110 " Thanks to Bjorn and Johan for letting me know that this commit also fixes an audio regression when using the in-kernel pd-mapper as that makes it easier to hit this race. [1] Link: https://lore.kernel.org/lkml/Zqet8iInnDhnxkT9@hovoldconsulting.com/ # [1] Fixes: fbe639b44a82 ("soc: qcom: Introduce Protection Domain Restart helpers") CC: stable(a)vger.kernel.org Reviewed-by: Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> Tested-by: Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Saranya R <quic_sarar(a)quicinc.com> Co-developed-by: Mukesh Ojha <mukesh.ojha(a)oss.qualcomm.com> Signed-off-by: Mukesh Ojha <mukesh.ojha(a)oss.qualcomm.com> --- Changes in v3: - Corrected author and added Co-developed-by for myself. - Added T-by and R-by tags. - Modified commit message updated with the link of the issue which also gets fixed by this commit. Changes in v2: - Added Fixes tag. drivers/soc/qcom/pdr_interface.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/drivers/soc/qcom/pdr_interface.c b/drivers/soc/qcom/pdr_interface.c index 328b6153b2be..71be378d2e43 100644 --- a/drivers/soc/qcom/pdr_interface.c +++ b/drivers/soc/qcom/pdr_interface.c @@ -75,7 +75,6 @@ static int pdr_locator_new_server(struct qmi_handle *qmi, { struct pdr_handle *pdr = container_of(qmi, struct pdr_handle, locator_hdl); - struct pdr_service *pds; mutex_lock(&pdr->lock); /* Create a local client port for QMI communication */ @@ -87,12 +86,7 @@ static int pdr_locator_new_server(struct qmi_handle *qmi, mutex_unlock(&pdr->lock); /* Service pending lookup requests */ - mutex_lock(&pdr->list_lock); - list_for_each_entry(pds, &pdr->lookups, node) { - if (pds->need_locator_lookup) - schedule_work(&pdr->locator_work); - } - mutex_unlock(&pdr->list_lock); + schedule_work(&pdr->locator_work); return 0; } -- 2.34.1

2 months, 2 weeks

2
1
0 0

[PATCH] firmware: qcom: uefisecapp: fix efivars registration race

by Johan Hovold

Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars. Fixes: 6612103ec35a ("firmware: qcom: qseecom: convert to using the TZ allocator") Cc: stable(a)vger.kernel.org # 6.11 Cc: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- Note that commit 40289e35ca52 ("firmware: qcom: scm: enable the TZ mem allocator") looks equally broken as it allocates the tzmem pool only after qcom_scm_is_available() returns true and other driver can start making SCM calls. That one appears to be a bit harder to fix as qcom_tzmem_enable() currently depends on SCM being available, but someone should definitely look into untangling that mess. Johan .../firmware/qcom/qcom_qseecom_uefisecapp.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c index 447246bd04be..98a463e9774b 100644 --- a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c +++ b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c @@ -814,15 +814,6 @@ static int qcom_uefisecapp_probe(struct auxiliary_device *aux_dev, qcuefi->client = container_of(aux_dev, struct qseecom_client, aux_dev); - auxiliary_set_drvdata(aux_dev, qcuefi); - status = qcuefi_set_reference(qcuefi); - if (status) - return status; - - status = efivars_register(&qcuefi->efivars, &qcom_efivar_ops); - if (status) - qcuefi_set_reference(NULL); - memset(&pool_config, 0, sizeof(pool_config)); pool_config.initial_size = SZ_4K; pool_config.policy = QCOM_TZMEM_POLICY_MULTIPLIER; @@ -833,6 +824,15 @@ static int qcom_uefisecapp_probe(struct auxiliary_device *aux_dev, if (IS_ERR(qcuefi->mempool)) return PTR_ERR(qcuefi->mempool); + auxiliary_set_drvdata(aux_dev, qcuefi); + status = qcuefi_set_reference(qcuefi); + if (status) + return status; + + status = efivars_register(&qcuefi->efivars, &qcom_efivar_ops); + if (status) + qcuefi_set_reference(NULL); + return status; } -- 2.45.2

2 months, 2 weeks

5
4
0 0

[PATCH v10 0/4] clk: qcom: Add support for multiple power-domains for a clock controller.

by Bryan O'Donoghue

Changes in v10: - Updated the commit log of patch #1 to make the reasoning - that it makes applying the subsequent patch cleaner/nicer clear - Bjorn - Substantially rewrites final patch commit to mostly reflect Bjorn's summation of my long and rambling previous paragraphs. Being a visual person, I've included some example pseudo-code which hopefully makes the intent clearer plus some ASCII art >= Klimt. - Link to v9: https://lore.kernel.org/r/20241230-b4-linux-next-24-11-18-clock-multiple-po… Changes in v9: - Added patch to unwind pm subdomains in reverse order. It would also be possible to squash this patch into patch#2 but, my own preference is for more granular patches like this instead of "slipping in" functional changes in larger patches like #2. - bod - Unwinding pm subdomain on error in patch #2. To facilitate this change patch #1 was created - Vlad - Drops Bjorn's RB on patch #2. There is a small churn in this patch but enough that a reviewer might reasonably expect RB to be given again. - Amends commit log for patch #3 further. v8 added a lot to the commit log to provide further information but, it is clear from the comments I received on the commit log that the added verbiage was occlusive not elucidative. Reduce down the commit log of patch #3 - especially Q&A item #1. Sometimes less is more. - Link to v8: https://lore.kernel.org/r/20241211-b4-linux-next-24-11-18-clock-multiple-po… Changes in v8: - Picks up change I agreed with Vlad but failed to cherry-pick into my b4 tree - Vlad/Bod - Rewords the commit log for patch #3. As I read it I decided I might translate bits of it from thought-stream into English - Bod - Link to v7: https://lore.kernel.org/r/20241211-b4-linux-next-24-11-18-clock-multiple-po… Changes in v7: - Expand commit log in patch #3 I've discussed with Bjorn on IRC and video what to put into the log here and captured most of what we discussed. Mostly the point here is voting for voltages in the power-domain list is up to the drivers to do with performance states/opp-tables not for the GDSC code. - Bjorn/Bryan - Link to v6: https://lore.kernel.org/r/20241129-b4-linux-next-24-11-18-clock-multiple-po… Changes in v6: - Passes NULL to second parameter of devm_pm_domain_attach_list - Vlad - Link to v5: https://lore.kernel.org/r/20241128-b4-linux-next-24-11-18-clock-multiple-po… Changes in v5: - In-lines devm_pm_domain_attach_list() in probe() directly - Vlad - Link to v4: https://lore.kernel.org/r/20241127-b4-linux-next-24-11-18-clock-multiple-po… v4: - Adds Bjorn's RB to first patch - Bjorn - Drops the 'd' in "and int" - Bjorn - Amends commit log of patch 3 to capture a number of open questions - Bjorn - Link to v3: https://lore.kernel.org/r/20241126-b4-linux-next-24-11-18-clock-multiple-po… v3: - Fixes commit log "per which" - Bryan - Link to v2: https://lore.kernel.org/r/20241125-b4-linux-next-24-11-18-clock-multiple-po… v2: The main change in this version is Bjorn's pointing out that pm_runtime_* inside of the gdsc_enable/gdsc_disable path would be recursive and cause a lockdep splat. Dmitry alluded to this too. Bjorn pointed to stuff being done lower in the gdsc_register() routine that might be a starting point. I iterated around that idea and came up with patch #3. When a gdsc has no parent and the pd_list is non-NULL then attach that orphan GDSC to the clock controller power-domain list. Existing subdomain code in gdsc_register() will connect the parent GDSCs in the clock-controller to the clock-controller subdomain, the new code here does that same job for a list of power-domains the clock controller depends on. To Dmitry's point about MMCX and MCX dependencies for the registers inside of the clock controller, I have switched off all references in a test dtsi and confirmed that accessing the clock-controller regs themselves isn't required. On the second point I also verified my test branch with lockdep on which was a concern with the pm_domain version of this solution but I wanted to cover it anyway with the new approach for completeness sake. Here's the item-by-item list of changes: - Adds a patch to capture pm_genpd_add_subdomain() result code - Bryan - Changes changelog of second patch to remove singleton and generally to make the commit log easier to understand - Bjorn - Uses demv_pm_domain_attach_list - Vlad - Changes error check to if (ret < 0 && ret != -EEXIST) - Vlad - Retains passing &pd_data instead of NULL - because NULL doesn't do the same thing - Bryan/Vlad - Retains standalone function qcom_cc_pds_attach() because the pd_data enumeration looks neater in a standalone function - Bryan/Vlad - Drops pm_runtime in favour of gdsc_add_subdomain_list() for each power-domain in the pd_list. The pd_list will be whatever is pointed to by power-domains = <> in the dtsi - Bjorn - Link to v1: https://lore.kernel.org/r/20241118-b4-linux-next-24-11-18-clock-multiple-po… v1: On x1e80100 and it's SKUs the Camera Clock Controller - CAMCC has multiple power-domains which power it. Usually with a single power-domain the core platform code will automatically switch on the singleton power-domain for you. If you have multiple power-domains for a device, in this case the clock controller, you need to switch those power-domains on/off yourself. The clock controllers can also contain Global Distributed Switch Controllers - GDSCs which themselves can be referenced from dtsi nodes ultimately triggering a gdsc_en() in drivers/clk/qcom/gdsc.c. As an example: cci0: cci@ac4a000 { power-domains = <&camcc TITAN_TOP_GDSC>; }; This series adds the support to attach a power-domain list to the clock-controllers and the GDSCs those controllers provide so that in the case of the above example gdsc_toggle_logic() will trigger the power-domain list with pm_runtime_resume_and_get() and pm_runtime_put_sync() respectively. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (4): clk: qcom: gdsc: Release pm subdomains in reverse add order clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code clk: qcom: common: Add support for power-domain attachment clk: qcom: Support attaching GDSCs to multiple parents drivers/clk/qcom/common.c | 6 ++++ drivers/clk/qcom/gdsc.c | 75 +++++++++++++++++++++++++++++++++++++++-------- drivers/clk/qcom/gdsc.h | 1 + 3 files changed, 69 insertions(+), 13 deletions(-) --- base-commit: 0907e7fb35756464aa34c35d6abb02998418164b change-id: 20241118-b4-linux-next-24-11-18-clock-multiple-power-domains-a5f994dc452a Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

2 months, 2 weeks

2
3
0 0

[PATCH v2] mtd: spinand: winbond: Fix oob_layout for W25N01JW

by Santhosh Kumar K

Fix the W25N01JW's oob_layout according to the datasheet. [1] [1] https://www.winbond.com/hq/product/code-storage-flash-memory/qspinand-flash… Fixes: 6a804fb72de5 ("mtd: spinand: winbond: add support for serial NAND flash") Cc: Sridharan S N <quic_sridsn(a)quicinc.com> Cc: stable(a)vger.kernel.org Signed-off-by: Santhosh Kumar K <s-k6(a)ti.com> --- Changes in v2: - Detach patch 3/3 from v1 - Rebase on next - Link to v1: https://lore.kernel.org/linux-mtd/20250102115110.1402440-1-s-k6@ti.com/ Repo: https://github.com/santhosh21/linux/tree/uL_next Test results: https://gist.github.com/santhosh21/71ab6646dccc238a0b3c47c0382f219a --- drivers/mtd/nand/spi/winbond.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/spi/winbond.c b/drivers/mtd/nand/spi/winbond.c index ea11ae12423f..41cd0a51e450 100644 --- a/drivers/mtd/nand/spi/winbond.c +++ b/drivers/mtd/nand/spi/winbond.c @@ -134,6 +134,30 @@ static int w25n02kv_ooblayout_free(struct mtd_info *mtd, int section, return 0; } +static int w25n01jw_ooblayout_ecc(struct mtd_info *mtd, int section, + struct mtd_oob_region *region) +{ + if (section > 3) + return -ERANGE; + + region->offset = (16 * section) + 12; + region->length = 4; + + return 0; +} + +static int w25n01jw_ooblayout_free(struct mtd_info *mtd, int section, + struct mtd_oob_region *region) +{ + if (section > 3) + return -ERANGE; + + region->offset = (16 * section) + 2; + region->length = 10; + + return 0; +} + static int w35n01jw_ooblayout_ecc(struct mtd_info *mtd, int section, struct mtd_oob_region *region) { @@ -173,6 +197,11 @@ static const struct mtd_ooblayout_ops w35n01jw_ooblayout = { .free = w35n01jw_ooblayout_free, }; +static const struct mtd_ooblayout_ops w25n01jw_ooblayout = { + .ecc = w25n01jw_ooblayout_ecc, + .free = w25n01jw_ooblayout_free, +}; + static int w25n02kv_ecc_get_status(struct spinand_device *spinand, u8 status) { @@ -249,7 +278,7 @@ static const struct spinand_info winbond_spinand_table[] = { &write_cache_variants, &update_cache_variants), 0, - SPINAND_ECCINFO(&w25m02gv_ooblayout, NULL)), + SPINAND_ECCINFO(&w25n01jw_ooblayout, NULL)), SPINAND_INFO("W25N01KV", /* 3.3V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xae, 0x21), NAND_MEMORG(1, 2048, 96, 64, 1024, 20, 1, 1, 1), -- 2.34.1

2 months, 2 weeks

2
2
0 0

[PATCHSET 6.12] xfs: bug fixes from 6.13

by Darrick J. Wong

Hi all, Here's a bunch of hand-ported bug fixes for 6.12 LTS. Most of the patches fix a warning about dquot reclaim needing to read dquot buffers in from disk by pinning buffers at transaction commit time instead of during reclaim. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=ne… --- Commits in this patchset: * xfs: avoid nested calls to __xfs_trans_commit * xfs: don't lose solo superblock counter update transactions * xfs: don't lose solo dquot update transactions * xfs: separate dquot buffer reads from xfs_dqflush * xfs: clean up log item accesses in xfs_qm_dqflush{,_done} * xfs: attach dquot buffer to dquot log item buffer * xfs: convert quotacheck to attach dquot buffers * xfs: don't over-report free space or inodes in statvfs * xfs: release the dquot buf outside of qli_lock * xfs: lock dquot buffer before detaching dquot from b_li_list * xfs: fix mount hang during primary superblock recovery failure --- fs/xfs/xfs_dquot.h | 6 + fs/xfs/xfs_dquot_item.h | 7 + fs/xfs/xfs_quota.h | 7 + fs/xfs/xfs_buf_item_recover.c | 11 ++ fs/xfs/xfs_dquot.c | 199 +++++++++++++++++++++++++++++++++++------ fs/xfs/xfs_dquot_item.c | 51 ++++++++--- fs/xfs/xfs_qm.c | 48 ++++++++-- fs/xfs/xfs_qm_bhv.c | 27 ++++-- fs/xfs/xfs_trans.c | 39 ++++---- fs/xfs/xfs_trans_ail.c | 2 fs/xfs/xfs_trans_dquot.c | 31 +++++- 11 files changed, 338 insertions(+), 90 deletions(-)

2 months, 2 weeks

3
14
0 0

[PATCH v2 1/7] ceph: Do not look at the index of an encrypted page

by Matthew Wilcox (Oracle)

If the pages array contains encrypted pages, we cannot look at page->index because that field is uninitialised. Instead, use the new ceph_fscrypt_pagecache_folio() to get the pagecache folio and look at the index of that. Fixes: d55207717ded (ceph: add encryption support to writepage and writepages) Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> --- fs/ceph/addr.c | 5 ++++- fs/ceph/crypto.h | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index f5224a566b69..80bc0cbacd7a 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -1356,8 +1356,11 @@ static int ceph_writepages_start(struct address_space *mapping, memset(data_pages + i, 0, locked_pages * sizeof(*pages)); } else { + struct folio *folio; + BUG_ON(num_ops != req->r_num_ops); - index = pages[i - 1]->index + 1; + folio = ceph_fscrypt_pagecache_folio(pages[i - 1]); + index = folio->index + 1; /* request message now owns the pages array */ pages = NULL; } diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h index d0768239a1c9..e4404ef589a1 100644 --- a/fs/ceph/crypto.h +++ b/fs/ceph/crypto.h @@ -280,6 +280,13 @@ static inline struct page *ceph_fscrypt_pagecache_page(struct page *page) } #endif /* CONFIG_FS_ENCRYPTION */ +static inline struct folio *ceph_fscrypt_pagecache_folio(struct page *page) +{ + if (fscrypt_is_bounce_page(page)) + page = fscrypt_pagecache_page(page); + return page_folio(page); +} + static inline loff_t ceph_fscrypt_page_offset(struct page *page) { return page_offset(ceph_fscrypt_pagecache_page(page)); -- 2.47.2

2 months, 2 weeks

1
0
0 0

[REGRESSION] usb: xhci port capability storage change broke fastboot android bootloader utility

by Forest

#regzbot introduced: 63a1f8454962 Dear maintainer, I think I have found a regression in kernels version 6.10 and newer, including the latest mainline v6.13-rc4: fastboot (the tool for communicating with Android bootloaders) now fails to perform various operations over USB. The problem manifests as an error when attempting to 'fastboot flash' an image (e.g. a new kernel containing security updates) to a LineageOS phone. It also manifests with simpler operations like reading a variable from the bootloader. For example: fastboot getvar kernel A typical error message when the failure occurs: getvar:kernel FAILED (remote: 'GetVar Variable Not found') I can reproduce this at will. It happens about 50% of the time when I run the above getvar command, and almost all the time when I try to push a new kernel to a device. A git bisect reveals this: 63a1f8454962a64746a59441687dc2401290326c is the first bad commit commit 63a1f8454962a64746a59441687dc2401290326c Author: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Mon Apr 29 17:02:28 2024 +0300 xhci: stored cached port capability values in one place

2 months, 2 weeks

4
12
0 0

Re: [PATCH 6.13 000/443] 6.13.3-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

2 months, 2 weeks

1
0
0 0

[PATCH 6.12 000/422] 6.12.14-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.14 release. There are 422 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Feb 2025 14:23:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.14-rc1 Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: add reset-names for combphy on rk3568 Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Libo Chen <libo.chen(a)oracle.com> Revert "selftests/sched_ext: fix build after renames in sched_ext API" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Long Li <leo.lilong(a)huawei.com> xfs: fix mount hang during primary superblock recovery failure Darrick J. Wong <djwong(a)kernel.org> xfs: lock dquot buffer before detaching dquot from b_li_list Darrick J. Wong <djwong(a)kernel.org> xfs: release the dquot buf outside of qli_lock Darrick J. Wong <djwong(a)kernel.org> xfs: convert quotacheck to attach dquot buffers Darrick J. Wong <djwong(a)kernel.org> xfs: attach dquot buffer to dquot log item buffer Darrick J. Wong <djwong(a)kernel.org> xfs: clean up log item accesses in xfs_qm_dqflush{,_done} Darrick J. Wong <djwong(a)kernel.org> xfs: separate dquot buffer reads from xfs_dqflush Darrick J. Wong <djwong(a)kernel.org> xfs: don't lose solo dquot update transactions Darrick J. Wong <djwong(a)kernel.org> xfs: don't lose solo superblock counter update transactions Darrick J. Wong <djwong(a)kernel.org> xfs: avoid nested calls to __xfs_trans_commit WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Daniel Baumann <daniel(a)debian.org> ata: libata-core: Add ATA_QUIRK_NOLPM for Samsung SSD 870 QVO drives Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Check bandwidth overflow earlier for hotplug Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Correctly account for allocated bandwidth during hotplug Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 2 + arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/kvm/e500_mmu_host.c | 21 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_pm.c | 7 +- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-core.c | 4 + drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 4 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 2 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 4 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 45 +- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/dir.c | 25 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_buf_item_recover.c | 11 +- fs/xfs/xfs_dquot.c | 199 +++++++-- fs/xfs/xfs_dquot.h | 6 +- fs/xfs/xfs_dquot_item.c | 51 ++- fs/xfs/xfs_dquot_item.h | 7 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- fs/xfs/xfs_qm.c | 50 ++- fs/xfs/xfs_qm_bhv.c | 41 +- fs/xfs/xfs_quota.h | 7 +- fs/xfs/xfs_super.c | 11 +- fs/xfs/xfs_trans.c | 39 +- fs/xfs/xfs_trans_ail.c | 2 +- fs/xfs/xfs_trans_dquot.c | 31 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 28 +- kernel/sched/deadline.c | 56 ++- kernel/sched/fair.c | 19 + kernel/sched/sched.h | 2 +- kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/mptcp/protocol.c | 1 + net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 4 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ .../selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 +- .../selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 +- .../testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- .../selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 +- tools/testing/selftests/sched_ext/exit.bpf.c | 4 +- tools/testing/selftests/sched_ext/maximal.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_dfl.bpf.c | 2 +- .../sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 +- .../selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_vtime.bpf.c | 8 +- tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 456 files changed, 5322 insertions(+), 2619 deletions(-)

2 months, 2 weeks

12
440
0 0

RE: Hematologists and Lab Directors Contacts

by Debbie McCoy

Hello, I hope you are having a great day! I am writing this email to follow up on my previous email. I haven't received a response from you yet and I just wanted to make sure that you have received my email. When you have a moment, could you please let me know if you have received it or not? Please acknowledge the receipt of this email. Regards, Debbie ______________________________________________________________________________________ *Subject:* Hematologist and Lab Directors Contact Hello, I have a quick question for you - would you be interested in receiving* Hematologists and Lab Directors Contact* If so, please let me know your *target geography,* and I'll be happy to provide you with relevant counts and pricing. Just a note that we can customize the lists to meet any specific requirements based on your criteria. Wishing you a fantastic day! Debbie McCoy Manager, Demand Generation If you ever feel like opting out, simply reply with "remove me" in the subject line

2 months, 2 weeks

1
0
0 0

[PATCH v2 02/11] drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL

by Imre Deak

Fix the port width programming in the DDI_BUF_CTL register on MTLP+, where this had an off-by-one error. Cc: <stable(a)vger.kernel.org> # v6.5+ Fixes: b66a8abaa48a ("drm/i915/display/mtl: Fill port width in DDI_BUF_/TRANS_DDI_FUNC_/PORT_BUF_CTL for HDMI") Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/i915_reg.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 5433279227e18..5ef7857a893f8 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -3511,7 +3511,7 @@ static void intel_ddi_enable_hdmi(struct intel_atomic_state *state, intel_de_rmw(dev_priv, XELPDP_PORT_BUF_CTL1(dev_priv, port), XELPDP_PORT_WIDTH_MASK | XELPDP_PORT_REVERSAL, port_buf); - buf_ctl |= DDI_PORT_WIDTH(lane_count); + buf_ctl |= DDI_PORT_WIDTH(crtc_state->lane_count); if (DISPLAY_VER(dev_priv) >= 20) buf_ctl |= XE2LPD_DDI_BUF_D2D_LINK_ENABLE; diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index 670cd2371f947..3eea191f20175 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -3639,7 +3639,7 @@ enum skl_power_gate { #define DDI_BUF_IS_IDLE (1 << 7) #define DDI_BUF_CTL_TC_PHY_OWNERSHIP REG_BIT(6) #define DDI_A_4_LANES (1 << 4) -#define DDI_PORT_WIDTH(width) (((width) - 1) << 1) +#define DDI_PORT_WIDTH(width) (((width) == 3 ? 4 : ((width) - 1)) << 1) #define DDI_PORT_WIDTH_MASK (7 << 1) #define DDI_PORT_WIDTH_SHIFT 1 #define DDI_INIT_DISPLAY_DETECTED (1 << 0) -- 2.44.2

2 months, 2 weeks

1
0
0 0

[PATCH v2 01/11] drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro

by Imre Deak

The format of the port width field in the DDI_BUF_CTL and the TRANS_DDI_FUNC_CTL registers are different starting with MTL, where the x3 lane mode for HDMI FRL has a different encoding in the two registers. To account for this use the TRANS_DDI_FUNC_CTL's own port width macro. Cc: <stable(a)vger.kernel.org> # v6.5+ Fixes: b66a8abaa48a ("drm/i915/display/mtl: Fill port width in DDI_BUF_/TRANS_DDI_FUNC_/PORT_BUF_CTL for HDMI") Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/icl_dsi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/icl_dsi.c b/drivers/gpu/drm/i915/display/icl_dsi.c index 9600c2a346d4c..5d3d54922d629 100644 --- a/drivers/gpu/drm/i915/display/icl_dsi.c +++ b/drivers/gpu/drm/i915/display/icl_dsi.c @@ -805,8 +805,8 @@ gen11_dsi_configure_transcoder(struct intel_encoder *encoder, /* select data lane width */ tmp = intel_de_read(display, TRANS_DDI_FUNC_CTL(display, dsi_trans)); - tmp &= ~DDI_PORT_WIDTH_MASK; - tmp |= DDI_PORT_WIDTH(intel_dsi->lane_count); + tmp &= ~TRANS_DDI_PORT_WIDTH_MASK; + tmp |= TRANS_DDI_PORT_WIDTH(intel_dsi->lane_count); /* select input pipe */ tmp &= ~TRANS_DDI_EDP_INPUT_MASK; -- 2.44.2

2 months, 2 weeks

1
0
0 0

[PATCH v6.13] fs/netfs/read_collect: fix crash due to uninitialized `prev` variable

by Max Kellermann

When checking whether the edges of adjacent subrequests touch, the `prev` variable is deferenced, but it might not have been initialized. This causes crashes like this one: BUG: unable to handle page fault for address: 0000000181343843 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000001c66db0067 P4D 8000001c66db0067 PUD 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 1 UID: 33333 PID: 24424 Comm: php-cgi8.2 Kdump: loaded Not tainted 6.13.2-cm4all0-hp+ #427 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 11/23/2021 RIP: 0010:netfs_consume_read_data.isra.0+0x5ef/0xb00 Code: fe ff ff 48 8b 83 88 00 00 00 48 8b 4c 24 30 4c 8b 43 78 48 85 c0 48 8d 51 70 75 20 48 8b 73 30 48 39 d6 74 17 48 8b 7c 24 40 <48> 8b 4f 78 48 03 4f 68 48 39 4b 68 0f 84 ab 02 00 00 49 29 c0 48 RSP: 0000:ffffc90037adbd00 EFLAGS: 00010283 RAX: 0000000000000000 RBX: ffff88811bda0600 RCX: ffff888620e7b980 RDX: ffff888620e7b9f0 RSI: ffff88811bda0428 RDI: 00000001813437cb RBP: 0000000000000000 R08: 0000000000004000 R09: 0000000000000000 R10: ffffffff82e070c0 R11: 0000000007ffffff R12: 0000000000004000 R13: ffff888620e7bb68 R14: 0000000000008000 R15: ffff888620e7bb68 FS: 00007ff2e0e7ddc0(0000) GS:ffff88981f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000181343843 CR3: 0000001bc10ba006 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x15c/0x450 ? search_extable+0x22/0x30 ? netfs_consume_read_data.isra.0+0x5ef/0xb00 ? search_module_extables+0xe/0x40 ? exc_page_fault+0x5e/0x100 ? asm_exc_page_fault+0x22/0x30 ? netfs_consume_read_data.isra.0+0x5ef/0xb00 ? intel_iommu_unmap_pages+0xaa/0x190 ? __pfx_cachefiles_read_complete+0x10/0x10 netfs_read_subreq_terminated+0x24f/0x390 cachefiles_read_complete+0x48/0xf0 iomap_dio_bio_end_io+0x125/0x160 blk_update_request+0xea/0x3e0 scsi_end_request+0x27/0x190 scsi_io_completion+0x43/0x6c0 blk_complete_reqs+0x40/0x50 handle_softirqs+0xd1/0x280 irq_exit_rcu+0x91/0xb0 common_interrupt+0x3b/0xa0 asm_common_interrupt+0x22/0x40 RIP: 0033:0x55fe8470d2ab Code: 00 00 3c 7e 74 3b 3c b6 0f 84 dd 03 00 00 3c 1e 74 2f 83 c1 01 48 83 c2 38 48 83 c7 30 44 39 d1 74 3e 48 63 42 08 85 c0 79 a3 <49> 8b 46 48 8b 04 38 f6 c4 04 75 0b 0f b6 42 30 83 e0 0c 3c 04 75 RSP: 002b:00007ffca5ef2720 EFLAGS: 00000216 RAX: 0000000000000023 RBX: 0000000000000008 RCX: 000000000000001b RDX: 00007ff2e0cdb6f8 RSI: 0000000000000006 RDI: 0000000000000510 RBP: 00007ffca5ef27a0 R08: 00007ffca5ef2720 R09: 0000000000000001 R10: 000000000000001e R11: 00007ff2e0c10d08 R12: 0000000000000001 R13: 0000000000000120 R14: 00007ff2e0cb1ed0 R15: 00000000000000b0 </TASK> Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- David/Greg: just like the other two netfs patches I sent yesterday, this one doesn't apply to v6.14 as it was obsoleted by commit e2d46f2ec332 ("netfs: Change the read result collector to only use one work item"). --- fs/netfs/read_collect.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c index e8624f5c7fcc..a7f285c52a79 100644 --- a/fs/netfs/read_collect.c +++ b/fs/netfs/read_collect.c @@ -258,17 +258,19 @@ static bool netfs_consume_read_data(struct netfs_io_subrequest *subreq, bool was */ if (!subreq->consumed && !prev_donated && - !list_is_first(&subreq->rreq_link, &rreq->subrequests) && - subreq->start == prev->start + prev->len) { + !list_is_first(&subreq->rreq_link, &rreq->subrequests)) { prev = list_prev_entry(subreq, rreq_link); - WRITE_ONCE(prev->next_donated, prev->next_donated + subreq->len); - subreq->start += subreq->len; - subreq->len = 0; - subreq->transferred = 0; - trace_netfs_donate(rreq, subreq, prev, subreq->len, - netfs_trace_donate_to_prev); - trace_netfs_sreq(subreq, netfs_sreq_trace_donate_to_prev); - goto remove_subreq_locked; + if (subreq->start == prev->start + prev->len) { + prev = list_prev_entry(subreq, rreq_link); + WRITE_ONCE(prev->next_donated, prev->next_donated + subreq->len); + subreq->start += subreq->len; + subreq->len = 0; + subreq->transferred = 0; + trace_netfs_donate(rreq, subreq, prev, subreq->len, + netfs_trace_donate_to_prev); + trace_netfs_sreq(subreq, netfs_sreq_trace_donate_to_prev); + goto remove_subreq_locked; + } } /* If we can't donate down the chain, donate up the chain instead. */ -- 2.47.2

2 months, 2 weeks

3
5
0 0

[PATCH net] netdevsim: disable local BH when scheduling NAPI

by Breno Leitao

The netdevsim driver was getting NOHZ tick-stop errors during packet transmission due to pending softirq work when calling napi_schedule(). This is showing the following message when running netconsole selftest. NOHZ tick-stop error: local softirq work is pending, handler #08!!! Add local_bh_disable()/enable() around the napi_schedule() call to prevent softirqs from being handled during this xmit. Cc: stable(a)vger.kernel.org Fixes: 3762ec05a9fb ("netdevsim: add NAPI support") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Breno Leitao <leitao(a)debian.org> --- drivers/net/netdevsim/netdev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/netdevsim/netdev.c b/drivers/net/netdevsim/netdev.c index 42f247cbdceecbadf27f7090c030aa5bd240c18a..6aeb081b06da226ab91c49f53d08f465570877ae 100644 --- a/drivers/net/netdevsim/netdev.c +++ b/drivers/net/netdevsim/netdev.c @@ -87,7 +87,9 @@ static netdev_tx_t nsim_start_xmit(struct sk_buff *skb, struct net_device *dev) if (unlikely(nsim_forward_skb(peer_dev, skb, rq) == NET_RX_DROP)) goto out_drop_cnt; + local_bh_disable(); napi_schedule(&rq->napi); + local_bh_enable(); rcu_read_unlock(); u64_stats_update_begin(&ns->syncp); --- base-commit: cf33d96f50903214226b379b3f10d1f262dae018 change-id: 20250212-netdevsim-258d2d628175 Best regards, -- Breno Leitao <leitao(a)debian.org>

2 months, 2 weeks

3
3
0 0

[PATCH v2] phy: tegra: xusb: reset VBUS & ID OVERRIDE

by Henry Lin

From: BH Hsieh <bhsieh(a)nvidia.com> Observed VBUS_OVERRIDE & ID_OVERRIDE might be programmed with unexpected value prior to XUSB PADCTL driver, this could also occur in virtualization scenario. For example, UEFI firmware programs ID_OVERRIDE=GROUNDED to set a type-c port to host mode and keeps the value to kernel. If the type-c port is connected a usb host, below errors can be observed right after usb host mode driver gets probed. The errors would keep until usb role class driver detects the type-c port as device mode and notifies usb device mode driver to set both ID_OVERRIDE and VBUS_OVERRIDE to correct value by XUSB PADCTL driver. [ 173.765814] usb usb3-port2: Cannot enable. Maybe the USB cable is bad? [ 173.765837] usb usb3-port2: config error Taking virtualization into account, asserting XUSB PADCTL reset would break XUSB functions used by other guest OS, hence only reset VBUS & ID OVERRIDE of the port in utmi_phy_init. Fixes: bbf711682cd5 ("phy: tegra: xusb: Add Tegra186 support") Cc: stable(a)vger.kernel.org Change-Id: Ic63058d4d49b4a1f8f9ab313196e20ad131cc591 Signed-off-by: BH Hsieh <bhsieh(a)nvidia.com> Signed-off-by: Henry Lin <henryl(a)nvidia.com> --- V1 -> V2: Only reset VBUS/ID OVERRIDE for otg/peripheral port drivers/phy/tegra/xusb-tegra186.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index 0f60d5d1c167..fae6242aa730 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -928,6 +928,7 @@ static int tegra186_utmi_phy_init(struct phy *phy) unsigned int index = lane->index; struct device *dev = padctl->dev; int err; + u32 reg; port = tegra_xusb_find_usb2_port(padctl, index); if (!port) { @@ -935,6 +936,16 @@ static int tegra186_utmi_phy_init(struct phy *phy) return -ENODEV; } + if (port->mode == USB_DR_MODE_OTG || + port->mode == USB_DR_MODE_PERIPHERAL) { + /* reset VBUS&ID OVERRIDE */ + reg = padctl_readl(padctl, USB2_VBUS_ID); + reg &= ~VBUS_OVERRIDE; + reg &= ~ID_OVERRIDE(~0); + reg |= ID_OVERRIDE_FLOATING; + padctl_writel(padctl, reg, USB2_VBUS_ID); + } + if (port->supply && port->mode == USB_DR_MODE_HOST) { err = regulator_enable(port->supply); if (err) { -- 2.17.1

2 months, 2 weeks

2
1
0 0

[PATCH v4] phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit()

by André Draszik

We currently don't gate the power to the SS phy in phy_exit(). Shuffle the code slightly to ensure the power is gated to the SS phy as well. Fixes: 32267c29bc7d ("phy: exynos5-usbdrd: support Exynos USBDRD 3.1 combo phy (HS & SS)") CC: stable(a)vger.kernel.org # 6.11+ Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Peter Griffin <peter.griffin(a)linaro.org> Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- Changes in v4: - separate this patch out from original series - Link to v3: https://lore.kernel.org/all/20241205-gs101-phy-lanes-orientation-phy-v3-5-3… Changes in v3: - none - Link to v2: https://lore.kernel.org/all/20241203-gs101-phy-lanes-orientation-phy-v2-5-4… Changes in v2: - add cc-stable and fixes tags to power gating patch (Krzysztof) - Link to v1: https://lore.kernel.org/all/20241127-gs101-phy-lanes-orientation-phy-v1-6-1… --- drivers/phy/samsung/phy-exynos5-usbdrd.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/phy/samsung/phy-exynos5-usbdrd.c b/drivers/phy/samsung/phy-exynos5-usbdrd.c index c421b495eb0f..e4699d4e8075 100644 --- a/drivers/phy/samsung/phy-exynos5-usbdrd.c +++ b/drivers/phy/samsung/phy-exynos5-usbdrd.c @@ -1296,14 +1296,17 @@ static int exynos5_usbdrd_gs101_phy_exit(struct phy *phy) struct exynos5_usbdrd_phy *phy_drd = to_usbdrd_phy(inst); int ret; + if (inst->phy_cfg->id == EXYNOS5_DRDPHY_UTMI) { + ret = exynos850_usbdrd_phy_exit(phy); + if (ret) + return ret; + } + + exynos5_usbdrd_phy_isol(inst, true); + if (inst->phy_cfg->id != EXYNOS5_DRDPHY_UTMI) return 0; - ret = exynos850_usbdrd_phy_exit(phy); - if (ret) - return ret; - - exynos5_usbdrd_phy_isol(inst, true); return regulator_bulk_disable(phy_drd->drv_data->n_regulators, phy_drd->regulators); } --- base-commit: c245a7a79602ccbee780c004c1e4abcda66aec32 change-id: 20241205-gs101-usb-phy-fix-2c558aa0392a Best regards, -- André Draszik <andre.draszik(a)linaro.org>

2 months, 2 weeks

2
1
0 0

[PATCH v6.13] fs/netfs/read_pgpriv2: skip folio queues without `marks3`

by Max Kellermann

At the beginning of the function, folio queues with marks3==0 are skipped, but after that, the `marks3` field is ignored. If one such queue is found, `slot` is set to 64 (because `__ffs(0)==64`), leading to a buffer overflow in the folioq_folio() call. The resulting crash may look like this: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 11 UID: 0 PID: 2909 Comm: kworker/u262:1 Not tainted 6.13.1-cm4all2-vm #415 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Workqueue: events_unbound netfs_read_termination_worker RIP: 0010:netfs_pgpriv2_write_to_the_cache+0x15a/0x3f0 Code: 48 85 c0 48 89 44 24 08 0f 84 24 01 00 00 48 8b 80 40 01 00 00 48 8b 7c 24 08 f3 48 0f bc c0 89 44 24 18 89 c0 48 8b 74 c7 08 <48> 8b 06 48 c7 04 24 00 10 00 00 a8 40 74 10 0f b6 4e 40 b8 00 10 RSP: 0018:ffffbbc440effe18 EFLAGS: 00010203 RAX: 0000000000000040 RBX: ffff96f8fc034000 RCX: 0000000000000000 RDX: 0000000000000040 RSI: 0000000000000000 RDI: ffff96f8fc036400 RBP: 0000000000001000 R08: ffff96f9132bb400 R09: 0000000000001000 R10: ffff96f8c1263c80 R11: 0000000000000003 R12: 0000000000001000 R13: ffff96f8fb75ade8 R14: fffffaaf5ca90000 R15: ffff96f8fb75ad00 FS: 0000000000000000(0000) GS:ffff9703cf0c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010c9ca003 CR4: 00000000001706b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x158/0x450 ? search_extable+0x22/0x30 ? netfs_pgpriv2_write_to_the_cache+0x15a/0x3f0 ? search_module_extables+0xe/0x40 ? exc_page_fault+0x62/0x120 ? asm_exc_page_fault+0x22/0x30 ? netfs_pgpriv2_write_to_the_cache+0x15a/0x3f0 ? netfs_pgpriv2_write_to_the_cache+0xf6/0x3f0 netfs_read_termination_worker+0x1f/0x60 process_one_work+0x138/0x2d0 worker_thread+0x2a5/0x3b0 ? __pfx_worker_thread+0x10/0x10 kthread+0xba/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- Note this patch doesn't apply to v6.14 as it was obsoleted by commit e2d46f2ec332 ("netfs: Change the read result collector to only use one work item"). --- fs/netfs/read_pgpriv2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/netfs/read_pgpriv2.c b/fs/netfs/read_pgpriv2.c index 54d5004fec18..e72f5e674834 100644 --- a/fs/netfs/read_pgpriv2.c +++ b/fs/netfs/read_pgpriv2.c @@ -181,16 +181,17 @@ void netfs_pgpriv2_write_to_the_cache(struct netfs_io_request *rreq) break; folioq_unmark3(folioq, slot); - if (!folioq->marks3) { + while (!folioq->marks3) { folioq = folioq->next; if (!folioq) - break; + goto end_of_queue; } slot = __ffs(folioq->marks3); folio = folioq_folio(folioq, slot); } +end_of_queue: netfs_issue_write(wreq, &wreq->io_streams[1]); smp_wmb(); /* Write lists before ALL_QUEUED. */ set_bit(NETFS_RREQ_ALL_QUEUED, &wreq->flags); -- 2.47.2

2 months, 2 weeks

4
5
0 0

FAILED: patch "[PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 064737920bdbca86df91b96aed256e88018fef3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021004-lung-polyester-844c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 064737920bdbca86df91b96aed256e88018fef3a Mon Sep 17 00:00:00 2001 From: Marc Zyngier <maz(a)kernel.org> Date: Tue, 7 Jan 2025 22:59:41 +0000 Subject: [PATCH] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented The hwcaps code that exposes SVE features to userspace only considers ID_AA64ZFR0_EL1, while this is only valid when ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported. The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the ID_AA64ZFR0_EL1 register is also 0. So far, so good. Things become a bit more interesting if the HW implements SME. In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME* features. And these fields overlap with their SVE interpretations. But the architecture says that the SME and SVE feature sets must match, so we're still hunky-dory. This goes wrong if the HW implements SME, but not SVE. In this case, we end-up advertising some SVE features to userspace, even if the HW has none. That's because we never consider whether SVE is actually implemented. Oh well. Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE being non-zero. The HWCAPS documentation is amended to reflect the actually checks performed by the kernel. Fixes: 06a916feca2b ("arm64: Expose SVE2 features for userspace") Reported-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20250107-arm64-2024-dpisa-v5-1-7578da51fc3d@kerne… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 2ff922a406ad..1a31723e79fd 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -178,22 +178,28 @@ HWCAP2_DCPODP Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010. HWCAP2_SVE2 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0001. HWCAP2_SVEAES - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0001. HWCAP2_SVEPMULL - Functionality implied by ID_AA64ZFR0_EL1.AES == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.AES == 0b0010. HWCAP2_SVEBITPERM - Functionality implied by ID_AA64ZFR0_EL1.BitPerm == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BitPerm == 0b0001. HWCAP2_SVESHA3 - Functionality implied by ID_AA64ZFR0_EL1.SHA3 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SHA3 == 0b0001. HWCAP2_SVESM4 - Functionality implied by ID_AA64ZFR0_EL1.SM4 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SM4 == 0b0001. HWCAP2_FLAGM2 Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0010. @@ -202,16 +208,20 @@ HWCAP2_FRINT Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001. HWCAP2_SVEI8MM - Functionality implied by ID_AA64ZFR0_EL1.I8MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.I8MM == 0b0001. HWCAP2_SVEF32MM - Functionality implied by ID_AA64ZFR0_EL1.F32MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F32MM == 0b0001. HWCAP2_SVEF64MM - Functionality implied by ID_AA64ZFR0_EL1.F64MM == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.F64MM == 0b0001. HWCAP2_SVEBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0001. HWCAP2_I8MM Functionality implied by ID_AA64ISAR1_EL1.I8MM == 0b0001. @@ -277,7 +287,8 @@ HWCAP2_EBF16 Functionality implied by ID_AA64ISAR1_EL1.BF16 == 0b0010. HWCAP2_SVE_EBF16 - Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.BF16 == 0b0010. HWCAP2_CSSC Functionality implied by ID_AA64ISAR2_EL1.CSSC == 0b0001. @@ -286,7 +297,8 @@ HWCAP2_RPRFM Functionality implied by ID_AA64ISAR2_EL1.RPRFM == 0b0001. HWCAP2_SVE2P1 - Functionality implied by ID_AA64ZFR0_EL1.SVEver == 0b0010. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.SVEver == 0b0010. HWCAP2_SME2 Functionality implied by ID_AA64SMFR0_EL1.SMEver == 0b0001. @@ -313,7 +325,8 @@ HWCAP2_HBC Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001. HWCAP2_SVE_B16B16 - Functionality implied by ID_AA64ZFR0_EL1.B16B16 == 0b0001. + Functionality implied by ID_AA64PFR0_EL1.SVE == 0b0001 and + ID_AA64ZFR0_EL1.B16B16 == 0b0001. HWCAP2_LRCPC3 Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0011. diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b105e6683571..678da3ffaef9 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3008,6 +3008,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = match, \ } +#define HWCAP_CAP_MATCH_ID(match, reg, field, min_value, cap_type, cap) \ + { \ + __HWCAP_CAP(#cap, cap_type, cap) \ + HWCAP_CPUID_MATCH(reg, field, min_value) \ + .matches = match, \ + } + #ifdef CONFIG_ARM64_PTR_AUTH static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = { { @@ -3036,6 +3043,13 @@ static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = { }; #endif +#ifdef CONFIG_ARM64_SVE +static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sve() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3078,19 +3092,19 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64MMFR2_EL1, AT, IMP, CAP_HWCAP, KERNEL_HWCAP_USCAT), #ifdef CONFIG_ARM64_SVE HWCAP_CAP(ID_AA64PFR0_EL1, SVE, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), - HWCAP_CAP(ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), - HWCAP_CAP(ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), - HWCAP_CAP(ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), - HWCAP_CAP(ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), - HWCAP_CAP(ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), - HWCAP_CAP(ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), - HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), - HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2p1, CAP_HWCAP, KERNEL_HWCAP_SVE2P1), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SVEver, SVE2, CAP_HWCAP, KERNEL_HWCAP_SVE2), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEAES), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, AES, PMULL128, CAP_HWCAP, KERNEL_HWCAP_SVEPMULL), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBITPERM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVE_B16B16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, BF16, EBF16, CAP_HWCAP, KERNEL_HWCAP_SVE_EBF16), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SHA3, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESHA3), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, SM4, IMP, CAP_HWCAP, KERNEL_HWCAP_SVESM4), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), + HWCAP_CAP_MATCH_ID(has_sve_feature, ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), #endif #ifdef CONFIG_ARM64_GCS HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS),

2 months, 2 weeks

2
1
0 0

[PATCH v6] arm64: mm: Populate vmemmap/linear at the page level for hotplugged sections

by Zhenhua Huang

On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. Considering the vmemmap_free -> unmap_hotplug_pmd_range path, when pmd_sect() is true, the entire PMD section is cleared, even if there is other effective subsection. For example page_struct_map1 and page_strcut_map2 are part of a single PMD entry and they are hot-added sequentially. Then page_struct_map1 is removed, vmemmap_free() will clear the entire PMD entry freeing the struct page map for the whole section, even though page_struct_map2 is still active. Similar problem exists with linear mapping as well, for 16K base page(PMD size = 32M) or 64K base page(PMD = 512M), their block mappings exceed SUBSECTION_SIZE. Tearing down the entire PMD mapping too will leave other subsections unmapped in the linear mapping. To address the issue, we need to prevent PMD/PUD/CONT mappings for both linear and vmemmap for non-boot sections if corresponding size on the given base page exceeds SUBSECTION_SIZE(2MB now). Cc: <stable(a)vger.kernel.org> # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> --- arch/arm64/mm/mmu.c | 46 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index b4df5bc5b1b8..b1089365f3e7 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -42,9 +42,13 @@ #include <asm/pgalloc.h> #include <asm/kfence.h> -#define NO_BLOCK_MAPPINGS BIT(0) -#define NO_CONT_MAPPINGS BIT(1) -#define NO_EXEC_MAPPINGS BIT(2) /* assumes FEAT_HPDS is not used */ +#define NO_PMD_BLOCK_MAPPINGS BIT(0) +#define NO_PUD_BLOCK_MAPPINGS BIT(1) /* Hotplug case: do not want block mapping for PUD */ +#define NO_BLOCK_MAPPINGS (NO_PMD_BLOCK_MAPPINGS | NO_PUD_BLOCK_MAPPINGS) +#define NO_PTE_CONT_MAPPINGS BIT(2) +#define NO_PMD_CONT_MAPPINGS BIT(3) /* Hotplug case: do not want cont mapping for PMD */ +#define NO_CONT_MAPPINGS (NO_PTE_CONT_MAPPINGS | NO_PMD_CONT_MAPPINGS) +#define NO_EXEC_MAPPINGS BIT(4) /* assumes FEAT_HPDS is not used */ u64 kimage_voffset __ro_after_init; EXPORT_SYMBOL(kimage_voffset); @@ -224,7 +228,7 @@ static void alloc_init_cont_pte(pmd_t *pmdp, unsigned long addr, /* use a contiguous mapping if the range is suitably aligned */ if ((((addr | next | phys) & ~CONT_PTE_MASK) == 0) && - (flags & NO_CONT_MAPPINGS) == 0) + (flags & NO_PTE_CONT_MAPPINGS) == 0) __prot = __pgprot(pgprot_val(prot) | PTE_CONT); init_pte(ptep, addr, next, phys, __prot); @@ -254,7 +258,7 @@ static void init_pmd(pmd_t *pmdp, unsigned long addr, unsigned long end, /* try section mapping first */ if (((addr | next | phys) & ~PMD_MASK) == 0 && - (flags & NO_BLOCK_MAPPINGS) == 0) { + (flags & NO_PMD_BLOCK_MAPPINGS) == 0) { pmd_set_huge(pmdp, phys, prot); /* @@ -311,7 +315,7 @@ static void alloc_init_cont_pmd(pud_t *pudp, unsigned long addr, /* use a contiguous mapping if the range is suitably aligned */ if ((((addr | next | phys) & ~CONT_PMD_MASK) == 0) && - (flags & NO_CONT_MAPPINGS) == 0) + (flags & NO_PMD_CONT_MAPPINGS) == 0) __prot = __pgprot(pgprot_val(prot) | PTE_CONT); init_pmd(pmdp, addr, next, phys, __prot, pgtable_alloc, flags); @@ -358,8 +362,8 @@ static void alloc_init_pud(p4d_t *p4dp, unsigned long addr, unsigned long end, * For 4K granule only, attempt to put down a 1GB block */ if (pud_sect_supported() && - ((addr | next | phys) & ~PUD_MASK) == 0 && - (flags & NO_BLOCK_MAPPINGS) == 0) { + ((addr | next | phys) & ~PUD_MASK) == 0 && + (flags & NO_PUD_BLOCK_MAPPINGS) == 0) { pud_set_huge(pudp, phys, prot); /* @@ -1178,7 +1182,13 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, { WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + /* + * Hotplugged section does not support hugepages as + * PMD_SIZE (hence PUD_SIZE) section mapping covers + * struct page range that exceeds a SUBSECTION_SIZE + * i.e 2MB - for all available base page sizes. + */ + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || system_state != SYSTEM_BOOTING) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap); @@ -1340,9 +1350,27 @@ int arch_add_memory(int nid, u64 start, u64 size, struct mhp_params *params) { int ret, flags = NO_EXEC_MAPPINGS; + unsigned long start_pfn = PFN_DOWN(start); + struct mem_section *ms = __pfn_to_section(start_pfn); VM_BUG_ON(!mhp_range_allowed(start, size, true)); + /* should not be invoked by early section */ + WARN_ON(early_section(ms)); + + /* + * Disallow BLOCK/CONT mappings if the corresponding size exceeds + * SUBSECTION_SIZE which now is 2MB. + * + * PUD_BLOCK or PMD_CONT should consistently exceed SUBSECTION_SIZE + * across all variable page size configurations, so add them directly + */ + flags |= NO_PUD_BLOCK_MAPPINGS | NO_PMD_CONT_MAPPINGS; + if (SUBSECTION_SHIFT < PMD_SHIFT) + flags |= NO_PMD_BLOCK_MAPPINGS; + if (SUBSECTION_SHIFT < CONT_PTE_SHIFT) + flags |= NO_PTE_CONT_MAPPINGS; + if (can_set_direct_map()) flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS; -- 2.25.1

2 months, 2 weeks

3
6
0 0

[PATCH RFC] usb: gadget: Set self-powered based on MaxPower and bmAttributes

by Prashanth K

Currently the USB gadget will be set as bus-powered based solely on whether its bMaxPower is greater than 100mA, but this may miss devices that may legitimately draw less than 100mA but still want to report as bus-powered. Similarly during suspend & resume, USB gadget is incorrectly marked as bus/self powered without checking the bmAttributes field. Fix these by configuring the USB gadget as self or bus powered based on bmAttributes, and explicitly set it as bus-powered if it draws more than 100mA. Cc: stable(a)vger.kernel.org Fixes: 5e5caf4fa8d3 ("usb: gadget: composite: Inform controller driver of self-powered") Signed-off-by: Prashanth K <prashanth.k(a)oss.qualcomm.com> --- drivers/usb/gadget/composite.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index bdda8c74602d..1fb28bbf6c45 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -1050,10 +1050,11 @@ static int set_config(struct usb_composite_dev *cdev, else usb_gadget_set_remote_wakeup(gadget, 0); done: - if (power <= USB_SELF_POWER_VBUS_MAX_DRAW) - usb_gadget_set_selfpowered(gadget); - else + if (power > USB_SELF_POWER_VBUS_MAX_DRAW || + !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, power); if (result >= 0 && cdev->delayed_status) @@ -2615,7 +2616,9 @@ void composite_suspend(struct usb_gadget *gadget) cdev->suspended = 1; - usb_gadget_set_selfpowered(gadget); + if (cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER) + usb_gadget_set_selfpowered(gadget); + usb_gadget_vbus_draw(gadget, 2); } @@ -2649,8 +2652,11 @@ void composite_resume(struct usb_gadget *gadget) else maxpower = min(maxpower, 900U); - if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW) + if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW || + !(cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, maxpower); } else { -- 2.25.1

2 months, 2 weeks

2
2
0 0

[PATCH] usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails

by Prashanth K

Currently while UDC suspends, u_ether attempts to remote wakeup the host if there are any pending transfers. However, if remote wakeup fails, the UDC remains suspended but the is_suspend flag is not set. And since is_suspend flag isn't set, the subsequent eth_start_xmit() would queue USB requests to suspended UDC. To fix this, bail out from gether_suspend() only if remote wakeup operation is successful. Cc: stable(a)vger.kernel.org Fixes: 0a1af6dfa077 ("usb: gadget: f_ecm: Add suspend/resume and remote wakeup support") Signed-off-by: Prashanth K <prashanth.k(a)oss.qualcomm.com> --- drivers/usb/gadget/function/u_ether.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/function/u_ether.c b/drivers/usb/gadget/function/u_ether.c index 09e2838917e2..f58590bf5e02 100644 --- a/drivers/usb/gadget/function/u_ether.c +++ b/drivers/usb/gadget/function/u_ether.c @@ -1052,8 +1052,8 @@ void gether_suspend(struct gether *link) * There is a transfer in progress. So we trigger a remote * wakeup to inform the host. */ - ether_wakeup_host(dev->port_usb); - return; + if (!ether_wakeup_host(dev->port_usb)) + return; } spin_lock_irqsave(&dev->lock, flags); link->is_suspend = true; -- 2.25.1

2 months, 2 weeks

2
2
0 0

[PATCH v3] arm64: dts: mediatek: mt6359: fix dtbs_check error for RTC and regulators

by Macpaul Lin

This patch fixes the following dtbs_check errors: 1. 'mt6359rtc' do not match any of the regexes: 'pinctrl-[0-9]+' - Update 'mt6359rtc' in 'mt6359.dtsi' with a generic device name 'rtc' 2. 'pmic: regulators: 'compatible' is a required property' - Add 'mediatek,mt6359-regulator' to compatible property. Fixes: 3b7d143be4b7 ("arm64: dts: mt6359: add PMIC MT6359 related nodes") Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> --- arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) Changes for v2: - No change. Changes for v3: - Add "Reviewed-by:" tag, Thanks! diff --git a/arch/arm64/boot/dts/mediatek/mt6359.dtsi b/arch/arm64/boot/dts/mediatek/mt6359.dtsi index 150ad84d5d2b..3d97ca4e2098 100644 --- a/arch/arm64/boot/dts/mediatek/mt6359.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt6359.dtsi @@ -19,6 +19,8 @@ mt6359codec: mt6359codec { }; regulators { + compatible = "mediatek,mt6359-regulator"; + mt6359_vs1_buck_reg: buck_vs1 { regulator-name = "vs1"; regulator-min-microvolt = <800000>; @@ -297,7 +299,7 @@ mt6359_vsram_others_sshub_ldo: ldo_vsram_others_sshub { }; }; - mt6359rtc: mt6359rtc { + mt6359_rtc: rtc { compatible = "mediatek,mt6358-rtc"; }; }; -- 2.45.2

2 months, 2 weeks

2
1
0 0

[PATCH v2] arm: pgtable: fix NULL pointer dereference issue

by Qi Zheng

When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. Reported-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0c… Fixes: fc9c45b71f43 ("arm: adjust_pte() use pte_offset_map_rw_nolock()") Cc: stable(a)vger.kernel.org Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> --- Changes in v2: - change Ezra's email address (Ezra Buehler) - some cleanups (David Hildenbrand) arch/arm/mm/fault-armv.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/arch/arm/mm/fault-armv.c b/arch/arm/mm/fault-armv.c index 2bec87c3327d2..ea4c4e15f0d31 100644 --- a/arch/arm/mm/fault-armv.c +++ b/arch/arm/mm/fault-armv.c @@ -62,7 +62,7 @@ static int do_adjust_pte(struct vm_area_struct *vma, unsigned long address, } static int adjust_pte(struct vm_area_struct *vma, unsigned long address, - unsigned long pfn, struct vm_fault *vmf) + unsigned long pfn, bool need_lock) { spinlock_t *ptl; pgd_t *pgd; @@ -99,12 +99,11 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, if (!pte) return 0; - /* - * If we are using split PTE locks, then we need to take the page - * lock here. Otherwise we are using shared mm->page_table_lock - * which is already locked, thus cannot take it. - */ - if (ptl != vmf->ptl) { + if (need_lock) { + /* + * Use nested version here to indicate that we are already + * holding one similar spinlock. + */ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) { pte_unmap_unlock(pte, ptl); @@ -114,7 +113,7 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, ret = do_adjust_pte(vma, address, pfn, pte); - if (ptl != vmf->ptl) + if (need_lock) spin_unlock(ptl); pte_unmap(pte); @@ -123,16 +122,18 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, static void make_coherent(struct address_space *mapping, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, unsigned long pfn, - struct vm_fault *vmf) + unsigned long addr, pte_t *ptep, unsigned long pfn) { struct mm_struct *mm = vma->vm_mm; struct vm_area_struct *mpnt; unsigned long offset; + unsigned long pmd_start_addr, pmd_end_addr; pgoff_t pgoff; int aliases = 0; pgoff = vma->vm_pgoff + ((addr - vma->vm_start) >> PAGE_SHIFT); + pmd_start_addr = ALIGN_DOWN(addr, PMD_SIZE); + pmd_end_addr = pmd_start_addr + PMD_SIZE; /* * If we have any shared mappings that are in the same mm @@ -141,6 +142,14 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, */ flush_dcache_mmap_lock(mapping); vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) { + /* + * If we are using split PTE locks, then we need to take the pte + * lock. Otherwise we are using shared mm->page_table_lock which + * is already locked, thus cannot take it. + */ + bool need_lock = IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS); + unsigned long mpnt_addr; + /* * If this VMA is not in our MM, we can ignore it. * Note that we intentionally mask out the VMA @@ -151,7 +160,12 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, if (!(mpnt->vm_flags & VM_MAYSHARE)) continue; offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT; - aliases += adjust_pte(mpnt, mpnt->vm_start + offset, pfn, vmf); + mpnt_addr = mpnt->vm_start + offset; + + /* Avoid deadlocks by not grabbing the same PTE lock again. */ + if (mpnt_addr >= pmd_start_addr && mpnt_addr < pmd_end_addr) + need_lock = false; + aliases += adjust_pte(mpnt, mpnt_addr, pfn, need_lock); } flush_dcache_mmap_unlock(mapping); if (aliases) @@ -194,7 +208,7 @@ void update_mmu_cache_range(struct vm_fault *vmf, struct vm_area_struct *vma, __flush_dcache_folio(mapping, folio); if (mapping) { if (cache_is_vivt()) - make_coherent(mapping, vma, addr, ptep, pfn, vmf); + make_coherent(mapping, vma, addr, ptep, pfn); else if (vma->vm_flags & VM_EXEC) __flush_icache_all(); } -- 2.20.1

2 months, 2 weeks

2
2
0 0

[PATCH v2] ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls()

by Wentao Liang

Check the return value of snd_ctl_rename_id() in snd_hda_create_dig_out_ctls(). Ensure that failures are properly handled. Fixes: 5c219a340850 ("ALSA: hda: Fix kctl->id initialization") Cc: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- sound/pci/hda/hda_codec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c index 14763c0f31ad..46a220404999 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c @@ -2470,7 +2470,9 @@ int snd_hda_create_dig_out_ctls(struct hda_codec *codec, break; id = kctl->id; id.index = spdif_index; - snd_ctl_rename_id(codec->card, &kctl->id, &id); + err = snd_ctl_rename_id(codec->card, &kctl->id, &id); + if (err < 0) + return err; } bus->primary_dig_out_type = HDA_PCM_TYPE_HDMI; } -- 2.42.0.windows.2

2 months, 2 weeks

3
2
0 0

[PATCH] Revert "selftests/mm: remove local __NR_* definitions"

by John Hubbard

This reverts commit a5c6bc590094a1a73cf6fa3f505e1945d2bf2461. The general approach described in commit e076eaca5906 ("selftests: break the dependency upon local header files") was taken one step too far here: it should not have been extended to include the syscall numbers. This is because doing so would require per-arch support in tools/include/uapi, and no such support exists. This revert fixes two separate reports of test failures, from Dave Hansen[1], and Li Wang[2]. An excerpt of Dave's report: Before this commit (a5c6bc590094a1a73cf6fa3f505e1945d2bf2461) things are fine. But after, I get: running PKEY tests for unsupported CPU/OS An excerpt of Li's report: I just found that mlock2_() return a wrong value in mlock2-test [1] https://lore.kernel.org/dc585017-6740-4cab-a536-b12b37a7582d@intel.com [2] https://lore.kernel.org/CAEemH2eW=UMu9+turT2jRie7+6ewUazXmA6kL+VBo3cGDGU6RA… Fixes: a5c6bc590094 ("selftests/mm: remove local __NR_* definitions") Cc: stable(a)vger.kernel.org Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Li Wang <liwang(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jeff Xu <jeffxu(a)chromium.org> Cc: Andrei Vagin <avagin(a)google.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Kees Cook <kees(a)kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Rich Felker <dalias(a)libc.org> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> --- tools/testing/selftests/mm/hugepage-mremap.c | 2 +- tools/testing/selftests/mm/ksm_functional_tests.c | 8 +++++++- tools/testing/selftests/mm/memfd_secret.c | 14 +++++++++++++- tools/testing/selftests/mm/mkdirty.c | 8 +++++++- tools/testing/selftests/mm/mlock2.h | 1 - tools/testing/selftests/mm/protection_keys.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 4 ++++ tools/testing/selftests/mm/uffd-stress.c | 15 ++++++++++++++- tools/testing/selftests/mm/uffd-unit-tests.c | 14 +++++++++++++- 9 files changed, 60 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/mm/hugepage-mremap.c b/tools/testing/selftests/mm/hugepage-mremap.c index ada9156cc497..c463d1c09c9b 100644 --- a/tools/testing/selftests/mm/hugepage-mremap.c +++ b/tools/testing/selftests/mm/hugepage-mremap.c @@ -15,7 +15,7 @@ #define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <sys/mman.h> #include <errno.h> #include <fcntl.h> /* Definition of O_* constants */ diff --git a/tools/testing/selftests/mm/ksm_functional_tests.c b/tools/testing/selftests/mm/ksm_functional_tests.c index 66b4e111b5a2..b61803e36d1c 100644 --- a/tools/testing/selftests/mm/ksm_functional_tests.c +++ b/tools/testing/selftests/mm/ksm_functional_tests.c @@ -11,7 +11,7 @@ #include <string.h> #include <stdbool.h> #include <stdint.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <errno.h> #include <fcntl.h> #include <sys/mman.h> @@ -369,6 +369,7 @@ static void test_unmerge_discarded(void) munmap(map, size); } +#ifdef __NR_userfaultfd static void test_unmerge_uffd_wp(void) { struct uffdio_writeprotect uffd_writeprotect; @@ -429,6 +430,7 @@ static void test_unmerge_uffd_wp(void) unmap: munmap(map, size); } +#endif /* Verify that KSM can be enabled / queried with prctl. */ static void test_prctl(void) @@ -684,7 +686,9 @@ int main(int argc, char **argv) exit(test_child_ksm()); } +#ifdef __NR_userfaultfd tests++; +#endif ksft_print_header(); ksft_set_plan(tests); @@ -696,7 +700,9 @@ int main(int argc, char **argv) test_unmerge(); test_unmerge_zero_pages(); test_unmerge_discarded(); +#ifdef __NR_userfaultfd test_unmerge_uffd_wp(); +#endif test_prot_none(); diff --git a/tools/testing/selftests/mm/memfd_secret.c b/tools/testing/selftests/mm/memfd_secret.c index 74c911aa3aea..9a0597310a76 100644 --- a/tools/testing/selftests/mm/memfd_secret.c +++ b/tools/testing/selftests/mm/memfd_secret.c @@ -17,7 +17,7 @@ #include <stdlib.h> #include <string.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <errno.h> #include <stdio.h> #include <fcntl.h> @@ -28,6 +28,8 @@ #define pass(fmt, ...) ksft_test_result_pass(fmt, ##__VA_ARGS__) #define skip(fmt, ...) ksft_test_result_skip(fmt, ##__VA_ARGS__) +#ifdef __NR_memfd_secret + #define PATTERN 0x55 static const int prot = PROT_READ | PROT_WRITE; @@ -332,3 +334,13 @@ int main(int argc, char *argv[]) ksft_finished(); } + +#else /* __NR_memfd_secret */ + +int main(int argc, char *argv[]) +{ + printf("skip: skipping memfd_secret test (missing __NR_memfd_secret)\n"); + return KSFT_SKIP; +} + +#endif /* __NR_memfd_secret */ diff --git a/tools/testing/selftests/mm/mkdirty.c b/tools/testing/selftests/mm/mkdirty.c index af2fce496912..09feeb453646 100644 --- a/tools/testing/selftests/mm/mkdirty.c +++ b/tools/testing/selftests/mm/mkdirty.c @@ -9,7 +9,7 @@ */ #include <fcntl.h> #include <signal.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <string.h> #include <errno.h> #include <stdlib.h> @@ -265,6 +265,7 @@ static void test_pte_mapped_thp(void) munmap(mmap_mem, mmap_size); } +#ifdef __NR_userfaultfd static void test_uffdio_copy(void) { struct uffdio_register uffdio_register; @@ -322,6 +323,7 @@ static void test_uffdio_copy(void) munmap(dst, pagesize); free(src); } +#endif /* __NR_userfaultfd */ int main(void) { @@ -334,7 +336,9 @@ int main(void) thpsize / 1024); tests += 3; } +#ifdef __NR_userfaultfd tests += 1; +#endif /* __NR_userfaultfd */ ksft_print_header(); ksft_set_plan(tests); @@ -364,7 +368,9 @@ int main(void) if (thpsize) test_pte_mapped_thp(); /* Placing a fresh page via userfaultfd may set the PTE dirty. */ +#ifdef __NR_userfaultfd test_uffdio_copy(); +#endif /* __NR_userfaultfd */ err = ksft_get_fail_cnt(); if (err) diff --git a/tools/testing/selftests/mm/mlock2.h b/tools/testing/selftests/mm/mlock2.h index 1e5731bab499..4417eaa5cfb7 100644 --- a/tools/testing/selftests/mm/mlock2.h +++ b/tools/testing/selftests/mm/mlock2.h @@ -3,7 +3,6 @@ #include <errno.h> #include <stdio.h> #include <stdlib.h> -#include <asm-generic/unistd.h> static int mlock2_(void *start, size_t len, int flags) { diff --git a/tools/testing/selftests/mm/protection_keys.c b/tools/testing/selftests/mm/protection_keys.c index a4683f2476f2..35565af308af 100644 --- a/tools/testing/selftests/mm/protection_keys.c +++ b/tools/testing/selftests/mm/protection_keys.c @@ -42,7 +42,7 @@ #include <sys/wait.h> #include <sys/stat.h> #include <fcntl.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <sys/ptrace.h> #include <setjmp.h> diff --git a/tools/testing/selftests/mm/uffd-common.c b/tools/testing/selftests/mm/uffd-common.c index 717539eddf98..7ad6ba660c7d 100644 --- a/tools/testing/selftests/mm/uffd-common.c +++ b/tools/testing/selftests/mm/uffd-common.c @@ -673,7 +673,11 @@ int uffd_open_dev(unsigned int flags) int uffd_open_sys(unsigned int flags) { +#ifdef __NR_userfaultfd return syscall(__NR_userfaultfd, flags); +#else + return -1; +#endif } int uffd_open(unsigned int flags) diff --git a/tools/testing/selftests/mm/uffd-stress.c b/tools/testing/selftests/mm/uffd-stress.c index a4b83280998a..944d559ade21 100644 --- a/tools/testing/selftests/mm/uffd-stress.c +++ b/tools/testing/selftests/mm/uffd-stress.c @@ -33,10 +33,11 @@ * pthread_mutex_lock will also verify the atomicity of the memory * transfer (UFFDIO_COPY). */ -#include <asm-generic/unistd.h> + #include "uffd-common.h" uint64_t features; +#ifdef __NR_userfaultfd #define BOUNCE_RANDOM (1<<0) #define BOUNCE_RACINGFAULTS (1<<1) @@ -471,3 +472,15 @@ int main(int argc, char **argv) nr_pages, nr_pages_per_cpu); return userfaultfd_stress(); } + +#else /* __NR_userfaultfd */ + +#warning "missing __NR_userfaultfd definition" + +int main(void) +{ + printf("skip: Skipping userfaultfd test (missing __NR_userfaultfd)\n"); + return KSFT_SKIP; +} + +#endif /* __NR_userfaultfd */ diff --git a/tools/testing/selftests/mm/uffd-unit-tests.c b/tools/testing/selftests/mm/uffd-unit-tests.c index 9ff71fa1f9bf..74c8bc02b506 100644 --- a/tools/testing/selftests/mm/uffd-unit-tests.c +++ b/tools/testing/selftests/mm/uffd-unit-tests.c @@ -5,11 +5,12 @@ * Copyright (C) 2015-2023 Red Hat, Inc. */ -#include <asm-generic/unistd.h> #include "uffd-common.h" #include "../../../../mm/gup_test.h" +#ifdef __NR_userfaultfd + /* The unit test doesn't need a large or random size, make it 32MB for now */ #define UFFD_TEST_MEM_SIZE (32UL << 20) @@ -1558,3 +1559,14 @@ int main(int argc, char *argv[]) return ksft_get_fail_cnt() ? KSFT_FAIL : KSFT_PASS; } +#else /* __NR_userfaultfd */ + +#warning "missing __NR_userfaultfd definition" + +int main(void) +{ + printf("Skipping %s (missing __NR_userfaultfd)\n", __file__); + return KSFT_SKIP; +} + +#endif /* __NR_userfaultfd */ base-commit: 5c2b80714a515d35d52772c931ca4581f4646bac -- 2.48.1

2 months, 2 weeks

1
0
0 0

[PATCH 5.10] scsi: core: Fix scsi_mode_sense() buffer length handling

by Vasiliy Kovalev

From: Damien Le Moal <damien.lemoal(a)wdc.com> commit 17b49bcbf8351d3dbe57204468ac34f033ed60bc upstream. Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occupying bytes 7 and 8 of the CDB. With this command, access to mode pages larger than 255 bytes is thus possible. However, the CDB allocation length field is set by assigning len to byte 8 only, thus truncating buffer length larger than 255. 2) If scsi_mode_sense() is called with len smaller than 8 with sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length is increased to 8 and 4 respectively, and the buffer is zero filled with these increased values, thus corrupting the memory following the buffer. Fix these 2 problems by using put_unaligned_be16() to set the allocation length field of MODE SENSE(10) CDB and by returning an error when len is too small. Furthermore, if len is larger than 255B, always try MODE SENSE(10) first, even if the device driver did not set sdev->use_10_for_ms. In case of invalid opcode error for MODE SENSE(10), access to mode pages larger than 255 bytes are not retried using MODE SENSE(6). To avoid buffer length overflows for the MODE_SENSE(10) case, check that len is smaller than 65535 bytes. While at it, also fix the folowing: * Use get_unaligned_be16() to retrieve the mode data length and block descriptor length fields of the mode sense reply header instead of using an open coded calculation. * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable Block Descriptor, which is the opposite of what the dbd argument description was. Link: https://lore.kernel.org/r/20210820070255.682775-2-damien.lemoal@wdc.com Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- Backport to fix CVE-2021-47182 Link: https://www.cve.org/CVERecord/?id=CVE-2021-47182 --- drivers/scsi/scsi_lib.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index fb48d47e9183e..06838cf5300d0 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -2073,7 +2073,7 @@ EXPORT_SYMBOL_GPL(scsi_mode_select); /** * scsi_mode_sense - issue a mode sense, falling back from 10 to six bytes if necessary. * @sdev: SCSI device to be queried - * @dbd: set if mode sense will allow block descriptors to be returned + * @dbd: set to prevent mode sense from returning block descriptors * @modepage: mode page being requested * @buffer: request buffer (may not be smaller than eight bytes) * @len: length of request buffer. @@ -2108,18 +2108,18 @@ scsi_mode_sense(struct scsi_device *sdev, int dbd, int modepage, sshdr = &my_sshdr; retry: - use_10_for_ms = sdev->use_10_for_ms; + use_10_for_ms = sdev->use_10_for_ms || len > 255; if (use_10_for_ms) { - if (len < 8) - len = 8; + if (len < 8 || len > 65535) + return -EINVAL; cmd[0] = MODE_SENSE_10; - cmd[8] = len; + put_unaligned_be16(len, &cmd[7]); header_length = 8; } else { if (len < 4) - len = 4; + return -EINVAL; cmd[0] = MODE_SENSE; cmd[4] = len; @@ -2144,8 +2144,14 @@ scsi_mode_sense(struct scsi_device *sdev, int dbd, int modepage, if ((sshdr->sense_key == ILLEGAL_REQUEST) && (sshdr->asc == 0x20) && (sshdr->ascq == 0)) { /* - * Invalid command operation code + * Invalid command operation code: retry using + * MODE SENSE(6) if this was a MODE SENSE(10) + * request, except if the request mode page is + * too large for MODE SENSE single byte + * allocation length field. */ + if (len > 255) + return -EIO; sdev->use_10_for_ms = 0; goto retry; } @@ -2163,12 +2169,11 @@ scsi_mode_sense(struct scsi_device *sdev, int dbd, int modepage, data->longlba = 0; data->block_descriptor_length = 0; } else if (use_10_for_ms) { - data->length = buffer[0]*256 + buffer[1] + 2; + data->length = get_unaligned_be16(&buffer[0]) + 2; data->medium_type = buffer[2]; data->device_specific = buffer[3]; data->longlba = buffer[4] & 0x01; - data->block_descriptor_length = buffer[6]*256 - + buffer[7]; + data->block_descriptor_length = get_unaligned_be16(&buffer[6]); } else { data->length = buffer[0] + 1; data->medium_type = buffer[1]; -- 2.42.2

2 months, 2 weeks

1
0
0 0

[PATCH] net: dsa: felix: Add NULL check for outer_tagging_rule()

by Wentao Liang

In felix_update_tag_8021q_rx_rules(), the return value of ocelot_vcap_block_find_filter_by_id() is not checked, which could lead to a NULL pointer dereference if the filter is not found. Add the necessary check and use `continue` to skip the current CPU port if the filter is not found, ensuring that all CPU ports are processed. Fixes: f1288fd7293b ("net: dsa: felix: fix VLAN tag loss on CPU reception with ocelot-8021q") Cc: stable(a)vger.kernel.org # 6.11+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/dsa/ocelot/felix.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/dsa/ocelot/felix.c b/drivers/net/dsa/ocelot/felix.c index 3aa9c997018a..10ad43108b88 100644 --- a/drivers/net/dsa/ocelot/felix.c +++ b/drivers/net/dsa/ocelot/felix.c @@ -348,6 +348,8 @@ static int felix_update_tag_8021q_rx_rules(struct dsa_switch *ds, int port, outer_tagging_rule = ocelot_vcap_block_find_filter_by_id(block_vcap_es0, cookie, false); + if (!outer_tagging_rule) + continue; felix_update_tag_8021q_rx_rule(outer_tagging_rule, vlan_filtering); -- 2.42.0.windows.2

2 months, 2 weeks

4
3
0 0

FAILED: patch "[PATCH] scsi: storvsc: Set correct data length for sending SCSI" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 87c4b5e8a6b65189abd9ea5010ab308941f964a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021055-utensil-raven-b270@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 87c4b5e8a6b65189abd9ea5010ab308941f964a4 Mon Sep 17 00:00:00 2001 From: Long Li <longli(a)microsoft.com> Date: Wed, 22 Jan 2025 19:07:22 -0800 Subject: [PATCH] scsi: storvsc: Set correct data length for sending SCSI command without payload In StorVSC, payload->range.len is used to indicate if this SCSI command carries payload. This data is allocated as part of the private driver data by the upper layer and may get passed to lower driver uninitialized. For example, the SCSI error handling mid layer may send TEST_UNIT_READY or REQUEST_SENSE while reusing the buffer from a failed command. The private data section may have stale data from the previous command. If the SCSI command doesn't carry payload, the driver may use this value as is for communicating with host, resulting in possible corruption. Fix this by always initializing this value. Fixes: be0cf6ca301c ("scsi: storvsc: Set the tablesize based on the information given by the host") Cc: stable(a)kernel.org Tested-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Long Li <longli(a)microsoft.com> Link: https://lore.kernel.org/r/1737601642-7759-1-git-send-email-longli@linuxonhy… Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index 5a101ac06c47..a8614e54544e 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -1800,6 +1800,7 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd) length = scsi_bufflen(scmnd); payload = (struct vmbus_packet_mpb_array *)&cmd_request->mpb; + payload->range.len = 0; payload_sz = 0; if (scsi_sg_count(scmnd)) {

2 months, 2 weeks

2
1
0 0

[PATCH 6.1] ext4: filesystems without casefold feature cannot be mounted with siphash

by vgiraud.opensource＠witekio.com

From: Lizhi Xu <lizhi.xu(a)windriver.com> commit 985b67cd86392310d9e9326de941c22fc9340eec upstream. When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. Reported-by: syzbot+340581ba9dceb7e06fb3(a)syzkaller.appspotmail.com Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Link: https://patch.msgid.link/20240605012335.44086-1-lizhi.xu@windriver.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Victor Giraud <vgiraud.opensource(a)witekio.com> --- fs/ext4/super.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 53f1deb049ec..ca1d9a36aba2 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3547,6 +3547,14 @@ int ext4_feature_set_ok(struct super_block *sb, int readonly) } #endif + if (EXT4_SB(sb)->s_es->s_def_hash_version == DX_HASH_SIPHASH && + !ext4_has_feature_casefold(sb)) { + ext4_msg(sb, KERN_ERR, + "Filesystem without casefold feature cannot be " + "mounted with siphash"); + return 0; + } + if (readonly) return 1; -- 2.34.1

2 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c1472ec1dc4419d0bae663c1a1e6cb98dc7881ad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021033-chariot-imminent-753d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c1472ec1dc4419d0bae663c1a1e6cb98dc7881ad Mon Sep 17 00:00:00 2001 From: Romain Naour <romain.naour(a)skf.com> Date: Fri, 15 Nov 2024 11:25:37 +0100 Subject: [PATCH] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus A bus_dma_limit was added for l3 bus by commit cfb5d65f2595 ("ARM: dts: dra7: Add bus_dma_limit for L3 bus") to fix an issue observed only with SATA on DRA7-EVM with 4GB RAM and CONFIG_ARM_LPAE enabled. Since kernel 5.13, the SATA issue can be reproduced again following the SATA node move from L3 bus to L4_cfg in commit 8af15365a368 ("ARM: dts: Configure interconnect target module for dra7 sata"). Fix it by adding an empty dma-ranges property to l4_cfg and segment@100000 nodes (parent device tree node of SATA controller) to inherit the 2GB dma ranges limit from l3 bus node. Note: A similar fix was applied for PCIe controller by commit 90d4d3f4ea45 ("ARM: dts: dra7: Fix bus_dma_limit for PCIe"). Fixes: 8af15365a368 ("ARM: dts: Configure interconnect target module for dra7 sata"). Link: https://lore.kernel.org/linux-omap/c583e1bb-f56b-4489-8012-ce742e85f233@smi… Cc: stable(a)vger.kernel.org # 5.13 Signed-off-by: Romain Naour <romain.naour(a)skf.com> Link: https://lore.kernel.org/r/20241115102537.1330300-1-romain.naour@smile.fr Signed-off-by: Kevin Hilman <khilman(a)baylibre.com> diff --git a/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi b/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi index 6e67d99832ac..ba7fdaae9c6e 100644 --- a/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi +++ b/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi @@ -12,6 +12,7 @@ &l4_cfg { /* 0x4a000000 */ ranges = <0x00000000 0x4a000000 0x100000>, /* segment 0 */ <0x00100000 0x4a100000 0x100000>, /* segment 1 */ <0x00200000 0x4a200000 0x100000>; /* segment 2 */ + dma-ranges; segment@0 { /* 0x4a000000 */ compatible = "simple-pm-bus"; @@ -557,6 +558,7 @@ segment@100000 { /* 0x4a100000 */ <0x0007e000 0x0017e000 0x001000>, /* ap 124 */ <0x00059000 0x00159000 0x001000>, /* ap 125 */ <0x0005a000 0x0015a000 0x001000>; /* ap 126 */ + dma-ranges; target-module@2000 { /* 0x4a102000, ap 27 3c.0 */ compatible = "ti,sysc";

2 months, 2 weeks

2
1
0 0

[PATCH 6.6] ext4: filesystems without casefold feature cannot be mounted with siphash

by vgiraud.opensource＠witekio.com

From: Lizhi Xu <lizhi.xu(a)windriver.com> commit 985b67cd86392310d9e9326de941c22fc9340eec upstream. When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. Reported-by: syzbot+340581ba9dceb7e06fb3(a)syzkaller.appspotmail.com Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Link: https://patch.msgid.link/20240605012335.44086-1-lizhi.xu@windriver.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Victor Giraud <vgiraud.opensource(a)witekio.com> --- fs/ext4/super.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index f019ce64eba4..b69d791be846 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3627,6 +3627,14 @@ int ext4_feature_set_ok(struct super_block *sb, int readonly) } #endif + if (EXT4_SB(sb)->s_es->s_def_hash_version == DX_HASH_SIPHASH && + !ext4_has_feature_casefold(sb)) { + ext4_msg(sb, KERN_ERR, + "Filesystem without casefold feature cannot be " + "mounted with siphash"); + return 0; + } + if (readonly) return 1; -- 2.34.1

2 months, 2 weeks

4
4
0 0

FAILED: patch "[PATCH] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c1472ec1dc4419d0bae663c1a1e6cb98dc7881ad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021032-showgirl-penknife-7098@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c1472ec1dc4419d0bae663c1a1e6cb98dc7881ad Mon Sep 17 00:00:00 2001 From: Romain Naour <romain.naour(a)skf.com> Date: Fri, 15 Nov 2024 11:25:37 +0100 Subject: [PATCH] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus A bus_dma_limit was added for l3 bus by commit cfb5d65f2595 ("ARM: dts: dra7: Add bus_dma_limit for L3 bus") to fix an issue observed only with SATA on DRA7-EVM with 4GB RAM and CONFIG_ARM_LPAE enabled. Since kernel 5.13, the SATA issue can be reproduced again following the SATA node move from L3 bus to L4_cfg in commit 8af15365a368 ("ARM: dts: Configure interconnect target module for dra7 sata"). Fix it by adding an empty dma-ranges property to l4_cfg and segment@100000 nodes (parent device tree node of SATA controller) to inherit the 2GB dma ranges limit from l3 bus node. Note: A similar fix was applied for PCIe controller by commit 90d4d3f4ea45 ("ARM: dts: dra7: Fix bus_dma_limit for PCIe"). Fixes: 8af15365a368 ("ARM: dts: Configure interconnect target module for dra7 sata"). Link: https://lore.kernel.org/linux-omap/c583e1bb-f56b-4489-8012-ce742e85f233@smi… Cc: stable(a)vger.kernel.org # 5.13 Signed-off-by: Romain Naour <romain.naour(a)skf.com> Link: https://lore.kernel.org/r/20241115102537.1330300-1-romain.naour@smile.fr Signed-off-by: Kevin Hilman <khilman(a)baylibre.com> diff --git a/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi b/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi index 6e67d99832ac..ba7fdaae9c6e 100644 --- a/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi +++ b/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi @@ -12,6 +12,7 @@ &l4_cfg { /* 0x4a000000 */ ranges = <0x00000000 0x4a000000 0x100000>, /* segment 0 */ <0x00100000 0x4a100000 0x100000>, /* segment 1 */ <0x00200000 0x4a200000 0x100000>; /* segment 2 */ + dma-ranges; segment@0 { /* 0x4a000000 */ compatible = "simple-pm-bus"; @@ -557,6 +558,7 @@ segment@100000 { /* 0x4a100000 */ <0x0007e000 0x0017e000 0x001000>, /* ap 124 */ <0x00059000 0x00159000 0x001000>, /* ap 125 */ <0x0005a000 0x0015a000 0x001000>; /* ap 126 */ + dma-ranges; target-module@2000 { /* 0x4a102000, ap 27 3c.0 */ compatible = "ti,sysc";

2 months, 2 weeks

2
1
0 0

[PATCH] arm64: rust: clean Rust 1.85.0 warning using softfloat target

by Miguel Ojeda

Starting with Rust 1.85.0 (to be released 2025-02-20), `rustc` warns [1] about disabling neon in the aarch64 hardfloat target: warning: target feature `neon` cannot be toggled with `-Ctarget-feature`: unsound on hard-float targets because it changes float ABI | = note: this was previously accepted by the compiler but is being phased out; it will become a hard error in a future release! = note: for more information, see issue #116344 <https://github.com/rust-lang/rust/issues/116344> Thus, instead, use the softfloat target instead. While trying it out, I found that the kernel sanitizers were not enabled for that built-in target [2]. Upstream Rust agreed to backport the enablement for the current beta so that it is ready for the 1.85.0 release [3] -- thanks! However, that still means that before Rust 1.85.0, we cannot switch since sanitizers could be in use. Thus conditionally do so. Cc: <stable(a)vger.kernel.org> # Needed in 6.12.y and 6.13.y only (Rust is pinned in older LTSs). Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Matthew Maurer <mmaurer(a)google.com> Cc: Alice Ryhl <aliceryhl(a)google.com> Cc: Ralf Jung <post(a)ralfj.de> Cc: Jubilee Young <workingjubilee(a)gmail.com> Link: https://github.com/rust-lang/rust/pull/133417 [1] Link: https://rust-lang.zulipchat.com/#narrow/channel/131828-t-compiler/topic/arm… [2] Link: https://github.com/rust-lang/rust/pull/135905 [3] Link: https://github.com/rust-lang/rust/issues/116344 Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- Matthew: if you could please give this a go and confirm that it is fine for Android (with sanitizers enabled, for 1.84.1 and 1.85.0), then a Tested-by tag would be great. Thanks! I would like to get this one into -rc3 if possible so that by the time the compiler releases we are already clean. I am sending another patch to introduce `rustc-min-version` and use it here, but I am doing so after this one rather than before so that this fix can be as simple as possible. arch/arm64/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 358c68565bfd..2b25d671365f 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -48,7 +48,11 @@ KBUILD_CFLAGS += $(CC_FLAGS_NO_FPU) \ KBUILD_CFLAGS += $(call cc-disable-warning, psabi) KBUILD_AFLAGS += $(compat_vdso) +ifeq ($(call test-ge, $(CONFIG_RUSTC_VERSION), 108500),y) +KBUILD_RUSTFLAGS += --target=aarch64-unknown-none-softfloat +else KBUILD_RUSTFLAGS += --target=aarch64-unknown-none -Ctarget-feature="-neon" +endif KBUILD_CFLAGS += $(call cc-option,-mabi=lp64) KBUILD_AFLAGS += $(call cc-option,-mabi=lp64) base-commit: a64dcfb451e254085a7daee5fe51bf22959d52d3 -- 2.48.1

2 months, 2 weeks

9
12
0 0

[PATCH] drm/xe/userptr: fix EFAULT handling

by Matthew Auld

Currently we treat EFAULT from hmm_range_fault() as a non-fatal error when called from xe_vm_userptr_pin() with the idea that we want to avoid killing the entire vm and chucking an error, under the assumption that the user just did an unmap or something, and has no intention of actually touching that memory from the GPU. At this point we have already zapped the PTEs so any access should generate a page fault, and if the pin fails there also it will then become fatal. However it looks like it's possible for the userptr vma to still be on the rebind list in preempt_rebind_work_func(), if we had to retry the pin again due to something happening in the caller before we did the rebind step, but in the meantime needing to re-validate the userptr and this time hitting the EFAULT. This might explain an internal user report of hitting: [ 191.738349] WARNING: CPU: 1 PID: 157 at drivers/gpu/drm/xe/xe_res_cursor.h:158 xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738551] Workqueue: xe-ordered-wq preempt_rebind_work_func [xe] [ 191.738616] RIP: 0010:xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738690] Call Trace: [ 191.738692] <TASK> [ 191.738694] ? show_regs+0x69/0x80 [ 191.738698] ? __warn+0x93/0x1a0 [ 191.738703] ? xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738759] ? report_bug+0x18f/0x1a0 [ 191.738764] ? handle_bug+0x63/0xa0 [ 191.738767] ? exc_invalid_op+0x19/0x70 [ 191.738770] ? asm_exc_invalid_op+0x1b/0x20 [ 191.738777] ? xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738834] ? ret_from_fork_asm+0x1a/0x30 [ 191.738849] bind_op_prepare+0x105/0x7b0 [xe] [ 191.738906] ? dma_resv_reserve_fences+0x301/0x380 [ 191.738912] xe_pt_update_ops_prepare+0x28c/0x4b0 [xe] [ 191.738966] ? kmemleak_alloc+0x4b/0x80 [ 191.738973] ops_execute+0x188/0x9d0 [xe] [ 191.739036] xe_vm_rebind+0x4ce/0x5a0 [xe] [ 191.739098] ? trace_hardirqs_on+0x4d/0x60 [ 191.739112] preempt_rebind_work_func+0x76f/0xd00 [xe] Followed by NPD, when running some workload, since the sg was never actually populated but the vma is still marked for rebind when it should be skipped for this special EFAULT case. And from the logs it does seem like we hit this special EFAULT case before the explosions. Fixes: 521db22a1d70 ("drm/xe: Invalidate userptr VMA on page pin fault") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_vm.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index d664f2e418b2..1caee9cbeafb 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -692,6 +692,17 @@ int xe_vm_userptr_pin(struct xe_vm *vm) xe_vm_unlock(vm); if (err) return err; + + /* + * We might have already done the pin once already, but then had to retry + * before the re-bind happended, due some other condition in the caller, but + * in the meantime the userptr got dinged by the notifier such that we need + * to revalidate here, but this time we hit the EFAULT. In such a case + * make sure we remove ourselves from the rebind list to avoid going down in + * flames. + */ + if (!list_empty(&uvma->vma.combined_links.rebind)) + list_del_init(&uvma->vma.combined_links.rebind); } else { if (err < 0) return err; -- 2.48.1

2 months, 2 weeks

2
1
0 0

[PATCH] gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> During the locking rework in GPIOLIB, we omitted one important use-case, namely: setting and getting values for GPIO descriptor arrays with array_info present. This patch does two things: first it makes struct gpio_array store the address of the underlying GPIO device and not chip. Next: it protects the chip with SRCU from removal in gpiod_get_array_value_complex() and gpiod_set_array_value_complex(). Cc: stable(a)vger.kernel.org Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- David Lechner's series made me realize that we don't use SRCU to protect the GPIO chip in case where array_info is available in multiple get/set routines. This addresses it. The changes here could potentially be split into two separate commits but I want to easily backport it and it works together as well. drivers/gpio/gpiolib.c | 48 +++++++++++++++++++++++++++++------------- drivers/gpio/gpiolib.h | 4 ++-- 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 679ed764cb14..6e630680be52 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -3129,6 +3129,8 @@ static int gpiod_get_raw_value_commit(const struct gpio_desc *desc) static int gpio_chip_get_multiple(struct gpio_chip *gc, unsigned long *mask, unsigned long *bits) { + lockdep_assert_held(&gc->gpiodev->srcu); + if (gc->get_multiple) return gc->get_multiple(gc, mask, bits); if (gc->get) { @@ -3159,6 +3161,7 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, struct gpio_array *array_info, unsigned long *value_bitmap) { + struct gpio_chip *gc; int ret, i = 0; /* @@ -3170,10 +3173,15 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, array_size <= array_info->size && (void *)array_info == desc_array + array_info->size) { if (!can_sleep) - WARN_ON(array_info->chip->can_sleep); + WARN_ON(array_info->gdev->can_sleep); - ret = gpio_chip_get_multiple(array_info->chip, - array_info->get_mask, + guard(srcu)(&array_info->gdev->srcu); + gc = srcu_dereference(array_info->gdev->chip, + &array_info->gdev->srcu); + if (!gc) + return -ENODEV; + + ret = gpio_chip_get_multiple(gc, array_info->get_mask, value_bitmap); if (ret) return ret; @@ -3454,6 +3462,8 @@ static void gpiod_set_raw_value_commit(struct gpio_desc *desc, bool value) static void gpio_chip_set_multiple(struct gpio_chip *gc, unsigned long *mask, unsigned long *bits) { + lockdep_assert_held(&gc->gpiodev->srcu); + if (gc->set_multiple) { gc->set_multiple(gc, mask, bits); } else { @@ -3471,6 +3481,7 @@ int gpiod_set_array_value_complex(bool raw, bool can_sleep, struct gpio_array *array_info, unsigned long *value_bitmap) { + struct gpio_chip *gc; int i = 0; /* @@ -3482,14 +3493,19 @@ int gpiod_set_array_value_complex(bool raw, bool can_sleep, array_size <= array_info->size && (void *)array_info == desc_array + array_info->size) { if (!can_sleep) - WARN_ON(array_info->chip->can_sleep); + WARN_ON(array_info->gdev->can_sleep); + + guard(srcu)(&array_info->gdev->srcu); + gc = srcu_dereference(array_info->gdev->chip, + &array_info->gdev->srcu); + if (!gc) + return -ENODEV; if (!raw && !bitmap_empty(array_info->invert_mask, array_size)) bitmap_xor(value_bitmap, value_bitmap, array_info->invert_mask, array_size); - gpio_chip_set_multiple(array_info->chip, array_info->set_mask, - value_bitmap); + gpio_chip_set_multiple(gc, array_info->set_mask, value_bitmap); i = find_first_zero_bit(array_info->set_mask, array_size); if (i == array_size) @@ -4751,8 +4767,8 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, { struct gpio_desc *desc; struct gpio_descs *descs; + struct gpio_device *gdev; struct gpio_array *array_info = NULL; - struct gpio_chip *gc; int count, bitmap_size; size_t descs_size; @@ -4774,7 +4790,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, descs->desc[descs->ndescs] = desc; - gc = gpiod_to_chip(desc); + gdev = gpiod_to_gpio_device(desc); /* * If pin hardware number of array member 0 is also 0, select * its chip as a candidate for fast bitmap processing path. @@ -4782,8 +4798,8 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, if (descs->ndescs == 0 && gpio_chip_hwgpio(desc) == 0) { struct gpio_descs *array; - bitmap_size = BITS_TO_LONGS(gc->ngpio > count ? - gc->ngpio : count); + bitmap_size = BITS_TO_LONGS(gdev->ngpio > count ? + gdev->ngpio : count); array = krealloc(descs, descs_size + struct_size(array_info, invert_mask, 3 * bitmap_size), @@ -4803,7 +4819,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, array_info->desc = descs->desc; array_info->size = count; - array_info->chip = gc; + array_info->gdev = gdev; bitmap_set(array_info->get_mask, descs->ndescs, count - descs->ndescs); bitmap_set(array_info->set_mask, descs->ndescs, @@ -4816,7 +4832,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, continue; /* Unmark array members which don't belong to the 'fast' chip */ - if (array_info->chip != gc) { + if (array_info->gdev != gdev) { __clear_bit(descs->ndescs, array_info->get_mask); __clear_bit(descs->ndescs, array_info->set_mask); } @@ -4840,8 +4856,10 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, } } else { /* Exclude open drain or open source from fast output */ - if (gpiochip_line_is_open_drain(gc, descs->ndescs) || - gpiochip_line_is_open_source(gc, descs->ndescs)) + if (gpiochip_line_is_open_drain(gdev->chip, + descs->ndescs) || + gpiochip_line_is_open_source(gdev->chip, + descs->ndescs)) __clear_bit(descs->ndescs, array_info->set_mask); /* Identify 'fast' pins which require invertion */ @@ -4853,7 +4871,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, if (array_info) dev_dbg(dev, "GPIO array info: chip=%s, size=%d, get_mask=%lx, set_mask=%lx, invert_mask=%lx\n", - array_info->chip->label, array_info->size, + array_info->gdev->label, array_info->size, *array_info->get_mask, *array_info->set_mask, *array_info->invert_mask); return descs; diff --git a/drivers/gpio/gpiolib.h b/drivers/gpio/gpiolib.h index 83690f72f7e5..147156ec502b 100644 --- a/drivers/gpio/gpiolib.h +++ b/drivers/gpio/gpiolib.h @@ -114,7 +114,7 @@ extern const char *const gpio_suffixes[]; * * @desc: Array of pointers to the GPIO descriptors * @size: Number of elements in desc - * @chip: Parent GPIO chip + * @gdev: Parent GPIO device * @get_mask: Get mask used in fastpath * @set_mask: Set mask used in fastpath * @invert_mask: Invert mask used in fastpath @@ -126,7 +126,7 @@ extern const char *const gpio_suffixes[]; struct gpio_array { struct gpio_desc **desc; unsigned int size; - struct gpio_chip *chip; + struct gpio_device *gdev; unsigned long *get_mask; unsigned long *set_mask; unsigned long invert_mask[]; -- 2.45.2

2 months, 2 weeks

1
1
0 0

[PATCH V4 2/4] x86/tdx: Route safe halt execution via tdx_safe_halt()

by Vishal Annapurve

Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. safe_halt() routines execute HLT in STI-shadow so IRQs need to remain disabled until the TDCALL to ensure that pending IRQs are correctly treated as wake events. So "sti;hlt" sequence needs to be replaced with "TDCALL; raw_local_irq_enable()" for TDX VMs. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from using "sti;hlt". But it missed the paravirt routine which can be reached like this as an example: acpi_safe_halt() => raw_safe_halt() => arch_safe_halt() => irq.safe_halt() => pv_native_safe_halt() Modify tdx_safe_halt() to implement the sequence "TDCALL; raw_local_irq_enable()" and invoke tdx_halt() from idle routine which just executes TDCALL without changing state of interrupts. Introduce dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines for TDX VMs. Cc: stable(a)vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> --- arch/x86/Kconfig | 1 + arch/x86/coco/tdx/tdx.c | 18 +++++++++++++++++- arch/x86/include/asm/tdx.h | 2 +- arch/x86/kernel/process.c | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..afcdbc9693dc 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -902,6 +902,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 32809a06dab4..ee67c1870e70 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include <asm/ia32.h> #include <asm/insn.h> #include <asm/insn-eval.h> +#include <asm/paravirt_types.h> #include <asm/pgtable.h> #include <asm/set_memory.h> #include <asm/traps.h> @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled = false; @@ -409,6 +410,12 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args = { @@ -1109,6 +1116,15 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin = tdx_kexec_begin; x86_platform.guest.enc_kexec_finish = tdx_kexec_finish; + /* + * "sti;hlt" execution in TDX guests will induce a #VE in the STI-shadow + * which will enable interrupts before HLT TDCALL inocation possibly + * resulting in missed wakeup events. Modify all possible HLT + * execution paths to use TDCALL for performance/reliability reasons. + */ + pv_ops.irq.safe_halt = tdx_safe_halt; + pv_ops.irq.halt = tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index b4b16dafd55e..393ee2dfaab1 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); -void tdx_safe_halt(void); +void tdx_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 6da6769d7254..d11956a178df 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -934,7 +934,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); } -- 2.48.1.502.g6dc24dfdaf-goog

2 months, 2 weeks

2
2
0 0

[PATCH] drm: panel: jd9365da-h3: fix reset signal polarity

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> In jadard_prepare() a reset pulse is generated with the following statements (delays ommited for clarity): gpiod_set_value(jadard->reset, 1); --> Deassert reset gpiod_set_value(jadard->reset, 0); --> Assert reset for 10ms gpiod_set_value(jadard->reset, 1); --> Deassert reset However, specifying second argument of "0" to gpiod_set_value() means to deassert the GPIO, and "1" means to assert it. If the reset signal is defined as GPIO_ACTIVE_LOW in the DTS, the above statements will incorrectly generate the reset pulse (inverted) and leave it asserted (LOW) at the end of jadard_prepare(). Fix reset behavior by inverting gpiod_set_value() second argument in jadard_prepare(). Also modify second argument to devm_gpiod_get() in jadard_dsi_probe() to assert the reset when probing. Do not modify it in jadard_unprepare() as it is already properly asserted with "1", which seems to be the intended behavior. Fixes: 6b818c533dd8 ("drm: panel: Add Jadard JD9365DA-H3 DSI panel") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c index 44897e5218a69..6fec99cf4d935 100644 --- a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c +++ b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c @@ -110,13 +110,13 @@ static int jadard_prepare(struct drm_panel *panel) if (jadard->desc->lp11_to_reset_delay_ms) msleep(jadard->desc->lp11_to_reset_delay_ms); - gpiod_set_value(jadard->reset, 1); + gpiod_set_value(jadard->reset, 0); msleep(5); - gpiod_set_value(jadard->reset, 0); + gpiod_set_value(jadard->reset, 1); msleep(10); - gpiod_set_value(jadard->reset, 1); + gpiod_set_value(jadard->reset, 0); msleep(130); ret = jadard->desc->init(jadard); @@ -1131,7 +1131,7 @@ static int jadard_dsi_probe(struct mipi_dsi_device *dsi) dsi->format = desc->format; dsi->lanes = desc->lanes; - jadard->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); + jadard->reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); if (IS_ERR(jadard->reset)) { DRM_DEV_ERROR(&dsi->dev, "failed to get our reset GPIO\n"); return PTR_ERR(jadard->reset); base-commit: 18ba6034468e7949a9e2c2cf28e2e123b4fe7a50 -- 2.39.5

2 months, 2 weeks

4
7
0 0

Re: [PATCH 6.13 000/443] 6.13.3-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

2 months, 2 weeks

1
0
0 0

[PATCH] mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()

by Wentao Liang

Add a check for the return value of mlxsw_sp_port_get_stats_raw() in __mlxsw_sp_port_get_stats(). If mlxsw_sp_port_get_stats_raw() returns an error, exit the function to prevent further processing with potentially invalid data. Fixes: 614d509aa1e7 ("mlxsw: Move ethtool_ops to spectrum_ethtool.c") Cc: stable(a)vger.kernel.org # 5.9+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c index 2bed8c86b7cf..3f64cdbabfa3 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c @@ -768,7 +768,9 @@ static void __mlxsw_sp_port_get_stats(struct net_device *dev, err = mlxsw_sp_get_hw_stats_by_group(&hw_stats, &len, grp); if (err) return; - mlxsw_sp_port_get_stats_raw(dev, grp, prio, ppcnt_pl); + err = mlxsw_sp_port_get_stats_raw(dev, grp, prio, ppcnt_pl); + if (err) + return; for (i = 0; i < len; i++) { data[data_index + i] = hw_stats[i].getter(ppcnt_pl); if (!hw_stats[i].cells_bytes) -- 2.42.0.windows.2

2 months, 2 weeks

3
2
0 0

[PATCH 0/2] acct: don't allow access to internal filesystems

by Christian Brauner

In [1] it was reported that the acct(2) system call can be used to trigger a NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acct(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs() but an internal lookup might be triggered through lookup_bdev(). This may trigger a NULL-deref when accessing current->fs. This series does two things: - Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. - Block access to kernel internal filesystems as well as procfs and sysfs in the first place. This api should stop to exist imho. Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com [1] Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- Christian Brauner (2): acct: perform last write from workqueue acct: block access to kernel internal filesystems kernel/acct.c | 134 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 84 insertions(+), 50 deletions(-) --- base-commit: af69e27b3c8240f7889b6c457d71084458984d8e change-id: 20250211-work-acct-a6d8e92a5fe0

2 months, 2 weeks

4
8
0 0

[PATCH 6.12.y 0/2] Fix rtnetlink.sh kselftest failures in stable

by Harshit Mogalapalli

This is reproducible on on stable kernels after the backport of commit: 2cf567f421db ("netdevsim: copy addresses for both in and out paths") to stable kernels. Using a single cover letter for all stable kernels but will send separate patches for each stable kernel Which kselftests are particularly failing: 2c2 < sa[0] tx ipaddr=0x00000000 00000000 00000000 047ba8c0 --- > sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000 FAIL: ipsec_offload incorrect driver data FAIL: ipsec_offload 813 # does driver have correct offload info 814 diff $sysfsf - << EOF 815 SA count=2 tx=3 816 sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000 817 sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 818 sa[0] key=0x34333231 38373635 32313039 36353433 819 sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0 820 sa[1] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 821 sa[1] key=0x34333231 38373635 32313039 36353433 822 EOF 823 if [ $? -ne 0 ] ; then 824 echo "FAIL: ipsec_offload incorrect driver data" 825 check_err 1 826 fi 827 This part of check throws errors and the rtnetlink.sh fails on ipsec_offload. Reason is that the after the below patch: commit 2cf567f421dbfe7e53b7e5ddee9400da10efb75d Author: Hangbin Liu <liuhangbin(a)gmail.com> Date: Thu Oct 10 04:00:26 2024 +0000 netdevsim: copy addresses for both in and out paths [ Upstream commit 2cf567f421dbfe7e53b7e5ddee9400da10efb75d ] The current code only copies the address for the in path, leaving the out path address set to 0. This patch corrects the issue by copying the addresses for both the in and out paths. Before this patch: # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=2 tx=20 sa[0] tx ipaddr=0.0.0.0 sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] rx ipaddr=192.168.0.1 sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 After this patch: = cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=2 tx=20 sa[0] tx ipaddr=192.168.0.2 sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] rx ipaddr=192.168.0.1 sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 Fixes: 7699353da875 ("netdevsim: add ipsec offload testing") tx ip address is not 0.0.0.0 anymore, it is was 0.0.0.0 before above patch. So this commit: 3ec920bb978c ("selftests: rtnetlink: update netdevsim ipsec output format") which is not backported to stable kernels tries to address rtneltlink.sh fixing. fixes the change in handling tx ip address as well, so far so good! but when I apply this script fix it doesn't pass yet: 2c2 < sa[0] tx ipaddr=0x00000000 00000000 00000000 047ba8c0 --- > sa[0] tx ipaddr=192.168.123.4 5c5 < sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0 --- > sa[1] rx ipaddr=192.168.123.3 FAIL: ipsec_offload incorrect driver data So it clearly suggest that addresses are not properly handled, IPSec addresses are printed in hexadecimal format, but the script expects it in more readable format, that hinted me whats missing, and that commit is: commit c71bc6da6198a6d88df86094f1052bb581951d65 Author: Hangbin Liu <liuhangbin(a)gmail.com> Date: Thu Oct 10 04:00:25 2024 +0000 netdevsim: print human readable IP address Currently, IPSec addresses are printed in hexadecimal format, which is not user-friendly. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=2 tx=20 sa[0] rx ipaddr=0x00000000 00000000 00000000 0100a8c0 sa[0] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] tx ipaddr=0x00000000 00000000 00000000 00000000 sa[1] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 This patch updates the code to print the IPSec address in a human-readable format for easier debug. e.g. # cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec SA count=4 tx=40 sa[0] tx ipaddr=0.0.0.0 sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[0] key=0x3167608a ca4f1397 43565909 941fa627 sa[1] rx ipaddr=192.168.0.1 sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[1] key=0x3167608a ca4f1397 43565909 941fa627 sa[2] tx ipaddr=:: sa[2] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1 sa[2] key=0x3167608a ca4f1397 43565909 941fa627 sa[3] rx ipaddr=2000::1 sa[3] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1 sa[3] key=0x3167608a ca4f1397 43565909 941fa627 Solution: ======== Backport both the commits commit: c71bc6da6198 ("netdevsim: print human readable IP address") and script fixup commit: 3ec920bb978c ("selftests: rtnetlink: update netdevsim ipsec output format") to all stable kernels which have commit: 2cf567f421db ("netdevsim: copy addresses for both in and out paths") in them. Another clue to say this is right way to do this is that these above three patches did go as patchset into net/ [1]. I am sending patches for all stable trees differently, however I am using same cover letter. Tested all stable kernels after patching. This failure is no more reproducible. Thanks, Harshit [1] https://lore.kernel.org/all/172868703973.3018281.2970275743967117794.git-pa… Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format drivers/net/netdevsim/ipsec.c | 12 ++++++++---- tools/testing/selftests/net/rtnetlink.sh | 4 ++-- 2 files changed, 10 insertions(+), 6 deletions(-) -- 2.46.0

2 months, 2 weeks

2
4
0 0

[PATCH v6.12] wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit

by Zenm Chen

From: Ping-Ke Shih <pkshih(a)realtek.com> [ Upstream commit 9c1df813e08832c3836c254bc8a2f83ff22dbc06 ] The PCIE wake bit is to control PCIE wake signal to host. When PCIE is going down, clear this bit to prevent waking up host unexpectedly. Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Link: https://patch.msgid.link/20241111063835.15454-1-pkshih@realtek.com Signed-off-by: Zenm Chen <zenmchen(a)gmail.com> --- Some users of RTL8852BE chip may encounter a shutdown issue [1] and this upstream patch fixes it, so backport it to kernel 6.12. [1] https://github.com/lwfinger/rtw89/issues/372 --- drivers/net/wireless/realtek/rtw89/pci.c | 17 ++++++++++++++--- drivers/net/wireless/realtek/rtw89/pci.h | 11 +++++++++++ drivers/net/wireless/realtek/rtw89/pci_be.c | 2 ++ 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index 5aef7fa37..0ac84f968 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -2492,7 +2492,7 @@ static int rtw89_pci_dphy_delay(struct rtw89_dev *rtwdev) PCIE_DPHY_DLY_25US, PCIE_PHY_GEN1); } -static void rtw89_pci_power_wake(struct rtw89_dev *rtwdev, bool pwr_up) +static void rtw89_pci_power_wake_ax(struct rtw89_dev *rtwdev, bool pwr_up) { if (pwr_up) rtw89_write32_set(rtwdev, R_AX_HCI_OPT_CTRL, BIT_WAKE_CTRL); @@ -2799,6 +2799,8 @@ static int rtw89_pci_ops_deinit(struct rtw89_dev *rtwdev) { const struct rtw89_pci_info *info = rtwdev->pci_info; + rtw89_pci_power_wake(rtwdev, false); + if (rtwdev->chip->chip_id == RTL8852A) { /* ltr sw trigger */ rtw89_write32_set(rtwdev, R_AX_LTR_CTRL_0, B_AX_APP_LTR_IDLE); @@ -2841,7 +2843,7 @@ static int rtw89_pci_ops_mac_pre_init_ax(struct rtw89_dev *rtwdev) return ret; } - rtw89_pci_power_wake(rtwdev, true); + rtw89_pci_power_wake_ax(rtwdev, true); rtw89_pci_autoload_hang(rtwdev); rtw89_pci_l12_vmain(rtwdev); rtw89_pci_gen2_force_ib(rtwdev); @@ -2886,6 +2888,13 @@ static int rtw89_pci_ops_mac_pre_init_ax(struct rtw89_dev *rtwdev) return 0; } +static int rtw89_pci_ops_mac_pre_deinit_ax(struct rtw89_dev *rtwdev) +{ + rtw89_pci_power_wake_ax(rtwdev, false); + + return 0; +} + int rtw89_pci_ltr_set(struct rtw89_dev *rtwdev, bool en) { u32 val; @@ -4264,7 +4273,7 @@ const struct rtw89_pci_gen_def rtw89_pci_gen_ax = { B_AX_RDU_INT}, .mac_pre_init = rtw89_pci_ops_mac_pre_init_ax, - .mac_pre_deinit = NULL, + .mac_pre_deinit = rtw89_pci_ops_mac_pre_deinit_ax, .mac_post_init = rtw89_pci_ops_mac_post_init_ax, .clr_idx_all = rtw89_pci_clr_idx_all_ax, @@ -4280,6 +4289,8 @@ const struct rtw89_pci_gen_def rtw89_pci_gen_ax = { .aspm_set = rtw89_pci_aspm_set_ax, .clkreq_set = rtw89_pci_clkreq_set_ax, .l1ss_set = rtw89_pci_l1ss_set_ax, + + .power_wake = rtw89_pci_power_wake_ax, }; EXPORT_SYMBOL(rtw89_pci_gen_ax); diff --git a/drivers/net/wireless/realtek/rtw89/pci.h b/drivers/net/wireless/realtek/rtw89/pci.h index 48c3ab735..0ea4dcb84 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.h +++ b/drivers/net/wireless/realtek/rtw89/pci.h @@ -1276,6 +1276,8 @@ struct rtw89_pci_gen_def { void (*aspm_set)(struct rtw89_dev *rtwdev, bool enable); void (*clkreq_set)(struct rtw89_dev *rtwdev, bool enable); void (*l1ss_set)(struct rtw89_dev *rtwdev, bool enable); + + void (*power_wake)(struct rtw89_dev *rtwdev, bool pwr_up); }; struct rtw89_pci_info { @@ -1766,4 +1768,13 @@ static inline int rtw89_pci_poll_txdma_ch_idle(struct rtw89_dev *rtwdev) return gen_def->poll_txdma_ch_idle(rtwdev); } + +static inline void rtw89_pci_power_wake(struct rtw89_dev *rtwdev, bool pwr_up) +{ + const struct rtw89_pci_info *info = rtwdev->pci_info; + const struct rtw89_pci_gen_def *gen_def = info->gen_def; + + gen_def->power_wake(rtwdev, pwr_up); +} + #endif diff --git a/drivers/net/wireless/realtek/rtw89/pci_be.c b/drivers/net/wireless/realtek/rtw89/pci_be.c index 7cc328222..2f0d9ff25 100644 --- a/drivers/net/wireless/realtek/rtw89/pci_be.c +++ b/drivers/net/wireless/realtek/rtw89/pci_be.c @@ -614,5 +614,7 @@ const struct rtw89_pci_gen_def rtw89_pci_gen_be = { .aspm_set = rtw89_pci_aspm_set_be, .clkreq_set = rtw89_pci_clkreq_set_be, .l1ss_set = rtw89_pci_l1ss_set_be, + + .power_wake = _patch_pcie_power_wake_be, }; EXPORT_SYMBOL(rtw89_pci_gen_be); -- 2.48.1

2 months, 2 weeks

2
4
0 0

[PATCH 6.1.y] nfsd: release svc_expkey/svc_export with rcu_work

by lanbincn＠qq.com

From: Yang Erkun <yangerkun(a)huawei.com> commit f8c989a0c89a75d30f899a7cabdc14d72522bb8d upstream. The last reference for `cache_head` can be reduced to zero in `c_show` and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently, `svc_export_put` and `expkey_put` will be invoked, leading to two issues: 1. The `svc_export_put` will directly free ex_uuid. However, `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can trigger a use-after-free issue, shown below. ================================================================== BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd] Read of size 1 at addr ff11000010fdc120 by task cat/870 CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_address_description.constprop.0+0x2c/0x3a0 print_report+0xb9/0x280 kasan_report+0xae/0xe0 svc_export_show+0x362/0x430 [nfsd] c_show+0x161/0x390 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 830: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc_node_track_caller_noprof+0x1bc/0x400 kmemdup_noprof+0x22/0x50 svc_export_parse+0x8a9/0xb80 [nfsd] cache_do_downcall+0x71/0xa0 [sunrpc] cache_write_procfs+0x8e/0xd0 [sunrpc] proc_reg_write+0xe1/0x140 vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 868: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kfree+0xf3/0x3e0 svc_export_put+0x87/0xb0 [nfsd] cache_purge+0x17f/0x1f0 [sunrpc] nfsd_destroy_serv+0x226/0x2d0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e 2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`. However, `svc_export_put`/`expkey_put` will call path_put, which subsequently triggers a sleeping operation due to the following `dput`. ============================= WARNING: suspicious RCU usage 5.10.0-dirty #141 Not tainted ----------------------------- ... Call Trace: dump_stack+0x9a/0xd0 ___might_sleep+0x231/0x240 dput+0x39/0x600 path_put+0x1b/0x30 svc_export_put+0x17/0x80 e_show+0x1c9/0x200 seq_read_iter+0x63f/0x7c0 seq_read+0x226/0x2d0 vfs_read+0x113/0x2c0 ksys_read+0xc9/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Fix these issues by using `rcu_work` to help release `svc_expkey`/`svc_export`. This approach allows for an asynchronous context to invoke `path_put` and also facilitates the freeing of `uuid/exp/key` after an RCU grace period. Fixes: 9ceddd9da134 ("knfsd: Allow lockless lookups of the exports") Signed-off-by: Yang Erkun <yangerkun(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Bin Lan <lanbincn(a)qq.com> --- fs/nfsd/export.c | 31 +++++++++++++++++++++++++------ fs/nfsd/export.h | 4 ++-- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 39228bd7492a..78db46f6cbc6 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -40,15 +40,24 @@ #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS) #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1) -static void expkey_put(struct kref *ref) +static void expkey_put_work(struct work_struct *work) { - struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); + struct svc_expkey *key = + container_of(to_rcu_work(work), struct svc_expkey, ek_rcu_work); if (test_bit(CACHE_VALID, &key->h.flags) && !test_bit(CACHE_NEGATIVE, &key->h.flags)) path_put(&key->ek_path); auth_domain_put(key->ek_client); - kfree_rcu(key, ek_rcu); + kfree(key); +} + +static void expkey_put(struct kref *ref) +{ + struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); + + INIT_RCU_WORK(&key->ek_rcu_work, expkey_put_work); + queue_rcu_work(system_wq, &key->ek_rcu_work); } static int expkey_upcall(struct cache_detail *cd, struct cache_head *h) @@ -351,16 +360,26 @@ static void export_stats_destroy(struct export_stats *stats) EXP_STATS_COUNTERS_NUM); } -static void svc_export_put(struct kref *ref) +static void svc_export_put_work(struct work_struct *work) { - struct svc_export *exp = container_of(ref, struct svc_export, h.ref); + struct svc_export *exp = + container_of(to_rcu_work(work), struct svc_export, ex_rcu_work); + path_put(&exp->ex_path); auth_domain_put(exp->ex_client); nfsd4_fslocs_free(&exp->ex_fslocs); export_stats_destroy(exp->ex_stats); kfree(exp->ex_stats); kfree(exp->ex_uuid); - kfree_rcu(exp, ex_rcu); + kfree(exp); +} + +static void svc_export_put(struct kref *ref) +{ + struct svc_export *exp = container_of(ref, struct svc_export, h.ref); + + INIT_RCU_WORK(&exp->ex_rcu_work, svc_export_put_work); + queue_rcu_work(system_wq, &exp->ex_rcu_work); } static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h) diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h index f73e23bb24a1..fa545d8dcc36 100644 --- a/fs/nfsd/export.h +++ b/fs/nfsd/export.h @@ -75,7 +75,7 @@ struct svc_export { u32 ex_layout_types; struct nfsd4_deviceid_map *ex_devid_map; struct cache_detail *cd; - struct rcu_head ex_rcu; + struct rcu_work ex_rcu_work; struct export_stats *ex_stats; }; @@ -91,7 +91,7 @@ struct svc_expkey { u32 ek_fsid[6]; struct path ek_path; - struct rcu_head ek_rcu; + struct rcu_work ek_rcu_work; }; #define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC)) -- 2.43.0

2 months, 2 weeks

2
1
0 0

[PATCH 6.12.y] wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit

by Zenm Chen

From: Ping-Ke Shih <pkshih(a)realtek.com> [ Upstream commit 9c1df813e08832c3836c254bc8a2f83ff22dbc06 ] The PCIE wake bit is to control PCIE wake signal to host. When PCIE is going down, clear this bit to prevent waking up host unexpectedly. Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Link: https://patch.msgid.link/20241111063835.15454-1-pkshih@realtek.com Signed-off-by: Zenm Chen <zenmchen(a)gmail.com> --- Some users of RTL8852BE chip may encounter a shutdown issue [1] and this upstream patch fixes it, so backport it to kernel 6.12. [1] https://github.com/lwfinger/rtw89/issues/372 --- drivers/net/wireless/realtek/rtw89/pci.c | 17 ++++++++++++++--- drivers/net/wireless/realtek/rtw89/pci.h | 11 +++++++++++ drivers/net/wireless/realtek/rtw89/pci_be.c | 2 ++ 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index 5aef7fa37..0ac84f968 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -2492,7 +2492,7 @@ static int rtw89_pci_dphy_delay(struct rtw89_dev *rtwdev) PCIE_DPHY_DLY_25US, PCIE_PHY_GEN1); } -static void rtw89_pci_power_wake(struct rtw89_dev *rtwdev, bool pwr_up) +static void rtw89_pci_power_wake_ax(struct rtw89_dev *rtwdev, bool pwr_up) { if (pwr_up) rtw89_write32_set(rtwdev, R_AX_HCI_OPT_CTRL, BIT_WAKE_CTRL); @@ -2799,6 +2799,8 @@ static int rtw89_pci_ops_deinit(struct rtw89_dev *rtwdev) { const struct rtw89_pci_info *info = rtwdev->pci_info; + rtw89_pci_power_wake(rtwdev, false); + if (rtwdev->chip->chip_id == RTL8852A) { /* ltr sw trigger */ rtw89_write32_set(rtwdev, R_AX_LTR_CTRL_0, B_AX_APP_LTR_IDLE); @@ -2841,7 +2843,7 @@ static int rtw89_pci_ops_mac_pre_init_ax(struct rtw89_dev *rtwdev) return ret; } - rtw89_pci_power_wake(rtwdev, true); + rtw89_pci_power_wake_ax(rtwdev, true); rtw89_pci_autoload_hang(rtwdev); rtw89_pci_l12_vmain(rtwdev); rtw89_pci_gen2_force_ib(rtwdev); @@ -2886,6 +2888,13 @@ static int rtw89_pci_ops_mac_pre_init_ax(struct rtw89_dev *rtwdev) return 0; } +static int rtw89_pci_ops_mac_pre_deinit_ax(struct rtw89_dev *rtwdev) +{ + rtw89_pci_power_wake_ax(rtwdev, false); + + return 0; +} + int rtw89_pci_ltr_set(struct rtw89_dev *rtwdev, bool en) { u32 val; @@ -4264,7 +4273,7 @@ const struct rtw89_pci_gen_def rtw89_pci_gen_ax = { B_AX_RDU_INT}, .mac_pre_init = rtw89_pci_ops_mac_pre_init_ax, - .mac_pre_deinit = NULL, + .mac_pre_deinit = rtw89_pci_ops_mac_pre_deinit_ax, .mac_post_init = rtw89_pci_ops_mac_post_init_ax, .clr_idx_all = rtw89_pci_clr_idx_all_ax, @@ -4280,6 +4289,8 @@ const struct rtw89_pci_gen_def rtw89_pci_gen_ax = { .aspm_set = rtw89_pci_aspm_set_ax, .clkreq_set = rtw89_pci_clkreq_set_ax, .l1ss_set = rtw89_pci_l1ss_set_ax, + + .power_wake = rtw89_pci_power_wake_ax, }; EXPORT_SYMBOL(rtw89_pci_gen_ax); diff --git a/drivers/net/wireless/realtek/rtw89/pci.h b/drivers/net/wireless/realtek/rtw89/pci.h index 48c3ab735..0ea4dcb84 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.h +++ b/drivers/net/wireless/realtek/rtw89/pci.h @@ -1276,6 +1276,8 @@ struct rtw89_pci_gen_def { void (*aspm_set)(struct rtw89_dev *rtwdev, bool enable); void (*clkreq_set)(struct rtw89_dev *rtwdev, bool enable); void (*l1ss_set)(struct rtw89_dev *rtwdev, bool enable); + + void (*power_wake)(struct rtw89_dev *rtwdev, bool pwr_up); }; struct rtw89_pci_info { @@ -1766,4 +1768,13 @@ static inline int rtw89_pci_poll_txdma_ch_idle(struct rtw89_dev *rtwdev) return gen_def->poll_txdma_ch_idle(rtwdev); } + +static inline void rtw89_pci_power_wake(struct rtw89_dev *rtwdev, bool pwr_up) +{ + const struct rtw89_pci_info *info = rtwdev->pci_info; + const struct rtw89_pci_gen_def *gen_def = info->gen_def; + + gen_def->power_wake(rtwdev, pwr_up); +} + #endif diff --git a/drivers/net/wireless/realtek/rtw89/pci_be.c b/drivers/net/wireless/realtek/rtw89/pci_be.c index 7cc328222..2f0d9ff25 100644 --- a/drivers/net/wireless/realtek/rtw89/pci_be.c +++ b/drivers/net/wireless/realtek/rtw89/pci_be.c @@ -614,5 +614,7 @@ const struct rtw89_pci_gen_def rtw89_pci_gen_be = { .aspm_set = rtw89_pci_aspm_set_be, .clkreq_set = rtw89_pci_clkreq_set_be, .l1ss_set = rtw89_pci_l1ss_set_be, + + .power_wake = _patch_pcie_power_wake_be, }; EXPORT_SYMBOL(rtw89_pci_gen_be); -- 2.48.1

2 months, 2 weeks

1
0
0 0

[PATCH net] drop_monitor: fix incorrect initialization order

by Gavrilov Ilia

Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x119/0x179 lib/dump_stack.c:118 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159 reset_per_cpu_data+0xe6/0x240 [drop_monitor] net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497 genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:651 [inline] __sock_sendmsg+0x157/0x190 net/socket.c:663 ____sys_sendmsg+0x712/0x870 net/socket.c:2378 ___sys_sendmsg+0xf8/0x170 net/socket.c:2432 __sys_sendmsg+0xea/0x1b0 net/socket.c:2461 do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x62/0xc7 RIP: 0033:0x7f3f9815aee9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9 RDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007 RBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768 If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized. To fix this, let's place resource initialization above the registration of a generic netlink family. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 9a8afc8d3962 ("Network Drop Monitor: Adding drop monitor implementation & Netlink protocol") Cc: stable(a)vger.kernel.org Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> --- net/core/drop_monitor.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c index 6efd4cccc9dd..9755d2010e70 100644 --- a/net/core/drop_monitor.c +++ b/net/core/drop_monitor.c @@ -1734,6 +1734,11 @@ static int __init init_net_drop_monitor(void) return -ENOSPC; } + for_each_possible_cpu(cpu) { + net_dm_cpu_data_init(cpu); + net_dm_hw_cpu_data_init(cpu); + } + rc = genl_register_family(&net_drop_monitor_family); if (rc) { pr_err("Could not create drop monitor netlink family\n"); @@ -1749,11 +1754,6 @@ static int __init init_net_drop_monitor(void) rc = 0; - for_each_possible_cpu(cpu) { - net_dm_cpu_data_init(cpu); - net_dm_hw_cpu_data_init(cpu); - } - goto out; out_unreg: @@ -1772,13 +1772,12 @@ static void exit_net_drop_monitor(void) * Because of the module_get/put we do in the trace state change path * we are guaranteed not to have any current users when we get here */ + BUG_ON(genl_unregister_family(&net_drop_monitor_family)); for_each_possible_cpu(cpu) { net_dm_hw_cpu_data_fini(cpu); net_dm_cpu_data_fini(cpu); } - - BUG_ON(genl_unregister_family(&net_drop_monitor_family)); } module_init(init_net_drop_monitor); -- 2.39.5

2 months, 2 weeks

2
2
0 0

[PATCH v2] drivers: core: fix device leak in __fw_devlink_relax_cycles()

by Luca Ceresoli

Commit bac3b10b78e5 ("driver core: fw_devlink: Stop trying to optimize cycle detection logic") introduced a new struct device *con_dev and a get_dev_from_fwnode() call to get it, but without adding a corresponding put_device(). Closes: https://lore.kernel.org/all/20241204124826.2e055091@booty/ Fixes: bac3b10b78e5 ("driver core: fw_devlink: Stop trying to optimize cycle detection logic") Cc: stable(a)vger.kernel.org Reviewed-by: Saravana Kannan <saravanak(a)google.com> Signed-off-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> --- Changes in v2: - add 'Cc: stable(a)vger.kernel.org' - use Closes: tag, not Link: - Link to v1: https://lore.kernel.org/r/20250212-fix__fw_devlink_relax_cycles_missing_dev… --- drivers/base/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/base/core.c b/drivers/base/core.c index 5a1f051981149dc5b5eee4fb69c0ab748a85956d..2fde698430dff98b5e30f7be7d43d310289c4217 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -2079,6 +2079,7 @@ static bool __fw_devlink_relax_cycles(struct fwnode_handle *con_handle, out: sup_handle->flags &= ~FWNODE_FLAG_VISITED; put_device(sup_dev); + put_device(con_dev); put_device(par_dev); return ret; } --- base-commit: 09fbf3d502050282bf47ab3babe1d4ed54dd1fd8 change-id: 20250212-fix__fw_devlink_relax_cycles_missing_device_put-37cae5f4aac0 Best regards, -- Luca Ceresoli <luca.ceresoli(a)bootlin.com>

2 months, 2 weeks

1
0
0 0

[PATCH] ACPI: GTDT: Relax sanity checking on Platform Timers array count

by Oliver Upton

Perhaps unsurprisingly there are some platforms where the GTDT isn't quite right and the Platforms Timer array overflows the length of the overall table. While the recently-added sanity checking isn't wrong, it makes it impossible to boot the kernel on offending platforms. Try to hobble along and limit the Platform Timer count to the bounds of the table. Cc: Marc Zyngier <maz(a)kernel.org> Cc: Lorenzo Pieralisi <lpieralisi(a)kernel.org> Cc: Zheng Zengkai <zhengzengkai(a)huawei.com> Cc: stable(a)vger.kernel.org Fixes: 263e22d6bd1f ("ACPI: GTDT: Tighten the check for the array of platform timer structures") Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- drivers/acpi/arm64/gtdt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/arm64/gtdt.c b/drivers/acpi/arm64/gtdt.c index 3561553eff8b..70f8290b659d 100644 --- a/drivers/acpi/arm64/gtdt.c +++ b/drivers/acpi/arm64/gtdt.c @@ -163,7 +163,7 @@ int __init acpi_gtdt_init(struct acpi_table_header *table, { void *platform_timer; struct acpi_table_gtdt *gtdt; - int cnt = 0; + u32 cnt = 0; gtdt = container_of(table, struct acpi_table_gtdt, header); acpi_gtdt_desc.gtdt = gtdt; @@ -188,13 +188,17 @@ int __init acpi_gtdt_init(struct acpi_table_header *table, cnt++; if (cnt != gtdt->platform_timer_count) { + cnt = min(cnt, gtdt->platform_timer_count); + pr_err(FW_BUG "limiting Platform Timer count to %d\n", cnt); + } + + if (!cnt) { acpi_gtdt_desc.platform_timer = NULL; - pr_err(FW_BUG "invalid timer data.\n"); - return -EINVAL; + return 0; } if (platform_timer_count) - *platform_timer_count = gtdt->platform_timer_count; + *platform_timer_count = cnt; return 0; } base-commit: ffd294d346d185b70e28b1a28abe367bbfe53c04 -- 2.48.1.262.g85cc9f2d1e-goog

2 months, 2 weeks

4
5
0 0

[PATCH 1/2] drm/xe/userptr: fix EFAULT handling

by Matthew Auld

Currently we treat EFAULT from hmm_range_fault() as a non-fatal error when called from xe_vm_userptr_pin() with the idea that we want to avoid killing the entire vm and chucking an error, under the assumption that the user just did an unmap or something, and has no intention of actually touching that memory from the GPU. At this point we have already zapped the PTEs so any access should generate a page fault, and if the pin fails there also it will then become fatal. However it looks like it's possible for the userptr vma to still be on the rebind list in preempt_rebind_work_func(), if we had to retry the pin again due to something happening in the caller before we did the rebind step, but in the meantime needing to re-validate the userptr and this time hitting the EFAULT. This might explain an internal user report of hitting: [ 191.738349] WARNING: CPU: 1 PID: 157 at drivers/gpu/drm/xe/xe_res_cursor.h:158 xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738551] Workqueue: xe-ordered-wq preempt_rebind_work_func [xe] [ 191.738616] RIP: 0010:xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738690] Call Trace: [ 191.738692] <TASK> [ 191.738694] ? show_regs+0x69/0x80 [ 191.738698] ? __warn+0x93/0x1a0 [ 191.738703] ? xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738759] ? report_bug+0x18f/0x1a0 [ 191.738764] ? handle_bug+0x63/0xa0 [ 191.738767] ? exc_invalid_op+0x19/0x70 [ 191.738770] ? asm_exc_invalid_op+0x1b/0x20 [ 191.738777] ? xe_pt_stage_bind.constprop.0+0x60a/0x6b0 [xe] [ 191.738834] ? ret_from_fork_asm+0x1a/0x30 [ 191.738849] bind_op_prepare+0x105/0x7b0 [xe] [ 191.738906] ? dma_resv_reserve_fences+0x301/0x380 [ 191.738912] xe_pt_update_ops_prepare+0x28c/0x4b0 [xe] [ 191.738966] ? kmemleak_alloc+0x4b/0x80 [ 191.738973] ops_execute+0x188/0x9d0 [xe] [ 191.739036] xe_vm_rebind+0x4ce/0x5a0 [xe] [ 191.739098] ? trace_hardirqs_on+0x4d/0x60 [ 191.739112] preempt_rebind_work_func+0x76f/0xd00 [xe] Followed by NPD, when running some workload, since the sg was never actually populated but the vma is still marked for rebind when it should be skipped for this special EFAULT case. And from the logs it does seem like we hit this special EFAULT case before the explosions. Fixes: 521db22a1d70 ("drm/xe: Invalidate userptr VMA on page pin fault") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_vm.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index d664f2e418b2..1caee9cbeafb 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -692,6 +692,17 @@ int xe_vm_userptr_pin(struct xe_vm *vm) xe_vm_unlock(vm); if (err) return err; + + /* + * We might have already done the pin once already, but then had to retry + * before the re-bind happended, due some other condition in the caller, but + * in the meantime the userptr got dinged by the notifier such that we need + * to revalidate here, but this time we hit the EFAULT. In such a case + * make sure we remove ourselves from the rebind list to avoid going down in + * flames. + */ + if (!list_empty(&uvma->vma.combined_links.rebind)) + list_del_init(&uvma->vma.combined_links.rebind); } else { if (err < 0) return err; -- 2.48.1

2 months, 2 weeks

1
0
0 0

[PATCH RFC 1/2] acpi: typec: ucsi: Introduce a ->poll_cci method

by Fedor Pchelkin

From: "Christian A. Ehrhardt" <lk(a)c--e.de> For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents are synced to the embedded controller and it ensures that the registers (in particular CCI) are synced back to the opregion on notifications. While there is an ACPI call that syncs the actual registers to the opregion there is rarely a need to do this and on some ACPI implementations it actually breaks in various interesting ways. The only reason to force a sync from the embedded controller is to poll CCI while notifications are disabled. Only the ucsi core knows if this is the case and guessing based on the current command is suboptimal, i.e. leading to the following spurious assertion splat: WARNING: CPU: 3 PID: 76 at drivers/usb/typec/ucsi/ucsi.c:1388 ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] CPU: 3 UID: 0 PID: 76 Comm: kworker/3:0 Not tainted 6.12.11-200.fc41.x86_64 #1 Hardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN45WW 03/17/2023 Workqueue: events_long ucsi_init_work [typec_ucsi] RIP: 0010:ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] Call Trace: <TASK> ucsi_init_work+0x3c/0xac0 [typec_ucsi] process_one_work+0x179/0x330 worker_thread+0x252/0x390 kthread+0xd2/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Thus introduce a ->poll_cci() method that works like ->read_cci() with an additional forced sync and document that this should be used when polling with notifications disabled. For all other backends that presumably don't have this issue use the same implementation for both methods. Fixes: fa48d7e81624 ("usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations") Cc: stable(a)vger.kernel.org Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> Tested-by: Fedor Pchelkin <boddah8794(a)gmail.com> Signed-off-by: Fedor Pchelkin <boddah8794(a)gmail.com> --- Add the explicit WARNING splat and slightly increase the length of text lines in the changelog. Original patch: https://lore.kernel.org/linux-usb/Z2Cf1AI8CXao5ZAn@cae.in-ulm.de/ drivers/usb/typec/ucsi/ucsi.c | 10 +++++----- drivers/usb/typec/ucsi/ucsi.h | 2 ++ drivers/usb/typec/ucsi/ucsi_acpi.c | 21 ++++++++++++++------- drivers/usb/typec/ucsi/ucsi_ccg.c | 1 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 + drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 + 7 files changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index fcf499cc9458..0fe1476f4c29 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1346,7 +1346,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) mutex_lock(&ucsi->ppm_lock); - ret = ucsi->ops->read_cci(ucsi, &cci); + ret = ucsi->ops->poll_cci(ucsi, &cci); if (ret < 0) goto out; @@ -1364,7 +1364,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) tmo = jiffies + msecs_to_jiffies(UCSI_TIMEOUT_MS); do { - ret = ucsi->ops->read_cci(ucsi, &cci); + ret = ucsi->ops->poll_cci(ucsi, &cci); if (ret < 0) goto out; if (cci & UCSI_CCI_COMMAND_COMPLETE) @@ -1393,7 +1393,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) /* Give the PPM time to process a reset before reading CCI */ msleep(20); - ret = ucsi->ops->read_cci(ucsi, &cci); + ret = ucsi->ops->poll_cci(ucsi, &cci); if (ret) goto out; @@ -1929,8 +1929,8 @@ struct ucsi *ucsi_create(struct device *dev, const struct ucsi_operations *ops) struct ucsi *ucsi; if (!ops || - !ops->read_version || !ops->read_cci || !ops->read_message_in || - !ops->sync_control || !ops->async_control) + !ops->read_version || !ops->read_cci || !ops->poll_cci || + !ops->read_message_in || !ops->sync_control || !ops->async_control) return ERR_PTR(-EINVAL); ucsi = kzalloc(sizeof(*ucsi), GFP_KERNEL); diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 82735eb34f0e..28780acc4af2 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -62,6 +62,7 @@ struct dentry; * struct ucsi_operations - UCSI I/O operations * @read_version: Read implemented UCSI version * @read_cci: Read CCI register + * @poll_cci: Read CCI register while polling with notifications disabled * @read_message_in: Read message data from UCSI * @sync_control: Blocking control operation * @async_control: Non-blocking control operation @@ -76,6 +77,7 @@ struct dentry; struct ucsi_operations { int (*read_version)(struct ucsi *ucsi, u16 *version); int (*read_cci)(struct ucsi *ucsi, u32 *cci); + int (*poll_cci)(struct ucsi *ucsi, u32 *cci); int (*read_message_in)(struct ucsi *ucsi, void *val, size_t val_len); int (*sync_control)(struct ucsi *ucsi, u64 command); int (*async_control)(struct ucsi *ucsi, u64 command); diff --git a/drivers/usb/typec/ucsi/ucsi_acpi.c b/drivers/usb/typec/ucsi/ucsi_acpi.c index 5c5515551963..ac1ebb5d9527 100644 --- a/drivers/usb/typec/ucsi/ucsi_acpi.c +++ b/drivers/usb/typec/ucsi/ucsi_acpi.c @@ -59,19 +59,24 @@ static int ucsi_acpi_read_version(struct ucsi *ucsi, u16 *version) static int ucsi_acpi_read_cci(struct ucsi *ucsi, u32 *cci) { struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); - int ret; - - if (UCSI_COMMAND(ua->cmd) == UCSI_PPM_RESET) { - ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); - if (ret) - return ret; - } memcpy(cci, ua->base + UCSI_CCI, sizeof(*cci)); return 0; } +static int ucsi_acpi_poll_cci(struct ucsi *ucsi, u32 *cci) +{ + struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); + int ret; + + ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); + if (ret) + return ret; + + return ucsi_acpi_read_cci(ucsi, cci); +} + static int ucsi_acpi_read_message_in(struct ucsi *ucsi, void *val, size_t val_len) { struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); @@ -94,6 +99,7 @@ static int ucsi_acpi_async_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations ucsi_acpi_ops = { .read_version = ucsi_acpi_read_version, .read_cci = ucsi_acpi_read_cci, + .poll_cci = ucsi_acpi_poll_cci, .read_message_in = ucsi_acpi_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = ucsi_acpi_async_control @@ -142,6 +148,7 @@ static int ucsi_gram_sync_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations ucsi_gram_ops = { .read_version = ucsi_acpi_read_version, .read_cci = ucsi_acpi_read_cci, + .poll_cci = ucsi_acpi_poll_cci, .read_message_in = ucsi_gram_read_message_in, .sync_control = ucsi_gram_sync_control, .async_control = ucsi_acpi_async_control diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c index 740171f24ef9..4b1668733a4b 100644 --- a/drivers/usb/typec/ucsi/ucsi_ccg.c +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c @@ -664,6 +664,7 @@ static int ucsi_ccg_sync_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations ucsi_ccg_ops = { .read_version = ucsi_ccg_read_version, .read_cci = ucsi_ccg_read_cci, + .poll_cci = ucsi_ccg_read_cci, .read_message_in = ucsi_ccg_read_message_in, .sync_control = ucsi_ccg_sync_control, .async_control = ucsi_ccg_async_control, diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c index fed39d458090..8af79101a2fc 100644 --- a/drivers/usb/typec/ucsi/ucsi_glink.c +++ b/drivers/usb/typec/ucsi/ucsi_glink.c @@ -206,6 +206,7 @@ static void pmic_glink_ucsi_connector_status(struct ucsi_connector *con) static const struct ucsi_operations pmic_glink_ucsi_ops = { .read_version = pmic_glink_ucsi_read_version, .read_cci = pmic_glink_ucsi_read_cci, + .poll_cci = pmic_glink_ucsi_read_cci, .read_message_in = pmic_glink_ucsi_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = pmic_glink_ucsi_async_control, diff --git a/drivers/usb/typec/ucsi/ucsi_stm32g0.c b/drivers/usb/typec/ucsi/ucsi_stm32g0.c index 6923fad31d79..57ef7d83a412 100644 --- a/drivers/usb/typec/ucsi/ucsi_stm32g0.c +++ b/drivers/usb/typec/ucsi/ucsi_stm32g0.c @@ -424,6 +424,7 @@ static irqreturn_t ucsi_stm32g0_irq_handler(int irq, void *data) static const struct ucsi_operations ucsi_stm32g0_ops = { .read_version = ucsi_stm32g0_read_version, .read_cci = ucsi_stm32g0_read_cci, + .poll_cci = ucsi_stm32g0_read_cci, .read_message_in = ucsi_stm32g0_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = ucsi_stm32g0_async_control, diff --git a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c index 4cae85c0dc12..d33e3f2dd1d8 100644 --- a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c +++ b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c @@ -74,6 +74,7 @@ static int yoga_c630_ucsi_async_control(struct ucsi *ucsi, u64 command) static const struct ucsi_operations yoga_c630_ucsi_ops = { .read_version = yoga_c630_ucsi_read_version, .read_cci = yoga_c630_ucsi_read_cci, + .poll_cci = yoga_c630_ucsi_read_cci, .read_message_in = yoga_c630_ucsi_read_message_in, .sync_control = ucsi_sync_control_common, .async_control = yoga_c630_ucsi_async_control, -- 2.48.1

2 months, 2 weeks

4
3
0 0

[PATCH v2, 1/1] usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY

by joswang

From: Jos Wang <joswang(a)lenovo.com> As PD2.0 spec ("6.5.6.2 PSSourceOffTimer")，the PSSourceOffTimer is used by the Policy Engine in Dual-Role Power device that is currently acting as a Sink to timeout on a PS_RDY Message during a Power Role Swap sequence. This condition leads to a Hard Reset for USB Type-A and Type-B Plugs and Error Recovery for Type-C plugs and return to USB Default Operation. Therefore, after PSSourceOffTimer timeout, the tcpm state machine should switch from PR_SWAP_SNK_SRC_SINK_OFF to ERROR_RECOVERY. This can also solve the test items in the USB power delivery compliance test: TEST.PD.PROT.SNK.12 PR_Swap – PSSourceOffTimer Timeout [1] https://usb.org/document-library/usb-power-delivery-compliance-test-specifi… Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: Jos Wang <joswang(a)lenovo.com> --- v2: Modify the commit message, remove unnecessary blank lines. drivers/usb/typec/tcpm/tcpm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 47be450d2be3..6bf1a22c785a 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5591,8 +5591,7 @@ static void run_state_machine(struct tcpm_port *port) tcpm_set_auto_vbus_discharge_threshold(port, TYPEC_PWR_MODE_USB, port->pps_data.active, 0); tcpm_set_charge(port, false); - tcpm_set_state(port, hard_reset_state(port), - port->timings.ps_src_off_time); + tcpm_set_state(port, ERROR_RECOVERY, port->timings.ps_src_off_time); break; case PR_SWAP_SNK_SRC_SOURCE_ON: tcpm_enable_auto_vbus_discharge(port, true); -- 2.17.1

2 months, 2 weeks

2
1
0 0

[PATCH 1/1] usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY

by joswang

From: Jos Wang <joswang(a)lenovo.com> As PD2.0 spec ("6.5.6.2 PSSourceOffTimer")，the PSSourceOffTimer is used by the Policy Engine in Dual-Role Power device that is currently acting as a Sink to timeout on a PS_RDY Message during a Power Role Swap sequence. This condition leads to a Hard Reset for USB Type-A and Type-B Plugs and Error Recovery for Type-C plugs and return to USB Default Operation. Therefore, after PSSourceOffTimer timeout, the tcpm state machine should switch from PR_SWAP_SNK_SRC_SINK_OFF to ERROR_RECOVERY. This can also solve the test items in the USB power delivery compliance test: TEST.PD.PROT.SNK.12 PR_Swap – PSSourceOffTimer Timeout [1] https://usb.org/document-library/usb-power-delivery-compliance-test-specifi… Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: Jos Wang <joswang(a)lenovo.com> --- drivers/usb/typec/tcpm/tcpm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 47be450d2be3..6bf1a22c785a 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5591,8 +5591,7 @@ static void run_state_machine(struct tcpm_port *port) tcpm_set_auto_vbus_discharge_threshold(port, TYPEC_PWR_MODE_USB, port->pps_data.active, 0); tcpm_set_charge(port, false); - tcpm_set_state(port, hard_reset_state(port), - port->timings.ps_src_off_time); + tcpm_set_state(port, ERROR_RECOVERY, port->timings.ps_src_off_time); break; case PR_SWAP_SNK_SRC_SOURCE_ON: tcpm_enable_auto_vbus_discharge(port, true); -- 2.17.1

2 months, 2 weeks

5
6
0 0

FW: [PATCH] usb: xhci: lack of clearing xHC resources

by Pawel Laszczak

The xHC resources allocated for USB devices are not released in correct order after resuming in case when while suspend device was reconnected. This issue has been detected during the fallowing scenario: - connect hub HS to root port - connect LS/FS device to hub port - wait for enumeration to finish - force DUT to suspend - reconnect hub attached to root port - wake DUT For this scenario during enumeration of USB LS/FS device the Cadence xHC reports completion error code for xHCi commands because the devices was not property disconnected and in result the xHC resources has not been correct freed. XHCI specification doesn't mention that device can be reset in any order so, we should not treat this issue as Cadence xHC controller bug. Similar as during disconnecting in this case the device should be cleared starting form the last usb device in tree toward the root hub. To fix this issue usbcore driver should disconnect all USB devices connected to hub which was reconnected while suspending. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/core/hub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 0cd44f1fd56d..2473cbf317a8 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -3627,10 +3627,12 @@ static int finish_port_resume(struct usb_device *udev) * the device will be rediscovered. */ retry_reset_resume: - if (udev->quirks & USB_QUIRK_RESET) + if (udev->quirks & USB_QUIRK_RESET) { status = -ENODEV; - else + } else { + hub_disconnect_children(udev); status = usb_reset_and_verify_device(udev); + } } /* 10.5.4.5 says be sure devices in the tree are still there. -- 2.43.0

2 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] maple_tree: simplify split calculation" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4f6a6bed0bfef4b966f076f33eb4f5547226056a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021128-repeater-percolate-6131@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f6a6bed0bfef4b966f076f33eb4f5547226056a Mon Sep 17 00:00:00 2001 From: Wei Yang <richard.weiyang(a)gmail.com> Date: Wed, 13 Nov 2024 03:16:14 +0000 Subject: [PATCH] maple_tree: simplify split calculation Patch series "simplify split calculation", v3. This patch (of 3): The current calculation for splitting nodes tries to enforce a minimum span on the leaf nodes. This code is complex and never worked correctly to begin with, due to the min value being passed as 0 for all leaves. The calculation should just split the data as equally as possible between the new nodes. Note that b_end will be one more than the data, so the left side is still favoured in the calculation. The current code may also lead to a deficient node by not leaving enough data for the right side of the split. This issue is also addressed with the split calculation change. [Liam.Howlett(a)Oracle.com: rephrase the change log] Link: https://lkml.kernel.org/r/20241113031616.10530-1-richard.weiyang@gmail.com Link: https://lkml.kernel.org/r/20241113031616.10530-2-richard.weiyang@gmail.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/maple_tree.c b/lib/maple_tree.c index fe7f9e1f5bbb..ca8ae1e1cc0a 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -1863,11 +1863,11 @@ static inline int mab_no_null_split(struct maple_big_node *b_node, * Return: The first split location. The middle split is set in @mid_split. */ static inline int mab_calc_split(struct ma_state *mas, - struct maple_big_node *bn, unsigned char *mid_split, unsigned long min) + struct maple_big_node *bn, unsigned char *mid_split) { unsigned char b_end = bn->b_end; int split = b_end / 2; /* Assume equal split. */ - unsigned char slot_min, slot_count = mt_slots[bn->type]; + unsigned char slot_count = mt_slots[bn->type]; /* * To support gap tracking, all NULL entries are kept together and a node cannot @@ -1900,18 +1900,7 @@ static inline int mab_calc_split(struct ma_state *mas, split = b_end / 3; *mid_split = split * 2; } else { - slot_min = mt_min_slots[bn->type]; - *mid_split = 0; - /* - * Avoid having a range less than the slot count unless it - * causes one node to be deficient. - * NOTE: mt_min_slots is 1 based, b_end and split are zero. - */ - while ((split < slot_count - 1) && - ((bn->pivot[split] - min) < slot_count - 1) && - (b_end - split > slot_min)) - split++; } /* Avoid ending a node on a NULL entry */ @@ -2377,7 +2366,7 @@ static inline struct maple_enode static inline unsigned char mas_mab_to_node(struct ma_state *mas, struct maple_big_node *b_node, struct maple_enode **left, struct maple_enode **right, struct maple_enode **middle, - unsigned char *mid_split, unsigned long min) + unsigned char *mid_split) { unsigned char split = 0; unsigned char slot_count = mt_slots[b_node->type]; @@ -2390,7 +2379,7 @@ static inline unsigned char mas_mab_to_node(struct ma_state *mas, if (b_node->b_end < slot_count) { split = b_node->b_end; } else { - split = mab_calc_split(mas, b_node, mid_split, min); + split = mab_calc_split(mas, b_node, mid_split); *right = mas_new_ma_node(mas, b_node); } @@ -2877,7 +2866,7 @@ static void mas_spanning_rebalance(struct ma_state *mas, mast->bn->b_end--; mast->bn->type = mte_node_type(mast->orig_l->node); split = mas_mab_to_node(mas, mast->bn, &left, &right, &middle, - &mid_split, mast->orig_l->min); + &mid_split); mast_set_split_parents(mast, left, middle, right, split, mid_split); mast_cp_to_nodes(mast, left, middle, right, split, mid_split); @@ -3365,7 +3354,7 @@ static void mas_split(struct ma_state *mas, struct maple_big_node *b_node) if (mas_push_data(mas, height, &mast, false)) break; - split = mab_calc_split(mas, b_node, &mid_split, prev_l_mas.min); + split = mab_calc_split(mas, b_node, &mid_split); mast_split_data(&mast, mas, split); /* * Usually correct, mab_mas_cp in the above call overwrites

2 months, 2 weeks

3
2
0 0

[PATCH v6.6-v6.1] x86/mm/ident_map: Use gbpages only where full GB page should be mapped.

by hsimeliere.opensource＠witekio.com

From: Steve Wahl <steve.wahl(a)hpe.com> [ Upstream commit cc31744a294584a36bf764a0ffa3255a8e69f036 ] When ident_pud_init() uses only GB pages to create identity maps, large ranges of addresses not actually requested can be included in the resulting table; a 4K request will map a full GB. This can include a lot of extra address space past that requested, including areas marked reserved by the BIOS. That allows processor speculation into reserved regions, that on UV systems can cause system halts. Only use GB pages when map creation requests include the full GB page of space. Fall back to using smaller 2M pages when only portions of a GB page are included in the request. No attempt is made to coalesce mapping requests. If a request requires a map entry at the 2M (pmd) level, subsequent mapping requests within the same 1G region will also be at the pmd level, even if adjacent or overlapping such requests could have been combined to map a full GB page. Existing usage starts with larger regions and then adds smaller regions, so this should not have any great consequence. Signed-off-by: Steve Wahl <steve.wahl(a)hpe.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Pavin Joseph <me(a)pavinjoseph.com> Tested-by: Sarah Brofeldt <srhb(a)dbc.dk> Tested-by: Eric Hagberg <ehagberg(a)gmail.com> Link: https://lore.kernel.org/all/20240717213121.3064030-3-steve.wahl@hpe.com Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- arch/x86/mm/ident_map.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index 968d7005f4a7..a204a332c71f 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,18 +26,31 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; + bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - if (info->direct_gbpages) { - pud_t pudval; + /* if this is already a gbpage, this portion is already mapped */ + if (pud_leaf(*pud)) + continue; + + /* Is using a gbpage allowed? */ + use_gbpage = info->direct_gbpages; - if (pud_present(*pud)) - continue; + /* Don't use gbpage if it maps more than the requested region. */ + /* at the begining: */ + use_gbpage &= ((addr & ~PUD_MASK) == 0); + /* ... or at the end: */ + use_gbpage &= ((next & ~PUD_MASK) == 0); + + /* Never overwrite existing mappings */ + use_gbpage &= !pud_present(*pud); + + if (use_gbpage) { + pud_t pudval; - addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue; -- 2.43.0

2 months, 2 weeks

2
1
0 0

[PATCH 6.6] net: Fix icmp host relookup triggering ip_rt_bug

by vgiraud.opensource＠witekio.com

From: Dong Chenchen <dongchenchen2(a)huawei.com> [ Upstream commit c44daa7e3c73229f7ac74985acb8c7fb909c4e0a ] arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:ip_rt_bug+0x14/0x20 Call Trace: <IRQ> ip_send_skb+0x14/0x40 __icmp_send+0x42d/0x6a0 ipv4_link_failure+0xe2/0x1d0 arp_error_report+0x3c/0x50 neigh_invalidate+0x8d/0x100 neigh_timer_handler+0x2e1/0x330 call_timer_fn+0x21/0x120 __run_timer_base.part.0+0x1c9/0x270 run_timer_softirq+0x4c/0x80 handle_softirqs+0xac/0x280 irq_exit_rcu+0x62/0x80 sysvec_apic_timer_interrupt+0x77/0x90 The script below reproduces this scenario: ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \ dir out priority 0 ptype main flag localok icmp ip l a veth1 type veth ip a a 192.168.141.111/24 dev veth0 ip l s veth0 up ping 192.168.141.155 -c 1 icmp_route_lookup() create input routes for locally generated packets while xfrm relookup ICMP traffic.Then it will set input route (dst->out = ip_rt_bug) to skb for DESTUNREACH. For ICMP err triggered by locally generated packets, dst->dev of output route is loopback. Generally, xfrm relookup verification is not required on loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1). Skip icmp relookup for locally generated packets to fix it. Fixes: 8b7817f3a959 ("[IPSEC]: Add ICMP host relookup support") Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://patch.msgid.link/20241127040850.1513135-1-dongchenchen2@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Victor Giraud <vgiraud.opensource(a)witekio.com> --- net/ipv4/icmp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 9dffdd876fef..ab830c093f7e 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -522,6 +522,9 @@ static struct rtable *icmp_route_lookup(struct net *net, if (rt != rt2) return rt; } else if (PTR_ERR(rt) == -EPERM) { + if (inet_addr_type_dev_table(net, route_lookup_dev, + fl4->daddr) == RTN_LOCAL) + return rt; rt = NULL; } else return rt; -- 2.34.1

2 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] fs: fix adding security options to statmount.mnt_opt" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 5eb987105357cb7cfa7cf3b1e2f66d5c0977e412 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021142-whoops-explicit-4d75@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5eb987105357cb7cfa7cf3b1e2f66d5c0977e412 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi <mszeredi(a)redhat.com> Date: Wed, 29 Jan 2025 16:12:53 +0100 Subject: [PATCH] fs: fix adding security options to statmount.mnt_opt Prepending security options was made conditional on sb->s_op->show_options, but security options are independent of sb options. Fixes: 056d33137bf9 ("fs: prepend statmount.mnt_opts string with security_sb_mnt_opts()") Fixes: f9af549d1fd3 ("fs: export mount options via statmount()") Cc: stable(a)vger.kernel.org # v6.11 Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> Link: https://lore.kernel.org/r/20250129151253.33241-1-mszeredi@redhat.com Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/namespace.c b/fs/namespace.c index 9c4d307a82cd..8f1000f9f3df 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5087,31 +5087,30 @@ static int statmount_mnt_opts(struct kstatmount *s, struct seq_file *seq) { struct vfsmount *mnt = s->mnt; struct super_block *sb = mnt->mnt_sb; + size_t start = seq->count; int err; + err = security_sb_show_options(seq, sb); + if (err) + return err; + if (sb->s_op->show_options) { - size_t start = seq->count; - - err = security_sb_show_options(seq, sb); - if (err) - return err; - err = sb->s_op->show_options(seq, mnt->mnt_root); if (err) return err; - - if (unlikely(seq_has_overflowed(seq))) - return -EAGAIN; - - if (seq->count == start) - return 0; - - /* skip leading comma */ - memmove(seq->buf + start, seq->buf + start + 1, - seq->count - start - 1); - seq->count--; } + if (unlikely(seq_has_overflowed(seq))) + return -EAGAIN; + + if (seq->count == start) + return 0; + + /* skip leading comma */ + memmove(seq->buf + start, seq->buf + start + 1, + seq->count - start - 1); + seq->count--; + return 0; }

2 months, 2 weeks

3
2
0 0

[PATCH v2] usb: roles: set switch registered flag early on

by Elson Roy Serrao

The role switch registration and set_role() can happen in parallel as they are invoked independent of each other. There is a possibility that a driver might spend significant amount of time in usb_role_switch_register() API due to the presence of time intensive operations like component_add() which operate under common mutex. This leads to a time window after allocating the switch and before setting the registered flag where the set role notifications are dropped. Below timeline summarizes this behavior Thread1 | Thread2 usb_role_switch_register() | | | ---> allocate switch | | | ---> component_add() | usb_role_switch_set_role() | | | | | --> Drop role notifications | | since sw->registered | | flag is not set. | | --->Set registered flag.| To avoid this, set the registered flag early on in the switch register API. Fixes: b787a3e78175 ("usb: roles: don't get/set_role() when usb_role_switch is unregistered") cc: stable(a)vger.kernel.org Signed-off-by: Elson Roy Serrao <quic_eserrao(a)quicinc.com> --- Changes in v2: - Set the switch registered flag from the get-go as suggested by Heikki. - Modified subject line and commit next as per the new logic. - Link to v1: https://lore.kernel.org/all/20250127230715.6142-1-quic_eserrao@quicinc.com/ drivers/usb/roles/class.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/usb/roles/class.c b/drivers/usb/roles/class.c index c58a12c147f4..30482d4cf826 100644 --- a/drivers/usb/roles/class.c +++ b/drivers/usb/roles/class.c @@ -387,8 +387,11 @@ usb_role_switch_register(struct device *parent, dev_set_name(&sw->dev, "%s-role-switch", desc->name ? desc->name : dev_name(parent)); + sw->registered = true; + ret = device_register(&sw->dev); if (ret) { + sw->registered = false; put_device(&sw->dev); return ERR_PTR(ret); } @@ -399,8 +402,6 @@ usb_role_switch_register(struct device *parent, dev_warn(&sw->dev, "failed to add component\n"); } - sw->registered = true; - /* TODO: Symlinks for the host port and the device controller. */ return sw; -- 2.17.1

2 months, 2 weeks

2
1
0 0

[PATCH] fuse: revert back to __readahead_folio() for readahead

by Joanne Koong

In 3eab9d7bc2f4 ("fuse: convert readahead to use folios"), the logic was converted to using the new folio readahead code, which drops the reference on the folio once it is locked, using an inferred reference on the folio. Previously we held a reference on the folio for the entire duration of the readpages call. This is fine, however for the case for splice pipe responses where we will remove the old folio and splice in the new folio (see fuse_try_move_page()), we assume that there is a reference held on the folio for ap->folios, which is no longer the case. To fix this, revert back to __readahead_folio() which allows us to hold the reference on the folio for the duration of readpages until either we drop the reference ourselves in fuse_readpages_end() or the reference is dropped after it's replaced in the page cache in the splice case. This will fix the UAF bug that was reported. Link: https://lore.kernel.org/linux-fsdevel/2f681f48-00f5-4e09-8431-2b3dbfaa881e@… Fixes: 3eab9d7bc2f4 ("fuse: convert readahead to use folios") Reported-by: Christian Heusel <christian(a)heusel.eu> Closes: https://lore.kernel.org/all/2f681f48-00f5-4e09-8431-2b3dbfaa881e@heusel.eu/ Closes: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/110 Reported-by: Mantas Mikulėnas <grawity(a)gmail.com> Closes: https://lore.kernel.org/all/34feb867-09e2-46e4-aa31-d9660a806d1a@gmail.com/ Closes: https://bugzilla.opensuse.org/show_bug.cgi?id=1236660 Cc: <stable(a)vger.kernel.org> Signed-off-by: Joanne Koong <joannelkoong(a)gmail.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> --- fs/fuse/dev.c | 6 ++++++ fs/fuse/file.c | 13 +++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 3c03aac480a4..de9e25e7dd2d 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -933,6 +933,12 @@ static int fuse_check_folio(struct folio *folio) return 0; } +/* + * Attempt to steal a page from the splice() pipe and move it into the + * pagecache. If successful, the pointer in @pagep will be updated. The + * folio that was originally in @pagep will lose a reference and the new + * folio returned in @pagep will carry a reference. + */ static int fuse_try_move_page(struct fuse_copy_state *cs, struct page **pagep) { int err; diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 7d92a5479998..d63e56fd3dd2 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -955,8 +955,10 @@ static void fuse_readpages_end(struct fuse_mount *fm, struct fuse_args *args, fuse_invalidate_atime(inode); } - for (i = 0; i < ap->num_folios; i++) + for (i = 0; i < ap->num_folios; i++) { folio_end_read(ap->folios[i], !err); + folio_put(ap->folios[i]); + } if (ia->ff) fuse_file_put(ia->ff, false); @@ -1048,7 +1050,14 @@ static void fuse_readahead(struct readahead_control *rac) ap = &ia->ap; while (ap->num_folios < cur_pages) { - folio = readahead_folio(rac); + /* + * This returns a folio with a ref held on it. + * The ref needs to be held until the request is + * completed, since the splice case (see + * fuse_try_move_page()) drops the ref after it's + * replaced in the page cache. + */ + folio = __readahead_folio(rac); ap->folios[ap->num_folios] = folio; ap->descs[ap->num_folios].length = folio_size(folio); ap->num_folios++; -- 2.43.5

2 months, 2 weeks

2
1
0 0

[PATCH] ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls()

by Wentao Liang

Check the return value of snd_ctl_rename_id() in snd_hda_create_dig_out_ctls(). Ensure that potential failures are properly handled. Fixes: 5c219a340850 ("ALSA: hda: Fix kctl->id initialization") Cc: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- sound/pci/hda/hda_codec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c index 14763c0f31ad..46a220404999 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c @@ -2470,7 +2470,9 @@ int snd_hda_create_dig_out_ctls(struct hda_codec *codec, break; id = kctl->id; id.index = spdif_index; - snd_ctl_rename_id(codec->card, &kctl->id, &id); + err = snd_ctl_rename_id(codec->card, &kctl->id, &id); + if (err < 0) + return err; } bus->primary_dig_out_type = HDA_PCM_TYPE_HDMI; } -- 2.42.0.windows.2

2 months, 2 weeks

3
2
0 0

Quick Reply-Integrated Systems Europe 2025!

by Grace Green

Hi, Following up on my primary email about the visitor list. Please let me know your thoughts, and I'd be happy to give more details. Best regards, Grace Subject: Integrated Systems Europe 2025! Hi, Are you interested in the latest attendee and exhibitor lists for Integrated Systems Europe 2025? This comprehensive database now includes last-minute registrants, providing you with up-to-date and actionable insights. Event Details: Location: Fira Barcelona Gran Via, Barcelona, Spain Exhibitors: 1,460 Attendees: 73,891 Data fields: Induvial Email address, Cell Phone Number, Contact Name, Job Title, Company Name, Company website, Physical Address and more), Would you like details on the attendees list, exhibitors list, or both? Let me know, and I’ll be happy to share pricing details and answer any questions. Looking forward to hearing from you! Best regards, Grace Green Sr. Demand Generation P.S. If you’d prefer not to receive updates, simply reply with “NO.”

2 months, 2 weeks

1
0
0 0

[PATCH v5] arm64: mm: Populate vmemmap/linear at the page level for hotplugged sections

by Zhenhua Huang

On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. Considering the vmemmap_free -> unmap_hotplug_pmd_range path, when pmd_sect() is true, the entire PMD section is cleared, even if there is other effective subsection. For example page_struct_map1 and page_strcut_map2 are part of a single PMD entry and they are hot-added sequentially. Then page_struct_map1 is removed, vmemmap_free() will clear the entire PMD entry freeing the struct page map for the whole section, even though page_struct_map2 is still active. Similar problem exists with linear mapping as well, for 16K base page(PMD size = 32M) or 64K base page(PMD = 512M), their block mappings exceed SUBSECTION_SIZE. Tearing down the entire PMD mapping too will leave other subsections unmapped in the linear mapping. To address the issue, we need to prevent PMD/PUD/CONT mappings for both linear and vmemmap for non-boot sections if corresponding size on the given base page exceeds SUBSECTION_SIZE(2MB now). Cc: stable(a)vger.kernel.org # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> --- Hi Catalin and Anshuman, I have addressed comments so far, please help review. One outstanding point which not finalized is in vmemmap_populate(): how to judge hotplug section. Currently I am using system_state, discussion: https://lore.kernel.org/linux-mm/1515dae4-cb53-4645-8c72-d33b27ede7eb@quici… arch/arm64/mm/mmu.c | 46 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index e2739b69e11b..8718d6e454c5 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -42,9 +42,13 @@ #include <asm/pgalloc.h> #include <asm/kfence.h> -#define NO_BLOCK_MAPPINGS BIT(0) -#define NO_CONT_MAPPINGS BIT(1) -#define NO_EXEC_MAPPINGS BIT(2) /* assumes FEAT_HPDS is not used */ +#define NO_PMD_BLOCK_MAPPINGS BIT(0) +#define NO_PUD_BLOCK_MAPPINGS BIT(1) /* Hotplug case: do not want block mapping for PUD */ +#define NO_BLOCK_MAPPINGS (NO_PMD_BLOCK_MAPPINGS | NO_PUD_BLOCK_MAPPINGS) +#define NO_PTE_CONT_MAPPINGS BIT(2) +#define NO_PMD_CONT_MAPPINGS BIT(3) /* Hotplug case: do not want cont mapping for PMD */ +#define NO_CONT_MAPPINGS (NO_PTE_CONT_MAPPINGS | NO_PMD_CONT_MAPPINGS) +#define NO_EXEC_MAPPINGS BIT(4) /* assumes FEAT_HPDS is not used */ u64 kimage_voffset __ro_after_init; EXPORT_SYMBOL(kimage_voffset); @@ -224,7 +228,7 @@ static void alloc_init_cont_pte(pmd_t *pmdp, unsigned long addr, /* use a contiguous mapping if the range is suitably aligned */ if ((((addr | next | phys) & ~CONT_PTE_MASK) == 0) && - (flags & NO_CONT_MAPPINGS) == 0) + (flags & NO_PTE_CONT_MAPPINGS) == 0) __prot = __pgprot(pgprot_val(prot) | PTE_CONT); init_pte(ptep, addr, next, phys, __prot); @@ -254,7 +258,7 @@ static void init_pmd(pmd_t *pmdp, unsigned long addr, unsigned long end, /* try section mapping first */ if (((addr | next | phys) & ~PMD_MASK) == 0 && - (flags & NO_BLOCK_MAPPINGS) == 0) { + (flags & NO_PMD_BLOCK_MAPPINGS) == 0) { pmd_set_huge(pmdp, phys, prot); /* @@ -311,7 +315,7 @@ static void alloc_init_cont_pmd(pud_t *pudp, unsigned long addr, /* use a contiguous mapping if the range is suitably aligned */ if ((((addr | next | phys) & ~CONT_PMD_MASK) == 0) && - (flags & NO_CONT_MAPPINGS) == 0) + (flags & NO_PMD_CONT_MAPPINGS) == 0) __prot = __pgprot(pgprot_val(prot) | PTE_CONT); init_pmd(pmdp, addr, next, phys, __prot, pgtable_alloc, flags); @@ -358,8 +362,8 @@ static void alloc_init_pud(p4d_t *p4dp, unsigned long addr, unsigned long end, * For 4K granule only, attempt to put down a 1GB block */ if (pud_sect_supported() && - ((addr | next | phys) & ~PUD_MASK) == 0 && - (flags & NO_BLOCK_MAPPINGS) == 0) { + ((addr | next | phys) & ~PUD_MASK) == 0 && + (flags & NO_PUD_BLOCK_MAPPINGS) == 0) { pud_set_huge(pudp, phys, prot); /* @@ -1177,7 +1181,13 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, { WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + /* + * Hotplugged section does not support hugepages as + * PMD_SIZE (hence PUD_SIZE) section mapping covers + * struct page range that exceeds a SUBSECTION_SIZE + * i.e 2MB - for all available base page sizes. + */ + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || system_state != SYSTEM_BOOTING) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap); @@ -1339,9 +1349,27 @@ int arch_add_memory(int nid, u64 start, u64 size, struct mhp_params *params) { int ret, flags = NO_EXEC_MAPPINGS; + unsigned long start_pfn = PFN_DOWN(start); + struct mem_section *ms = __pfn_to_section(start_pfn); VM_BUG_ON(!mhp_range_allowed(start, size, true)); + /* should not be invoked by early section */ + WARN_ON(early_section(ms)); + + /* + * Disallow BlOCK/CONT mappings if the corresponding size exceeds + * SUBSECTION_SIZE which now is 2MB. + * + * PUD_BLOCK or PMD_CONT should consistently exceed SUBSECTION_SIZE + * across all variable page size configurations, so add them directly + */ + flags |= NO_PUD_BLOCK_MAPPINGS | NO_PMD_CONT_MAPPINGS; + if (SUBSECTION_SHIFT < PMD_SHIFT) + flags |= NO_PMD_BLOCK_MAPPINGS; + if (SUBSECTION_SHIFT < CONT_PTE_SHIFT) + flags |= NO_PTE_CONT_MAPPINGS; + if (can_set_direct_map()) flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS; -- 2.25.1

2 months, 2 weeks

2
4
0 0

[PATCH v1 03/16] arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level

by Ryan Roberts

commit c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") changed the "invalidation level unknown" hint from 0 to TLBI_TTL_UNKNOWN (INT_MAX). But the fallback "unknown level" path in flush_hugetlb_tlb_range() was not updated. So as it stands, when trying to invalidate CONT_PMD_SIZE or CONT_PTE_SIZE hugetlb mappings, we will spuriously try to invalidate at level 0 on LPA2-enabled systems. Fix this so that the fallback passes TLBI_TTL_UNKNOWN, and while we are at it, explicitly use the correct stride and level for CONT_PMD_SIZE and CONT_PTE_SIZE, which should provide a minor optimization. Cc: <stable(a)vger.kernel.org> Fixes: c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/include/asm/hugetlb.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index 03db9cb21ace..8ab9542d2d22 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -76,12 +76,20 @@ static inline void flush_hugetlb_tlb_range(struct vm_area_struct *vma, { unsigned long stride = huge_page_size(hstate_vma(vma)); - if (stride == PMD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 2); - else if (stride == PUD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 1); - else - __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 0); + switch (stride) { + case PUD_SIZE: + __flush_tlb_range(vma, start, end, PUD_SIZE, false, 1); + break; + case CONT_PMD_SIZE: + case PMD_SIZE: + __flush_tlb_range(vma, start, end, PMD_SIZE, false, 2); + break; + case CONT_PTE_SIZE: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 3); + break; + default: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, TLBI_TTL_UNKNOWN); + } } #endif /* __ASM_HUGETLB_H */ -- 2.43.0

2 months, 2 weeks

2
3
0 0

[PATCH v2 1/2] usb: xhci: Fix unassigned variable 'tmp_minor_revision' in xhci_add_in_port()

by Selvarasu Ganesan

Fix the following smatch error: drivers/usb/host/xhci-mem.c:2060 xhci_add_in_port() error: unassigned variable 'tmp_minor_revision' Fixes: d9b0328d0b8b ("xhci: Show ZHAOXIN xHCI root hub speed correctly") Cc: stable(a)vger.kernel.org Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- drivers/usb/host/xhci-mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..8665893df894 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -1980,7 +1980,7 @@ static void xhci_add_in_port(struct xhci_hcd *xhci, unsigned int num_ports, { u32 temp, port_offset, port_count; int i; - u8 major_revision, minor_revision, tmp_minor_revision; + u8 major_revision, minor_revision, tmp_minor_revision = 0; struct xhci_hub *rhub; struct device *dev = xhci_to_hcd(xhci)->self.sysdev; struct xhci_port_cap *port_cap; -- 2.17.1

2 months, 2 weeks

1
0
0 0

[PATCH net V2] net: stmmac: dwmac-loongson: Set correct {tx,rx}_fifo_size

by Huacai Chen

Now for dwmac-loongson {tx,rx}_fifo_size are uninitialised, which means zero. This means dwmac-loongson doesn't support changing MTU because in stmmac_change_mtu() it requires the fifo size be no less than MTU. Thus, set the correct tx_fifo_size and rx_fifo_size for it (16KB multiplied by queue counts). Here {tx,rx}_fifo_size is initialised with the initial value (also the maximum value) of {tx,rx}_queues_to_use. So it will keep as 16KB if we don't change the queue count, and will be larger than 16KB if we change (decrease) the queue count. However stmmac_change_mtu() still work well with current logic (MTU cannot be larger than 16KB for stmmac). Note: the Fixes tag picked here is the oldest commit and key commit of the dwmac-loongson series "stmmac: Add Loongson platform support". Cc: stable(a)vger.kernel.org Fixes: ad72f783de06 ("net: stmmac: Add multi-channel support") Acked-by: Yanteng Si <si.yanteng(a)linux.dev> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: Chong Qiao <qiaochong(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- V2: Update commit message and CC list. drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index bfe6e2d631bd..79acdf38c525 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -574,6 +574,9 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id if (ret) goto err_disable_device; + plat->tx_fifo_size = SZ_16K * plat->tx_queues_to_use; + plat->rx_fifo_size = SZ_16K * plat->rx_queues_to_use; + if (dev_of_node(&pdev->dev)) ret = loongson_dwmac_dt_config(pdev, plat, &res); else -- 2.47.1

2 months, 2 weeks

3
2
0 0

[PATCH] tls: Check return value of get_cipher_desc in fill_sg_out

by Wentao Liang

The function get_cipher_desc() may return NULL if the cipher type is invalid or unsupported. In fill_sg_out(), the return value is used without any checks, which could lead to a NULL pointer dereference. This patch adds a DEBUG_NET_WARN_ON_ONCE check to ensure that cipher_desc is valid and offloadable before proceeding. This prevents potential crashes and provides a clear warning in debug builds. Fixes: 8db44ab26beb ("tls: rename tls_cipher_size_desc to tls_cipher_desc") Cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- net/tls/tls_device_fallback.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/tls/tls_device_fallback.c b/net/tls/tls_device_fallback.c index f9e3d3d90dcf..0f93a0833ec2 100644 --- a/net/tls/tls_device_fallback.c +++ b/net/tls/tls_device_fallback.c @@ -306,6 +306,7 @@ static void fill_sg_out(struct scatterlist sg_out[3], void *buf, { const struct tls_cipher_desc *cipher_desc = get_cipher_desc(tls_ctx->crypto_send.info.cipher_type); + DEBUG_NET_WARN_ON_ONCE(!cipher_desc || !cipher_desc->offloadable); sg_set_buf(&sg_out[0], dummy_buf, sync_size); sg_set_buf(&sg_out[1], nskb->data + tcp_payload_offset, payload_len); -- 2.42.0.windows.2

2 months, 2 weeks

3
2
0 0

[PATCH V2] net: stmmac: dwmac-loongson: Add fix_soc_reset() callback

by Qunqin Zhao

Loongson's DWMAC device may take nearly two seconds to complete DMA reset, however, the default waiting time for reset is 200 milliseconds. Fixes: 803fc61df261 ("net: stmmac: dwmac-loongson: Add Loongson Multi-channels GMAC support") Signed-off-by: Qunqin Zhao <zhaoqunqin(a)loongson.cn> Reviewed-by: Huacai Chen <chenhuacai(a)loongson.cn> --- v2: Added comments. Changed callback name to loongson_dwmac_fix_reset. .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index bfe6e2d631bd..f5acfb7d4ff6 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -516,6 +516,19 @@ static int loongson_dwmac_acpi_config(struct pci_dev *pdev, return 0; } +/* Loongson's DWMAC device may take nearly two seconds to complete DMA reset */ +static int loongson_dwmac_fix_reset(void *priv, void __iomem *ioaddr) +{ + u32 value = readl(ioaddr + DMA_BUS_MODE); + + value |= DMA_BUS_MODE_SFT_RESET; + writel(value, ioaddr + DMA_BUS_MODE); + + return readl_poll_timeout(ioaddr + DMA_BUS_MODE, value, + !(value & DMA_BUS_MODE_SFT_RESET), + 10000, 2000000); +} + static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id *id) { struct plat_stmmacenet_data *plat; @@ -566,6 +579,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id plat->bsp_priv = ld; plat->setup = loongson_dwmac_setup; + plat->fix_soc_reset = loongson_dwmac_fix_reset; ld->dev = &pdev->dev; ld->loongson_id = readl(res.addr + GMAC_VERSION) & 0xff; base-commit: a64dcfb451e254085a7daee5fe51bf22959d52d3 -- 2.43.0

2 months, 2 weeks

4
5
0 0

[PATCH] block: Check blkg_to_lat return value to avoid NULL dereference

by Wentao Liang

The function blkg_to_lat() may return NULL if the blkg is not associated with an iolatency group. In iolatency_set_min_lat_nsec() and iolatency_pd_init(), the return values are not checked, leading to potential NULL pointer dereferences. This patch adds checks for the return values of blkg_to_lat and let it returns early if it is NULL, preventing the NULL pointer dereference. Fixes: d70675121546 ("block: introduce blk-iolatency io controller") Cc: stable(a)vger.kernel.org # 4.19+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- block/blk-iolatency.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/block/blk-iolatency.c b/block/blk-iolatency.c index ebb522788d97..398f0a1747c4 100644 --- a/block/blk-iolatency.c +++ b/block/blk-iolatency.c @@ -787,6 +787,8 @@ static int blk_iolatency_init(struct gendisk *disk) static void iolatency_set_min_lat_nsec(struct blkcg_gq *blkg, u64 val) { struct iolatency_grp *iolat = blkg_to_lat(blkg); + if (!iolat) + return; struct blk_iolatency *blkiolat = iolat->blkiolat; u64 oldval = iolat->min_lat_nsec; @@ -1013,6 +1015,8 @@ static void iolatency_pd_init(struct blkg_policy_data *pd) */ if (blkg->parent && blkg_to_pd(blkg->parent, &blkcg_policy_iolatency)) { struct iolatency_grp *parent = blkg_to_lat(blkg->parent); + if (!parent) + return; atomic_set(&iolat->scale_cookie, atomic_read(&parent->child_lat.scale_cookie)); } else { -- 2.42.0.windows.2

2 months, 2 weeks

4
3
0 0

[PATCH 2/2] cifs: deal with the channel loading lag while picking channels

by nspmangalore＠gmail.com

From: Shyam Prasad N <sprasad(a)microsoft.com> Our current approach to select a channel for sending requests is this: 1. iterate all channels to find the min and max queue depth 2. if min and max are not the same, pick the channel with min depth 3. if min and max are same, round robin, as all channels are equally loaded The problem with this approach is that there's a lag between selecting a channel and sending the request (that increases the queue depth on the channel). While these numbers will eventually catch up, there could be a skew in the channel usage, depending on the application's I/O parallelism and the server's speed of handling requests. With sufficient parallelism, this lag can artificially increase the queue depth, thereby impacting the performance negatively. This change will change the step 1 above to start the iteration from the last selected channel. This is to reduce the skew in channel usage even in the presence of this lag. Fixes: ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") Cc: <stable(a)vger.kernel.org> Signed-off-by: Shyam Prasad N <sprasad(a)microsoft.com> --- fs/smb/client/transport.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 0dc80959ce48..e2fbf8b18eb2 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1015,14 +1015,16 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) uint index = 0; unsigned int min_in_flight = UINT_MAX, max_in_flight = 0; struct TCP_Server_Info *server = NULL; - int i; + int i, start, cur; if (!ses) return NULL; spin_lock(&ses->chan_lock); + start = atomic_inc_return(&ses->chan_seq); for (i = 0; i < ses->chan_count; i++) { - server = ses->chans[i].server; + cur = (start + i) % ses->chan_count; + server = ses->chans[cur].server; if (!server || server->terminate) continue; @@ -1039,17 +1041,15 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) */ if (server->in_flight < min_in_flight) { min_in_flight = server->in_flight; - index = i; + index = cur; } if (server->in_flight > max_in_flight) max_in_flight = server->in_flight; } /* if all channels are equally loaded, fall back to round-robin */ - if (min_in_flight == max_in_flight) { - index = (uint)atomic_inc_return(&ses->chan_seq); - index %= ses->chan_count; - } + if (min_in_flight == max_in_flight) + index = (uint)start % ses->chan_count; server = ses->chans[index].server; spin_unlock(&ses->chan_lock); -- 2.43.0

2 months, 2 weeks

2
2
0 0

[PATCH] rust: rbtree: fix overindented list item

by Miguel Ojeda

Starting with Rust 1.86.0 (to be released 2025-04-03), Clippy will have a new lint, `doc_overindented_list_items` [1], which catches cases of overindented list items. The lint has been added by Yutaro Ohno, based on feedback from the kernel [2] on a patch that fixed a similar case -- commit 0c5928deada1 ("rust: block: fix formatting in GenDisk doc"). Clippy reports a single case in the kernel, apart from the one already fixed in the commit above: error: doc list item overindented --> rust/kernel/rbtree.rs:1152:5 | 1152 | /// null, it is a pointer to the root of the [`RBTree`]. | ^^^^ help: try using ` ` (2 spaces) | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#doc_overindented_… = note: `-D clippy::doc-overindented-list-items` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::doc_overindented_list_items)]` Thus clean it up. Cc: Yutaro Ohno <yutaro.ono.418(a)gmail.com> Cc: <stable(a)vger.kernel.org> # Needed in 6.12.y and 6.13.y only (Rust is pinned in older LTSs). Fixes: a335e9591404 ("rust: rbtree: add `RBTree::entry`") Link: https://github.com/rust-lang/rust-clippy/pull/13711 [1] Link: https://github.com/rust-lang/rust-clippy/issues/13601 [2] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- rust/kernel/rbtree.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/kernel/rbtree.rs b/rust/kernel/rbtree.rs index ee2731dad72d..0d1e75810664 100644 --- a/rust/kernel/rbtree.rs +++ b/rust/kernel/rbtree.rs @@ -1149,7 +1149,7 @@ pub struct VacantEntry<'a, K, V> { /// # Invariants /// - `parent` may be null if the new node becomes the root. /// - `child_field_of_parent` is a valid pointer to the left-child or right-child of `parent`. If `parent` is -/// null, it is a pointer to the root of the [`RBTree`]. +/// null, it is a pointer to the root of the [`RBTree`]. struct RawVacantEntry<'a, K, V> { rbtree: *mut RBTree<K, V>, /// The node that will become the parent of the new node if we insert one. -- 2.48.1

2 months, 2 weeks

4
3
0 0

[PATCH] objtool/rust: add one more `noreturn` Rust function

by Miguel Ojeda

Starting with Rust 1.85.0 (currently in beta, to be released 2025-02-20), under some kernel configurations with `CONFIG_RUST_DEBUG_ASSERTIONS=y`, one may trigger a new `objtool` warning: rust/kernel.o: warning: objtool: _R...securityNtB2_11SecurityCtx8as_bytes() falls through to next function _R...core3ops4drop4Drop4drop() due to a call to the `noreturn` symbol: core::panicking::assert_failed::<usize, usize> Thus add it to the list so that `objtool` knows it is actually `noreturn`. Do so matching with `strstr` since it is a generic. See commit 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") for more details. Cc: <stable(a)vger.kernel.org> # Needed in 6.12.y only (Rust is pinned in older LTSs). Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- tools/objtool/check.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 76060da755b5..e7ec29dfdff2 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -218,6 +218,7 @@ static bool is_rust_noreturn(const struct symbol *func) str_ends_with(func->name, "_4core9panicking18panic_bounds_check") || str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || + strstr(func->name, "_4core9panicking13assert_failed") || strstr(func->name, "_4core9panicking11panic_const24panic_const_") || (strstr(func->name, "_4core5slice5index24slice_") && str_ends_with(func->name, "_fail")); base-commit: 9d89551994a430b50c4fffcb1e617a057fa76e20 -- 2.48.0

2 months, 2 weeks

4
4
0 0

[PATCH v4 2/5] arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB

by Douglas Anderson

The code for detecting CPUs that are vulnerable to Spectre BHB was based on a hardcoded list of CPU IDs that were known to be affected. Unfortunately, the list mostly only contained the IDs of standard ARM cores. The IDs for many cores that are minor variants of the standard ARM cores (like many Qualcomm Kyro CPUs) weren't listed. This led the code to assume that those variants were not affected. Flip the code on its head and instead assume that a core is vulnerable if it doesn't have CSV2_3 but is unrecognized as being safe. This involves creating a "Spectre BHB safe" list. As of right now, the only CPU IDs added to the "Spectre BHB safe" list are ARM Cortex A35, A53, A55, A510, and A520. This list was created by looking for cores that weren't listed in ARM's list [1] as per review feedback on v2 of this patch [2]. Additionally Brahma A53 is added as per mailing list feedback [3]. NOTE: this patch will not actually _mitigate_ anyone, it will simply cause them to report themselves as vulnerable. If any cores in the system are reported as vulnerable but not mitigated then the whole system will be reported as vulnerable though the system will attempt to mitigate with the information it has about the known cores. [1] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB [2] https://lore.kernel.org/r/20241219175128.GA25477@willie-the-truck [3] https://lore.kernel.org/r/18dbd7d1-a46c-4112-a425-320c99f67a8d@broadcom.com Fixes: 558c303c9734 ("arm64: Mitigate spectre style branch history side channels") Cc: stable(a)vger.kernel.org Reviewed-by: Julius Werner <jwerner(a)chromium.org> Signed-off-by: Douglas Anderson <dianders(a)chromium.org> --- Changes in v4: - Add MIDR_BRAHMA_B53 as safe. - Get rid of `spectre_bhb_firmware_mitigated_list`. Changes in v3: - Don't guess the mitigation; just report unknown cores as vulnerable. - Restructure the code since is_spectre_bhb_affected() defaults to true Changes in v2: - New arch/arm64/include/asm/spectre.h | 1 - arch/arm64/kernel/proton-pack.c | 203 ++++++++++++++++--------------- 2 files changed, 102 insertions(+), 102 deletions(-) diff --git a/arch/arm64/include/asm/spectre.h b/arch/arm64/include/asm/spectre.h index 0c4d9045c31f..f1524cdeacf1 100644 --- a/arch/arm64/include/asm/spectre.h +++ b/arch/arm64/include/asm/spectre.h @@ -97,7 +97,6 @@ enum mitigation_state arm64_get_meltdown_state(void); enum mitigation_state arm64_get_spectre_bhb_state(void); bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope); -u8 spectre_bhb_loop_affected(int scope); void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused); bool try_emulate_el1_ssbs(struct pt_regs *regs, u32 instr); diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index e149efadff20..17aa836fe46d 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -845,53 +845,70 @@ static unsigned long system_bhb_mitigations; * This must be called with SCOPE_LOCAL_CPU for each type of CPU, before any * SCOPE_SYSTEM call will give the right answer. */ -u8 spectre_bhb_loop_affected(int scope) +static bool is_spectre_bhb_safe(int scope) +{ + static const struct midr_range spectre_bhb_safe_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A510), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A520), + MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53), + {}, + }; + static bool all_safe = true; + + if (scope != SCOPE_LOCAL_CPU) + return all_safe; + + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_safe_list)) + return true; + + all_safe = false; + + return false; +} + +static u8 spectre_bhb_loop_affected(void) { u8 k = 0; - static u8 max_bhb_k; - - if (scope == SCOPE_LOCAL_CPU) { - static const struct midr_range spectre_bhb_k32_list[] = { - MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), - MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), - MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), - MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), - MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), - {}, - }; - static const struct midr_range spectre_bhb_k24_list[] = { - MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), - MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), - MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), - {}, - }; - static const struct midr_range spectre_bhb_k11_list[] = { - MIDR_ALL_VERSIONS(MIDR_AMPERE1), - {}, - }; - static const struct midr_range spectre_bhb_k8_list[] = { - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), - {}, - }; - - if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) - k = 32; - else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) - k = 24; - else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k11_list)) - k = 11; - else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k8_list)) - k = 8; - - max_bhb_k = max(max_bhb_k, k); - } else { - k = max_bhb_k; - } + + static const struct midr_range spectre_bhb_k32_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + {}, + }; + static const struct midr_range spectre_bhb_k24_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_GOLD), + {}, + }; + static const struct midr_range spectre_bhb_k11_list[] = { + MIDR_ALL_VERSIONS(MIDR_AMPERE1), + {}, + }; + static const struct midr_range spectre_bhb_k8_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), + {}, + }; + + if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list)) + k = 32; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list)) + k = 24; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k11_list)) + k = 11; + else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k8_list)) + k = 8; return k; } @@ -917,29 +934,13 @@ static enum mitigation_state spectre_bhb_get_cpu_fw_mitigation_state(void) } } -static bool is_spectre_bhb_fw_affected(int scope) +static bool has_spectre_bhb_fw_mitigation(void) { - static bool system_affected; enum mitigation_state fw_state; bool has_smccc = arm_smccc_1_1_get_conduit() != SMCCC_CONDUIT_NONE; - static const struct midr_range spectre_bhb_firmware_mitigated_list[] = { - MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - {}, - }; - bool cpu_in_list = is_midr_in_range_list(read_cpuid_id(), - spectre_bhb_firmware_mitigated_list); - - if (scope != SCOPE_LOCAL_CPU) - return system_affected; fw_state = spectre_bhb_get_cpu_fw_mitigation_state(); - if (cpu_in_list || (has_smccc && fw_state == SPECTRE_MITIGATED)) { - system_affected = true; - return true; - } - - return false; + return has_smccc && fw_state == SPECTRE_MITIGATED; } static bool supports_ecbhb(int scope) @@ -955,6 +956,8 @@ static bool supports_ecbhb(int scope) ID_AA64MMFR1_EL1_ECBHB_SHIFT); } +static u8 max_bhb_k; + bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope) { @@ -963,16 +966,18 @@ bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, if (supports_csv2p3(scope)) return false; - if (supports_clearbhb(scope)) - return true; - - if (spectre_bhb_loop_affected(scope)) - return true; + if (is_spectre_bhb_safe(scope)) + return false; - if (is_spectre_bhb_fw_affected(scope)) - return true; + /* + * At this point the core isn't known to be "safe" so we're going to + * assume it's vulnerable. We still need to update `max_bhb_k` though, + * but only if we aren't mitigating with clearbhb though. + */ + if (scope == SCOPE_LOCAL_CPU && !supports_clearbhb(SCOPE_LOCAL_CPU)) + max_bhb_k = max(max_bhb_k, spectre_bhb_loop_affected()); - return false; + return true; } static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot) @@ -1003,7 +1008,7 @@ early_param("nospectre_bhb", parse_spectre_bhb_param); void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) { bp_hardening_cb_t cpu_cb; - enum mitigation_state fw_state, state = SPECTRE_VULNERABLE; + enum mitigation_state state = SPECTRE_VULNERABLE; struct bp_hardening_data *data = this_cpu_ptr(&bp_hardening_data); if (!is_spectre_bhb_affected(entry, SCOPE_LOCAL_CPU)) @@ -1029,7 +1034,7 @@ void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) this_cpu_set_vectors(EL1_VECTOR_BHB_CLEAR_INSN); state = SPECTRE_MITIGATED; set_bit(BHB_INSN, &system_bhb_mitigations); - } else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) { + } else if (spectre_bhb_loop_affected()) { /* * Ensure KVM uses the indirect vector which will have the * branchy-loop added. A57/A72-r0 will already have selected @@ -1042,32 +1047,29 @@ void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) this_cpu_set_vectors(EL1_VECTOR_BHB_LOOP); state = SPECTRE_MITIGATED; set_bit(BHB_LOOP, &system_bhb_mitigations); - } else if (is_spectre_bhb_fw_affected(SCOPE_LOCAL_CPU)) { - fw_state = spectre_bhb_get_cpu_fw_mitigation_state(); - if (fw_state == SPECTRE_MITIGATED) { - /* - * Ensure KVM uses one of the spectre bp_hardening - * vectors. The indirect vector doesn't include the EL3 - * call, so needs upgrading to - * HYP_VECTOR_SPECTRE_INDIRECT. - */ - if (!data->slot || data->slot == HYP_VECTOR_INDIRECT) - data->slot += 1; - - this_cpu_set_vectors(EL1_VECTOR_BHB_FW); - - /* - * The WA3 call in the vectors supersedes the WA1 call - * made during context-switch. Uninstall any firmware - * bp_hardening callback. - */ - cpu_cb = spectre_v2_get_sw_mitigation_cb(); - if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb) - __this_cpu_write(bp_hardening_data.fn, NULL); - - state = SPECTRE_MITIGATED; - set_bit(BHB_FW, &system_bhb_mitigations); - } + } else if (has_spectre_bhb_fw_mitigation()) { + /* + * Ensure KVM uses one of the spectre bp_hardening + * vectors. The indirect vector doesn't include the EL3 + * call, so needs upgrading to + * HYP_VECTOR_SPECTRE_INDIRECT. + */ + if (!data->slot || data->slot == HYP_VECTOR_INDIRECT) + data->slot += 1; + + this_cpu_set_vectors(EL1_VECTOR_BHB_FW); + + /* + * The WA3 call in the vectors supersedes the WA1 call + * made during context-switch. Uninstall any firmware + * bp_hardening callback. + */ + cpu_cb = spectre_v2_get_sw_mitigation_cb(); + if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb) + __this_cpu_write(bp_hardening_data.fn, NULL); + + state = SPECTRE_MITIGATED; + set_bit(BHB_FW, &system_bhb_mitigations); } update_mitigation_state(&spectre_bhb_state, state); @@ -1101,7 +1103,6 @@ void noinstr spectre_bhb_patch_loop_iter(struct alt_instr *alt, { u8 rd; u32 insn; - u16 loop_count = spectre_bhb_loop_affected(SCOPE_SYSTEM); BUG_ON(nr_inst != 1); /* MOV -> MOV */ @@ -1110,7 +1111,7 @@ void noinstr spectre_bhb_patch_loop_iter(struct alt_instr *alt, insn = le32_to_cpu(*origptr); rd = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RD, insn); - insn = aarch64_insn_gen_movewide(rd, loop_count, 0, + insn = aarch64_insn_gen_movewide(rd, max_bhb_k, 0, AARCH64_INSN_VARIANT_64BIT, AARCH64_INSN_MOVEWIDE_ZERO); *updptr++ = cpu_to_le32(insn); -- 2.47.1.613.gc27f4b7a9f-goog

2 months, 2 weeks

4
4
0 0

[PATCH v2 01/10] drm/i915: Make sure all planes in use by the joiner have their crtc included

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Any active plane needs to have its crtc included in the atomic state. For planes enabled via uapi that is all handler in the core. But when we use a plane for joiner the uapi code things the plane is disabled and therefore doesn't have a crtc. So we need to pull those in by hand. We do it first thing in intel_joiner_add_affected_crtcs() so that any newly added crtc will subsequently pull in all of its joined crtcs as well. The symptoms from failing to do this are: - duct tape in the form of commit 1d5b09f8daf8 ("drm/i915: Fix NULL ptr deref by checking new_crtc_state") - the plane's hw state will get overwritten by the disabled uapi state if it can't find the uapi counterpart plane in the atomic state from where it should copy the correct state Cc: stable(a)vger.kernel.org Reviewed-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_display.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_display.c b/drivers/gpu/drm/i915/display/intel_display.c index 6c1e7441313e..22bf46be2ca9 100644 --- a/drivers/gpu/drm/i915/display/intel_display.c +++ b/drivers/gpu/drm/i915/display/intel_display.c @@ -6695,12 +6695,30 @@ static int intel_async_flip_check_hw(struct intel_atomic_state *state, struct in static int intel_joiner_add_affected_crtcs(struct intel_atomic_state *state) { struct drm_i915_private *i915 = to_i915(state->base.dev); + const struct intel_plane_state *plane_state; struct intel_crtc_state *crtc_state; + struct intel_plane *plane; struct intel_crtc *crtc; u8 affected_pipes = 0; u8 modeset_pipes = 0; int i; + /* + * Any plane which is in use by the joiner needs its crtc. + * Pull those in first as this will not have happened yet + * if the plane remains disabled according to uapi. + */ + for_each_new_intel_plane_in_state(state, plane, plane_state, i) { + crtc = to_intel_crtc(plane_state->hw.crtc); + if (!crtc) + continue; + + crtc_state = intel_atomic_get_crtc_state(&state->base, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + } + + /* Now pull in all joined crtcs */ for_each_new_intel_crtc_in_state(state, crtc, crtc_state, i) { affected_pipes |= crtc_state->joiner_pipes; if (intel_crtc_needs_modeset(crtc_state)) -- 2.45.3

2 months, 2 weeks

1
0
0 0

[PATCH v2] net: microchip: sparx5: Fix potential NULL pointer dereference

by Wentao Liang

Check the return value of vcap_keyfields() in vcap_debugfs_show_rule_keyset(). If vcap_keyfields() returns NULL, skip the keyfield to prevent a NULL pointer dereference when calling vcap_debugfs_show_rule_keyfield(). Fixes: 610c32b2ce66 ("net: microchip: vcap: Add vcap_get_rule") Cc: stable(a)vger.kernel.org # 6.2+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c b/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c index 59bfbda29bb3..e9e2f7af9be3 100644 --- a/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c +++ b/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c @@ -202,6 +202,8 @@ static int vcap_debugfs_show_rule_keyset(struct vcap_rule_internal *ri, list_for_each_entry(ckf, &ri->data.keyfields, ctrl.list) { keyfield = vcap_keyfields(vctrl, admin->vtype, ri->data.keyset); + if (!keyfield) + continue; vcap_debugfs_show_rule_keyfield(vctrl, out, ckf->ctrl.key, keyfield, &ckf->data); } -- 2.42.0.windows.2

2 months, 2 weeks

2
1
0 0

[PATCH v2] soc: qcom: pdr: Fix the potential deadlock

by Mukesh Ojha

When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queued to the same qmi->wq and it is ordered workqueue and process B is not able to complete new server request work due to deadlock on list lock. Process A Process B process_scheduled_works() pdr_add_lookup() qmi_data_ready_work() process_scheduled_works() pdr_locator_new_server() pdr->locator_init_complete=true; pdr_locator_work() mutex_lock(&pdr->list_lock); pdr_locate_service() mutex_lock(&pdr->list_lock); pdr_get_domain_list() pr_err("PDR: %s get domain list txn wait failed: %d\n", req->service_name, ret); Fix it by removing the unnecessary list iteration as the list iteration is already being done inside locator work, so avoid it here and just call schedule_work() here. Fixes: fbe639b44a82 ("soc: qcom: Introduce Protection Domain Restart helpers") CC: stable(a)vger.kernel.org Signed-off-by: Saranya R <quic_sarar(a)quicinc.com> Signed-off-by: Mukesh Ojha <mukesh.ojha(a)oss.qualcomm.com> --- Changes in v2: - Added Fixes tag, drivers/soc/qcom/pdr_interface.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/drivers/soc/qcom/pdr_interface.c b/drivers/soc/qcom/pdr_interface.c index 328b6153b2be..71be378d2e43 100644 --- a/drivers/soc/qcom/pdr_interface.c +++ b/drivers/soc/qcom/pdr_interface.c @@ -75,7 +75,6 @@ static int pdr_locator_new_server(struct qmi_handle *qmi, { struct pdr_handle *pdr = container_of(qmi, struct pdr_handle, locator_hdl); - struct pdr_service *pds; mutex_lock(&pdr->lock); /* Create a local client port for QMI communication */ @@ -87,12 +86,7 @@ static int pdr_locator_new_server(struct qmi_handle *qmi, mutex_unlock(&pdr->lock); /* Service pending lookup requests */ - mutex_lock(&pdr->list_lock); - list_for_each_entry(pds, &pdr->lookups, node) { - if (pds->need_locator_lookup) - schedule_work(&pdr->locator_work); - } - mutex_unlock(&pdr->list_lock); + schedule_work(&pdr->locator_work); return 0; } -- 2.34.1

2 months, 2 weeks

3
7
0 0

[PATCH] arm64: dts: socfpga: agilex5: fix gpio0 address

by niravkumar.l.rabara＠intel.com

From: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> Fix gpio0 controller address for Agilex5. Fixes: 3f7c869e143a ("arm64: dts: socfpga: agilex5: Add gpio0 node and spi dma handshake id") Cc: stable(a)vger.kernel.org Signed-off-by: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> --- arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi b/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi index 51c6e19e40b8..9e4ef24c8318 100644 --- a/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi +++ b/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi @@ -222,7 +222,7 @@ i3c1: i3c@10da1000 { status = "disabled"; }; - gpio0: gpio@ffc03200 { + gpio0: gpio@10c03200 { compatible = "snps,dw-apb-gpio"; reg = <0xffc03200 0x100>; #address-cells = <1>; -- 2.25.1

2 months, 2 weeks

3
2
0 0

Regression: 6.12 no longer loads the snd_hda_intel driver for Cannon Lake PCH cAVS [8086:a348] (rev 10) - (Realtek ALC3234)

by Avram Bublil

The card works fine on 6.6. Here's the output of alsa-info.sh for 6.6 (where it works): http://alsa-project.org/db/?f=ac3a0849a332189eb61a640fe94b46de369a655c Here's the output for 6.12: http://alsa-project.org/db/?f=22995c74392ed86393fc2c180ab7ae010e6cbfbb Here's the output of $ lspci -k | grep -A 3 Audio 00:1f.3 Audio device: Intel Corporation Cannon Lake PCH cAVS (rev 10) DeviceName: Onboard - Sound Subsystem: Dell Device 0871 Kernel modules: snd_hda_intel, snd_soc_avs, snd_sof_pci_intel_cnl I have initially also added modinfo for snd_hda_intel, snd_soc_avs, and snd_sof_pci_intel_cnl - But my email was flagged as spam, so I won't do so now. Installed sound related packages: sof-firmware 2024.09.2-1 alsa-ucm-conf 1.2.13-2 If there's a need for more information, please let me know.

2 months, 2 weeks

1
0
0 0

[PATCH v1 02/16] arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes

by Ryan Roberts

arm64 supports multiple huge_pte sizes. Some of the sizes are covered by a single pte entry at a particular level (PMD_SIZE, PUD_SIZE), and some are covered by multiple ptes at a particular level (CONT_PTE_SIZE, CONT_PMD_SIZE). So the function has to figure out the size from the huge_pte pointer. This was previously done by walking the pgtable to determine the level, then using the PTE_CONT bit to determine the number of ptes. But the PTE_CONT bit is only valid when the pte is present. For non-present pte values (e.g. markers, migration entries), the previous implementation was therefore erroniously determining the size. There is at least one known caller in core-mm, move_huge_pte(), which may call huge_ptep_get_and_clear() for a non-present pte. So we must be robust to this case. Additionally the "regular" ptep_get_and_clear() is robust to being called for non-present ptes so it makes sense to follow the behaviour. Fix this by using the new sz parameter which is now provided to the function. Additionally when clearing each pte in a contig range, don't gather the access and dirty bits if the pte is not present. An alternative approach that would not require API changes would be to store the PTE_CONT bit in a spare bit in the swap entry pte. But it felt cleaner to follow other APIs' lead and just pass in the size. While we are at it, add some debug warnings in functions that require the pte is present. As an aside, PTE_CONT is bit 52, which corresponds to bit 40 in the swap entry offset field (layout of non-present pte). Since hugetlb is never swapped to disk, this field will only be populated for markers, which always set this bit to 0 and hwpoison swap entries, which set the offset field to a PFN; So it would only ever be 1 for a 52-bit PVA system where memory in that high half was poisoned (I think!). So in practice, this bit would almost always be zero for non-present ptes and we would only clear the first entry if it was actually a contiguous block. That's probably a less severe symptom than if it was always interpretted as 1 and cleared out potentially-present neighboring PTEs. Cc: <stable(a)vger.kernel.org> Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/mm/hugetlbpage.c | 54 ++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 06db4649af91..328eec4bfe55 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -163,24 +163,23 @@ static pte_t get_clear_contig(struct mm_struct *mm, unsigned long pgsize, unsigned long ncontig) { - pte_t orig_pte = __ptep_get(ptep); - unsigned long i; - - for (i = 0; i < ncontig; i++, addr += pgsize, ptep++) { - pte_t pte = __ptep_get_and_clear(mm, addr, ptep); - - /* - * If HW_AFDBM is enabled, then the HW could turn on - * the dirty or accessed bit for any page in the set, - * so check them all. - */ - if (pte_dirty(pte)) - orig_pte = pte_mkdirty(orig_pte); - - if (pte_young(pte)) - orig_pte = pte_mkyoung(orig_pte); + pte_t pte, tmp_pte; + bool present; + + pte = __ptep_get_and_clear(mm, addr, ptep); + present = pte_present(pte); + while (--ncontig) { + ptep++; + addr += pgsize; + tmp_pte = __ptep_get_and_clear(mm, addr, ptep); + if (present) { + if (pte_dirty(tmp_pte)) + pte = pte_mkdirty(pte); + if (pte_young(tmp_pte)) + pte = pte_mkyoung(pte); + } } - return orig_pte; + return pte; } static pte_t get_clear_contig_flush(struct mm_struct *mm, @@ -401,13 +400,8 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, { int ncontig; size_t pgsize; - pte_t orig_pte = __ptep_get(ptep); - - if (!pte_cont(orig_pte)) - return __ptep_get_and_clear(mm, addr, ptep); - - ncontig = find_num_contig(mm, addr, ptep, &pgsize); + ncontig = num_contig_ptes(sz, &pgsize); return get_clear_contig(mm, addr, ptep, pgsize, ncontig); } @@ -451,6 +445,8 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, pgprot_t hugeprot; pte_t orig_pte; + VM_WARN_ON(!pte_present(pte)); + if (!pte_cont(pte)) return __ptep_set_access_flags(vma, addr, ptep, pte, dirty); @@ -461,6 +457,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, return 0; orig_pte = get_clear_contig_flush(mm, addr, ptep, pgsize, ncontig); + VM_WARN_ON(!pte_present(orig_pte)); /* Make sure we don't lose the dirty or young state */ if (pte_dirty(orig_pte)) @@ -485,7 +482,10 @@ void huge_ptep_set_wrprotect(struct mm_struct *mm, size_t pgsize; pte_t pte; - if (!pte_cont(__ptep_get(ptep))) { + pte = __ptep_get(ptep); + VM_WARN_ON(!pte_present(pte)); + + if (!pte_cont(pte)) { __ptep_set_wrprotect(mm, addr, ptep); return; } @@ -509,8 +509,12 @@ pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, struct mm_struct *mm = vma->vm_mm; size_t pgsize; int ncontig; + pte_t pte; - if (!pte_cont(__ptep_get(ptep))) + pte = __ptep_get(ptep); + VM_WARN_ON(!pte_present(pte)); + + if (!pte_cont(pte)) return ptep_clear_flush(vma, addr, ptep); ncontig = find_num_contig(mm, addr, ptep, &pgsize); -- 2.43.0

2 months, 2 weeks

2
3
0 0

[PATCH v2] gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock

by Wentao Liang

The stmpe_reg_read function can fail, but its return value is not checked in stmpe_gpio_irq_sync_unlock. This can lead to silent failures and incorrect behavior if the hardware access fails. This patch adds checks for the return value of stmpe_reg_read. If the function fails, an error message is logged and the function returns early to avoid further issues. Fixes: b888fb6f2a27 ("gpio: stmpe: i2c transfer are forbiden in atomic context") Cc: stable(a)vger.kernel.org # 4.16+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpio/gpio-stmpe.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/gpio/gpio-stmpe.c b/drivers/gpio/gpio-stmpe.c index 75a3633ceddb..222279a9d82b 100644 --- a/drivers/gpio/gpio-stmpe.c +++ b/drivers/gpio/gpio-stmpe.c @@ -191,7 +191,7 @@ static void stmpe_gpio_irq_sync_unlock(struct irq_data *d) [REG_IE][CSB] = STMPE_IDX_IEGPIOR_CSB, [REG_IE][MSB] = STMPE_IDX_IEGPIOR_MSB, }; - int i, j; + int ret, i, j; /* * STMPE1600: to be able to get IRQ from pins, @@ -199,8 +199,16 @@ static void stmpe_gpio_irq_sync_unlock(struct irq_data *d) * GPSR or GPCR registers */ if (stmpe->partnum == STMPE1600) { - stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_LSB]); - stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_CSB]); + ret = stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_LSB]); + if (ret < 0) { + dev_err(stmpe->dev, "Failed to read GPMR_LSB: %d\n", ret); + goto err; + } + ret = stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_CSB]); + if (ret < 0) { + dev_err(stmpe->dev, "Failed to read GPMR_CSB: %d\n", ret); + goto err; + } } for (i = 0; i < CACHE_NR_REGS; i++) { @@ -222,6 +230,7 @@ static void stmpe_gpio_irq_sync_unlock(struct irq_data *d) } } +err: mutex_unlock(&stmpe_gpio->irq_lock); } -- 2.42.0.windows.2

2 months, 2 weeks

3
2
0 0

[PATCHv2 perf/core] uprobes: Harden uretprobe syscall trampoline check

by Jiri Olsa

Jann reported [1] possible issue when trampoline_check_ip returns address near the bottom of the address space that is allowed to call into the syscall if uretprobes are not set up. Though the mmap minimum address restrictions will typically prevent creating mappings there, let's make sure uretprobe syscall checks for that. [1] https://lore.kernel.org/bpf/202502081235.5A6F352985@keescook/T/#m9d416df341… Cc: Kees Cook <kees(a)kernel.org> Cc: Eyal Birger <eyal.birger(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") Reported-by: Jann Horn <jannh(a)google.com> Reviewed-by: Oleg Nesterov <oleg(a)redhat.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> --- v2 changes: - adding UPROBE_NO_TRAMPOLINE_VADDR macro (Andrii) - rebased on top of perf/core arch/x86/kernel/uprobes.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c index 5a952c5ea66b..e8d3c59aa9f7 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c @@ -357,19 +357,25 @@ void *arch_uprobe_trampoline(unsigned long *psize) return &insn; } -static unsigned long trampoline_check_ip(void) +static unsigned long trampoline_check_ip(unsigned long tramp) { - unsigned long tramp = uprobe_get_trampoline_vaddr(); - return tramp + (uretprobe_syscall_check - uretprobe_trampoline_entry); } +#define UPROBE_NO_TRAMPOLINE_VADDR ((unsigned long)-1) + SYSCALL_DEFINE0(uretprobe) { struct pt_regs *regs = task_pt_regs(current); - unsigned long err, ip, sp, r11_cx_ax[3]; + unsigned long err, ip, sp, r11_cx_ax[3], tramp; + + /* If there's no trampoline, we are called from wrong place. */ + tramp = uprobe_get_trampoline_vaddr(); + if (tramp == UPROBE_NO_TRAMPOLINE_VADDR) + goto sigill; - if (regs->ip != trampoline_check_ip()) + /* Make sure the ip matches the only allowed sys_uretprobe caller. */ + if (regs->ip != trampoline_check_ip(tramp)) goto sigill; err = copy_from_user(r11_cx_ax, (void __user *)regs->sp, sizeof(r11_cx_ax)); -- 2.48.1

2 months, 2 weeks

6
5
0 0

[PATCH] net: microchip: sparx5: Fix potential NULL pointer dereference in debugfs

by Wentao Liang

In vcap_debugfs_show_rule_keyset(), the function vcap_keyfields() returns a NULL pointer upon allocation failure. This can lead to a NULL pointer dereference in vcap_debugfs_show_rule_keyfield(). To prevent this, add a check for a NULL return value from vcap_keyfields() and continue the loop if it is NULL. Fixes: 610c32b2ce66 ("net: microchip: vcap: Add vcap_get_rule") Cc: stable(a)vger.kernel.org # 6.2+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c b/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c index 59bfbda29bb3..e9e2f7af9be3 100644 --- a/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c +++ b/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c @@ -202,6 +202,8 @@ static int vcap_debugfs_show_rule_keyset(struct vcap_rule_internal *ri, list_for_each_entry(ckf, &ri->data.keyfields, ctrl.list) { keyfield = vcap_keyfields(vctrl, admin->vtype, ri->data.keyset); + if (!keyfield) + continue; vcap_debugfs_show_rule_keyfield(vctrl, out, ckf->ctrl.key, keyfield, &ckf->data); } -- 2.42.0.windows.2

2 months, 2 weeks

2
1
0 0

[PATCH] drm/amdgpu: Remove redundant return value checks for amdgpu_ras_error_data_init

by Wentao Liang

The function amdgpu_ras_error_data_init() always returns 0, making its return value checks redundant. This patch changes its return type to void and removes all unnecessary checks in the callers. This simplifies the code and avoids confusion about the function's behavior. Additionally, this change keeps the usage consistent with amdgpu_ras_do_page_retirement(), which also does not check the return value. Fixes: 5b1270beb380 ("drm/amdgpu: add ras_err_info to identify RAS error source") Cc: stable(a)vger.kernel.org # 6.7+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 19 +++++-------------- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c | 8 ++------ drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 3 +-- drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 3 +-- 5 files changed, 10 insertions(+), 25 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c index 4c9fa24dd972..aef1b2b713a2 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c @@ -182,9 +182,7 @@ static int amdgpu_reserve_page_direct(struct amdgpu_device *adev, uint64_t addre return 0; } - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); memset(&err_rec, 0x0, sizeof(struct eeprom_table_record)); err_data.err_addr = &err_rec; @@ -687,8 +685,7 @@ static struct ras_manager *amdgpu_ras_create_obj(struct amdgpu_device *adev, if (alive_obj(obj)) return NULL; - if (amdgpu_ras_error_data_init(&obj->err_data)) - return NULL; + amdgpu_ras_error_data_init(&obj->err_data) obj->head = *head; obj->adev = adev; @@ -1428,9 +1425,7 @@ static int amdgpu_ras_query_error_status_with_event(struct amdgpu_device *adev, if (!obj) return -EINVAL; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); if (!amdgpu_ras_get_error_query_mode(adev, &error_query_mode)) return -EINVAL; @@ -2255,9 +2250,7 @@ static void amdgpu_ras_interrupt_umc_handler(struct ras_manager *obj, if (!data->cb) return; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return; + amdgpu_ras_error_data_init(&err_data); /* Let IP handle its data, maybe we need get the output * from the callback to update the error type/count, etc @@ -4623,13 +4616,11 @@ void amdgpu_ras_inst_reset_ras_error_count(struct amdgpu_device *adev, } } -int amdgpu_ras_error_data_init(struct ras_err_data *err_data) +void amdgpu_ras_error_data_init(struct ras_err_data *err_data) { memset(err_data, 0, sizeof(*err_data)); INIT_LIST_HEAD(&err_data->err_node_list); - - return 0; } static void amdgpu_ras_error_node_release(struct ras_err_node *err_node) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h index 6db772ecfee4..5f88e70fbf5c 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h @@ -931,7 +931,7 @@ void amdgpu_ras_inst_reset_ras_error_count(struct amdgpu_device *adev, uint32_t reg_list_size, uint32_t instance); -int amdgpu_ras_error_data_init(struct ras_err_data *err_data); +void amdgpu_ras_error_data_init(struct ras_err_data *err_data); void amdgpu_ras_error_data_fini(struct ras_err_data *err_data); int amdgpu_ras_error_statistic_ce_count(struct ras_err_data *err_data, struct amdgpu_smuio_mcm_config_info *mcm_info, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c index 896f3609b0ee..5de6e332c2cd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c @@ -52,9 +52,7 @@ int amdgpu_umc_page_retirement_mca(struct amdgpu_device *adev, struct ras_err_data err_data; int ret; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); err_data.err_addr = kcalloc(adev->umc.max_ras_err_cnt_per_query, @@ -230,9 +228,7 @@ int amdgpu_umc_pasid_poison_handler(struct amdgpu_device *adev, }; struct ras_manager *obj = amdgpu_ras_find_obj(adev, &head); - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); ret = amdgpu_umc_do_page_retirement(adev, &err_data, NULL, reset); diff --git a/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c b/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c index a26a9be58eac..d4bdfe280c88 100644 --- a/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c +++ b/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c @@ -364,8 +364,7 @@ static void nbio_v7_4_handle_ras_controller_intr_no_bifring(struct amdgpu_device struct ras_err_data err_data; struct amdgpu_ras *ras = amdgpu_ras_get_context(adev); - if (amdgpu_ras_error_data_init(&err_data)) - return; + amdgpu_ras_error_data_init(&err_data); if (adev->asic_type == CHIP_ALDEBARAN) bif_doorbell_intr_cntl = RREG32_SOC15(NBIO, 0, mmBIF_DOORBELL_INT_CNTL_ALDE); diff --git a/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c b/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c index 8a0a63ac88d2..c79ed1adf681 100644 --- a/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c +++ b/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c @@ -537,8 +537,7 @@ static void nbio_v7_9_handle_ras_controller_intr_no_bifring(struct amdgpu_device struct ras_err_data err_data; struct amdgpu_ras *ras = amdgpu_ras_get_context(adev); - if (amdgpu_ras_error_data_init(&err_data)) - return; + amdgpu_ras_error_data_init(&err_data); bif_doorbell_intr_cntl = RREG32_SOC15(NBIO, 0, regBIF_BX0_BIF_DOORBELL_INT_CNTL); -- 2.42.0.windows.2

2 months, 2 weeks

2
1
0 0

[PATCH v2] HID: corsair-void: Update power supply values with a unified work handler

by Stuart Hayhurst

corsair_void_process_receiver can be called from an interrupt context, locking battery_mutex in it was causing a kernel panic. Fix it by moving the critical section into its own work, sharing this work with battery_add_work and battery_remove_work to remove the need for any locking Closes: https://bugzilla.suse.com/show_bug.cgi?id=1236843 Fixes: 6ea2a6fd3872 ("HID: corsair-void: Add Corsair Void headset family driver") Cc: stable(a)vger.kernel.org Signed-off-by: Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> --- v1 -> v2: - Actually remove the mutex --- drivers/hid/hid-corsair-void.c | 87 ++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 40 deletions(-) diff --git a/drivers/hid/hid-corsair-void.c b/drivers/hid/hid-corsair-void.c index 56e858066c3c..2f70db8a2370 100644 --- a/drivers/hid/hid-corsair-void.c +++ b/drivers/hid/hid-corsair-void.c @@ -71,11 +71,9 @@ #include <linux/bitfield.h> #include <linux/bitops.h> -#include <linux/cleanup.h> #include <linux/device.h> #include <linux/hid.h> #include <linux/module.h> -#include <linux/mutex.h> #include <linux/power_supply.h> #include <linux/usb.h> #include <linux/workqueue.h> @@ -107,6 +105,10 @@ #define CORSAIR_VOID_SIDETONE_MAX_WIRELESS 55 #define CORSAIR_VOID_SIDETONE_MAX_WIRED 4096 +#define CORSAIR_VOID_ADD_BATTERY BIT(0) +#define CORSAIR_VOID_REMOVE_BATTERY BIT(1) +#define CORSAIR_VOID_UPDATE_BATTERY BIT(2) + enum { CORSAIR_VOID_WIRELESS, CORSAIR_VOID_WIRED, @@ -155,12 +157,12 @@ struct corsair_void_drvdata { struct power_supply *battery; struct power_supply_desc battery_desc; - struct mutex battery_mutex; struct delayed_work delayed_status_work; struct delayed_work delayed_firmware_work; - struct work_struct battery_remove_work; - struct work_struct battery_add_work; + + unsigned long battery_work_flags; + struct work_struct battery_work; }; /* @@ -260,11 +262,9 @@ static void corsair_void_process_receiver(struct corsair_void_drvdata *drvdata, /* Inform power supply if battery values changed */ if (memcmp(&orig_battery_data, battery_data, sizeof(*battery_data))) { - scoped_guard(mutex, &drvdata->battery_mutex) { - if (drvdata->battery) { - power_supply_changed(drvdata->battery); - } - } + set_bit(CORSAIR_VOID_UPDATE_BATTERY, + &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); } } @@ -536,29 +536,11 @@ static void corsair_void_firmware_work_handler(struct work_struct *work) } -static void corsair_void_battery_remove_work_handler(struct work_struct *work) -{ - struct corsair_void_drvdata *drvdata; - - drvdata = container_of(work, struct corsair_void_drvdata, - battery_remove_work); - scoped_guard(mutex, &drvdata->battery_mutex) { - if (drvdata->battery) { - power_supply_unregister(drvdata->battery); - drvdata->battery = NULL; - } - } -} - -static void corsair_void_battery_add_work_handler(struct work_struct *work) +static void corsair_void_add_battery(struct corsair_void_drvdata *drvdata) { - struct corsair_void_drvdata *drvdata; struct power_supply_config psy_cfg = {}; struct power_supply *new_supply; - drvdata = container_of(work, struct corsair_void_drvdata, - battery_add_work); - guard(mutex)(&drvdata->battery_mutex); if (drvdata->battery) return; @@ -583,16 +565,48 @@ static void corsair_void_battery_add_work_handler(struct work_struct *work) drvdata->battery = new_supply; } +static void corsair_void_battery_work_handler(struct work_struct *work) +{ + struct corsair_void_drvdata *drvdata = container_of(work, + struct corsair_void_drvdata, battery_work); + + bool add_battery = test_and_clear_bit(CORSAIR_VOID_ADD_BATTERY, + &drvdata->battery_work_flags); + bool remove_battery = test_and_clear_bit(CORSAIR_VOID_REMOVE_BATTERY, + &drvdata->battery_work_flags); + bool update_battery = test_and_clear_bit(CORSAIR_VOID_UPDATE_BATTERY, + &drvdata->battery_work_flags); + + /* Add, remove or skip battery */ + if (add_battery && !remove_battery) { + corsair_void_add_battery(drvdata); + } else if (remove_battery && !add_battery) { + if (drvdata->battery) { + power_supply_unregister(drvdata->battery); + drvdata->battery = NULL; + } + } + + /* Communicate that battery values changed */ + if (update_battery) { + if (drvdata->battery) + power_supply_changed(drvdata->battery); + } + +} + static void corsair_void_headset_connected(struct corsair_void_drvdata *drvdata) { - schedule_work(&drvdata->battery_add_work); + set_bit(CORSAIR_VOID_ADD_BATTERY, &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); schedule_delayed_work(&drvdata->delayed_firmware_work, msecs_to_jiffies(100)); } static void corsair_void_headset_disconnected(struct corsair_void_drvdata *drvdata) { - schedule_work(&drvdata->battery_remove_work); + set_bit(CORSAIR_VOID_REMOVE_BATTERY, &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); corsair_void_set_unknown_wireless_data(drvdata); corsair_void_set_unknown_batt(drvdata); @@ -678,13 +692,7 @@ static int corsair_void_probe(struct hid_device *hid_dev, drvdata->battery_desc.get_property = corsair_void_battery_get_property; drvdata->battery = NULL; - INIT_WORK(&drvdata->battery_remove_work, - corsair_void_battery_remove_work_handler); - INIT_WORK(&drvdata->battery_add_work, - corsair_void_battery_add_work_handler); - ret = devm_mutex_init(drvdata->dev, &drvdata->battery_mutex); - if (ret) - return ret; + INIT_WORK(&drvdata->battery_work, corsair_void_battery_work_handler); ret = sysfs_create_group(&hid_dev->dev.kobj, &corsair_void_attr_group); if (ret) @@ -721,8 +729,7 @@ static void corsair_void_remove(struct hid_device *hid_dev) struct corsair_void_drvdata *drvdata = hid_get_drvdata(hid_dev); hid_hw_stop(hid_dev); - cancel_work_sync(&drvdata->battery_remove_work); - cancel_work_sync(&drvdata->battery_add_work); + cancel_work_sync(&drvdata->battery_work); if (drvdata->battery) power_supply_unregister(drvdata->battery); -- 2.47.2

2 months, 2 weeks

3
2
0 0

[PATCH net] drop_monitor: fix incorrect initialization order

by Gavrilov Ilia

Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x119/0x179 lib/dump_stack.c:118 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159 reset_per_cpu_data+0xe6/0x240 [drop_monitor] net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497 genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:651 [inline] __sock_sendmsg+0x157/0x190 net/socket.c:663 ____sys_sendmsg+0x712/0x870 net/socket.c:2378 ___sys_sendmsg+0xf8/0x170 net/socket.c:2432 __sys_sendmsg+0xea/0x1b0 net/socket.c:2461 do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x62/0xc7 RIP: 0033:0x7f3f9815aee9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9 RDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007 RBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768 If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized. To fix this, let's place resource initialization above the registration of a generic netlink family. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 9a8afc8d3962 ("Network Drop Monitor: Adding drop monitor implementation & Netlink protocol") Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> --- net/core/drop_monitor.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c index 6efd4cccc9dd..9755d2010e70 100644 --- a/net/core/drop_monitor.c +++ b/net/core/drop_monitor.c @@ -1734,6 +1734,11 @@ static int __init init_net_drop_monitor(void) return -ENOSPC; } + for_each_possible_cpu(cpu) { + net_dm_cpu_data_init(cpu); + net_dm_hw_cpu_data_init(cpu); + } + rc = genl_register_family(&net_drop_monitor_family); if (rc) { pr_err("Could not create drop monitor netlink family\n"); @@ -1749,11 +1754,6 @@ static int __init init_net_drop_monitor(void) rc = 0; - for_each_possible_cpu(cpu) { - net_dm_cpu_data_init(cpu); - net_dm_hw_cpu_data_init(cpu); - } - goto out; out_unreg: @@ -1772,13 +1772,12 @@ static void exit_net_drop_monitor(void) * Because of the module_get/put we do in the trace state change path * we are guaranteed not to have any current users when we get here */ + BUG_ON(genl_unregister_family(&net_drop_monitor_family)); for_each_possible_cpu(cpu) { net_dm_hw_cpu_data_fini(cpu); net_dm_cpu_data_fini(cpu); } - - BUG_ON(genl_unregister_family(&net_drop_monitor_family)); } module_init(init_net_drop_monitor); -- 2.39.5

2 months, 2 weeks

2
1
0 0

[PATCH stable-6.6 0/3] provided buffer recycling fixes

by Pavel Begunkov

Fixes for the provided buffers for not allowing kbufs to cross a single execution section. Upstream had most of it already fixed by chance, which is why all 3 patches refer to a single upstream commit. Pavel Begunkov (3): io_uring: fix multishots with selected buffers io_uring: fix io_req_prep_async with provided buffers io_uring/rw: commit provided buffer state on async io_uring/io_uring.c | 5 ++++- io_uring/poll.c | 2 ++ io_uring/rw.c | 10 ++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) -- 2.47.1

2 months, 2 weeks

2
8
0 0

[PATCH] gpiolib: acpi: Add a quirk for Acer Nitro ANV14

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> Spurious immediate wake up events are reported on Acer Nitro ANV14. GPIO 11 is specified as an edge triggered input and also a wake source but this pin is supposed to be an output pin for an LED, so it's effectively floating. Block the interrupt from getting set up for this GPIO on this device. Cc: stable(a)vger.kernel.org Reported-and-tested-by: Delgan <delgan.py(a)gmail.com> Close: https://gitlab.freedesktop.org/drm/amd/-/issues/3954 Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/gpio/gpiolib-acpi.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c index 1f9fe50bba005..f7746c57ba76a 100644 --- a/drivers/gpio/gpiolib-acpi.c +++ b/drivers/gpio/gpiolib-acpi.c @@ -1689,6 +1689,20 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] __initconst = { .ignore_wake = "PNP0C50:00@8", }, }, + { + /* + * Spurious wakeups from GPIO 11 + * Found in BIOS 1.04 + * https://gitlab.freedesktop.org/drm/amd/-/issues/3954 + */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Acer"), + DMI_MATCH(DMI_PRODUCT_FAMILY, "Acer Nitro V 14"), + }, + .driver_data = &(struct acpi_gpiolib_dmi_quirk) { + .ignore_interrupt = "AMDI0030:00@11", + }, + }, {} /* Terminating entry */ }; -- 2.43.0

2 months, 2 weeks

4
4
0 0

patch "iio: filter: admv8818: Force initialization of SDO" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: filter: admv8818: Force initialization of SDO to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From cc2c3540d9477a9931fb0fd851fcaeba524a5b35 Mon Sep 17 00:00:00 2001 From: Sam Winchenbach <swinchenbach(a)arka.org> Date: Mon, 3 Feb 2025 13:34:34 +0000 Subject: iio: filter: admv8818: Force initialization of SDO When a weak pull-up is present on the SDO line, regmap_update_bits fails to write both the SOFTRESET and SDOACTIVE bits because it incorrectly reads them as already set. Since the soft reset disables the SDO line, performing a read-modify-write operation on ADI_SPI_CONFIG_A to enable the SDO line doesn't make sense. This change directly writes to the register instead of using regmap_update_bits. Fixes: f34fe888ad05 ("iio:filter:admv8818: add support for ADMV8818") Signed-off-by: Sam Winchenbach <swinchenbach(a)arka.org> Link: https://patch.msgid.link/SA1P110MB106904C961B0F3FAFFED74C0BCF5A@SA1P110MB10… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/filter/admv8818.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/iio/filter/admv8818.c b/drivers/iio/filter/admv8818.c index 848baa6e3bbf..d85b7d3de866 100644 --- a/drivers/iio/filter/admv8818.c +++ b/drivers/iio/filter/admv8818.c @@ -574,21 +574,15 @@ static int admv8818_init(struct admv8818_state *st) struct spi_device *spi = st->spi; unsigned int chip_id; - ret = regmap_update_bits(st->regmap, ADMV8818_REG_SPI_CONFIG_A, - ADMV8818_SOFTRESET_N_MSK | - ADMV8818_SOFTRESET_MSK, - FIELD_PREP(ADMV8818_SOFTRESET_N_MSK, 1) | - FIELD_PREP(ADMV8818_SOFTRESET_MSK, 1)); + ret = regmap_write(st->regmap, ADMV8818_REG_SPI_CONFIG_A, + ADMV8818_SOFTRESET_N_MSK | ADMV8818_SOFTRESET_MSK); if (ret) { dev_err(&spi->dev, "ADMV8818 Soft Reset failed.\n"); return ret; } - ret = regmap_update_bits(st->regmap, ADMV8818_REG_SPI_CONFIG_A, - ADMV8818_SDOACTIVE_N_MSK | - ADMV8818_SDOACTIVE_MSK, - FIELD_PREP(ADMV8818_SDOACTIVE_N_MSK, 1) | - FIELD_PREP(ADMV8818_SDOACTIVE_MSK, 1)); + ret = regmap_write(st->regmap, ADMV8818_REG_SPI_CONFIG_A, + ADMV8818_SDOACTIVE_N_MSK | ADMV8818_SDOACTIVE_MSK); if (ret) { dev_err(&spi->dev, "ADMV8818 SDO Enable failed.\n"); return ret; -- 2.48.1

2 months, 2 weeks

1
0
0 0

patch "iio: dac: ad3552r: clear reset status flag" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad3552r: clear reset status flag to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From e17b9f20da7d2bc1f48878ab2230523b2512d965 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <adureghello(a)baylibre.com> Date: Sat, 25 Jan 2025 17:24:32 +0100 Subject: iio: dac: ad3552r: clear reset status flag Clear reset status flag, to keep error status register clean after reset (ad3552r manual, rev B table 38). Reset error flag was left to 1, so debugging registers, the "Error Status Register" was dirty (0x01). It is important to clear this bit, so if there is any reset event over normal working mode, it is possible to detect it. Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250125-wip-bl-ad3552r-clear-reset-v2-1-aa3a27f3f… Cc: <Stable@vger..kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/ad3552r.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/iio/dac/ad3552r.c b/drivers/iio/dac/ad3552r.c index e7206af53af6..7944f5c1d264 100644 --- a/drivers/iio/dac/ad3552r.c +++ b/drivers/iio/dac/ad3552r.c @@ -410,6 +410,12 @@ static int ad3552r_reset(struct ad3552r_desc *dac) return ret; } + /* Clear reset error flag, see ad3552r manual, rev B table 38. */ + ret = ad3552r_write_reg(dac, AD3552R_REG_ADDR_ERR_STATUS, + AD3552R_MASK_RESET_STATUS); + if (ret) + return ret; + return ad3552r_update_reg_field(dac, AD3552R_REG_ADDR_INTERFACE_CONFIG_A, AD3552R_MASK_ADDR_ASCENSION, -- 2.48.1

2 months, 2 weeks

1
0
0 0

patch "iio: adc: ad7192: fix channel select" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7192: fix channel select to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 21d7241faf406e8aee3ce348451cc362d5db6a02 Mon Sep 17 00:00:00 2001 From: Markus Burri <markus.burri(a)mt.com> Date: Fri, 24 Jan 2025 16:07:03 +0100 Subject: iio: adc: ad7192: fix channel select MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Channel configuration doesn't work as expected. For FIELD_PREP the bit mask is needed and not the bit number. Fixes: 874bbd1219c7 ("iio: adc: ad7192: Use bitfield access macros") Signed-off-by: Markus Burri <markus.burri(a)mt.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250124150703.97848-1-markus.burri@mt.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7192.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/ad7192.c b/drivers/iio/adc/ad7192.c index e96a5ae92375..cfaf8f7e0a07 100644 --- a/drivers/iio/adc/ad7192.c +++ b/drivers/iio/adc/ad7192.c @@ -1084,7 +1084,7 @@ static int ad7192_update_scan_mode(struct iio_dev *indio_dev, const unsigned lon conf &= ~AD7192_CONF_CHAN_MASK; for_each_set_bit(i, scan_mask, 8) - conf |= FIELD_PREP(AD7192_CONF_CHAN_MASK, i); + conf |= FIELD_PREP(AD7192_CONF_CHAN_MASK, BIT(i)); ret = ad_sd_write_reg(&st->sd, AD7192_REG_CONF, 3, conf); if (ret < 0) -- 2.48.1

2 months, 2 weeks

1
0
0 0

patch "iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From aa5119c36d19639397d29ef305aa53a5ecd72b27 Mon Sep 17 00:00:00 2001 From: Nayab Sayed <nayabbasha.sayed(a)microchip.com> Date: Wed, 15 Jan 2025 11:37:04 +0530 Subject: iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value The number of valid bits in SAMA7G5 ADC channel data register are 16. Hence changing the realbits value to 16 Fixes: 840bf6cb983f ("iio: adc: at91-sama5d2_adc: add support for sama7g5 device") Signed-off-by: Nayab Sayed <nayabbasha.sayed(a)microchip.com> Link: https://patch.msgid.link/20250115-fix-sama7g5-adc-realbits-v2-1-58a6e408758… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91-sama5d2_adc.c | 68 ++++++++++++++++++------------ 1 file changed, 40 insertions(+), 28 deletions(-) diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c index 8e5aaf15a921..c3a1dea2aa82 100644 --- a/drivers/iio/adc/at91-sama5d2_adc.c +++ b/drivers/iio/adc/at91-sama5d2_adc.c @@ -329,7 +329,7 @@ static const struct at91_adc_reg_layout sama7g5_layout = { #define AT91_HWFIFO_MAX_SIZE_STR "128" #define AT91_HWFIFO_MAX_SIZE 128 -#define AT91_SAMA5D2_CHAN_SINGLE(index, num, addr) \ +#define AT91_SAMA_CHAN_SINGLE(index, num, addr, rbits) \ { \ .type = IIO_VOLTAGE, \ .channel = num, \ @@ -337,7 +337,7 @@ static const struct at91_adc_reg_layout sama7g5_layout = { .scan_index = index, \ .scan_type = { \ .sign = 'u', \ - .realbits = 14, \ + .realbits = rbits, \ .storagebits = 16, \ }, \ .info_mask_separate = BIT(IIO_CHAN_INFO_RAW), \ @@ -350,7 +350,13 @@ static const struct at91_adc_reg_layout sama7g5_layout = { .indexed = 1, \ } -#define AT91_SAMA5D2_CHAN_DIFF(index, num, num2, addr) \ +#define AT91_SAMA5D2_CHAN_SINGLE(index, num, addr) \ + AT91_SAMA_CHAN_SINGLE(index, num, addr, 14) + +#define AT91_SAMA7G5_CHAN_SINGLE(index, num, addr) \ + AT91_SAMA_CHAN_SINGLE(index, num, addr, 16) + +#define AT91_SAMA_CHAN_DIFF(index, num, num2, addr, rbits) \ { \ .type = IIO_VOLTAGE, \ .differential = 1, \ @@ -360,7 +366,7 @@ static const struct at91_adc_reg_layout sama7g5_layout = { .scan_index = index, \ .scan_type = { \ .sign = 's', \ - .realbits = 14, \ + .realbits = rbits, \ .storagebits = 16, \ }, \ .info_mask_separate = BIT(IIO_CHAN_INFO_RAW), \ @@ -373,6 +379,12 @@ static const struct at91_adc_reg_layout sama7g5_layout = { .indexed = 1, \ } +#define AT91_SAMA5D2_CHAN_DIFF(index, num, num2, addr) \ + AT91_SAMA_CHAN_DIFF(index, num, num2, addr, 14) + +#define AT91_SAMA7G5_CHAN_DIFF(index, num, num2, addr) \ + AT91_SAMA_CHAN_DIFF(index, num, num2, addr, 16) + #define AT91_SAMA5D2_CHAN_TOUCH(num, name, mod) \ { \ .type = IIO_POSITIONRELATIVE, \ @@ -666,30 +678,30 @@ static const struct iio_chan_spec at91_sama5d2_adc_channels[] = { }; static const struct iio_chan_spec at91_sama7g5_adc_channels[] = { - AT91_SAMA5D2_CHAN_SINGLE(0, 0, 0x60), - AT91_SAMA5D2_CHAN_SINGLE(1, 1, 0x64), - AT91_SAMA5D2_CHAN_SINGLE(2, 2, 0x68), - AT91_SAMA5D2_CHAN_SINGLE(3, 3, 0x6c), - AT91_SAMA5D2_CHAN_SINGLE(4, 4, 0x70), - AT91_SAMA5D2_CHAN_SINGLE(5, 5, 0x74), - AT91_SAMA5D2_CHAN_SINGLE(6, 6, 0x78), - AT91_SAMA5D2_CHAN_SINGLE(7, 7, 0x7c), - AT91_SAMA5D2_CHAN_SINGLE(8, 8, 0x80), - AT91_SAMA5D2_CHAN_SINGLE(9, 9, 0x84), - AT91_SAMA5D2_CHAN_SINGLE(10, 10, 0x88), - AT91_SAMA5D2_CHAN_SINGLE(11, 11, 0x8c), - AT91_SAMA5D2_CHAN_SINGLE(12, 12, 0x90), - AT91_SAMA5D2_CHAN_SINGLE(13, 13, 0x94), - AT91_SAMA5D2_CHAN_SINGLE(14, 14, 0x98), - AT91_SAMA5D2_CHAN_SINGLE(15, 15, 0x9c), - AT91_SAMA5D2_CHAN_DIFF(16, 0, 1, 0x60), - AT91_SAMA5D2_CHAN_DIFF(17, 2, 3, 0x68), - AT91_SAMA5D2_CHAN_DIFF(18, 4, 5, 0x70), - AT91_SAMA5D2_CHAN_DIFF(19, 6, 7, 0x78), - AT91_SAMA5D2_CHAN_DIFF(20, 8, 9, 0x80), - AT91_SAMA5D2_CHAN_DIFF(21, 10, 11, 0x88), - AT91_SAMA5D2_CHAN_DIFF(22, 12, 13, 0x90), - AT91_SAMA5D2_CHAN_DIFF(23, 14, 15, 0x98), + AT91_SAMA7G5_CHAN_SINGLE(0, 0, 0x60), + AT91_SAMA7G5_CHAN_SINGLE(1, 1, 0x64), + AT91_SAMA7G5_CHAN_SINGLE(2, 2, 0x68), + AT91_SAMA7G5_CHAN_SINGLE(3, 3, 0x6c), + AT91_SAMA7G5_CHAN_SINGLE(4, 4, 0x70), + AT91_SAMA7G5_CHAN_SINGLE(5, 5, 0x74), + AT91_SAMA7G5_CHAN_SINGLE(6, 6, 0x78), + AT91_SAMA7G5_CHAN_SINGLE(7, 7, 0x7c), + AT91_SAMA7G5_CHAN_SINGLE(8, 8, 0x80), + AT91_SAMA7G5_CHAN_SINGLE(9, 9, 0x84), + AT91_SAMA7G5_CHAN_SINGLE(10, 10, 0x88), + AT91_SAMA7G5_CHAN_SINGLE(11, 11, 0x8c), + AT91_SAMA7G5_CHAN_SINGLE(12, 12, 0x90), + AT91_SAMA7G5_CHAN_SINGLE(13, 13, 0x94), + AT91_SAMA7G5_CHAN_SINGLE(14, 14, 0x98), + AT91_SAMA7G5_CHAN_SINGLE(15, 15, 0x9c), + AT91_SAMA7G5_CHAN_DIFF(16, 0, 1, 0x60), + AT91_SAMA7G5_CHAN_DIFF(17, 2, 3, 0x68), + AT91_SAMA7G5_CHAN_DIFF(18, 4, 5, 0x70), + AT91_SAMA7G5_CHAN_DIFF(19, 6, 7, 0x78), + AT91_SAMA7G5_CHAN_DIFF(20, 8, 9, 0x80), + AT91_SAMA7G5_CHAN_DIFF(21, 10, 11, 0x88), + AT91_SAMA7G5_CHAN_DIFF(22, 12, 13, 0x90), + AT91_SAMA7G5_CHAN_DIFF(23, 14, 15, 0x98), IIO_CHAN_SOFT_TIMESTAMP(24), AT91_SAMA5D2_CHAN_TEMP(AT91_SAMA7G5_ADC_TEMP_CHANNEL, "temp", 0xdc), }; -- 2.48.1

2 months, 2 weeks

1
0
0 0

[PATCH net 0/2] rtnetlink: Fix small memory leaks

by Bastien Curutchet (eBPF Foundation)

Hi all, I ran into a small memory leak while working on the BPF selftests suite on the bpf-next tree. It leads to an oom-kill after thousands of iterations in the qemu environment provided by tools/testing/selftests/bpf/vmtest.sh. To reproduce the issue from the net-next tree: $ git remote add bpf-next https://github.com/kernel-patches/bpf $ git fetch bpf-next $ git cherry-pick 723f1b9ce332^..edb996fae276 $ tools/testing/selftests/bpf/vmtest.sh -i -s "bash -c 'for i in {1..8192}; do ./test_progs -t xdp_veth_redirect; done'" [... coffee break ...] [ XXXX.YYYYYY] sh invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=0 [...] [ XXXX.YYYYYY] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=bash,pid=116,uid=0 [ XXXX.YYYYYY] Out of memory: Killed process 116 (bash) total-vm:6816kB, anon-rss:2816kB, file-rss:240kB, shmem-rss:0kB, UID:0 pgtables:48kB oom_score_adj:0 Signed-off-by: Bastien Curutchet (eBPF Foundation) <bastien.curutchet(a)bootlin.com> --- Bastien Curutchet (eBPF Foundation) (2): rtnetlink: Fix rtnl_net_cmp_locks() when DEBUG is off rtnetlink: Release nets when leaving rtnl_setlink() net/core/rtnetlink.c | 4 ++++ 1 file changed, 4 insertions(+) --- base-commit: 5d332c1ad3226c0a31653dbf2391bd332e157625 change-id: 20250211-rtnetlink_leak-8b12ca5c83f3 Best regards, -- Bastien Curutchet (eBPF Foundation) <bastien.curutchet(a)bootlin.com>

2 months, 2 weeks

3
6
0 0

[PATCH 5.4] driver core: bus: Fix double free in driver API bus_register()

by Hagar Hemdan

From: Zijun Hu <quic_zijuhu(a)quicinc.com> commit bfa54a793ba77ef696755b66f3ac4ed00c7d1248 upstream. For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Link: https://lore.kernel.org/r/20240727-bus_register_fix-v1-1-fed8dd0dba7a@quici… [ hagar : required setting bus->p with NULL instead of priv] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- drivers/base/bus.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/base/bus.c b/drivers/base/bus.c index f970a40a2f7a..0b0969e64f5c 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c @@ -873,6 +873,8 @@ int bus_register(struct bus_type *bus) bus_remove_file(bus, &bus_attr_uevent); bus_uevent_fail: kset_unregister(&bus->p->subsys); + /* Above kset_unregister() will kfree @bus->p */ + bus->p = NULL; out: kfree(bus->p); bus->p = NULL; -- 2.47.1

2 months, 2 weeks

1
0
0 0

[PATCH] arm: pgtable: fix NULL pointer dereference issue

by Qi Zheng

When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. Reported-by: Ezra Buehler <ezra(a)easyb.ch> Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0c… Fixes: fc9c45b71f43 ("arm: adjust_pte() use pte_offset_map_rw_nolock()") Cc: stable(a)vger.kernel.org Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> --- arch/arm/mm/fault-armv.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/arch/arm/mm/fault-armv.c b/arch/arm/mm/fault-armv.c index 2bec87c3327d2..3627bf0957c75 100644 --- a/arch/arm/mm/fault-armv.c +++ b/arch/arm/mm/fault-armv.c @@ -62,7 +62,7 @@ static int do_adjust_pte(struct vm_area_struct *vma, unsigned long address, } static int adjust_pte(struct vm_area_struct *vma, unsigned long address, - unsigned long pfn, struct vm_fault *vmf) + unsigned long pfn, bool need_lock) { spinlock_t *ptl; pgd_t *pgd; @@ -99,12 +99,11 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, if (!pte) return 0; - /* - * If we are using split PTE locks, then we need to take the page - * lock here. Otherwise we are using shared mm->page_table_lock - * which is already locked, thus cannot take it. - */ - if (ptl != vmf->ptl) { + if (need_lock) { + /* + * Use nested version here to indicate that we are already + * holding one similar spinlock. + */ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) { pte_unmap_unlock(pte, ptl); @@ -114,7 +113,7 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, ret = do_adjust_pte(vma, address, pfn, pte); - if (ptl != vmf->ptl) + if (need_lock) spin_unlock(ptl); pte_unmap(pte); @@ -123,16 +122,17 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, static void make_coherent(struct address_space *mapping, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, unsigned long pfn, - struct vm_fault *vmf) + unsigned long addr, pte_t *ptep, unsigned long pfn) { struct mm_struct *mm = vma->vm_mm; struct vm_area_struct *mpnt; unsigned long offset; + unsigned long start; pgoff_t pgoff; int aliases = 0; pgoff = vma->vm_pgoff + ((addr - vma->vm_start) >> PAGE_SHIFT); + start = ALIGN_DOWN(addr, PMD_SIZE); /* * If we have any shared mappings that are in the same mm @@ -141,6 +141,14 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, */ flush_dcache_mmap_lock(mapping); vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) { + unsigned long mpnt_addr; + /* + * If we are using split PTE locks, then we need to take the pte + * lock. Otherwise we are using shared mm->page_table_lock which + * is already locked, thus cannot take it. + */ + bool need_lock = IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS); + /* * If this VMA is not in our MM, we can ignore it. * Note that we intentionally mask out the VMA @@ -151,7 +159,15 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, if (!(mpnt->vm_flags & VM_MAYSHARE)) continue; offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT; - aliases += adjust_pte(mpnt, mpnt->vm_start + offset, pfn, vmf); + mpnt_addr = mpnt->vm_start + offset; + /* + * If mpnt_addr and addr are mapped to the same PTE page, there + * is no need to hold the pte lock again, otherwise a deadlock + * will occur. + */ + if (mpnt_addr >= start && mpnt_addr - start < PMD_SIZE) + need_lock = false; + aliases += adjust_pte(mpnt, mpnt_addr, pfn, need_lock); } flush_dcache_mmap_unlock(mapping); if (aliases) @@ -194,7 +210,7 @@ void update_mmu_cache_range(struct vm_fault *vmf, struct vm_area_struct *vma, __flush_dcache_folio(mapping, folio); if (mapping) { if (cache_is_vivt()) - make_coherent(mapping, vma, addr, ptep, pfn, vmf); + make_coherent(mapping, vma, addr, ptep, pfn); else if (vma->vm_flags & VM_EXEC) __flush_icache_all(); } -- 2.20.1

2 months, 2 weeks

3
5
0 0

[PATCH v4] wifi: mac80211: fix integer overflow in hwmp_route_info_get()

by Gavrilov Ilia

Since the new_metric and last_hop_metric variables can reach the MAX_METRIC(0xffffffff) value, an integer overflow may occur when multiplying them by 10/9. It can lead to incorrect behavior. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. Fixes: a8d418d9ac25 ("mac80211: mesh: only switch path when new metric is at least 10% better") Cc: stable(a)vger.kernel.org Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> --- v2: - Remove 64-bit arithmetic according to https://lore.kernel.org/all/a6bd38c58f2f7685eac53844f2336432503c328e.camel@… - Replace multiplication by 10/9 with a function that compares metrics by adding 10% without integer overflow v3: - Fix a typo (persent->percent) v4: - Simplify the is_metric_better() function - Remove 'inline', add a comment net/mac80211/mesh_hwmp.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c index 4e9546e998b6..c94a9c7ca960 100644 --- a/net/mac80211/mesh_hwmp.c +++ b/net/mac80211/mesh_hwmp.c @@ -367,6 +367,12 @@ u32 airtime_link_metric_get(struct ieee80211_local *local, return (u32)result; } +/* Check that the first metric is at least 10% better than the second one */ +static bool is_metric_better(u32 x, u32 y) +{ + return (x < y) && (x < (y - x / 10)); +} + /** * hwmp_route_info_get - Update routing info to originator and transmitter * @@ -458,8 +464,8 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata, (mpath->sn == orig_sn && (rcu_access_pointer(mpath->next_hop) != sta ? - mult_frac(new_metric, 10, 9) : - new_metric) >= mpath->metric)) { + !is_metric_better(new_metric, mpath->metric) : + new_metric >= mpath->metric))) { process = false; fresh_info = false; } @@ -533,8 +539,8 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata, if ((mpath->flags & MESH_PATH_FIXED) || ((mpath->flags & MESH_PATH_ACTIVE) && ((rcu_access_pointer(mpath->next_hop) != sta ? - mult_frac(last_hop_metric, 10, 9) : - last_hop_metric) > mpath->metric))) + !is_metric_better(last_hop_metric, mpath->metric) : + last_hop_metric > mpath->metric)))) fresh_info = false; } else { mpath = mesh_path_add(sdata, ta); -- 2.39.5

2 months, 2 weeks

1
0
0 0

[PATCH] drm/i915: Check drm_syncobj_fence_get return value in eb_fences_add

by Wentao Liang

The function drm_syncobj_fence_get() may return NULL if the syncobj has no fence. In eb_fences_add(), this return value is not checked, leading to a potential NULL pointer dereference in i915_request_await_dma_fence(). This patch adds a check for the return value of drm_syncobj_fence_get and returns an error if it is NULL, preventing the NULL pointer dereference. Fixes: 544460c33821 ("drm/i915: Multi-BB execbuf") Cc: stable(a)vger.kernel.org # 5.16+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index f151640c1d13..7da65535feb9 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -3252,6 +3252,12 @@ eb_fences_add(struct i915_execbuffer *eb, struct i915_request *rq, struct dma_fence *fence; fence = drm_syncobj_fence_get(eb->gem_context->syncobj); + if (!fence) { + drm_dbg(&eb->i915->drm, + "Syncobj handle has no fence\n"); + return ERR_PTR(-EINVAL); + } + err = i915_request_await_dma_fence(rq, fence); dma_fence_put(fence); if (err) -- 2.42.0.windows.2

2 months, 2 weeks

1
0
0 0

+ arm-pgtable-fix-null-pointer-dereference-issue.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: arm: pgtable: fix NULL pointer dereference issue has been added to the -mm mm-hotfixes-unstable branch. Its filename is arm-pgtable-fix-null-pointer-dereference-issue.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qi Zheng <zhengqi.arch(a)bytedance.com> Subject: arm: pgtable: fix NULL pointer dereference issue Date: Wed, 12 Feb 2025 14:40:02 +0800 When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. Link: https://lkml.kernel.org/r/20250212064002.55598-1-zhengqi.arch@bytedance.com Fixes: fc9c45b71f43 ("arm: adjust_pte() use pte_offset_map_rw_nolock()") Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Reported-by: Ezra Buehler <ezra(a)easyb.ch> Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0c… Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Russell King <linux(a)armlinux.org.uk> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm/mm/fault-armv.c | 40 +++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) --- a/arch/arm/mm/fault-armv.c~arm-pgtable-fix-null-pointer-dereference-issue +++ a/arch/arm/mm/fault-armv.c @@ -62,7 +62,7 @@ static int do_adjust_pte(struct vm_area_ } static int adjust_pte(struct vm_area_struct *vma, unsigned long address, - unsigned long pfn, struct vm_fault *vmf) + unsigned long pfn, bool need_lock) { spinlock_t *ptl; pgd_t *pgd; @@ -99,12 +99,11 @@ again: if (!pte) return 0; - /* - * If we are using split PTE locks, then we need to take the page - * lock here. Otherwise we are using shared mm->page_table_lock - * which is already locked, thus cannot take it. - */ - if (ptl != vmf->ptl) { + if (need_lock) { + /* + * Use nested version here to indicate that we are already + * holding one similar spinlock. + */ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) { pte_unmap_unlock(pte, ptl); @@ -114,7 +113,7 @@ again: ret = do_adjust_pte(vma, address, pfn, pte); - if (ptl != vmf->ptl) + if (need_lock) spin_unlock(ptl); pte_unmap(pte); @@ -123,16 +122,17 @@ again: static void make_coherent(struct address_space *mapping, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, unsigned long pfn, - struct vm_fault *vmf) + unsigned long addr, pte_t *ptep, unsigned long pfn) { struct mm_struct *mm = vma->vm_mm; struct vm_area_struct *mpnt; unsigned long offset; + unsigned long start; pgoff_t pgoff; int aliases = 0; pgoff = vma->vm_pgoff + ((addr - vma->vm_start) >> PAGE_SHIFT); + start = ALIGN_DOWN(addr, PMD_SIZE); /* * If we have any shared mappings that are in the same mm @@ -141,6 +141,14 @@ make_coherent(struct address_space *mapp */ flush_dcache_mmap_lock(mapping); vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) { + unsigned long mpnt_addr; + /* + * If we are using split PTE locks, then we need to take the pte + * lock. Otherwise we are using shared mm->page_table_lock which + * is already locked, thus cannot take it. + */ + bool need_lock = IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS); + /* * If this VMA is not in our MM, we can ignore it. * Note that we intentionally mask out the VMA @@ -151,7 +159,15 @@ make_coherent(struct address_space *mapp if (!(mpnt->vm_flags & VM_MAYSHARE)) continue; offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT; - aliases += adjust_pte(mpnt, mpnt->vm_start + offset, pfn, vmf); + mpnt_addr = mpnt->vm_start + offset; + /* + * If mpnt_addr and addr are mapped to the same PTE page, there + * is no need to hold the pte lock again, otherwise a deadlock + * will occur. + */ + if (mpnt_addr >= start && mpnt_addr - start < PMD_SIZE) + need_lock = false; + aliases += adjust_pte(mpnt, mpnt_addr, pfn, need_lock); } flush_dcache_mmap_unlock(mapping); if (aliases) @@ -194,7 +210,7 @@ void update_mmu_cache_range(struct vm_fa __flush_dcache_folio(mapping, folio); if (mapping) { if (cache_is_vivt()) - make_coherent(mapping, vma, addr, ptep, pfn, vmf); + make_coherent(mapping, vma, addr, ptep, pfn); else if (vma->vm_flags & VM_EXEC) __flush_icache_all(); } _ Patches currently in -mm which might be from zhengqi.arch(a)bytedance.com are mm-pgtable-fix-incorrect-reclaim-of-non-empty-pte-pages.patch arm-pgtable-fix-null-pointer-dereference-issue.patch

2 months, 2 weeks

1
0
0 0

New Recruitment. Someone you know might need this information.

by New Recruitment

UNCRD is recruiting eligible candidates for the post listed below: Human Resources Officer Economic Affairs Officer Logistics Officer Environmental Affairs Officer Administrative Officer Chief Nurse Finance and Budget Officer Information Management Officer Property Management Officer Project Manager Engineer Pharmacist Research Officer Medical Officer Programme Officer Training Officer Engineer Full Listing in the attached PDF. HOW TO APPLY Interested and qualified applicants should send their detailed Resumes/Cvs to recruit(a)uncrd.org as soon as possible. Each applicant must bear in mind that submission of incomplete or inaccurate applications may render that applicant ineligible for consideration. Candidates under serious consideration for selection will be subjected to a reference-checking process to verify the information provided in the application. Goodluck, New Recruitment.

2 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Fix and re-enable xe_print_blob_ascii85()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a9ab6591b45258b79af1cb66112fd9f83c8855da # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021018-attire-arrange-51d4@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9ab6591b45258b79af1cb66112fd9f83c8855da Mon Sep 17 00:00:00 2001 From: Lucas De Marchi <lucas.demarchi(a)intel.com> Date: Thu, 23 Jan 2025 12:22:03 -0800 Subject: [PATCH] drm/xe: Fix and re-enable xe_print_blob_ascii85() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 70fb86a85dc9 ("drm/xe: Revert some changes that break a mesa debug tool") partially reverted some changes to workaround breakage caused to mesa tools. However, in doing so it also broke fetching the GuC log via debugfs since xe_print_blob_ascii85() simply bails out. The fix is to avoid the extra newlines: the devcoredump interface is line-oriented and adding random newlines in the middle breaks it. If a tool is able to parse it by looking at the data and checking for chars that are out of the ascii85 space, it can still do so. A format change that breaks the line-oriented output on devcoredump however needs better coordination with existing tools. v2: Add suffix description comment v3: Reword explanation of xe_print_blob_ascii85() calling drm_puts() in a loop Reviewed-by: José Roberto de Souza <jose.souza(a)intel.com> Cc: John Harrison <John.C.Harrison(a)Intel.com> Cc: Julia Filipchuk <julia.filipchuk(a)intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 70fb86a85dc9 ("drm/xe: Revert some changes that break a mesa debug tool") Fixes: ec1455ce7e35 ("drm/xe/devcoredump: Add ASCII85 dump helper function") Link: https://patchwork.freedesktop.org/patch/msgid/20250123202307.95103-2-jose.s… Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 2c95bbf5002776117a69caed3b31c10bf7341bec) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_devcoredump.c b/drivers/gpu/drm/xe/xe_devcoredump.c index a7946a76777e..39fe485d2085 100644 --- a/drivers/gpu/drm/xe/xe_devcoredump.c +++ b/drivers/gpu/drm/xe/xe_devcoredump.c @@ -391,42 +391,34 @@ int xe_devcoredump_init(struct xe_device *xe) /** * xe_print_blob_ascii85 - print a BLOB to some useful location in ASCII85 * - * The output is split to multiple lines because some print targets, e.g. dmesg - * cannot handle arbitrarily long lines. Note also that printing to dmesg in - * piece-meal fashion is not possible, each separate call to drm_puts() has a - * line-feed automatically added! Therefore, the entire output line must be - * constructed in a local buffer first, then printed in one atomic output call. + * The output is split into multiple calls to drm_puts() because some print + * targets, e.g. dmesg, cannot handle arbitrarily long lines. These targets may + * add newlines, as is the case with dmesg: each drm_puts() call creates a + * separate line. * * There is also a scheduler yield call to prevent the 'task has been stuck for * 120s' kernel hang check feature from firing when printing to a slow target * such as dmesg over a serial port. * - * TODO: Add compression prior to the ASCII85 encoding to shrink huge buffers down. - * * @p: the printer object to output to * @prefix: optional prefix to add to output string + * @suffix: optional suffix to add at the end. 0 disables it and is + * not added to the output, which is useful when using multiple calls + * to dump data to @p * @blob: the Binary Large OBject to dump out * @offset: offset in bytes to skip from the front of the BLOB, must be a multiple of sizeof(u32) * @size: the size in bytes of the BLOB, must be a multiple of sizeof(u32) */ -void xe_print_blob_ascii85(struct drm_printer *p, const char *prefix, +void xe_print_blob_ascii85(struct drm_printer *p, const char *prefix, char suffix, const void *blob, size_t offset, size_t size) { const u32 *blob32 = (const u32 *)blob; char buff[ASCII85_BUFSZ], *line_buff; size_t line_pos = 0; - /* - * Splitting blobs across multiple lines is not compatible with the mesa - * debug decoder tool. Note that even dropping the explicit '\n' below - * doesn't help because the GuC log is so big some underlying implementation - * still splits the lines at 512K characters. So just bail completely for - * the moment. - */ - return; - #define DMESG_MAX_LINE_LEN 800 -#define MIN_SPACE (ASCII85_BUFSZ + 2) /* 85 + "\n\0" */ + /* Always leave space for the suffix char and the \0 */ +#define MIN_SPACE (ASCII85_BUFSZ + 2) /* 85 + "<suffix>\0" */ if (size & 3) drm_printf(p, "Size not word aligned: %zu", size); @@ -458,7 +450,6 @@ void xe_print_blob_ascii85(struct drm_printer *p, const char *prefix, line_pos += strlen(line_buff + line_pos); if ((line_pos + MIN_SPACE) >= DMESG_MAX_LINE_LEN) { - line_buff[line_pos++] = '\n'; line_buff[line_pos++] = 0; drm_puts(p, line_buff); @@ -470,10 +461,11 @@ void xe_print_blob_ascii85(struct drm_printer *p, const char *prefix, } } - if (line_pos) { - line_buff[line_pos++] = '\n'; - line_buff[line_pos++] = 0; + if (suffix) + line_buff[line_pos++] = suffix; + if (line_pos) { + line_buff[line_pos++] = 0; drm_puts(p, line_buff); } diff --git a/drivers/gpu/drm/xe/xe_devcoredump.h b/drivers/gpu/drm/xe/xe_devcoredump.h index 6a17e6d60102..5391a80a4d1b 100644 --- a/drivers/gpu/drm/xe/xe_devcoredump.h +++ b/drivers/gpu/drm/xe/xe_devcoredump.h @@ -29,7 +29,7 @@ static inline int xe_devcoredump_init(struct xe_device *xe) } #endif -void xe_print_blob_ascii85(struct drm_printer *p, const char *prefix, +void xe_print_blob_ascii85(struct drm_printer *p, const char *prefix, char suffix, const void *blob, size_t offset, size_t size); #endif diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index 8b65c5e959cc..50c8076b5158 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -1724,7 +1724,8 @@ void xe_guc_ct_snapshot_print(struct xe_guc_ct_snapshot *snapshot, snapshot->g2h_outstanding); if (snapshot->ctb) - xe_print_blob_ascii85(p, "CTB data", snapshot->ctb, 0, snapshot->ctb_size); + xe_print_blob_ascii85(p, "CTB data", '\n', + snapshot->ctb, 0, snapshot->ctb_size); } else { drm_puts(p, "CT disabled\n"); } diff --git a/drivers/gpu/drm/xe/xe_guc_log.c b/drivers/gpu/drm/xe/xe_guc_log.c index df4cfb698cdb..2baa4d95571f 100644 --- a/drivers/gpu/drm/xe/xe_guc_log.c +++ b/drivers/gpu/drm/xe/xe_guc_log.c @@ -211,8 +211,10 @@ void xe_guc_log_snapshot_print(struct xe_guc_log_snapshot *snapshot, struct drm_ remain = snapshot->size; for (i = 0; i < snapshot->num_chunks; i++) { size_t size = min(GUC_LOG_CHUNK_SIZE, remain); + const char *prefix = i ? NULL : "Log data"; + char suffix = i == snapshot->num_chunks - 1 ? '\n' : 0; - xe_print_blob_ascii85(p, i ? NULL : "Log data", snapshot->copy[i], 0, size); + xe_print_blob_ascii85(p, prefix, suffix, snapshot->copy[i], 0, size); remain -= size; } }

2 months, 2 weeks

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror